upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'matthijs-remote-server-refactor' into 'main'

Browse source 
Refactor remote servers (primaries, parental agents) in zone.c

See merge request isc-projects/bind9!7110
This commit is contained in:
Matthijs Mekking 2022-12-23 13:37:14 +00:00
commit 2638a2a29c
28 changed files with 1216 additions and 729 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
CHANGES
View file

@ -1,3 +1,8 @@
6054. [func] Refactor remote servers (primaries, parental-agents)
in zone.c. Store common code in new source files
remote.c and remote.h. Introduce a new way to set the
source address and port. [GL !7110]
6053. [bug] Fix an ADB quota management bug in resolver. [GL #3752]
6052. [func] Replace DNS over TCP and DNS over TLS transports

164
bin/named/config.c
View file

@ -497,109 +497,6 @@ named_config_getzonetype(const cfg_obj_t *zonetypeobj) {
return (ztype);
}
isc_result_t
named_config_getiplist(const cfg_obj_t *config, const cfg_obj_t *list,
in_port_t defport, isc_mem_t *mctx,
isc_sockaddr_t **addrsp, isc_dscp_t **dscpsp,
uint32_t *countp) {
int count, i = 0;
const cfg_obj_t *addrlist;
const cfg_obj_t *portobj, *dscpobj;
const cfg_listelt_t *element;
isc_sockaddr_t *addrs;
in_port_t port;
isc_dscp_t dscp = -1, *dscps = NULL;
isc_result_t result;
INSIST(addrsp != NULL && *addrsp == NULL);
INSIST(dscpsp == NULL || *dscpsp == NULL);
INSIST(countp != NULL);
addrlist = cfg_tuple_get(list, "addresses");
count = named_config_listcount(addrlist);
portobj = cfg_tuple_get(list, "port");
if (cfg_obj_isuint32(portobj)) {
uint32_t val = cfg_obj_asuint32(portobj);
if (val > UINT16_MAX) {
cfg_obj_log(portobj, named_g_lctx, ISC_LOG_ERROR,
"port '%u' out of range", val);
return (ISC_R_RANGE);
}
port = (in_port_t)val;
} else if (defport != 0) {
port = defport;
} else {
result = named_config_getport(config, "port", &port);
if (result != ISC_R_SUCCESS) {
return (result);
}
}
if (dscpsp != NULL) {
dscpobj = cfg_tuple_get(list, "dscp");
if (dscpobj != NULL && cfg_obj_isuint32(dscpobj)) {
if (cfg_obj_asuint32(dscpobj) > 63) {
cfg_obj_log(dscpobj, named_g_lctx,
ISC_LOG_ERROR,
"dscp value '%u' is out of range",
cfg_obj_asuint32(dscpobj));
return (ISC_R_RANGE);
}
dscp = (isc_dscp_t)cfg_obj_asuint32(dscpobj);
}
dscps = isc_mem_get(mctx, count * sizeof(isc_dscp_t));
}
addrs = isc_mem_get(mctx, count * sizeof(isc_sockaddr_t));
for (element = cfg_list_first(addrlist); element != NULL;
element = cfg_list_next(element), i++)
{
const cfg_obj_t *addr;
INSIST(i < count);
addr = cfg_listelt_value(element);
addrs[i] = *cfg_obj_assockaddr(addr);
if (dscpsp != NULL) {
isc_dscp_t innerdscp;
innerdscp = cfg_obj_getdscp(addr);
if (innerdscp == -1) {
innerdscp = dscp;
}
dscps[i] = innerdscp;
}
if (isc_sockaddr_getport(&addrs[i]) == 0) {
isc_sockaddr_setport(&addrs[i], port);
}
}
INSIST(i == count);
*addrsp = addrs;
*countp = count;
if (dscpsp != NULL) {
*dscpsp = dscps;
}
return (ISC_R_SUCCESS);
}
void
named_config_putiplist(isc_mem_t *mctx, isc_sockaddr_t **addrsp,
isc_dscp_t **dscpsp, uint32_t count) {
INSIST(addrsp != NULL && *addrsp != NULL);
INSIST(dscpsp == NULL || *dscpsp != NULL);
isc_mem_put(mctx, *addrsp, count * sizeof(isc_sockaddr_t));
*addrsp = NULL;
if (dscpsp != NULL) {
isc_mem_put(mctx, *dscpsp, count * sizeof(isc_dscp_t));
*dscpsp = NULL;
}
}
static isc_result_t
getremotesdef(const cfg_obj_t *cctx, const char *list, const char *name,
const cfg_obj_t **ret) {
@ -702,30 +599,41 @@ isc_result_t
named_config_getipandkeylist(const cfg_obj_t *config, const char *listtype,
const cfg_obj_t *list, isc_mem_t *mctx,
dns_ipkeylist_t *ipkl) {
uint32_t addrcount = 0, dscpcount = 0, keycount = 0, tlscount = 0,
i = 0;
uint32_t listcount = 0, l = 0, j;
uint32_t addrcount = 0, srccount = 0, dscpcount = 0;
uint32_t keycount = 0, tlscount = 0;
uint32_t listcount = 0, l = 0, i = 0;
uint32_t stackcount = 0, pushed = 0;
isc_result_t result;
const cfg_listelt_t *element;
const cfg_obj_t *addrlist;
const cfg_obj_t *portobj;
const cfg_obj_t *dscpobj;
const cfg_obj_t *src4obj;
const cfg_obj_t *src6obj;
in_port_t port = (in_port_t)0;
in_port_t def_port;
in_port_t def_tlsport;
isc_sockaddr_t src4;
isc_sockaddr_t src6;
isc_dscp_t dscp = -1;
isc_sockaddr_t *addrs = NULL;
isc_sockaddr_t *sources = NULL;
isc_dscp_t *dscps = NULL;
dns_name_t **keys = NULL;
dns_name_t **tlss = NULL;
struct {
const char *name;
in_port_t port;
isc_dscp_t dscp;
isc_sockaddr_t *src4s;
isc_sockaddr_t *src6s;
} *lists = NULL;
struct {
const cfg_listelt_t *element;
in_port_t port;
isc_dscp_t dscp;
isc_sockaddr_t src4;
isc_sockaddr_t src6;
} *stack = NULL;
REQUIRE(ipkl != NULL);
@ -759,6 +667,8 @@ newlist:
addrlist = cfg_tuple_get(list, "addresses");
portobj = cfg_tuple_get(list, "port");
dscpobj = cfg_tuple_get(list, "dscp");
src4obj = cfg_tuple_get(list, "source");
src6obj = cfg_tuple_get(list, "source-v6");
if (cfg_obj_isuint32(portobj)) {
uint32_t val = cfg_obj_asuint32(portobj);
@ -782,6 +692,18 @@ newlist:
dscp = (isc_dscp_t)cfg_obj_asuint32(dscpobj);
}
if (src4obj != NULL && cfg_obj_issockaddr(src4obj)) {
src4 = *cfg_obj_assockaddr(src4obj);
} else {
isc_sockaddr_any(&src4);
}
if (src6obj != NULL && cfg_obj_issockaddr(src6obj)) {
src6 = *cfg_obj_assockaddr(src6obj);
} else {
isc_sockaddr_any6(&src6);
}
result = ISC_R_NOMEMORY;
element = cfg_list_first(addrlist);
@ -799,6 +721,7 @@ resume:
if (!cfg_obj_issockaddr(addr)) {
const char *listname = cfg_obj_asstring(addr);
isc_result_t tresult;
uint32_t j;
/* Grow lists? */
grow_array(mctx, lists, l, listcount);
@ -836,6 +759,8 @@ resume:
stack[pushed].element = cfg_list_next(element);
stack[pushed].port = port;
stack[pushed].dscp = dscp;
stack[pushed].src4 = src4;
stack[pushed].src6 = src6;
pushed++;
goto newlist;
}
@ -844,6 +769,7 @@ resume:
grow_array(mctx, dscps, i, dscpcount);
grow_array(mctx, keys, i, keycount);
grow_array(mctx, tlss, i, tlscount);
grow_array(mctx, sources, i, srccount);
addrs[i] = *cfg_obj_assockaddr(addr);
dscps[i] = cfg_obj_getdscp(addr);
@ -881,6 +807,20 @@ resume:
isc_sockaddr_setport(&addrs[i], addr_port);
}
switch (isc_sockaddr_pf(&addrs[i])) {
case PF_INET:
sources[i] = src4;
break;
case PF_INET6:
sources[i] = src6;
break;
default:
i++; /* Increment here so that cleanup on error works.
*/
result = ISC_R_NOTIMPLEMENTED;
goto cleanup;
}
i++;
}
if (pushed != 0) {
@ -888,6 +828,8 @@ resume:
element = stack[pushed].element;
port = stack[pushed].port;
dscp = stack[pushed].dscp;
src4 = stack[pushed].src4;
src6 = stack[pushed].src6;
goto resume;
}
@ -895,6 +837,7 @@ resume:
shrink_array(mctx, dscps, i, dscpcount);
shrink_array(mctx, keys, i, keycount);
shrink_array(mctx, tlss, i, tlscount);
shrink_array(mctx, sources, i, srccount);
if (lists != NULL) {
isc_mem_put(mctx, lists, listcount * sizeof(lists[0]));
@ -906,12 +849,14 @@ resume:
INSIST(dscpcount == addrcount);
INSIST(keycount == addrcount);
INSIST(tlscount == addrcount);
INSIST(srccount == addrcount);
INSIST(keycount == dscpcount);
ipkl->addrs = addrs;
ipkl->dscps = dscps;
ipkl->keys = keys;
ipkl->tlss = tlss;
ipkl->sources = sources;
ipkl->count = addrcount;
ipkl->allocated = addrcount;
@ -925,7 +870,7 @@ cleanup:
isc_mem_put(mctx, dscps, dscpcount * sizeof(dscps[0]));
}
if (keys != NULL) {
for (j = 0; j < i; j++) {
for (size_t j = 0; j < i; j++) {
if (keys[j] == NULL) {
continue;
}
@ -937,7 +882,7 @@ cleanup:
isc_mem_put(mctx, keys, keycount * sizeof(keys[0]));
}
if (tlss != NULL) {
for (j = 0; j < i; j++) {
for (size_t j = 0; j < i; j++) {
if (tlss[j] == NULL) {
continue;
}
@ -948,6 +893,9 @@ cleanup:
}
isc_mem_put(mctx, tlss, tlscount * sizeof(tlss[0]));
}
if (sources != NULL) {
isc_mem_put(mctx, sources, srccount * sizeof(sources[0]));
}
if (lists != NULL) {
isc_mem_put(mctx, lists, listcount * sizeof(lists[0]));
}

