2 * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
3 * Copyright (C) 1999-2003 Internet Software Consortium.
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15 * PERFORMANCE OF THIS SOFTWARE.
26 #include <isc/print.h>
28 #include <isc/stats.h>
29 #include <isc/string.h> /* Required for HP/UX (and others?) */
33 #include <dns/acache.h>
36 #include <dns/cache.h>
40 #include <dns/dns64.h>
42 #include <dns/dnssec.h>
43 #include <dns/events.h>
44 #include <dns/forward.h>
45 #include <dns/keytable.h>
46 #include <dns/keyvalues.h>
47 #include <dns/master.h>
48 #include <dns/masterdump.h>
49 #include <dns/order.h>
52 #include <dns/rdataset.h>
53 #include <dns/request.h>
54 #include <dns/resolver.h>
55 #include <dns/result.h>
57 #include <dns/stats.h>
62 #define RESSHUTDOWN(v) (((v)->attributes & DNS_VIEWATTR_RESSHUTDOWN) != 0)
63 #define ADBSHUTDOWN(v) (((v)->attributes & DNS_VIEWATTR_ADBSHUTDOWN) != 0)
64 #define REQSHUTDOWN(v) (((v)->attributes & DNS_VIEWATTR_REQSHUTDOWN) != 0)
66 #define DNS_VIEW_DELONLYHASH 111
68 static void resolver_shutdown(isc_task_t *task, isc_event_t *event);
69 static void adb_shutdown(isc_task_t *task, isc_event_t *event);
70 static void req_shutdown(isc_task_t *task, isc_event_t *event);
73 dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass,
74 const char *name, dns_view_t **viewp)
83 REQUIRE(name != NULL);
84 REQUIRE(viewp != NULL && *viewp == NULL);
86 view = isc_mem_get(mctx, sizeof(*view));
88 return (ISC_R_NOMEMORY);
91 isc_mem_attach(mctx, &view->mctx);
92 view->name = isc_mem_strdup(mctx, name);
93 if (view->name == NULL) {
94 result = ISC_R_NOMEMORY;
97 result = isc_mutex_init(&view->lock);
98 if (result != ISC_R_SUCCESS)
101 view->zonetable = NULL;
103 result = dns_zt_create(mctx, rdclass, &view->zonetable);
104 if (result != ISC_R_SUCCESS) {
105 UNEXPECTED_ERROR(__FILE__, __LINE__,
106 "dns_zt_create() failed: %s",
107 isc_result_totext(result));
108 result = ISC_R_UNEXPECTED;
112 view->secroots_priv = NULL;
113 view->fwdtable = NULL;
114 result = dns_fwdtable_create(mctx, &view->fwdtable);
115 if (result != ISC_R_SUCCESS) {
116 UNEXPECTED_ERROR(__FILE__, __LINE__,
117 "dns_fwdtable_create() failed: %s",
118 isc_result_totext(result));
119 result = ISC_R_UNEXPECTED;
125 view->cachedb = NULL;
126 view->dlzdatabase = NULL;
128 view->resolver = NULL;
130 view->requestmgr = NULL;
131 view->rdclass = rdclass;
132 view->frozen = ISC_FALSE;
134 result = isc_refcount_init(&view->references, 1);
135 if (result != ISC_R_SUCCESS)
136 goto cleanup_fwdtable;
138 view->attributes = (DNS_VIEWATTR_RESSHUTDOWN|DNS_VIEWATTR_ADBSHUTDOWN|
139 DNS_VIEWATTR_REQSHUTDOWN);
140 view->statickeys = NULL;
141 view->dynamickeys = NULL;
142 view->matchclients = NULL;
143 view->matchdestinations = NULL;
144 view->matchrecursiveonly = ISC_FALSE;
145 result = dns_tsigkeyring_create(view->mctx, &view->dynamickeys);
146 if (result != ISC_R_SUCCESS)
147 goto cleanup_references;
150 view->delonly = NULL;
151 view->rootdelonly = ISC_FALSE;
152 view->rootexclude = NULL;
153 view->resstats = NULL;
154 view->resquerystats = NULL;
155 view->cacheshared = ISC_FALSE;
156 ISC_LIST_INIT(view->dns64);
160 * Initialize configuration data with default values.
