2 * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
3 * Copyright (C) 1999-2003 Internet Software Consortium.
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15 * PERFORMANCE OF THIS SOFTWARE.
26 #include <isc/print.h>
28 #include <isc/stats.h>
29 #include <isc/string.h> /* Required for HP/UX (and others?) */
33 #include <dns/acache.h>
36 #include <dns/cache.h>
40 #include <dns/dns64.h>
42 #include <dns/dnssec.h>
43 #include <dns/events.h>
44 #include <dns/forward.h>
45 #include <dns/keytable.h>
46 #include <dns/keyvalues.h>
47 #include <dns/master.h>
48 #include <dns/masterdump.h>
49 #include <dns/order.h>
52 #include <dns/rdataset.h>
53 #include <dns/request.h>
54 #include <dns/resolver.h>
55 #include <dns/result.h>
57 #include <dns/stats.h>
62 #define RESSHUTDOWN(v) (((v)->attributes & DNS_VIEWATTR_RESSHUTDOWN) != 0)
63 #define ADBSHUTDOWN(v) (((v)->attributes & DNS_VIEWATTR_ADBSHUTDOWN) != 0)
64 #define REQSHUTDOWN(v) (((v)->attributes & DNS_VIEWATTR_REQSHUTDOWN) != 0)
66 #define DNS_VIEW_DELONLYHASH 111
68 static void resolver_shutdown(isc_task_t *task, isc_event_t *event);
69 static void adb_shutdown(isc_task_t *task, isc_event_t *event);
70 static void req_shutdown(isc_task_t *task, isc_event_t *event);
73 dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass,
74 const char *name, dns_view_t **viewp)
83 REQUIRE(name != NULL);
84 REQUIRE(viewp != NULL && *viewp == NULL);
86 view = isc_mem_get(mctx, sizeof(*view));
88 return (ISC_R_NOMEMORY);
89 view->name = isc_mem_strdup(mctx, name);
90 if (view->name == NULL) {
91 result = ISC_R_NOMEMORY;
94 result = isc_mutex_init(&view->lock);
95 if (result != ISC_R_SUCCESS)
99 view->zonetable = NULL;
100 result = dns_zt_create(mctx, rdclass, &view->zonetable);
101 if (result != ISC_R_SUCCESS) {
102 UNEXPECTED_ERROR(__FILE__, __LINE__,
103 "dns_zt_create() failed: %s",
104 isc_result_totext(result));
105 result = ISC_R_UNEXPECTED;
109 view->secroots_priv = NULL;
110 view->fwdtable = NULL;
111 result = dns_fwdtable_create(mctx, &view->fwdtable);
112 if (result != ISC_R_SUCCESS) {
113 UNEXPECTED_ERROR(__FILE__, __LINE__,
114 "dns_fwdtable_create() failed: %s",
115 isc_result_totext(result));
116 result = ISC_R_UNEXPECTED;
122 view->cachedb = NULL;
123 view->dlzdatabase = NULL;
125 view->resolver = NULL;
127 view->requestmgr = NULL;
129 view->rdclass = rdclass;
130 view->frozen = ISC_FALSE;
132 result = isc_refcount_init(&view->references, 1);
133 if (result != ISC_R_SUCCESS)
134 goto cleanup_fwdtable;
136 view->attributes = (DNS_VIEWATTR_RESSHUTDOWN|DNS_VIEWATTR_ADBSHUTDOWN|
137 DNS_VIEWATTR_REQSHUTDOWN);
138 view->statickeys = NULL;
139 view->dynamickeys = NULL;
140 view->matchclients = NULL;
141 view->matchdestinations = NULL;
142 view->matchrecursiveonly = ISC_FALSE;
143 result = dns_tsigkeyring_create(view->mctx, &view->dynamickeys);
144 if (result != ISC_R_SUCCESS)
145 goto cleanup_references;
148 view->delonly = NULL;
149 view->rootdelonly = ISC_FALSE;
150 view->rootexclude = NULL;
151 view->resstats = NULL;
152 view->resquerystats = NULL;
153 view->cacheshared = ISC_FALSE;
154 ISC_LIST_INIT(view->dns64);
158 * Initialize configuration data with default values.
160 view->recursion = ISC_TRUE;
161 view->auth_nxdomain = ISC_FALSE; /* Was true in BIND 8 */
162 view->additionalfromcache = ISC_TRUE;
163 view->additionalfromauth = ISC_TRUE;
164 view->enablednssec = ISC_TRUE;
165 view->enablevalidation = ISC_TRUE;
166 view->acceptexpired = ISC_FALSE;
167 view->minimalresponses = ISC_FALSE;
168 view->transfer_format = dns_one_answer;
169 view->cacheacl = NULL;
170 view->cacheonacl = NULL;
171 view->queryacl = NULL;
172 view->queryonacl = NULL;
173 view->recursionacl = NULL;
174 view->recursiononacl = NULL;
175 view->sortlist = NULL;
176 view->transferacl = NULL;
177 view->notifyacl = NULL;
178 view->updateacl = NULL;
179 view->upfwdacl = NULL;
180 view->denyansweracl = NULL;
181 view->answeracl_exclude = NULL;
182 view->denyanswernames = NULL;
183 view->answernames_exclude = NULL;
184 view->requestixfr = ISC_TRUE;
185 view->provideixfr = ISC_TRUE;
186 view->maxcachettl = 7 * 24 * 3600;
187 view->maxncachettl = 3 * 3600;
189 view->preferred_glue = 0;
190 view->flush = ISC_FALSE;
193 view->v4_aaaa = dns_v4_aaaa_ok;
194 view->v4_aaaa_acl = NULL;
195 ISC_LIST_INIT(view->rpz_zones);
196 view->rpz_recursive_only = ISC_TRUE;
197 view->rpz_break_dnssec = ISC_FALSE;
198 dns_fixedname_init(&view->dlv_fixed);
199 view->managed_keys = NULL;
201 view->new_zone_file = NULL;
202 view->new_zone_config = NULL;
203 view->cfg_destroy = NULL;
205 result = dns_order_create(view->mctx, &view->order);
206 if (result != ISC_R_SUCCESS)
207 goto cleanup_dynkeys;
210 result = dns_peerlist_new(view->mctx, &view->peers);
211 if (result != ISC_R_SUCCESS)
214 result = dns_aclenv_init(view->mctx, &view->aclenv);
215 if (result != ISC_R_SUCCESS)
216 goto cleanup_peerlist;
218 ISC_LINK_INIT(view, link);
219 ISC_EVENT_INIT(&view->resevent, sizeof(view->resevent), 0, NULL,
220 DNS_EVENT_VIEWRESSHUTDOWN, resolver_shutdown,
221 view, NULL, NULL, NULL);
222 ISC_EVENT_INIT(&view->adbevent, sizeof(view->adbevent), 0, NULL,
223 DNS_EVENT_VIEWADBSHUTDOWN, adb_shutdown,
224 view, NULL, NULL, NULL);
225 ISC_EVENT_INIT(&view->reqevent, sizeof(view->reqevent), 0, NULL,
226 DNS_EVENT_VIEWREQSHUTDOWN, req_shutdown,
227 view, NULL, NULL, NULL);
228 view->magic = DNS_VIEW_MAGIC;
