2 * Copyright (C) 2004-2013, 2015 Internet Systems Consortium, Inc. ("ISC")
3 * Copyright (C) 1999-2003 Internet Software Consortium.
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15 * PERFORMANCE OF THIS SOFTWARE.
23 /*! \file dns/zone.h */
31 #include <isc/formatcheck.h>
33 #include <isc/rwlock.h>
35 #include <dns/master.h>
36 #include <dns/masterdump.h>
37 #include <dns/rdatastruct.h>
39 #include <dns/types.h>
54 dns_zonestat_none = 0,
57 } dns_zonestat_level_t;
59 #define DNS_ZONEOPT_SERVERS 0x00000001U /*%< perform server checks */
60 #define DNS_ZONEOPT_PARENTS 0x00000002U /*%< perform parent checks */
61 #define DNS_ZONEOPT_CHILDREN 0x00000004U /*%< perform child checks */
62 #define DNS_ZONEOPT_NOTIFY 0x00000008U /*%< perform NOTIFY */
63 #define DNS_ZONEOPT_MANYERRORS 0x00000010U /*%< return many errors on load */
64 #define DNS_ZONEOPT_IXFRFROMDIFFS 0x00000020U /*%< calculate differences */
65 #define DNS_ZONEOPT_NOMERGE 0x00000040U /*%< don't merge journal */
66 #define DNS_ZONEOPT_CHECKNS 0x00000080U /*%< check if NS's are addresses */
67 #define DNS_ZONEOPT_FATALNS 0x00000100U /*%< DNS_ZONEOPT_CHECKNS is fatal */
68 #define DNS_ZONEOPT_MULTIMASTER 0x00000200U /*%< this zone has multiple masters */
69 #define DNS_ZONEOPT_USEALTXFRSRC 0x00000400U /*%< use alternate transfer sources */
70 #define DNS_ZONEOPT_CHECKNAMES 0x00000800U /*%< check-names */
71 #define DNS_ZONEOPT_CHECKNAMESFAIL 0x00001000U /*%< fatal check-name failures */
72 #define DNS_ZONEOPT_CHECKWILDCARD 0x00002000U /*%< check for internal wildcards */
73 #define DNS_ZONEOPT_CHECKMX 0x00004000U /*%< check-mx */
74 #define DNS_ZONEOPT_CHECKMXFAIL 0x00008000U /*%< fatal check-mx failures */
75 #define DNS_ZONEOPT_CHECKINTEGRITY 0x00010000U /*%< perform integrity checks */
76 #define DNS_ZONEOPT_CHECKSIBLING 0x00020000U /*%< perform sibling glue checks */
77 #define DNS_ZONEOPT_NOCHECKNS 0x00040000U /*%< disable IN NS address checks */
78 #define DNS_ZONEOPT_WARNMXCNAME 0x00080000U /*%< warn on MX CNAME check */
79 #define DNS_ZONEOPT_IGNOREMXCNAME 0x00100000U /*%< ignore MX CNAME check */
80 #define DNS_ZONEOPT_WARNSRVCNAME 0x00200000U /*%< warn on SRV CNAME check */
81 #define DNS_ZONEOPT_IGNORESRVCNAME 0x00400000U /*%< ignore SRV CNAME check */
82 #define DNS_ZONEOPT_UPDATECHECKKSK 0x00800000U /*%< check dnskey KSK flag */
83 #define DNS_ZONEOPT_TRYTCPREFRESH 0x01000000U /*%< try tcp refresh on udp failure */
84 #define DNS_ZONEOPT_NOTIFYTOSOA 0x02000000U /*%< Notify the SOA MNAME */
85 #define DNS_ZONEOPT_NSEC3TESTZONE 0x04000000U /*%< nsec3-test-zone */
86 #define DNS_ZONEOPT_SECURETOINSECURE 0x08000000U /*%< dnssec-secure-to-insecure */
87 #define DNS_ZONEOPT_DNSKEYKSKONLY 0x10000000U /*%< dnssec-dnskey-kskonly */
88 #define DNS_ZONEOPT_CHECKDUPRR 0x20000000U /*%< check-dup-records */
89 #define DNS_ZONEOPT_CHECKDUPRRFAIL 0x40000000U /*%< fatal check-dup-records failures */
90 #define DNS_ZONEOPT_CHECKSPF 0x80000000U /*%< check SPF records */
92 #ifndef NOMINUM_PUBLIC
94 * Nominum specific options build down.
96 #define DNS_ZONEOPT_NOTIFYFORWARD 0x80000000U /* forward notify to master */
97 #endif /* NOMINUM_PUBLIC */
100 * Zone key maintenance options
102 #define DNS_ZONEKEY_ALLOW 0x00000001U /*%< fetch keys on command */
103 #define DNS_ZONEKEY_MAINTAIN 0x00000002U /*%< publish/sign on schedule */
104 #define DNS_ZONEKEY_CREATE 0x00000004U /*%< make keys when needed */
105 #define DNS_ZONEKEY_FULLSIGN 0x00000008U /*%< roll to new keys immediately */
106 #define DNS_ZONEKEY_NORESIGN 0x00000010U /*%< no automatic resigning */
108 #ifndef DNS_ZONE_MINREFRESH
109 #define DNS_ZONE_MINREFRESH 300 /*%< 5 minutes */
111 #ifndef DNS_ZONE_MAXREFRESH
112 #define DNS_ZONE_MAXREFRESH 2419200 /*%< 4 weeks */
114 #ifndef DNS_ZONE_DEFAULTREFRESH
115 #define DNS_ZONE_DEFAULTREFRESH 3600 /*%< 1 hour */
117 #ifndef DNS_ZONE_MINRETRY
118 #define DNS_ZONE_MINRETRY 300 /*%< 5 minutes */
120 #ifndef DNS_ZONE_MAXRETRY
121 #define DNS_ZONE_MAXRETRY 1209600 /*%< 2 weeks */
123 #ifndef DNS_ZONE_DEFAULTRETRY
124 #define DNS_ZONE_DEFAULTRETRY 60 /*%< 1 minute, subject to
125 exponential backoff */
128 #define DNS_ZONESTATE_XFERRUNNING 1
129 #define DNS_ZONESTATE_XFERDEFERRED 2
130 #define DNS_ZONESTATE_SOAQUERY 3
131 #define DNS_ZONESTATE_ANY 4
140 dns_zone_create(dns_zone_t **zonep, isc_mem_t *mctx);
142 * Creates a new empty zone and attach '*zonep' to it.
145 *\li 'zonep' to point to a NULL pointer.
146 *\li 'mctx' to be a valid memory context.
149 *\li '*zonep' refers to a valid zone.
154 *\li #ISC_R_UNEXPECTED
158 dns_zone_setclass(dns_zone_t *zone, dns_rdataclass_t rdclass);
160 * Sets the class of a zone. This operation can only be performed
164 *\li 'zone' to be a valid zone.
165 *\li dns_zone_setclass() not to have been called since the zone was
167 *\li 'rdclass' != dns_rdataclass_none.
