diff options
| author | Internet Software Consortium, Inc <@isc.org> | 2012-02-24 05:53:42 -0700 |
|---|---|---|
| committer | Internet Software Consortium, Inc <@isc.org> | 2012-02-24 05:53:42 -0700 |
| commit | d5366e3ab6dcf3feadccdd42219502f6da607288 (patch) | |
| tree | d2c2cbb8df2d0ef1061c1c78575041a7ded9f3a2 | |
| parent | 42ae2295b467bd2b6132ece85d7f555a54682288 (diff) | |
| download | bind9-d5366e3ab6dcf3feadccdd42219502f6da607288.tar.gz | |
9.9.0rc4
27 files changed, 474 insertions, 192 deletions
@@ -1,3 +1,15 @@ + --- 9.9.0rc4 released --- + +3289. [bug] 'rndc retransfer' failed for inline zones. [RT #28036] + +3288. [bug] dlz_destroy() function wasn't correctly registered + by the DLZ dlopen driver. [RT #28056] + +3287. [port] Update ans.pl to work with Net::DNS 0.68. [RT #28028] + +3286. [bug] Managed key maintenance timer could fail to start + after 'rndc reconfig'. [RT #26786] + --- 9.9.0rc3 released --- 3285. [bug] val-frdataset was incorrectly disassociated in @@ -48,6 +48,9 @@ BIND 9 For a detailed list of user-visible changes from previous releases, see the CHANGES file. + For up-to-date release notes and errata, see + http://www.isc.org/software/bind9/releasenotes + BIND 9.9.0 BIND 9.9.0 includes a number of changes from BIND 9.8 and earlier diff --git a/bin/named/server.c b/bin/named/server.c index fd3c7041..a6930837 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: server.c,v 1.638.4.3 2012-02-07 00:58:40 each Exp $ */ +/* $Id: server.c,v 1.638.4.5 2012-02-23 07:02:18 marka Exp $ */ /*! \file */ @@ -3536,6 +3536,7 @@ add_keydata_zone(dns_view_t *view, const char *directory, isc_mem_t *mctx) { dns_zone_attach(pview->managed_keys, &view->managed_keys); dns_zone_setview(pview->managed_keys, view); dns_view_detach(&pview); + dns_zone_synckeyzone(view->managed_keys); return (ISC_R_SUCCESS); } @@ -5986,6 +5987,7 @@ isc_result_t ns_server_retransfercommand(ns_server_t *server, char *args) { isc_result_t result; dns_zone_t *zone = NULL; + dns_zone_t *raw = NULL; dns_zonetype_t type; result = zone_from_args(server, args, NULL, &zone, NULL, ISC_TRUE); @@ -5993,6 +5995,12 @@ ns_server_retransfercommand(ns_server_t *server, char *args) { return (result); if (zone == NULL) return (ISC_R_UNEXPECTEDEND); + dns_zone_getraw(zone, &raw); + if (raw != NULL) { + dns_zone_detach(&zone); + dns_zone_attach(raw, &zone); + dns_zone_detach(&raw); + } type = dns_zone_gettype(zone); if (type == dns_zone_slave || type == dns_zone_stub) dns_zone_forcereload(zone); diff --git a/bin/named/unix/dlz_dlopen_driver.c b/bin/named/unix/dlz_dlopen_driver.c index 1521a056..580d1a48 100644 --- a/bin/named/unix/dlz_dlopen_driver.c +++ b/bin/named/unix/dlz_dlopen_driver.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2011, 2012 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dlz_dlopen_driver.c,v 1.6 2011-10-27 23:01:59 smann Exp $ */ +/* $Id: dlz_dlopen_driver.c,v 1.6.96.2 2012-02-22 23:47:07 tbox Exp $ */ #include <config.h> @@ -316,6 +316,8 @@ dlopen_dlz_create(const char *dlzname, unsigned int argc, char *argv[], dl_load_symbol(cd, "dlz_subrdataset", ISC_FALSE); cd->dlz_delrdataset = (dlz_dlopen_delrdataset_t *) dl_load_symbol(cd, "dlz_delrdataset", ISC_FALSE); + cd->dlz_destroy = (dlz_dlopen_destroy_t *) + dl_load_symbol(cd, "dlz_destroy", ISC_FALSE); /* Check the version of the API is the same */ cd->version = cd->dlz_version(&cd->flags); diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c index 20da1eb6..f6b74545 100644 --- a/bin/named/zoneconf.c +++ b/bin/named/zoneconf.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zoneconf.c,v 1.186.22.2 2012-01-31 23:47:02 tbox Exp $ */ +/* $Id: zoneconf.c,v 1.186.22.3 2012-02-23 07:02:19 marka Exp $ */ /*% */ @@ -1134,7 +1134,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, dns_zone_setoption(raw, DNS_ZONEOPT_IXFRFROMDIFFS, ISC_TRUE); dns_zone_setoption(zone, DNS_ZONEOPT_IXFRFROMDIFFS, - ISC_FALSE); + ISC_TRUE); } else dns_zone_setoption(zone, DNS_ZONEOPT_IXFRFROMDIFFS, ixfrdiff); diff --git a/bin/tests/system/ans.pl b/bin/tests/system/ans.pl index 796857b6..d9f6c5f5 100644 --- a/bin/tests/system/ans.pl +++ b/bin/tests/system/ans.pl @@ -1,6 +1,6 @@ #!