232 return (ISC_R_SUCCESS);
235 dns_peerlist_detach(&view->peers);
239 dns_order_detach(&view->order);
243 dns_tsigkeyring_detach(&view->dynamickeys);
246 isc_refcount_destroy(&view->references);
249 dns_fwdtable_destroy(&view->fwdtable);
253 dns_zt_detach(&view->zonetable);
257 DESTROYLOCK(&view->lock);
260 isc_mem_free(mctx, view->name);
263 isc_mem_put(mctx, view, sizeof(*view));
269 destroy(dns_view_t *view) {
274 REQUIRE(!ISC_LINK_LINKED(view, link));
275 REQUIRE(isc_refcount_current(&view->references) == 0);
276 REQUIRE(view->weakrefs == 0);
277 REQUIRE(RESSHUTDOWN(view));
278 REQUIRE(ADBSHUTDOWN(view));
279 REQUIRE(REQSHUTDOWN(view));
282 if (view->order != NULL)
283 dns_order_detach(&view->order);
285 if (view->peers != NULL)
286 dns_peerlist_detach(&view->peers);
288 if (view->dynamickeys != NULL) {
295 n = snprintf(keyfile, sizeof(keyfile), "%s.tsigkeys",
297 if (n > 0 && (size_t)n < sizeof(keyfile)) {
298 result = isc_file_mktemplate(keyfile, template,
300 if (result == ISC_R_SUCCESS)
301 (void)isc_file_openuniqueprivate(template, &fp);
304 dns_tsigkeyring_detach(&view->dynamickeys);
306 result = dns_tsigkeyring_dumpanddetach(
307 &view->dynamickeys, fp);
308 if (result == ISC_R_SUCCESS) {
310 result = isc_file_rename(template,
312 if (result != ISC_R_SUCCESS)
313 (void)remove(template);
316 (void)remove(template);
320 if (view->statickeys != NULL)
321 dns_tsigkeyring_detach(&view->statickeys);
322 if (view->adb != NULL)
323 dns_adb_detach(&view->adb);
324 if (view->resolver != NULL)
325 dns_resolver_detach(&view->resolver);
327 if (view->acache != NULL) {
328 if (view->cachedb != NULL)
329 dns_acache_putdb(view->acache, view->cachedb);
330 dns_acache_detach(&view->acache);
332 dns_rpz_view_destroy(view);
334 INSIST(view->acache == NULL);
335 INSIST(ISC_LIST_EMPTY(view->rpz_zones));
337 if (view->requestmgr != NULL)
338 dns_requestmgr_detach(&view->requestmgr);
339 if (view->task != NULL)
340 isc_task_detach(&view->task);
341 if (view->hints != NULL)
342 dns_db_detach(&view->hints);
343 if (view->dlzdatabase != NULL)
344 dns_dlzdestroy(&view->dlzdatabase);
345 if (view->cachedb != NULL)
346 dns_db_detach(&view->cachedb);
347 if (view->cache != NULL)
348 dns_cache_detach(&view->cache);
349 if (view->matchclients != NULL)
350 dns_acl_detach(&view->matchclients);
351 if (view->matchdestinations != NULL)
352 dns_acl_detach(&view->matchdestinations);
353 if (view->cacheacl != NULL)
354 dns_acl_detach(&view->cacheacl);
355 if (view->cacheonacl != NULL)
356 dns_acl_detach(&view->cacheonacl);
357 if (view->queryacl != NULL)
358 dns_acl_detach(&view->queryacl);
359 if (view->queryonacl != NULL)
360 dns_acl_detach(&view->queryonacl);
361 if (view->recursionacl != NULL)
362 dns_acl_detach(&view->recursionacl);
363 if (view->recursiononacl != NULL)
364 dns_acl_detach(&view->recursiononacl);
365 if (view->sortlist != NULL)
366 dns_acl_detach(&view->sortlist);
367 if (view->transferacl != NULL)
368 dns_acl_detach(&view->transferacl);
369 if (view->notifyacl != NULL)
370 dns_acl_detach(&view->notifyacl);
371 if (view->updateacl != NULL)
372 dns_acl_detach(&view->updateacl);
373 if (view->upfwdacl != NULL)
374 dns_acl_detach(&view->upfwdacl);
375 if (view->denyansweracl != NULL)
376 dns_acl_detach(&view->denyansweracl);
377 if (view->v4_aaaa_acl != NULL)
378 dns_acl_detach(&view->v4_aaaa_acl);
379 if (view->answeracl_exclude != NULL)
380 dns_rbt_destroy(&view->answeracl_exclude);
381 if (view->denyanswernames != NULL)
382 dns_rbt_destroy(&view->denyanswernames);
383 if (view->answernames_exclude != NULL)
384 dns_rbt_destroy(&view->answernames_exclude);
385 if (view->delonly != NULL) {
389 for (i = 0; i < DNS_VIEW_DELONLYHASH; i++) {
390 name = ISC_LIST_HEAD(view->delonly[i]);
391 while (name != NULL) {
392 ISC_LIST_UNLINK(view->delonly[i], name, link);
393 dns_name_free(name, view->mctx);
394 isc_mem_put(view->mctx, name, sizeof(*name));
395 name = ISC_LIST_HEAD(view->delonly[i]);
398 isc_mem_put(view->mctx, view->delonly, sizeof(dns_namelist_t) *
399 DNS_VIEW_DELONLYHASH);
400 view->delonly = NULL;
402 if (view->rootexclude != NULL) {
406 for (i = 0; i < DNS_VIEW_DELONLYHASH; i++) {
407 name = ISC_LIST_HEAD(view->rootexclude[i]);
408 while (name != NULL) {
409 ISC_LIST_UNLINK(view->rootexclude[i],
411 dns_name_free(name, view->mctx);
412 isc_mem_put(view->mctx, name, sizeof(*name));
413 name = ISC_LIST_HEAD(view->rootexclude[i]);
416 isc_mem_put(view->mctx, view->rootexclude,
417 sizeof(dns_namelist_t) * DNS_VIEW_DELONLYHASH);
418 view->rootexclude = NULL;
420 if (view->resstats != NULL)
421 isc_stats_detach(&view->resstats);
422 if (view->resquerystats != NULL)
423 dns_stats_detach(&view->resquerystats);
424 if (view->secroots_priv != NULL)
425 dns_keytable_detach(&view->secroots_priv);
427 for (dns64 = ISC_LIST_HEAD(view->dns64);
429 dns64 = ISC_LIST_HEAD(view->dns64)) {
430 dns_dns64_unlink(&view->dns64, dns64);
431 dns_dns64_destroy(&dns64);
433 if (view->managed_keys != NULL)
434 dns_zone_detach(&view->managed_keys);
435 dns_view_setnewzones(view, ISC_FALSE, NULL, NULL);
437 dns_fwdtable_destroy(&view->fwdtable);
438 dns_aclenv_destroy(&view->aclenv);
439 DESTROYLOCK(&view->lock);
440 isc_refcount_destroy(&view->references);
441 isc_mem_free(view->mctx, view->name);
442 isc_mem_put(view->mctx, view, sizeof(*view));
446 * Return true iff 'view' may be freed.