171 dns_zone_getclass(dns_zone_t *zone);
173 * Returns the current zone class.
176 *\li 'zone' to be a valid zone.
180 dns_zone_getserial2(dns_zone_t *zone, isc_uint32_t *serialp);
183 dns_zone_getserial(dns_zone_t *zone);
185 * Returns the current serial number of the zone. On success, the SOA
186 * serial of the zone will be copied into '*serialp'.
187 * dns_zone_getserial() cannot catch failure cases and is deprecated by
188 * dns_zone_getserial2().
191 *\li 'zone' to be a valid zone.
192 *\li 'serialp' to be non NULL
196 *\li #DNS_R_NOTLOADED zone DB is not loaded
200 dns_zone_settype(dns_zone_t *zone, dns_zonetype_t type);
202 * Sets the zone type. This operation can only be performed once on
206 *\li 'zone' to be a valid zone.
207 *\li dns_zone_settype() not to have been called since the zone was
209 *\li 'type' != dns_zone_none
213 dns_zone_setview(dns_zone_t *zone, dns_view_t *view);
215 * Associate the zone with a view.
218 *\li 'zone' to be a valid zone.
222 dns_zone_getview(dns_zone_t *zone);
224 * Returns the zone's associated view.
227 *\li 'zone' to be a valid zone.
231 dns_zone_setorigin(dns_zone_t *zone, const dns_name_t *origin);
233 * Sets the zones origin to 'origin'.
236 *\li 'zone' to be a valid zone.
237 *\li 'origin' to be non NULL.
245 dns_zone_getorigin(dns_zone_t *zone);
247 * Returns the value of the origin.
250 *\li 'zone' to be a valid zone.
254 dns_zone_setfile(dns_zone_t *zone, const char *file);
257 dns_zone_setfile2(dns_zone_t *zone, const char *file,
258 dns_masterformat_t format);
260 * Sets the name of the master file in the format of 'format' from which
261 * the zone loads its database to 'file'.
263 * For zones that have no associated master file, 'file' will be NULL.
265 * For zones with persistent databases, the file name
266 * setting is ignored.
268 * dns_zone_setfile() is a backward-compatible form of
269 * dns_zone_setfile2(), which always specifies the
270 * dns_masterformat_text (RFC1035) format.
273 *\li 'zone' to be a valid zone.
281 dns_zone_getfile(dns_zone_t *zone);
283 * Gets the name of the zone's master file, if any.
286 *\li 'zone' to be valid initialised zone.
289 *\li Pointer to null-terminated file name, or NULL.
293 dns_zone_load(dns_zone_t *zone);
296 dns_zone_loadnew(dns_zone_t *zone);
299 dns_zone_loadandthaw(dns_zone_t *zone);
302 * Cause the database to be loaded from its backing store.
303 * Confirm that the minimum requirements for the zone type are
304 * met, otherwise DNS_R_BADZONE is returned.
306 * dns_zone_loadnew() only loads zones that are not yet loaded.
307 * dns_zone_load() also loads zones that are already loaded and
308 * and whose master file has changed since the last load.
309 * dns_zone_loadandthaw() is similar to dns_zone_load() but will
310 * also re-enable DNS UPDATEs when the load completes.
313 *\li 'zone' to be a valid zone.
316 *\li #ISC_R_UNEXPECTED
318 *\li DNS_R_CONTINUE Incremental load has been queued.
319 *\li DNS_R_UPTODATE The zone has already been loaded based on
320 * file system timestamps.
322 *\li Any result value from dns_db_load().
326 dns_zone_asyncload(dns_zone_t *zone, dns_zt_zoneloaded_t done, void *arg);
328 * Cause the database to be loaded from its backing store asynchronously.
329 * Other zone maintenance functions are suspended until this is complete.
330 * When finished, 'done' is called to inform the caller, with 'arg' as
331 * its first argument and 'zone' as its second. (Normally, 'arg' is
332 * expected to point to the zone table but is left undefined for testing
336 *\li 'zone' to be a valid zone.
339 *\li #ISC_R_ALREADYRUNNING
346 dns__zone_loadpending(dns_zone_t *zone);
348 * Indicates whether the zone is waiting to be loaded asynchronously.
349 * (Not currently intended for use outside of this module and associated
354 dns_zone_attach(dns_zone_t *source, dns_zone_t **target);
356 * Attach '*target' to 'source' incrementing its external
360 *\li 'zone' to be a valid zone.
361 *\li 'target' to be non NULL and '*target' to be NULL.
365 dns_zone_detach(dns_zone_t **zonep);
367 * Detach from a zone decrementing its external reference count.
368 * If this was the last external reference to the zone it will be
369 * shut down and eventually freed.
372 *\li 'zonep' to point to a valid zone.
376 dns_zone_iattach(dns_zone_t *source, dns_zone_t **target);
378 * Attach '*target' to 'source' incrementing its internal
379 * reference count. This is intended for use by operations
380 * such as zone transfers that need to prevent the zone
381 * object from being freed but not from shutting down.
384 *\li The caller is running in the context of the zone's task.
385 *\li 'zone' to be a valid zone.
386 *\li 'target' to be non NULL and '*target' to be NULL.
390 dns_zone_idetach(dns_zone_t **zonep);
392 * Detach from a zone decrementing its internal reference count.
393 * If there are no more internal or external references to the
394 * zone, it will be freed.
397 *\li The caller is running in the context of the zone's task.
398 *\li 'zonep' to point to a valid zone.
402 dns_zone_setflag(dns_zone_t *zone, unsigned int flags, isc_boolean_t value);
404 * Sets ('value' == 'ISC_TRUE') / clears ('value' == 'IS_FALSE')
405 * zone flags. Valid flag bits are DNS_ZONE_F_*.
408 *\li 'zone' to be a valid zone.
412 dns_zone_getdb(dns_zone_t *zone, dns_db_t **dbp);
414 * Attach '*dbp' to the database to if it exists otherwise
415 * return DNS_R_NOTLOADED.
418 *\li 'zone' to be a valid zone.
419 *\li 'dbp' to be != NULL && '*dbp' == NULL.
427 dns_zone_setdb(dns_zone_t *zone, dns_db_t *db);
429 * Sets the zone database to 'db'.
431 * This function is expected to be used to configure a zone with a
432 * database which is not loaded from a file or zone transfer.
433 * It can be used for a general purpose zone, but right now its use
434 * is limited to static-stub zones to avoid possible undiscovered
435 * problems in the general cases.
438 *\li 'zone' to be a valid zone of static-stub.
439 *\li zone doesn't have a database.
443 dns_zone_setdbtype(dns_zone_t *zone,
444 unsigned int dbargc, const char * const *dbargv);
446 * Sets the database type to dbargv[0] and database arguments
447 * to subsequent dbargv elements.
448 * 'db_type' is not checked to see if it is a valid database type.
451 *\li 'zone' to be a valid zone.
452 *\li 'database' to be non NULL.