162 view->recursion = ISC_TRUE;
163 view->auth_nxdomain = ISC_FALSE; /* Was true in BIND 8 */
164 view->additionalfromcache = ISC_TRUE;
165 view->additionalfromauth = ISC_TRUE;
166 view->enablednssec = ISC_TRUE;
167 view->enablevalidation = ISC_TRUE;
168 view->acceptexpired = ISC_FALSE;
169 view->minimalresponses = ISC_FALSE;
170 view->transfer_format = dns_one_answer;
171 view->cacheacl = NULL;
172 view->cacheonacl = NULL;
173 view->queryacl = NULL;
174 view->queryonacl = NULL;
175 view->recursionacl = NULL;
176 view->recursiononacl = NULL;
177 view->sortlist = NULL;
178 view->transferacl = NULL;
179 view->notifyacl = NULL;
180 view->updateacl = NULL;
181 view->upfwdacl = NULL;
182 view->denyansweracl = NULL;
183 view->answeracl_exclude = NULL;
184 view->denyanswernames = NULL;
185 view->answernames_exclude = NULL;
186 view->requestixfr = ISC_TRUE;
187 view->provideixfr = ISC_TRUE;
188 view->maxcachettl = 7 * 24 * 3600;
189 view->maxncachettl = 3 * 3600;
191 view->preferred_glue = 0;
192 view->flush = ISC_FALSE;
195 view->v4_aaaa = dns_v4_aaaa_ok;
196 view->v4_aaaa_acl = NULL;
197 ISC_LIST_INIT(view->rpz_zones);
198 view->rpz_recursive_only = ISC_TRUE;
199 view->rpz_break_dnssec = ISC_FALSE;
200 dns_fixedname_init(&view->dlv_fixed);
201 view->managed_keys = NULL;
203 view->new_zone_file = NULL;
204 view->new_zone_config = NULL;
205 view->cfg_destroy = NULL;
207 result = dns_order_create(view->mctx, &view->order);
208 if (result != ISC_R_SUCCESS)
209 goto cleanup_dynkeys;
212 result = dns_peerlist_new(view->mctx, &view->peers);
213 if (result != ISC_R_SUCCESS)
216 result = dns_aclenv_init(view->mctx, &view->aclenv);
217 if (result != ISC_R_SUCCESS)
218 goto cleanup_peerlist;
220 ISC_LINK_INIT(view, link);
221 ISC_EVENT_INIT(&view->resevent, sizeof(view->resevent), 0, NULL,
222 DNS_EVENT_VIEWRESSHUTDOWN, resolver_shutdown,
223 view, NULL, NULL, NULL);
224 ISC_EVENT_INIT(&view->adbevent, sizeof(view->adbevent), 0, NULL,
225 DNS_EVENT_VIEWADBSHUTDOWN, adb_shutdown,
226 view, NULL, NULL, NULL);
227 ISC_EVENT_INIT(&view->reqevent, sizeof(view->reqevent), 0, NULL,
228 DNS_EVENT_VIEWREQSHUTDOWN, req_shutdown,
229 view, NULL, NULL, NULL);
230 view->viewlist = NULL;
231 view->magic = DNS_VIEW_MAGIC;
235 return (ISC_R_SUCCESS);
238 dns_peerlist_detach(&view->peers);
242 dns_order_detach(&view->order);
246 dns_tsigkeyring_detach(&view->dynamickeys);
249 isc_refcount_destroy(&view->references);
252 dns_fwdtable_destroy(&view->fwdtable);
256 dns_zt_detach(&view->zonetable);
260 DESTROYLOCK(&view->lock);
263 isc_mem_free(mctx, view->name);
266 isc_mem_putanddetach(&view->mctx, view, sizeof(*view));
272 destroy(dns_view_t *view) {
277 REQUIRE(!ISC_LINK_LINKED(view, link));
278 REQUIRE(isc_refcount_current(&view->references) == 0);
279 REQUIRE(view->weakrefs == 0);
280 REQUIRE(RESSHUTDOWN(view));
281 REQUIRE(ADBSHUTDOWN(view));
282 REQUIRE(REQSHUTDOWN(view));
285 if (view->order != NULL)
286 dns_order_detach(&view->order);
288 if (view->peers != NULL)
289 dns_peerlist_detach(&view->peers);
291 if (view->dynamickeys != NULL) {
298 n = snprintf(keyfile, sizeof(keyfile), "%s.tsigkeys",
300 if (n > 0 && (size_t)n < sizeof(keyfile)) {
301 result = isc_file_mktemplate(keyfile, template,
303 if (result == ISC_R_SUCCESS)
304 (void)isc_file_openuniqueprivate(template, &fp);
307 dns_tsigkeyring_detach(&view->dynamickeys);
309 result = dns_tsigkeyring_dumpanddetach(
310 &view->dynamickeys, fp);
311 if (result == ISC_R_SUCCESS) {
313 result = isc_file_rename(template,
315 if (result != ISC_R_SUCCESS)
316 (void)remove(template);
319 (void)remove(template);
323 if (view->statickeys != NULL)
324 dns_tsigkeyring_detach(&view->statickeys);
325 if (view->adb != NULL)
326 dns_adb_detach(&view->adb);
327 if (view->resolver != NULL)
328 dns_resolver_detach(&view->resolver);
330 if (view->acache != NULL) {
331 if (view->cachedb != NULL)
332 dns_acache_putdb(view->acache, view->cachedb);
333 dns_acache_detach(&view->acache);
335 dns_rpz_view_destroy(view);
337 INSIST(view->acache == NULL);
338 INSIST(ISC_LIST_EMPTY(view->rpz_zones));
340 if (view->requestmgr != NULL)
341 dns_requestmgr_detach(&view->requestmgr);
342 if (view->task != NULL)
343 isc_task_detach(&view->task);
344 if (view->hints != NULL)
345 dns_db_detach(&view->hints);
346 if (view->dlzdatabase != NULL)
347 dns_dlzdestroy(&view->dlzdatabase);
348 if (view->cachedb != NULL)
349 dns_db_detach(&view->cachedb);
350 if (view->cache != NULL)
351 dns_cache_detach(&view->cache);
352 if (view->matchclients != NULL)
