2 * Copyright (C) 2004, 2005, 2007, 2008, 2010, 2012-2014 Internet Systems Consortium, Inc. ("ISC")
3 * Copyright (C) 1999-2002 Internet Software Consortium.
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15 * PERFORMANCE OF THIS SOFTWARE.
18 /* $Id: rootns.c,v 1.40 2010/06/18 05:36:24 marka Exp $ */
24 #include <isc/buffer.h>
25 #include <isc/string.h> /* Required for HP/UX (and others?) */
28 #include <dns/callbacks.h>
30 #include <dns/dbiterator.h>
31 #include <dns/fixedname.h>
33 #include <dns/master.h>
34 #include <dns/rdata.h>
35 #include <dns/rdata.h>
36 #include <dns/rdataset.h>
37 #include <dns/rdatasetiter.h>
38 #include <dns/rdatastruct.h>
39 #include <dns/rdatatype.h>
40 #include <dns/result.h>
41 #include <dns/rootns.h>
44 static char root_ns[] =
46 "; Internet Root Nameservers\n"
49 ". 518400 IN NS A.ROOT-SERVERS.NET.\n"
50 ". 518400 IN NS B.ROOT-SERVERS.NET.\n"
51 ". 518400 IN NS C.ROOT-SERVERS.NET.\n"
52 ". 518400 IN NS D.ROOT-SERVERS.NET.\n"
53 ". 518400 IN NS E.ROOT-SERVERS.NET.\n"
54 ". 518400 IN NS F.ROOT-SERVERS.NET.\n"
55 ". 518400 IN NS G.ROOT-SERVERS.NET.\n"
56 ". 518400 IN NS H.ROOT-SERVERS.NET.\n"
57 ". 518400 IN NS I.ROOT-SERVERS.NET.\n"
58 ". 518400 IN NS J.ROOT-SERVERS.NET.\n"
59 ". 518400 IN NS K.ROOT-SERVERS.NET.\n"
60 ". 518400 IN NS L.ROOT-SERVERS.NET.\n"
61 ". 518400 IN NS M.ROOT-SERVERS.NET.\n"
62 "A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4\n"
63 "A.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:BA3E::2:30\n"
64 "B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201\n"
65 "C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12\n"
66 "C.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:2::c\n"
67 "D.ROOT-SERVERS.NET. 3600000 IN A 199.7.91.13\n"
68 "D.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:2d::d\n"
69 "E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10\n"
70 "F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241\n"
71 "F.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:2F::F\n"
72 "G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4\n"
73 "H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53\n"
74 "H.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:1::803F:235\n"
75 "I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17\n"
76 "I.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:7fe::53\n"
77 "J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30\n"
78 "J.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:C27::2:30\n"
79 "K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129\n"
80 "K.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:7FD::1\n"
81 "L.ROOT-SERVERS.NET. 3600000 IN A 199.7.83.42\n"
82 "L.ROOT-SERVERS.NET. 604800 IN AAAA 2001:500:3::42\n"
83 "M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33\n"
84 "M.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:DC3::35\n";
87 in_rootns(dns_rdataset_t *rootns, dns_name_t *name) {
89 dns_rdata_t rdata = DNS_RDATA_INIT;
92 if (!dns_rdataset_isassociated(rootns))
93 return (ISC_R_NOTFOUND);
95 result = dns_rdataset_first(rootns);
96 while (result == ISC_R_SUCCESS) {
97 dns_rdataset_current(rootns, &rdata);
98 result = dns_rdata_tostruct(&rdata, &ns, NULL);
99 if (result != ISC_R_SUCCESS)
101 if (dns_name_compare(name, &ns.name) == 0)
102 return (ISC_R_SUCCESS);
103 result = dns_rdataset_next(rootns);
104 dns_rdata_reset(&rdata);
106 if (result == ISC_R_NOMORE)
107 result = ISC_R_NOTFOUND;
112 check_node(dns_rdataset_t *rootns, dns_name_t *name,
113 dns_rdatasetiter_t *rdsiter) {
115 dns_rdataset_t rdataset;
117 dns_rdataset_init(&rdataset);
118 result = dns_rdatasetiter_first(rdsiter);
119 while (result == ISC_R_SUCCESS) {
120 dns_rdatasetiter_current(rdsiter, &rdataset);
121 switch (rdataset.type) {
122 case dns_rdatatype_a:
123 case dns_rdatatype_aaaa:
124 result = in_rootns(rootns, name);
125 if (result != ISC_R_SUCCESS)
128 case dns_rdatatype_ns:
129 if (dns_name_compare(name, dns_rootname) == 0)
133 result = ISC_R_FAILURE;
136 dns_rdataset_disassociate(&rdataset);
137 result = dns_rdatasetiter_next(rdsiter);
139 if (result == ISC_R_NOMORE)
140 result = ISC_R_SUCCESS;
142 if (dns_rdataset_isassociated(&rdataset))
143 dns_rdataset_disassociate(&rdataset);
148 check_hints(dns_db_t *db) {