10
bin/named/include/named/config.h
View file

@ -52,16 +52,6 @@ named_config_gettype(const cfg_obj_t *typeobj, dns_rdatatype_t deftype,
dns_zonetype_t
named_config_getzonetype(const cfg_obj_t *zonetypeobj);
isc_result_t
named_config_getiplist(const cfg_obj_t *config, const cfg_obj_t *list,
in_port_t defport, isc_mem_t *mctx,
isc_sockaddr_t **addrsp, isc_dscp_t **dscpsp,
uint32_t *countp);
void
named_config_putiplist(isc_mem_t *mctx, isc_sockaddr_t **addrsp,
isc_dscp_t **dscpsp, uint32_t count);
isc_result_t
named_config_getremotesdef(const cfg_obj_t *cctx, const char *list,
const char *name, const cfg_obj_t **ret);

19
bin/named/zoneconf.c
View file

@ -1268,12 +1268,13 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
RETERR(named_config_getipandkeylist(config, "primaries",
obj, mctx, &ipkl));
dns_zone_setalsonotify(zone, ipkl.addrs, ipkl.dscps,
ipkl.keys, ipkl.tlss,
dns_zone_setalsonotify(zone, ipkl.addrs, ipkl.sources,
ipkl.dscps, ipkl.keys, ipkl.tlss,
ipkl.count);
dns_ipkeylist_clear(mctx, &ipkl);
} else {
dns_zone_setalsonotify(zone, NULL, NULL, NULL, NULL, 0);
dns_zone_setalsonotify(zone, NULL, NULL, NULL, NULL,
NULL, 0);
}
obj = NULL;
@ -1722,11 +1723,11 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
dns_ipkeylist_init(&ipkl);
RETERR(named_config_getipandkeylist(
config, "parental-agents", obj, mctx, &ipkl));
dns_zone_setparentals(zone, ipkl.addrs, ipkl.keys,
ipkl.tlss, ipkl.count);
dns_zone_setparentals(zone, ipkl.addrs, ipkl.sources,
ipkl.keys, ipkl.tlss, ipkl.count);
dns_ipkeylist_clear(mctx, &ipkl);
} else {
dns_zone_setparentals(zone, NULL, NULL, NULL, 0);
dns_zone_setparentals(zone, NULL, NULL, NULL, NULL, 0);
}
}
@ -1890,12 +1891,14 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
RETERR(named_config_getipandkeylist(config, "primaries",
obj, mctx, &ipkl));
dns_zone_setprimaries(mayberaw, ipkl.addrs, ipkl.keys,
dns_zone_setprimaries(mayberaw, ipkl.addrs,
ipkl.sources, ipkl.keys,
ipkl.tlss, ipkl.count);
count = ipkl.count;
dns_ipkeylist_clear(mctx, &ipkl);
} else {
dns_zone_setprimaries(mayberaw, NULL, NULL, NULL, 0);
dns_zone_setprimaries(mayberaw, NULL, NULL, NULL, NULL,
0);
}
multi = false;

4
bin/tests/system/checkconf/good.conf.in
View file

@ -82,9 +82,9 @@ options {
transfer-source 0.0.0.0 dscp 63;
zone-statistics none;
};
parental-agents "parents" {
parental-agents "parents" port 5353 source 10.10.10.10 port 5354 dscp 54 source-v6 2001:db8::10 port 5355 dscp 55 {
10.10.10.11;
10.10.10.12;
2001:db8::11;
};
view "first" {
match-clients {

1
bin/tests/system/checkds/ns2/named.conf.in
View file

@ -41,5 +41,6 @@ zone "." {
zone "checkds" {
type primary;
allow-transfer { 10.53.0.2; 10.53.0.4; };
file "checkds.db";
};

2
bin/tests/system/checkds/ns4/named.conf.in
View file

@ -37,5 +37,5 @@ controls {
zone "checkds" {
type secondary;
file "checkds.db";
primaries { 10.53.0.2 port @PORT@; };
primaries source 10.53.0.4 { 10.53.0.2 port @PORT@; };
};

