2 * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
3 * Copyright (C) 1999-2002 Internet Software Consortium.
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15 * PERFORMANCE OF THIS SOFTWARE.
18 /* $Id: rootns.c,v 1.26.18.5 2007/10/31 03:02:45 tbox Exp $ */
24 #include <isc/buffer.h>
25 #include <isc/string.h> /* Required for HP/UX (and others?) */
28 #include <dns/callbacks.h>
30 #include <dns/dbiterator.h>
31 #include <dns/fixedname.h>
33 #include <dns/master.h>
34 #include <dns/rdata.h>
35 #include <dns/rdata.h>
36 #include <dns/rdataset.h>
37 #include <dns/rdatasetiter.h>
38 #include <dns/rdatastruct.h>
39 #include <dns/rdatatype.h>
40 #include <dns/result.h>
41 #include <dns/rootns.h>
44 static char root_ns[] =
46 "; Internet Root Nameservers\n"
48 "; Thu Sep 23 17:57:37 PDT 1999\n"
51 ". 518400 IN NS A.ROOT-SERVERS.NET.\n"
52 ". 518400 IN NS B.ROOT-SERVERS.NET.\n"
53 ". 518400 IN NS C.ROOT-SERVERS.NET.\n"
54 ". 518400 IN NS D.ROOT-SERVERS.NET.\n"
55 ". 518400 IN NS E.ROOT-SERVERS.NET.\n"
56 ". 518400 IN NS F.ROOT-SERVERS.NET.\n"
57 ". 518400 IN NS G.ROOT-SERVERS.NET.\n"
58 ". 518400 IN NS H.ROOT-SERVERS.NET.\n"
59 ". 518400 IN NS I.ROOT-SERVERS.NET.\n"
60 ". 518400 IN NS J.ROOT-SERVERS.NET.\n"
61 ". 518400 IN NS K.ROOT-SERVERS.NET.\n"
62 ". 518400 IN NS L.ROOT-SERVERS.NET.\n"
63 ". 518400 IN NS M.ROOT-SERVERS.NET.\n"
64 "A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4\n"
65 "B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201\n"
66 "C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12\n"
67 "D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90\n"
68 "E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10\n"
69 "F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241\n"
70 "G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4\n"
71 "H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53\n"
72 "I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17\n"
73 "J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30\n"
74 "K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129\n"
75 "L.ROOT-SERVERS.NET. 3600000 IN A 199.7.83.42\n"
76 "M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33\n";
79 in_rootns(dns_rdataset_t *rootns, dns_name_t *name) {
81 dns_rdata_t rdata = DNS_RDATA_INIT;
84 if (!dns_rdataset_isassociated(rootns))
85 return (ISC_R_NOTFOUND);
87 result = dns_rdataset_first(rootns);
88 while (result == ISC_R_SUCCESS) {
89 dns_rdataset_current(rootns, &rdata);
90 result = dns_rdata_tostruct(&rdata, &ns, NULL);
91 if (result != ISC_R_SUCCESS)
93 if (dns_name_compare(name, &ns.name) == 0)
94 return (ISC_R_SUCCESS);
95 result = dns_rdataset_next(rootns);
97 if (result == ISC_R_NOMORE)
98 result = ISC_R_NOTFOUND;
103 check_node(dns_rdataset_t *rootns, dns_name_t *name,
104 dns_rdatasetiter_t *rdsiter) {
106 dns_rdataset_t rdataset;
108 dns_rdataset_init(&rdataset);
109 result = dns_rdatasetiter_first(rdsiter);
110 while (result == ISC_R_SUCCESS) {
111 dns_rdatasetiter_current(rdsiter, &rdataset);
112 switch (rdataset.type) {
113 case dns_rdatatype_a:
114 case dns_rdatatype_aaaa:
115 result = in_rootns(rootns, name);
116 if (result != ISC_R_SUCCESS)
119 case dns_rdatatype_ns:
120 if (dns_name_compare(name, dns_rootname) == 0)
124 result = ISC_R_FAILURE;
127 dns_rdataset_disassociate(&rdataset);
128 result = dns_rdatasetiter_next(rdsiter);
130 if (result == ISC_R_NOMORE)
131 result = ISC_R_SUCCESS;
133 if (dns_rdataset_isassociated(&rdataset))
134 dns_rdataset_disassociate(&rdataset);
139 check_hints(dns_db_t *db) {
141 dns_rdataset_t rootns;
142 dns_dbiterator_t *dbiter = NULL;
143 dns_dbnode_t *node = NULL;
145 dns_fixedname_t fixname;
147 dns_rdatasetiter_t *rdsiter = NULL;
149 isc_stdtime_get(&now);
151 dns_fixedname_init(&fixname);
152 name = dns_fixedname_name(&fixname);
154 dns_rdataset_init(&rootns);
155 (void)dns_db_find(db, dns_rootname, NULL, dns_rdatatype_ns, 0,
