2 * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
3 * Copyright (C) 1999-2003 Internet Software Consortium.
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15 * PERFORMANCE OF THIS SOFTWARE.
18 /* $Id: server.c,v 1.339.2.29 2004/05/14 01:04:46 marka Exp $ */
25 #include <isc/base64.h>
27 #include <isc/entropy.h>
31 #include <isc/print.h>
32 #include <isc/resource.h>
33 #include <isc/stdio.h>
34 #include <isc/string.h>
36 #include <isc/timer.h>
39 #include <isccfg/cfg.h>
40 #include <isccfg/check.h>
42 #include <dns/cache.h>
44 #include <dns/dispatch.h>
45 #include <dns/forward.h>
46 #include <dns/journal.h>
47 #include <dns/keytable.h>
48 #include <dns/master.h>
50 #include <dns/rdataclass.h>
51 #include <dns/rdatastruct.h>
52 #include <dns/resolver.h>
53 #include <dns/rootns.h>
54 #include <dns/stats.h>
61 #include <dst/result.h>
63 #include <named/client.h>
64 #include <named/config.h>
65 #include <named/control.h>
66 #include <named/interfacemgr.h>
67 #include <named/log.h>
68 #include <named/logconf.h>
69 #include <named/lwresd.h>
71 #include <named/server.h>
72 #include <named/tkeyconf.h>
73 #include <named/tsigconf.h>
74 #include <named/zoneconf.h>
77 * Check an operation for failure. Assumes that the function
78 * using it has a 'result' variable and a 'cleanup' label.
82 if (result != ISC_R_SUCCESS) goto cleanup; \
85 #define CHECKM(op, msg) \
87 if (result != ISC_R_SUCCESS) { \
88 isc_log_write(ns_g_lctx, \
89 NS_LOGCATEGORY_GENERAL, \
90 NS_LOGMODULE_SERVER, \
93 isc_result_totext(result)); \
98 #define CHECKFATAL(op, msg) \
100 if (result != ISC_R_SUCCESS) \
101 fatal(msg, result); \
106 unsigned int dispatchgen
;
107 dns_dispatch_t
*dispatch
;
108 ISC_LINK(struct ns_dispatch
) link
;
112 fatal(const char *msg
, isc_result_t result
);
115 ns_server_reload(isc_task_t
*task
, isc_event_t
*event
);
118 ns_listenelt_fromconfig(cfg_obj_t
*listener
, cfg_obj_t
*config
,
119 ns_aclconfctx_t
*actx
,
120 isc_mem_t
*mctx
, ns_listenelt_t
**target
);
122 ns_listenlist_fromconfig(cfg_obj_t
*listenlist
, cfg_obj_t
*config
,
123 ns_aclconfctx_t
*actx
,
124 isc_mem_t
*mctx
, ns_listenlist_t
**target
);
127 configure_forward(cfg_obj_t
*config
, dns_view_t
*view
, dns_name_t
*origin
,
128 cfg_obj_t
*forwarders
, cfg_obj_t
*forwardtype
);
131 configure_zone(cfg_obj_t
*config
, cfg_obj_t
*zconfig
, cfg_obj_t
*vconfig
,
132 isc_mem_t
*mctx
, dns_view_t
*view
,
133 ns_aclconfctx_t
*aclconf
);
136 end_reserved_dispatches(ns_server_t
*server
, isc_boolean_t all
);
139 * Configure a single view ACL at '*aclp'. Get its configuration by
140 * calling 'getvcacl' (for per-view configuration) and maybe 'getscacl'
141 * (for a global default).
144 configure_view_acl(cfg_obj_t
*vconfig
, cfg_obj_t
*config
,
145 const char *aclname
, ns_aclconfctx_t
*actx
,
146 isc_mem_t
*mctx
, dns_acl_t
**aclp
)
150 cfg_obj_t
*aclobj
= NULL
;
154 dns_acl_detach(aclp
);
156 maps
[i
++] = cfg_tuple_get(vconfig
, "options");
157 if (config
!= NULL
) {
158 cfg_obj_t
*options
= NULL
;
159 cfg_map_get(config
, "options", &options
);
165 result
= ns_config_get(maps
, aclname
, &aclobj
);
168 * No value available. *aclp == NULL.
170 return (ISC_R_SUCCESS
);
172 result
= ns_acl_fromconfig(aclobj
, config
, actx
, mctx
, aclp
);
179 configure_view_dnsseckey(cfg_obj_t
*vconfig
, cfg_obj_t
*key
,
180 dns_keytable_t
*keytable
, isc_mem_t
*mctx
)
182 dns_rdataclass_t viewclass
;
183 dns_rdata_key_t keystruct
;
184 isc_uint32_t flags
, proto
, alg
;
185 char *keystr
, *keynamestr
;
186 unsigned char keydata
[4096];
187 isc_buffer_t keydatabuf
;
188 unsigned char rrdata
[4096];
189 isc_buffer_t rrdatabuf
;
191 dns_fixedname_t fkeyname
;
193 isc_buffer_t namebuf
;
195 dst_key_t
*dstkey
= NULL
;
197 flags
= cfg_obj_asuint32(cfg_tuple_get(key
, "flags"));
198 proto
= cfg_obj_asuint32(cfg_tuple_get(key
, "protocol"));
199 alg
= cfg_obj_asuint32(cfg_tuple_get(key
, "algorithm"));
200 keyname
= dns_fixedname_name(&fkeyname
);
201 keynamestr
= cfg_obj_asstring(cfg_tuple_get(key
, "name"));
204 viewclass
= dns_rdataclass_in
;
206 cfg_obj_t
*classobj
= cfg_tuple_get(vconfig
, "class");
207 CHECK(ns_config_getclass(classobj
, dns_rdataclass_in
,
210 keystruct
.common
.rdclass
= viewclass
;
211 keystruct
.common
.rdtype
= dns_rdatatype_key
;
213 * The key data in keystruct is not dynamically allocated.
215 keystruct
.mctx
= NULL
;
217 ISC_LINK_INIT(&keystruct
.common
, link
);
220 CHECKM(ISC_R_RANGE
, "key flags");
222 CHECKM(ISC_R_RANGE
, "key protocol");
224 CHECKM(ISC_R_RANGE
, "key algorithm");
225 keystruct
.flags
= (isc_uint16_t
)flags
;
226 keystruct
.protocol
= (isc_uint8_t
)proto
;
227 keystruct
.algorithm
= (isc_uint8_t
)alg
;
229 isc_buffer_init(&keydatabuf
, keydata
, sizeof(keydata
));
230 isc_buffer_init(&rrdatabuf
, rrdata
, sizeof(rrdata
));
232 keystr
= cfg_obj_asstring(cfg_tuple_get(key
, "key"));
233 CHECK(isc_base64_decodestring(keystr
, &keydatabuf
));
234 isc_buffer_usedregion(&keydatabuf
, &r
);
235 keystruct
.datalen
= r
.length
;
236 keystruct
.data
= r
.base
;
238 CHECK(dns_rdata_fromstruct(NULL
,
239 keystruct
.common
.rdclass
,
240 keystruct
.common
.rdtype
,
241 &keystruct
, &rrdatabuf
));
242 dns_fixedname_init(&fkeyname
);
243 isc_buffer_init(&namebuf
, keynamestr
, strlen(keynamestr
));
244 isc_buffer_add(&namebuf
, strlen(keynamestr
));
245 CHECK(dns_name_fromtext(keyname
, &namebuf
,
246 dns_rootname
, ISC_FALSE
,
248 CHECK(dst_key_fromdns(keyname
, viewclass
, &rrdatabuf
,
251 CHECK(dns_keytable_add(keytable
, &dstkey
));
252 INSIST(dstkey
== NULL
);
253 return (ISC_R_SUCCESS
);
256 if (result
== DST_R_NOCRYPTO
) {
257 cfg_obj_log(key
, ns_g_lctx
, ISC_LOG_ERROR
,
258 "ignoring trusted key for '%s': no crypto support",
260 result
= ISC_R_SUCCESS
;
262 cfg_obj_log(key
, ns_g_lctx
, ISC_LOG_ERROR
,
263 "configuring trusted key for '%s': %s",
264 keynamestr
, isc_result_totext(result
));
265 result
= ISC_R_FAILURE
;
269 dst_key_free(&dstkey
);
276 * Configure DNSSEC keys for a view. Currently used only for
277 * the security roots.
279 * The per-view configuration values and the server-global defaults are read
280 * from 'vconfig' and 'config'. The variable to be configured is '*target'.
283 configure_view_dnsseckeys(cfg_obj_t
*vconfig
, cfg_obj_t
*config
,
284 isc_mem_t
*mctx
, dns_keytable_t
**target
)
288 cfg_obj_t
*keys
= NULL
;
289 cfg_obj_t
*voptions
= NULL
;
290 cfg_listelt_t
*element
, *element2
;
294 dns_keytable_t
*keytable
= NULL
;
296 CHECK(dns_keytable_create(mctx
, &keytable
));
303 voptions
= cfg_tuple_get(vconfig
, "options");
306 if (voptions
!= NULL
)
307 (void)cfg_map_get(voptions
, "trusted-keys", &keys
);
309 (void)cfg_map_get(config
, "trusted-keys", &keys
);
311 for (element
= cfg_list_first(keys
);
313 element
= cfg_list_next(element
))
315 keylist
= cfg_listelt_value(element
);
316 for (element2
= cfg_list_first(keylist
);
318 element2
= cfg_list_next(element2
))
320 key
= cfg_listelt_value(element2
);
321 CHECK(configure_view_dnsseckey(vconfig
, key
,
326 dns_keytable_detach(target
);
327 *target
= keytable
; /* Transfer ownership. */
329 result
= ISC_R_SUCCESS
;
337 * Get a dispatch appropriate for the resolver of a given view.
340 get_view_querysource_dispatch(cfg_obj_t
**maps
,
341 int af
, dns_dispatch_t
**dispatchp
)
344 dns_dispatch_t
*disp
;
346 unsigned int attrs
, attrmask
;
347 cfg_obj_t
*obj
= NULL
;
350 * Make compiler happy.
352 result
= ISC_R_FAILURE
;
356 result
= ns_config_get(maps
, "query-source", &obj
);
357 INSIST(result
== ISC_R_SUCCESS
);
361 result
= ns_config_get(maps
, "query-source-v6", &obj
);
362 INSIST(result
== ISC_R_SUCCESS
);
368 sa
= *(cfg_obj_assockaddr(obj
));
369 INSIST(isc_sockaddr_pf(&sa
) == af
);
372 * If we don't support this address family, we're done!
376 result
= isc_net_probeipv4();
379 result
= isc_net_probeipv6();
384 if (result
!= ISC_R_SUCCESS
)
385 return (ISC_R_SUCCESS
);
388 * Try to find a dispatcher that we can share.
391 attrs
|= DNS_DISPATCHATTR_UDP
;
394 attrs
|= DNS_DISPATCHATTR_IPV4
;
397 attrs
|= DNS_DISPATCHATTR_IPV6
;
401 attrmask
|= DNS_DISPATCHATTR_UDP
;
402 attrmask
|= DNS_DISPATCHATTR_TCP
;
403 attrmask
|= DNS_DISPATCHATTR_IPV4
;
404 attrmask
|= DNS_DISPATCHATTR_IPV6
;
407 result
= dns_dispatch_getudp(ns_g_dispatchmgr
, ns_g_socketmgr
,
408 ns_g_taskmgr
, &sa
, 4096,
409 1000, 32768, 16411, 16433,
410 attrs
, attrmask
, &disp
);
411 if (result
!= ISC_R_SUCCESS
) {
413 char buf
[ISC_SOCKADDR_FORMATSIZE
];
417 isc_sockaddr_any(&any
);
420 isc_sockaddr_any6(&any
);
423 if (isc_sockaddr_equal(&sa
, &any
))
424 return (ISC_R_SUCCESS
);
425 isc_sockaddr_format(&sa
, buf
, sizeof(buf
));
426 isc_log_write(ns_g_lctx
, NS_LOGCATEGORY_GENERAL
,
427 NS_LOGMODULE_SERVER
, ISC_LOG_ERROR
,
428 "could not get query source dispatcher (%s)",
435 return (ISC_R_SUCCESS
);
439 configure_peer(cfg_obj_t
*cpeer
, isc_mem_t
*mctx
, dns_peer_t
**peerp
) {
447 sa
= cfg_obj_assockaddr(cfg_map_getname(cpeer
));
448 isc_netaddr_fromsockaddr(&na
, sa
);
451 result
= dns_peer_new(mctx
, &na
, &peer
);
452 if (result
!= ISC_R_SUCCESS
)
456 (void)cfg_map_get(cpeer
, "bogus", &obj
);
458 dns_peer_setbogus(peer
, cfg_obj_asboolean(obj
));
461 (void)cfg_map_get(cpeer
, "provide-ixfr", &obj
);
463 dns_peer_setprovideixfr(peer
, cfg_obj_asboolean(obj
));
466 (void)cfg_map_get(cpeer
, "request-ixfr", &obj
);
468 dns_peer_setrequestixfr(peer
, cfg_obj_asboolean(obj
));
471 (void)cfg_map_get(cpeer
, "edns", &obj
);
473 dns_peer_setsupportedns(peer
, cfg_obj_asboolean(obj
));
476 (void)cfg_map_get(cpeer
, "transfers", &obj
);
478 dns_peer_settransfers(peer
, cfg_obj_asuint32(obj
));
481 (void)cfg_map_get(cpeer
, "transfer-format", &obj
);
483 str
= cfg_obj_asstring(obj
);
484 if (strcasecmp(str
, "many-answers") == 0)
485 dns_peer_settransferformat(peer
, dns_many_answers
);
486 else if (strcasecmp(str
, "one-answer") == 0)
487 dns_peer_settransferformat(peer
, dns_one_answer
);
493 (void)cfg_map_get(cpeer
, "keys", &obj
);
495 result
= dns_peer_setkeybycharp(peer
, cfg_obj_asstring(obj
));
496 if (result
!= ISC_R_SUCCESS
)
500 return (ISC_R_SUCCESS
);
503 dns_peer_detach(&peer
);
508 * Configure 'view' according to 'vconfig', taking defaults from 'config'
509 * where values are missing in 'vconfig'.