150 dns_rdataset_t rootns;
151 dns_dbiterator_t *dbiter = NULL;
152 dns_dbnode_t *node = NULL;
154 dns_fixedname_t fixname;
156 dns_rdatasetiter_t *rdsiter = NULL;
158 isc_stdtime_get(&now);
160 dns_fixedname_init(&fixname);
161 name = dns_fixedname_name(&fixname);
163 dns_rdataset_init(&rootns);
164 (void)dns_db_find(db, dns_rootname, NULL, dns_rdatatype_ns, 0,
165 now, NULL, name, &rootns, NULL);
166 result = dns_db_createiterator(db, 0, &dbiter);
167 if (result != ISC_R_SUCCESS)
169 result = dns_dbiterator_first(dbiter);
170 while (result == ISC_R_SUCCESS) {
171 result = dns_dbiterator_current(dbiter, &node, name);
172 if (result != ISC_R_SUCCESS)
174 result = dns_db_allrdatasets(db, node, NULL, now, &rdsiter);
175 if (result != ISC_R_SUCCESS)
177 result = check_node(&rootns, name, rdsiter);
178 if (result != ISC_R_SUCCESS)
180 dns_rdatasetiter_destroy(&rdsiter);
181 dns_db_detachnode(db, &node);
182 result = dns_dbiterator_next(dbiter);
184 if (result == ISC_R_NOMORE)
185 result = ISC_R_SUCCESS;
188 if (dns_rdataset_isassociated(&rootns))
189 dns_rdataset_disassociate(&rootns);
191 dns_rdatasetiter_destroy(&rdsiter);
193 dns_db_detachnode(db, &node);
195 dns_dbiterator_destroy(&dbiter);
200 dns_rootns_create(isc_mem_t *mctx, dns_rdataclass_t rdclass,
201 const char *filename, dns_db_t **target)
203 isc_result_t result, eresult;
206 dns_rdatacallbacks_t callbacks;
209 REQUIRE(target != NULL && *target == NULL);
211 result = dns_db_create(mctx, "rbt", dns_rootname, dns_dbtype_zone,
212 rdclass, 0, NULL, &db);
213 if (result != ISC_R_SUCCESS)
216 dns_rdatacallbacks_init(&callbacks);
218 len = strlen(root_ns);
219 isc_buffer_init(&source, root_ns, len);
220 isc_buffer_add(&source, len);
222 result = dns_db_beginload(db, &callbacks.add,
223 &callbacks.add_private);
224 if (result != ISC_R_SUCCESS)
226 if (filename != NULL) {
228 * Load the hints from the specified filename.
230 result = dns_master_loadfile(filename, &db->origin,
231 &db->origin, db->rdclass,
233 &callbacks, db->mctx);
234 } else if (rdclass == dns_rdataclass_in) {
236 * Default to using the Internet root servers.
238 result = dns_master_loadbuffer(&source, &db->origin,
239 &db->origin, db->rdclass,
241 &callbacks, db->mctx);
243 result = ISC_R_NOTFOUND;
244 eresult = dns_db_endload(db, &callbacks.add_private);
245 if (result == ISC_R_SUCCESS || result == DNS_R_SEENINCLUDE)
247 if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE)
249 if (check_hints(db) != ISC_R_SUCCESS)
250 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
251 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING,
252 "extra data in root hints '%s'",
253 (filename != NULL) ? filename : "<BUILT-IN>");
255 return (ISC_R_SUCCESS);
264 report(dns_view_t *view, dns_name_t *name, isc_boolean_t missing,
267 const char *viewname = "", *sep = "";
268 char namebuf[DNS_NAME_FORMATSIZE];
269 char typebuf[DNS_RDATATYPE_FORMATSIZE];
270 char databuf[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:123.123.123.123")];
274 if (strcmp(view->name, "_bind") != 0 &&
275 strcmp(view->name, "_default") != 0) {
276 viewname = view->name;
280 dns_name_format(name, namebuf, sizeof(namebuf));
281 dns_rdatatype_format(rdata->type, typebuf, sizeof(typebuf));
282 isc_buffer_init(&buffer, databuf, sizeof(databuf) - 1);
283 result = dns_rdata_totext(rdata, NULL, &buffer);
284 RUNTIME_CHECK(result == ISC_R_SUCCESS);
285 databuf[isc_buffer_usedlength(&buffer)] = '\0';
288 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
289 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING,
290 "checkhints%s%s: %s/%s (%s) missing from hints",
291 sep, viewname, namebuf, typebuf, databuf);
293 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
294 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING,
295 "checkhints%s%s: %s/%s (%s) extra record "
296 "in hints", sep, viewname, namebuf, typebuf,
301 inrrset(dns_rdataset_t *rrset, dns_rdata_t *rdata) {
303 dns_rdata_t current = DNS_RDATA_INIT;
305 result = dns_rdataset_first(rrset);
306 while (result == ISC_R_SUCCESS) {
307 dns_rdataset_current(rrset, ¤t);
308 if (dns_rdata_compare(rdata, ¤t) == 0)
310 dns_rdata_reset(¤t);
311 result = dns_rdataset_next(rrset);
317 * Check that the address RRsets match.