/usr/bin/perl # -# Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2011, 2012 Internet Systems Consortium, Inc. ("ISC") # # Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: ans.pl,v 1.4 2011-03-18 04:41:15 each Exp $ +# $Id: ans.pl,v 1.4.238.2 2012-02-22 23:47:08 tbox Exp $ # # This is the name server from hell. It provides canned @@ -80,7 +80,7 @@ local $| = 1; # XXX: we should also be able to specify IPv6 my $server_addr = "10.53.0.2"; if (@ARGV > 0) { - $server_addr = @ARGV[0]; + $server_addr = @ARGV[0]; } # XXX: we should also be able to set the port numbers to listen on. @@ -106,108 +106,144 @@ $SIG{TERM} = \&rmpid; #my @answers = (); my @rules; sub handleUDP { - my ($buf) = @_; + my ($buf) = @_; - my ($packet, $err) = new Net::DNS::Packet(\$buf, 0); - $err and die $err; + my ($request, $err) = new Net::DNS::Packet(\$buf, 0); + $err and die $err; - $packet->header->qr(1); - $packet->header->aa(1); + my @questions = $request->question; + my $qname = $questions[0]->qname; + my $qtype = $questions[0]->qtype; + my $qclass = $questions[0]->qclass; + my $id = $request->header->id; - my @questions = $packet->question; - my $qname = $questions[0]->qname; - my $qtype = $questions[0]->qtype; + my $packet = new Net::DNS::Packet($qname, $qtype, $qclass); + $packet->header->qr(1); + $packet->header->aa(1); + $packet->header->id($id); - # get the existing signature if any, and clear the additional section - my $prev_tsig; - while (my $rr = $packet->pop("additional")) { - if ($rr->type eq "TSIG") { - $prev_tsig = $rr; - } - } + # get the existing signature if any, and clear the additional section + my $prev_tsig; + while (my $rr = $request->pop("additional")) { + if ($rr->type eq "TSIG") { + $prev_tsig = $rr; + } + } - my $r; - foreach $r (@rules) { - my $pattern = $r->{pattern}; + my $r; + foreach $r (@rules) { + my $pattern = $r->{pattern}; my($dbtype, $key_name, $key_data) = split(/ /,$pattern); print "[handleUDP] $dbtype, $key_name, $key_data \n"; - if ("$qname $qtype" =~ /$dbtype/) { - my $a; - foreach $a (@{$r->{answer}}) { - $packet->push("answer", $a); - } + if ("$qname $qtype" =~ /$dbtype/) { + my $a; + foreach $a (@{$r->{answer}}) { + $packet->push("answer", $a); + } if(defined($key_name) && defined($key_data)) { # Sign the packet print " Signing the response with " . - "$key_name/$key_data\n"; - my $tsig = Net::DNS::RR-> - new("$key_name TSIG $key_data"); - - # These kluges are necessary because Net::DNS - # doesn't know how to sign responses. We - # clear compnames so that the TSIG key and - # algorithm name won't be compressed, and - # add one to arcount because the signing - # function will attempt to decrement it, - # which is incorrect in a response. Finally - # we set request_mac to the previous digest. - $packet->{"compnames"} = {}; - $packet->{"header"}{"arcount"} += 1; - if (defined($prev_tsig)) { - my $rmac = pack('n H*', - $prev_tsig->mac_size, - $prev_tsig->mac); - $tsig->{"request_mac"} = - unpack("H*", $rmac); - } - + "$key_name/$key_data\n"; + my $tsig = Net::DNS::RR-> + new("$key_name TSIG $key_data"); + + # These kluges are necessary because Net::DNS + # doesn't know how to sign responses. We + # clear compnames so that the TSIG key and + # algorithm name won't be compressed, and + # add one to arcount because the signing + # function will attempt to decrement it, + # which is incorrect in a response. Finally + # we set request_mac to the previous digest. + $packet->{"compnames"} = {}; + $packet->{"header"}{"arcount"} += 1; + if (defined($prev_tsig)) { + my $rmac = pack('n H*', + $prev_tsig->mac_size, + $prev_tsig->mac); + $tsig->{"request_mac"} = + unpack("H*", $rmac); + } + $packet->sign_tsig($tsig); } - last; - } - } - #$packet->print; + last; + } + } + #$packet->print; - return $packet->data; + return $packet->data; } # namelen: # given a stream of data, reads a DNS-formatted name and returns its # total length, thus making it possible to skip past it. sub namelen { - my ($data) = @_; - my $len = 0; - my $label_len = 0; - do { - $label_len = unpack("c", $data); - $data = substr($data, $label_len + 1); - $len += $label_len + 1; - } while ($label_len != 0); - return ($len); + my ($data) = @_; + my $len = 0; + my $label_len = 0; + do { + $label_len = unpack("c", $data); + $data = substr($data, $label_len + 1); + $len += $label_len + 1; + } while ($label_len != 0); + return ($len); } # packetlen: # given a stream of data, reads a DNS wire-format packet and returns # its total length, making it possible to skip past it. sub packetlen { - my ($data) = @_; - my $q; - my $rr; - - my ($header, $offset) = Net::DNS::Header->parse(\$data); - for (1 .. $header->qdcount) { - ($q, $offset) = Net::DNS::Question->parse(\$data, $offset); - } - for (1 .. $header->ancount) { - ($rr, $offset) = Net::DNS::RR->parse(\$data, $offset); - } - for (1 .. $header->nscount) { - ($rr, $offset) = Net::DNS::RR->parse(\$data, $offset); - } - for (1 .. $header->arcount) { - ($rr, $offset) = Net::DNS::RR->parse(\$data, $offset); - } - return $offset; + my ($data) = @_; + my $q; + my $rr; + my $header; + my $offset; + + # + # decode/encode were introduced in Net::DNS 0.68 + # parse is no longer a method and calling it here makes perl croak. + # + my $decode = 0; + $decode = 1 if ($Net::DNS::VERSION >= 0.68); + + if ($decode) { + ($header, $offset) = Net::DNS::Header->decode(\$data); + } else { + ($header, $offset) = Net::DNS::Header->parse(\$data); + } + + for (1 .. $header->qdcount) { + if ($decode) { + ($q, $offset) = + Net::DNS::Question->decode(\$data, $offset); + } else { + ($q, $offset) = + Net::DNS::Question->parse(\$data, $offset); + } + } + for (1 .. $header->ancount) { + if ($decode) { + ($q, $offset) = Net::DNS::RR->decode(\$data, $offset); + } else { + ($q, $offset) = Net::DNS::RR->parse(\$data, $offset); + } + } + for (1 .. $header->nscount) { + if ($decode) { + ($q, $offset) = Net::DNS::RR->decode(\$data, $offset); + } else { + ($q, $offset) = Net::DNS::RR->parse(\$data, $offset); + } + } + for (1 .. $header->arcount) { + if ($decode) { + ($q, $offset) = Net::DNS::RR->decode(\$data, $offset); + } else { + ($q, $offset) = Net::DNS::RR->parse(\$data, $offset); + } + } + return $offset; } # sign_tcp_continuation: @@ -222,55 +258,59 @@ sub packetlen { # the unwanted data from the digest before calling the default sign_hmac # function. sub sign_tcp_continuation { - my ($key, $data) = @_; + my ($key, $data) = @_; - # copy out first two bytes: size of the previous MAC - my $rmacsize = unpack("n", $data); - $data = substr($data, 2); + # copy out first two bytes: size of the previous MAC + my $rmacsize = unpack("n", $data); + $data = substr($data, 2); - # copy out previous MAC - my $rmac = substr($data, 0, $rmacsize); - $data = substr($data, $rmacsize); + # copy out previous MAC + my $rmac = substr($data, 0, $rmacsize); + $data = substr($data, $rmacsize); - # try parsing out the packet information - my $plen = packetlen($data); - my $pdata = substr($data, 0, $plen); - $data = substr($data, $plen); + # try parsing out the packet information + my $plen = packetlen($data); + my $pdata = substr($data, 0, $plen); + $data = substr($data, $plen); - # remove the keyname, ttl, class, and algorithm name - $data = substr($data, namelen($data)); - $data = substr($data, 6); - $data = substr($data, namelen($data)); + # remove the keyname, ttl, class, and algorithm name + $data = substr($data, namelen($data)); + $data = substr($data, 6); + $data = substr($data, namelen($data)); - # preserve the TSIG data - my $tdata = substr($data, 0, 8); + # preserve the TSIG data + my $tdata = substr($data, 0, 8); - # prepare a new digest and sign with it - $data = pack("n", $rmacsize) . $rmac . $pdata . $tdata; - return Net::DNS::RR::TSIG::sign_hmac($key, $data); + # prepare a new digest and sign with it + $data = pack("n", $rmacsize) . $rmac . $pdata . $tdata; + return Net::DNS::RR::TSIG::sign_hmac($key, $data); } sub handleTCP { my ($buf) = @_; - my ($packet, $err) = new Net::DNS::Packet(\$buf, 0); + my ($request, $err) = new Net::DNS::Packet(\$buf, 0); $err and die $err; - $packet->header->qr(1); - $packet->header->aa(1); - - my @questions = $packet->question; + my @questions = $request->question; my $qname = $questions[0]->qname; my $qtype = $questions[0]->qtype; + my $qclass = $questions[0]->qclass; + my $id = $request->header->id; - # get the existing signature if any, and clear the additional section - my $prev_tsig; - my $signer; - while (my $rr = $packet->pop("additional")) { - if ($rr->type eq "TSIG") { - $prev_tsig = $rr; - } - } + my $packet = new Net::DNS::Packet($qname, $qtype, $qclass); + $packet->header->qr(1); + $packet->header->aa(1); + $packet->header->id($id); + + # get the existing signature if any, and clear the additional section + my $prev_tsig; + my $signer; + while (my $rr = $request->pop("additional")) { + if ($rr->type eq "TSIG") { + $prev_tsig = $rr; + } + } my @results = (); my $count_these = 0; @@ -289,42 +329,43 @@ sub handleTCP { if(defined($key_name) && defined($key_data)) { # sign the packet print " Signing the data with " . - "$key_name/$key_data\n"; - - my $tsig = Net::DNS::RR-> - new("$key_name TSIG $key_data"); - - # These kluges are necessary because Net::DNS - # doesn't