1
bin/tests/system/checkds/ns5/named.conf.in
View file

@ -41,5 +41,6 @@ zone "." {
zone "checkds" {
type primary;
allow-transfer { 10.53.0.5; 10.53.0.7; };
file "checkds.db";
};

2
bin/tests/system/checkds/ns7/named.conf.in
View file

@ -42,5 +42,5 @@ zone "." {
zone "checkds" {
type secondary;
file "checkds.db";
primaries { 10.53.0.5 port @PORT@; };
primaries source 10.53.0.7 { 10.53.0.5 port @PORT@; };
};

1
bin/tests/system/xfer/ns1/named.conf.in
View file

@ -36,6 +36,7 @@ zone "." {
zone "secondary" {
type primary;
allow-transfer { 10.53.0.1; 10.53.0.2; 10.53.0.6; 10.53.0.7; };
file "sec.db";
};

6
bin/tests/system/xfer/ns2/named.conf.in
View file

@ -59,10 +59,14 @@ zone "tsigzone" {
allow-transfer { tzkey; };
};
primaries "ns1" port @PORT@ source 10.53.0.2 {
10.53.0.1;
};
zone "secondary" {
type secondary;
file "sec.db";
primaries { 10.53.0.1; };
primaries { ns1; };
masterfile-format text;
};

30
doc/man/named.conf.5in
View file

@ -126,7 +126,7 @@ options {
allow\-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
allow\-update { <address_match_element>; ... };
allow\-update\-forwarding { <address_match_element>; ... };
also\-notify [ port <integer> ] [ dscp <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
also\-notify [ port <integer> ] [ dscp <integer> ] [ source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] [ source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
alt\-transfer\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; // deprecated
alt\-transfer\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; // deprecated
answer\-cookie <boolean>;
@ -138,7 +138,7 @@ options {
avoid\-v6\-udp\-ports { <portrange>; ... };
bindkeys\-file <quoted_string>;
blackhole { <address_match_element>; ... };
catalog\-zones { zone <string> [ default\-primaries [ port <integer> ] [ dscp <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone\-directory <quoted_string> ] [ in\-memory <boolean> ] [ min\-update\-interval <duration> ]; ... };
catalog\-zones { zone <string> [ default\-primaries [ port <integer> ] [ dscp <integer> ] [ source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] [ source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone\-directory <quoted_string> ] [ in\-memory <boolean> ] [ min\-update\-interval <duration> ]; ... };
check\-dup\-records ( fail | warn | ignore );
check\-integrity <boolean>;
check\-mx ( fail | warn | ignore );
@ -373,11 +373,11 @@ options {
zone\-statistics ( full | terse | none | <boolean> );
};
parental\-agents <string> [ port <integer> ] [ dscp <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; // may occur multiple times
parental\-agents <string> [ port <integer> ] [ dscp <integer> ] [ source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] [ source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; // may occur multiple times
plugin ( query ) <string> [ { <unspecified\-text> } ]; // may occur multiple times
primaries <string> [ port <integer> ] [ dscp <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; // may occur multiple times
primaries <string> [ port <integer> ] [ dscp <integer> ] [ source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] [ source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; // may occur multiple times
server <netprefix> {
bogus <boolean>;
@ -437,13 +437,13 @@ view <string> [ <class> ] {
allow\-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
allow\-update { <address_match_element>; ... };
allow\-update\-forwarding { <address_match_element>; ... };
also\-notify [ port <integer> ] [ dscp <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
also\-notify [ port <integer> ] [ dscp <integer> ] [ source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] [ source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
alt\-transfer\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; // deprecated
alt\-transfer\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; // deprecated
attach\-cache <string>;
auth\-nxdomain <boolean>;
auto\-dnssec ( allow | maintain | off ); // deprecated
catalog\-zones { zone <string> [ default\-primaries [ port <integer> ] [ dscp <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone\-directory <quoted_string> ] [ in\-memory <boolean> ] [ min\-update\-interval <duration> ]; ... };
catalog\-zones { zone <string> [ default\-primaries [ port <integer> ] [ dscp <integer> ] [ source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] [ source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone\-directory <quoted_string> ] [ in\-memory <boolean> ] [ min\-update\-interval <duration> ]; ... };
check\-dup\-records ( fail | warn | ignore );
check\-integrity <boolean>;
check\-mx ( fail | warn | ignore );
@ -666,7 +666,7 @@ zone <string> [ <class> ] {
allow\-query\-on { <address_match_element>; ... };
allow\-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
allow\-update { <address_match_element>; ... };
also\-notify [ port <integer> ] [ dscp <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
also\-notify [ port <integer> ] [ dscp <integer> ] [ source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] [ source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
alt\-transfer\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; // deprecated
alt\-transfer\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; // deprecated
auto\-dnssec ( allow | maintain | off ); // deprecated
@ -710,7 +710,7 @@ zone <string> [ <class> ] {
notify\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
notify\-to\-soa <boolean>;
nsec3\-test\-zone <boolean>; // test only
parental\-agents [ port <integer> ] [ dscp <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
parental\-agents [ port <integer> ] [ dscp <integer> ] [ source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] [ source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
parental\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
parental\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
serial\-update\-method ( date | increment | unixtime );
@ -740,7 +740,7 @@ zone <string> [ <class> ] {
allow\-query\-on { <address_match_element>; ... };
allow\-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
allow\-update\-forwarding { <address_match_element>; ... };
also\-notify [ port <integer> ] [ dscp <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
also\-notify [ port <integer> ] [ dscp <integer> ] [ source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] [ source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
alt\-transfer\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; // deprecated
alt\-transfer\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; // deprecated
auto\-dnssec ( allow | maintain | off ); // deprecated
@ -780,10 +780,10 @@ zone <string> [ <class> ] {
notify\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
notify\-to\-soa <boolean>;
nsec3\-test\-zone <boolean>; // test only
parental\-agents [ port <integer> ] [ dscp <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
parental\-agents [ port <integer> ] [ dscp <integer> ] [ source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] [ source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
parental\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
parental\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
primaries [ port <integer> ] [ dscp <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
primaries [ port <integer> ] [ dscp <integer> ] [ source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] [ source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
request\-expire <boolean>;
request\-ixfr <boolean>;
sig\-signing\-nodes <integer>;
@ -815,7 +815,7 @@ zone <string> [ <class> ] {
allow\-query\-on { <address_match_element>; ... };
allow\-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
allow\-update\-forwarding { <address_match_element>; ... };
also\-notify [ port <integer> ] [ dscp <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
also\-notify [ port <integer> ] [ dscp <integer> ] [ source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] [ source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
alt\-transfer\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; // deprecated
alt\-transfer\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; // deprecated
check\-names ( fail | warn | ignore );
@ -841,7 +841,7 @@ zone <string> [ <class> ] {
notify\-delay <integer>;
notify\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
notify\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
primaries [ port <integer> ] [ dscp <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
primaries [ port <integer> ] [ dscp <integer> ] [ source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] [ source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
request\-expire <boolean>;
request\-ixfr <boolean>;
transfer\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
@ -903,7 +903,7 @@ zone <string> [ <class> ] {
masterfile\-style ( full | relative );
max\-records <integer>;
max\-zone\-ttl ( unlimited | <duration> ); // deprecated
primaries [ port <integer> ] [ dscp <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
primaries [ port <integer> ] [ dscp <integer> ] [ source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] [ source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
zone\-statistics ( full | terse | none | <boolean> );
};
@ -958,7 +958,7 @@ zone <string> [ <class> ] {
min\-refresh\-time <integer>;
min\-retry\-time <integer>;
multi\-master <boolean>;
primaries [ port <integer> ] [ dscp <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
primaries [ port <integer> ] [ dscp <integer> ] [ source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] [ source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
transfer\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
transfer\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
use\-alt\-transfer\-source <boolean>; // deprecated