453 *\li 'dbargc' to be >= 1
454 *\li 'dbargv' to point to dbargc NULL-terminated strings
462 dns_zone_getdbtype(dns_zone_t *zone, char ***argv, isc_mem_t *mctx);
464 * Returns the current dbtype. isc_mem_free() should be used
465 * to free 'argv' after use.
468 *\li 'zone' to be a valid zone.
469 *\li 'argv' to be non NULL and *argv to be NULL.
470 *\li 'mctx' to be valid.
478 dns_zone_markdirty(dns_zone_t *zone);
480 * Mark a zone as 'dirty'.
483 *\li 'zone' to be a valid zone.
487 dns_zone_expire(dns_zone_t *zone);
489 * Mark the zone as expired. If the zone requires dumping cause it to
490 * be initiated. Set the refresh and retry intervals to there default
491 * values and unload the zone.
494 *\li 'zone' to be a valid zone.
498 dns_zone_refresh(dns_zone_t *zone);
500 * Initiate zone up to date checks. The zone must already be being
504 *\li 'zone' to be a valid zone.
508 dns_zone_flush(dns_zone_t *zone);
510 * Write the zone to database if there are uncommitted changes.
513 *\li 'zone' to be a valid zone.
517 dns_zone_dump(dns_zone_t *zone);
519 * Write the zone to database.
522 *\li 'zone' to be a valid zone.
526 dns_zone_dumptostream(dns_zone_t *zone, FILE *fd);
529 dns_zone_dumptostream2(dns_zone_t *zone, FILE *fd, dns_masterformat_t format,
530 const dns_master_style_t *style);
532 dns_zone_dumptostream3(dns_zone_t *zone, FILE *fd, dns_masterformat_t format,
533 const dns_master_style_t *style,
534 const isc_uint32_t rawversion);
536 * Write the zone to stream 'fd' in the specified 'format'.
537 * If the 'format' is dns_masterformat_text (RFC1035), 'style' also
538 * specifies the file style (e.g., &dns_master_style_default).
540 * dns_zone_dumptostream() is a backward-compatible form of
541 * dns_zone_dumptostream2(), which always uses the dns_masterformat_text
542 * format and the dns_master_style_default style.
544 * dns_zone_dumptostream2() is a backward-compatible form of
545 * dns_zone_dumptostream3(), which always uses the current
546 * default raw file format version.
548 * Note that dns_zone_dumptostream3() is the most flexible form. It
549 * can also provide the functionality of dns_zone_fulldumptostream().
552 *\li 'zone' to be a valid zone.
553 *\li 'fd' to be a stream open for writing.
557 dns_zone_fulldumptostream(dns_zone_t *zone, FILE *fd);
559 * The same as dns_zone_dumptostream, but dumps the zone with
560 * different dump settings (dns_master_style_full).
563 *\li 'zone' to be a valid zone.
564 *\li 'fd' to be a stream open for writing.
568 dns_zone_maintenance(dns_zone_t *zone);
570 * Perform regular maintenance on the zone. This is called as a
571 * result of a zone being managed.
574 *\li 'zone' to be a valid zone.
578 dns_zone_setmasters(dns_zone_t *zone, const isc_sockaddr_t *masters,
581 dns_zone_setmasterswithkeys(dns_zone_t *zone,
582 const isc_sockaddr_t *masters,
583 dns_name_t **keynames,
586 * Set the list of master servers for the zone.
589 *\li 'zone' to be a valid zone.
590 *\li 'masters' array of isc_sockaddr_t with port set or NULL.
591 *\li 'count' the number of masters.
592 *\li 'keynames' array of dns_name_t's for tsig keys or NULL.
594 * \li dns_zone_setmasters() is just a wrapper to setmasterswithkeys(),
595 * passing NULL in the keynames field.
597 * \li If 'masters' is NULL then 'count' must be zero.
602 *\li Any result dns_name_dup() can return, if keynames!=NULL
606 dns_zone_setalsonotify(dns_zone_t *zone, const isc_sockaddr_t *notify,
609 dns_zone_setalsonotifywithkeys(dns_zone_t *zone, const isc_sockaddr_t *notify,
610 dns_name_t **keynames, isc_uint32_t count);
612 * Set the list of additional servers to be notified when
613 * a zone changes. To clear the list use 'count = 0'.
615 * dns_zone_alsonotifywithkeys() allows each notify address to
616 * be associated with a TSIG key.
619 *\li 'zone' to be a valid zone.
620 *\li 'notify' to be non-NULL if count != 0.
621 *\li 'count' to be the number of notifiees.
629 dns_zone_unload(dns_zone_t *zone);
631 * detach the database from the zone structure.
634 *\li 'zone' to be a valid zone.
638 dns_zone_setoption(dns_zone_t *zone, unsigned int option, isc_boolean_t value);
640 * Set given options on ('value' == ISC_TRUE) or off ('value' ==
644 *\li 'zone' to be a valid zone.
648 dns_zone_getoptions(dns_zone_t *zone);
650 * Returns the current zone options.
653 *\li 'zone' to be a valid zone.
657 dns_zone_setkeyopt(dns_zone_t *zone, unsigned int option, isc_boolean_t value);
659 * Set key options on ('value' == ISC_TRUE) or off ('value' ==
663 *\li 'zone' to be a valid zone.
667 dns_zone_getkeyopts(dns_zone_t *zone);
669 * Returns the current zone key options.
672 *\li 'zone' to be a valid zone.
676 dns_zone_setminrefreshtime(dns_zone_t *zone, isc_uint32_t val);
678 * Set the minimum refresh time.
681 *\li 'zone' is valid.
686 dns_zone_setmaxrefreshtime(dns_zone_t *zone, isc_uint32_t val);
688 * Set the maximum refresh time.
691 *\li 'zone' is valid.
696 dns_zone_setminretrytime(dns_zone_t *zone, isc_uint32_t val);
698 * Set the minimum retry time.
701 *\li 'zone' is valid.
706 dns_zone_setmaxretrytime(dns_zone_t *zone, isc_uint32_t val);
708 * Set the maximum retry time.
711 *\li 'zone' is valid.
716 dns_zone_setxfrsource4(dns_zone_t *zone, const isc_sockaddr_t *xfrsource);
718 dns_zone_setaltxfrsource4(dns_zone_t *zone,
719 const isc_sockaddr_t *xfrsource);
721 * Set the source address to be used in IPv4 zone transfers.
724 *\li 'zone' to be a valid zone.
725 *\li 'xfrsource' to contain the address.
732 dns_zone_getxfrsource4(dns_zone_t *zone);
734 dns_zone_getaltxfrsource4(dns_zone_t *zone);
736 * Returns the source address set by a previous dns_zone_setxfrsource4
737 * call, or the default of inaddr_any, port 0.
740 *\li 'zone' to be a valid zone.
744 dns_zone_setxfrsource6(dns_zone_t *zone, const isc_sockaddr_t *xfrsource);
746 dns_zone_setaltxfrsource6(dns_zone_t *zone,
747 const isc_sockaddr_t *xfrsource);
749 * Set the source address to be used in IPv6 zone transfers.
752 *\li 'zone' to be a valid zone.