353 dns_acl_detach(&view->matchclients);
354 if (view->matchdestinations != NULL)
355 dns_acl_detach(&view->matchdestinations);
356 if (view->cacheacl != NULL)
357 dns_acl_detach(&view->cacheacl);
358 if (view->cacheonacl != NULL)
359 dns_acl_detach(&view->cacheonacl);
360 if (view->queryacl != NULL)
361 dns_acl_detach(&view->queryacl);
362 if (view->queryonacl != NULL)
363 dns_acl_detach(&view->queryonacl);
364 if (view->recursionacl != NULL)
365 dns_acl_detach(&view->recursionacl);
366 if (view->recursiononacl != NULL)
367 dns_acl_detach(&view->recursiononacl);
368 if (view->sortlist != NULL)
369 dns_acl_detach(&view->sortlist);
370 if (view->transferacl != NULL)
371 dns_acl_detach(&view->transferacl);
372 if (view->notifyacl != NULL)
373 dns_acl_detach(&view->notifyacl);
374 if (view->updateacl != NULL)
375 dns_acl_detach(&view->updateacl);
376 if (view->upfwdacl != NULL)
377 dns_acl_detach(&view->upfwdacl);
378 if (view->denyansweracl != NULL)
379 dns_acl_detach(&view->denyansweracl);
380 if (view->v4_aaaa_acl != NULL)
381 dns_acl_detach(&view->v4_aaaa_acl);
382 if (view->answeracl_exclude != NULL)
383 dns_rbt_destroy(&view->answeracl_exclude);
384 if (view->denyanswernames != NULL)
385 dns_rbt_destroy(&view->denyanswernames);
386 if (view->answernames_exclude != NULL)
387 dns_rbt_destroy(&view->answernames_exclude);
388 if (view->delonly != NULL) {
392 for (i = 0; i < DNS_VIEW_DELONLYHASH; i++) {
393 name = ISC_LIST_HEAD(view->delonly[i]);
394 while (name != NULL) {
395 ISC_LIST_UNLINK(view->delonly[i], name, link);
396 dns_name_free(name, view->mctx);
397 isc_mem_put(view->mctx, name, sizeof(*name));
398 name = ISC_LIST_HEAD(view->delonly[i]);
401 isc_mem_put(view->mctx, view->delonly, sizeof(dns_namelist_t) *
402 DNS_VIEW_DELONLYHASH);
403 view->delonly = NULL;
405 if (view->rootexclude != NULL) {
409 for (i = 0; i < DNS_VIEW_DELONLYHASH; i++) {
410 name = ISC_LIST_HEAD(view->rootexclude[i]);
411 while (name != NULL) {
412 ISC_LIST_UNLINK(view->rootexclude[i],
414 dns_name_free(name, view->mctx);
415 isc_mem_put(view->mctx, name, sizeof(*name));
416 name = ISC_LIST_HEAD(view->rootexclude[i]);
419 isc_mem_put(view->mctx, view->rootexclude,
420 sizeof(dns_namelist_t) * DNS_VIEW_DELONLYHASH);
421 view->rootexclude = NULL;
423 if (view->resstats != NULL)
424 isc_stats_detach(&view->resstats);
425 if (view->resquerystats != NULL)
426 dns_stats_detach(&view->resquerystats);
427 if (view->secroots_priv != NULL)
428 dns_keytable_detach(&view->secroots_priv);
430 for (dns64 = ISC_LIST_HEAD(view->dns64);
432 dns64 = ISC_LIST_HEAD(view->dns64)) {
433 dns_dns64_unlink(&view->dns64, dns64);
434 dns_dns64_destroy(&dns64);
436 if (view->managed_keys != NULL)
437 dns_zone_detach(&view->managed_keys);
438 dns_view_setnewzones(view, ISC_FALSE, NULL, NULL);
440 dns_fwdtable_destroy(&view->fwdtable);
441 dns_aclenv_destroy(&view->aclenv);
442 DESTROYLOCK(&view->lock);
443 isc_refcount_destroy(&view->references);
444 isc_mem_free(view->mctx, view->name);
445 isc_mem_putanddetach(&view->mctx, view, sizeof(*view));
449 * Return true iff 'view' may be freed.
450 * The caller must be holding the view lock.
453 all_done(dns_view_t *view) {
455 if (isc_refcount_current(&view->references) == 0 &&
456 view->weakrefs == 0 &&
457 RESSHUTDOWN(view) && ADBSHUTDOWN(view) && REQSHUTDOWN(view))
464 dns_view_attach(dns_view_t *source, dns_view_t **targetp) {
466 REQUIRE(DNS_VIEW_VALID(source));
467 REQUIRE(targetp != NULL && *targetp == NULL);
469 isc_refcount_increment(&source->references, NULL);
475 view_flushanddetach(dns_view_t **viewp, isc_boolean_t flush) {
478 isc_boolean_t done = ISC_FALSE;
480 REQUIRE(viewp != NULL);
482 REQUIRE(DNS_VIEW_VALID(view));
485 view->flush = ISC_TRUE;
486 isc_refcount_decrement(&view->references, &refs);
489 dns_zone_t *mkzone = NULL;
493 if (!RESSHUTDOWN(view))
494 dns_resolver_shutdown(view->resolver);
495 if (!ADBSHUTDOWN(view))
496 dns_adb_shutdown(view->adb);
497 if (!REQSHUTDOWN(view))
498 dns_requestmgr_shutdown(view->requestmgr);
500 if (view->acache != NULL)
501 dns_acache_shutdown(view->acache);
503 dns_zt_flushanddetach(&view->zonetable);
505 dns_zt_detach(&view->zonetable);
506 if (view->managed_keys != NULL) {
507 mkzone = view->managed_keys;
508 view->managed_keys = NULL;
510 dns_zone_flush(mkzone);
513 done = all_done(view);
517 /* Need to detach zones outside view lock */
519 dns_zone_detach(&mkzone);
530 dns_view_flushanddetach(dns_view_t **viewp) {
531 view_flushanddetach(viewp, ISC_TRUE);
