upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add "parental-source[-v6]" config option

Browse source 
Similar to "notify-source" and "transfer-source", add options to
set the source address when querying parental agents for DS records.
This commit is contained in:
Matthijs Mekking 2021-05-14 11:33:51 +02:00
parent c9b7f62767
commit 2872d6a12e
17 changed files with 349 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
bin/named/config.c
View file

@ -179,6 +179,8 @@ options {\n\
notify-source *;\n\
notify-source-v6 *;\n\
nsec3-test-zone no;\n\
parental-source *;\n\
parental-source-v6 *;\n\
provide-ixfr true;\n\
qname-minimization relaxed;\n\
query-source address *;\n\

16
bin/named/named.conf.rst
View file

@ -343,6 +343,10 @@ OPTIONS
nta-lifetime duration;
nta-recheck duration;
nxdomain-redirect string;
parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
parental-source-v6 ( ipv6_address | * ) [ port ( integer | * )
] [ dscp integer ];
pid-file ( quoted_string | none );
port integer;
preferred-glue string;
@ -744,6 +748,10 @@ VIEW
nta-lifetime duration;
nta-recheck duration;
nxdomain-redirect string;
parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
parental-source-v6 ( ipv6_address | * ) [ port ( integer | * )
] [ dscp integer ];
plugin ( query ) string [ {
unspecified-text } ];
preferred-glue string;
@ -945,6 +953,10 @@ VIEW
remote-servers | ipv4_address [ port integer ] |
ipv6_address [ port integer ] ) [ key string ] [
tls string ]; ... };
parental-source ( ipv4_address | * ) [ port ( integer |
* ) ] [ dscp integer ];
parental-source-v6 ( ipv6_address | * ) [ port (
integer | * ) ] [ dscp integer ];
primaries [ port integer ] [ dscp integer ] { (
remote-servers | ipv4_address [ port integer ] |
ipv6_address [ port integer ] ) [ key string ] [
@ -1057,6 +1069,10 @@ ZONE
remote-servers | ipv4_address [ port integer ] |
ipv6_address [ port integer ] ) [ key string ] [ tls
string ]; ... };
parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
parental-source-v6 ( ipv6_address | * ) [ port ( integer | * )
] [ dscp integer ];
primaries [ port integer ] [ dscp integer ] { (
remote-servers | ipv4_address [ port integer ] |
ipv6_address [ port integer ] ) [ key string ] [ tls

24
bin/named/zoneconf.c
View file

@ -1320,6 +1320,30 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
NULL, 0));
}
obj = NULL;
result = named_config_get(maps, "parental-source", &obj);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
RETERR(dns_zone_setparentalsrc4(zone, cfg_obj_assockaddr(obj)));
dscp = cfg_obj_getdscp(obj);
if (dscp == -1) {
dscp = named_g_dscp;
}
RETERR(dns_zone_setparentalsrc4dscp(zone, dscp));
named_add_reserved_dispatch(named_g_server,
cfg_obj_assockaddr(obj));
obj = NULL;
result = named_config_get(maps, "parental-source-v6", &obj);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
RETERR(dns_zone_setparentalsrc6(zone, cfg_obj_assockaddr(obj)));
dscp = cfg_obj_getdscp(obj);
if (dscp == -1) {
dscp = named_g_dscp;
}
RETERR(dns_zone_setparentalsrc6dscp(zone, dscp));
named_add_reserved_dispatch(named_g_server,
cfg_obj_assockaddr(obj));
obj = NULL;
result = named_config_get(maps, "notify-source", &obj);
INSIST(result == ISC_R_SUCCESS && obj != NULL);

1
bin/tests/system/checkconf/good.conf
View file

@ -185,6 +185,7 @@ view "fourth" {
1.2.3.5;
};
dnssec-policy "test";
parental-source 10.10.10.10 port 53 dscp 55;
};
zone "dnssec-default" {
type master;