753 *\li 'xfrsource' to contain the address.
760 dns_zone_getxfrsource6(dns_zone_t *zone);
762 dns_zone_getaltxfrsource6(dns_zone_t *zone);
764 * Returns the source address set by a previous dns_zone_setxfrsource6
765 * call, or the default of in6addr_any, port 0.
768 *\li 'zone' to be a valid zone.
772 dns_zone_setnotifysrc4(dns_zone_t *zone, const isc_sockaddr_t *notifysrc);
774 * Set the source address to be used with IPv4 NOTIFY messages.
777 *\li 'zone' to be a valid zone.
778 *\li 'notifysrc' to contain the address.
785 dns_zone_getnotifysrc4(dns_zone_t *zone);
787 * Returns the source address set by a previous dns_zone_setnotifysrc4
788 * call, or the default of inaddr_any, port 0.
791 *\li 'zone' to be a valid zone.
795 dns_zone_setnotifysrc6(dns_zone_t *zone, const isc_sockaddr_t *notifysrc);
797 * Set the source address to be used with IPv6 NOTIFY messages.
800 *\li 'zone' to be a valid zone.
801 *\li 'notifysrc' to contain the address.
808 dns_zone_getnotifysrc6(dns_zone_t *zone);
810 * Returns the source address set by a previous dns_zone_setnotifysrc6
811 * call, or the default of in6addr_any, port 0.
814 *\li 'zone' to be a valid zone.
818 dns_zone_setnotifyacl(dns_zone_t *zone, dns_acl_t *acl);
820 * Sets the notify acl list for the zone.
823 *\li 'zone' to be a valid zone.
824 *\li 'acl' to be a valid acl.
828 dns_zone_setqueryacl(dns_zone_t *zone, dns_acl_t *acl);
830 * Sets the query acl list for the zone.
833 *\li 'zone' to be a valid zone.
834 *\li 'acl' to be a valid acl.
838 dns_zone_setqueryonacl(dns_zone_t *zone, dns_acl_t *acl);
840 * Sets the query-on acl list for the zone.
843 *\li 'zone' to be a valid zone.
844 *\li 'acl' to be a valid acl.
848 dns_zone_setupdateacl(dns_zone_t *zone, dns_acl_t *acl);
850 * Sets the update acl list for the zone.
853 *\li 'zone' to be a valid zone.
854 *\li 'acl' to be valid acl.
858 dns_zone_setforwardacl(dns_zone_t *zone, dns_acl_t *acl);
860 * Sets the forward unsigned updates acl list for the zone.
863 *\li 'zone' to be a valid zone.
864 *\li 'acl' to be valid acl.
868 dns_zone_setxfracl(dns_zone_t *zone, dns_acl_t *acl);
870 * Sets the transfer acl list for the zone.
873 *\li 'zone' to be a valid zone.
874 *\li 'acl' to be valid acl.
878 dns_zone_getnotifyacl(dns_zone_t *zone);
880 * Returns the current notify acl or NULL.
883 *\li 'zone' to be a valid zone.
886 *\li acl a pointer to the acl.
891 dns_zone_getqueryacl(dns_zone_t *zone);
893 * Returns the current query acl or NULL.
896 *\li 'zone' to be a valid zone.
899 *\li acl a pointer to the acl.
904 dns_zone_getqueryonacl(dns_zone_t *zone);
906 * Returns the current query-on acl or NULL.
909 *\li 'zone' to be a valid zone.
912 *\li acl a pointer to the acl.
917 dns_zone_getupdateacl(dns_zone_t *zone);
919 * Returns the current update acl or NULL.
922 *\li 'zone' to be a valid zone.
925 *\li acl a pointer to the acl.
930 dns_zone_getforwardacl(dns_zone_t *zone);
932 * Returns the current forward unsigned updates acl or NULL.
935 *\li 'zone' to be a valid zone.
938 *\li acl a pointer to the acl.
943 dns_zone_getxfracl(dns_zone_t *zone);
945 * Returns the current transfer acl or NULL.
948 *\li 'zone' to be a valid zone.
951 *\li acl a pointer to the acl.
956 dns_zone_clearupdateacl(dns_zone_t *zone);
958 * Clear the current update acl.
961 *\li 'zone' to be a valid zone.
965 dns_zone_clearforwardacl(dns_zone_t *zone);
967 * Clear the current forward unsigned updates acl.
970 *\li 'zone' to be a valid zone.
974 dns_zone_clearnotifyacl(dns_zone_t *zone);
976 * Clear the current notify acl.
979 *\li 'zone' to be a valid zone.
983 dns_zone_clearqueryacl(dns_zone_t *zone);
985 * Clear the current query acl.
988 *\li 'zone' to be a valid zone.
992 dns_zone_clearqueryonacl(dns_zone_t *zone);
994 * Clear the current query-on acl.
997 *\li 'zone' to be a valid zone.
1001 dns_zone_clearxfracl(dns_zone_t *zone);
1003 * Clear the current transfer acl.
1006 *\li 'zone' to be a valid zone.
1010 dns_zone_getupdatedisabled(dns_zone_t *zone);
1012 * Return update disabled.
1013 * Transient unless called when running in isc_task_exclusive() mode.
1017 dns_zone_setupdatedisabled(dns_zone_t *zone, isc_boolean_t state);
1019 * Set update disabled.
1020 * Should only be called only when running in isc_task_exclusive() mode.
1021 * Failure to do so may result in updates being committed after the
1022 * call has been made.
1026 dns_zone_getzeronosoattl(dns_zone_t *zone);
1028 * Return zero-no-soa-ttl status.
1032 dns_zone_setzeronosoattl(dns_zone_t *zone, isc_boolean_t state);
1034 * Set zero-no-soa-ttl status.
1038 dns_zone_setchecknames(dns_zone_t *zone, dns_severity_t severity);
1040 * Set the severity of name checking when loading a zone.
1043 * \li 'zone' to be a valid zone.
1047 dns_zone_getchecknames(dns_zone_t *zone);
1049 * Return the current severity of name checking.
1052 *\li 'zone' to be a valid zone.
1056 dns_zone_setjournalsize(dns_zone_t *zone, isc_int32_t size);
1058 * Sets the journal size for the zone.
1061 *\li 'zone' to be a valid zone.
1065 dns_zone_getjournalsize(dns_zone_t *zone);
1067 * Return the journal size as set with a previous call to
1068 * dns_zone_setjournalsize().
1071 *\li 'zone' to be a valid zone.
1075 dns_zone_notifyreceive(dns_zone_t *zone, isc_sockaddr_t *from,
1076 dns_message_t *msg);
1078 * Tell the zone that it has received a NOTIFY message from another
1079 * server. This may cause some zone maintenance activity to occur.
1082 *\li 'zone' to be a valid zone.
1083 *\li '*from' to contain the address of the server from which 'msg'
1085 *\li 'msg' a message with opcode NOTIFY and qr clear.
1095 dns_zone_setmaxxfrin(dns_zone_t *zone, isc_uint32_t maxxfrin);
1097 * Set the maximum time (in seconds) that a zone transfer in (AXFR/IXFR)
1098 * of this zone will use before being aborted.