know how to sign responses. We - # clear compnames so that the TSIG key and - # algorithm name won't be compressed, and - # add one to arcount because the signing - # function will attempt to decrement it, - # which is incorrect in a response. Finally - # we set request_mac to the previous digest. - $packet->{"compnames"} = {}; - $packet->{"header"}{"arcount"} += 1; - if (defined($prev_tsig)) { - my $rmac = pack('n H*', - $prev_tsig->mac_size, - $prev_tsig->mac); - $tsig->{"request_mac"} = - unpack("H*", $rmac); - } - - $tsig->sign_func($signer) if defined($signer); + "$key_name/$key_data\n"; + + my $tsig = Net::DNS::RR-> + new("$key_name TSIG $key_data"); + + # These kluges are necessary because Net::DNS + # doesn't know how to sign responses. We + # clear compnames so that the TSIG key and + # algorithm name won't be compressed, and + # add one to arcount because the signing + # function will attempt to decrement it, + # which is incorrect in a response. Finally + # we set request_mac to the previous digest. + $packet->{"compnames"} = {}; + $packet->{"header"}{"arcount"} += 1; + if (defined($prev_tsig)) { + my $rmac = pack('n H*', + $prev_tsig->mac_size, + $prev_tsig->mac); + $tsig->{"request_mac"} = + unpack("H*", $rmac); + } + + $tsig->sign_func($signer) if defined($signer); $packet->sign_tsig($tsig); - $signer = \&sign_tcp_continuation; + $signer = \&sign_tcp_continuation; - my $copy = - Net::DNS::Packet->new(\($packet->data)); - $prev_tsig = $copy->pop("additional"); + my $copy = + Net::DNS::Packet->new(\($packet->data)); + $prev_tsig = $copy->pop("additional"); } #$packet->print; push(@results,$packet->data); - $packet = new Net::DNS::Packet(\$buf, 0); + $packet = new Net::DNS::Packet($qname, $qtype, $qclass); $packet->header->qr(1); $packet->header->aa(1); + $packet->header->id($id); } } print " A total of $count_these patterns matched\n"; @@ -358,10 +399,10 @@ for (;;) { } } $conn->close; - #print Dumper(@rules); - #print "+=+=+ $rules[0]->{'pattern'}\n"; - #print "+=+=+ $rules[0]->{'answer'}->[0]->{'rname'}\n"; - #print "+=+=+ $rules[0]->{'answer'}->[0]\n"; + #print Dumper(@rules); + #print "+=+=+ $rules[0]->{'pattern'}\n"; + #print "+=+=+ $rules[0]->{'answer'}->[0]->{'rname'}\n"; + #print "+=+=+ $rules[0]->{'answer'}->[0]\n"; } elsif (vec($rout, fileno($udpsock), 1)) { printf "UDP request\n"; my $buf; diff --git a/bin/tests/system/dlzexternal/tests.sh b/bin/tests/system/dlzexternal/tests.sh index 3272b8b5..062a49e1 100644 --- a/bin/tests/system/dlzexternal/tests.sh +++ b/bin/tests/system/dlzexternal/tests.sh @@ -60,4 +60,14 @@ addr=`eval echo $out | cut -f1 -d'#'` [ "$ret" -eq 0 ] || echo "I:failed" status=`expr $status + $ret` +echo "I:testing DLZ driver is cleaned up on reload" +$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 reload 2>&1 | sed 's/^/I:ns1 /' +for i in 0 1 2 3 4 5 6 7 8 9; do + ret=0 + grep 'dlz_example: shutting down zone example.nil' ns1/named.run > /dev/null 2>&1 || ret=1 + [ "$ret" -eq 0 ] && break +done +[ "$ret" -eq 0 ] || echo "I:failed" +status=`expr $status + $ret` + exit $status diff --git a/bin/tests/system/dnssec/clean.sh b/bin/tests/system/dnssec/clean.sh index 72215d91..e31c9304 100644 --- a/bin/tests/system/dnssec/clean.sh +++ b/bin/tests/system/dnssec/clean.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2004, 2007-2011 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007-2012 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2000-2002 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: clean.sh,v 1.46 2011-12-08 16:07:20 each Exp $ +# $Id: clean.sh,v 1.46.36.2 2012-02-22 23:47:08 tbox Exp $ rm -f */K* */keyset-* */dsset-* */dlvset-* */signedkey-* */*.signed rm -f */trusted.conf */managed.conf */tmp* */*.jnl */*.bk @@ -51,6 +51,7 @@ rm -f signer/signer.out.* rm -f ns2/algroll.db rm -f ns3/kskonly.example.db rm -f ns4/named.conf +rm -f ns4/managed-keys.bind* rm -f ns3/auto-nsec.example.db ns3/auto-nsec3.example.db rm -f ns3/secure.below-cname.example.db rm -f signer/example.db.after signer/example.db.before diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh index cb843d04..64288224 100644 --- a/bin/tests/system/dnssec/tests.sh +++ b/bin/tests/system/dnssec/tests.