28
doc/arm/reference.rst
View file

@ -2627,7 +2627,7 @@ options are:
.. note:: Solaris 2.5.1 and earlier does not support setting the source address
for TCP sockets.
.. note:: See also ``transfer-source`` and ``notify-source``.
.. note:: See also ``transfer-source``, ``notify-source`` and ``parental-source``.
.. _zone_transfers:
@ -5136,6 +5136,32 @@ The following options can be specified in a ``dnssec-policy`` statement:
zone is updated to the time when the new version is served by all of
the parent zone's name servers. The default is ``PT1H`` (1 hour).
Automated KSK Rollovers
^^^^^^^^^^^^^^^^^^^^^^^
BIND has mechanisms in place to facilitate automated KSK rollovers. It
publishes CDS and CDNSKEY records that can be used by the parent zone to
publish or withdraw the zone's DS records. BIND will query the parental
agents to see if the new DS is actually published before withdrawing the
old DNSSEC key. The following options apply to DS queries sent to
``parental-agents``:
``parental-source``
``parental-source`` determines which local source address, and
optionally UDP port, is used to send parental DS queries. This
address must appear in the secondary server's ``parental-agents`` zone
clause. This statement sets the ``parental-source`` for all zones, but can
be overridden on a per-zone or per-view basis by including a
``parental-source`` statement within the ``zone`` or ``view`` block in the
configuration file.
.. note:: Solaris 2.5.1 and earlier does not support setting the source
address for TCP sockets.
``parental-source-v6``
This option acts like ``parental-source``, but applies to parental DS
queries sent to IPv6 addresses.
.. _managed-keys:
``managed-keys`` Statement Grammar

16
doc/man/named.conf.5in
View file

@ -410,6 +410,10 @@ options {
nta\-lifetime duration;
nta\-recheck duration;
nxdomain\-redirect string;
parental\-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
parental\-source\-v6 ( ipv6_address | * ) [ port ( integer | * )
] [ dscp integer ];
pid\-file ( quoted_string | none );
port integer;
preferred\-glue string;
@ -847,6 +851,10 @@ view string [ class ] {
nta\-lifetime duration;
nta\-recheck duration;
nxdomain\-redirect string;
parental\-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
parental\-source\-v6 ( ipv6_address | * ) [ port ( integer | * )
] [ dscp integer ];
plugin ( query ) string [ {
unspecified\-text } ];
preferred\-glue string;
@ -1048,6 +1056,10 @@ view string [ class ] {
remote\-servers | ipv4_address [ port integer ] |
ipv6_address [ port integer ] ) [ key string ] [
tls string ]; ... };
parental\-source ( ipv4_address | * ) [ port ( integer |
* ) ] [ dscp integer ];
parental\-source\-v6 ( ipv6_address | * ) [ port (
integer | * ) ] [ dscp integer ];
primaries [ port integer ] [ dscp integer ] { (
remote\-servers | ipv4_address [ port integer ] |
ipv6_address [ port integer ] ) [ key string ] [
@ -1164,6 +1176,10 @@ zone string [ class ] {
remote\-servers | ipv4_address [ port integer ] |
ipv6_address [ port integer ] ) [ key string ] [ tls
string ]; ... };
parental\-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
parental\-source\-v6 ( ipv6_address | * ) [ port ( integer | * )
] [ dscp integer ];
primaries [ port integer ] [ dscp integer ] { (
remote\-servers | ipv4_address [ port integer ] |
ipv6_address [ port integer ] ) [ key string ] [ tls

2
doc/misc/master.zoneopt
View file

@ -47,6 +47,8 @@ zone <string> [ <class> ] {
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
notify-to-soa <boolean>;
parental-agents [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
serial-update-method ( date | increment | unixtime );
sig-signing-nodes <integer>;
sig-signing-signatures <integer>;

2
doc/misc/master.zoneopt.rst
View file

@ -49,6 +49,8 @@
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
notify-to-soa <boolean>;
parental-agents [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
serial-update-method ( date | increment | unixtime );
sig-signing-nodes <integer>;
sig-signing-signatures <integer>;