511 * When configuring the default view, 'vconfig' will be NULL and the
512 * global defaults in 'config' used exclusively.
515 configure_view(dns_view_t
*view
, cfg_obj_t
*config
, cfg_obj_t
*vconfig
,
516 isc_mem_t
*mctx
, ns_aclconfctx_t
*actx
)
519 cfg_obj_t
*cfgmaps
[3];
520 cfg_obj_t
*options
= NULL
;
521 cfg_obj_t
*voptions
= NULL
;
522 cfg_obj_t
*forwardtype
;
523 cfg_obj_t
*forwarders
;
526 cfg_listelt_t
*element
;
528 dns_cache_t
*cache
= NULL
;
530 isc_uint32_t max_cache_size
;
531 isc_uint32_t lame_ttl
;
532 dns_tsig_keyring_t
*ring
;
533 dns_view_t
*pview
= NULL
; /* Production view */
535 dns_dispatch_t
*dispatch4
= NULL
;
536 dns_dispatch_t
*dispatch6
= NULL
;
537 isc_boolean_t reused_cache
= ISC_FALSE
;
541 REQUIRE(DNS_VIEW_VALID(view
));
546 cfg_map_get(config
, "options", &options
);
549 if (vconfig
!= NULL
) {
550 voptions
= cfg_tuple_get(vconfig
, "options");
551 maps
[i
++] = voptions
;
555 maps
[i
++] = ns_g_defaults
;
559 if (voptions
!= NULL
)
560 cfgmaps
[i
++] = voptions
;
562 cfgmaps
[i
++] = config
;
567 * Set the view's port number for outgoing queries.
569 CHECKM(ns_config_getport(config
, &port
), "port");
570 dns_view_setdstport(view
, port
);
573 * Configure the zones.
576 if (voptions
!= NULL
)
577 (void)cfg_map_get(voptions
, "zone", &zonelist
);
579 (void)cfg_map_get(config
, "zone", &zonelist
);
580 for (element
= cfg_list_first(zonelist
);
582 element
= cfg_list_next(element
))
584 cfg_obj_t
*zconfig
= cfg_listelt_value(element
);
585 CHECK(configure_zone(config
, zconfig
, vconfig
, mctx
, view
,
590 * Configure the view's cache. Try to reuse an existing
591 * cache if possible, otherwise create a new cache.
592 * Note that the ADB is not preserved in either case.
594 * XXX Determining when it is safe to reuse a cache is
595 * tricky. When the view's configuration changes, the cached
596 * data may become invalid because it reflects our old
597 * view of the world. As more view attributes become
598 * configurable, we will have to add code here to check
599 * whether they have changed in ways that could
600 * invalidate the cache.
602 result
= dns_viewlist_find(&ns_g_server
->viewlist
,
603 view
->name
, view
->rdclass
,
605 if (result
!= ISC_R_NOTFOUND
&& result
!= ISC_R_SUCCESS
)
608 INSIST(pview
->cache
!= NULL
);
609 isc_log_write(ns_g_lctx
, NS_LOGCATEGORY_GENERAL
,
610 NS_LOGMODULE_SERVER
, ISC_LOG_DEBUG(3),
611 "reusing existing cache");
612 reused_cache
= ISC_TRUE
;
613 dns_cache_attach(pview
->cache
, &cache
);
614 dns_view_detach(&pview
);
616 CHECK(isc_mem_create(0, 0, &cmctx
));
617 CHECK(dns_cache_create(cmctx
, ns_g_taskmgr
, ns_g_timermgr
,
618 view
->rdclass
, "rbt", 0, NULL
, &cache
));
620 dns_view_setcache(view
, cache
);
623 * cache-file cannot be inherited if views are present, but this
624 * should be caught by the configuration checking stage.
627 result
= ns_config_get(maps
, "cache-file", &obj
);
628 if (result
== ISC_R_SUCCESS
) {
629 dns_cache_setfilename(cache
, cfg_obj_asstring(obj
));
631 CHECK(dns_cache_load(cache
));
635 result
= ns_config_get(maps
, "cleaning-interval", &obj
);
636 INSIST(result
== ISC_R_SUCCESS
);
637 dns_cache_setcleaninginterval(cache
, cfg_obj_asuint32(obj
) * 60);
640 result
= ns_config_get(maps
, "max-cache-size", &obj
);
641 INSIST(result
== ISC_R_SUCCESS
);
642 if (cfg_obj_isstring(obj
)) {
643 str
= cfg_obj_asstring(obj
);
644 INSIST(strcasecmp(str
, "unlimited") == 0);
645 max_cache_size
= ISC_UINT32_MAX
;
647 isc_resourcevalue_t value
;
648 value
= cfg_obj_asuint64(obj
);
649 if (value
> ISC_UINT32_MAX
) {
650 cfg_obj_log(obj
, ns_g_lctx
, ISC_LOG_ERROR
,
652 "%" ISC_PRINT_QUADFORMAT
"d' is too large",
654 result
= ISC_R_RANGE
;
657 max_cache_size
= (isc_uint32_t
)value
;
659 dns_cache_setcachesize(cache
, max_cache_size
);
661 dns_cache_detach(&cache
);
666 * XXXRTH Hardwired number of tasks.
668 CHECK(get_view_querysource_dispatch(maps
, AF_INET
, &dispatch4
));
669 CHECK(get_view_querysource_dispatch(maps
, AF_INET6
, &dispatch6
));
670 if (dispatch4
== NULL
&& dispatch6
== NULL
) {
671 UNEXPECTED_ERROR(__FILE__
, __LINE__
,
672 "unable to obtain neither an IPv4 nor"
673 " an IPv6 dispatch");
674 result
= ISC_R_UNEXPECTED
;
677 CHECK(dns_view_createresolver(view
, ns_g_taskmgr
, 31,
678 ns_g_socketmgr
, ns_g_timermgr
,
680 dispatch4
, dispatch6
));
683 * Set resolver's lame-ttl.
686 result
= ns_config_get(maps
, "lame-ttl", &obj
);
687 INSIST(result
== ISC_R_SUCCESS
);
688 lame_ttl
= cfg_obj_asuint32(obj
);
691 dns_resolver_setlamettl(view
->resolver
, lame_ttl
);
694 * A global or view "forwarders" option, if present,
695 * creates an entry for "." in the forwarding table.
699 (void)ns_config_get(maps
, "forward", &forwardtype
);
700 (void)ns_config_get(maps
, "forwarders", &forwarders
);
701 if (forwarders
!= NULL
)
702 CHECK(configure_forward(config
, view
, dns_rootname
,
703 forwarders
, forwardtype
));
706 * We have default hints for class IN if we need them.
708 if (view
->rdclass
== dns_rdataclass_in
&& view
->hints
== NULL
)
709 dns_view_sethints(view
, ns_g_server
->in_roothints
);
712 * If we still have no hints, this is a non-IN view with no
713 * "hints zone" configured. Issue a warning, except if this
714 * is a root server. Root servers never need to consult
715 * their hints, so it's no point requireing users to configure
718 if (view
->hints
== NULL
) {
719 dns_zone_t
*rootzone
= NULL
;
720 dns_view_findzone(view
, dns_rootname
, &rootzone
);
721 if (rootzone
!= NULL
) {
722 dns_zone_detach(&rootzone
);
724 isc_log_write(ns_g_lctx
, NS_LOGCATEGORY_GENERAL
,
725 NS_LOGMODULE_SERVER
, ISC_LOG_WARNING
,
726 "no root hints for view '%s'",
732 * Configure the view's TSIG keys.
735 CHECK(ns_tsigkeyring_fromconfig(config
, vconfig
, view
->mctx
, &ring
));
736 dns_view_setkeyring(view
, ring
);
739 * Configure the view's peer list.
742 cfg_obj_t
*peers
= NULL
;
743 cfg_listelt_t
*element
;
744 dns_peerlist_t
*newpeers
= NULL
;
746 (void)ns_config_get(cfgmaps
, "server", &peers
);
747 CHECK(dns_peerlist_new(mctx
, &newpeers
));
748 for (element
= cfg_list_first(peers
);
750 element
= cfg_list_next(element
))
752 cfg_obj_t
*cpeer
= cfg_listelt_value(element
);
755 CHECK(configure_peer(cpeer
, mctx
, &peer
));
756 dns_peerlist_addpeer(newpeers
, peer
);
757 dns_peer_detach(&peer
);
759 dns_peerlist_detach(&view
->peers
);
760 view
->peers
= newpeers
; /* Transfer ownership. */
764 * Copy the aclenv object.
766 dns_aclenv_copy(&view
->aclenv
, &ns_g_server
->aclenv
);
769 * Configure the "match-clients" and "match-destinations" ACL.
771 CHECK(configure_view_acl(vconfig
, config
, "match-clients", actx
,
772 ns_g_mctx
, &view
->matchclients
));
773 CHECK(configure_view_acl(vconfig
, config
, "match-destinations", actx
,
774 ns_g_mctx
, &view
->matchdestinations
));
777 * Configure the "match-recursive-only" option.
780 (void) ns_config_get(maps
, "match-recursive-only", &obj
);
781 if (obj
!= NULL
&& cfg_obj_asboolean(obj
))
782 view
->matchrecursiveonly
= ISC_TRUE
;
784 view
->matchrecursiveonly
= ISC_FALSE
;
787 * Configure other configurable data.
790 result
= ns_config_get(maps
, "recursion", &obj
);
791 INSIST(result
== ISC_R_SUCCESS
);
792 view
->recursion
= cfg_obj_asboolean(obj
);
795 result
= ns_config_get(maps
, "auth-nxdomain", &obj
);
796 INSIST(result
== ISC_R_SUCCESS
);
797 view
->auth_nxdomain
= cfg_obj_asboolean(obj
);
800 result
= ns_config_get(maps
, "minimal-responses", &obj
);
801 INSIST(result
== ISC_R_SUCCESS
);
802 view
->minimalresponses
= cfg_obj_asboolean(obj
);
805 result
= ns_config_get(maps
, "transfer-format", &obj
);
806 INSIST(result
== ISC_R_SUCCESS
);
807 str
= cfg_obj_asstring(obj
);
808 if (strcasecmp(str
, "many-answers") == 0)
809 view
->transfer_format
= dns_many_answers
;
810 else if (strcasecmp(str
, "one-answer") == 0)
811 view
->transfer_format
= dns_one_answer
;
816 * Set sources where additional data and CNAME/DNAME
817 * targets for authoritative answers may be found.
820 result
= ns_config_get(maps
, "additional-from-auth", &obj
);
821 INSIST(result
== ISC_R_SUCCESS
);
822 view
->additionalfromauth
= cfg_obj_asboolean(obj
);
823 if (view
->recursion
&& ! view
->additionalfromauth
) {
824 cfg_obj_log(obj
, ns_g_lctx
, ISC_LOG_WARNING
,
825 "'additional-from-auth no' is only supported "
826 "with 'recursion no'");
827 view
->additionalfromauth
= ISC_TRUE
;
831 result
= ns_config_get(maps
, "additional-from-cache", &obj
);
832 INSIST(result
== ISC_R_SUCCESS
);
833 view
->additionalfromcache
= cfg_obj_asboolean(obj
);
834 if (view
->recursion
&& ! view
->additionalfromcache
) {
835 cfg_obj_log(obj
, ns_g_lctx
, ISC_LOG_WARNING
,
836 "'additional-from-cache no' is only supported "
837 "with 'recursion no'");
838 view
->additionalfromcache
= ISC_TRUE
;
841 CHECK(configure_view_acl(vconfig
, config
, "allow-query",
842 actx
, ns_g_mctx
, &view
->queryacl
));
844 if (strcmp(view
->name
, "_bind") != 0)
845 CHECK(configure_view_acl(vconfig
, config
, "allow-recursion",
846 actx
, ns_g_mctx
, &view
->recursionacl
));
848 CHECK(configure_view_acl(vconfig
, config
, "allow-v6-synthesis",
849 actx
, ns_g_mctx
, &view
->v6synthesisacl
));
852 * Warning if both "recursion no;" and allow-recursion are active
853 * except for "allow-recursion { none; };".
