defaults.

git-svn-id: file:///svn/unbound/trunk@774 be551aaa-1e26-0410-a405-d3ace91eadb9

checkconf/unbound-checkconf.c

@@ -50,6 +50,7 @@
 #include "util/regional.h"
 #include "iterator/iterator.h"
 #include "validator/validator.h"
+#include "services/localzone.h"
 #include <pwd.h>
 
 /** Give checkconf usage, and exit (1). */
@@ -93,6 +94,7 @@ morechecks(struct config_file* cfg)
 	struct sockaddr_storage a;
 	socklen_t alen;
 	struct config_str2list* acl;
+	struct local_zones* zs;
 	for(i=0; i<cfg->num_ifs; i++) {
 		if(!ipstrtoaddr(cfg->ifs[i], UNBOUND_DNS_PORT, &a, &alen)) {
 			fatal_exit("cannot parse interface specified as '%s'",
@@ -140,7 +142,7 @@ morechecks(struct config_file* cfg)
 	
 	if(strcmp(cfg->module_conf, "iterator") != 0 &&
 		strcmp(cfg->module_conf, "validator iterator") != 0) {
-		fatal_exit("module conf %s is not known to work",
+		fatal_exit("module conf '%s' is not known to work",
 			cfg->module_conf);
 	}
 
@@ -150,6 +152,13 @@ morechecks(struct config_file* cfg)
 			fatal_exit("user '%s' does not exist.", cfg->username);
 		endpwent();
 	}
+
+	if(!(zs = local_zones_create()))
+		fatal_exit("out of memory");
+	if(!local_zones_apply_cfg(zs, cfg))
+		fatal_exit("failed local-zone, local-data configuration");
+	local_zones_print(zs); /* @@@ DEBUG */
+	local_zones_delete(zs);
 }
 
 /** check config file */

daemon/daemon.c

@@ -50,6 +50,7 @@
 #include "services/listen_dnsport.h"
 #include "services/cache/rrset.h"
 #include "services/cache/infra.h"
+#include "services/localzone.h"
 #include "util/module.h"
 #include "iterator/iterator.h"
 #include "validator/validator.h"
@@ -406,6 +407,10 @@ daemon_fork(struct daemon* daemon)
 	log_assert(daemon);
 	if(!acl_list_apply_cfg(daemon->acl, daemon->cfg))
 		fatal_exit("Could not setup access control list");
+	if(!(daemon->local_zones = local_zones_create()))
+		fatal_exit("Could not create local zones: out of memory");
+	if(!local_zones_apply_cfg(daemon->local_zones, daemon->cfg))
+		fatal_exit("Could not set up local zones");
 
 	/* setup modules */
 	daemon_setup_modules(daemon);
@@ -452,6 +457,8 @@ daemon_cleanup(struct daemon* daemon)
 	 * The infra cache is kept, the timing and edns info is still valid */
 	slabhash_clear(&daemon->env->rrset_cache->table);
 	slabhash_clear(daemon->env->msg_cache);
+	local_zones_delete(daemon->local_zones);
+	daemon->local_zones = NULL;
 	/* key cache is cleared by module desetup during next daemon_init() */
 	for(i=0; i<daemon->num; i++)
 		worker_delete(daemon->workers[i]);

daemon/daemon.h

@@ -51,6 +51,7 @@ struct slabhash;
 struct module_env;
 struct rrset_cache;
 struct acl_list;
+struct local_zones;
 
 /**
  * Structure holding worker list.
@@ -81,6 +82,8 @@ struct daemon {
 	struct module_func_block** modfunc;
 	/** access control, which client IPs are allowed to connect */
 	struct acl_list* acl;
+	/** local authority zones */
+	struct local_zones* local_zones;
 };
 
 /**

doc/Changelog

@@ -1,3 +1,8 @@
+22 November 2007: Wouter
+	- noted EDNS in-the-middle dropping trouble as a TODO.
+	  At this point theoretical, no user trouble has been reported.
+	- added all default AS112 zones.
+
 21 November 2007: Wouter
 	- local zone internal data setup.
 