319 * Note we don't complain about missing glue records.
323 check_address_records(dns_view_t *view, dns_db_t *hints, dns_db_t *db,
324 dns_name_t *name, isc_stdtime_t now)
326 isc_result_t hresult, rresult, result;
327 dns_rdataset_t hintrrset, rootrrset;
328 dns_rdata_t rdata = DNS_RDATA_INIT;
329 dns_name_t *foundname;
330 dns_fixedname_t fixed;
332 dns_rdataset_init(&hintrrset);
333 dns_rdataset_init(&rootrrset);
334 dns_fixedname_init(&fixed);
335 foundname = dns_fixedname_name(&fixed);
337 hresult = dns_db_find(hints, name, NULL, dns_rdatatype_a, 0,
338 now, NULL, foundname, &hintrrset, NULL);
339 rresult = dns_db_find(db, name, NULL, dns_rdatatype_a,
340 DNS_DBFIND_GLUEOK, now, NULL, foundname,
342 if (hresult == ISC_R_SUCCESS &&
343 (rresult == ISC_R_SUCCESS || rresult == DNS_R_GLUE)) {
344 result = dns_rdataset_first(&rootrrset);
345 while (result == ISC_R_SUCCESS) {
346 dns_rdata_reset(&rdata);
347 dns_rdataset_current(&rootrrset, &rdata);
348 if (!inrrset(&hintrrset, &rdata))
349 report(view, name, ISC_TRUE, &rdata);
350 result = dns_rdataset_next(&rootrrset);
352 result = dns_rdataset_first(&hintrrset);
353 while (result == ISC_R_SUCCESS) {
354 dns_rdata_reset(&rdata);
355 dns_rdataset_current(&hintrrset, &rdata);
356 if (!inrrset(&rootrrset, &rdata))
357 report(view, name, ISC_FALSE, &rdata);
358 result = dns_rdataset_next(&hintrrset);
361 if (hresult == ISC_R_NOTFOUND &&
362 (rresult == ISC_R_SUCCESS || rresult == DNS_R_GLUE)) {
363 result = dns_rdataset_first(&rootrrset);
364 while (result == ISC_R_SUCCESS) {
365 dns_rdata_reset(&rdata);
366 dns_rdataset_current(&rootrrset, &rdata);
367 report(view, name, ISC_TRUE, &rdata);
368 result = dns_rdataset_next(&rootrrset);
371 if (dns_rdataset_isassociated(&rootrrset))
372 dns_rdataset_disassociate(&rootrrset);
373 if (dns_rdataset_isassociated(&hintrrset))
374 dns_rdataset_disassociate(&hintrrset);
377 * Check AAAA records.