855 if (!view
->recursion
&& view
->recursionacl
!= NULL
&&
856 (view
->recursionacl
->length
!= 1 ||
857 view
->recursionacl
->elements
[0].type
!= dns_aclelementtype_any
||
858 view
->recursionacl
->elements
[0].negative
!= ISC_TRUE
)) {
859 const char *forview
= " for view ";
860 const char *viewname
= view
->name
;
862 if (!strcmp(view
->name
, "_bind") ||
863 !strcmp(view
->name
, "_default")) {
867 isc_log_write(ns_g_lctx
, NS_LOGCATEGORY_GENERAL
,
868 NS_LOGMODULE_SERVER
, ISC_LOG_WARNING
,
869 "both \"recursion no;\" and \"allow-recursion\" "
870 "active%s%s", forview
, viewname
);
873 CHECK(configure_view_acl(vconfig
, config
, "sortlist",
874 actx
, ns_g_mctx
, &view
->sortlist
));
877 result
= ns_config_get(maps
, "request-ixfr", &obj
);
878 INSIST(result
== ISC_R_SUCCESS
);
879 view
->requestixfr
= cfg_obj_asboolean(obj
);
882 result
= ns_config_get(maps
, "provide-ixfr", &obj
);
883 INSIST(result
== ISC_R_SUCCESS
);
884 view
->provideixfr
= cfg_obj_asboolean(obj
);
887 * For now, there is only one kind of trusted keys, the
890 CHECK(configure_view_dnsseckeys(vconfig
, config
, mctx
,
894 result
= ns_config_get(maps
, "max-cache-ttl", &obj
);
895 INSIST(result
== ISC_R_SUCCESS
);
896 view
->maxcachettl
= cfg_obj_asuint32(obj
);
899 result
= ns_config_get(maps
, "max-ncache-ttl", &obj
);
900 INSIST(result
== ISC_R_SUCCESS
);
901 view
->maxncachettl
= cfg_obj_asuint32(obj
);
902 if (view
->maxncachettl
> 7 * 24 * 3600)
903 view
->maxncachettl
= 7 * 24 * 3600;
906 result
= ns_config_get(maps
, "root-delegation-only", &obj
);
907 if (result
== ISC_R_SUCCESS
) {
908 dns_view_setrootdelonly(view
, ISC_TRUE
);
909 if (!cfg_obj_isvoid(obj
)) {
910 dns_fixedname_t fixed
;
916 dns_fixedname_init(&fixed
);
917 name
= dns_fixedname_name(&fixed
);
918 for (element
= cfg_list_first(obj
);
920 element
= cfg_list_next(element
)) {
921 exclude
= cfg_listelt_value(element
);
922 str
= cfg_obj_asstring(exclude
);
923 isc_buffer_init(&b
, str
, strlen(str
));
924 isc_buffer_add(&b
, strlen(str
));
925 CHECK(dns_name_fromtext(name
, &b
, dns_rootname
,
927 CHECK(dns_view_excludedelegationonly(view
,
932 dns_view_setrootdelonly(view
, ISC_FALSE
);
934 result
= ISC_R_SUCCESS
;
937 if (dispatch4
!= NULL
)
938 dns_dispatch_detach(&dispatch4
);
939 if (dispatch6
!= NULL
)
940 dns_dispatch_detach(&dispatch6
);
942 isc_mem_detach(&cmctx
);
945 dns_cache_detach(&cache
);
951 * Create the special view that handles queries under "bind. CH".
954 create_bind_view(dns_view_t
**viewp
) {
956 dns_view_t
*view
= NULL
;
958 REQUIRE(viewp
!= NULL
&& *viewp
== NULL
);
960 CHECK(dns_view_create(ns_g_mctx
, dns_rdataclass_ch
, "_bind", &view
));
962 /* Transfer ownership. */
966 result
= ISC_R_SUCCESS
;
970 dns_view_detach(&view
);
976 * Create the zone that handles queries for "version.bind. CH". The
977 * version string is returned either from the "version" configuration
978 * option or the global defaults.
981 create_version_zone(cfg_obj_t
**maps
, dns_zonemgr_t
*zmgr
, dns_view_t
*view
) {
984 dns_zone_t
*zone
= NULL
;
985 dns_dbversion_t
*dbver
= NULL
;
986 dns_difftuple_t
*tuple
= NULL
;
989 unsigned char buf
[256];
992 dns_rdata_t rdata
= DNS_RDATA_INIT
;
993 static unsigned char origindata
[] = "\007version\004bind";
995 cfg_obj_t
*obj
= NULL
;
996 dns_acl_t
*acl
= NULL
;
998 dns_diff_init(ns_g_mctx
, &diff
);
1000 dns_name_init(&origin
, NULL
);
1001 r
.base
= origindata
;
1002 r
.length
= sizeof(origindata
);
1003 dns_name_fromregion(&origin
, &r
);
1005 result
= ns_config_get(maps
, "version", &obj
);
1006 INSIST(result
== ISC_R_SUCCESS
);
1007 versiontext
= cfg_obj_asstring(obj
);
1008 len
= strlen(versiontext
);
1010 len
= 255; /* Silently truncate. */
1012 memcpy(buf
+ 1, versiontext
, len
);
1016 dns_rdata_fromregion(&rdata
, dns_rdataclass_ch
, dns_rdatatype_txt
, &r
);
1018 CHECK(dns_zone_create(&zone
, ns_g_mctx
));
1019 CHECK(dns_zone_setorigin(zone
, &origin
));
1020 dns_zone_settype(zone
, dns_zone_master
);
1021 dns_zone_setclass(zone
, dns_rdataclass_ch
);
1022 /* Transfers don't work so deny them. */
1023 CHECK(dns_acl_none(ns_g_mctx
, &acl
));
1024 dns_zone_setxfracl(zone
, acl
);
1025 dns_acl_detach(&acl
);
1026 dns_zone_setview(zone
, view
);
1028 CHECK(dns_zonemgr_managezone(zmgr
, zone
));
1030 CHECK(dns_db_create(ns_g_mctx
, "rbt", &origin
, dns_dbtype_zone
,
1031 dns_rdataclass_ch
, 0, NULL
, &db
));
1033 CHECK(dns_db_newversion(db
, &dbver
));
1035 CHECK(dns_difftuple_create(ns_g_mctx
, DNS_DIFFOP_ADD
, &origin
,
1036 0, &rdata
, &tuple
));
1037 dns_diff_append(&diff
, &tuple
);
1038 CHECK(dns_diff_apply(&diff
, db
, dbver
));
1040 dns_db_closeversion(db
, &dbver
, ISC_TRUE
);
1042 CHECK(dns_zone_replacedb(zone
, db
, ISC_FALSE
));
1044 CHECK(dns_view_addzone(view
, zone
));
1046 result
= ISC_R_SUCCESS
;
1050 dns_zone_detach(&zone
);
1052 dns_db_closeversion(db
, &dbver
, ISC_FALSE
);
1055 dns_diff_clear(&diff
);
1061 * Create the special zone that handles queries for "authors.bind. CH".
1062 * The strings returned list the BIND 9 authors.
1065 create_authors_zone(cfg_obj_t
*options
, dns_zonemgr_t
*zmgr
, dns_view_t
*view
)
1067 isc_result_t result
;
1068 dns_db_t
*db
= NULL
;
1069 dns_zone_t
*zone
= NULL
;
1070 dns_dbversion_t
*dbver
= NULL
;
1071 dns_difftuple_t
*tuple
;
1075 dns_rdata_t rdata
= DNS_RDATA_INIT
;
1076 static const char origindata
[] = "\007authors\004bind";
1079 static const char *authors
[] = {
1081 "\015James Brister",
1083 "\015Michael Graff",
1084 "\022Andreas Gustafsson",
1086 "\016David Lawrence",
1090 "\016Michael Sawyer",
1091 "\020Brian Wellington",
1094 cfg_obj_t
*obj
= NULL
;
1095 dns_acl_t
*acl
= NULL
;
1098 * If a version string is specified, disable the authors.bind zone.
1100 if (options
!= NULL
&&
1101 cfg_map_get(options
, "version", &obj
) == ISC_R_SUCCESS
)
1102 return (ISC_R_SUCCESS
);
1104 dns_diff_init(ns_g_mctx
, &diff
);
1106 dns_name_init(&origin
, NULL
);
1107 DE_CONST(origindata
, r
.base
);
1108 r
.length
= sizeof(origindata
);
1109 dns_name_fromregion(&origin
, &r
);
1111 CHECK(dns_zone_create(&zone
, ns_g_mctx
));
1112 CHECK(dns_zone_setorigin(zone
, &origin
));
1113 dns_zone_settype(zone
, dns_zone_master
);
1114 dns_zone_setclass(zone
, dns_rdataclass_ch
);
1115 /* Transfers don't work so deny them. */
1116 CHECK(dns_acl_none(ns_g_mctx
, &acl
));
1117 dns_zone_setxfracl(zone
, acl
);
1118 dns_acl_detach(&acl
);
1119 dns_zone_setview(zone
, view
);
1121 CHECK(dns_zonemgr_managezone(zmgr
, zone
));
1123 CHECK(dns_db_create(ns_g_mctx
, "rbt", &origin
, dns_dbtype_zone
,
1124 dns_rdataclass_ch
, 0, NULL
, &db
));
1126 CHECK(dns_db_newversion(db
, &dbver
));
1128 for (i
= 0; authors
[i
] != NULL
; i
++) {
1129 DE_CONST(authors
[i
], cr
.base
);
1130 cr
.length
= strlen(authors
[i
]);
1131 INSIST(cr
.length
== ((const unsigned char *)cr
.base
)[0] + 1U);
1132 dns_rdata_fromregion(&rdata
, dns_rdataclass_ch
,
1133 dns_rdatatype_txt
, &cr
);
1135 CHECK(dns_difftuple_create(ns_g_mctx
, DNS_DIFFOP_ADD
, &origin
,
1136 0, &rdata
, &tuple
));
1137 dns_diff_append(&diff
, &tuple
);
1138 dns_rdata_reset(&rdata
);
1141 CHECK(dns_diff_apply(&diff
, db
, dbver
));
1143 dns_db_closeversion(db
, &dbver
, ISC_TRUE
);
1145 CHECK(dns_zone_replacedb(zone
, db
, ISC_FALSE
));
1147 CHECK(dns_view_addzone(view
, zone
));
1149 result
= ISC_R_SUCCESS
;
1153 dns_zone_detach(&zone
);
1155 dns_db_closeversion(db
, &dbver
, ISC_FALSE
);
1158 dns_diff_clear(&diff
);
1164 configure_hints(dns_view_t
*view
, const char *filename
) {
1165 isc_result_t result
;
1169 result
= dns_rootns_create(view
->mctx
, view
->rdclass
, filename
, &db
);
1170 if (result
== ISC_R_SUCCESS
) {
1171 dns_view_sethints(view
, db
);
1179 configure_forward(cfg_obj_t
*config
, dns_view_t
*view
, dns_name_t
*origin
,
1180 cfg_obj_t
*forwarders
, cfg_obj_t
*forwardtype
)
1183 cfg_obj_t
*faddresses
;
1184 cfg_listelt_t
*element
;
1185 dns_fwdpolicy_t fwdpolicy
= dns_fwdpolicy_none
;
1186 isc_sockaddrlist_t addresses
;
1188 isc_result_t result
;
1192 * Determine which port to send forwarded requests to.