doc/TODO

@@ -57,3 +57,4 @@ o use privilege separation, to change privilege options during reload securely
 o check if for PowerDNS(2.9.21) CNAME in Answer section & rcode=NXDOMAIN needs
   to be fixed up to be rcode=NOERROR?
 o On Windows use CryptGenRandom() to get random seed for arc4random.
+o Think about intermediate firewalls dropping EDNS UDP & handling that.

services/localzone.c

@@ -392,7 +392,7 @@ lz_enter_rr_into_zone(struct local_zone* z, ldns_buffer* buf,
 			log_err("out of memory adding local data");
 			return 0;
 		}
-		node->node.key = &node;
+		node->node.key = node;
 		node->name = regional_alloc_init(z->region, key.name, 
 			key.namelen);
 		if(!node->name) {
@@ -496,6 +496,27 @@ lz_nodefault(struct config_file* cfg, const char* name)
 	return 0;
 }
 
+/** enter AS112 default zone */
+static int
+add_as112_default(struct local_zones* zones, struct config_file* cfg,
+        ldns_buffer* buf, char* name)
+{
+	struct local_zone* z;
+	char str[1024]; /* known long enough */
+	if(lz_exists(zones, name) || lz_nodefault(cfg, name))
+		return 1; /* do not enter default content */
+	if(!(z=lz_enter_zone(zones, name, "static", LDNS_RR_CLASS_IN)))
+		return 0;
+	snprintf(str, sizeof(str), "%s 10800 IN SOA localhost. "
+		"nobody.invalid. 1 3600 1200 604800 10800", name);
+	if(!lz_enter_rr_into_zone(z, buf, str))
+		return 0;
+	snprintf(str, sizeof(str), "%s 10800 IN NS localhost. ", name);
+	if(!lz_enter_rr_into_zone(z, buf, str))
+		return 0;
+	return 1;
+}
+
 /** enter default zones */
 static int
 lz_enter_defaults(struct local_zones* zones, struct config_file* cfg,
@@ -521,8 +542,70 @@ lz_enter_defaults(struct local_zones* zones, struct config_file* cfg,
 			return 0;
 		}
 	}
-	/* @@@ TODO other zones */
+	/* reverse ip4 zone */
+	if(!lz_exists(zones, "127.in-addr.arpa.") &&
+		!lz_nodefault(cfg, "127.in-addr.arpa.")) {
+		if(!(z=lz_enter_zone(zones, "127.in-addr.arpa.", "static", 
+			LDNS_RR_CLASS_IN)) ||
+		   !lz_enter_rr_into_zone(z, buf,
+			"127.in-addr.arpa. 10800 IN NS localhost.") ||
+		   !lz_enter_rr_into_zone(z, buf,
+			"127.in-addr.arpa. 10800 IN SOA localhost. "
+			"nobody.invalid. 1 3600 1200 604800 10800") ||
+		   !lz_enter_rr_into_zone(z, buf,
+			"1.0.0.127.in-addr.arpa. 10800 IN PTR localhost.")) {
+			log_err("out of memory adding default zone");
 			return 0;
+		}
+	}
+	/* reverse ip6 zone */
+	if(!lz_exists(zones, "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.") &&
+		!lz_nodefault(cfg, "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.")) {
+		if(!(z=lz_enter_zone(zones, "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.", "static", 
+			LDNS_RR_CLASS_IN)) ||
+		   !lz_enter_rr_into_zone(z, buf,
+			"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN NS localhost.") ||
+		   !lz_enter_rr_into_zone(z, buf,
+			"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN SOA localhost. "
+			"nobody.invalid. 1 3600 1200 604800 10800") ||
+		   !lz_enter_rr_into_zone(z, buf,
+			"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN PTR localhost.")) {
+			log_err("out of memory adding default zone");
+			return 0;
+		}
+	}
+	if (	!add_as112_default(zones, cfg, buf, "10.in-addr.arpa") ||
+		!add_as112_default(zones, cfg, buf, "16.172.in-addr.arpa") ||
+		!add_as112_default(zones, cfg, buf, "17.172.in-addr.arpa") ||
+		!add_as112_default(zones, cfg, buf, "18.172.in-addr.arpa") ||
+		!add_as112_default(zones, cfg, buf, "19.172.in-addr.arpa") ||
+		!add_as112_default(zones, cfg, buf, "20.172.in-addr.arpa") ||
+		!add_as112_default(zones, cfg, buf, "21.172.in-addr.arpa") ||
+		!add_as112_default(zones, cfg, buf, "22.172.in-addr.arpa") ||
+		!add_as112_default(zones, cfg, buf, "23.172.in-addr.arpa") ||
+		!add_as112_default(zones, cfg, buf, "24.172.in-addr.arpa") ||
+		!add_as112_default(zones, cfg, buf, "25.172.in-addr.arpa") ||
+		!add_as112_default(zones, cfg, buf, "26.172.in-addr.arpa") ||
+		!add_as112_default(zones, cfg, buf, "27.172.in-addr.arpa") ||
+		!add_as112_default(zones, cfg, buf, "28.172.in-addr.arpa") ||
+		!add_as112_default(zones, cfg, buf, "29.172.in-addr.arpa") ||
+		!add_as112_default(zones, cfg, buf, "30.172.in-addr.arpa") ||
+		!add_as112_default(zones, cfg, buf, "31.172.in-addr.arpa") ||
+		!add_as112_default(zones, cfg, buf, "168.192.in-addr.arpa") ||
+		!add_as112_default(zones, cfg, buf, "0.in-addr.arpa") ||
+		!add_as112_default(zones, cfg, buf, "254.169.in-addr.arpa") ||
+		!add_as112_default(zones, cfg, buf, "2.0.192.in-addr.arpa") ||
+		!add_as112_default(zones, cfg, buf, "255.255.255.255.in-addr.arpa") ||
+		!add_as112_default(zones, cfg, buf, "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.") ||
+		!add_as112_default(zones, cfg, buf, "d.f.ip6.arpa.") ||
+		!add_as112_default(zones, cfg, buf, "8.e.f.ip6.arpa.") ||
+		!add_as112_default(zones, cfg, buf, "9.e.f.ip6.arpa.") ||
+		!add_as112_default(zones, cfg, buf, "a.e.f.ip6.arpa.") ||
+		!add_as112_default(zones, cfg, buf, "b.e.f.ip6.arpa.")) {
+		log_err("out of memory adding default zone");
+		return 0;
+	}
+	return 1;
 }
 