447 * The caller must be holding the view lock.
450 all_done(dns_view_t *view) {
452 if (isc_refcount_current(&view->references) == 0 &&
453 view->weakrefs == 0 &&
454 RESSHUTDOWN(view) && ADBSHUTDOWN(view) && REQSHUTDOWN(view))
461 dns_view_attach(dns_view_t *source, dns_view_t **targetp) {
463 REQUIRE(DNS_VIEW_VALID(source));
464 REQUIRE(targetp != NULL && *targetp == NULL);
466 isc_refcount_increment(&source->references, NULL);
472 view_flushanddetach(dns_view_t **viewp, isc_boolean_t flush) {
475 isc_boolean_t done = ISC_FALSE;
477 REQUIRE(viewp != NULL);
479 REQUIRE(DNS_VIEW_VALID(view));
482 view->flush = ISC_TRUE;
483 isc_refcount_decrement(&view->references, &refs);
486 if (!RESSHUTDOWN(view))
487 dns_resolver_shutdown(view->resolver);
488 if (!ADBSHUTDOWN(view))
489 dns_adb_shutdown(view->adb);
490 if (!REQSHUTDOWN(view))
491 dns_requestmgr_shutdown(view->requestmgr);
493 if (view->acache != NULL)
494 dns_acache_shutdown(view->acache);
496 dns_zt_flushanddetach(&view->zonetable);
498 dns_zt_detach(&view->zonetable);
499 if (view->managed_keys != NULL) {
501 dns_zone_flush(view->managed_keys);
502 dns_zone_detach(&view->managed_keys);
505 done = all_done(view);
516 dns_view_flushanddetach(dns_view_t **viewp) {
517 view_flushanddetach(viewp, ISC_TRUE);
521 dns_view_detach(dns_view_t **viewp) {
522 view_flushanddetach(viewp, ISC_FALSE);
527 dialup(dns_zone_t *zone, void *dummy) {
529 dns_zone_dialup(zone);
530 return (ISC_R_SUCCESS);
534 dns_view_dialup(dns_view_t *view) {
535 REQUIRE(DNS_VIEW_VALID(view));
536 (void)dns_zt_apply(view->zonetable, ISC_FALSE, dialup, NULL);
541 dns_view_weakattach(dns_view_t *source, dns_view_t **targetp) {
543 REQUIRE(DNS_VIEW_VALID(source));
544 REQUIRE(targetp != NULL && *targetp == NULL);
548 UNLOCK(&source->lock);
554 dns_view_weakdetach(dns_view_t **viewp) {
556 isc_boolean_t done = ISC_FALSE;
558 REQUIRE(viewp != NULL);
560 REQUIRE(DNS_VIEW_VALID(view));
564 INSIST(view->weakrefs > 0);
566 done = all_done(view);
577 resolver_shutdown(isc_task_t *task, isc_event_t *event) {
578 dns_view_t *view = event->ev_arg;
581 REQUIRE(event->ev_type == DNS_EVENT_VIEWRESSHUTDOWN);
582 REQUIRE(DNS_VIEW_VALID(view));
583 REQUIRE(view->task == task);
589 view->attributes |= DNS_VIEWATTR_RESSHUTDOWN;
590 done = all_done(view);
594 isc_event_free(&event);
601 adb_shutdown(isc_task_t *task, isc_event_t *event) {
602 dns_view_t *view = event->ev_arg;
605 REQUIRE(event->ev_type == DNS_EVENT_VIEWADBSHUTDOWN);
606 REQUIRE(DNS_VIEW_VALID(view));
607 REQUIRE(view->task == task);
613 view->attributes |= DNS_VIEWATTR_ADBSHUTDOWN;
614 done = all_done(view);
618 isc_event_free(&event);
625 req_shutdown(isc_task_t *task, isc_event_t *event) {
626 dns_view_t *view = event->ev_arg;
629 REQUIRE(event->ev_type == DNS_EVENT_VIEWREQSHUTDOWN);
630 REQUIRE(DNS_VIEW_VALID(view));
631 REQUIRE(view->task == task);
637 view->attributes |= DNS_VIEWATTR_REQSHUTDOWN;
638 done = all_done(view);
642 isc_event_free(&event);
649 dns_view_createresolver(dns_view_t *view,
650 isc_taskmgr_t *taskmgr, unsigned int ntasks,
651 isc_socketmgr_t *socketmgr,
652 isc_timermgr_t *timermgr,
653 unsigned int options,
654 dns_dispatchmgr_t *dispatchmgr,
655 dns_dispatch_t *dispatchv4,
656 dns_dispatch_t *dispatchv6)
660 isc_mem_t *mctx = NULL;
662 REQUIRE(DNS_VIEW_VALID(view));
663 REQUIRE(!view->frozen);
664 REQUIRE(view->resolver == NULL);
666 result = isc_task_create(taskmgr, 0, &view->task);
667 if (result != ISC_R_SUCCESS)
669 isc_task_setname(view->task, "view", view);
671 result = dns_resolver_create(view, taskmgr, ntasks, socketmgr,
672 timermgr, options, dispatchmgr,
673 dispatchv4, dispatchv6,
675 if (result != ISC_R_SUCCESS) {
676 isc_task_detach(&view->task);
679 event = &view->resevent;
680 dns_resolver_whenshutdown(view->resolver, view->task, &event);
681 view->attributes &= ~DNS_VIEWATTR_RESSHUTDOWN;
683 result = isc_mem_create(0, 0, &mctx);
684 if (result != ISC_R_SUCCESS) {
685 dns_resolver_shutdown(view->resolver);
689 result = dns_adb_create(mctx, view, timermgr, taskmgr, &view->adb);
690 isc_mem_setname(mctx, "ADB", NULL);
691 isc_mem_detach(&mctx);
692 if (result != ISC_R_SUCCESS) {
693 dns_resolver_shutdown(view->resolver);
696 event = &view->adbevent;
697 dns_adb_whenshutdown(view->adb, view->task, &event);
698 view->attributes &= ~DNS_VIEWATTR_ADBSHUTDOWN;
700 result = dns_requestmgr_create(view->mctx, timermgr, socketmgr,
701 dns_resolver_taskmgr(view->resolver),
702 dns_resolver_dispatchmgr(view->resolver),
703 dns_resolver_dispatchv4(view->resolver),
704 dns_resolver_dispatchv6(view->resolver),