535 dns_view_detach(dns_view_t **viewp) {
536 view_flushanddetach(viewp, ISC_FALSE);
541 dialup(dns_zone_t *zone, void *dummy) {
543 dns_zone_dialup(zone);
544 return (ISC_R_SUCCESS);
548 dns_view_dialup(dns_view_t *view) {
549 REQUIRE(DNS_VIEW_VALID(view));
550 REQUIRE(view->zonetable != NULL);
552 (void)dns_zt_apply(view->zonetable, ISC_FALSE, dialup, NULL);
557 dns_view_weakattach(dns_view_t *source, dns_view_t **targetp) {
559 REQUIRE(DNS_VIEW_VALID(source));
560 REQUIRE(targetp != NULL && *targetp == NULL);
564 UNLOCK(&source->lock);
570 dns_view_weakdetach(dns_view_t **viewp) {
572 isc_boolean_t done = ISC_FALSE;
574 REQUIRE(viewp != NULL);
576 REQUIRE(DNS_VIEW_VALID(view));
580 INSIST(view->weakrefs > 0);
582 done = all_done(view);
593 resolver_shutdown(isc_task_t *task, isc_event_t *event) {
594 dns_view_t *view = event->ev_arg;
597 REQUIRE(event->ev_type == DNS_EVENT_VIEWRESSHUTDOWN);
598 REQUIRE(DNS_VIEW_VALID(view));
599 REQUIRE(view->task == task);
605 view->attributes |= DNS_VIEWATTR_RESSHUTDOWN;
606 done = all_done(view);
610 isc_event_free(&event);
617 adb_shutdown(isc_task_t *task, isc_event_t *event) {
618 dns_view_t *view = event->ev_arg;
621 REQUIRE(event->ev_type == DNS_EVENT_VIEWADBSHUTDOWN);
622 REQUIRE(DNS_VIEW_VALID(view));
623 REQUIRE(view->task == task);
629 view->attributes |= DNS_VIEWATTR_ADBSHUTDOWN;
630 done = all_done(view);
634 isc_event_free(&event);
641 req_shutdown(isc_task_t *task, isc_event_t *event) {
642 dns_view_t *view = event->ev_arg;
645 REQUIRE(event->ev_type == DNS_EVENT_VIEWREQSHUTDOWN);
646 REQUIRE(DNS_VIEW_VALID(view));
647 REQUIRE(view->task == task);
653 view->attributes |= DNS_VIEWATTR_REQSHUTDOWN;
654 done = all_done(view);
658 isc_event_free(&event);
665 dns_view_createresolver(dns_view_t *view,
666 isc_taskmgr_t *taskmgr, unsigned int ntasks,
667 isc_socketmgr_t *socketmgr,
668 isc_timermgr_t *timermgr,
669 unsigned int options,
670 dns_dispatchmgr_t *dispatchmgr,
671 dns_dispatch_t *dispatchv4,
672 dns_dispatch_t *dispatchv6)
676 isc_mem_t *mctx = NULL;
678 REQUIRE(DNS_VIEW_VALID(view));
679 REQUIRE(!view->frozen);
680 REQUIRE(view->resolver == NULL);
682 result = isc_task_create(taskmgr, 0, &view->task);
683 if (result != ISC_R_SUCCESS)
685 isc_task_setname(view->task, "view", view);
687 result = dns_resolver_create(view, taskmgr, ntasks, socketmgr,
688 timermgr, options, dispatchmgr,
689 dispatchv4, dispatchv6,
691 if (result != ISC_R_SUCCESS) {
692 isc_task_detach(&view->task);
695 event = &view->resevent;
696 dns_resolver_whenshutdown(view->resolver, view->task, &event);
697 view->attributes &= ~DNS_VIEWATTR_RESSHUTDOWN;
699 result = isc_mem_create(0, 0, &mctx);
700 if (result != ISC_R_SUCCESS) {
701 dns_resolver_shutdown(view->resolver);
705 result = dns_adb_create(mctx, view, timermgr, taskmgr, &view->adb);
706 isc_mem_setname(mctx, "ADB", NULL);
707 isc_mem_detach(&mctx);
708 if (result != ISC_R_SUCCESS) {
709 dns_resolver_shutdown(view->resolver);
712 event = &view->adbevent;
713 dns_adb_whenshutdown(view->adb, view->task, &event);
714 view->attributes &= ~DNS_VIEWATTR_ADBSHUTDOWN;
716 result = dns_requestmgr_create(view->mctx, timermgr, socketmgr,
717 dns_resolver_taskmgr(view->resolver),
718 dns_resolver_dispatchmgr(view->resolver),
719 dns_resolver_dispatchv4(view->resolver),
720 dns_resolver_dispatchv6(view->resolver),
722 if (result != ISC_R_SUCCESS) {
723 dns_adb_shutdown(view->adb);
724 dns_resolver_shutdown(view->resolver);
727 event = &view->reqevent;
728 dns_requestmgr_whenshutdown(view->requestmgr, view->task, &event);
729 view->attributes &= ~DNS_VIEWATTR_REQSHUTDOWN;
731 return (ISC_R_SUCCESS);
735 dns_view_setcache(dns_view_t *view, dns_cache_t *cache) {
736 dns_view_setcache2(view, cache, ISC_FALSE);
740 dns_view_setcache2(dns_view_t *view, dns_cache_t *cache, isc_boolean_t shared) {
741 REQUIRE(DNS_VIEW_VALID(view));
742 REQUIRE(!view->frozen);
744 view->cacheshared = shared;
745 if (view->cache != NULL) {
747 if (view->acache != NULL)
748 dns_acache_putdb(view->acache, view->cachedb);
750 dns_db_detach(&view->cachedb);
751 dns_cache_detach(&view->cache);
753 dns_cache_attach(cache, &view->cache);
754 dns_cache_attachdb(cache, &view->cachedb);
755 INSIST(DNS_DB_VALID(view->cachedb));
758 if (view->acache != NULL)
759 dns_acache_setdb(view->acache, view->cachedb);
764 dns_view_iscacheshared(dns_view_t *view) {
765 REQUIRE(DNS_VIEW_VALID(view));
767 return (view->cacheshared);
771 dns_view_sethints(dns_view_t *view, dns_db_t *hints) {