4
doc/misc/mirror.zoneopt
View file

@ -5,7 +5,7 @@ zone <string> [ <class> ] {
allow-query-on { <address_match_element>; ... };
allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
allow-update-forwarding { <address_match_element>; ... };
also-notify [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
also-notify [ port <integer> ] [ dscp <integer> ] [ source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] [ source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; // deprecated
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; // deprecated
check-names ( fail | warn | ignore );
@ -31,7 +31,7 @@ zone <string> [ <class> ] {
notify-delay <integer>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
primaries [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
primaries [ port <integer> ] [ dscp <integer> ] [ source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] [ source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
request-expire <boolean>;
request-ixfr <boolean>;
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];

12
doc/misc/options
View file

@ -69,7 +69,7 @@ options {
allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
allow-update { <address_match_element>; ... };
allow-update-forwarding { <address_match_element>; ... };
also-notify [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
also-notify [ port <integer> ] [ dscp <integer> ] [ source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] [ source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; // deprecated
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; // deprecated
answer-cookie <boolean>;
@ -81,7 +81,7 @@ options {
avoid-v6-udp-ports { <portrange>; ... };
bindkeys-file <quoted_string>;
blackhole { <address_match_element>; ... };
catalog-zones { zone <string> [ default-primaries [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone-directory <quoted_string> ] [ in-memory <boolean> ] [ min-update-interval <duration> ]; ... };
catalog-zones { zone <string> [ default-primaries [ port <integer> ] [ dscp <integer> ] [ source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] [ source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone-directory <quoted_string> ] [ in-memory <boolean> ] [ min-update-interval <duration> ]; ... };
check-dup-records ( fail | warn | ignore );
check-integrity <boolean>;
check-mx ( fail | warn | ignore );
@ -316,11 +316,11 @@ options {
zone-statistics ( full | terse | none | <boolean> );
};
parental-agents <string> [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; // may occur multiple times
parental-agents <string> [ port <integer> ] [ dscp <integer> ] [ source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] [ source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; // may occur multiple times
plugin ( query ) <string> [ { <unspecified-text> } ]; // may occur multiple times
primaries <string> [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; // may occur multiple times
primaries <string> [ port <integer> ] [ dscp <integer> ] [ source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] [ source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; // may occur multiple times
server <netprefix> {
bogus <boolean>;
@ -380,13 +380,13 @@ view <string> [ <class> ] {
allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
allow-update { <address_match_element>; ... };
allow-update-forwarding { <address_match_element>; ... };
also-notify [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
also-notify [ port <integer> ] [ dscp <integer> ] [ source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] [ source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; // deprecated
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; // deprecated
attach-cache <string>;
auth-nxdomain <boolean>;
auto-dnssec ( allow | maintain | off ); // deprecated
catalog-zones { zone <string> [ default-primaries [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone-directory <quoted_string> ] [ in-memory <boolean> ] [ min-update-interval <duration> ]; ... };
catalog-zones { zone <string> [ default-primaries [ port <integer> ] [ dscp <integer> ] [ source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] [ source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone-directory <quoted_string> ] [ in-memory <boolean> ] [ min-update-interval <duration> ]; ... };
check-dup-records ( fail | warn | ignore );
check-integrity <boolean>;
check-mx ( fail | warn | ignore );

4
doc/misc/primary.zoneopt
View file

@ -4,7 +4,7 @@ zone <string> [ <class> ] {
allow-query-on { <address_match_element>; ... };
allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
allow-update { <address_match_element>; ... };
also-notify [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
also-notify [ port <integer> ] [ dscp <integer> ] [ source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] [ source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; // deprecated
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; // deprecated
auto-dnssec ( allow | maintain | off ); // deprecated
@ -48,7 +48,7 @@ zone <string> [ <class> ] {
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
notify-to-soa <boolean>;
nsec3-test-zone <boolean>; // test only
parental-agents [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
parental-agents [ port <integer> ] [ dscp <integer> ] [ source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] [ source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
serial-update-method ( date | increment | unixtime );

2
doc/misc/redirect.zoneopt
View file

@ -8,6 +8,6 @@ zone <string> [ <class> ] {
masterfile-style ( full | relative );
max-records <integer>;
max-zone-ttl ( unlimited | <duration> ); // deprecated
primaries [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
primaries [ port <integer> ] [ dscp <integer> ] [ source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] [ source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
zone-statistics ( full | terse | none | <boolean> );
};

6
doc/misc/secondary.zoneopt
View file

@ -5,7 +5,7 @@ zone <string> [ <class> ] {
allow-query-on { <address_match_element>; ... };
allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
allow-update-forwarding { <address_match_element>; ... };
also-notify [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
also-notify [ port <integer> ] [ dscp <integer> ] [ source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] [ source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; // deprecated
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; // deprecated
auto-dnssec ( allow | maintain | off ); // deprecated
@ -45,10 +45,10 @@ zone <string> [ <class> ] {
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
notify-to-soa <boolean>;
nsec3-test-zone <boolean>; // test only
parental-agents [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
parental-agents [ port <integer> ] [ dscp <integer> ] [ source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] [ source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
primaries [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
primaries [ port <integer> ] [ dscp <integer> ] [ source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] [ source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
request-expire <boolean>;
request-ixfr <boolean>;
sig-signing-nodes <integer>;

2
doc/misc/stub.zoneopt
View file

@ -19,7 +19,7 @@ zone <string> [ <class> ] {
min-refresh-time <integer>;
min-retry-time <integer>;
multi-master <boolean>;
primaries [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
primaries [ port <integer> ] [ dscp <integer> ] [ source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] [ source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ] ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
use-alt-transfer-source <boolean>; // deprecated