16
doc/misc/options
View file

@ -268,6 +268,10 @@ options {
nta-lifetime <duration>;
nta-recheck <duration>;
nxdomain-redirect <string>;
parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
dscp <integer> ];
parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
] [ dscp <integer> ];
pid-file ( <quoted_string> | none );
port <integer>;
preferred-glue <string>;
@ -624,6 +628,10 @@ view <string> [ <class> ] {
nta-lifetime <duration>;
nta-recheck <duration>;
nxdomain-redirect <string>;
parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
dscp <integer> ];
parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
] [ dscp <integer> ];
plugin ( query ) <string> [ {
<unspecified-text> } ]; // may occur multiple times
preferred-glue <string>;
@ -827,6 +835,10 @@ view <string> [ <class> ] {
<remote-servers> | <ipv4_address> [ port <integer> ] |
<ipv6_address> [ port <integer> ] ) [ key <string> ] [
tls <string> ]; ... };
parental-source ( <ipv4_address> | * ) [ port ( <integer> |
* ) ] [ dscp <integer> ];
parental-source-v6 ( <ipv6_address> | * ) [ port (
<integer> | * ) ] [ dscp <integer> ];
primaries [ port <integer> ] [ dscp <integer> ] { (
<remote-servers> | <ipv4_address> [ port <integer> ] |
<ipv6_address> [ port <integer> ] ) [ key <string> ] [
@ -935,6 +947,10 @@ zone <string> [ <class> ] {
<remote-servers> | <ipv4_address> [ port <integer> ] |
<ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls
<string> ]; ... };
parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
dscp <integer> ];
parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
] [ dscp <integer> ];
primaries [ port <integer> ] [ dscp <integer> ] { (
<remote-servers> | <ipv4_address> [ port <integer> ] |
<ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls

16
doc/misc/options.active
View file

@ -266,6 +266,10 @@ options {
nta-lifetime <duration>;
nta-recheck <duration>;
nxdomain-redirect <string>;
parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
dscp <integer> ];
parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
] [ dscp <integer> ];
pid-file ( <quoted_string> | none );
port <integer>;
preferred-glue <string>;
@ -620,6 +624,10 @@ view <string> [ <class> ] {
nta-lifetime <duration>;
nta-recheck <duration>;
nxdomain-redirect <string>;
parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
dscp <integer> ];
parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
] [ dscp <integer> ];
plugin ( query ) <string> [ {
<unspecified-text> } ]; // may occur multiple times
preferred-glue <string>;
@ -821,6 +829,10 @@ view <string> [ <class> ] {
<remote-servers> | <ipv4_address> [ port <integer> ] |
<ipv6_address> [ port <integer> ] ) [ key <string> ] [
tls <string> ]; ... };
parental-source ( <ipv4_address> | * ) [ port ( <integer> |
* ) ] [ dscp <integer> ];
parental-source-v6 ( <ipv6_address> | * ) [ port (
<integer> | * ) ] [ dscp <integer> ];
primaries [ port <integer> ] [ dscp <integer> ] { (
<remote-servers> | <ipv4_address> [ port <integer> ] |
<ipv6_address> [ port <integer> ] ) [ key <string> ] [
@ -928,6 +940,10 @@ zone <string> [ <class> ] {
<remote-servers> | <ipv4_address> [ port <integer> ] |
<ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls
<string> ]; ... };
parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
dscp <integer> ];
parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
] [ dscp <integer> ];
primaries [ port <integer> ] [ dscp <integer> ] { (
<remote-servers> | <ipv4_address> [ port <integer> ] |
<ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls

4
doc/misc/options.grammar.rst
View file

@ -188,6 +188,10 @@
nta-lifetime <duration>;
nta-recheck <duration>;
nxdomain-redirect <string>;
parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
dscp <integer> ];
parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
] [ dscp <integer> ];
pid-file ( <quoted_string> | none );
port <integer>;
preferred-glue <string>;