379 hresult = dns_db_find(hints, name, NULL, dns_rdatatype_aaaa, 0,
380 now, NULL, foundname, &hintrrset, NULL);
381 rresult = dns_db_find(db, name, NULL, dns_rdatatype_aaaa,
382 DNS_DBFIND_GLUEOK, now, NULL, foundname,
384 if (hresult == ISC_R_SUCCESS &&
385 (rresult == ISC_R_SUCCESS || rresult == DNS_R_GLUE)) {
386 result = dns_rdataset_first(&rootrrset);
387 while (result == ISC_R_SUCCESS) {
388 dns_rdata_reset(&rdata);
389 dns_rdataset_current(&rootrrset, &rdata);
390 if (!inrrset(&hintrrset, &rdata))
391 report(view, name, ISC_TRUE, &rdata);
392 dns_rdata_reset(&rdata);
393 result = dns_rdataset_next(&rootrrset);
395 result = dns_rdataset_first(&hintrrset);
396 while (result == ISC_R_SUCCESS) {
397 dns_rdata_reset(&rdata);
398 dns_rdataset_current(&hintrrset, &rdata);
399 if (!inrrset(&rootrrset, &rdata))
400 report(view, name, ISC_FALSE, &rdata);
401 dns_rdata_reset(&rdata);
402 result = dns_rdataset_next(&hintrrset);
405 if (hresult == ISC_R_NOTFOUND &&
406 (rresult == ISC_R_SUCCESS || rresult == DNS_R_GLUE)) {
407 result = dns_rdataset_first(&rootrrset);
408 while (result == ISC_R_SUCCESS) {
409 dns_rdata_reset(&rdata);
410 dns_rdataset_current(&rootrrset, &rdata);
411 report(view, name, ISC_TRUE, &rdata);
412 dns_rdata_reset(&rdata);
413 result = dns_rdataset_next(&rootrrset);
416 if (dns_rdataset_isassociated(&rootrrset))
417 dns_rdataset_disassociate(&rootrrset);
418 if (dns_rdataset_isassociated(&hintrrset))
419 dns_rdataset_disassociate(&hintrrset);
423 dns_root_checkhints(dns_view_t *view, dns_db_t *hints, dns_db_t *db) {
425 dns_rdata_t rdata = DNS_RDATA_INIT;
427 dns_rdataset_t hintns, rootns;
428 const char *viewname = "", *sep = "";
431 dns_fixedname_t fixed;
433 REQUIRE(hints != NULL);
435 REQUIRE(view != NULL);
437 isc_stdtime_get(&now);
439 if (strcmp(view->name, "_bind") != 0 &&
440 strcmp(view->name, "_default") != 0) {
441 viewname = view->name;
445 dns_rdataset_init(&hintns);
446 dns_rdataset_init(&rootns);
447 dns_fixedname_init(&fixed);
448 name = dns_fixedname_name(&fixed);
450 result = dns_db_find(hints, dns_rootname, NULL, dns_rdatatype_ns, 0,
451 now, NULL, name, &hintns, NULL);
452 if (result != ISC_R_SUCCESS) {
453 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
454 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING,
455 "checkhints%s%s: unable to get root NS rrset "
456 "from hints: %s", sep, viewname,
457 dns_result_totext(result));
461 result = dns_db_find(db, dns_rootname, NULL, dns_rdatatype_ns, 0,
462 now, NULL, name, &rootns, NULL);
463 if (result != ISC_R_SUCCESS) {
464 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
465 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING,
466 "checkhints%s%s: unable to get root NS rrset "
467 "from cache: %s", sep, viewname,
468 dns_result_totext(result));
473 * Look for missing root NS names.
475 result = dns_rdataset_first(&rootns);
476 while (result == ISC_R_SUCCESS) {
477 dns_rdataset_current(&rootns, &rdata);
478 result = dns_rdata_tostruct(&rdata, &ns, NULL);
479 RUNTIME_CHECK(result == ISC_R_SUCCESS);
480 result = in_rootns(&hintns, &ns.name);
481 if (result != ISC_R_SUCCESS) {
482 char namebuf[DNS_NAME_FORMATSIZE];
483 /* missing from hints */
484 dns_name_format(&ns.name, namebuf, sizeof(namebuf));
485 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
486 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING,
487 "checkhints%s%s: unable to find root "
488 "NS '%s' in hints", sep, viewname,
491 check_address_records(view, hints, db, &ns.name, now);
492 dns_rdata_reset(&rdata);
493 result = dns_rdataset_next(&rootns);
495 if (result != ISC_R_NOMORE) {
500 * Look for extra root NS names.
502 result = dns_rdataset_first(&hintns);
503 while (result == ISC_R_SUCCESS) {
504 dns_rdataset_current(&hintns, &rdata);
505 result = dns_rdata_tostruct(&rdata, &ns, NULL);
506 RUNTIME_CHECK(result == ISC_R_SUCCESS);
507 result = in_rootns(&rootns, &ns.name);
508 if (result != ISC_R_SUCCESS) {
509 char namebuf[DNS_NAME_FORMATSIZE];
510 /* extra entry in hints */
511 dns_name_format(&ns.name, namebuf, sizeof(namebuf));
512 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
513 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING,
514 "checkhints%s%s: extra NS '%s' in hints",
515 sep, viewname, namebuf);
517 dns_rdata_reset(&rdata);
518 result = dns_rdataset_next(&hintns);
520 if (result != ISC_R_NOMORE) {
525 if (dns_rdataset_isassociated(&rootns))
526 dns_rdataset_disassociate(&rootns);
527 if (dns_rdataset_isassociated(&hintns))
528 dns_rdataset_disassociate(&hintns);