4
doc/notes/notes-current.rst
View file

@ -30,7 +30,9 @@ Removed Features
Feature Changes
~~~~~~~~~~~~~~~
- None.
- Add the ability to configure the preferred source address when talking to
remote servers such as :any:`primaries` and any:`parental-agents`.
:gl:`!7110`
- Replace DNS over TCP and DNS over TLS transports code with a new,
unified transport implementation. :gl:`#3374`

2
lib/dns/Makefile.am
View file

@ -109,6 +109,7 @@ libdns_la_HEADERS = \
include/dns/rdatasetiter.h \
include/dns/rdataslab.h \
include/dns/rdatatype.h \
include/dns/remote.h \
include/dns/request.h \
include/dns/resolver.h \
include/dns/result.h \
@ -211,6 +212,7 @@ libdns_la_SOURCES = \
rdataset.c \
rdatasetiter.c \
rdataslab.c \
remote.c \
request.c \
resolver.c \
result.c \

1
lib/dns/include/dns/ipkeylist.h
View file

@ -26,6 +26,7 @@
struct dns_ipkeylist {
isc_sockaddr_t *addrs;
isc_dscp_t *dscps;
isc_sockaddr_t *sources;
dns_name_t **keys;
dns_name_t **tlss;
dns_name_t **labels;

250
lib/dns/include/dns/remote.h Normal file
View file

@ -0,0 +1,250 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* SPDX-License-Identifier: MPL-2.0
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
#pragma once
/*! \file dns/remote.h */
#include <stdbool.h>
#include <isc/lang.h>
#include <isc/magic.h>
#include <isc/mem.h>
#include <dns/types.h>
ISC_LANG_BEGINDECLS
#define DNS_REMOTE_MAGIC ISC_MAGIC('R', 'm', 't', 'e')
#define DNS_REMOTE_VALID(remote) ISC_MAGIC_VALID(remote, DNS_REMOTE_MAGIC)
struct dns_remote {
unsigned int magic;
isc_mem_t *mctx;
isc_sockaddr_t *addresses;
isc_sockaddr_t *sources;
isc_dscp_t *dscps;
dns_name_t **keynames;
dns_name_t **tlsnames;
bool *ok;
unsigned int addrcnt;
unsigned int curraddr;
};
isc_sockaddr_t *
dns_remote_addresses(dns_remote_t *remote);
/*%<
* Return the addresses of the remote server.
*
* Requires:
* 'remote' is a valid remote structure.
*/
isc_sockaddr_t *
dns_remote_sources(dns_remote_t *remote);
/*%<
* Return the source addresses to be used for the remote server.
*
* Requires:
* 'remote' is a valid remote structure.
*/
unsigned int
dns_remote_count(dns_remote_t *remote);
/*%<
* Return the number of addresses of the remote server.
*
* Requires:
* 'remote' is a valid remote structure.
*/
dns_name_t **
dns_remote_keynames(dns_remote_t *remote);
/*%<
* Return the keynames of the remote server.
*
* Requires:
* 'remote' is a valid remote structure.
*/
dns_name_t **
dns_remote_tlsnames(dns_remote_t *remote);
/*%<
* Return the tlsnames of the remote server.
*
* Requires:
* 'remote' is a valid remote structure.
*/
void
dns_remote_init(dns_remote_t *remote, unsigned int count,
const isc_sockaddr_t *addrs, const isc_sockaddr_t *srcs,
const isc_dscp_t *dscp, dns_name_t **keynames,
dns_name_t **tlsnames, bool mark, isc_mem_t *mctx);
/*%<
* Initialize a remote server. Set the provided addresses (addrs),
* source addresses (srcs), dscp's (dscp), key names (keynames) and
* tls names (tlsnames). Use the provided memory context (mctx) for
* allocations. If 'mark' is 'true', set up a list of boolean values to
* mark the server bad or good.
*
* Requires:
* 'remote' is a valid remote structure.
* 'mctx' is not NULL.
* 'addrs' is not NULL, or 'count' equals zero.
* 'keynames' and 'tlsnames' are not NULL, then 'count > 0'.
*/
void
dns_remote_clear(dns_remote_t *remote);
/*%<
* Clear remote server 'remote', free memory.
*
* Requires:
* 'remote' is a valid remote structure.
*/
bool
dns_remote_equal(dns_remote_t *a, dns_remote_t *b);
/*%<
* Compare two remote servers 'a' and 'b'. Check if the address
* count, the addresses, the dscps, the key names and the tls names are
* the same. Return 'true' if so, 'false' otherwise.
*
* Requires:
* 'a' and 'b' are valid remote structures.
*/
void
dns_remote_reset(dns_remote_t *remote, bool clear_ok);
/*%<
* Reset the remote server, set the current address back to the
* first. If 'clear_ok' is 'true', clear any servers marked ok.
*
* Requires:
* 'remote' is a valid remote structure.
*/
void
dns_remote_next(dns_remote_t *remote, bool skip_good);
/*%<
* Skip to the next address. If 'skip_good' is 'true', skip over
* already addresses already considered good, whatever good means in the
* context of this remote server.
*
* Requires:
* 'remote' is a valid remote structure.
*/
isc_sockaddr_t
dns_remote_curraddr(dns_remote_t *remote);
/*%<
* Return the currently used address for this remote server.
*
* Requires:
* 'remote' is a valid remote structure.
* 'remote->addresses' is not NULL.
*/
isc_sockaddr_t
dns_remote_sourceaddr(dns_remote_t *remote);
/*%<
* Return the current source address.
*
* Requires:
* 'remote' is a valid remote structure.
* 'remote->sources' is not NULL.
*/
isc_sockaddr_t
dns_remote_addr(dns_remote_t *remote, unsigned int i);
/*%<
* Return the address at index 'i'.
*
* Requires:
* 'remote' is a valid remote structure.
* 'remote->addresses' is not NULL.
*/
isc_dscp_t
dns_remote_dscp(dns_remote_t *remote);
/*%<
* Return the current dscp. Returns -1 if we have iterated over all
* addresses already, or if dscps are not used.
*
* Requires:
* 'remote' is a valid remote structure.
*/
dns_name_t *
dns_remote_keyname(dns_remote_t *remote);
/*%<
* Return the current key name. Returns NULL if we have iterated
* over all addresses already, or if keynames are not used.
*
* Requires:
* 'remote' is a valid remote structure.
*/
dns_name_t *
dns_remote_tlsname(dns_remote_t *remote);
/*%<
* Return the current tls name. Returns NULL if we have iterated
* over all addresses already, or if tlsnames are not used.
*
* Requires:
* 'remote' is a valid remote structure.
*/
bool
dns_remote_allgood(dns_remote_t *remote);
/*%<
* Return 'true' if all the addresses are considered good.
*
* Requires:
* 'remote' is a valid remote structure.
*/
void
dns_remote_mark(dns_remote_t *remote, bool good);
/*%<
* Mark the current address 'good' (or not good if 'good' is