2
doc/misc/slave.zoneopt
View file

@ -46,6 +46,8 @@ zone <string> [ <class> ] {
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
notify-to-soa <boolean>;
parental-agents [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
primaries [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
request-expire <boolean>;
request-ixfr <boolean>;

2
doc/misc/slave.zoneopt.rst
View file

@ -48,6 +48,8 @@
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
notify-to-soa <boolean>;
parental-agents [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
primaries [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
request-expire <boolean>;
request-ixfr <boolean>;

1
lib/bind9/check.c
View file

@ -3637,6 +3637,7 @@ static struct {
const char *v6;
} sources[] = { { "transfer-source", "transfer-source-v6" },
{ "notify-source", "notify-source-v6" },
{ "parental-source", "parental-source-v6" },
{ "query-source", "query-source-v6" },
{ NULL, NULL } };

97
lib/dns/include/dns/zone.h
View file

@ -924,6 +924,94 @@ dns_zone_setaltxfrsource6dscp(dns_zone_t *zone, isc_dscp_t dscp);
*\li #ISC_R_SUCCESS
*/
isc_result_t
dns_zone_setparentalsrc4(dns_zone_t *zone, const isc_sockaddr_t *parentalsrc);
/*%<
* Set the source address to be used with IPv4 parental DS queries.
*
* Require:
*\li 'zone' to be a valid zone.
*\li 'parentalsrc' to contain the address.
*
* Returns:
*\li #ISC_R_SUCCESS
*/
isc_sockaddr_t *
dns_zone_getparentalsrc4(dns_zone_t *zone);
/*%<
* Returns the source address set by a previous dns_zone_setparentalsrc4
* call, or the default of inaddr_any, port 0.
*
* Require:
*\li 'zone' to be a valid zone.
*/
isc_dscp_t
dns_zone_getparentalsrc4dscp(dns_zone_t *zone);
/*%/
* Get the DSCP value associated with the IPv4 parental source.
*
* Require:
*\li 'zone' to be a valid zone.
*/
isc_result_t
dns_zone_setparentalsrc4dscp(dns_zone_t *zone, isc_dscp_t dscp);
/*%<
* Set the DSCP value associated with the IPv4 parental source.
*
* Require:
*\li 'zone' to be a valid zone.
*
* Returns:
*\li #ISC_R_SUCCESS
*/
isc_result_t
dns_zone_setparentalsrc6(dns_zone_t *zone, const isc_sockaddr_t *parentalsrc);
/*%<
* Set the source address to be used with IPv6 parental DS queries.
*
* Require:
*\li 'zone' to be a valid zone.
*\li 'parentalsrc' to contain the address.
*
* Returns:
*\li #ISC_R_SUCCESS
*/
isc_sockaddr_t *
dns_zone_getparentalsrc6(dns_zone_t *zone);
/*%<
* Returns the source address set by a previous dns_zone_setparentalsrc6
* call, or the default of in6addr_any, port 0.
*
* Require:
*\li 'zone' to be a valid zone.
*/
isc_dscp_t
dns_zone_getparentalsrc6dscp(dns_zone_t *zone);
/*%/
* Get the DSCP value associated with the IPv6 parental source.
*
* Require:
*\li 'zone' to be a valid zone.
*/
isc_result_t
dns_zone_setparentalsrc6dscp(dns_zone_t *zone, isc_dscp_t dscp);
/*%<
* Set the DSCP value associated with the IPv6 parental source.
*
* Require:
*\li 'zone' to be a valid zone.
*
* Returns:
*\li #ISC_R_SUCCESS
*/
isc_result_t
dns_zone_setnotifysrc4(dns_zone_t *zone, const isc_sockaddr_t *notifysrc);
/*%<
@ -1846,6 +1934,15 @@ dns_zonemgr_getiolimit(dns_zonemgr_t *zmgr);
*\li 'zmgr' to be a valid zone manager.
*/
void
dns_zonemgr_setcheckdsrate(dns_zonemgr_t *zmgr, unsigned int value);
/*%<
* Set the number of parental DS queries sent per second.
*
* Requires:
*\li 'zmgr' to be a valid zone manager
*/
void
dns_zonemgr_setnotifyrate(dns_zonemgr_t *zmgr, unsigned int value);
/*%<

