zone revision 499b34cea04a46823d003d4c0520c8b03e8513cb
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo SorceCopyright (C) 1999-2001 Internet Software Consortium.
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo SorceSee COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce $Id: zone,v 1.9 2001/01/09 21:46:56 bwelling Exp $
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce Zones are the unit of delegation in the DNS and may go from holding
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce RR's only at the zone top to holding the complete hierachy (private
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce roots zones). Zones have an associated database which is the
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce container for the RR sets that make up the zone.
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce Zone have certain properties associated with them.
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce * master / slave / stub / hint / cache / forward
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce * serial number
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce * signed / unsigned
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce * update periods (refresh / retry) (slave / stub)
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce * last update time (slave / stub)
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce * access restrictions
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce * transfer restrictions (master / slave)
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce * update restictions (master / slave)
cf902c2b247c1b5793ae0ba58fd2dcbb0f78b686Jakub Hrozek * expire period (slave / stub)
cf902c2b247c1b5793ae0ba58fd2dcbb0f78b686Jakub Hrozek * children => bottom
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce * rrsets / data
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce * transfer "in" in progress
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce * transfers "out" in progress
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce * "current" check in progress
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce * our masters
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce * primary master name (required to auto generate our masters)
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce * master file name
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce * database name
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce * database type
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce * initially only master_file (BIND 4 & 8)
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce * expanded axfr + ixfr
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce * transaction logs
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce * notification lists
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce * static additional sites (stealth servers)
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce * dynamically learned sites (soa queries)
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce Zones have two types of versions associated with them.
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce The image of the "current" zone when a AXFR out is in progress.
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce There may be several of these at once but they cease to need
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce to exist once the AXFR's on this version has completed. These
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce are maintained by the various database access methods.
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce These are virtual versions of the zone and are required to
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce support IXFR requests. While the entire contents of the old
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce version does not need to be kept, a change log needs to be
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce kept. An index into this log would be useful in speeding
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce up replies. These versions have an explict expiry date.
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce "How long are we going to keep them operationally?"
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce While there are expriry dates based on last update /
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce change time + expire. In practice holding the deltas
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce for a few refresh periods should be enough. If the network
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce and servers are up one is enough.
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce "How are we going to generate them from a master file?"
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce UPDATE should not be the only answer to this question.
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce We need a tool that takes the current zone & new zone.
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce Verifies the new zone, generates a delta and feeds this
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce at named. It could well be part of ndc but does not have
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce Zones need to have certain operations performed on them. The need to
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce * updated (UPDATE / IXFR)
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce * copied out in full (AXFR) or as partial deltas (IXFR)
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce * generate a delta between two given versions.
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce * signed / resigned
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce * maintenance
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce validate current soa
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce remove old deltas / consolidation
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce purge stale rrsets (cache)
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce * notification
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce responding to
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce While not strictly a nameserver function, bad delegation and bad
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce slave setups are continual and ongoing sources of problems in the
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce DNS. Periodic checks to ensure parent and child servers agree on
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce the list of nameservers and that slaves are tracking the changes
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce made in the master server's zone will allow problems in
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce configurations to be identified earlier providing for a more stable
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo SorceCompatability:
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce Zones are required to be configuration file compatable with
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce typedef enum {
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce dns_zone_none = 0,
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce dns_zone_master,
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce dns_zone_slave,
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce dns_zone_stub,
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce dns_zone_hint,
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce dns_zone_cache,
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce dns_zone_forward
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce } dns_zonetypes_t;
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce typedef struct dns_ixfr dns_ixfr_t;
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce struct dns_ixfr {
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce unsigned int magic; /* IXFR */
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce isc_uint32_t serial;
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce time_t expire;
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce unsigned int offset;
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce ISC_LINK(dns_ixfr_t) link;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce struct dns_zone {
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce unsigned int magic; /* ZONE */
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce dns_name_t name;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce dns_rdataclass_t class;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce dns_zonetypes_t type;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce dns_bt_t top;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce isc_uint32_t version;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce isc_uint32_t serial;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce isc_uint32_t refresh;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce isc_uint32_t retry;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce isc_uint32_t serial;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce char *masterfile;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce dns_acl_t *access;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce dns_acl_t *transfer;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce dns_acl_t *acl;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce dns_scl_t *scl; /* tsig based acl */
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce char *database;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce ISC_LIST(dns_ixfr_t) ixfr;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce dns_zone_init(dns_zone_t *zone, dns_rdataclass_t class, isc_mem_t *mxtc);
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce dns_zone_invalidate(dns_zone_t *zone);
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce dns_ixfr_init(dns_ixfr_t *ixfr, unsigned long serial, time_t expire);
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce dns_ixfr_invalidate(dns_ixfr_t *ixfr);
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce dns_zone_axfrout(dns_zone_t *zone);
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce Initiate outgoing zone transfer.
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce dns_zone_axfrin(dns_zone_t *zone, isc_sockaddr_t *addr);
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce Initiate transfer of the zone from the given server or the
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce masters masters listed in the zone structure.
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce dns_zone_maintenance(dns_zone_t *zone);
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce Perform any maintenance operations required on the zone
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce * initiate up to date checks
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce * expire zones
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce * initiate ixfr version expire consolidation
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce dns_zone_locateprimary(dns_zone_t *zone);
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce Working from the root zone locate the primary master for the zone.
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce Used if masters are not given in named.conf.
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce dns_zone_locateservers(dns_zone_t *zone);
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce Working from the root zone locate the servers for the zone.
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce Primary master moved to first in list if in NS set. Remove self
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce Used if masters are not given in named.conf.
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce dns_zone_notify(dns_zone_t *);
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce Queue notify messages.
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce dns_zone_checkparents(dns_zone_t *);
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce check that the parent nameservers NS lists for this zone agree with
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce the NS list this zone, check glue A records. Warn if not identical.
3e81e71124c75fd8709704e38561fa1f9d5bfbc2Lukas Slebodnik This operation is performed on master zones.
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce dns_zone_checkchildren(dns_zone_t *);
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce check that the child zones NS lists agree with the NS lists in this
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce zone, check glue records. Warn if not identical.
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce dns_zone_checkservers(dns_zone_t *);
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce check that all the listed servers for the zone agree on NS list and
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce serial number. NOTE only errors which continue over several refresh
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce periods to be reported.
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce dns_zone_dump(dns_zone_t *, FILE *fp);
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce Write the contents of the zone to the file associated with fp.
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce dns_zone_validate(dns_zone_t *);
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce Validate the zone contents using DNSSEC.
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce dns_zone_tordatalist(dns_zone_t *zone, dns_rdatalist_t *list)
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce dns_zone_addmaster(dns_zone_t *zone, isc_sockaddr_t *addr);
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce Add addr to the set of masters for the zone.
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce dns_zone_clearmasters(dns_zone_t *zone);
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce Clear the master set.
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce dns_zone_setreadacl(dns_zone_t *, dns_acl_t *)
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce dns_zone_setxfracl(dns_zone_t *, dns_acl_t *)
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce dns_zone_addnotify(dns_zone_t *, isc_sockaddr_t *addr, isc_boolean_t perm);
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce dns_zone_clearnotify(dns_zone_t *)
e625eb47a3091d92eda2271b123f8aab06227b63Simo Sorce dns_zone_load(dns_zone_t *);
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce dns_zone_consolidate(dns_zone_t *);
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce Consolidate on disk copy of zone.