diff options
| author | Internet Software Consortium, Inc <@isc.org> | 2012-02-24 05:53:42 -0700 |
|---|---|---|
| committer | Internet Software Consortium, Inc <@isc.org> | 2012-02-24 05:53:42 -0700 |
| commit | d5366e3ab6dcf3feadccdd42219502f6da607288 (patch) | |
| tree | d2c2cbb8df2d0ef1061c1c78575041a7ded9f3a2 /lib/dns | |
| parent | 42ae2295b467bd2b6132ece85d7f555a54682288 (diff) | |
| download | bind9-d5366e3ab6dcf3feadccdd42219502f6da607288.tar.gz | |
9.9.0rc4
Diffstat (limited to 'lib/dns')
| -rw-r--r-- | lib/dns/api | 6 | ||||
| -rw-r--r-- | lib/dns/include/dns/zone.h | 10 | ||||
| -rw-r--r-- | lib/dns/validator.c | 4 | ||||
| -rw-r--r-- | lib/dns/win32/libdns.def | 1 | ||||
| -rw-r--r-- | lib/dns/zone.c | 104 |
5 files changed, 111 insertions, 14 deletions
diff --git a/lib/dns/api b/lib/dns/api index b0d8bdd7..2c1bf668 100644 --- a/lib/dns/api +++ b/lib/dns/api @@ -3,6 +3,6 @@ # 9.7: 60-79 # 9.8: 80-89 # 9.9: 90-109 -LIBINTERFACE = 93 -LIBREVISION = 1 -LIBAGE = 0 +LIBINTERFACE = 94 +LIBREVISION = 0 +LIBAGE = 1 diff --git a/lib/dns/include/dns/zone.h b/lib/dns/include/dns/zone.h index d5cb5b98..2bc1e77d 100644 --- a/lib/dns/include/dns/zone.h +++ b/lib/dns/include/dns/zone.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zone.h,v 1.201 2012-01-25 23:46:49 tbox Exp $ */ +/* $Id: zone.h,v 1.201.2.1 2012-02-22 00:35:53 each Exp $ */ #ifndef DNS_ZONE_H #define DNS_ZONE_H 1 @@ -2037,6 +2037,14 @@ dns_zone_setrawdata(dns_zone_t *zone, dns_masterrawheader_t *header); * Set the data to be included in the header when the zone is dumped in * binary format. */ + +isc_result_t +dns_zone_synckeyzone(dns_zone_t *zone); +/*% + * Force the managed key zone to synchronize, and start the key + * maintenance timer. + */ + ISC_LANG_ENDDECLS #endif /* DNS_ZONE_H */ diff --git a/lib/dns/validator.c b/lib/dns/validator.c index c049b013..99f51547 100644 --- a/lib/dns/validator.c +++ b/lib/dns/validator.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: validator.c,v 1.208.72.1 2012-02-15 21:01:50 marka Exp $ */ +/* $Id: validator.c,v 1.208.72.2 2012-02-15 23:46:20 tbox Exp $ */ #include <config.h> diff --git a/lib/dns/win32/libdns.def b/lib/dns/win32/libdns.def index bf16469f..e91ce4d4 100644 --- a/lib/dns/win32/libdns.def +++ b/lib/dns/win32/libdns.def @@ -925,6 +925,7 @@ dns_zone_setxfrsource4 dns_zone_setxfrsource6 dns_zone_setzeronosoattl dns_zone_signwithkey +dns_zone_synckeyzone dns_zone_unload dns_zonekey_iszonekey dns_zonemgr_attach diff --git a/lib/dns/zone.c b/lib/dns/zone.c index 9c75a8c2..bd628c0c 100644 --- a/lib/dns/zone.c +++ b/lib/dns/zone.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zone.c,v 1.667.2.2 2012-02-07 00:52:05 marka Exp $ */ +/* $Id: zone.c,v 1.667.2.5 2012-02-23 07:09:02 tbox Exp $ */ /*! \file */ @@ -3559,6 +3559,26 @@ sync_keyzone(dns_zone_t *zone, dns_db_t *db) { return (result); } +isc_result_t +dns_zone_synckeyzone(dns_zone_t *zone) { + isc_result_t result; + dns_db_t *db = NULL; + + if (zone->type != dns_zone_key) + return (DNS_R_BADZONE); + + CHECK(dns_zone_getdb(zone, &db)); + + LOCK_ZONE(zone); + result = sync_keyzone(zone, db); + UNLOCK_ZONE(zone); + + failure: + if (db != NULL) + dns_db_detach(&db); + return (result); +} + static void maybe_send_secure(dns_zone_t *zone) { isc_result_t result; @@ -8389,7 +8409,7 @@ zone_refreshkeys(dns_zone_t *zone) { if (!ISC_LIST_EMPTY(diff.tuples)) { CHECK(update_soa_serial(db, ver, &diff, zone->mctx, zone->updatemethod)); - CHECK(zone_journal(zone, &diff, NULL, "sync_keyzone")); + CHECK(zone_journal(zone, &diff, NULL, "zone_refreshkeys")); commit = ISC_TRUE; DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_LOADED); zone_needdump(zone, 