1101 * \li 'zone' to be valid initialised zone.
1105 dns_zone_getmaxxfrin(dns_zone_t *zone);
1107 * Returns the maximum transfer time for this zone. This will be
1108 * either the value set by the last call to dns_zone_setmaxxfrin() or
1109 * the default value of 1 hour.
1112 *\li 'zone' to be valid initialised zone.
1116 dns_zone_setmaxxfrout(dns_zone_t *zone, isc_uint32_t maxxfrout);
1118 * Set the maximum time (in seconds) that a zone transfer out (AXFR/IXFR)
1119 * of this zone will use before being aborted.
1122 * \li 'zone' to be valid initialised zone.
1126 dns_zone_getmaxxfrout(dns_zone_t *zone);
1128 * Returns the maximum transfer time for this zone. This will be
1129 * either the value set by the last call to dns_zone_setmaxxfrout() or
1130 * the default value of 1 hour.
1133 *\li 'zone' to be valid initialised zone.
1137 dns_zone_setjournal(dns_zone_t *zone, const char *journal);
1139 * Sets the filename used for journaling updates / IXFR transfers.
1140 * The default journal name is set by dns_zone_setfile() to be
1141 * "file.jnl". If 'journal' is NULL, the zone will have no
1145 *\li 'zone' to be a valid zone.
1149 *\li #ISC_R_NOMEMORY
1153 dns_zone_getjournal(dns_zone_t *zone);
1155 * Returns the journal name associated with this zone.
1156 * If no journal has been set this will be NULL.
1159 *\li 'zone' to be valid initialised zone.
1163 dns_zone_gettype(dns_zone_t *zone);
1165 * Returns the type of the zone (master/slave/etc.)
1168 *\li 'zone' to be valid initialised zone.
1172 dns_zone_settask(dns_zone_t *zone, isc_task_t *task);
1174 * Give a zone a task to work with. Any current task will be detached.
1177 *\li 'zone' to be valid.
1178 *\li 'task' to be valid.
1182 dns_zone_gettask(dns_zone_t *zone, isc_task_t **target);
1184 * Attach '*target' to the zone's task.
1187 *\li 'zone' to be valid initialised zone.
1188 *\li 'zone' to have a task.
1189 *\li 'target' to be != NULL && '*target' == NULL.
1193 dns_zone_notify(dns_zone_t *zone);
1195 * Generate notify events for this zone.
1198 *\li 'zone' to be a valid zone.
1202 dns_zone_replacedb(dns_zone_t *zone, dns_db_t *db, isc_boolean_t dump);
1204 * Replace the database of "zone" with a new database "db".
1206 * If "dump" is ISC_TRUE, then the new zone contents are dumped
1207 * into to the zone's master file for persistence. When replacing
1208 * a zone database by one just loaded from a master file, set
1209 * "dump" to ISC_FALSE to avoid a redundant redump of the data just
1210 * loaded. Otherwise, it should be set to ISC_TRUE.
1212 * If the "diff-on-reload" option is enabled in the configuration file,
1213 * the differences between the old and the new database are added to the
1214 * journal file, and the master file dump is postponed.
1217 * \li 'zone' to be a valid zone.
1221 * \li DNS_R_BADZONE zone failed basic consistency checks:
1222 * * a single SOA must exist
1223 * * some NS records must exist.
1228 dns_zone_getidlein(dns_zone_t *zone);
1231 * \li 'zone' to be a valid zone.
1234 * \li number of seconds of idle time before we abort the transfer in.
1238 dns_zone_setidlein(dns_zone_t *zone, isc_uint32_t idlein);
1240 * \li Set the idle timeout for transfer the.
1241 * \li Zero set the default value, 1 hour.
1244 * \li 'zone' to be a valid zone.
1248 dns_zone_getidleout(dns_zone_t *zone);
1252 * \li 'zone' to be a valid zone.
1255 * \li number of seconds of idle time before we abort a transfer out.
1259 dns_zone_setidleout(dns_zone_t *zone, isc_uint32_t idleout);
1261 * \li Set the idle timeout for transfers out.
1262 * \li Zero set the default value, 1 hour.
1265 * \li 'zone' to be a valid zone.
1269 dns_zone_getssutable(dns_zone_t *zone, dns_ssutable_t **table);
1271 * Get the simple-secure-update policy table.
1274 * \li 'zone' to be a valid zone.
1278 dns_zone_setssutable(dns_zone_t *zone, dns_ssutable_t *table);
1280 * Set / clear the simple-secure-update policy table.
1283 * \li 'zone' to be a valid zone.
1287 dns_zone_getmctx(dns_zone_t *zone);
1289 * Get the memory context of a zone.
1292 * \li 'zone' to be a valid zone.
1296 dns_zone_getmgr(dns_zone_t *zone);
1298 * If 'zone' is managed return the zone manager otherwise NULL.
1301 * \li 'zone' to be a valid zone.
1305 dns_zone_setsigvalidityinterval(dns_zone_t *zone, isc_uint32_t interval);
1307 * Set the zone's RRSIG validity interval. This is the length of time
1308 * for which DNSSEC signatures created as a result of dynamic updates
1309 * to secure zones will remain valid, in seconds.
1312 * \li 'zone' to be a valid zone.
1316 dns_zone_getsigvalidityinterval(dns_zone_t *zone);
1318 * Get the zone's RRSIG validity interval.
1321 * \li 'zone' to be a valid zone.
1325 dns_zone_setsigresigninginterval(dns_zone_t *zone, isc_uint32_t interval);
1327 * Set the zone's RRSIG re-signing interval. A dynamic zone's RRSIG's
1328 * will be re-signed 'interval' amount of time before they expire.
1331 * \li 'zone' to be a valid zone.
1335 dns_zone_getsigresigninginterval(dns_zone_t *zone);
1337 * Get the zone's RRSIG re-signing interval.
1340 * \li 'zone' to be a valid zone.
1344 dns_zone_setnotifytype(dns_zone_t *zone, dns_notifytype_t notifytype);
1346 * Sets zone notify method to "notifytype"
1350 dns_zone_forwardupdate(dns_zone_t *zone, dns_message_t *msg,
1351 dns_updatecallback_t callback, void *callback_arg);
1353 * Forward 'msg' to each master in turn until we get an answer or we
1354 * have exhausted the list of masters. 'callback' will be called with
1355 * ISC_R_SUCCESS if we get an answer and the returned message will be
1356 * passed as 'answer_message', otherwise a non ISC_R_SUCCESS result code
1357 * will be passed and answer_message will be NULL. The callback function
1358 * is responsible for destroying 'answer_message'.
1359 * (callback)(callback_arg, result, answer_message);
1362 *\li 'zone' to be valid
1363 *\li 'msg' to be valid.
1364 *\li 'callback' to be non NULL.
1366 *\li #ISC_R_SUCCESS if the message has been forwarded,
1367 *\li #ISC_R_NOMEMORY
1372 dns_zone_next(dns_zone_t *zone, dns_zone_t **next);
1374 * Find the next zone in the list of managed zones.