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2000-2002 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.107 2011-12-22 12:01:43 marka Exp $ +# $Id: tests.sh,v 1.107.20.2 2012-02-22 23:47:08 tbox Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh @@ -1255,6 +1255,13 @@ else echo "I:The DNSSEC update test requires the Net::DNS library." >&2 fi +echo "I:checking managed key maintenance has not started yet ($n)" +ret=0 +[ -f "ns4/managed-keys.bind.jnl" ] && ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + # Reconfigure caching server to use "dnssec-validation auto", and repeat # some of the DNSSEC validation tests to ensure that it works correctly. echo "I:switching to automatic root key configuration" @@ -1262,6 +1269,13 @@ cp ns4/named2.conf ns4/named.conf $RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 reconfig 2>&1 | sed 's/^/I:ns4 /' sleep 5 +echo "I:checking managed key maintenance timer has now started ($n)" +ret=0 +[ -f "ns4/managed-keys.bind.jnl" ] || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + echo "I:checking positive validation NSEC ($n)" ret=0 $DIG $DIGOPTS +noauth a.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1 diff --git a/bin/tests/system/inline/clean.sh b/bin/tests/system/inline/clean.sh index 0b905fa8..bc12648a 100644 --- a/bin/tests/system/inline/clean.sh +++ b/bin/tests/system/inline/clean.sh @@ -12,7 +12,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: clean.sh,v 1.12 2012-01-17 08:26:03 marka Exp $ +# $Id: clean.sh,v 1.12.12.1 2012-02-23 07:02:19 marka Exp $ rm -f */named.memstats rm -f */named.run @@ -24,6 +24,9 @@ rm -f ns1/root.db rm -f ns1/root.db.signed rm -f ns2/bits.db rm -f ns2/bits.db.jnl +rm -f ns1/signer.out +rm -f ns2/retransfer.db +rm -f ns2/retransfer.db.jnl rm -f ns3/K* rm -f ns3/bits.bk rm -f ns3/bits.bk.jnl @@ -49,6 +52,10 @@ rm -f ns3/expired.db rm -f ns3/expired.db.jnl rm -f ns3/expired.db.signed rm -f ns3/expired.db.signed.jnl +rm -f ns3/retransfer.bk +rm -f ns3/retransfer.bk.jnl +rm -f ns3/retransfer.bk.signed +rm -f ns3/retransfer.bk.signed.jnl rm -f ns4/K* rm -f ns4/noixfr.db rm -f ns4/noixfr.db.jnl diff --git a/bin/tests/system/inline/ns1/root.db.in b/bin/tests/system/inline/ns1/root.db.in index 378df511..6d165679 100644 --- a/bin/tests/system/inline/ns1/root.db.in +++ b/bin/tests/system/inline/ns1/root.db.in @@ -12,7 +12,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: root.db.in,v 1.7 2012-01-10 23:46:58 tbox Exp $ +; $Id: root.db.in,v 1.7.14.1 2012-02-23 07:02:19 marka Exp $ $TTL 300 . IN SOA gson.nominum.com. a.root.servers.nil. ( @@ -44,3 +44,6 @@ ns3.updated. A 10.53.0.3 expired. NS ns3.expired. ns3.expired. A 10.53.0.3 + +retransfer. NS ns3.retransfer. +ns3.retransfer. A 10.53.0.3 diff --git a/bin/tests/system/inline/ns1/sign.sh b/bin/tests/system/inline/ns1/sign.sh index 90176c8b..6585ecab 100644 --- a/bin/tests/system/inline/ns1/sign.sh +++ b/bin/tests/system/inline/ns1/sign.sh @@ -1,6 +1,6 @@ #!/bin/sh -e # -# Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2011, 2012 Internet Systems Consortium, Inc. ("ISC") # # Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: sign.sh,v 1.3 2011-12-22 07:32:40 each Exp $ +# $Id: sign.sh,v 1.3.20.2 2012-02-23 07:09:01 tbox Exp $ SYSTEMTESTTOP=../.. . $SYSTEMTESTTOP/conf.sh @@ -26,7 +26,8 @@ rm -f K.+*+*.key rm -f K.+*+*.private keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone` keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone` -$SIGNER -S -x -T 1200 -o ${zone} root.db > /dev/null 2>&1 +$SIGNER -S -x -T 1200 -o ${zone} root.db > signer.out 2>&1 +[ $? = 0 ] || cat signer.out cat ${keyname}.key | grep -v '^; ' | $PERL -n -e ' local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; diff --git a/bin/tests/system/inline/ns2/named.conf b/bin/tests/system/inline/ns2/named.conf index 2623fe68..a296fead 100644 --- a/bin/tests/system/inline/ns2/named.conf +++ b/bin/tests/system/inline/ns2/named.conf @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2011, 2012 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.2 2011-08-30 23:46:52 tbox Exp $ */ +/* $Id: named.conf,v 1.2.138.2 2012-02-23 07:09:02 tbox Exp $ */ // NS2 @@ -38,3 +38,10 @@ zone "bits" { file "bits.db"; allow-update { any; }; }; + +zone "retransfer" { + type master; + file "retransfer.db"; + allow-update { any; }; + notify no; +}; diff --git a/bin/tests/system/inline/ns3/named.conf b/bin/tests/system/inline/ns3/named.conf index 6d3ea27c..251c87ad 100644 --- a/bin/tests/system/inline/ns3/named.conf +++ b/bin/tests/system/inline/ns3/named.conf @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.7 2012-01-10 23:46:58 tbox Exp $ */ +/* $Id: named.conf,v 1.7.14.1 2012-02-23 07:02:19 marka Exp $ */ // NS3 @@ -86,3 +86,11 @@ zone "expired" { allow-update { any; }; file "expired.db"; }; + +zone "retransfer" { + type slave; + masters { 10.53.0.2; }; + inline-signing yes; + auto-dnssec maintain; + file "retransfer.bk"; +}; diff --git a/bin/tests/system/inline/ns3/sign.sh b/bin/tests/system/inline/ns3/sign.sh index 9d75299b..dfd78225 100644 --- a/bin/tests/system/inline/ns3/sign.sh +++ b/bin/tests/system/inline/ns3/sign.