* 'false').
*
* Requires:
* 'remote' is a valid remote structure.
* The current address index is lower than the address count.
*/
bool
dns_remote_addrok(dns_remote_t *remote);
/*%<
* Return 'true' if the current address is marked good, 'false'
* otherwise. Also return 'true' if marking servers is not used.
*
* Requires:
* 'remote' is a valid remote structure.
* The current address index is lower than the address count.
*/
bool
dns_remote_done(dns_remote_t *remote);
/*%<
* Return 'true' if we iterated over all addresses, 'false' otherwise.
*
* Requires:
* 'remote' is a valid remote structure.
*/
ISC_LANG_ENDDECLS

1
lib/dns/include/dns/types.h
View file

@ -128,6 +128,7 @@ typedef struct dns_rdataset dns_rdataset_t;
typedef ISC_LIST(dns_rdataset_t) dns_rdatasetlist_t;
typedef struct dns_rdatasetiter dns_rdatasetiter_t;
typedef uint16_t dns_rdatatype_t;
typedef struct dns_remote dns_remote_t;
typedef struct dns_request dns_request_t;
typedef struct dns_requestmgr dns_requestmgr_t;
typedef struct dns_resolver dns_resolver_t;

50
lib/dns/include/dns/zone.h
View file

@ -634,19 +634,19 @@ dns_zone_dumptostream(dns_zone_t *zone, FILE *fd, dns_masterformat_t format,
*/
void
dns_zone_setprimaries(dns_zone_t *zone, const isc_sockaddr_t *primaries,
dns_name_t **keynames, dns_name_t **tlsnames,
uint32_t count);
dns_zone_setprimaries(dns_zone_t *zone, isc_sockaddr_t *addresses,
isc_sockaddr_t *sources, dns_name_t **keynames,
dns_name_t **tlsnames, uint32_t count);
/*%<
* Set the list of primary servers for the zone.
*
* Require:
*\li 'zone' to be a valid zone.
*\li 'primaries' array of isc_sockaddr_t with port set or NULL.
*\li 'addresses' array of isc_sockaddr_t with port set or NULL.
*\li 'count' the number of primaries.
*\li 'keynames' array of dns_name_t's for tsig keys or NULL.
*
*\li If 'primaries' is NULL then 'count' must be zero.
*\li If 'addresses' is NULL then 'count' must be zero.
*
* Returns:
*\li #ISC_R_SUCCESS
@ -655,19 +655,19 @@ dns_zone_setprimaries(dns_zone_t *zone, const isc_sockaddr_t *primaries,
*/
void
dns_zone_setparentals(dns_zone_t *zone, const isc_sockaddr_t *parentals,
dns_name_t **keynames, dns_name_t **tlsnames,
uint32_t count);
dns_zone_setparentals(dns_zone_t *zone, isc_sockaddr_t *addresses,
isc_sockaddr_t *sources, dns_name_t **keynames,
dns_name_t **tlsnames, uint32_t count);
/*%<
* Set the list of parental agents for the zone.
*
* Require:
*\li 'zone' to be a valid zone.
*\li 'parentals' array of isc_sockaddr_t with port set or NULL.
*\li 'addresses' array of isc_sockaddr_t with port set or NULL.
*\li 'count' the number of primaries.
*\li 'keynames' array of dns_name_t's for tsig keys or NULL.
*
*\li If 'parentals' is NULL then 'count' must be zero.
*\li If 'addresses' is NULL then 'count' must be zero.
*
* Returns:
*\li #ISC_R_SUCCESS
@ -676,30 +676,10 @@ dns_zone_setparentals(dns_zone_t *zone, const isc_sockaddr_t *parentals,
*/
void
dns_zone_setparentals(dns_zone_t *zone, const isc_sockaddr_t *parentals,
dns_name_t **keynames, dns_name_t **tlsnames,
uint32_t count);
/*%<
* Set the list of parental agents for the zone.
*
* Require:
*\li 'zone' to be a valid zone.
*\li 'parentals' array of isc_sockaddr_t with port set or NULL.
*\li 'count' the number of parentals.
*\li 'keynames' array of dns_name_t's for tsig keys or NULL.
*
*\li If 'parentals' is NULL then 'count' must be zero.
*
* Returns:
*\li #ISC_R_SUCCESS
*\li #ISC_R_NOMEMORY
*\li Any result dns_name_dup() can return, if keynames!=NULL
*/
void
dns_zone_setalsonotify(dns_zone_t *zone, const isc_sockaddr_t *notify,
const isc_dscp_t *dscps, dns_name_t **keynames,
dns_name_t **tlsnames, uint32_t count);
dns_zone_setalsonotify(dns_zone_t *zone, isc_sockaddr_t *addresses,
isc_sockaddr_t *sources, isc_dscp_t *dscps,
dns_name_t **keynames, dns_name_t **tlsnames,
uint32_t count);
/*%<
* Set the list of additional servers to be notified when
* a zone changes. To clear the list use 'count = 0'.
@ -709,7 +689,7 @@ dns_zone_setalsonotify(dns_zone_t *zone, const isc_sockaddr_t *notify,
*
* Require:
*\li 'zone' to be a valid zone.
*\li 'notify' to be non-NULL if count != 0.
*\li 'addresses' to be non-NULL if count != 0.
*\li 'count' to be the number of notifiees.
*
* Returns:

29
lib/dns/ipkeylist.c
View file

@ -26,6 +26,7 @@ dns_ipkeylist_init(dns_ipkeylist_t *ipkl) {
ipkl->count = 0;
ipkl->allocated = 0;
ipkl->addrs = NULL;
ipkl->sources = NULL;
ipkl->dscps = NULL;
ipkl->keys = NULL;
ipkl->tlss = NULL;
@ -47,11 +48,21 @@ dns_ipkeylist_clear(isc_mem_t *mctx, dns_ipkeylist_t *ipkl) {
ipkl->allocated * sizeof(isc_sockaddr_t));
}
if (ipkl->sources != NULL) {
isc_mem_put(mctx, ipkl->sources,
ipkl->allocated * sizeof(isc_sockaddr_t));
}
if (ipkl->dscps != NULL) {
isc_mem_put(mctx, ipkl->dscps,
ipkl->allocated * sizeof(isc_dscp_t));
}
if (ipkl->addrs != NULL) {
isc_mem_put(mctx, ipkl->addrs,
ipkl->allocated * sizeof(isc_sockaddr_t));
}
if (ipkl->keys != NULL) {
for (i = 0; i < ipkl->allocated; i++) {
if (ipkl->keys[i] == NULL) {
@ -118,6 +129,11 @@ dns_ipkeylist_copy(isc_mem_t *mctx, const dns_ipkeylist_t *src,
memmove(dst->addrs, src->addrs, src->count * sizeof(isc_sockaddr_t));
if (src->sources != NULL) {
memmove(dst->sources, src->sources,
src->count * sizeof(isc_sockaddr_t));
}
if (src->dscps != NULL) {
memmove(dst->dscps, src->dscps,
src->count * sizeof(isc_dscp_t));
@ -169,6 +185,7 @@ dns_ipkeylist_copy(isc_mem_t *mctx, const dns_ipkeylist_t *src,
isc_result_t
dns_ipkeylist_resize(isc_mem_t *mctx, dns_ipkeylist_t *ipkl, unsigned int n) {
isc_sockaddr_t *addrs = NULL;
isc_sockaddr_t *sources = NULL;
isc_dscp_t *dscps = NULL;
dns_name_t **keys = NULL;
dns_name_t **tlss = NULL;
@ -182,6 +199,7 @@ dns_ipkeylist_resize(isc_mem_t *mctx, dns_ipkeylist_t *ipkl, unsigned int n) {
}
addrs = isc_mem_get(mctx, n * sizeof(isc_sockaddr_t));
sources = isc_mem_get(mctx, n * sizeof(isc_sockaddr_t));