1194 if (ns_g_lwresdonly
&& ns_g_port
!= 0)
1197 CHECKM(ns_config_getport(config
, &port
), "port");
1199 if (forwarders
!= NULL
) {
1200 portobj
= cfg_tuple_get(forwarders
, "port");
1201 if (cfg_obj_isuint32(portobj
)) {
1202 isc_uint32_t val
= cfg_obj_asuint32(portobj
);
1203 if (val
> ISC_UINT16_MAX
) {
1204 cfg_obj_log(portobj
, ns_g_lctx
, ISC_LOG_ERROR
,
1205 "port '%u' out of range", val
);
1206 return (ISC_R_RANGE
);
1208 port
= (in_port_t
) val
;
1213 if (forwarders
!= NULL
)
1214 faddresses
= cfg_tuple_get(forwarders
, "addresses");
1216 ISC_LIST_INIT(addresses
);
1218 for (element
= cfg_list_first(faddresses
);
1220 element
= cfg_list_next(element
))
1222 cfg_obj_t
*forwarder
= cfg_listelt_value(element
);
1223 sa
= isc_mem_get(view
->mctx
, sizeof(isc_sockaddr_t
));
1225 result
= ISC_R_NOMEMORY
;
1228 *sa
= *cfg_obj_assockaddr(forwarder
);
1229 if (isc_sockaddr_getport(sa
) == 0)
1230 isc_sockaddr_setport(sa
, port
);
1231 ISC_LINK_INIT(sa
, link
);
1232 ISC_LIST_APPEND(addresses
, sa
, link
);
1235 if (ISC_LIST_EMPTY(addresses
)) {
1236 if (forwardtype
!= NULL
)
1237 cfg_obj_log(forwarders
, ns_g_lctx
, ISC_LOG_WARNING
,
1238 "no forwarders seen; disabling "
1240 fwdpolicy
= dns_fwdpolicy_none
;
1242 if (forwardtype
== NULL
)
1243 fwdpolicy
= dns_fwdpolicy_first
;
1245 char *forwardstr
= cfg_obj_asstring(forwardtype
);
1246 if (strcasecmp(forwardstr
, "first") == 0)
1247 fwdpolicy
= dns_fwdpolicy_first
;
1248 else if (strcasecmp(forwardstr
, "only") == 0)
1249 fwdpolicy
= dns_fwdpolicy_only
;
1255 result
= dns_fwdtable_add(view
->fwdtable
, origin
, &addresses
,
1257 if (result
!= ISC_R_SUCCESS
) {
1258 char namebuf
[DNS_NAME_FORMATSIZE
];
1259 dns_name_format(origin
, namebuf
, sizeof(namebuf
));
1260 cfg_obj_log(forwarders
, ns_g_lctx
, ISC_LOG_WARNING
,
1261 "could not set up forwarding for domain '%s': %s",
1262 namebuf
, isc_result_totext(result
));
1266 result
= ISC_R_SUCCESS
;
1270 while (!ISC_LIST_EMPTY(addresses
)) {
1271 sa
= ISC_LIST_HEAD(addresses
);
1272 ISC_LIST_UNLINK(addresses
, sa
, link
);
1273 isc_mem_put(view
->mctx
, sa
, sizeof(isc_sockaddr_t
));
1280 * Create a new view and add it to the list.
1282 * If 'vconfig' is NULL, create the default view.
1284 * The view created is attached to '*viewp'.
1287 create_view(cfg_obj_t
*vconfig
, dns_viewlist_t
*viewlist
, dns_view_t
**viewp
) {
1288 isc_result_t result
;
1289 const char *viewname
;
1290 dns_rdataclass_t viewclass
;
1291 dns_view_t
*view
= NULL
;
1293 if (vconfig
!= NULL
) {
1294 cfg_obj_t
*classobj
= NULL
;
1296 viewname
= cfg_obj_asstring(cfg_tuple_get(vconfig
, "name"));
1297 classobj
= cfg_tuple_get(vconfig
, "class");
1298 result
= ns_config_getclass(classobj
, dns_rdataclass_in
,
1301 viewname
= "_default";
1302 viewclass
= dns_rdataclass_in
;
1304 result
= dns_viewlist_find(viewlist
, viewname
, viewclass
, &view
);
1305 if (result
== ISC_R_SUCCESS
)
1306 return (ISC_R_EXISTS
);
1307 if (result
!= ISC_R_NOTFOUND
)
1309 INSIST(view
== NULL
);
1311 result
= dns_view_create(ns_g_mctx
, viewclass
, viewname
, &view
);
1312 if (result
!= ISC_R_SUCCESS
)
1315 ISC_LIST_APPEND(*viewlist
, view
, link
);
1316 dns_view_attach(view
, viewp
);
1317 return (ISC_R_SUCCESS
);
1321 * Configure or reconfigure a zone.
1324 configure_zone(cfg_obj_t
*config
, cfg_obj_t
*zconfig
, cfg_obj_t
*vconfig
,
1325 isc_mem_t
*mctx
, dns_view_t
*view
,
1326 ns_aclconfctx_t
*aclconf
)
1328 dns_view_t
*pview
= NULL
; /* Production view */
1329 dns_zone_t
*zone
= NULL
; /* New or reused zone */
1330 dns_zone_t
*dupzone
= NULL
;
1331 cfg_obj_t
*options
= NULL
;
1332 cfg_obj_t
*zoptions
= NULL
;
1333 cfg_obj_t
*typeobj
= NULL
;
1334 cfg_obj_t
*forwarders
= NULL
;
1335 cfg_obj_t
*forwardtype
= NULL
;
1336 cfg_obj_t
*only
= NULL
;
1337 isc_result_t result
;
1338 isc_result_t tresult
;
1339 isc_buffer_t buffer
;
1340 dns_fixedname_t fixorigin
;
1343 dns_rdataclass_t zclass
;
1344 const char *ztypestr
;
1347 (void)cfg_map_get(config
, "options", &options
);
1349 zoptions
= cfg_tuple_get(zconfig
, "options");
1352 * Get the zone origin as a dns_name_t.
1354 zname
= cfg_obj_asstring(cfg_tuple_get(zconfig
, "name"));
1355 isc_buffer_init(&buffer
, zname
, strlen(zname
));
1356 isc_buffer_add(&buffer
, strlen(zname
));
1357 dns_fixedname_init(&fixorigin
);
1358 CHECK(dns_name_fromtext(dns_fixedname_name(&fixorigin
),
1359 &buffer
, dns_rootname
, ISC_FALSE
, NULL
));
1360 origin
= dns_fixedname_name(&fixorigin
);
1362 CHECK(ns_config_getclass(cfg_tuple_get(zconfig
, "class"),
1363 view
->rdclass
, &zclass
));
1364 if (zclass
!= view
->rdclass
) {
1365 const char *vname
= NULL
;
1366 if (vconfig
!= NULL
)
1367 vname
= cfg_obj_asstring(cfg_tuple_get(vconfig
,
1370 vname
= "<default view>";
1372 isc_log_write(ns_g_lctx
, NS_LOGCATEGORY_GENERAL
,
1373 NS_LOGMODULE_SERVER
, ISC_LOG_ERROR
,
1374 "zone '%s': wrong class for view '%s'",
1376 result
= ISC_R_FAILURE
;
1380 (void)cfg_map_get(zoptions
, "type", &typeobj
);
1381 if (typeobj
== NULL
) {
1382 cfg_obj_log(zconfig
, ns_g_lctx
, ISC_LOG_ERROR
,
1383 "zone '%s' 'type' not specified", zname
);
1384 return (ISC_R_FAILURE
);
1386 ztypestr
= cfg_obj_asstring(typeobj
);
1389 * "hints zones" aren't zones. If we've got one,
1390 * configure it and return.
1392 if (strcasecmp(ztypestr
, "hint") == 0) {
1393 cfg_obj_t
*fileobj
= NULL
;
1394 if (cfg_map_get(zoptions
, "file", &fileobj
) != ISC_R_SUCCESS
) {
1395 isc_log_write(ns_g_lctx
, NS_LOGCATEGORY_GENERAL
,
1396 NS_LOGMODULE_SERVER
, ISC_LOG_ERROR
,
1397 "zone '%s': 'file' not specified",
1399 result
= ISC_R_FAILURE
;
1402 if (dns_name_equal(origin
, dns_rootname
)) {
1403 char *hintsfile
= cfg_obj_asstring(fileobj
);
1405 result
= configure_hints(view
, hintsfile
);
1406 if (result
!= ISC_R_SUCCESS
) {
1407 isc_log_write(ns_g_lctx
, NS_LOGCATEGORY_GENERAL
,
1408 NS_LOGMODULE_SERVER
,
1410 "could not configure root hints "
1411 "from '%s': %s", hintsfile
,
1412 isc_result_totext(result
));
1416 * Hint zones may also refer to delegation only points.
1419 tresult
= cfg_map_get(zoptions
, "delegation-only",
1421 if (tresult
== ISC_R_SUCCESS
&& cfg_obj_asboolean(only
))
1422 CHECK(dns_view_adddelegationonly(view
, origin
));
1424 isc_log_write(ns_g_lctx
, NS_LOGCATEGORY_GENERAL
,
1425 NS_LOGMODULE_SERVER
, ISC_LOG_WARNING
,
1426 "ignoring non-root hint zone '%s'",
1428 result
= ISC_R_SUCCESS
;
1430 /* Skip ordinary zone processing. */
1435 * "forward zones" aren't zones either. Translate this syntax into
1436 * the appropriate selective forwarding configuration and return.
1438 if (strcasecmp(ztypestr
, "forward") == 0) {
1442 (void)cfg_map_get(zoptions
, "forward", &forwardtype
);
1443 (void)cfg_map_get(zoptions
, "forwarders", &forwarders
);
1444 result
= configure_forward(config
, view
, origin
, forwarders
,
1450 * "delegation-only zones" aren't zones either.
1452 if (strcasecmp(ztypestr
, "delegation-only") == 0) {
1453 result
= dns_view_adddelegationonly(view
, origin
);
1458 * Check for duplicates in the new zone table.
1460 result
= dns_view_findzone(view
, origin
, &dupzone
);
1461 if (result
== ISC_R_SUCCESS
) {
1463 * We already have this zone!
1465 dns_zone_detach(&dupzone
);
1466 result
= ISC_R_EXISTS
;
1469 INSIST(dupzone
== NULL
);
1472 * See if we can reuse an existing zone. This is
1473 * only possible if all of these are true:
1474 * - The zone's view exists
1475 * - A zone with the right name exists in the view
1476 * - The zone is compatible with the config
1477 * options (e.g., an existing master zone cannot
1478 * be reused if the options specify a slave zone)
1480 result
= dns_viewlist_find(&ns_g_server
->viewlist
,
1481 view
->name
, view
->rdclass
,
1483 if (result
!= ISC_R_NOTFOUND
&& result
!= ISC_R_SUCCESS
)
1486 result
= dns_view_findzone(pview
, origin
, &zone
);
1487 if (result
!= ISC_R_NOTFOUND
&& result
!= ISC_R_SUCCESS
)
1490 if (! ns_zone_reusable(zone
, zconfig
))
1491 dns_zone_detach(&zone
);
1496 * We found a reusable zone. Make it use the
1499 dns_zone_setview(zone
, view
);
1502 * We cannot reuse an existing zone, we have
1503 * to create a new one.
1505 CHECK(dns_zone_create(&zone
, mctx
));
1506 CHECK(dns_zone_setorigin(zone
, origin
));
1507 dns_zone_setview(zone
, view
);
1508 CHECK(dns_zonemgr_managezone(ns_g_server
->zonemgr
, zone
));
1512 * If the zone contains a 'forwarders' statement, configure
1513 * selective forwarding.
1516 if (cfg_map_get(zoptions
, "forwarders", &forwarders
) == ISC_R_SUCCESS
)
1519 cfg_map_get(zoptions
, "forward", &forwardtype
);
1520 CHECK(configure_forward(config
, view
, origin
, forwarders
,
1525 * Stub and forward zones may also refer to delegation only points.
1528 if (cfg_map_get(zoptions
, "delegation-only", &only
) == ISC_R_SUCCESS
)
1530 if (cfg_obj_asboolean(only
))
1531 CHECK(dns_view_adddelegationonly(view
, origin
));
1535 * Configure the zone.
1537 CHECK(ns_zone_configure(config
, vconfig
, zconfig
, aclconf
, zone
));
1540 * Add the zone to its view in the new view list.
1542 CHECK(dns_view_addzone(view
, zone
));
1546 dns_zone_detach(&zone
);
1548 dns_view_detach(&pview
);
1554 * Configure a single server quota.
1557 configure_server_quota(cfg_obj_t
**maps
, const char *name
, isc_quota_t
*quota
)
1559 cfg_obj_t
*obj
= NULL
;
1560 isc_result_t result
;
1562 result
= ns_config_get(maps
, name
, &obj
);
1563 INSIST(result
== ISC_R_SUCCESS
);
1564 quota
->max
= cfg_obj_asuint32(obj
);
1568 * This function is called as soon as the 'directory' statement has been
1569 * parsed. This can be extended to support other options if necessary.
1572 directory_callback(const char *clausename
, cfg_obj_t
*obj
, void *arg
) {
1573 isc_result_t result
;
1576 REQUIRE(strcasecmp("directory", clausename
) == 0);
1584 directory
= cfg_obj_asstring(obj
);
1586 if (! isc_file_ischdiridempotent(directory
))
1587 cfg_obj_log(obj
, ns_g_lctx
, ISC_LOG_WARNING
,
1588 "option 'directory' contains relative path '%s'",
1591 result
= isc_dir_chdir(directory
);
1592 if (result
!= ISC_R_SUCCESS
) {
1593 cfg_obj_log(obj
, ns_g_lctx
, ISC_LOG_ERROR
,
1594 "change directory to '%s' failed: %s",
1595 directory
, isc_result_totext(result
));
1599 return (ISC_R_SUCCESS
);
1603 scan_interfaces(ns_server_t
*server
, isc_boolean_t verbose
) {
1604 isc_boolean_t match_mapped
= server
->aclenv
.match_mapped
;
1606 ns_interfacemgr_scan(server
->interfacemgr
, verbose
);
1608 * Update the "localhost" and "localnets" ACLs to match the
1609 * current set of network interfaces.