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: sign.sh,v 1.7 2012-01-10 23:46:58 tbox Exp $ +# $Id: sign.sh,v 1.7.14.1 2012-02-23 07:02:20 marka Exp $ SYSTEMTESTTOP=../.. . $SYSTEMTESTTOP/conf.sh @@ -66,3 +66,10 @@ keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone` keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone` $DSFROMKEY -T 1200 $keyname >> ../ns1/root.db $SIGNER -PS -s 20100101000000 -e 20110101000000 -O raw -L 2000042407 -o ${zone} ${zone}.db > /dev/null 2>&1 + +zone=retransfer +rm -f K${zone}.+*+*.key +rm -f K${zone}.+*+*.private +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone` +$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db diff --git a/bin/tests/system/inline/setup.sh b/bin/tests/system/inline/setup.sh index f7606888..5960eafa 100644 --- a/bin/tests/system/inline/setup.sh +++ b/bin/tests/system/inline/setup.sh @@ -12,7 +12,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: setup.sh,v 1.10 2012-01-10 23:46:58 tbox Exp $ +# $Id: setup.sh,v 1.10.14.1 2012-02-23 07:02:19 marka Exp $ sh clean.sh @@ -21,6 +21,7 @@ rm -f ns1/root.db.signed touch ns2/trusted.conf cp ns2/bits.db.in ns2/bits.db +cp ns2/bits.db.in ns2/retransfer.db rm -f ns2/bits.db.jnl cp ns3/master.db.in ns3/master.db diff --git a/bin/tests/system/inline/tests.sh b/bin/tests/system/inline/tests.sh index afa3c026..ee8c1661 100644 --- a/bin/tests/system/inline/tests.sh +++ b/bin/tests/system/inline/tests.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.16.12.1 2012-01-31 01:11:54 each Exp $ +# $Id: tests.sh,v 1.16.12.2 2012-02-23 07:02:19 marka Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh @@ -693,4 +693,53 @@ $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 sync -clean dynamic 2>&1 || re if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` +$NSUPDATE << EOF +zone retransfer +server 10.53.0.2 5300 +update add added.retransfer 0 A 1.2.3.4 +send + +EOF + +n=`expr $n + 1` +echo "I:checking that the retransfer record is added on the hidden master ($n)" +ret=0 +$DIG $DIGOPTS @10.53.0.2 -p 5300 added.retransfer A > dig.out.ns2.test$n +grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 +grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that the change has not been transfered due to notify ($n)" +ret=0 +for i in 0 1 2 3 4 5 6 7 8 9 +do + ans=0 + $DIG $DIGOPTS @10.53.0.3 -p 5300 added.retransfer A > dig.out.ns3.test$n + grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ans=1 + [ $ans = 0 ] && break + sleep 1 +done +if [ $ans != 1 ]; then echo "I:failed"; ret=1; fi +status=`expr $status + $ret` +n=`expr $n + 1` + +echo "I:check rndc retransfer of a inline slave zone works ($n)" +ret=0 +$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 retransfer retransfer 2>&1 || ret=1 +for i in 0 1 2 3 4 5 6 7 8 9 +do + ans=0 + $DIG $DIGOPTS @10.53.0.3 -p 5300 added.retransfer A > dig.out.ns3.test$n + grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ans=1 + grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ans=1 + [ $ans = 0 ] && break + sleep 1 +done +[ $ans = 1 ] && ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + exit $status diff --git a/bin/tests/system/ixfr/tests.sh b/bin/tests/system/ixfr/tests.sh index d3bc1fa5..bc7e623e 100644 --- a/bin/tests/system/ixfr/tests.sh +++ b/bin/tests/system/ixfr/tests.sh @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.8.134.2 2012-02-07 23:46:57 tbox Exp $ +# $Id: tests.sh,v 1.8.134.3 2012-02-22 14:29:38 marka Exp $ # WARNING: The test labelled "testing request-ixfr option in view vs zone" @@ -65,7 +65,12 @@ EOF $RNDCCMD reload -sleep 2 +for i in 0 1 2 3 4 5 6 7 8 9 +do + $DIGCMD nil. SOA > dig.out + grep "SOA" dig.out > /dev/null && break + sleep 1 +done $DIGCMD nil. TXT | grep 'initial AXFR' >/dev/null || { echo "I:failed" diff --git a/bin/tests/system/resolver/clean.sh b/bin/tests/system/resolver/clean.sh index b82b5456..a94c2deb 100644 --- a/bin/tests/system/resolver/clean.sh +++ b/bin/tests/system/resolver/clean.