706 if (result != ISC_R_SUCCESS) {
707 dns_adb_shutdown(view->adb);
708 dns_resolver_shutdown(view->resolver);
711 event = &view->reqevent;
712 dns_requestmgr_whenshutdown(view->requestmgr, view->task, &event);
713 view->attributes &= ~DNS_VIEWATTR_REQSHUTDOWN;
715 return (ISC_R_SUCCESS);
719 dns_view_setcache(dns_view_t *view, dns_cache_t *cache) {
720 dns_view_setcache2(view, cache, ISC_FALSE);
724 dns_view_setcache2(dns_view_t *view, dns_cache_t *cache, isc_boolean_t shared) {
725 REQUIRE(DNS_VIEW_VALID(view));
726 REQUIRE(!view->frozen);
728 view->cacheshared = shared;
729 if (view->cache != NULL) {
731 if (view->acache != NULL)
732 dns_acache_putdb(view->acache, view->cachedb);
734 dns_db_detach(&view->cachedb);
735 dns_cache_detach(&view->cache);
737 dns_cache_attach(cache, &view->cache);
738 dns_cache_attachdb(cache, &view->cachedb);
739 INSIST(DNS_DB_VALID(view->cachedb));
742 if (view->acache != NULL)
743 dns_acache_setdb(view->acache, view->cachedb);
748 dns_view_iscacheshared(dns_view_t *view) {
749 REQUIRE(DNS_VIEW_VALID(view));
751 return (view->cacheshared);
755 dns_view_sethints(dns_view_t *view, dns_db_t *hints) {
756 REQUIRE(DNS_VIEW_VALID(view));
757 REQUIRE(!view->frozen);
758 REQUIRE(view->hints == NULL);
759 REQUIRE(dns_db_iszone(hints));
761 dns_db_attach(hints, &view->hints);
765 dns_view_setkeyring(dns_view_t *view, dns_tsig_keyring_t *ring) {
766 REQUIRE(DNS_VIEW_VALID(view));
767 REQUIRE(ring != NULL);
768 if (view->statickeys != NULL)
769 dns_tsigkeyring_detach(&view->statickeys);
770 dns_tsigkeyring_attach(ring, &view->statickeys);
774 dns_view_setdynamickeyring(dns_view_t *view, dns_tsig_keyring_t *ring) {
775 REQUIRE(DNS_VIEW_VALID(view));
776 REQUIRE(ring != NULL);
777 if (view->dynamickeys != NULL)
778 dns_tsigkeyring_detach(&view->dynamickeys);
779 dns_tsigkeyring_attach(ring, &view->dynamickeys);
783 dns_view_getdynamickeyring(dns_view_t *view, dns_tsig_keyring_t **ringp) {
784 REQUIRE(DNS_VIEW_VALID(view));
785 REQUIRE(ringp != NULL && *ringp == NULL);
786 if (view->dynamickeys != NULL)
787 dns_tsigkeyring_attach(view->dynamickeys, ringp);
791 dns_view_restorekeyring(dns_view_t *view) {
796 REQUIRE(DNS_VIEW_VALID(view));
798 if (view->dynamickeys != NULL) {
799 n = snprintf(keyfile, sizeof(keyfile), "%s.tsigkeys",
801 if (n > 0 && (size_t)n < sizeof(keyfile)) {
802 fp = fopen(keyfile, "r");
804 dns_keyring_restore(view->dynamickeys, fp);
812 dns_view_setdstport(dns_view_t *view, in_port_t dstport) {
813 REQUIRE(DNS_VIEW_VALID(view));
814 view->dstport = dstport;
818 dns_view_freeze(dns_view_t *view) {
819 REQUIRE(DNS_VIEW_VALID(view));
820 REQUIRE(!view->frozen);
822 if (view->resolver != NULL) {
823 INSIST(view->cachedb != NULL);
824 dns_resolver_freeze(view->resolver);
826 view->frozen = ISC_TRUE;
831 dns_view_thaw(dns_view_t *view) {
832 REQUIRE(DNS_VIEW_VALID(view));
833 REQUIRE(view->frozen);
835 view->frozen = ISC_FALSE;
839 dns_view_addzone(dns_view_t *view, dns_zone_t *zone) {
842 REQUIRE(DNS_VIEW_VALID(view));
843 REQUIRE(!view->frozen);
845 result = dns_zt_mount(view->zonetable, zone);
853 dns_view_findzone(dns_view_t *view, dns_name_t *name, dns_zone_t **zonep) {
856 REQUIRE(DNS_VIEW_VALID(view));
858 result = dns_zt_find(view->zonetable, name, 0, NULL, zonep);
859 if (result == DNS_R_PARTIALMATCH) {
860 dns_zone_detach(zonep);
861 result = ISC_R_NOTFOUND;
869 dns_view_find(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type,
870 isc_stdtime_t now, unsigned int options, isc_boolean_t use_hints,
871 dns_db_t **dbp, dns_dbnode_t **nodep, dns_name_t *foundname,
872 dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset) {
873 return (dns_view_find2(view, name, type, now, options, use_hints,
874 ISC_FALSE, dbp, nodep, foundname, rdataset,
879 dns_view_find2(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type,
880 isc_stdtime_t now, unsigned int options,
881 isc_boolean_t use_hints, isc_boolean_t use_static_stub,
882 dns_db_t **dbp, dns_dbnode_t **nodep, dns_name_t *foundname,
883 dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset)
887 dns_dbnode_t *node, *znode;
888 isc_boolean_t is_cache, is_staticstub_zone;
889 dns_rdataset_t zrdataset, zsigrdataset;
894 UNUSED(use_static_stub);
898 * Find an rdataset whose owner name is 'name', and whose type is
902 REQUIRE(DNS_VIEW_VALID(view));
903 REQUIRE(view->frozen);
904 REQUIRE(type != dns_rdatatype_rrsig);
905 REQUIRE(rdataset != NULL); /* XXXBEW - remove this */
906 REQUIRE(nodep == NULL || *nodep == NULL);
911 dns_rdataset_init(&zrdataset);
912 dns_rdataset_init(&zsigrdataset);
917 * Find a database to answer the query.