136
lib/dns/zone.c
View file

@ -301,6 +301,8 @@ struct dns_zone {
isc_task_t *loadtask;
isc_sockaddr_t notifysrc4;
isc_sockaddr_t notifysrc6;
isc_sockaddr_t parentalsrc4;
isc_sockaddr_t parentalsrc6;
isc_sockaddr_t xfrsource4;
isc_sockaddr_t xfrsource6;
isc_sockaddr_t altxfrsource4;
@ -308,6 +310,8 @@ struct dns_zone {
isc_sockaddr_t sourceaddr;
isc_dscp_t notifysrc4dscp;
isc_dscp_t notifysrc6dscp;
isc_dscp_t parentalsrc4dscp;
isc_dscp_t parentalsrc6dscp;
isc_dscp_t xfrsource4dscp;
isc_dscp_t xfrsource6dscp;
isc_dscp_t altxfrsource4dscp;
@ -586,6 +590,7 @@ struct dns_zonemgr {
isc_taskpool_t *loadtasks;
isc_task_t *task;
isc_pool_t *mctxpool;
isc_ratelimiter_t *checkdsrl;
isc_ratelimiter_t *notifyrl;
isc_ratelimiter_t *refreshrl;
isc_ratelimiter_t *startupnotifyrl;
@ -602,6 +607,7 @@ struct dns_zonemgr {
/* Configuration data. */
uint32_t transfersin;
uint32_t transfersperns;
unsigned int checkdsrate;
unsigned int notifyrate;
unsigned int startupnotifyrate;
unsigned int serialqueryrate;
@ -1040,6 +1046,8 @@ dns_zone_create(dns_zone_t **zonep, isc_mem_t *mctx) {
.idleout = DNS_DEFAULT_IDLEOUT,
.notifysrc4dscp = -1,
.notifysrc6dscp = -1,
.parentalsrc4dscp = -1,
.parentalsrc6dscp = -1,
.xfrsource4dscp = -1,
.xfrsource6dscp = -1,
.altxfrsource4dscp = -1,
@ -1100,6 +1108,8 @@ dns_zone_create(dns_zone_t **zonep, isc_mem_t *mctx) {
ISC_LIST_INIT(zone->notifies);
isc_sockaddr_any(&zone->notifysrc4);
isc_sockaddr_any6(&zone->notifysrc6);
isc_sockaddr_any(&zone->parentalsrc4);
isc_sockaddr_any6(&zone->parentalsrc6);
isc_sockaddr_any(&zone->xfrsource4);
isc_sockaddr_any6(&zone->xfrsource6);
isc_sockaddr_any(&zone->altxfrsource4);
@ -5947,6 +5957,75 @@ dns_zone_getaltxfrsource6dscp(dns_zone_t *zone) {
return (zone->altxfrsource6dscp);
}
isc_result_t
dns_zone_setparentalsrc4(dns_zone_t *zone, const isc_sockaddr_t *parentalsrc) {
REQUIRE(DNS_ZONE_VALID(zone));
LOCK_ZONE(zone);
zone->parentalsrc4 = *parentalsrc;
UNLOCK_ZONE(zone);
return (ISC_R_SUCCESS);
}
isc_sockaddr_t *
dns_zone_getparentalsrc4(dns_zone_t *zone) {
REQUIRE(DNS_ZONE_VALID(zone));
return (&zone->parentalsrc4);
}
isc_result_t
dns_zone_setparentalsrc4dscp(dns_zone_t *zone, isc_dscp_t dscp) {
REQUIRE(DNS_ZONE_VALID(zone));
LOCK_ZONE(zone);
zone->parentalsrc4dscp = dscp;
UNLOCK_ZONE(zone);
return (ISC_R_SUCCESS);
}
isc_dscp_t
dns_zone_getparentalsrc4dscp(dns_zone_t *zone) {
REQUIRE(DNS_ZONE_VALID(zone));
return (zone->parentalsrc4dscp);
}