1377 *\li 'zone' to be valid
1378 *\li The zone manager for the indicated zone MUST be locked
1379 * by the caller. This is not checked.
1380 *\li 'next' be non-NULL, and '*next' be NULL.
1383 *\li 'next' points to a valid zone (result ISC_R_SUCCESS) or to NULL
1384 * (result ISC_R_NOMORE).
1390 dns_zone_first(dns_zonemgr_t *zmgr, dns_zone_t **first);
1392 * Find the first zone in the list of managed zones.
1395 *\li 'zonemgr' to be valid
1396 *\li The zone manager for the indicated zone MUST be locked
1397 * by the caller. This is not checked.
1398 *\li 'first' be non-NULL, and '*first' be NULL
1401 *\li 'first' points to a valid zone (result ISC_R_SUCCESS) or to NULL
1402 * (result ISC_R_NOMORE).
1406 dns_zone_setkeydirectory(dns_zone_t *zone, const char *directory);
1408 * Sets the name of the directory where private keys used for
1409 * online signing of dynamic zones are found.
1412 *\li 'zone' to be a valid zone.
1415 *\li #ISC_R_NOMEMORY
1420 dns_zone_getkeydirectory(dns_zone_t *zone);
1422 * Gets the name of the directory where private keys used for
1423 * online signing of dynamic zones are found.
1426 *\li 'zone' to be valid initialised zone.
1429 * Pointer to null-terminated file name, or NULL.
1434 dns_zonemgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
1435 isc_timermgr_t *timermgr, isc_socketmgr_t *socketmgr,
1436 dns_zonemgr_t **zmgrp);
1438 * Create a zone manager. Note: the zone manager will not be able to
1439 * manage any zones until dns_zonemgr_setsize() has been run.
1442 *\li 'mctx' to be a valid memory context.
1443 *\li 'taskmgr' to be a valid task manager.
1444 *\li 'timermgr' to be a valid timer manager.
1445 *\li 'zmgrp' to point to a NULL pointer.
1449 dns_zonemgr_setsize(dns_zonemgr_t *zmgr, int num_zones);
1451 * Set the size of the zone manager task pool. This must be run
1452 * before zmgr can be used for managing zones. Currently, it can only
1453 * be run once; the task pool cannot be resized.
1456 *\li zmgr is a valid zone manager.
1457 *\li zmgr->zonetasks has been initialized.
1461 dns_zonemgr_createzone(dns_zonemgr_t *zmgr, dns_zone_t **zonep);
1463 * Allocate a new zone using a memory context from the
1464 * zone manager's memory context pool.
1467 *\li 'zmgr' to be a valid zone manager.
1468 *\li 'zonep' != NULL and '*zonep' == NULL.
1473 dns_zonemgr_managezone(dns_zonemgr_t *zmgr, dns_zone_t *zone);
1475 * Bring the zone under control of a zone manager.
1478 *\li 'zmgr' to be a valid zone manager.
1479 *\li 'zone' to be a valid zone.
1483 dns_zonemgr_forcemaint(dns_zonemgr_t *zmgr);
1485 * Force zone maintenance of all zones managed by 'zmgr' at its
1486 * earliest convenience.
1490 dns__zonemgr_run(isc_task_t *task, isc_event_t *event);
1492 * Event handler to call dns_zonemgr_forcemaint(); used to start
1493 * zone operations from a unit test. Not intended for use outside
1494 * libdns or related tests.
1498 dns_zonemgr_resumexfrs(dns_zonemgr_t *zmgr);
1500 * Attempt to start any stalled zone transfers.
1504 dns_zonemgr_shutdown(dns_zonemgr_t *zmgr);
1506 * Shut down the zone manager.
1509 *\li 'zmgr' to be a valid zone manager.
1513 dns_zonemgr_attach(dns_zonemgr_t *source, dns_zonemgr_t **target);
1515 * Attach '*target' to 'source' incrementing its external
1519 *\li 'zone' to be a valid zone.
1520 *\li 'target' to be non NULL and '*target' to be NULL.
1524 dns_zonemgr_detach(dns_zonemgr_t **zmgrp);
1526 * Detach from a zone manager.
1529 *\li '*zmgrp' is a valid, non-NULL zone manager pointer.
1532 *\li '*zmgrp' is NULL.
1536 dns_zonemgr_releasezone(dns_zonemgr_t *zmgr, dns_zone_t *zone);
1538 * Release 'zone' from the managed by 'zmgr'. 'zmgr' is implicitly
1539 * detached from 'zone'.
1542 *\li 'zmgr' to be a valid zone manager.
1543 *\li 'zone' to be a valid zone.
1544 *\li 'zmgr' == 'zone->zmgr'
1547 *\li 'zone->zmgr' == NULL;
1551 dns_zonemgr_settransfersin(dns_zonemgr_t *zmgr, isc_uint32_t value);
1553 * Set the maximum number of simultaneous transfers in allowed by
1557 *\li 'zmgr' to be a valid zone manager.
1561 dns_zonemgr_getttransfersin(dns_zonemgr_t *zmgr);
1563 * Return the maximum number of simultaneous transfers in allowed.
1566 *\li 'zmgr' to be a valid zone manager.
1570 dns_zonemgr_settransfersperns(dns_zonemgr_t *zmgr, isc_uint32_t value);
1572 * Set the number of zone transfers allowed per nameserver.
1575 *\li 'zmgr' to be a valid zone manager
1579 dns_zonemgr_getttransfersperns(dns_zonemgr_t *zmgr);
1581 * Return the number of transfers allowed per nameserver.
1584 *\li 'zmgr' to be a valid zone manager.
1588 dns_zonemgr_setiolimit(dns_zonemgr_t *zmgr, isc_uint32_t iolimit);
1590 * Set the number of simultaneous file descriptors available for
1591 * reading and writing masterfiles.
1594 *\li 'zmgr' to be a valid zone manager.
1595 *\li 'iolimit' to be positive.
1599 dns_zonemgr_getiolimit(dns_zonemgr_t *zmgr);
1601 * Get the number of simultaneous file descriptors available for
1602 * reading and writing masterfiles.
1605 *\li 'zmgr' to be a valid zone manager.
1609 dns_zonemgr_setserialqueryrate(dns_zonemgr_t *zmgr, unsigned int value);
1611 * Set the number of SOA queries sent per second.
1614 *\li 'zmgr' to be a valid zone manager
1618 dns_zonemgr_getserialqueryrate(dns_zonemgr_t *zmgr);
1620 * Return the number of SOA queries sent per second.
1623 *\li 'zmgr' to be a valid zone manager.
1627 dns_zonemgr_getcount(dns_zonemgr_t *zmgr, int state);
1629 * Returns the number of zones in the specified state.
1632 *\li 'zmgr' to be a valid zone manager.
1633 *\li 'state' to be a valid DNS_ZONESTATE_ constant.