922 is_staticstub_zone = ISC_FALSE;
924 result = dns_zt_find(view->zonetable, name, 0, NULL, &zone);
925 if (zone != NULL && dns_zone_gettype(zone) == dns_zone_staticstub &&
927 result = ISC_R_NOTFOUND;
929 if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH) {
930 result = dns_zone_getdb(zone, &db);
931 if (result != ISC_R_SUCCESS && view->cachedb != NULL)
932 dns_db_attach(view->cachedb, &db);
933 else if (result != ISC_R_SUCCESS)
935 if (dns_zone_gettype(zone) == dns_zone_staticstub &&
936 dns_name_equal(name, dns_zone_getorigin(zone))) {
937 is_staticstub_zone = ISC_TRUE;
939 } else if (result == ISC_R_NOTFOUND && view->cachedb != NULL)
940 dns_db_attach(view->cachedb, &db);
942 result = ISC_R_NOTFOUND;
943 if (view->cachedb != NULL)
944 dns_db_attach(view->cachedb, &db);
949 is_cache = dns_db_iscache(db);
953 * Now look for an answer in the database.
955 result = dns_db_find(db, name, NULL, type, options,
956 now, &node, foundname, rdataset, sigrdataset);
958 if (result == DNS_R_DELEGATION || result == ISC_R_NOTFOUND) {
959 if (dns_rdataset_isassociated(rdataset))
960 dns_rdataset_disassociate(rdataset);
961 if (sigrdataset != NULL &&
962 dns_rdataset_isassociated(sigrdataset))
963 dns_rdataset_disassociate(sigrdataset);
965 dns_db_detachnode(db, &node);
968 if (view->cachedb != NULL && !is_staticstub_zone) {
970 * Either the answer is in the cache, or we
972 * Note that if the result comes from a
973 * static-stub zone we stop the search here
974 * (see the function description in view.h).
977 dns_db_attach(view->cachedb, &db);
982 * We don't have the data in the cache. If we've got
983 * glue from the zone, use it.
985 if (dns_rdataset_isassociated(&zrdataset)) {
986 dns_rdataset_clone(&zrdataset, rdataset);
987 if (sigrdataset != NULL &&
988 dns_rdataset_isassociated(&zsigrdataset))
989 dns_rdataset_clone(&zsigrdataset,
994 dns_db_attach(zdb, &db);
995 dns_db_attachnode(db, znode, &node);
1000 * We don't know the answer.
1002 result = ISC_R_NOTFOUND;
1003 } else if (result == DNS_R_GLUE) {
1004 if (view->cachedb != NULL && !is_staticstub_zone) {
1006 * We found an answer, but the cache may be better.
1007 * Remember what we've got and go look in the cache.
1009 is_cache = ISC_TRUE;
1010 dns_rdataset_clone(rdataset, &zrdataset);
1011 dns_rdataset_disassociate(rdataset);
1012 if (sigrdataset != NULL &&
1013 dns_rdataset_isassociated(sigrdataset)) {
1014 dns_rdataset_clone(sigrdataset, &zsigrdataset);
1015 dns_rdataset_disassociate(sigrdataset);
1017 dns_db_attach(db, &zdb);
1018 dns_db_attachnode(zdb, node, &znode);
1019 dns_db_detachnode(db, &node);
1021 dns_db_attach(view->cachedb, &db);
1025 * Otherwise, the glue is the best answer.
1027 result = ISC_R_SUCCESS;
1031 if (result == ISC_R_NOTFOUND && use_hints && view->hints != NULL) {
1032 if (dns_rdataset_isassociated(rdataset))
1033 dns_rdataset_disassociate(rdataset);
1034 if (sigrdataset != NULL &&
1035 dns_rdataset_isassociated(sigrdataset))
1036 dns_rdataset_disassociate(sigrdataset);
1039 dns_db_detachnode(db, &node);
1042 result = dns_db_find(view->hints, name, NULL, type, options,
1043 now, &node, foundname,
1044 rdataset, sigrdataset);
1045 if (result == ISC_R_SUCCESS || result == DNS_R_GLUE) {
1047 * We just used a hint. Let the resolver know it
1048 * should consider priming.
1050 dns_resolver_prime(view->resolver);
1051 dns_db_attach(view->hints, &db);
1052 result = DNS_R_HINT;
1053 } else if (result == DNS_R_NXRRSET) {
1054 dns_db_attach(view->hints, &db);
1055 result = DNS_R_HINTNXRRSET;
1056 } else if (result == DNS_R_NXDOMAIN)
1057 result = ISC_R_NOTFOUND;
1060 * Cleanup if non-standard hints are used.
1062 if (db == NULL && node != NULL)
1063 dns_db_detachnode(view->hints, &node);
1068 if (dns_rdataset_isassociated(&zrdataset)) {
1069 dns_rdataset_disassociate(&zrdataset);
1070 if (dns_rdataset_isassociated(&zsigrdataset))
1071 dns_rdataset_disassociate(&zsigrdataset);
1076 dns_db_detachnode(zdb, &znode);
1077 dns_db_detach(&zdb);
1085 dns_db_detachnode(db, &node);
1092 INSIST(node == NULL);
1096 dns_zone_detach(&zone);
1103 dns_view_simplefind(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type,
1104 isc_stdtime_t now, unsigned int options,
1105 isc_boolean_t use_hints,
1106 dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset)
1108 isc_result_t result;
1109 dns_fixedname_t foundname;
1111 dns_fixedname_init(&foundname);
1112 result = dns_view_find(view, name, type, now, options, use_hints,
1113 NULL, NULL, dns_fixedname_name(&foundname),
1114 rdataset, sigrdataset);
1115 if (result == DNS_R_NXDOMAIN) {
1117 * The rdataset and sigrdataset of the relevant NSEC record
1118 * may be returned, but the caller cannot use them because
1119 * foundname is not returned by this simplified API. We
1120 * disassociate them here to prevent any misuse by the caller.
1122 if (dns_rdataset_isassociated(rdataset))
1123 dns_rdataset_disassociate(rdataset);
1124 if (sigrdataset != NULL &&
1125 dns_rdataset_isassociated(sigrdataset))
1126 dns_rdataset_disassociate(sigrdataset);
1127 } else if (result != ISC_R_SUCCESS &&
1128 result != DNS_R_GLUE &&
1129 result != DNS_R_HINT &&
1130 result != DNS_R_NCACHENXDOMAIN &&
1131 result != DNS_R_NCACHENXRRSET &&
1132 result != DNS_R_NXRRSET &&
1133 result != DNS_R_HINTNXRRSET &&
1134 result != ISC_R_NOTFOUND) {
1135 if (dns_rdataset_isassociated(rdataset))
1136 dns_rdataset_disassociate(rdataset);
1137 if (sigrdataset != NULL &&
1138 dns_rdataset_isassociated(sigrdataset))
1139 dns_rdataset_disassociate(sigrdataset);
1140 result = ISC_R_NOTFOUND;
1147 dns_view_findzonecut(dns_view_t *view, dns_name_t *name, dns_name_t *fname,
1148 isc_stdtime_t now, unsigned int options,
1149 isc_boolean_t use_hints,
1150 dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset)
1152 return(dns_view_findzonecut2(view, name, fname, now, options,
1153 use_hints, ISC_TRUE,
1154 rdataset, sigrdataset));
1158 dns_view_findzonecut2(dns_view_t *view, dns_name_t *name, dns_name_t *fname,
1159 isc_stdtime_t now, unsigned int options,
1160 isc_boolean_t use_hints, isc_boolean_t use_cache,
1161 dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset)
1163 isc_result_t result;
1165 isc_boolean_t is_cache, use_zone, try_hints;
1168 dns_rdataset_t zrdataset, zsigrdataset;
1169 dns_fixedname_t zfixedname;
1171 REQUIRE(DNS_VIEW_VALID(view));
1172 REQUIRE(view->frozen);
1176 use_zone = ISC_FALSE;
1177 try_hints = ISC_FALSE;
1183 dns_fixedname_init(&zfixedname);
1184 dns_rdataset_init(&zrdataset);
1185 dns_rdataset_init(&zsigrdataset);
1188 * Find the right database.