1611 dns_aclenv_copy(&server
->aclenv
,
1612 ns_interfacemgr_getaclenv(server
->interfacemgr
));
1614 server
->aclenv
.match_mapped
= match_mapped
;
1618 * This event callback is invoked to do periodic network
1619 * interface scanning.
1622 interface_timer_tick(isc_task_t
*task
, isc_event_t
*event
) {
1623 isc_result_t result
;
1624 ns_server_t
*server
= (ns_server_t
*) event
->ev_arg
;
1625 INSIST(task
== server
->task
);
1627 isc_event_free(&event
);
1629 * XXX should scan interfaces unlocked and get exclusive access
1630 * only to replace ACLs.
1632 result
= isc_task_beginexclusive(server
->task
);
1633 RUNTIME_CHECK(result
== ISC_R_SUCCESS
);
1634 scan_interfaces(server
, ISC_FALSE
);
1635 isc_task_endexclusive(server
->task
);
1639 heartbeat_timer_tick(isc_task_t
*task
, isc_event_t
*event
) {
1640 ns_server_t
*server
= (ns_server_t
*) event
->ev_arg
;
1644 isc_event_free(&event
);
1645 view
= ISC_LIST_HEAD(server
->viewlist
);
1646 while (view
!= NULL
) {
1647 dns_view_dialup(view
);
1648 view
= ISC_LIST_NEXT(view
, link
);
1653 setstatsfile(ns_server_t
*server
, const char *name
) {
1656 REQUIRE(name
!= NULL
);
1658 p
= isc_mem_strdup(server
->mctx
, name
);
1660 return (ISC_R_NOMEMORY
);
1661 if (server
->statsfile
!= NULL
)
1662 isc_mem_free(server
->mctx
, server
->statsfile
);
1663 server
->statsfile
= p
;
1664 return (ISC_R_SUCCESS
);
1668 setdumpfile(ns_server_t
*server
, const char *name
) {
1671 REQUIRE(name
!= NULL
);
1673 p
= isc_mem_strdup(server
->mctx
, name
);
1675 return (ISC_R_NOMEMORY
);
1676 if (server
->dumpfile
!= NULL
)
1677 isc_mem_free(server
->mctx
, server
->dumpfile
);
1678 server
->dumpfile
= p
;
1679 return (ISC_R_SUCCESS
);
1683 set_limit(cfg_obj_t
**maps
, const char *configname
, const char *description
,
1684 isc_resource_t resourceid
, isc_resourcevalue_t defaultvalue
)
1686 cfg_obj_t
*obj
= NULL
;
1688 isc_resourcevalue_t value
;
1689 isc_result_t result
;
1691 if (ns_config_get(maps
, configname
, &obj
) != ISC_R_SUCCESS
)
1694 if (cfg_obj_isstring(obj
)) {
1695 resource
= cfg_obj_asstring(obj
);
1696 if (strcasecmp(resource
, "unlimited") == 0)
1697 value
= ISC_RESOURCE_UNLIMITED
;
1699 INSIST(strcasecmp(resource
, "default") == 0);
1700 value
= defaultvalue
;
1703 value
= cfg_obj_asuint64(obj
);
1705 result
= isc_resource_setlimit(resourceid
, value
);
1706 isc_log_write(ns_g_lctx
, NS_LOGCATEGORY_GENERAL
, NS_LOGMODULE_SERVER
,
1707 result
== ISC_R_SUCCESS
?
1708 ISC_LOG_DEBUG(3) : ISC_LOG_WARNING
,
1709 "set maximum %s to %" ISC_PRINT_QUADFORMAT
"d: %s",
1710 description
, value
, isc_result_totext(result
));
1713 #define SETLIMIT(cfgvar, resource, description) \
1714 set_limit(maps, cfgvar, description, isc_resource_ ## resource, \
1715 ns_g_init ## resource)
1718 set_limits(cfg_obj_t
**maps
) {
1719 SETLIMIT("stacksize", stacksize
, "stack size");
1720 SETLIMIT("datasize", datasize
, "data size");
1721 SETLIMIT("coresize", coresize
, "core size");
1722 SETLIMIT("files", openfiles
, "open files");
1726 load_configuration(const char *filename
, ns_server_t
*server
,
1727 isc_boolean_t first_time
)
1729 isc_result_t result
;
1730 cfg_parser_t
*parser
= NULL
;
1736 cfg_listelt_t
*element
;
1737 dns_view_t
*view
= NULL
;
1738 dns_view_t
*view_next
;
1739 dns_viewlist_t viewlist
;
1740 dns_viewlist_t tmpviewlist
;
1741 ns_aclconfctx_t aclconfctx
;
1742 isc_uint32_t interface_interval
;
1743 isc_uint32_t heartbeat_interval
;
1744 in_port_t listen_port
;
1747 ns_aclconfctx_init(&aclconfctx
);
1748 ISC_LIST_INIT(viewlist
);
1750 /* Ensure exclusive access to configuration data. */
1751 result
= isc_task_beginexclusive(server
->task
);
1752 RUNTIME_CHECK(result
== ISC_R_SUCCESS
);
1755 * Parse the global default pseudo-config file.
1758 CHECK(ns_config_parsedefaults(ns_g_parser
, &ns_g_config
));
1759 RUNTIME_CHECK(cfg_map_get(ns_g_config
, "options",
1765 * Parse the configuration file using the new config code.
1767 result
= ISC_R_FAILURE
;
1771 * Unless this is lwresd with the -C option, parse the config file.
1773 if (!(ns_g_lwresdonly
&& lwresd_g_useresolvconf
)) {
1774 isc_log_write(ns_g_lctx
,
1775 NS_LOGCATEGORY_GENERAL
, NS_LOGMODULE_SERVER
,
1776 ISC_LOG_INFO
, "loading configuration from '%s'",
1778 CHECK(cfg_parser_create(ns_g_mctx
, ns_g_lctx
, &parser
));
1779 cfg_parser_setcallback(parser
, directory_callback
, NULL
);
1780 result
= cfg_parse_file(parser
, filename
, &cfg_type_namedconf
,
1785 * If this is lwresd with the -C option, or lwresd with no -C or -c
1786 * option where the above parsing failed, parse resolv.conf.
1788 if (ns_g_lwresdonly
&&
1789 (lwresd_g_useresolvconf
||
1790 (!ns_g_conffileset
&& result
== ISC_R_FILENOTFOUND
)))
1792 isc_log_write(ns_g_lctx
,
1793 NS_LOGCATEGORY_GENERAL
, NS_LOGMODULE_SERVER
,
1794 ISC_LOG_INFO
, "loading configuration from '%s'",
1795 lwresd_g_resolvconffile
);
1797 cfg_parser_destroy(&parser
);
1798 CHECK(cfg_parser_create(ns_g_mctx
, ns_g_lctx
, &parser
));
1799 result
= ns_lwresd_parseeresolvconf(ns_g_mctx
, parser
,
1805 * Check the validity of the configuration.
1807 CHECK(cfg_check_namedconf(config
, ns_g_lctx
, ns_g_mctx
));
1810 * Fill in the maps array, used for resolving defaults.
1814 result
= cfg_map_get(config
, "options", &options
);
1815 if (result
== ISC_R_SUCCESS
)
1816 maps
[i
++] = options
;
1817 maps
[i
++] = ns_g_defaults
;
1821 * Set process limits, which (usually) needs to be done as root.
1826 * Configure various server options.
1828 configure_server_quota(maps
, "transfers-out", &server
->xfroutquota
);
1829 configure_server_quota(maps
, "tcp-clients", &server
->tcpquota
);
1830 configure_server_quota(maps
, "recursive-clients",
1831 &server
->recursionquota
);
1833 CHECK(configure_view_acl(NULL
, config
, "blackhole", &aclconfctx
,
1834 ns_g_mctx
, &server
->blackholeacl
));
1835 if (server
->blackholeacl
!= NULL
)
1836 dns_dispatchmgr_setblackhole(ns_g_dispatchmgr
,
1837 server
->blackholeacl
);
1840 result
= ns_config_get(maps
, "match-mapped-addresses", &obj
);
1841 INSIST(result
== ISC_R_SUCCESS
);
1842 server
->aclenv
.match_mapped
= cfg_obj_asboolean(obj
);
1845 * Configure the zone manager.
1848 result
= ns_config_get(maps
, "transfers-in", &obj
);
1849 INSIST(result
== ISC_R_SUCCESS
);
1850 dns_zonemgr_settransfersin(server
->zonemgr
, cfg_obj_asuint32(obj
));
1853 result
= ns_config_get(maps
, "transfers-per-ns", &obj
);
1854 INSIST(result
== ISC_R_SUCCESS
);
1855 dns_zonemgr_settransfersperns(server
->zonemgr
, cfg_obj_asuint32(obj
));
1858 result
= ns_config_get(maps
, "serial-query-rate", &obj
);
1859 INSIST(result
== ISC_R_SUCCESS
);
1860 dns_zonemgr_setserialqueryrate(server
->zonemgr
, cfg_obj_asuint32(obj
));
1863 * Determine which port to use for listening for incoming connections.
1866 listen_port
= ns_g_port
;
1868 CHECKM(ns_config_getport(config
, &listen_port
), "port");
1871 * Configure the interface manager according to the "listen-on"
1875 cfg_obj_t
*clistenon
= NULL
;
1876 ns_listenlist_t
*listenon
= NULL
;
1880 * Even though listen-on is present in the default
1881 * configuration, we can't use it here, since it isn't
1882 * used if we're in lwresd mode. This way is easier.
1884 if (options
!= NULL
)
1885 (void)cfg_map_get(options
, "listen-on", &clistenon
);
1886 if (clistenon
!= NULL
) {
1887 result
= ns_listenlist_fromconfig(clistenon
,
1892 } else if (!ns_g_lwresdonly
) {
1894 * Not specified, use default.
1896 CHECK(ns_listenlist_default(ns_g_mctx
, listen_port
,
1897 ISC_TRUE
, &listenon
));
1899 if (listenon
!= NULL
) {
1900 ns_interfacemgr_setlistenon4(server
->interfacemgr
,
1902 ns_listenlist_detach(&listenon
);
1909 cfg_obj_t
*clistenon
= NULL
;
1910 ns_listenlist_t
*listenon
= NULL
;
1912 if (options
!= NULL
)
1913 (void)cfg_map_get(options
, "listen-on-v6", &clistenon
);
1914 if (clistenon
!= NULL
) {
1915 result
= ns_listenlist_fromconfig(clistenon
,
1920 } else if (!ns_g_lwresdonly
) {
1922 * Not specified, use default.
1924 CHECK(ns_listenlist_default(ns_g_mctx
, listen_port
,
1925 ISC_FALSE
, &listenon
));
1927 if (listenon
!= NULL
) {
1928 ns_interfacemgr_setlistenon6(server
->interfacemgr
,
1930 ns_listenlist_detach(&listenon
);
1935 * Rescan the interface list to pick up changes in the
1936 * listen-on option. It's important that we do this before we try
1937 * to configure the query source, since the dispatcher we use might
1938 * be shared with an interface.
1940 scan_interfaces(server
, ISC_TRUE
);
1943 * Arrange for further interface scanning to occur periodically
1944 * as specified by the "interface-interval" option.
1947 result
= ns_config_get(maps
, "interface-interval", &obj
);
1948 INSIST(result
== ISC_R_SUCCESS
);
1949 interface_interval
= cfg_obj_asuint32(obj
) * 60;
1950 if (interface_interval
== 0) {
1951 isc_timer_reset(server
->interface_timer
,
1952 isc_timertype_inactive
,
1953 NULL
, NULL
, ISC_TRUE
);
1954 } else if (server
->interface_interval
!= interface_interval
) {
1955 isc_interval_t interval
;
1956 isc_interval_set(&interval
, interface_interval
, 0);
1957 isc_timer_reset(server
->interface_timer
, isc_timertype_ticker
,
1958 NULL
, &interval
, ISC_FALSE
);
1960 server
->interface_interval
= interface_interval
;
1963 * Configure the dialup heartbeat timer.
1966 result
= ns_config_get(maps
, "heartbeat-interval", &obj
);
1967 INSIST(result
== ISC_R_SUCCESS
);
1968 heartbeat_interval
= cfg_obj_asuint32(obj
) * 60;
1969 if (heartbeat_interval
== 0) {
1970 isc_timer_reset(server
->heartbeat_timer
,
1971 isc_timertype_inactive
,
1972 NULL
, NULL
, ISC_TRUE
);
1973 } else if (server
->heartbeat_interval
!= heartbeat_interval
) {
1974 isc_interval_t interval
;
1975 isc_interval_set(&interval
, heartbeat_interval
, 0);
1976 isc_timer_reset(server
->heartbeat_timer
, isc_timertype_ticker
,
1977 NULL
, &interval
, ISC_FALSE
);
1979 server
->heartbeat_interval
= heartbeat_interval
;
1982 * Configure and freeze all explicit views. Explicit
1983 * views that have zones were already created at parsing
1984 * time, but views with no zones must be created here.