isc_result_t
dns_zone_setparentalsrc6(dns_zone_t *zone, const isc_sockaddr_t *parentalsrc) {
REQUIRE(DNS_ZONE_VALID(zone));
LOCK_ZONE(zone);
zone->parentalsrc6 = *parentalsrc;
UNLOCK_ZONE(zone);
return (ISC_R_SUCCESS);
}
isc_sockaddr_t *
dns_zone_getparentalsrc6(dns_zone_t *zone) {
REQUIRE(DNS_ZONE_VALID(zone));
return (&zone->parentalsrc6);
}
isc_result_t
dns_zone_setparentalsrc6dscp(dns_zone_t *zone, isc_dscp_t dscp) {
REQUIRE(DNS_ZONE_VALID(zone));
LOCK_ZONE(zone);
zone->parentalsrc6dscp = dscp;
UNLOCK_ZONE(zone);
return (ISC_R_SUCCESS);
}
isc_dscp_t
dns_zone_getparentalsrc6dscp(dns_zone_t *zone) {
REQUIRE(DNS_ZONE_VALID(zone));
return (zone->parentalsrc6dscp);
}
isc_result_t
dns_zone_setnotifysrc4(dns_zone_t *zone, const isc_sockaddr_t *notifysrc) {
REQUIRE(DNS_ZONE_VALID(zone));
@ -5998,6 +6077,23 @@ dns_zone_getnotifysrc6(dns_zone_t *zone) {
return (&zone->notifysrc6);
}
isc_result_t
dns_zone_setnotifysrc6dscp(dns_zone_t *zone, isc_dscp_t dscp) {
REQUIRE(DNS_ZONE_VALID(zone));
LOCK_ZONE(zone);
zone->notifysrc6dscp = dscp;
UNLOCK_ZONE(zone);
return (ISC_R_SUCCESS);
}
isc_dscp_t
dns_zone_getnotifysrc6dscp(dns_zone_t *zone) {
REQUIRE(DNS_ZONE_VALID(zone));
return (zone->notifysrc6dscp);
}
static bool
same_addrs(isc_sockaddr_t const *oldlist, isc_sockaddr_t const *newlist,
uint32_t count) {
@ -6162,23 +6258,6 @@ set_serverslist(unsigned int count, const isc_sockaddr_t *addrs,
return (ISC_R_SUCCESS);
}
isc_result_t
dns_zone_setnotifysrc6dscp(dns_zone_t *zone, isc_dscp_t dscp) {
REQUIRE(DNS_ZONE_VALID(zone));
LOCK_ZONE(zone);
zone->notifysrc6dscp = dscp;
UNLOCK_ZONE(zone);
return (ISC_R_SUCCESS);
}
isc_dscp_t
dns_zone_getnotifysrc6dscp(dns_zone_t *zone) {
REQUIRE(DNS_ZONE_VALID(zone));
return (zone->notifysrc6dscp);
}
isc_result_t
dns_zone_setalsonotify(dns_zone_t *zone, const isc_sockaddr_t *notify,
const isc_dscp_t *dscps, dns_name_t **keynames,
@ -18221,6 +18300,7 @@ dns_zonemgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
zmgr->loadtasks = NULL;
zmgr->mctxpool = NULL;
zmgr->task = NULL;
zmgr->checkdsrl = NULL;
zmgr->notifyrl = NULL;
zmgr->refreshrl = NULL;
zmgr->startupnotifyrl = NULL;
@ -18248,11 +18328,17 @@ dns_zonemgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
isc_task_setname(zmgr->task, "zmgr", zmgr);
result = isc_ratelimiter_create(mctx, timermgr, zmgr->task,
&zmgr->notifyrl);
&zmgr->checkdsrl);
if (result != ISC_R_SUCCESS) {
goto free_task;
}