1191 result = dns_zt_find(view->zonetable, name, 0, NULL, &zone);
1192 if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH)
1193 result = dns_zone_getdb(zone, &db);
1195 result = ISC_R_NOTFOUND;
1197 if (result == ISC_R_NOTFOUND) {
1199 * We're not directly authoritative for this query name, nor
1200 * is it a subdomain of any zone for which we're
1203 if (use_cache && view->cachedb != NULL) {
1205 * We have a cache; try it.
1207 dns_db_attach(view->cachedb, &db);
1210 * Maybe we have hints...
1212 try_hints = ISC_TRUE;
1215 } else if (result != ISC_R_SUCCESS) {
1217 * Something is broken.
1221 is_cache = dns_db_iscache(db);
1225 * Look for the zonecut.
1228 result = dns_db_find(db, name, NULL, dns_rdatatype_ns, options,
1229 now, NULL, fname, rdataset, sigrdataset);
1230 if (result == DNS_R_DELEGATION)
1231 result = ISC_R_SUCCESS;
1232 else if (result != ISC_R_SUCCESS)
1234 if (use_cache && view->cachedb != NULL && db != view->hints) {
1236 * We found an answer, but the cache may be better.
1238 zfname = dns_fixedname_name(&zfixedname);
1239 result = dns_name_copy(fname, zfname, NULL);
1240 if (result != ISC_R_SUCCESS)
1242 dns_rdataset_clone(rdataset, &zrdataset);
1243 dns_rdataset_disassociate(rdataset);
1244 if (sigrdataset != NULL &&
1245 dns_rdataset_isassociated(sigrdataset)) {
1246 dns_rdataset_clone(sigrdataset, &zsigrdataset);
1247 dns_rdataset_disassociate(sigrdataset);
1250 dns_db_attach(view->cachedb, &db);
1251 is_cache = ISC_TRUE;
1255 result = dns_db_findzonecut(db, name, options, now, NULL,
1256 fname, rdataset, sigrdataset);
1257 if (result == ISC_R_SUCCESS) {
1258 if (zfname != NULL &&
1259 (!dns_name_issubdomain(fname, zfname) ||
1260 (dns_zone_staticstub &&
1261 dns_name_equal(fname, zfname)))) {
1263 * We found a zonecut in the cache, but our
1264 * zone delegation is better.
1266 use_zone = ISC_TRUE;
1268 } else if (result == ISC_R_NOTFOUND) {
1269 if (zfname != NULL) {
1271 * We didn't find anything in the cache, but we
1272 * have a zone delegation, so use it.
1274 use_zone = ISC_TRUE;
1277 * Maybe we have hints...
1279 try_hints = ISC_TRUE;
1283 * Something bad happened.
1291 if (dns_rdataset_isassociated(rdataset)) {
1292 dns_rdataset_disassociate(rdataset);
1293 if (sigrdataset != NULL &&
1294 dns_rdataset_isassociated(sigrdataset))
1295 dns_rdataset_disassociate(sigrdataset);
1297 result = dns_name_copy(zfname, fname, NULL);
1298 if (result != ISC_R_SUCCESS)
1300 dns_rdataset_clone(&zrdataset, rdataset);
1301 if (sigrdataset != NULL &&
1302 dns_rdataset_isassociated(&zrdataset))
1303 dns_rdataset_clone(&zsigrdataset, sigrdataset);
1304 } else if (try_hints && use_hints && view->hints != NULL) {
1306 * We've found nothing so far, but we have hints.
1308 result = dns_db_find(view->hints, dns_rootname, NULL,
1309 dns_rdatatype_ns, 0, now, NULL, fname,
1311 if (result != ISC_R_SUCCESS) {
1313 * We can't even find the hints for the root
1316 if (dns_rdataset_isassociated(rdataset))
1317 dns_rdataset_disassociate(rdataset);
1318 result = ISC_R_NOTFOUND;
1323 if (dns_rdataset_isassociated(&zrdataset)) {
1324 dns_rdataset_disassociate(&zrdataset);
1325 if (dns_rdataset_isassociated(&zsigrdataset))
1326 dns_rdataset_disassociate(&zsigrdataset);
1332 dns_zone_detach(&zone);
1339 dns_viewlist_find(dns_viewlist_t *list, const char *name,
1340 dns_rdataclass_t rdclass, dns_view_t **viewp)
1344 REQUIRE(list != NULL);
1346 for (view = ISC_LIST_HEAD(*list);
1348 view = ISC_LIST_NEXT(view, link)) {
1349 if (strcmp(view->name, name) == 0 && view->rdclass == rdclass)
1353 return (ISC_R_NOTFOUND);
1355 dns_view_attach(view, viewp);
1357 return (ISC_R_SUCCESS);
1362 dns_viewlist_findzone(dns_viewlist_t *list, dns_name_t *name,
1363 isc_boolean_t allclasses, dns_rdataclass_t rdclass,
1367 isc_result_t result;
1368 dns_zone_t *zone1 = NULL, *zone2 = NULL;
1369 dns_zone_t **zp = NULL;;
1371 REQUIRE(list != NULL);
1372 for (view = ISC_LIST_HEAD(*list);
1374 view = ISC_LIST_NEXT(view, link)) {
1375 if (allclasses == ISC_FALSE && view->rdclass != rdclass)
1379 * If the zone is defined in more than one view,
1380 * treat it as not found.