772 REQUIRE(DNS_VIEW_VALID(view));
773 REQUIRE(!view->frozen);
774 REQUIRE(view->hints == NULL);
775 REQUIRE(dns_db_iszone(hints));
777 dns_db_attach(hints, &view->hints);
781 dns_view_setkeyring(dns_view_t *view, dns_tsig_keyring_t *ring) {
782 REQUIRE(DNS_VIEW_VALID(view));
783 REQUIRE(ring != NULL);
784 if (view->statickeys != NULL)
785 dns_tsigkeyring_detach(&view->statickeys);
786 dns_tsigkeyring_attach(ring, &view->statickeys);
790 dns_view_setdynamickeyring(dns_view_t *view, dns_tsig_keyring_t *ring) {
791 REQUIRE(DNS_VIEW_VALID(view));
792 REQUIRE(ring != NULL);
793 if (view->dynamickeys != NULL)
794 dns_tsigkeyring_detach(&view->dynamickeys);
795 dns_tsigkeyring_attach(ring, &view->dynamickeys);
799 dns_view_getdynamickeyring(dns_view_t *view, dns_tsig_keyring_t **ringp) {
800 REQUIRE(DNS_VIEW_VALID(view));
801 REQUIRE(ringp != NULL && *ringp == NULL);
802 if (view->dynamickeys != NULL)
803 dns_tsigkeyring_attach(view->dynamickeys, ringp);
807 dns_view_restorekeyring(dns_view_t *view) {
812 REQUIRE(DNS_VIEW_VALID(view));
814 if (view->dynamickeys != NULL) {
815 n = snprintf(keyfile, sizeof(keyfile), "%s.tsigkeys",
817 if (n > 0 && (size_t)n < sizeof(keyfile)) {
818 fp = fopen(keyfile, "r");
820 dns_keyring_restore(view->dynamickeys, fp);
828 dns_view_setdstport(dns_view_t *view, in_port_t dstport) {
829 REQUIRE(DNS_VIEW_VALID(view));
830 view->dstport = dstport;
834 dns_view_freeze(dns_view_t *view) {
835 REQUIRE(DNS_VIEW_VALID(view));
836 REQUIRE(!view->frozen);
838 if (view->resolver != NULL) {
839 INSIST(view->cachedb != NULL);
840 dns_resolver_freeze(view->resolver);
842 view->frozen = ISC_TRUE;
847 dns_view_thaw(dns_view_t *view) {
848 REQUIRE(DNS_VIEW_VALID(view));
849 REQUIRE(view->frozen);
851 view->frozen = ISC_FALSE;
855 dns_view_addzone(dns_view_t *view, dns_zone_t *zone) {
858 REQUIRE(DNS_VIEW_VALID(view));
859 REQUIRE(!view->frozen);
860 REQUIRE(view->zonetable != NULL);
862 result = dns_zt_mount(view->zonetable, zone);
870 dns_view_findzone(dns_view_t *view, dns_name_t *name, dns_zone_t **zonep) {
873 REQUIRE(DNS_VIEW_VALID(view));
876 if (view->zonetable != NULL) {
877 result = dns_zt_find(view->zonetable, name, 0, NULL, zonep);
878 if (result == DNS_R_PARTIALMATCH) {
879 dns_zone_detach(zonep);
880 result = ISC_R_NOTFOUND;
883 result = ISC_R_NOTFOUND;
891 dns_view_find(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type,
892 isc_stdtime_t now, unsigned int options, isc_boolean_t use_hints,
893 dns_db_t **dbp, dns_dbnode_t **nodep, dns_name_t *foundname,
894 dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset) {
895 return (dns_view_find2(view, name, type, now, options, use_hints,
896 ISC_FALSE, dbp, nodep, foundname, rdataset,
901 dns_view_find2(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type,
902 isc_stdtime_t now, unsigned int options,
903 isc_boolean_t use_hints, isc_boolean_t use_static_stub,
904 dns_db_t **dbp, dns_dbnode_t **nodep, dns_name_t *foundname,
905 dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset)
909 dns_dbnode_t *node, *znode;
910 isc_boolean_t is_cache, is_staticstub_zone;
911 dns_rdataset_t zrdataset, zsigrdataset;
916 UNUSED(use_static_stub);
921 * Find an rdataset whose owner name is 'name', and whose type is
925 REQUIRE(DNS_VIEW_VALID(view));
926 REQUIRE(view->frozen);
927 REQUIRE(type != dns_rdatatype_rrsig);
928 REQUIRE(rdataset != NULL); /* XXXBEW - remove this */
929 REQUIRE(nodep == NULL || *nodep == NULL);
934 dns_rdataset_init(&zrdataset);
935 dns_rdataset_init(&zsigrdataset);
940 * Find a database to answer the query.
944 is_staticstub_zone = ISC_FALSE;
948 if (view->zonetable != NULL)
949 result = dns_zt_find(view->zonetable, name, 0, NULL, &zone);
951 result = ISC_R_NOTFOUND;
953 if (zone != NULL && dns_zone_gettype(zone) == dns_zone_staticstub &&
955 result = ISC_R_NOTFOUND;
957 if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH) {
958 result = dns_zone_getdb(zone, &db);
959 if (result != ISC_R_SUCCESS && view->cachedb != NULL)
960 dns_db_attach(view->cachedb, &db);
961 else if (result != ISC_R_SUCCESS)
963 if (dns_zone_gettype(zone) == dns_zone_staticstub &&
964 dns_name_equal(name, dns_zone_getorigin(zone))) {
965 is_staticstub_zone = ISC_TRUE;
967 } else if (result == ISC_R_NOTFOUND && view->cachedb != NULL)
968 dns_db_attach(view->cachedb, &db);
970 result = ISC_R_NOTFOUND;
971 if (view->cachedb != NULL)
972 dns_db_attach(view->cachedb, &db);
977 is_cache = dns_db_iscache(db);
981 * Now look for an answer in the database.