 /** setup parent pointers, so that a lookup can be done for closest match */
@@ -625,7 +708,7 @@ lz_setup_implicit(struct local_zones* zones, struct config_file* cfg)
 		/* restart to setup other class */
 		return lz_setup_implicit(zones, cfg);
 	}
-	return 0;
+	return 1;
 }
 
 /** enter auth data */
@@ -745,21 +828,27 @@ void local_zones_print(struct local_zones* zones)
 		case local_zone_deny:
 			log_nametypeclass(0, "deny zone", 
 				z->name, 0, z->dclass);
+			break;
 		case local_zone_refuse:
 			log_nametypeclass(0, "refuse zone", 
 				z->name, 0, z->dclass);
+			break;
 		case local_zone_redirect:
 			log_nametypeclass(0, "redirect zone", 
 				z->name, 0, z->dclass);
+			break;
 		case local_zone_transparent:
 			log_nametypeclass(0, "transparent zone", 
 				z->name, 0, z->dclass);
+			break;
 		case local_zone_static:
 			log_nametypeclass(0, "static zone", 
 				z->name, 0, z->dclass);
+			break;
 		default:
 			log_nametypeclass(0, "badtyped zone", 
 				z->name, 0, z->dclass);
+			break;
 		}
 		local_zone_out(z);
 	}