1987 (void)cfg_map_get(config
, "view", &views
);
1988 for (element
= cfg_list_first(views
);
1990 element
= cfg_list_next(element
))
1995 vconfig
= cfg_listelt_value(element
);
1996 CHECK(create_view(vconfig
, &viewlist
, &view
));
1997 INSIST(view
!= NULL
);
1998 CHECK(configure_view(view
, config
, vconfig
,
1999 ns_g_mctx
, &aclconfctx
));
2000 dns_view_freeze(view
);
2001 dns_view_detach(&view
);
2005 * Make sure we have a default view if and only if there
2006 * were no explicit views.
2008 if (views
== NULL
) {
2010 * No explicit views; there ought to be a default view.
2011 * There may already be one created as a side effect
2012 * of zone statements, or we may have to create one.
2013 * In either case, we need to configure and freeze it.
2015 CHECK(create_view(NULL
, &viewlist
, &view
));
2016 CHECK(configure_view(view
, config
, NULL
, ns_g_mctx
,
2018 dns_view_freeze(view
);
2019 dns_view_detach(&view
);
2023 * Create (or recreate) the internal _bind view.
2025 CHECK(create_bind_view(&view
));
2026 CHECK(configure_view_acl(NULL
, config
, "allow-query",
2027 &aclconfctx
, ns_g_mctx
, &view
->queryacl
));
2028 ISC_LIST_APPEND(viewlist
, view
, link
);
2029 CHECK(create_version_zone(maps
, server
->zonemgr
, view
));
2030 CHECK(create_authors_zone(options
, server
->zonemgr
, view
));
2031 dns_view_freeze(view
);
2035 * Swap our new view list with the production one.
2037 tmpviewlist
= server
->viewlist
;
2038 server
->viewlist
= viewlist
;
2039 viewlist
= tmpviewlist
;
2042 * Load the TKEY information from the configuration.
2044 if (options
!= NULL
) {
2045 dns_tkeyctx_t
*t
= NULL
;
2046 CHECKM(ns_tkeyctx_fromconfig(options
, ns_g_mctx
, ns_g_entropy
,
2048 "configuring TKEY");
2049 if (server
->tkeyctx
!= NULL
)
2050 dns_tkeyctx_destroy(&server
->tkeyctx
);
2051 server
->tkeyctx
= t
;
2055 * Bind the control port(s).
2057 CHECKM(ns_controls_configure(ns_g_server
->controls
, config
,
2059 "binding control channel(s)");
2062 * Bind the lwresd port(s).
2064 CHECKM(ns_lwresd_configure(ns_g_mctx
, config
),
2065 "binding lightweight resolver ports");
2068 * Open the source of entropy.
2072 result
= ns_config_get(maps
, "random-device", &obj
);
2073 if (result
!= ISC_R_SUCCESS
) {
2074 isc_log_write(ns_g_lctx
, NS_LOGCATEGORY_GENERAL
,
2075 NS_LOGMODULE_SERVER
, ISC_LOG_INFO
,
2076 "no source of entropy found");
2078 const char *randomdev
= cfg_obj_asstring(obj
);
2079 result
= isc_entropy_createfilesource(ns_g_entropy
,
2081 if (result
!= ISC_R_SUCCESS
)
2082 isc_log_write(ns_g_lctx
,
2083 NS_LOGCATEGORY_GENERAL
,
2084 NS_LOGMODULE_SERVER
,
2086 "could not open entropy source "
2089 isc_result_totext(result
));
2094 * Relinquish root privileges.
2100 * Configure the logging system.
2102 * Do this after changing UID to make sure that any log
2103 * files specified in named.conf get created by the
2104 * unprivileged user, not root.
2106 if (ns_g_logstderr
) {
2107 isc_log_write(ns_g_lctx
, NS_LOGCATEGORY_GENERAL
,
2108 NS_LOGMODULE_SERVER
, ISC_LOG_INFO
,
2109 "ignoring config file logging "
2110 "statement due to -g option");
2112 cfg_obj_t
*logobj
= NULL
;
2113 isc_logconfig_t
*logc
= NULL
;
2115 CHECKM(isc_logconfig_create(ns_g_lctx
, &logc
),
2116 "creating new logging configuration");
2119 (void)cfg_map_get(config
, "logging", &logobj
);
2120 if (logobj
!= NULL
) {
2121 CHECKM(ns_log_configure(logc
, logobj
),
2122 "configuring logging");
2124 CHECKM(ns_log_setdefaultchannels(logc
),
2125 "setting up default logging channels");
2126 CHECKM(ns_log_setunmatchedcategory(logc
),
2127 "setting up default 'category unmatched'");
2128 CHECKM(ns_log_setdefaultcategory(logc
),
2129 "setting up default 'category default'");
2132 result
= isc_logconfig_use(ns_g_lctx
, logc
);
2133 if (result
!= ISC_R_SUCCESS
) {
2134 isc_logconfig_destroy(&logc
);
2135 CHECKM(result
, "installing logging configuration");
2138 isc_log_write(ns_g_lctx
, NS_LOGCATEGORY_GENERAL
,
2139 NS_LOGMODULE_SERVER
, ISC_LOG_DEBUG(1),
2140 "now using logging configuration from "
2145 * Set the default value of the query logging flag depending
2146 * whether a "queries" category has been defined. This is
2147 * a disgusting hack, but we need to do this for BIND 8
2151 cfg_obj_t
*logobj
= NULL
;
2152 cfg_obj_t
*categories
= NULL
;
2153 (void)cfg_map_get(config
, "logging", &logobj
);
2155 (void)cfg_map_get(logobj
, "category", &categories
);
2156 if (categories
!= NULL
) {
2157 cfg_listelt_t
*element
;
2158 for (element
= cfg_list_first(categories
);
2160 element
= cfg_list_next(element
))
2165 obj
= cfg_listelt_value(element
);
2166 catobj
= cfg_tuple_get(obj
, "name");
2167 str
= cfg_obj_asstring(catobj
);
2168 if (strcasecmp(str
, "queries") == 0)
2169 server
->log_queries
= ISC_TRUE
;
2175 if (ns_config_get(maps
, "pid-file", &obj
) == ISC_R_SUCCESS
)
2176 ns_os_writepidfile(cfg_obj_asstring(obj
), first_time
);
2177 else if (ns_g_lwresdonly
)
2178 ns_os_writepidfile(lwresd_g_defaultpidfile
, first_time
);
2180 ns_os_writepidfile(ns_g_defaultpidfile
, first_time
);
2183 result
= ns_config_get(maps
, "statistics-file", &obj
);
2184 INSIST(result
== ISC_R_SUCCESS
);
2185 CHECKM(setstatsfile(server
, cfg_obj_asstring(obj
)), "strdup");
2188 result
= ns_config_get(maps
, "dump-file", &obj
);
2189 INSIST(result
== ISC_R_SUCCESS
);
2190 CHECKM(setdumpfile(server
, cfg_obj_asstring(obj
)), "strdup");
2193 ns_aclconfctx_destroy(&aclconfctx
);
2195 if (parser
!= NULL
) {
2197 cfg_obj_destroy(parser
, &config
);
2198 cfg_parser_destroy(&parser
);
2202 dns_view_detach(&view
);
2205 * This cleans up either the old production view list
2206 * or our temporary list depending on whether they
2207 * were swapped above or not.
2209 for (view
= ISC_LIST_HEAD(viewlist
);
2212 view_next
= ISC_LIST_NEXT(view
, link
);
2213 ISC_LIST_UNLINK(viewlist
, view
, link
);
2214 dns_view_detach(&view
);
2218 /* Relinquish exclusive access to configuration data. */
2219 isc_task_endexclusive(server
->task
);
2221 isc_log_write(ns_g_lctx
, NS_LOGCATEGORY_GENERAL
, NS_LOGMODULE_SERVER
,
2222 ISC_LOG_DEBUG(1), "load_configuration: %s",
2223 isc_result_totext(result
));
2229 load_zones(ns_server_t
*server
, isc_boolean_t stop
) {
2230 isc_result_t result
;
2233 result
= isc_task_beginexclusive(server
->task
);
2234 RUNTIME_CHECK(result
== ISC_R_SUCCESS
);
2237 * Load zone data from disk.
2239 for (view
= ISC_LIST_HEAD(server
->viewlist
);
2241 view
= ISC_LIST_NEXT(view
, link
))
2243 CHECK(dns_view_load(view
, stop
));
2247 * Force zone maintenance. Do this after loading
2248 * so that we know when we need to force AXFR of
2249 * slave zones whose master files are missing.
2251 CHECK(dns_zonemgr_forcemaint(server
->zonemgr
));
2253 isc_task_endexclusive(server
->task
);
2258 load_new_zones(ns_server_t
*server
, isc_boolean_t stop
) {
2259 isc_result_t result
;
2262 result
= isc_task_beginexclusive(server
->task
);
2263 RUNTIME_CHECK(result
== ISC_R_SUCCESS
);
2266 * Load zone data from disk.
2268 for (view
= ISC_LIST_HEAD(server
->viewlist
);
2270 view
= ISC_LIST_NEXT(view
, link
))
2272 CHECK(dns_view_loadnew(view
, stop
));
2275 * Force zone maintenance. Do this after loading
2276 * so that we know when we need to force AXFR of
2277 * slave zones whose master files are missing.
2279 CHECK(dns_zonemgr_forcemaint(server
->zonemgr
));
2281 isc_task_endexclusive(server
->task
);
2286 run_server(isc_task_t
*task
, isc_event_t
*event
) {
2287 isc_result_t result
;
2288 ns_server_t
*server
= (ns_server_t
*)event
->ev_arg
;
2292 isc_event_free(&event
);
2294 CHECKFATAL(dns_dispatchmgr_create(ns_g_mctx
, ns_g_entropy
,
2296 "creating dispatch manager");
2298 CHECKFATAL(ns_interfacemgr_create(ns_g_mctx
, ns_g_taskmgr
,
2299 ns_g_socketmgr
, ns_g_dispatchmgr
,
2300 &server
->interfacemgr
),
2301 "creating interface manager");
2303 CHECKFATAL(isc_timer_create(ns_g_timermgr
, isc_timertype_inactive
,
2304 NULL
, NULL
, server
->task
,
2305 interface_timer_tick
,
2306 server
, &server
->interface_timer
),
2307 "creating interface timer");
2309 CHECKFATAL(isc_timer_create(ns_g_timermgr
, isc_timertype_inactive
,
2310 NULL
, NULL
, server
->task
,
2311 heartbeat_timer_tick
,
2312 server
, &server
->heartbeat_timer
),
2313 "creating heartbeat timer");
2315 CHECKFATAL(cfg_parser_create(ns_g_mctx
, NULL
, &ns_g_parser
),
2316 "creating default configuration parser");
2318 if (ns_g_lwresdonly
)
2319 CHECKFATAL(load_configuration(lwresd_g_conffile
, server
,
2321 "loading configuration");
2323 CHECKFATAL(load_configuration(ns_g_conffile
, server
, ISC_TRUE
),
2324 "loading configuration");
2328 CHECKFATAL(load_zones(server
, ISC_FALSE
),
2331 isc_log_write(ns_g_lctx
, NS_LOGCATEGORY_GENERAL
, NS_LOGMODULE_SERVER
,
2332 ISC_LOG_INFO
, "running");
2336 ns_server_flushonshutdown(ns_server_t
*server
, isc_boolean_t flush
) {
2338 REQUIRE(NS_SERVER_VALID(server
));
2340 server
->flushonshutdown
= flush
;
2344 shutdown_server(isc_task_t
*task
, isc_event_t
*event
) {
2345 isc_result_t result
;
2346 dns_view_t
*view
, *view_next
;
2347 ns_server_t
*server
= (ns_server_t
*)event
->ev_arg
;
2348 isc_boolean_t flush
= server
->flushonshutdown
;
2351 INSIST(task
== server
->task
);
2353 result
= isc_task_beginexclusive(server
->task
);
2354 RUNTIME_CHECK(result
== ISC_R_SUCCESS
);
2356 isc_log_write(ns_g_lctx
, NS_LOGCATEGORY_GENERAL
, NS_LOGMODULE_SERVER
,
2357 ISC_LOG_INFO
, "shutting down%s",
2358 flush
? ": flushing changes" : "");
2360 ns_controls_shutdown(server
->controls
);
2361 end_reserved_dispatches(server
, ISC_TRUE
);
2363 cfg_obj_destroy(ns_g_parser
, &ns_g_config
);
2364 cfg_parser_destroy(&ns_g_parser
);
2366 for (view
= ISC_LIST_HEAD(server
->viewlist
);
2369 view_next
= ISC_LIST_NEXT(view
, link
);
2370 ISC_LIST_UNLINK(server
->viewlist
, view
, link
);
2372 dns_view_flushanddetach(&view
);
2374 dns_view_detach(&view
);
2377 isc_timer_detach(&server
->interface_timer
);
2378 isc_timer_detach(&server
->heartbeat_timer
);
2380 ns_interfacemgr_shutdown(server
->interfacemgr
);
2381 ns_interfacemgr_detach(&server
->interfacemgr
);
2383 dns_dispatchmgr_destroy(&ns_g_dispatchmgr
);
2385 dns_zonemgr_shutdown(server
->zonemgr
);
2387 if (server
->blackholeacl
!= NULL
)
2388 dns_acl_detach(&server
->blackholeacl
);
2390 dns_db_detach(&server
->in_roothints
);
2392 isc_task_endexclusive(server
->task
);
2394 isc_task_detach(&server
->task
);
2396 isc_event_free(&event
);
2400 ns_server_create(isc_mem_t
*mctx
, ns_server_t
**serverp
) {
2401 isc_result_t result
;
2403 ns_server_t
*server
= isc_mem_get(mctx
, sizeof(*server
));
2405 fatal("allocating server object", ISC_R_NOMEMORY
);
2407 server
->mctx
= mctx
;
2408 server
->task
= NULL
;
2410 /* Initialize configuration data with default values. */
2412 result
= isc_quota_init(&server
->xfroutquota
, 10);
2413 RUNTIME_CHECK(result
== ISC_R_SUCCESS
);
2414 result
= isc_quota_init(&server
->tcpquota
, 10);
2415 RUNTIME_CHECK(result
== ISC_R_SUCCESS
);
2416 result
= isc_quota_init(&server
->recursionquota
, 100);
2417 RUNTIME_CHECK(result
== ISC_R_SUCCESS
);
2419 result
= dns_aclenv_init(mctx
, &server
->aclenv
);
2420 RUNTIME_CHECK(result
== ISC_R_SUCCESS
);
2422 /* Initialize server data structures. */
2423 server
->zonemgr
= NULL
;
2424 server
->interfacemgr
= NULL
;
2425 ISC_LIST_INIT(server
->viewlist
);
2426 server
->in_roothints
= NULL
;
2427 server
->blackholeacl
= NULL
;
2429 CHECKFATAL(dns_rootns_create(mctx
, dns_rdataclass_in
, NULL
,
2430 &server
->in_roothints
),
2431 "setting up root hints");
2433 CHECKFATAL(isc_mutex_init(&server
->reload_event_lock
),
2434 "initializing reload event lock");
2435 server
->reload_event
=
2436 isc_event_allocate(ns_g_mctx
, server
,
2440 sizeof(isc_event_t
));
2441 CHECKFATAL(server
->reload_event
== NULL
?