156 now, NULL, name, &rootns, NULL);
157 result = dns_db_createiterator(db, ISC_FALSE, &dbiter);
158 if (result != ISC_R_SUCCESS)
160 result = dns_dbiterator_first(dbiter);
161 while (result == ISC_R_SUCCESS) {
162 result = dns_dbiterator_current(dbiter, &node, name);
163 if (result != ISC_R_SUCCESS)
165 result = dns_db_allrdatasets(db, node, NULL, now, &rdsiter);
166 if (result != ISC_R_SUCCESS)
168 result = check_node(&rootns, name, rdsiter);
169 if (result != ISC_R_SUCCESS)
171 dns_rdatasetiter_destroy(&rdsiter);
172 dns_db_detachnode(db, &node);
173 result = dns_dbiterator_next(dbiter);
175 if (result == ISC_R_NOMORE)
176 result = ISC_R_SUCCESS;
179 if (dns_rdataset_isassociated(&rootns))
180 dns_rdataset_disassociate(&rootns);
182 dns_rdatasetiter_destroy(&rdsiter);
184 dns_db_detachnode(db, &node);
186 dns_dbiterator_destroy(&dbiter);
191 dns_rootns_create(isc_mem_t *mctx, dns_rdataclass_t rdclass,
192 const char *filename, dns_db_t **target)
194 isc_result_t result, eresult;
197 dns_rdatacallbacks_t callbacks;
200 REQUIRE(target != NULL && *target == NULL);
202 result = dns_db_create(mctx, "rbt", dns_rootname, dns_dbtype_zone,
203 rdclass, 0, NULL, &db);
204 if (result != ISC_R_SUCCESS)
207 dns_rdatacallbacks_init(&callbacks);
209 len = strlen(root_ns);
210 isc_buffer_init(&source, root_ns, len);
211 isc_buffer_add(&source, len);
213 result = dns_db_beginload(db, &callbacks.add,
214 &callbacks.add_private);
215 if (result != ISC_R_SUCCESS)
217 if (filename != NULL) {
219 * Load the hints from the specified filename.
221 result = dns_master_loadfile(filename, &db->origin,
222 &db->origin, db->rdclass,
224 &callbacks, db->mctx);
225 } else if (rdclass == dns_rdataclass_in) {
227 * Default to using the Internet root servers.
229 result = dns_master_loadbuffer(&source, &db->origin,
230 &db->origin, db->rdclass,
232 &callbacks, db->mctx);
234 result = ISC_R_NOTFOUND;
235 eresult = dns_db_endload(db, &callbacks.add_private);
236 if (result == ISC_R_SUCCESS || result == DNS_R_SEENINCLUDE)
238 if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE)
240 if (check_hints(db) != ISC_R_SUCCESS)
241 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
242 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING,
243 "extra data in root hints '%s'",
244 (filename != NULL) ? filename : "<BUILT-IN>");
246 return (ISC_R_SUCCESS);
255 report(dns_view_t *view, dns_name_t *name, isc_boolean_t missing,
258 const char *viewname = "", *sep = "";
259 char namebuf[DNS_NAME_FORMATSIZE];
260 char typebuf[DNS_RDATATYPE_FORMATSIZE];
261 char databuf[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:123.123.123.123")];
265 if (strcmp(view->name, "_bind") != 0 &&
266 strcmp(view->name, "_default") != 0) {
267 viewname = view->name;
271 dns_name_format(name, namebuf, sizeof(namebuf));
272 dns_rdatatype_format(rdata->type, typebuf, sizeof(typebuf));
273 isc_buffer_init(&buffer, databuf, sizeof(databuf) - 1);
274 result = dns_rdata_totext(rdata, NULL, &buffer);
275 RUNTIME_CHECK(result == ISC_R_SUCCESS);
276 databuf[isc_buffer_usedlength(&buffer)] = '\0';
279 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
280 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING,
281 "checkhints%s%s: %s/%s (%s) missing from hints",
282 sep, viewname, namebuf, typebuf, databuf);
284 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
285 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING,
286 "checkhints%s%s: %s/%s (%s) extra record "
287 "in hints", sep, viewname, namebuf, typebuf,
292 inrrset(dns_rdataset_t *rrset, dns_rdata_t *rdata) {
294 dns_rdata_t current = DNS_RDATA_INIT;
296 result = dns_rdataset_first(rrset);
297 while (result == ISC_R_SUCCESS) {
298 dns_rdataset_current(rrset, ¤t);
299 if (dns_rdata_compare(rdata, ¤t) == 0)
301 dns_rdata_reset(¤t);
302 result = dns_rdataset_next(rrset);
308 * Check that the address RRsets match.