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: clean.sh,v 1.8.248.2 2012-02-09 23:46:50 tbox Exp $ +# $Id: clean.sh,v 1.8.248.3 2012-02-22 00:35:53 each Exp $ # # Clean up after resolver tests. @@ -28,6 +28,6 @@ rm -f ns4/tld.db rm -f ns6/K* rm -f ns6/example.net.db.signed ns6/example.net.db rm -f ns6/dsset-example.net. ns6/example.net.db.signed.jnl -rm -r ns6/to-be-removed.tld.db ns6/to-be-removed.tld.db.jnl +rm -f ns6/to-be-removed.tld.db ns6/to-be-removed.tld.db.jnl rm -f ns7/server.db ns7/server.db.jnl rm -f random.data diff --git a/bin/tests/system/xfer/clean.sh b/bin/tests/system/xfer/clean.sh index 3cbfb919..ef4bf98b 100644 --- a/bin/tests/system/xfer/clean.sh +++ b/bin/tests/system/xfer/clean.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2004, 2007, 2011 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007, 2011, 2012 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2000, 2001 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -15,13 +15,13 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: clean.sh,v 1.17 2011-12-01 00:53:58 marka Exp $ +# $Id: clean.sh,v 1.17.44.2 2012-02-22 23:47:08 tbox Exp $ # # Clean up after zone transfer tests. # -rm -f dig.out.ns1 dig.out.ns2 dig.out.ns3 +rm -f dig.out.ns1 dig.out.ns2 dig.out.ns3 dig.out.ns4 rm -f dig.out.ns5 dig.out.ns6 dig.out.ns7 rm -f axfr.out rm -f ns1/slave.db diff --git a/bin/tests/system/xfer/tests.sh b/bin/tests/system/xfer/tests.sh index f9b8f1f7..7021218b 100644 --- a/bin/tests/system/xfer/tests.sh +++ b/bin/tests/system/xfer/tests.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2004, 2005, 2007, 2011 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2005, 2007, 2011, 2012 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2000, 2001 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.35 2011-12-01 00:53:58 marka Exp $ +# $Id: tests.sh,v 1.35.44.2 2012-02-22 23:47:08 tbox Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh @@ -234,7 +234,13 @@ EOF $RNDCCMD reload | sed 's/^/I:ns4 /' -sleep 2 + +for i in 0 1 2 3 4 5 6 7 8 9 +do + $DIGCMD nil. SOA > dig.out.ns4 + grep SOA dig.out.ns4 > /dev/null && break + sleep 1 +done $DIGCMD nil. TXT | grep 'initial AXFR' >/dev/null || { echo "I:failed" diff --git a/lib/dns/api b/lib/dns/api index b0d8bdd7..2c1bf668 100644 --- a/lib/dns/api +++ b/lib/dns/api @@ -3,6 +3,6 @@ # 9.7: 60-79 # 9.8: 80-89 # 9.9: 90-109 -LIBINTERFACE = 93 -LIBREVISION = 1 -LIBAGE = 0 +LIBINTERFACE = 94 +LIBREVISION = 0 +LIBAGE = 1 diff --git a/lib/dns/include/dns/zone.h b/lib/dns/include/dns/zone.h index d5cb5b98..2bc1e77d 100644 --- a/lib/dns/include/dns/zone.h +++ b/lib/dns/include/dns/zone.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zone.h,v 1.201 2012-01-25 23:46:49 tbox Exp $ */ +/* $Id: zone.h,v 1.201.2.1 2012-02-22 00:35:53 each Exp $ */ #ifndef DNS_ZONE_H #define DNS_ZONE_H 1 @@ -2037,6 +2037,14 @@ dns_zone_setrawdata(dns_zone_t *zone, dns_masterrawheader_t *header); * Set the data to be included in the header when the zone is dumped in * binary format. */ + +isc_result_t +dns_zone_synckeyzone(dns_zone_t *zone); +/*% + * Force the managed key zone to synchronize, and start the key + * maintenance timer. + */ + ISC_LANG_ENDDECLS #endif /* DNS_ZONE_H */ diff --git a/lib/dns/validator.c b/lib/dns/validator.c index c049b013..99f51547 100644 --- a/lib/dns/validator.c +++ b/lib/dns/validator.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: validator.c,v 1.208.72.1 2012-02-15 21:01:50 marka Exp $ */ +/* $Id: validator.c,v 1.208.72.2 2012-02-15 23:46:20 tbox Exp $ */ #include <config.h> diff --git a/lib/dns/win32/libdns.def b/lib/dns/win32/libdns.def index bf16469f..e91ce4d4 100644 --- a/lib/dns/win32/libdns.def +++ b/lib/dns/win32/libdns.def @@ -925,6 +925,7 @@ dns_zone_setxfrsource4 dns_zone_setxfrsource6 dns_zone_setzeronosoattl dns_zone_signwithkey +dns_zone_synckeyzone dns_zone_unload dns_zonekey_iszonekey dns_zonemgr_attach diff --git a/lib/dns/zone.c b/lib/dns/zone.c index 9c75a8c2..bd628c0c 100644 --- a/lib/dns/zone.c +++ b/lib/dns/zone.