983 result = dns_db_find(db, name, NULL, type, options,
984 now, &node, foundname, rdataset, sigrdataset);
986 if (result == DNS_R_DELEGATION || result == ISC_R_NOTFOUND) {
987 if (dns_rdataset_isassociated(rdataset))
988 dns_rdataset_disassociate(rdataset);
989 if (sigrdataset != NULL &&
990 dns_rdataset_isassociated(sigrdataset))
991 dns_rdataset_disassociate(sigrdataset);
993 dns_db_detachnode(db, &node);
996 if (view->cachedb != NULL && !is_staticstub_zone) {
998 * Either the answer is in the cache, or we
1000 * Note that if the result comes from a
1001 * static-stub zone we stop the search here
1002 * (see the function description in view.h).
1004 is_cache = ISC_TRUE;
1005 dns_db_attach(view->cachedb, &db);
1010 * We don't have the data in the cache. If we've got
1011 * glue from the zone, use it.
1013 if (dns_rdataset_isassociated(&zrdataset)) {
1014 dns_rdataset_clone(&zrdataset, rdataset);
1015 if (sigrdataset != NULL &&
1016 dns_rdataset_isassociated(&zsigrdataset))
1017 dns_rdataset_clone(&zsigrdataset,
1019 result = DNS_R_GLUE;
1022 dns_db_attach(zdb, &db);
1023 dns_db_attachnode(db, znode, &node);
1028 * We don't know the answer.
1030 result = ISC_R_NOTFOUND;
1031 } else if (result == DNS_R_GLUE) {
1032 if (view->cachedb != NULL && !is_staticstub_zone) {
1034 * We found an answer, but the cache may be better.
1035 * Remember what we've got and go look in the cache.
1037 is_cache = ISC_TRUE;
1038 dns_rdataset_clone(rdataset, &zrdataset);
1039 dns_rdataset_disassociate(rdataset);
1040 if (sigrdataset != NULL &&
1041 dns_rdataset_isassociated(sigrdataset)) {
1042 dns_rdataset_clone(sigrdataset, &zsigrdataset);
1043 dns_rdataset_disassociate(sigrdataset);
1045 dns_db_attach(db, &zdb);
1046 dns_db_attachnode(zdb, node, &znode);
1047 dns_db_detachnode(db, &node);
1049 dns_db_attach(view->cachedb, &db);
1053 * Otherwise, the glue is the best answer.
1055 result = ISC_R_SUCCESS;
1059 if (result == ISC_R_NOTFOUND && use_hints && view->hints != NULL) {
1060 if (dns_rdataset_isassociated(rdataset))
1061 dns_rdataset_disassociate(rdataset);
1062 if (sigrdataset != NULL &&
1063 dns_rdataset_isassociated(sigrdataset))
1064 dns_rdataset_disassociate(sigrdataset);
1067 dns_db_detachnode(db, &node);
1070 result = dns_db_find(view->hints, name, NULL, type, options,
1071 now, &node, foundname,
1072 rdataset, sigrdataset);
1073 if (result == ISC_R_SUCCESS || result == DNS_R_GLUE) {
1075 * We just used a hint. Let the resolver know it
1076 * should consider priming.
1078 dns_resolver_prime(view->resolver);
1079 dns_db_attach(view->hints, &db);
1080 result = DNS_R_HINT;
1081 } else if (result == DNS_R_NXRRSET) {
1082 dns_db_attach(view->hints, &db);
1083 result = DNS_R_HINTNXRRSET;
1084 } else if (result == DNS_R_NXDOMAIN)
1085 result = ISC_R_NOTFOUND;
1088 * Cleanup if non-standard hints are used.
1090 if (db == NULL && node != NULL)
1091 dns_db_detachnode(view->hints, &node);
1096 if (dns_rdataset_isassociated(&zrdataset)) {
1097 dns_rdataset_disassociate(&zrdataset);
1098 if (dns_rdataset_isassociated(&zsigrdataset))
1099 dns_rdataset_disassociate(&zsigrdataset);
1104 dns_db_detachnode(zdb, &znode);
1105 dns_db_detach(&zdb);
1113 dns_db_detachnode(db, &node);
1120 INSIST(node == NULL);
1124 dns_zone_detach(&zone);
1131 dns_view_simplefind(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type,
1132 isc_stdtime_t now, unsigned int options,
1133 isc_boolean_t use_hints,
1134 dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset)
1136 isc_result_t result;
1137 dns_fixedname_t foundname;
1139 dns_fixedname_init(&foundname);
1140 result = dns_view_find(view, name, type, now, options, use_hints,
1141 NULL, NULL, dns_fixedname_name(&foundname),
1142 rdataset, sigrdataset);
1143 if (result == DNS_R_NXDOMAIN) {
1145 * The rdataset and sigrdataset of the relevant NSEC record
1146 * may be returned, but the caller cannot use them because
1147 * foundname is not returned by this simplified API. We
1148 * disassociate them here to prevent any misuse by the caller.