310 * Note we don't complain about missing glue records.
314 check_address_records(dns_view_t *view, dns_db_t *hints, dns_db_t *db,
315 dns_name_t *name, isc_stdtime_t now)
317 isc_result_t hresult, rresult, result;
318 dns_rdataset_t hintrrset, rootrrset;
319 dns_rdata_t rdata = DNS_RDATA_INIT;
320 dns_name_t *foundname;
321 dns_fixedname_t fixed;
323 dns_rdataset_init(&hintrrset);
324 dns_rdataset_init(&rootrrset);
325 dns_fixedname_init(&fixed);
326 foundname = dns_fixedname_name(&fixed);
328 hresult = dns_db_find(hints, name, NULL, dns_rdatatype_a, 0,
329 now, NULL, foundname, &hintrrset, NULL);
330 rresult = dns_db_find(db, name, NULL, dns_rdatatype_a,
331 DNS_DBFIND_GLUEOK, now, NULL, foundname,
333 if (hresult == ISC_R_SUCCESS &&
334 (rresult == ISC_R_SUCCESS || rresult == DNS_R_GLUE)) {
335 result = dns_rdataset_first(&rootrrset);
336 while (result == ISC_R_SUCCESS) {
337 dns_rdataset_current(&rootrrset, &rdata);
338 if (!inrrset(&hintrrset, &rdata))
339 report(view, name, ISC_TRUE, &rdata);
340 result = dns_rdataset_next(&rootrrset);
342 result = dns_rdataset_first(&hintrrset);
343 while (result == ISC_R_SUCCESS) {
344 dns_rdataset_current(&hintrrset, &rdata);
345 if (!inrrset(&rootrrset, &rdata))
346 report(view, name, ISC_FALSE, &rdata);
347 result = dns_rdataset_next(&hintrrset);
350 if (hresult == ISC_R_NOTFOUND &&
351 (rresult == ISC_R_SUCCESS || rresult == DNS_R_GLUE)) {
352 result = dns_rdataset_first(&rootrrset);
353 while (result == ISC_R_SUCCESS) {
354 dns_rdataset_current(&rootrrset, &rdata);
355 report(view, name, ISC_TRUE, &rdata);
356 result = dns_rdataset_next(&rootrrset);
359 if (dns_rdataset_isassociated(&rootrrset))
360 dns_rdataset_disassociate(&rootrrset);
361 if (dns_rdataset_isassociated(&hintrrset))
362 dns_rdataset_disassociate(&hintrrset);
365 * Check AAAA records.