dscps = isc_mem_get(mctx, n * sizeof(isc_dscp_t));
keys = isc_mem_get(mctx, n * sizeof(dns_name_t *));
tlss = isc_mem_get(mctx, n * sizeof(dns_name_t *));
@ -197,6 +215,16 @@ dns_ipkeylist_resize(isc_mem_t *mctx, dns_ipkeylist_t *ipkl, unsigned int n) {
memset(&ipkl->addrs[ipkl->allocated], 0,
(n - ipkl->allocated) * sizeof(isc_sockaddr_t));
if (ipkl->sources != NULL) {
memmove(sources, ipkl->sources,
ipkl->allocated * sizeof(isc_sockaddr_t));
isc_mem_put(mctx, ipkl->sources,
ipkl->allocated * sizeof(isc_sockaddr_t));
}
ipkl->sources = sources;
memset(&ipkl->sources[ipkl->allocated], 0,
(n - ipkl->allocated) * sizeof(isc_sockaddr_t));
if (ipkl->dscps != NULL) {
memmove(dscps, ipkl->dscps,
ipkl->allocated * sizeof(isc_dscp_t));
@ -241,6 +269,7 @@ dns_ipkeylist_resize(isc_mem_t *mctx, dns_ipkeylist_t *ipkl, unsigned int n) {
return (ISC_R_SUCCESS);
isc_mem_put(mctx, addrs, n * sizeof(isc_sockaddr_t));
isc_mem_put(mctx, sources, n * sizeof(isc_sockaddr_t));
isc_mem_put(mctx, dscps, n * sizeof(isc_dscp_t));
isc_mem_put(mctx, tlss, n * sizeof(dns_name_t *));
isc_mem_put(mctx, keys, n * sizeof(dns_name_t *));

448
lib/dns/remote.c Normal file
View file

@ -0,0 +1,448 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* SPDX-License-Identifier: MPL-2.0
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
/*! \file */
#include <stdbool.h>
#include <string.h>
#include <isc/result.h>
#include <isc/sockaddr.h>
#include <isc/types.h>
#include <isc/util.h>
#include <dns/name.h>
#include <dns/remote.h>
#include <dns/types.h>
isc_sockaddr_t *
dns_remote_addresses(dns_remote_t *remote) {
REQUIRE(DNS_REMOTE_VALID(remote));
return (remote->addresses);
}
isc_sockaddr_t *
dns_remote_sources(dns_remote_t *remote) {
REQUIRE(DNS_REMOTE_VALID(remote));
return (remote->sources);
}
unsigned int
dns_remote_count(dns_remote_t *remote) {
REQUIRE(DNS_REMOTE_VALID(remote));
return (remote->addrcnt);
}
dns_name_t **
dns_remote_keynames(dns_remote_t *remote) {
REQUIRE(DNS_REMOTE_VALID(remote));
return (remote->keynames);
}
dns_name_t **
dns_remote_tlsnames(dns_remote_t *remote) {
REQUIRE(DNS_REMOTE_VALID(remote));
return (remote->tlsnames);
}
void
dns_remote_init(dns_remote_t *remote, unsigned int count,
const isc_sockaddr_t *addrs, const isc_sockaddr_t *srcs,
const isc_dscp_t *dscp, dns_name_t **keynames,
dns_name_t **tlsnames, bool mark, isc_mem_t *mctx) {
unsigned int i;
REQUIRE(DNS_REMOTE_VALID(remote));
REQUIRE(count == 0 || addrs != NULL);
if (keynames != NULL || tlsnames != NULL) {
REQUIRE(count != 0);
}
remote->mctx = mctx;
if (addrs != NULL) {
remote->addresses = isc_mem_get(mctx,
count * sizeof(isc_sockaddr_t));
memmove(remote->addresses, addrs,
count * sizeof(isc_sockaddr_t));
} else {
remote->addresses = NULL;
}
if (srcs != NULL) {
remote->sources = isc_mem_get(mctx,
count * sizeof(isc_sockaddr_t));
memmove(remote->sources, srcs, count * sizeof(isc_sockaddr_t));
} else {
remote->sources = NULL;
}
if (dscp != NULL) {
remote->dscps = isc_mem_get(mctx, count * sizeof(isc_dscp_t));
memmove(remote->dscps, dscp, count * sizeof(isc_dscp_t));
} else {
remote->dscps = NULL;
}
if (keynames != NULL) {
remote->keynames = isc_mem_get(mctx, count * sizeof(keynames));
for (i = 0; i < count; i++) {
remote->keynames[i] = NULL;
}
for (i = 0; i < count; i++) {
if (keynames[i] != NULL) {
remote->keynames[i] =
isc_mem_get(mctx, sizeof(dns_name_t));
dns_name_init(remote->keynames[i], NULL);
dns_name_dup(keynames[i], mctx,
remote->keynames[i]);
}
}
} else {
remote->keynames = NULL;
}
if (tlsnames != NULL) {
remote->tlsnames = isc_mem_get(mctx, count * sizeof(tlsnames));
for (i = 0; i < count; i++) {
remote->tlsnames[i] = NULL;
}
for (i = 0; i < count; i++) {
if (tlsnames[i] != NULL) {
remote->tlsnames[i] =
isc_mem_get(mctx, sizeof(dns_name_t));
dns_name_init(remote->tlsnames[i], NULL);
dns_name_dup(tlsnames[i], mctx,
remote->tlsnames[i]);
}
}
} else {
remote->tlsnames = NULL;
}
if (mark) {
remote->ok = isc_mem_get(mctx, count * sizeof(bool));
for (i = 0; i < count; i++) {
remote->ok[i] = false;
}
} else {
remote->ok = NULL;
}
remote->addrcnt = count;
remote->curraddr = 0;
}
static bool
same_addrs(isc_sockaddr_t const *oldlist, isc_sockaddr_t const *newlist,
uint32_t count) {
unsigned int i;
if (oldlist == NULL && newlist == NULL) {
return (true);
}
if (oldlist == NULL || newlist == NULL) {
return (false);
}
for (i = 0; i < count; i++) {
if (!isc_sockaddr_equal(&oldlist[i], &newlist[i])) {
return (false);
}
}
return (true);
}
static bool
same_names(dns_name_t *const *oldlist, dns_name_t *const *newlist,
uint32_t count) {
unsigned int i;
if (oldlist == NULL && newlist == NULL) {
return (true);
}
if (oldlist == NULL || newlist == NULL) {
return (false);
}
for (i = 0; i < count; i++) {
if (oldlist[i] == NULL && newlist[i] == NULL) {
continue;
}
if (oldlist[i] == NULL || newlist[i] == NULL ||
!dns_name_equal(oldlist[i], newlist[i]))
{
return (false);
}
}
return (true);
}
static bool
same_dscp(isc_dscp_t *oldlist, isc_dscp_t *newlist, uint32_t count) {
unsigned int i;
if (oldlist == NULL && newlist == NULL) {
return (true);
}
if (oldlist == NULL || newlist == NULL) {
return (false);
}
for (i = 0; i < count; i++) {
if (oldlist[i] != newlist[i]) {
return (false);
}
}
return (true);
}
void
dns_remote_clear(dns_remote_t *remote) {
unsigned int count;
isc_mem_t *mctx;
REQUIRE(DNS_REMOTE_VALID(remote));
count = remote->addrcnt;
mctx = remote->mctx;
if (mctx == NULL) {
return;
}
if (remote->ok != NULL) {
isc_mem_put(mctx, remote->ok, count * sizeof(bool));
remote->ok = NULL;
}
if (remote->addresses != NULL) {
isc_mem_put(mctx, remote->addresses,
count * sizeof(isc_sockaddr_t));
remote->addresses = NULL;
}
if (remote->sources != NULL) {
isc_mem_put(mctx, remote->sources,
count * sizeof(isc_sockaddr_t));
remote->sources = NULL;
}
if (remote->dscps != NULL) {
isc_mem_put(mctx, remote->dscps, count * sizeof(isc_dscp_t));