2442 ISC_R_NOMEMORY
: ISC_R_SUCCESS
,
2443 "allocating reload event");
2445 CHECKFATAL(dst_lib_init(ns_g_mctx
, ns_g_entropy
, ISC_ENTROPY_GOODONLY
),
2446 "initializing DST");
2448 server
->tkeyctx
= NULL
;
2449 CHECKFATAL(dns_tkeyctx_create(ns_g_mctx
, ns_g_entropy
,
2451 "creating TKEY context");
2454 * Setup the server task, which is responsible for coordinating
2455 * startup and shutdown of the server.
2457 CHECKFATAL(isc_task_create(ns_g_taskmgr
, 0, &server
->task
),
2458 "creating server task");
2459 isc_task_setname(server
->task
, "server", server
);
2460 CHECKFATAL(isc_task_onshutdown(server
->task
, shutdown_server
, server
),
2461 "isc_task_onshutdown");
2462 CHECKFATAL(isc_app_onrun(ns_g_mctx
, server
->task
, run_server
, server
),
2465 server
->interface_timer
= NULL
;
2466 server
->heartbeat_timer
= NULL
;
2468 server
->interface_interval
= 0;
2469 server
->heartbeat_interval
= 0;
2471 CHECKFATAL(dns_zonemgr_create(ns_g_mctx
, ns_g_taskmgr
, ns_g_timermgr
,
2472 ns_g_socketmgr
, &server
->zonemgr
),
2473 "dns_zonemgr_create");
2475 server
->statsfile
= isc_mem_strdup(server
->mctx
, "named.stats");
2476 CHECKFATAL(server
->statsfile
== NULL
? ISC_R_NOMEMORY
: ISC_R_SUCCESS
,
2478 server
->querystats
= NULL
;
2479 CHECKFATAL(dns_stats_alloccounters(ns_g_mctx
, &server
->querystats
),
2480 "dns_stats_alloccounters");
2482 server
->dumpfile
= isc_mem_strdup(server
->mctx
, "named_dump.db");
2483 CHECKFATAL(server
->dumpfile
== NULL
? ISC_R_NOMEMORY
: ISC_R_SUCCESS
,
2486 server
->flushonshutdown
= ISC_FALSE
;
2487 server
->log_queries
= ISC_FALSE
;
2489 server
->controls
= NULL
;
2490 CHECKFATAL(ns_controls_create(server
, &server
->controls
),
2491 "ns_controls_create");
2492 server
->dispatchgen
= 0;
2493 ISC_LIST_INIT(server
->dispatches
);
2495 server
->magic
= NS_SERVER_MAGIC
;
2500 ns_server_destroy(ns_server_t
**serverp
) {
2501 ns_server_t
*server
= *serverp
;
2502 REQUIRE(NS_SERVER_VALID(server
));
2504 ns_controls_destroy(&server
->controls
);
2506 dns_stats_freecounters(server
->mctx
, &server
->querystats
);
2507 isc_mem_free(server
->mctx
, server
->statsfile
);
2509 isc_mem_free(server
->mctx
, server
->dumpfile
);
2511 dns_zonemgr_detach(&server
->zonemgr
);
2513 if (server
->tkeyctx
!= NULL
)
2514 dns_tkeyctx_destroy(&server
->tkeyctx
);
2518 isc_event_free(&server
->reload_event
);
2520 INSIST(ISC_LIST_EMPTY(server
->viewlist
));
2522 dns_aclenv_destroy(&server
->aclenv
);
2524 isc_quota_destroy(&server
->recursionquota
);
2525 isc_quota_destroy(&server
->tcpquota
);
2526 isc_quota_destroy(&server
->xfroutquota
);
2529 isc_mem_put(server
->mctx
, server
, sizeof(*server
));
2534 fatal(const char *msg
, isc_result_t result
) {
2535 isc_log_write(ns_g_lctx
, NS_LOGCATEGORY_GENERAL
, NS_LOGMODULE_SERVER
,
2536 ISC_LOG_CRITICAL
, "%s: %s", msg
,
2537 isc_result_totext(result
));
2538 isc_log_write(ns_g_lctx
, NS_LOGCATEGORY_GENERAL
, NS_LOGMODULE_SERVER
,
2539 ISC_LOG_CRITICAL
, "exiting (due to fatal error)");
2544 start_reserved_dispatches(ns_server_t
*server
) {
2546 REQUIRE(NS_SERVER_VALID(server
));
2548 server
->dispatchgen
++;
2552 end_reserved_dispatches(ns_server_t
*server
, isc_boolean_t all
) {
2553 ns_dispatch_t
*dispatch
, *nextdispatch
;
2555 REQUIRE(NS_SERVER_VALID(server
));
2557 for (dispatch
= ISC_LIST_HEAD(server
->dispatches
);
2559 dispatch
= nextdispatch
) {
2560 nextdispatch
= ISC_LIST_NEXT(dispatch
, link
);
2561 if (!all
&& server
->dispatchgen
== dispatch
-> dispatchgen
)
2563 ISC_LIST_UNLINK(server
->dispatches
, dispatch
, link
);
2564 dns_dispatch_detach(&dispatch
->dispatch
);
2565 isc_mem_put(server
->mctx
, dispatch
, sizeof(*dispatch
));
2570 ns_add_reserved_dispatch(ns_server_t
*server
, isc_sockaddr_t
*addr
) {
2571 ns_dispatch_t
*dispatch
;
2573 char addrbuf
[ISC_SOCKADDR_FORMATSIZE
];
2574 isc_result_t result
;
2575 unsigned int attrs
, attrmask
;
2577 REQUIRE(NS_SERVER_VALID(server
));
2579 port
= isc_sockaddr_getport(addr
);
2580 if (port
== 0 || port
>= 1024)
2583 for (dispatch
= ISC_LIST_HEAD(server
->dispatches
);
2585 dispatch
= ISC_LIST_NEXT(dispatch
, link
)) {
2586 if (isc_sockaddr_equal(&dispatch
->addr
, addr
))
2589 if (dispatch
!= NULL
) {
2590 dispatch
->dispatchgen
= server
->dispatchgen
;
2594 dispatch
= isc_mem_get(server
->mctx
, sizeof(*dispatch
));
2595 if (dispatch
== NULL
) {
2596 result
= ISC_R_NOMEMORY
;
2600 dispatch
->addr
= *addr
;
2601 dispatch
->dispatchgen
= server
->dispatchgen
;
2602 dispatch
->dispatch
= NULL
;
2605 attrs
|= DNS_DISPATCHATTR_UDP
;
2606 switch (isc_sockaddr_pf(addr
)) {
2608 attrs
|= DNS_DISPATCHATTR_IPV4
;
2611 attrs
|= DNS_DISPATCHATTR_IPV6
;
2614 result
= ISC_R_NOTIMPLEMENTED
;
2618 attrmask
|= DNS_DISPATCHATTR_UDP
;
2619 attrmask
|= DNS_DISPATCHATTR_TCP
;
2620 attrmask
|= DNS_DISPATCHATTR_IPV4
;
2621 attrmask
|= DNS_DISPATCHATTR_IPV6
;
2623 result
= dns_dispatch_getudp(ns_g_dispatchmgr
, ns_g_socketmgr
,
2624 ns_g_taskmgr
, &dispatch
->addr
, 4096,
2625 1000, 32768, 16411, 16433,
2626 attrs
, attrmask
, &dispatch
->dispatch
);
2627 if (result
!= ISC_R_SUCCESS
)
2630 ISC_LIST_INITANDPREPEND(server
->dispatches
, dispatch
, link
);
2635 if (dispatch
!= NULL
)
2636 isc_mem_put(server
->mctx
, dispatch
, sizeof(*dispatch
));
2637 isc_sockaddr_format(addr
, addrbuf
, sizeof(addrbuf
));
2638 isc_log_write(ns_g_lctx
, NS_LOGCATEGORY_GENERAL
,
2639 NS_LOGMODULE_SERVER
, ISC_LOG_WARNING
,
2640 "unable to create dispatch for reserved port %s: %s",
2641 addrbuf
, isc_result_totext(result
));
2646 loadconfig(ns_server_t
*server
) {
2647 isc_result_t result
;
2648 start_reserved_dispatches(server
);
2649 result
= load_configuration(ns_g_lwresdonly
?
2650 lwresd_g_conffile
: ns_g_conffile
,
2653 if (result
== ISC_R_SUCCESS
)
2654 end_reserved_dispatches(server
, ISC_FALSE
);
2656 isc_log_write(ns_g_lctx
, NS_LOGCATEGORY_GENERAL
,
2657 NS_LOGMODULE_SERVER
, ISC_LOG_ERROR
,
2658 "reloading configuration failed: %s",
2659 isc_result_totext(result
));
2664 reload(ns_server_t
*server
) {
2665 isc_result_t result
;
2666 CHECK(loadconfig(server
));
2668 result
= load_zones(server
, ISC_FALSE
);
2669 if (result
!= ISC_R_SUCCESS
) {
2670 isc_log_write(ns_g_lctx
, NS_LOGCATEGORY_GENERAL
,
2671 NS_LOGMODULE_SERVER
, ISC_LOG_ERROR
,
2672 "reloading zones failed: %s",
2673 isc_result_totext(result
));
2679 reconfig(ns_server_t
*server
) {
2680 isc_result_t result
;
2681 CHECK(loadconfig(server
));
2683 result
= load_new_zones(server
, ISC_FALSE
);
2684 if (result
!= ISC_R_SUCCESS
) {
2685 isc_log_write(ns_g_lctx
, NS_LOGCATEGORY_GENERAL
,
2686 NS_LOGMODULE_SERVER
, ISC_LOG_ERROR
,
2687 "loading new zones failed: %s",
2688 isc_result_totext(result
));
2694 * Handle a reload event (from SIGHUP).
2697 ns_server_reload(isc_task_t
*task
, isc_event_t
*event
) {
2698 ns_server_t
*server
= (ns_server_t
*)event
->ev_arg
;
2700 INSIST(task
= server
->task
);
2705 LOCK(&server
->reload_event_lock
);
2706 INSIST(server
->reload_event
== NULL
);
2707 server
->reload_event
= event
;
2708 UNLOCK(&server
->reload_event_lock
);
2712 ns_server_reloadwanted(ns_server_t
*server
) {
2713 LOCK(&server
->reload_event_lock
);
2714 if (server
->reload_event
!= NULL
)
2715 isc_task_send(server
->task
, &server
->reload_event
);
2716 UNLOCK(&server
->reload_event_lock
);
2720 next_token(char **stringp
, const char *delim
) {
2724 res
= strsep(stringp
, delim
);
2727 } while (*res
== '\0');
2732 * Find the zone specified in the control channel command 'args',
2733 * if any. If a zone is specified, point '*zonep' at it, otherwise
2734 * set '*zonep' to NULL.