1150 if (dns_rdataset_isassociated(rdataset))
1151 dns_rdataset_disassociate(rdataset);
1152 if (sigrdataset != NULL &&
1153 dns_rdataset_isassociated(sigrdataset))
1154 dns_rdataset_disassociate(sigrdataset);
1155 } else if (result != ISC_R_SUCCESS &&
1156 result != DNS_R_GLUE &&
1157 result != DNS_R_HINT &&
1158 result != DNS_R_NCACHENXDOMAIN &&
1159 result != DNS_R_NCACHENXRRSET &&
1160 result != DNS_R_NXRRSET &&
1161 result != DNS_R_HINTNXRRSET &&
1162 result != ISC_R_NOTFOUND) {
1163 if (dns_rdataset_isassociated(rdataset))
1164 dns_rdataset_disassociate(rdataset);
1165 if (sigrdataset != NULL &&
1166 dns_rdataset_isassociated(sigrdataset))
1167 dns_rdataset_disassociate(sigrdataset);
1168 result = ISC_R_NOTFOUND;
1175 dns_view_findzonecut(dns_view_t *view, dns_name_t *name, dns_name_t *fname,
1176 isc_stdtime_t now, unsigned int options,
1177 isc_boolean_t use_hints,
1178 dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset)
1180 return(dns_view_findzonecut2(view, name, fname, now, options,
1181 use_hints, ISC_TRUE,
1182 rdataset, sigrdataset));
1186 dns_view_findzonecut2(dns_view_t *view, dns_name_t *name, dns_name_t *fname,
1187 isc_stdtime_t now, unsigned int options,
1188 isc_boolean_t use_hints, isc_boolean_t use_cache,
1189 dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset)
1191 isc_result_t result;
1193 isc_boolean_t is_cache, use_zone, try_hints;
1196 dns_rdataset_t zrdataset, zsigrdataset;
1197 dns_fixedname_t zfixedname;
1203 REQUIRE(DNS_VIEW_VALID(view));
1204 REQUIRE(view->frozen);
1207 use_zone = ISC_FALSE;
1208 try_hints = ISC_FALSE;
1214 dns_fixedname_init(&zfixedname);
1215 dns_rdataset_init(&zrdataset);
1216 dns_rdataset_init(&zsigrdataset);
1219 * Find the right database.
1224 if (view->zonetable != NULL)
1225 result = dns_zt_find(view->zonetable, name, 0, NULL, &zone);
1227 result = ISC_R_NOTFOUND;
1228 if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH)
1229 result = dns_zone_getdb(zone, &db);
1230 UNLOCK(&view->lock);
1232 result = ISC_R_NOTFOUND;
1234 if (result == ISC_R_NOTFOUND) {
1236 * We're not directly authoritative for this query name, nor
1237 * is it a subdomain of any zone for which we're
1240 if (use_cache && view->cachedb != NULL) {
1242 * We have a cache; try it.
1244 dns_db_attach(view->cachedb, &db);
1247 * Maybe we have hints...
1249 try_hints = ISC_TRUE;
1252 } else if (result != ISC_R_SUCCESS) {
1254 * Something is broken.
1258 is_cache = dns_db_iscache(db);
1262 * Look for the zonecut.
1265 result = dns_db_find(db, name, NULL, dns_rdatatype_ns, options,
1266 now, NULL, fname, rdataset, sigrdataset);
1267 if (result == DNS_R_DELEGATION)
1268 result = ISC_R_SUCCESS;
1269 else if (result != ISC_R_SUCCESS)
1271 if (use_cache && view->cachedb != NULL && db != view->hints) {
1273 * We found an answer, but the cache may be better.
1275 zfname = dns_fixedname_name(&zfixedname);
1276 result = dns_name_copy(fname, zfname, NULL);
1277 if (result != ISC_R_SUCCESS)
1279 dns_rdataset_clone(rdataset, &zrdataset);
1280 dns_rdataset_disassociate(rdataset);
1281 if (sigrdataset != NULL &&
1282 dns_rdataset_isassociated(sigrdataset)) {
1283 dns_rdataset_clone(sigrdataset, &zsigrdataset);
1284 dns_rdataset_disassociate(sigrdataset);
1287 dns_db_attach(view->cachedb, &db);
1288 is_cache = ISC_TRUE;
1292 result = dns_db_findzonecut(db, name, options, now, NULL,
1293 fname, rdataset, sigrdataset);
1294 if (result == ISC_R_SUCCESS) {
1295 if (zfname != NULL &&
1296 (!dns_name_issubdomain(fname, zfname) ||
1297 (dns_zone_staticstub &&
1298 dns_name_equal(fname, zfname)))) {
1300 * We found a zonecut in the cache, but our
1301 * zone delegation is better.
1303 use_zone = ISC_TRUE;
1305 } else if (result == ISC_R_NOTFOUND) {
1306 if (zfname != NULL) {
1308 * We didn't find anything in the cache, but we
1309 * have a zone delegation, so use it.
1311 use_zone = ISC_TRUE;
1314 * Maybe we have hints...
1316 try_hints = ISC_TRUE;
1320 * Something bad happened.
1328 if (dns_rdataset_isassociated(rdataset)) {
1329 dns_rdataset_disassociate(rdataset);
1330 if (sigrdataset != NULL &&
1331 dns_rdataset_isassociated(sigrdataset))
1332 dns_rdataset_disassociate(sigrdataset);
1334 result = dns_name_copy(zfname, fname, NULL);
1335 if (result != ISC_R_SUCCESS)
1337 dns_rdataset_clone(&zrdataset, rdataset);
1338 if (sigrdataset != NULL &&
1339 dns_rdataset_isassociated(&zrdataset))
1340 dns_rdataset_clone(&zsigrdataset, sigrdataset);
1341 } else if (try_hints && use_hints && view->hints != NULL) {
1343 * We've found nothing so far, but we have hints.