remote->dscps = NULL;
}
if (remote->keynames != NULL) {
unsigned int i;
for (i = 0; i < count; i++) {
if (remote->keynames[i] != NULL) {
dns_name_free(remote->keynames[i], mctx);
isc_mem_put(mctx, remote->keynames[i],
sizeof(dns_name_t));
remote->keynames[i] = NULL;
}
}
isc_mem_put(mctx, remote->keynames,
count * sizeof(dns_name_t *));
remote->keynames = NULL;
}
if (remote->tlsnames != NULL) {
unsigned int i;
for (i = 0; i < count; i++) {
if (remote->tlsnames[i] != NULL) {
dns_name_free(remote->tlsnames[i], mctx);
isc_mem_put(mctx, remote->tlsnames[i],
sizeof(dns_name_t));
remote->tlsnames[i] = NULL;
}
}
isc_mem_put(mctx, remote->tlsnames,
count * sizeof(dns_name_t *));
remote->tlsnames = NULL;
}
remote->curraddr = 0;
remote->addrcnt = 0;
remote->mctx = NULL;
}
bool
dns_remote_equal(dns_remote_t *a, dns_remote_t *b) {
REQUIRE(DNS_REMOTE_VALID(a));
REQUIRE(DNS_REMOTE_VALID(b));
if (a->addrcnt != b->addrcnt) {
return (false);
}
if (!same_addrs(a->addresses, b->addresses, a->addrcnt)) {
return (false);
}
if (!same_dscp(a->dscps, b->dscps, a->addrcnt)) {
return (false);
}
if (!same_names(a->keynames, b->keynames, a->addrcnt)) {
return (false);
}
if (!same_names(a->tlsnames, b->tlsnames, a->addrcnt)) {
return (false);
}
return (true);
}
void
dns_remote_reset(dns_remote_t *remote, bool clear_ok) {
REQUIRE(DNS_REMOTE_VALID(remote));
remote->curraddr = 0;
if (clear_ok && remote->ok != NULL) {
for (unsigned int i = 0; i < remote->addrcnt; i++) {
remote->ok[i] = false;
}
}
}
isc_sockaddr_t
dns_remote_curraddr(dns_remote_t *remote) {
REQUIRE(DNS_REMOTE_VALID(remote));
REQUIRE(remote->addresses != NULL);
REQUIRE(remote->curraddr < remote->addrcnt);
return (remote->addresses[remote->curraddr]);
}
isc_sockaddr_t
dns_remote_addr(dns_remote_t *remote, unsigned int i) {
REQUIRE(DNS_REMOTE_VALID(remote));
REQUIRE(remote->addresses != NULL);
REQUIRE(i < remote->addrcnt);
return (remote->addresses[i]);
}
isc_sockaddr_t
dns_remote_sourceaddr(dns_remote_t *remote) {
REQUIRE(DNS_REMOTE_VALID(remote));
REQUIRE(remote->sources != NULL);
REQUIRE(remote->curraddr < remote->addrcnt);
return (remote->sources[remote->curraddr]);
}
isc_dscp_t
dns_remote_dscp(dns_remote_t *remote) {
REQUIRE(DNS_REMOTE_VALID(remote));
if (remote->dscps == NULL) {
return -1;
}
if (remote->curraddr >= remote->addrcnt) {
return -1;
}
return (remote->dscps[remote->curraddr]);
}
dns_name_t *
dns_remote_keyname(dns_remote_t *remote) {
REQUIRE(DNS_REMOTE_VALID(remote));
if (remote->keynames == NULL) {
return (NULL);
}
if (remote->curraddr >= remote->addrcnt) {
return (NULL);
}
return (remote->keynames[remote->curraddr]);
}
dns_name_t *
dns_remote_tlsname(dns_remote_t *remote) {
REQUIRE(DNS_REMOTE_VALID(remote));
if (remote->tlsnames == NULL) {
return (NULL);
}
if (remote->curraddr >= remote->addrcnt) {
return (NULL);
}
return (remote->tlsnames[remote->curraddr]);
}
void
dns_remote_next(dns_remote_t *remote, bool skip_good) {
REQUIRE(DNS_REMOTE_VALID(remote));
skip_to_next:
remote->curraddr++;
if (remote->curraddr >= remote->addrcnt) {
return;
}
if (skip_good && remote->ok != NULL && remote->ok[remote->curraddr]) {
goto skip_to_next;
}
}
bool
dns_remote_done(dns_remote_t *remote) {
REQUIRE(DNS_REMOTE_VALID(remote));
return (remote->curraddr >= remote->addrcnt);
}
bool
dns_remote_allgood(dns_remote_t *remote) {
REQUIRE(DNS_REMOTE_VALID(remote));
if (remote->ok == NULL) {
return (true);
}
for (unsigned int i = 0; i < remote->addrcnt; i++) {
if (!remote->ok[i]) {
return (false);
}
}
return (true);
}
bool
dns_remote_addrok(dns_remote_t *remote) {
REQUIRE(DNS_REMOTE_VALID(remote));
REQUIRE(remote->curraddr < remote->addrcnt);
if (remote->ok == NULL) {
return (true);
}
return (remote->ok[remote->curraddr]);
}
void
dns_remote_mark(dns_remote_t *remote, bool good) {
REQUIRE(DNS_REMOTE_VALID(remote));
REQUIRE(remote->curraddr < remote->addrcnt);
remote->ok[remote->curraddr] = good;
}

865
lib/dns/zone.c
View file

File diff suppressed because it is too large Load diff

20
lib/isccfg/namedconf.c
View file

@ -121,6 +121,8 @@ static cfg_type_t cfg_type_optional_dscp;
static cfg_type_t cfg_type_optional_facility;
static cfg_type_t cfg_type_optional_keyref;
static cfg_type_t cfg_type_optional_port;
static cfg_type_t cfg_type_optional_sourceaddr4;
static cfg_type_t cfg_type_optional_sourceaddr6;
static cfg_type_t cfg_type_optional_uint32;
static cfg_type_t cfg_type_optional_tls;
static cfg_type_t cfg_type_options;
@ -234,6 +236,8 @@ static cfg_tuplefielddef_t remotes_fields[] = {
{ "name", &cfg_type_astring, 0 },
{ "port", &cfg_type_optional_port, 0 },
{ "dscp", &cfg_type_optional_dscp, 0 },
{ "source", &cfg_type_optional_sourceaddr4, 0 },
{ "source-v6", &cfg_type_optional_sourceaddr6, 0 },
{ "addresses", &cfg_type_bracketed_namesockaddrkeylist, 0 },
{ NULL, NULL, 0 }
};
@ -273,6 +277,8 @@ static cfg_type_t cfg_type_bracketed_namesockaddrkeylist = {
static cfg_tuplefielddef_t namesockaddrkeylist_fields[] = {
{ "port", &cfg_type_optional_port, 0 },
{ "dscp", &cfg_type_optional_dscp, 0 },
{ "source", &cfg_type_optional_sourceaddr4, 0 },
{ "source-v6", &cfg_type_optional_sourceaddr6, 0 },
{ "addresses", &cfg_type_bracketed_namesockaddrkeylist, 0 },
{ NULL, NULL, 0 }
};
@ -3573,6 +3579,20 @@ static cfg_type_t cfg_type_sockaddr6wild = {
cfg_doc_sockaddr, &cfg_rep_sockaddr, &sockaddr6wild_flags
};
static keyword_type_t sourceaddr4_kw = { "source", &cfg_type_sockaddr4wild };
static cfg_type_t cfg_type_optional_sourceaddr4 = {
"optional_sourceaddr4", parse_optional_keyvalue, print_keyvalue,
doc_optional_keyvalue, &cfg_rep_sockaddr, &sourceaddr4_kw
};
static keyword_type_t sourceaddr6_kw = { "source-v6", &cfg_type_sockaddr6wild };
static cfg_type_t cfg_type_optional_sourceaddr6 = {
"optional_sourceaddr6", parse_optional_keyvalue, print_keyvalue,
doc_optional_keyvalue, &cfg_rep_sockaddr, &sourceaddr6_kw
};
/*%
* rndc
*/