zone revision 499b34cea04a46823d003d4c0520c8b03e8513cb
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCopyright (C) 1999-2001 Internet Software Consortium.
11e9368a226272085c337e9e74b79808c16fbdbaTinderbox UserSee COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein $Id: zone,v 1.9 2001/01/09 21:46:56 bwelling Exp $
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Zones are the unit of delegation in the DNS and may go from holding
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein RR's only at the zone top to holding the complete hierachy (private
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein roots zones). Zones have an associated database which is the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein container for the RR sets that make up the zone.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Zone have certain properties associated with them.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein * master / slave / stub / hint / cache / forward
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein * serial number
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User * signed / unsigned
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt * update periods (refresh / retry) (slave / stub)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein * last update time (slave / stub)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein * access restrictions
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein * transfer restrictions (master / slave)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein * update restictions (master / slave)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein * expire period (slave / stub)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein * children => bottom
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein * rrsets / data
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein * transfer "in" in progress
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein * transfers "out" in progress
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein * "current" check in progress
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein * our masters
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein * primary master name (required to auto generate our masters)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein * master file name
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein * database name
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein * database type
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein * initially only master_file (BIND 4 & 8)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein * expanded axfr + ixfr
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User * transaction logs
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User * notification lists
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein * static additional sites (stealth servers)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein * dynamically learned sites (soa queries)
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User Zones have two types of versions associated with them.
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User The image of the "current" zone when a AXFR out is in progress.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein There may be several of these at once but they cease to need
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User to exist once the AXFR's on this version has completed. These
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User are maintained by the various database access methods.
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User These are virtual versions of the zone and are required to
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User support IXFR requests. While the entire contents of the old
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein version does not need to be kept, a change log needs to be
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein kept. An index into this log would be useful in speeding
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein up replies. These versions have an explict expiry date.
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews "How long are we going to keep them operationally?"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein While there are expriry dates based on last update /
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein change time + expire. In practice holding the deltas
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein for a few refresh periods should be enough. If the network
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein and servers are up one is enough.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein "How are we going to generate them from a master file?"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein UPDATE should not be the only answer to this question.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein We need a tool that takes the current zone & new zone.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Verifies the new zone, generates a delta and feeds this
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein at named. It could well be part of ndc but does not have
c48c7872a0e020a63a96faed166c6ae960e4c1e9Mark Andrews Zones need to have certain operations performed on them. The need to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein * updated (UPDATE / IXFR)
f9ce6280cec79deb16ff6d9807aa493ff23e10d9Tinderbox User * copied out in full (AXFR) or as partial deltas (IXFR)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein * generate a delta between two given versions.
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User * signed / resigned
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User * maintenance
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater validate current soa
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater remove old deltas / consolidation
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews purge stale rrsets (cache)
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater * notification
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein responding to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein While not strictly a nameserver function, bad delegation and bad
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater slave setups are continual and ongoing sources of problems in the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein DNS. Periodic checks to ensure parent and child servers agree on
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater the list of nameservers and that slaves are tracking the changes
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews made in the master server's zone will allow problems in
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater configurations to be identified earlier providing for a more stable
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCompatability:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Zones are required to be configuration file compatable with
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein typedef enum {
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dns_zone_none = 0,
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User dns_zone_master,
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User dns_zone_slave,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dns_zone_stub,
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User dns_zone_hint,
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User dns_zone_cache,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dns_zone_forward
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein } dns_zonetypes_t;
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User typedef struct dns_ixfr dns_ixfr_t;
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt struct dns_ixfr {
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt unsigned int magic; /* IXFR */
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein isc_uint32_t serial;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein time_t expire;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein unsigned int offset;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein ISC_LINK(dns_ixfr_t) link;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein struct dns_zone {
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein unsigned int magic; /* ZONE */
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dns_name_t name;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dns_rdataclass_t class;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dns_zonetypes_t type;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dns_bt_t top;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein isc_uint32_t version;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein isc_uint32_t serial;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein isc_uint32_t refresh;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein isc_uint32_t retry;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein isc_uint32_t serial;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein char *masterfile;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dns_acl_t *access;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dns_acl_t *transfer;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dns_acl_t *acl;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dns_scl_t *scl; /* tsig based acl */
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein char *database;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein ISC_LIST(dns_ixfr_t) ixfr;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dns_zone_init(dns_zone_t *zone, dns_rdataclass_t class, isc_mem_t *mxtc);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dns_zone_invalidate(dns_zone_t *zone);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dns_ixfr_init(dns_ixfr_t *ixfr, unsigned long serial, time_t expire);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dns_ixfr_invalidate(dns_ixfr_t *ixfr);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dns_zone_axfrout(dns_zone_t *zone);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Initiate outgoing zone transfer.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dns_zone_axfrin(dns_zone_t *zone, isc_sockaddr_t *addr);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Initiate transfer of the zone from the given server or the
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User masters masters listed in the zone structure.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dns_zone_maintenance(dns_zone_t *zone);
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Perform any maintenance operations required on the zone
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein * initiate up to date checks
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt * expire zones
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt * initiate ixfr version expire consolidation
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dns_zone_locateprimary(dns_zone_t *zone);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Working from the root zone locate the primary master for the zone.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Used if masters are not given in named.conf.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dns_zone_locateservers(dns_zone_t *zone);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Working from the root zone locate the servers for the zone.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Primary master moved to first in list if in NS set. Remove self
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Used if masters are not given in named.conf.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dns_zone_notify(dns_zone_t *);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Queue notify messages.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dns_zone_checkparents(dns_zone_t *);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein check that the parent nameservers NS lists for this zone agree with
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the NS list this zone, check glue A records. Warn if not identical.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein This operation is performed on master zones.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dns_zone_checkchildren(dns_zone_t *);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein check that the child zones NS lists agree with the NS lists in this
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein zone, check glue records. Warn if not identical.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dns_zone_checkservers(dns_zone_t *);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein check that all the listed servers for the zone agree on NS list and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein serial number. NOTE only errors which continue over several refresh
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein periods to be reported.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dns_zone_dump(dns_zone_t *, FILE *fp);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Write the contents of the zone to the file associated with fp.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dns_zone_validate(dns_zone_t *);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Validate the zone contents using DNSSEC.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dns_zone_tordatalist(dns_zone_t *zone, dns_rdatalist_t *list)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dns_zone_addmaster(dns_zone_t *zone, isc_sockaddr_t *addr);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Add addr to the set of masters for the zone.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dns_zone_clearmasters(dns_zone_t *zone);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Clear the master set.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dns_zone_setreadacl(dns_zone_t *, dns_acl_t *)
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User dns_zone_setxfracl(dns_zone_t *, dns_acl_t *)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dns_zone_addnotify(dns_zone_t *, isc_sockaddr_t *addr, isc_boolean_t perm);
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User dns_zone_clearnotify(dns_zone_t *)
bea931e17b7567f09107f93ab7e25c7f00abeb9cMark Andrews dns_zone_load(dns_zone_t *);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dns_zone_consolidate(dns_zone_t *);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Consolidate on disk copy of zone.