1382 zp = (zone1 == NULL) ? &zone1 : &zone2;
1383 result = dns_zt_find(view->zonetable, name, 0, NULL, zp);
1384 INSIST(result == ISC_R_SUCCESS ||
1385 result == ISC_R_NOTFOUND ||
1386 result == DNS_R_PARTIALMATCH);
1388 /* Treat a partial match as no match */
1389 if (result == DNS_R_PARTIALMATCH) {
1390 dns_zone_detach(zp);
1391 result = ISC_R_NOTFOUND;
1395 if (zone2 != NULL) {
1396 dns_zone_detach(&zone1);
1397 dns_zone_detach(&zone2);
1398 return (ISC_R_NOTFOUND);
1402 if (zone1 != NULL) {
1403 dns_zone_attach(zone1, zonep);
1404 dns_zone_detach(&zone1);
1405 return (ISC_R_SUCCESS);
1408 return (ISC_R_NOTFOUND);
1412 dns_view_load(dns_view_t *view, isc_boolean_t stop) {
1414 REQUIRE(DNS_VIEW_VALID(view));
1416 return (dns_zt_load(view->zonetable, stop));
1420 dns_view_loadnew(dns_view_t *view, isc_boolean_t stop) {
1422 REQUIRE(DNS_VIEW_VALID(view));
1424 return (dns_zt_loadnew(view->zonetable, stop));
1429 dns_view_gettsig(dns_view_t *view, dns_name_t *keyname, dns_tsigkey_t **keyp)
1431 isc_result_t result;
1432 REQUIRE(keyp != NULL && *keyp == NULL);
1434 result = dns_tsigkey_find(keyp, keyname, NULL,
1436 if (result == ISC_R_NOTFOUND)
1437 result = dns_tsigkey_find(keyp, keyname, NULL,
1443 dns_view_getpeertsig(dns_view_t *view, isc_netaddr_t *peeraddr,
1444 dns_tsigkey_t **keyp)
1446 isc_result_t result;
1447 dns_name_t *keyname = NULL;
1448 dns_peer_t *peer = NULL;
1450 result = dns_peerlist_peerbyaddr(view->peers, peeraddr, &peer);
1451 if (result != ISC_R_SUCCESS)
1454 result = dns_peer_getkey(peer, &keyname);
1455 if (result != ISC_R_SUCCESS)
1458 result = dns_view_gettsig(view, keyname, keyp);
1459 return ((result == ISC_R_NOTFOUND) ? ISC_R_FAILURE : result);
1463 dns_view_checksig(dns_view_t *view, isc_buffer_t *source, dns_message_t *msg) {
1464 REQUIRE(DNS_VIEW_VALID(view));
1465 REQUIRE(source != NULL);
1467 return (dns_tsig_verify(source, msg, view->statickeys,
1468 view->dynamickeys));
1473 dns_view_dumpdbtostream(dns_view_t *view, FILE *fp) {
1474 isc_result_t result;
1476 REQUIRE(DNS_VIEW_VALID(view));
1478 (void)fprintf(fp, ";\n; Cache dump of view '%s'\n;\n", view->name);
1479 result = dns_master_dumptostream(view->mctx, view->cachedb, NULL,
1480 &dns_master_style_cache, fp);
1481 if (result != ISC_R_SUCCESS)
1483 dns_adb_dump(view->adb, fp);
1484 dns_resolver_printbadcache(view->resolver, fp);
1485 return (ISC_R_SUCCESS);
1490 dns_view_flushcache(dns_view_t *view) {
1491 return (dns_view_flushcache2(view, ISC_FALSE));
1495 dns_view_flushcache2(dns_view_t *view, isc_boolean_t fixuponly) {
1496 isc_result_t result;
1498 REQUIRE(DNS_VIEW_VALID(view));
1500 if (view->cachedb == NULL)
1501 return (ISC_R_SUCCESS);
1503 result = dns_cache_flush(view->cache);
1504 if (result != ISC_R_SUCCESS)
1508 if (view->acache != NULL)
1509 dns_acache_putdb(view->acache, view->cachedb);
1511 dns_db_detach(&view->cachedb);
1512 dns_cache_attachdb(view->cache, &view->cachedb);
1514 if (view->acache != NULL)
1515 dns_acache_setdb(view->acache, view->cachedb);
1516 if (view->resolver != NULL)
1517 dns_resolver_flushbadcache(view->resolver, NULL);
1520 dns_adb_flush(view->adb);
1521 return (ISC_R_SUCCESS);
1525 dns_view_flushname(dns_view_t *view, dns_name_t *name) {
1527 REQUIRE(DNS_VIEW_VALID(view));
1529 if (view->adb != NULL)
1530 dns_adb_flushname(view->adb, name);
1531 if (view->cache == NULL)
1532 return (ISC_R_SUCCESS);
1533 if (view->resolver != NULL)
1534 dns_resolver_flushbadcache(view->resolver, name);
1535 return (dns_cache_flushname(view->cache, name));
1539 dns_view_adddelegationonly(dns_view_t *view, dns_name_t *name) {
1540 isc_result_t result;
1544 REQUIRE(DNS_VIEW_VALID(view));
1546 if (view->delonly == NULL) {
1547 view->delonly = isc_mem_get(view->mctx,
1548 sizeof(dns_namelist_t) *
1549 DNS_VIEW_DELONLYHASH);
1550 if (view->delonly == NULL)
1551 return (ISC_R_NOMEMORY);
1552 for (hash = 0; hash < DNS_VIEW_DELONLYHASH; hash++)
1553 ISC_LIST_INIT(view->delonly[hash]);
1555 hash = dns_name_hash(name, ISC_FALSE) % DNS_VIEW_DELONLYHASH;
1556 new = ISC_LIST_HEAD(view->delonly[hash]);
1557 while (new != NULL && !dns_name_equal(new, name))
1558 new = ISC_LIST_NEXT(new, link);
1560 return (ISC_R_SUCCESS);
1561 new = isc_mem_get(view->mctx, sizeof(*new));
1563 return (ISC_R_NOMEMORY);
1564 dns_name_init(new, NULL);
1565 result = dns_name_dup(name, view->mctx, new);
1566 if (result == ISC_R_SUCCESS)
1567 ISC_LIST_APPEND(view->delonly[hash], new, link);
1569 isc_mem_put(view->mctx, new, sizeof(*new));
1574 dns_view_excludedelegationonly(dns_view_t *view, dns_name_t *name) {
1575 isc_result_t result;
1579 REQUIRE(DNS_VIEW_VALID(view));
1581 if (view->rootexclude == NULL) {
1582 view->rootexclude = isc_mem_get(view->mctx,
1583 sizeof(dns_namelist_t) *
1584 DNS_VIEW_DELONLYHASH);
1585 if (view->rootexclude == NULL)
1586 return (ISC_R_NOMEMORY);
1587 for (hash = 0; hash < DNS_VIEW_DELONLYHASH; hash++)
1588 ISC_LIST_INIT(view->rootexclude[hash]);
1590 hash = dns_name_hash(name, ISC_FALSE) % DNS_VIEW_DELONLYHASH;