1637 dns_zonemgr_unreachableadd(dns_zonemgr_t *zmgr, isc_sockaddr_t *remote,
1638 isc_sockaddr_t *local, isc_time_t *now);
1640 * Add the pair of addresses to the unreachable cache.
1643 *\li 'zmgr' to be a valid zone manager.
1644 *\li 'remote' to be a valid sockaddr.
1645 *\li 'local' to be a valid sockaddr.
1649 dns_zonemgr_unreachable(dns_zonemgr_t *zmgr, isc_sockaddr_t *remote,
1650 isc_sockaddr_t *local, isc_time_t *now);
1652 * Returns ISC_TRUE if the given local/remote address pair
1653 * is found in the zone maanger's unreachable cache.
1656 *\li 'zmgr' to be a valid zone manager.
1657 *\li 'remote' to be a valid sockaddr.
1658 *\li 'local' to be a valid sockaddr.
1663 dns_zonemgr_unreachabledel(dns_zonemgr_t *zmgr, isc_sockaddr_t *remote,
1664 isc_sockaddr_t *local);
1666 * Remove the pair of addresses from the unreachable cache.
1669 *\li 'zmgr' to be a valid zone manager.
1670 *\li 'remote' to be a valid sockaddr.
1671 *\li 'local' to be a valid sockaddr.
1675 dns_zone_forcereload(dns_zone_t *zone);
1677 * Force a reload of specified zone.
1680 *\li 'zone' to be a valid zone.
1684 dns_zone_isforced(dns_zone_t *zone);
1686 * Check if the zone is waiting a forced reload.
1689 * \li 'zone' to be a valid zone.
1693 dns_zone_setstatistics(dns_zone_t *zone, isc_boolean_t on);
1695 * This function is obsoleted by dns_zone_setrequeststats().
1699 dns_zone_getstatscounters(dns_zone_t *zone);
1701 * This function is obsoleted by dns_zone_getrequeststats().
1705 dns_zone_setstats(dns_zone_t *zone, isc_stats_t *stats);
1707 * Set a general zone-maintenance statistics set 'stats' for 'zone'. This
1708 * function is expected to be called only on zone creation (when necessary).
1709 * Once installed, it cannot be removed or replaced. Also, there is no
1710 * interface to get the installed stats from the zone; the caller must keep the
1711 * stats to reference (e.g. dump) it later.
1714 * \li 'zone' to be a valid zone and does not have a statistics set already
1717 *\li stats is a valid statistics supporting zone statistics counters
1718 * (see dns/stats.h).
1722 dns_zone_setrequeststats(dns_zone_t *zone, isc_stats_t *stats);
1725 dns_zone_setrcvquerystats(dns_zone_t *zone, dns_stats_t *stats);
1727 * Set additional statistics sets to zone. These are attached to the zone
1728 * but are not counted in the zone module; only the caller updates the
1732 * \li 'zone' to be a valid zone.
1734 *\li stats is a valid statistics.
1739 dns_zone_setrcvquerystats(dns_zone_t *zone, dns_stats_t *stats);
1743 dns_zone_getrequeststats(dns_zone_t *zone);
1747 dns_zone_getrcvquerystats(dns_zone_t *zone);
1751 * Get the additional statistics for zone, if one is installed.
1754 * \li 'zone' to be a valid zone.
1757 * \li when available, a pointer to the statistics set installed in zone;
1762 dns_zone_dialup(dns_zone_t *zone);
1764 * Perform dialup-time maintenance on 'zone'.
1768 dns_zone_setdialup(dns_zone_t *zone, dns_dialuptype_t dialup);
1770 * Set the dialup type of 'zone' to 'dialup'.
1773 * \li 'zone' to be valid initialised zone.
1774 *\li 'dialup' to be a valid dialup type.
1778 dns_zone_log(dns_zone_t *zone, int level, const char *msg, ...)
1779 ISC_FORMAT_PRINTF(3, 4);
1781 * Log the message 'msg...' at 'level', including text that identifies
1782 * the message as applying to 'zone'.
1786 dns_zone_logc(dns_zone_t *zone, isc_logcategory_t *category, int level,
1787 const char *msg, ...) ISC_FORMAT_PRINTF(4, 5);
1789 * Log the message 'msg...' at 'level', including text that identifies
1790 * the message as applying to 'zone'.
1794 dns_zone_name(dns_zone_t *zone, char *buf, size_t len);
1796 * Return the name of the zone with class and view.
1799 *\li 'zone' to be valid.
1800 *\li 'buf' to be non NULL.
1804 dns_zone_nameonly(dns_zone_t *zone, char *buf, size_t len);
1806 * Return the name of the zone only.
1809 *\li 'zone' to be valid.
1810 *\li 'buf' to be non NULL.
1814 dns_zone_checknames(dns_zone_t *zone, dns_name_t *name, dns_rdata_t *rdata);
1816 * Check if this record meets the check-names policy.
1819 * 'zone' to be valid.
1820 * 'name' to be valid.
1821 * 'rdata' to be valid.
1824 * DNS_R_SUCCESS passed checks.
1825 * DNS_R_BADOWNERNAME failed ownername checks.
1826 * DNS_R_BADNAME failed rdata checks.
1830 dns_zone_setacache(dns_zone_t *zone, dns_acache_t *acache);
1832 * Associate the zone with an additional cache.
1835 * 'zone' to be a valid zone.
1836 * 'acache' to be a non NULL pointer.
1839 * 'zone' will have a reference to 'acache'
1843 dns_zone_setcheckmx(dns_zone_t *zone, dns_checkmxfunc_t checkmx);
1845 * Set the post load integrity callback function 'checkmx'.
1846 * 'checkmx' will be called if the MX TARGET is not within the zone.
1849 * 'zone' to be a valid zone.
1853 dns_zone_setchecksrv(dns_zone_t *zone, dns_checkmxfunc_t checksrv);
1855 * Set the post load integrity callback function 'checksrv'.
1856 * 'checksrv' will be called if the SRV TARGET is not within the zone.
1859 * 'zone' to be a valid zone.
1863 dns_zone_setcheckns(dns_zone_t *zone, dns_checknsfunc_t checkns);
1865 * Set the post load integrity callback function 'checkns'.
1866 * 'checkns' will be called if the NS TARGET is not within the zone.
1869 * 'zone' to be a valid zone.
1873 dns_zone_setnotifydelay(dns_zone_t *zone, isc_uint32_t delay);
1875 * Set the minimum delay between sets of notify messages.
1878 * 'zone' to be valid.
1882 dns_zone_getnotifydelay(dns_zone_t *zone);
1884 * Get the minimum delay between sets of notify messages.
1887 * 'zone' to be valid.
1891 dns_zone_setisself(dns_zone_t *zone, dns_isselffunc_t isself, void *arg);
1893 * Set the isself callback function and argument.
1896 * isself(dns_view_t *myview, dns_tsigkey_t *mykey, isc_netaddr_t *srcaddr,
1897 * isc_netaddr_t *destaddr, dns_rdataclass_t rdclass, void *arg);
1899 * 'isself' returns ISC_TRUE if a non-recursive query from 'srcaddr' to
1900 * 'destaddr' with optional key 'mykey' for class 'rdclass' would be
1901 * delivered to 'myview'.