30); @@ -12348,6 +12368,14 @@ receive_secure_serial(isc_task_t *task, isc_event_t *event) { UNUSED(task); /* + * zone->db may be NULL if the load from disk failed. + */ + if (zone->db == NULL) { + result = ISC_R_FAILURE; + goto failure; + } + + /* * We first attempt to sync the raw zone to the secure zone * by using the raw zone's journal, applying all the deltas * from the latest source-serial of the secure zone up to @@ -12497,6 +12525,56 @@ zone_send_secureserial(dns_zone_t *zone, isc_boolean_t locked, return (ISC_R_SUCCESS); } +static isc_result_t +checkandaddsoa(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, + dns_rdataset_t *rdataset, isc_uint32_t oldserial) +{ + dns_rdata_soa_t soa; + dns_rdata_t rdata = DNS_RDATA_INIT; + dns_rdatalist_t temprdatalist; + dns_rdataset_t temprdataset; + isc_buffer_t b; + isc_result_t result; + unsigned char buf[DNS_SOA_BUFFERSIZE]; + + result = dns_rdataset_first(rdataset); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + dns_rdataset_current(rdataset, &rdata); + dns_rdata_tostruct(&rdata, &soa, NULL); + + if (isc_serial_gt(soa.serial, oldserial)) + return (dns_db_addrdataset(db, node, version, 0, rdataset, 0, + NULL)); + /* + * Always bump the serial. + */ + oldserial++; + if (oldserial == 0) + oldserial++; + soa.serial = oldserial; + + /* + * Construct a replacement rdataset. + */ + dns_rdata_reset(&rdata); + isc_buffer_init(&b, buf, sizeof(buf)); + result = dns_rdata_fromstruct(&rdata, rdataset->rdclass, + dns_rdatatype_soa, &soa, &b); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + temprdatalist.rdclass = rdata.rdclass; + temprdatalist.type = rdata.type; + temprdatalist.covers = 0; + temprdatalist.ttl = rdataset->ttl; + ISC_LIST_INIT(temprdatalist.rdata); + ISC_LIST_APPEND(temprdatalist.rdata, &rdata, link); + + dns_rdataset_init(&temprdataset); + result = dns_rdatalist_tordataset(&temprdatalist, &temprdataset); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + return (dns_db_addrdataset(db, node, version, 0, &temprdataset, + 0, NULL)); +} + static void receive_secure_db(isc_task_t *task, isc_event_t *event) { isc_result_t result; @@ -12510,6 +12588,8 @@ receive_secure_db(isc_task_t *task, isc_event_t *event) { dns_rdataset_t rdataset; dns_dbversion_t *version = NULL; isc_time_t loadtime; + unsigned int oldserial = 0; + isc_boolean_t have_oldserial = ISC_FALSE; UNUSED(task); @@ -12524,6 +12604,11 @@ receive_secure_db(isc_task_t *task, isc_event_t *event) { dns_rdataset_init(&rdataset); TIME_NOW(&loadtime); + if (zone->db != NULL) { + result = dns_db_getsoaserial(zone->db, NULL, &oldserial); + if (result == ISC_R_SUCCESS) + have_oldserial = ISC_TRUE; + } result = dns_db_create(zone->mctx, zone->db_argv[0], &zone->origin, dns_dbtype_zone, zone->rdclass, @@ -12566,9 +12651,14 @@ receive_secure_db(isc_task_t *task, isc_event_t *event) { dns_rdataset_disassociate(&rdataset); continue; } - - result = dns_db_addrdataset(db, node, version, 0, - &rdataset, 0, NULL); + if (rdataset.type == dns_rdatatype_soa && + have_oldserial) { + result = checkandaddsoa(db, node, version, + &rdataset, oldserial); + } else + result = dns_db_addrdataset(db, node, version, + 0, &rdataset, 0, + NULL); if (result != ISC_R_SUCCESS) goto failure; @@ -12817,9 +12907,7 @@ zone_replacedb(dns_zone_t *zone, dns_db_t *db, isc_boolean_t dump) { dns_db_closeversion(db, &ver, ISC_FALSE); - isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, - DNS_LOGMODULE_ZONE, ISC_LOG_DEBUG(3), - "replacing zone database"); + dns_zone_log(zone, ISC_LOG_DEBUG(3), "replacing zone database"); if (zone->db != NULL) zone_detachdb(zone); |