2737 zone_from_args(ns_server_t
*server
, char *args
, dns_zone_t
**zonep
) {
2739 const char *zonetxt
;
2741 const char *viewtxt
= NULL
;
2742 dns_fixedname_t name
;
2743 isc_result_t result
;
2745 dns_view_t
*view
= NULL
;
2746 dns_rdataclass_t rdclass
;
2748 REQUIRE(zonep
!= NULL
&& *zonep
== NULL
);
2752 /* Skip the command name. */
2753 ptr
= next_token(&input
, " \t");
2755 return (ISC_R_UNEXPECTEDEND
);
2757 /* Look for the zone name. */
2758 zonetxt
= next_token(&input
, " \t");
2759 if (zonetxt
== NULL
)
2760 return (ISC_R_SUCCESS
);
2762 /* Look for the optional class name. */
2763 classtxt
= next_token(&input
, " \t");
2764 if (classtxt
!= NULL
) {
2765 /* Look for the optional view name. */
2766 viewtxt
= next_token(&input
, " \t");
2769 isc_buffer_init(&buf
, zonetxt
, strlen(zonetxt
));
2770 isc_buffer_add(&buf
, strlen(zonetxt
));
2771 dns_fixedname_init(&name
);
2772 result
= dns_name_fromtext(dns_fixedname_name(&name
),
2773 &buf
, dns_rootname
, ISC_FALSE
, NULL
);
2774 if (result
!= ISC_R_SUCCESS
)
2777 if (classtxt
!= NULL
) {
2780 r
.length
= strlen(classtxt
);
2781 result
= dns_rdataclass_fromtext(&rdclass
, &r
);
2782 if (result
!= ISC_R_SUCCESS
)
2785 rdclass
= dns_rdataclass_in
;
2788 if (viewtxt
== NULL
)
2789 viewtxt
= "_default";
2790 result
= dns_viewlist_find(&server
->viewlist
, viewtxt
,
2792 if (result
!= ISC_R_SUCCESS
)
2795 result
= dns_zt_find(view
->zonetable
, dns_fixedname_name(&name
),
2797 /* Partial match? */
2798 if (result
!= ISC_R_SUCCESS
&& *zonep
!= NULL
)
2799 dns_zone_detach(zonep
);
2800 dns_view_detach(&view
);
2806 * Act on a "reload" command from the command channel.
2809 ns_server_reloadcommand(ns_server_t
*server
, char *args
) {
2810 isc_result_t result
;
2811 dns_zone_t
*zone
= NULL
;
2812 dns_zonetype_t type
;
2814 result
= zone_from_args(server
, args
, &zone
);
2815 if (result
!= ISC_R_SUCCESS
)
2820 type
= dns_zone_gettype(zone
);
2821 if (type
== dns_zone_slave
|| type
== dns_zone_stub
)
2822 dns_zone_refresh(zone
);
2824 dns_zone_load(zone
);
2825 dns_zone_detach(&zone
);
2827 return (ISC_R_SUCCESS
);
2831 * Act on a "reconfig" command from the command channel.
2834 ns_server_reconfigcommand(ns_server_t
*server
, char *args
) {
2838 return (ISC_R_SUCCESS
);
2842 * Act on a "refresh" command from the command channel.
2845 ns_server_refreshcommand(ns_server_t
*server
, char *args
) {
2846 isc_result_t result
;
2847 dns_zone_t
*zone
= NULL
;
2849 result
= zone_from_args(server
, args
, &zone
);
2850 if (result
!= ISC_R_SUCCESS
)
2853 return (ISC_R_UNEXPECTEDEND
);
2855 dns_zone_refresh(zone
);
2856 dns_zone_detach(&zone
);
2858 return (ISC_R_SUCCESS
);
2862 ns_server_togglequerylog(ns_server_t
*server
) {
2863 server
->log_queries
= server
->log_queries
? ISC_FALSE
: ISC_TRUE
;
2865 isc_log_write(ns_g_lctx
, NS_LOGCATEGORY_GENERAL
,
2866 NS_LOGMODULE_SERVER
, ISC_LOG_INFO
,
2867 "query logging is now %s",
2868 server
->log_queries
? "on" : "off");
2869 return (ISC_R_SUCCESS
);
2873 ns_listenlist_fromconfig(cfg_obj_t
*listenlist
, cfg_obj_t
*config
,
2874 ns_aclconfctx_t
*actx
,
2875 isc_mem_t
*mctx
, ns_listenlist_t
**target
)
2877 isc_result_t result
;
2878 cfg_listelt_t
*element
;
2879 ns_listenlist_t
*dlist
= NULL
;
2881 REQUIRE(target
!= NULL
&& *target
== NULL
);
2883 result
= ns_listenlist_create(mctx
, &dlist
);
2884 if (result
!= ISC_R_SUCCESS
)
2887 for (element
= cfg_list_first(listenlist
);
2889 element
= cfg_list_next(element
))
2891 ns_listenelt_t
*delt
= NULL
;
2892 cfg_obj_t
*listener
= cfg_listelt_value(element
);
2893 result
= ns_listenelt_fromconfig(listener
, config
, actx
,
2895 if (result
!= ISC_R_SUCCESS
)
2897 ISC_LIST_APPEND(dlist
->elts
, delt
, link
);
2900 return (ISC_R_SUCCESS
);
2903 ns_listenlist_detach(&dlist
);
2908 * Create a listen list from the corresponding configuration
2912 ns_listenelt_fromconfig(cfg_obj_t
*listener
, cfg_obj_t
*config
,
2913 ns_aclconfctx_t
*actx
,
2914 isc_mem_t
*mctx
, ns_listenelt_t
**target
)
2916 isc_result_t result
;
2919 ns_listenelt_t
*delt
= NULL
;
2920 REQUIRE(target
!= NULL
&& *target
== NULL
);
2922 portobj
= cfg_tuple_get(listener
, "port");
2923 if (!cfg_obj_isuint32(portobj
)) {
2924 if (ns_g_port
!= 0) {
2927 result
= ns_config_getport(config
, &port
);
2928 if (result
!= ISC_R_SUCCESS
)
2932 if (cfg_obj_asuint32(portobj
) >= ISC_UINT16_MAX
) {
2933 cfg_obj_log(portobj
, ns_g_lctx
, ISC_LOG_ERROR
,
2934 "port value '%u' is out of range",
2935 cfg_obj_asuint32(portobj
));
2936 return (ISC_R_RANGE
);
2938 port
= (in_port_t
)cfg_obj_asuint32(portobj
);
2941 result
= ns_listenelt_create(mctx
, port
, NULL
, &delt
);
2942 if (result
!= ISC_R_SUCCESS
)
2945 result
= ns_acl_fromconfig(cfg_tuple_get(listener
, "acl"),
2946 config
, actx
, mctx
, &delt
->acl
);
2947 if (result
!= ISC_R_SUCCESS
) {
2948 ns_listenelt_destroy(delt
);
2952 return (ISC_R_SUCCESS
);
2956 ns_server_dumpstats(ns_server_t
*server
) {
2957 isc_result_t result
;
2958 dns_zone_t
*zone
, *next
;
2964 isc_stdtime_get(&now
);
2966 CHECKM(isc_stdio_open(server
->statsfile
, "a", &fp
),
2967 "could not open statistics dump file");
2969 ncounters
= DNS_STATS_NCOUNTERS
;
2970 fprintf(fp
, "+++ Statistics Dump +++ (%lu)\n", (unsigned long)now
);
2972 for (i
= 0; i
< ncounters
; i
++)
2973 fprintf(fp
, "%s %" ISC_PRINT_QUADFORMAT
"u\n",
2974 dns_statscounter_names
[i
],
2975 server
->querystats
[i
]);
2978 for (result
= dns_zone_first(server
->zonemgr
, &zone
);
2979 result
== ISC_R_SUCCESS
;
2980 next
= NULL
, result
= dns_zone_next(zone
, &next
), zone
= next
)
2982 isc_uint64_t
*zonestats
= dns_zone_getstatscounters(zone
);
2983 if (zonestats
!= NULL
) {
2984 char zonename
[DNS_NAME_FORMATSIZE
];
2988 dns_name_format(dns_zone_getorigin(zone
),
2989 zonename
, sizeof(zonename
));
2990 view
= dns_zone_getview(zone
);
2991 viewname
= view
->name
;
2992 for (i
= 0; i
< ncounters
; i
++) {
2993 fprintf(fp
, "%s %" ISC_PRINT_QUADFORMAT
2995 dns_statscounter_names
[i
],
2998 if (strcmp(viewname
, "_default") != 0)
2999 fprintf(fp
, " %s", viewname
);
3004 if (result
== ISC_R_NOMORE
)
3005 result
= ISC_R_SUCCESS
;
3008 fprintf(fp
, "--- Statistics Dump --- (%lu)\n", (unsigned long)now
);
3012 (void)isc_stdio_close(fp
);
3017 ns_server_dumpdb(ns_server_t
*server
) {
3020 isc_result_t result
;
3022 CHECKM(isc_stdio_open(server
->dumpfile
, "w", &fp
),
3023 "could not open dump file");
3025 for (view
= ISC_LIST_HEAD(server
->viewlist
);
3027 view
= ISC_LIST_NEXT(view
, link
))
3029 if (view
->cachedb
!= NULL
)
3030 CHECKM(dns_view_dumpdbtostream(view
, fp
),
3031 "could not dump view databases");
3035 (void)isc_stdio_close(fp
);
3040 ns_server_setdebuglevel(ns_server_t
*server
, char *args
) {
3048 /* Skip the command name. */
3049 ptr
= next_token(&args
, " \t");
3051 return (ISC_R_UNEXPECTEDEND
);
3053 /* Look for the new level name. */
3054 levelstr
= next_token(&args
, " \t");
3055 if (levelstr
== NULL
) {
3056 if (ns_g_debuglevel
< 99)
3059 newlevel
= strtol(levelstr
, &endp
, 10);
3060 if (*endp
!= '\0' || newlevel
< 0 || newlevel
> 99)
3061 return (ISC_R_RANGE
);
3062 ns_g_debuglevel
= (unsigned int)newlevel
;
3064 isc_log_setdebuglevel(ns_g_lctx
, ns_g_debuglevel
);
3065 return (ISC_R_SUCCESS
);
3069 ns_server_flushcache(ns_server_t
*server
, char *args
) {
3070 char *ptr
, *viewname
;
3072 isc_boolean_t flushed
= ISC_FALSE
;
3073 isc_result_t result
;
3075 /* Skip the command name. */
3076 ptr
= next_token(&args
, " \t");
3078 return (ISC_R_UNEXPECTEDEND
);
3080 /* Look for the view name. */
3081 viewname
= next_token(&args
, " \t");
3083 result
= isc_task_beginexclusive(server
->task
);
3084 RUNTIME_CHECK(result
== ISC_R_SUCCESS
);
3085 for (view
= ISC_LIST_HEAD(server
->viewlist
);
3087 view
= ISC_LIST_NEXT(view
, link
))
3089 if (viewname
!= NULL
&& strcasecmp(viewname
, view
->name
) != 0)
3091 result
= dns_view_flushcache(view
);
3092 if (result
!= ISC_R_SUCCESS
)
3097 result
= ISC_R_SUCCESS
;
3099 result
= ISC_R_FAILURE
;
3101 isc_task_endexclusive(server
->task
);
3106 ns_server_status(ns_server_t
*server
, isc_buffer_t
*text
) {
3107 int zonecount
, xferrunning
, xferdeferred
, soaqueries
;
3110 zonecount
= dns_zonemgr_getcount(server
->zonemgr
, DNS_ZONESTATE_ANY
);
3111 xferrunning
= dns_zonemgr_getcount(server
->zonemgr
,
3112 DNS_ZONESTATE_XFERRUNNING
);
3113 xferdeferred
= dns_zonemgr_getcount(server
->zonemgr
,
3114 DNS_ZONESTATE_XFERDEFERRED
);
3115 soaqueries
= dns_zonemgr_getcount(server
->zonemgr
,
3116 DNS_ZONESTATE_SOAQUERY
);
3117 n
= snprintf((char *)isc_buffer_used(text
),
3118 isc_buffer_availablelength(text
),
3119 "number of zones: %u\n"
3121 "xfers running: %u\n"
3122 "xfers deferred: %u\n"
3123 "soa queries in progress: %u\n"
3124 "query logging is %s\n"
3125 "server is up and running",
3126 zonecount
, ns_g_debuglevel
, xferrunning
, xferdeferred
,
3127 soaqueries
, server
->log_queries
? "ON" : "OFF");
3128 if (n
>= isc_buffer_availablelength(text
))
3129 return (ISC_R_NOSPACE
);
3130 isc_buffer_add(text
, n
);
3131 return (ISC_R_SUCCESS
);