1905 dns_zone_setnodes(dns_zone_t *zone, isc_uint32_t nodes);
1907 * Set the number of nodes that will be checked per quantum.
1911 dns_zone_setsignatures(dns_zone_t *zone, isc_uint32_t signatures);
1913 * Set the number of signatures that will be generated per quantum.
1917 dns_zone_getsignatures(dns_zone_t *zone);
1919 * Get the number of signatures that will be generated per quantum.
1923 dns_zone_signwithkey(dns_zone_t *zone, dns_secalg_t algorithm,
1924 isc_uint16_t keyid, isc_boolean_t deleteit);
1926 * Initiate/resume signing of the entire zone with the zone DNSKEY(s)
1927 * that match the given algorithm and keyid.
1931 dns_zone_addnsec3chain(dns_zone_t *zone, dns_rdata_nsec3param_t *nsec3param);
1933 * Incrementally add a NSEC3 chain that corresponds to 'nsec3param'.
1937 dns_zone_setprivatetype(dns_zone_t *zone, dns_rdatatype_t type);
1939 dns_zone_getprivatetype(dns_zone_t *zone);
1941 * Get/Set the private record type. It is expected that these interfaces
1942 * will not be permanent.
1946 dns_zone_rekey(dns_zone_t *zone, isc_boolean_t fullsign);
1948 * Update the zone's DNSKEY set from the key repository.
1950 * If 'fullsign' is true, trigger an immediate full signing of
1951 * the zone with the new key. Otherwise, if there are no keys or
1952 * if the new keys are for algorithms that have already signed the
1953 * zone, then the zone can be re-signed incrementally.
1957 dns_zone_nscheck(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *version,
1958 unsigned int *errors);
1960 * Check if the name servers for the zone are sane (have address, don't
1961 * refer to CNAMEs/DNAMEs. The number of constiancy errors detected in
1962 * returned in '*errors'
1965 * \li 'zone' to be valid.
1966 * \li 'db' to be valid.
1967 * \li 'version' to be valid or NULL.
1968 * \li 'errors' to be non NULL.
1971 * ISC_R_SUCCESS if there were no errors examining the zone contents.
1975 dns_zone_cdscheck(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *version);
1977 * Check if CSD, CDNSKEY and DNSKEY are consistent.
1980 * \li 'zone' to be valid.
1981 * \li 'db' to be valid.
1982 * \li 'version' to be valid or NULL.
1987 *\li #DNS_R_BADCDNSKEY
1992 dns_zone_setadded(dns_zone_t *zone, isc_boolean_t added);
1994 * Sets the value of zone->added, which should be ISC_TRUE for
1995 * zones that were originally added by "rndc addzone".
1998 * \li 'zone' to be valid.
2002 dns_zone_getadded(dns_zone_t *zone);
2004 * Returns ISC_TRUE if the zone was originally added at runtime
2005 * using "rndc addzone".
2008 * \li 'zone' to be valid.
2012 dns_zone_dlzpostload(dns_zone_t *zone, dns_db_t *db);
2014 * Load the origin names for a writeable DLZ database.
2018 dns_zone_isdynamic(dns_zone_t *zone, isc_boolean_t ignore_freeze);
2020 * Return true iff the zone is "dynamic", in the sense that the zone's
2021 * master file (if any) is written by the server, rather than being
2022 * updated manually and read by the server.
2024 * This is true for slave zones, stub zones, key zones, and zones that
2025 * allow dynamic updates either by having an update policy ("ssutable")
2026 * or an "allow-update" ACL with a value other than exactly "{ none; }".
2028 * If 'ignore_freeze' is true, then the zone which has had updates disabled
2029 * will still report itself to be dynamic.
2032 * \li 'zone' to be valid.
2036 dns_zone_setrefreshkeyinterval(dns_zone_t *zone, isc_uint32_t interval);
2038 * Sets the frequency, in minutes, with which the key repository will be
2039 * checked to see if the keys for this zone have been updated. Any value
2040 * higher than 1440 minutes (24 hours) will be silently reduced. A
2041 * value of zero will return an out-of-range error.
2044 * \li 'zone' to be valid.
2048 dns_zone_getrequestixfr(dns_zone_t *zone);
2050 * Returns the true/false value of the request-ixfr option in the zone.
2053 * \li 'zone' to be valid.
2057 dns_zone_setrequestixfr(dns_zone_t *zone, isc_boolean_t flag);
2059 * Sets the request-ixfr option for the zone. Either true or false. The
2060 * default value is determined by the setting of this option in the view.
2063 * \li 'zone' to be valid.
2067 dns_zone_setserialupdatemethod(dns_zone_t *zone, dns_updatemethod_t method);
2069 * Sets the update method to use when incrementing the zone serial number
2070 * due to a DDNS update. Valid options are dns_updatemethod_increment
2071 * and dns_updatemethod_unixtime.
2074 * \li 'zone' to be valid.
2078 dns_zone_getserialupdatemethod(dns_zone_t *zone);
2080 * Returns the update method to be used when incrementing the zone serial
2081 * number due to a DDNS update.
2084 * \li 'zone' to be valid.
2088 dns_zone_link(dns_zone_t *zone, dns_zone_t *raw);
2091 dns_zone_getraw(dns_zone_t *zone, dns_zone_t **raw);
2094 dns_zone_keydone(dns_zone_t *zone, const char *data);
2097 dns_zone_setnsec3param(dns_zone_t *zone, isc_uint8_t hash, isc_uint8_t flags,
2098 isc_uint16_t iter, isc_uint8_t saltlen,
2099 unsigned char *salt, isc_boolean_t replace);
2101 * Set the NSEC3 parameters for the zone.
2103 * If 'replace' is ISC_TRUE, then the existing NSEC3 chain, if any, will
2104 * be replaced with the new one. If 'hash' is zero, then the replacement
2105 * chain will be NSEC rather than NSEC3.
2108 * \li 'zone' to be valid.
2112 dns_zone_setrawdata(dns_zone_t *zone, dns_masterrawheader_t *header);
2114 * Set the data to be included in the header when the zone is dumped in
2119 dns_zone_synckeyzone(dns_zone_t *zone);
2121 * Force the managed key zone to synchronize, and start the key
2122 * maintenance timer.
2126 dns_zone_rpz_enable(dns_zone_t *zone);
2128 * Set the response policy associated with a zone.
2132 dns_zone_rpz_enable_db(dns_zone_t *zone, dns_db_t *db);
2134 * If a zone is a response policy zone, mark its new database.
2138 dns_zone_get_rpz(dns_zone_t *zone);
2141 dns_zone_setstatlevel(dns_zone_t *zone, dns_zonestat_level_t level);
2143 dns_zonestat_level_t
2144 dns_zone_getstatlevel(dns_zone_t *zone);
2146 * Set and get the statistics reporting level for the zone;
2147 * full, terse, or none.
2152 #endif /* DNS_ZONE_H */