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zone.c,v 1.667.2.2 2012-02-07 00:52:05 marka Exp $ */ +/* $Id: zone.c,v 1.667.2.5 2012-02-23 07:09:02 tbox Exp $ */ /*! \file */ @@ -3559,6 +3559,26 @@ sync_keyzone(dns_zone_t *zone, dns_db_t *db) { return (result); } +isc_result_t +dns_zone_synckeyzone(dns_zone_t *zone) { + isc_result_t result; + dns_db_t *db = NULL; + + if (zone->type != dns_zone_key) + return (DNS_R_BADZONE); + + CHECK(dns_zone_getdb(zone, &db)); + + LOCK_ZONE(zone); + result = sync_keyzone(zone, db); + UNLOCK_ZONE(zone); + + failure: + if (db != NULL) + dns_db_detach(&db); + return (result); +} + static void maybe_send_secure(dns_zone_t *zone) { isc_result_t result; @@ -8389,7 +8409,7 @@ zone_refreshkeys(dns_zone_t *zone) { if (!ISC_LIST_EMPTY(diff.tuples)) { CHECK(update_soa_serial(db, ver, &diff, zone->mctx, zone->updatemethod)); - CHECK(zone_journal(zone, &diff, NULL, "sync_keyzone")); + CHECK(zone_journal(zone, &diff, NULL, "zone_refreshkeys")); commit = ISC_TRUE; DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_LOADED); zone_needdump(zone, 30); @@ -12348,6 +12368,14 @@ receive_secure_serial(isc_task_t *task, isc_event_t *event) { UNUSED(task); /* + * zone->db may be NULL if the load from disk failed. + */ + if (zone->db == NULL) { + result = ISC_R_FAILURE; + goto failure; + } + + /* * We first attempt to sync the raw zone to the secure zone * by using the raw zone's journal, applying all the deltas * from the latest source-serial of the secure zone up to @@ -12497,6 +12525,56 @@ zone_send_secureserial(dns_zone_t *zone, isc_boolean_t locked, return (ISC_R_SUCCESS); } +static isc_result_t +checkandaddsoa(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, + dns_rdataset_t *rdataset, isc_uint32_t oldserial) +{ + dns_rdata_soa_t soa; + dns_rdata_t rdata = DNS_RDATA_INIT; + dns_rdatalist_t temprdatalist; + dns_rdataset_t temprdataset; + isc_buffer_t b; + isc_result_t result; + unsigned char buf[DNS_SOA_BUFFERSIZE]; + + result = dns_rdataset_first(rdataset); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + dns_rdataset_current(rdataset, &rdata); + dns_rdata_tostruct(&rdata, &soa, NULL); + + if (isc_serial_gt(soa.serial, oldserial)) + return (dns_db_addrdataset(db, node, version, 0, rdataset, 0, + NULL)); + /* + * Always bump the serial. + */ + oldserial++; + if (oldserial == 0) + oldserial++; + soa.serial = oldserial; + + /* + * Construct a replacement rdataset. + */ + dns_rdata_reset(&rdata); + isc_buffer_init(&b, buf, sizeof(buf)); + result = dns_rdata_fromstruct(&rdata, rdataset->rdclass, + dns_rdatatype_soa, &soa, &b); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + temprdatalist.rdclass = rdata.rdclass; + temprdatalist.type = rdata.type; + temprdatalist.covers = 0; + temprdatalist.ttl = rdataset->ttl; + ISC_LIST_INIT(temprdatalist.rdata); + ISC_LIST_APPEND(temprdatalist.rdata, &rdata, link); + + dns_rdataset_init(&temprdataset); + result = dns_rdatalist_tordataset(&temprdatalist, &temprdataset); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + return (dns_db_addrdataset(db, node, version, 0, &temprdataset, + 0, NULL)); +} + static void receive_secure_db(isc_task_t *task, isc_event_t *event) { isc_result_t result; @@ -12510,6 +12588,8 @@ receive_secure_db(isc_task_t *task, isc_event_t *event) { dns_rdataset_t rdataset; dns_dbversion_t *version = NULL; isc_time_t loadtime; + unsigned int oldserial = 0; + isc_boolean_t have_oldserial = ISC_FALSE; UNUSED(task); @@ -12524,6 +12604,11 @@ receive_secure_db(isc_task_t *task, isc_event_t *event) { dns_rdataset_init(&rdataset); TIME_NOW(&loadtime); + if (zone->db != NULL) { + result = dns_db_getsoaserial(zone->db, NULL, &oldserial); + if (result == ISC_R_SUCCESS) + have_oldserial = ISC_TRUE; + } result = dns_db_create(zone->mctx, zone->db_argv[0], &zone->origin, dns_dbtype_zone, zone->rdclass, @@ -12566,9 +12651,14 @@ receive_secure_db(isc_task_t *task, isc_event_t *event) { dns_rdataset_disassociate(&rdataset); continue; } - - result = dns_db_addrdataset(db, node, version, 0, - &rdataset, 0, NULL); + if (rdataset.type == dns_rdatatype_soa && + have_oldserial) { + result = checkandaddsoa(db, node, version, + &rdataset, oldserial); + } else + result = dns_db_addrdataset(db, node, version, + 0, &rdataset, 0, + NULL); if (result != ISC_R_SUCCESS) goto failure; @@ -12817,9 +12907,7 @@ zone_replacedb(dns_zone_t *zone, dns_db_t *db, isc_boolean_t dump) { dns_db_closeversion(db, &ver, ISC_FALSE); - isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, - DNS_LOGMODULE_ZONE, ISC_LOG_DEBUG(3), - "replacing zone database"); + dns_zone_log(zone, ISC_LOG_DEBUG(3), "replacing zone database"); if (zone->db != NULL) zone_detachdb(zone); @@ -1,4 +1,4 @@ -# $Id: version,v 1.60.2.2 2012-02-15 10:53:19 marka Exp $ +# $Id: version,v 1.60.2.3 2012-02-23 07:06:10 marka Exp $ # # This file must follow /bin/sh rules. It is imported directly via # configure. @@ -7,4 +7,4 @@ MAJORVER=9 MINORVER=9 PATCHVER=0 RELEASETYPE=rc -RELEASEVER=3 +RELEASEVER=4 |