367 hresult = dns_db_find(hints, name, NULL, dns_rdatatype_aaaa, 0,
368 now, NULL, foundname, &hintrrset, NULL);
369 rresult = dns_db_find(db, name, NULL, dns_rdatatype_aaaa,
370 DNS_DBFIND_GLUEOK, now, NULL, foundname,
372 if (hresult == ISC_R_SUCCESS &&
373 (rresult == ISC_R_SUCCESS || rresult == DNS_R_GLUE)) {
374 result = dns_rdataset_first(&rootrrset);
375 while (result == ISC_R_SUCCESS) {
376 dns_rdataset_current(&rootrrset, &rdata);
377 if (!inrrset(&hintrrset, &rdata))
378 report(view, name, ISC_TRUE, &rdata);
379 dns_rdata_reset(&rdata);
380 result = dns_rdataset_next(&rootrrset);
382 result = dns_rdataset_first(&hintrrset);
383 while (result == ISC_R_SUCCESS) {
384 dns_rdataset_current(&hintrrset, &rdata);
385 if (!inrrset(&rootrrset, &rdata))
386 report(view, name, ISC_FALSE, &rdata);
387 dns_rdata_reset(&rdata);
388 result = dns_rdataset_next(&hintrrset);
391 if (hresult == ISC_R_NOTFOUND &&
392 (rresult == ISC_R_SUCCESS || rresult == DNS_R_GLUE)) {
393 result = dns_rdataset_first(&rootrrset);
394 while (result == ISC_R_SUCCESS) {
395 dns_rdataset_current(&rootrrset, &rdata);
396 report(view, name, ISC_TRUE, &rdata);
397 dns_rdata_reset(&rdata);
398 result = dns_rdataset_next(&rootrrset);
401 if (dns_rdataset_isassociated(&rootrrset))
402 dns_rdataset_disassociate(&rootrrset);
403 if (dns_rdataset_isassociated(&hintrrset))
404 dns_rdataset_disassociate(&hintrrset);
408 dns_root_checkhints(dns_view_t *view, dns_db_t *hints, dns_db_t *db) {
410 dns_rdata_t rdata = DNS_RDATA_INIT;
412 dns_rdataset_t hintns, rootns;
413 const char *viewname = "", *sep = "";
416 dns_fixedname_t fixed;
418 REQUIRE(hints != NULL);
420 REQUIRE(view != NULL);
422 isc_stdtime_get(&now);
424 if (strcmp(view->name, "_bind") != 0 &&
425 strcmp(view->name, "_default") != 0) {
426 viewname = view->name;
430 dns_rdataset_init(&hintns);
431 dns_rdataset_init(&rootns);
432 dns_fixedname_init(&fixed);
433 name = dns_fixedname_name(&fixed);
435 result = dns_db_find(hints, dns_rootname, NULL, dns_rdatatype_ns, 0,
436 now, NULL, name, &hintns, NULL);
437 if (result != ISC_R_SUCCESS) {
438 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
439 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING,
440 "checkhints%s%s: unable to get root NS rrset "
441 "from hints: %s", sep, viewname,
442 dns_result_totext(result));
446 result = dns_db_find(db, dns_rootname, NULL, dns_rdatatype_ns, 0,
447 now, NULL, name, &rootns, NULL);
448 if (result != ISC_R_SUCCESS) {
449 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
450 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING,
451 "checkhints%s%s: unable to get root NS rrset "
452 "from cache: %s", sep, viewname,
453 dns_result_totext(result));
458 * Look for missing root NS names.
460 result = dns_rdataset_first(&rootns);
461 while (result == ISC_R_SUCCESS) {
462 dns_rdataset_current(&rootns, &rdata);
463 result = dns_rdata_tostruct(&rdata, &ns, NULL);
464 RUNTIME_CHECK(result == ISC_R_SUCCESS);
465 result = in_rootns(&hintns, &ns.name);
466 if (result != ISC_R_SUCCESS) {
467 char namebuf[DNS_NAME_FORMATSIZE];
468 /* missing from hints */
469 dns_name_format(&ns.name, namebuf, sizeof(namebuf));
470 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
471 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING,
472 "checkhints%s%s: unable to find root "
473 "NS '%s' in hints", sep, viewname,
476 check_address_records(view, hints, db, &ns.name, now);
477 dns_rdata_reset(&rdata);
478 result = dns_rdataset_next(&rootns);
480 if (result != ISC_R_NOMORE) {
485 * Look for extra root NS names.
487 result = dns_rdataset_first(&hintns);
488 while (result == ISC_R_SUCCESS) {
489 dns_rdataset_current(&hintns, &rdata);
490 result = dns_rdata_tostruct(&rdata, &ns, NULL);
491 RUNTIME_CHECK(result == ISC_R_SUCCESS);
492 result = in_rootns(&rootns, &ns.name);
493 if (result != ISC_R_SUCCESS) {
494 char namebuf[DNS_NAME_FORMATSIZE];
495 /* extra entry in hints */
496 dns_name_format(&ns.name, namebuf, sizeof(namebuf));
497 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
498 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING,
499 "checkhints%s%s: extra NS '%s' in hints",
500 sep, viewname, namebuf);
502 dns_rdata_reset(&rdata);
503 result = dns_rdataset_next(&hintns);
505 if (result != ISC_R_NOMORE) {
510 if (dns_rdataset_isassociated(&rootns))
511 dns_rdataset_disassociate(&rootns);
512 if (dns_rdataset_isassociated(&hintns))
513 dns_rdataset_disassociate(&hintns);