1591 new = ISC_LIST_HEAD(view->rootexclude[hash]);
1592 while (new != NULL && !dns_name_equal(new, name))
1593 new = ISC_LIST_NEXT(new, link);
1595 return (ISC_R_SUCCESS);
1596 new = isc_mem_get(view->mctx, sizeof(*new));
1598 return (ISC_R_NOMEMORY);
1599 dns_name_init(new, NULL);
1600 result = dns_name_dup(name, view->mctx, new);
1601 if (result == ISC_R_SUCCESS)
1602 ISC_LIST_APPEND(view->rootexclude[hash], new, link);
1604 isc_mem_put(view->mctx, new, sizeof(*new));
1609 dns_view_isdelegationonly(dns_view_t *view, dns_name_t *name) {
1613 REQUIRE(DNS_VIEW_VALID(view));
1615 if (!view->rootdelonly && view->delonly == NULL)
1618 hash = dns_name_hash(name, ISC_FALSE) % DNS_VIEW_DELONLYHASH;
1619 if (view->rootdelonly && dns_name_countlabels(name) <= 2) {
1620 if (view->rootexclude == NULL)
1622 new = ISC_LIST_HEAD(view->rootexclude[hash]);
1623 while (new != NULL && !dns_name_equal(new, name))
1624 new = ISC_LIST_NEXT(new, link);
1629 if (view->delonly == NULL)
1632 new = ISC_LIST_HEAD(view->delonly[hash]);
1633 while (new != NULL && !dns_name_equal(new, name))
1634 new = ISC_LIST_NEXT(new, link);
1641 dns_view_setrootdelonly(dns_view_t *view, isc_boolean_t value) {
1642 REQUIRE(DNS_VIEW_VALID(view));
1643 view->rootdelonly = value;
1647 dns_view_getrootdelonly(dns_view_t *view) {
1648 REQUIRE(DNS_VIEW_VALID(view));
1649 return (view->rootdelonly);
1654 dns_view_freezezones(dns_view_t *view, isc_boolean_t value) {
1655 REQUIRE(DNS_VIEW_VALID(view));
1656 return (dns_zt_freezezones(view->zonetable, value));
1661 dns_view_setresstats(dns_view_t *view, isc_stats_t *stats) {
1662 REQUIRE(DNS_VIEW_VALID(view));
1663 REQUIRE(!view->frozen);
1664 REQUIRE(view->resstats == NULL);
1666 isc_stats_attach(stats, &view->resstats);
1670 dns_view_getresstats(dns_view_t *view, isc_stats_t **statsp) {
1671 REQUIRE(DNS_VIEW_VALID(view));
1672 REQUIRE(statsp != NULL && *statsp == NULL);
1674 if (view->resstats != NULL)
1675 isc_stats_attach(view->resstats, statsp);
1679 dns_view_setresquerystats(dns_view_t *view, dns_stats_t *stats) {
1680 REQUIRE(DNS_VIEW_VALID(view));
1681 REQUIRE(!view->frozen);
1682 REQUIRE(view->resquerystats == NULL);
1684 dns_stats_attach(stats, &view->resquerystats);
1688 dns_view_getresquerystats(dns_view_t *view, dns_stats_t **statsp) {
1689 REQUIRE(DNS_VIEW_VALID(view));
1690 REQUIRE(statsp != NULL && *statsp == NULL);
1692 if (view->resquerystats != NULL)
1693 dns_stats_attach(view->resquerystats, statsp);
1697 dns_view_initsecroots(dns_view_t *view, isc_mem_t *mctx) {
1698 REQUIRE(DNS_VIEW_VALID(view));
1699 if (view->secroots_priv != NULL)
1700 dns_keytable_detach(&view->secroots_priv);
1701 return (dns_keytable_create(mctx, &view->secroots_priv));
1705 dns_view_getsecroots(dns_view_t *view, dns_keytable_t **ktp) {
1706 REQUIRE(DNS_VIEW_VALID(view));
1707 REQUIRE(ktp != NULL && *ktp == NULL);
1708 if (view->secroots_priv == NULL)
1709 return (ISC_R_NOTFOUND);
1710 dns_keytable_attach(view->secroots_priv, ktp);
1711 return (ISC_R_SUCCESS);
1715 dns_view_issecuredomain(dns_view_t *view, dns_name_t *name,
1716 isc_boolean_t *secure_domain) {
1717 REQUIRE(DNS_VIEW_VALID(view));
1719 if (view->secroots_priv == NULL)
1720 return (ISC_R_NOTFOUND);
1721 return (dns_keytable_issecuredomain(view->secroots_priv, name,
1726 dns_view_untrust(dns_view_t *view, dns_name_t *keyname,
1727 dns_rdata_dnskey_t *dnskey, isc_mem_t *mctx)
1729 isc_result_t result;
1730 unsigned char data[4096];
1731 dns_rdata_t rdata = DNS_RDATA_INIT;
1732 isc_buffer_t buffer;
1733 dst_key_t *key = NULL;
1734 dns_keytable_t *sr = NULL;
1737 * Clear the revoke bit, if set, so that the key will match what's
1740 dnskey->flags &= ~DNS_KEYFLAG_REVOKE;
1742 /* Convert dnskey to DST key. */
1743 isc_buffer_init(&buffer, data, sizeof(data));
1744 dns_rdata_fromstruct(&rdata, dnskey->common.rdclass,
1745 dns_rdatatype_dnskey, dnskey, &buffer);
1746 result = dns_dnssec_keyfromrdata(keyname, &rdata, mctx, &key);
1747 if (result != ISC_R_SUCCESS)
1749 result = dns_view_getsecroots(view, &sr);
1750 if (result == ISC_R_SUCCESS) {
1751 dns_keytable_deletekeynode(sr, key);
1752 dns_keytable_detach(&sr);
1760 dns_view_setnewzones(dns_view_t *view, isc_boolean_t allow, void *cfgctx,
1761 void (*cfg_destroy)(void **))
1763 REQUIRE(DNS_VIEW_VALID(view));
1764 REQUIRE((cfgctx != NULL && cfg_destroy != NULL) || !allow);
1767 if (view->new_zone_file != NULL) {
1768 isc_mem_free(view->mctx, view->new_zone_file);
1769 view->new_zone_file = NULL;
1772 if (view->new_zone_config != NULL) {
1773 view->cfg_destroy(&view->new_zone_config);
1774 view->cfg_destroy = NULL;
1778 char buffer[ISC_SHA256_DIGESTSTRINGLENGTH + sizeof(NZF)];
1779 isc_sha256_data((void *)view->name, strlen(view->name), buffer);
1780 /* Truncate the hash at 16 chars; full length is overkill */
1781 isc_string_printf(buffer + 16, sizeof(NZF), "%s", NZF);
1782 view->new_zone_file = isc_mem_strdup(view->mctx, buffer);
1783 view->new_zone_config = cfgctx;
1784 view->cfg_destroy = cfg_destroy;
1789 UNUSED(cfg_destroy);