result = isc_ratelimiter_create(mctx, timermgr, zmgr->task,
&zmgr->notifyrl);
if (result != ISC_R_SUCCESS) {
goto free_checkdsrl;
}
result = isc_ratelimiter_create(mctx, timermgr, zmgr->task,
&zmgr->refreshrl);
if (result != ISC_R_SUCCESS) {
@ -18271,7 +18357,8 @@ dns_zonemgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
goto free_startupnotifyrl;
}
/* default to 20 refresh queries / notifies per second. */
/* default to 20 refresh queries / notifies / checkds per second. */
setrl(zmgr->checkdsrl, &zmgr->checkdsrate, 20);
setrl(zmgr->notifyrl, &zmgr->notifyrate, 20);
setrl(zmgr->startupnotifyrl, &zmgr->startupnotifyrate, 20);
setrl(zmgr->refreshrl, &zmgr->serialqueryrate, 20);
@ -18301,6 +18388,8 @@ free_refreshrl:
isc_ratelimiter_detach(&zmgr->refreshrl);
free_notifyrl:
isc_ratelimiter_detach(&zmgr->notifyrl);
free_checkdsrl:
isc_ratelimiter_detach(&zmgr->checkdsrl);
free_task:
isc_task_detach(&zmgr->task);
free_urlock:
@ -18489,6 +18578,7 @@ dns_zonemgr_shutdown(dns_zonemgr_t *zmgr) {
REQUIRE(DNS_ZONEMGR_VALID(zmgr));
isc_ratelimiter_shutdown(zmgr->checkdsrl);
isc_ratelimiter_shutdown(zmgr->notifyrl);
isc_ratelimiter_shutdown(zmgr->refreshrl);
isc_ratelimiter_shutdown(zmgr->startupnotifyrl);
@ -18623,6 +18713,7 @@ zonemgr_free(dns_zonemgr_t *zmgr) {
isc_refcount_destroy(&zmgr->refs);
isc_mutex_destroy(&zmgr->iolock);
isc_ratelimiter_detach(&zmgr->checkdsrl);
isc_ratelimiter_detach(&zmgr->notifyrl);
isc_ratelimiter_detach(&zmgr->refreshrl);
isc_ratelimiter_detach(&zmgr->startupnotifyrl);
@ -19013,6 +19104,13 @@ setrl(isc_ratelimiter_t *rl, unsigned int *rate, unsigned int value) {
*rate = value;
}
void
dns_zonemgr_setcheckdsrate(dns_zonemgr_t *zmgr, unsigned int value) {
REQUIRE(DNS_ZONEMGR_VALID(zmgr));
setrl(zmgr->checkdsrl, &zmgr->checkdsrate, value);
}
void
dns_zonemgr_setnotifyrate(dns_zonemgr_t *zmgr, unsigned int value) {
REQUIRE(DNS_ZONEMGR_VALID(zmgr));

4
lib/isccfg/namedconf.c
View file

@ -2248,6 +2248,10 @@ static cfg_clausedef_t zone_clauses[] = {
CFG_ZONE_MASTER | CFG_ZONE_SLAVE },
{ "nsec3-test-zone", &cfg_type_boolean,
CFG_CLAUSEFLAG_TESTONLY | CFG_ZONE_MASTER | CFG_ZONE_SLAVE },
{ "parental-source", &cfg_type_sockaddr4wild,
CFG_ZONE_MASTER | CFG_ZONE_SLAVE },
{ "parental-source-v6", &cfg_type_sockaddr6wild,
CFG_ZONE_MASTER | CFG_ZONE_SLAVE },
{ "request-expire", &cfg_type_boolean,
CFG_ZONE_SLAVE | CFG_ZONE_MIRROR },
{ "request-ixfr", &cfg_type_boolean, CFG_ZONE_SLAVE | CFG_ZONE_MIRROR },