zone revision f7cf0e6785e4a7e5574328a7000a9e8926a9bc9c
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt Zones
2fee8782a6fd57d86a67949092ab9197111af390Evan Hunt
2fee8782a6fd57d86a67949092ab9197111af390Evan Hunt $Id: zone,v 1.2 1999/02/26 21:32:10 marka Exp $
2fee8782a6fd57d86a67949092ab9197111af390Evan Hunt
801707fe19600313a0b1f7845a518100f69e58b6Evan HuntOverview
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt Zones are the unit of delegation in the DNS and may go from holding
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt RR's only at the zone top to holding the complete hierachy (private
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt roots zones). Zones are a container for the RRsets that make up the
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt zone.
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt Zone have certain properties associated with them.
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt * name
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt * class
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt * master / slave / stub / hint / cache / forward
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt * serial number
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt * signed / unsigned
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt * update periods (refresh / retry) (slave / stub)
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt * last update time (slave / stub)
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt * access restrictions
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt * transfer restrictions (master / slave)
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt * update restictions (master / slave)
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt * expire period (slave / stub)
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt * children => bottom
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt * glue
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt * rrsets / data
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt * transfer "in" in progress
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt * transfers "out" in progress
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt * "current" check in progress
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt * our masters
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt * primary master name (required to auto generate our masters)
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt * master file name
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt * database name
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt * transaction logs
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt * notification lists
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt * NS's
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt * static additional sites (stealth servers)
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt * dynamically leared sites (soa queries)
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt Zones also have versions associated with them, each of which, with
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt the exception of the current zone, has an expiry date.
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt "How long are we going to keep them operationally?"
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt While there are expriry dates based on last update /
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt change time + expire. In practice holding the deltas
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt for a few refresh periods should be enough. If the network
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt and servers are up one is enough.
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt "How are we going to generate them from a master file?"
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt UPDATE should not be the only answer to this question.
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt We need a tool that takes the current zone & new zone.
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt Verifies the new zone, generates a delta and feeds this
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt at named. It could well be part of ndc but does not have
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt to be.
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt Zones need to have certain operations performed on them. The need to
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt be:
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt * loaded
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt * unloaded
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt * dumped
* updated (UPDATE / IXFR)
* copied out in full (AXFR) or as partial deltas (IXFR)
* read from
* validated
* generate a delta between two given versions.
* signed / resigned
* maintaince
validate current soa
remove old deltas
purge stale rrsets (cache)
* notification
responding to
generating
Types:
typedef enum {
dns_zone_none = 0,
dns_zone_master,
dns_zone_slave,
dns_zone_stub,
dns_zone_hint,
dns_zone_cache,
dns_zone_forward
} dns_zonetypes_t;
struct dns_zone {
unsigned int magic; /* ZONE */
dns_name_t name;
dns_rdataclass_t class;
dns_zonetypes_t type;
dns_rbt_t top;
isc_uint32_t version;
isc_uint32_t serial;
isc_uint32_t refresh;
isc_uint32_t retry;
isc_uint32_t serial;
char *masterfile;
dns_acl_t *access;
dns_acl_t *transfer;
struct {
dns_acl_t *acl;
dns_scl_t *scl; /* tsig based acl */
} update;
char *database;
...
};
Operations:
Loading:
Functions:
void
dns_zone_init(dns_zone_t *, dns_rdataclass_t class, isc_mem_t *mxtc);
void
dns_zone_invalidate(dns_zone_t *);