1345 result = dns_db_find(view->hints, dns_rootname, NULL,
1346 dns_rdatatype_ns, 0, now, NULL, fname,
1348 if (result != ISC_R_SUCCESS) {
1350 * We can't even find the hints for the root
1353 if (dns_rdataset_isassociated(rdataset))
1354 dns_rdataset_disassociate(rdataset);
1355 result = ISC_R_NOTFOUND;
1360 if (dns_rdataset_isassociated(&zrdataset)) {
1361 dns_rdataset_disassociate(&zrdataset);
1362 if (dns_rdataset_isassociated(&zsigrdataset))
1363 dns_rdataset_disassociate(&zsigrdataset);
1369 dns_zone_detach(&zone);
1376 dns_viewlist_find(dns_viewlist_t *list, const char *name,
1377 dns_rdataclass_t rdclass, dns_view_t **viewp)
1381 REQUIRE(list != NULL);
1383 for (view = ISC_LIST_HEAD(*list);
1385 view = ISC_LIST_NEXT(view, link)) {
1386 if (strcmp(view->name, name) == 0 && view->rdclass == rdclass)
1390 return (ISC_R_NOTFOUND);
1392 dns_view_attach(view, viewp);
1394 return (ISC_R_SUCCESS);
1399 dns_viewlist_findzone(dns_viewlist_t *list, dns_name_t *name,
1400 isc_boolean_t allclasses, dns_rdataclass_t rdclass,
1404 isc_result_t result;
1405 dns_zone_t *zone1 = NULL, *zone2 = NULL;
1406 dns_zone_t **zp = NULL;;
1408 REQUIRE(list != NULL);
1409 for (view = ISC_LIST_HEAD(*list);
1411 view = ISC_LIST_NEXT(view, link)) {
1412 if (allclasses == ISC_FALSE && view->rdclass != rdclass)
1416 * If the zone is defined in more than one view,
1417 * treat it as not found.
1419 zp = (zone1 == NULL) ? &zone1 : &zone2;
1421 if (view->zonetable != NULL)
1422 result = dns_zt_find(view->zonetable, name, 0,
1425 result = ISC_R_NOTFOUND;
1426 UNLOCK(&view->lock);
1427 INSIST(result == ISC_R_SUCCESS ||
1428 result == ISC_R_NOTFOUND ||
1429 result == DNS_R_PARTIALMATCH);
1431 /* Treat a partial match as no match */
1432 if (result == DNS_R_PARTIALMATCH) {
1433 dns_zone_detach(zp);
1434 result = ISC_R_NOTFOUND;
1438 if (zone2 != NULL) {
1439 dns_zone_detach(&zone1);
1440 dns_zone_detach(&zone2);
1441 return (ISC_R_NOTFOUND);
1445 if (zone1 != NULL) {
1446 dns_zone_attach(zone1, zonep);
1447 dns_zone_detach(&zone1);
1448 return (ISC_R_SUCCESS);
1451 return (ISC_R_NOTFOUND);
1455 dns_view_load(dns_view_t *view, isc_boolean_t stop) {
1457 REQUIRE(DNS_VIEW_VALID(view));
1458 REQUIRE(view->zonetable != NULL);
1460 return (dns_zt_load(view->zonetable, stop));
1464 dns_view_loadnew(dns_view_t *view, isc_boolean_t stop) {
1466 REQUIRE(DNS_VIEW_VALID(view));
1467 REQUIRE(view->zonetable != NULL);
1469 return (dns_zt_loadnew(view->zonetable, stop));
1474 dns_view_gettsig(dns_view_t *view, dns_name_t *keyname, dns_tsigkey_t **keyp)
1476 isc_result_t result;
1477 REQUIRE(keyp != NULL && *keyp == NULL);
1479 result = dns_tsigkey_find(keyp, keyname, NULL,
1481 if (result == ISC_R_NOTFOUND)
1482 result = dns_tsigkey_find(keyp, keyname, NULL,
1488 dns_view_getpeertsig(dns_view_t *view, isc_netaddr_t *peeraddr,
1489 dns_tsigkey_t **keyp)
1491 isc_result_t result;
1492 dns_name_t *keyname = NULL;
1493 dns_peer_t *peer = NULL;
1495 result = dns_peerlist_peerbyaddr(view->peers, peeraddr, &peer);
1496 if (result != ISC_R_SUCCESS)
1499 result = dns_peer_getkey(peer, &keyname);
1500 if (result != ISC_R_SUCCESS)
1503 result = dns_view_gettsig(view, keyname, keyp);
1504 return ((result == ISC_R_NOTFOUND) ? ISC_R_FAILURE : result);
1508 dns_view_checksig(dns_view_t *view, isc_buffer_t *source, dns_message_t *msg) {
1509 REQUIRE(DNS_VIEW_VALID(view));
1510 REQUIRE(source != NULL);
1512 return (dns_tsig_verify(source, msg, view->statickeys,
1513 view->dynamickeys));
1518 dns_view_dumpdbtostream(dns_view_t *view, FILE *fp) {
1519 isc_result_t result;
1521 REQUIRE(DNS_VIEW_VALID(view));
1523 (void)fprintf(fp, ";\n; Cache dump of view '%s'\n;\n", view->name);
1524 result = dns_master_dumptostream(view->mctx, view->cachedb, NULL,
1525 &dns_master_style_cache, fp);
1526 if (result != ISC_R_SUCCESS)
1528 dns_adb_dump(view->adb, fp);
1529 dns_resolver_printbadcache(view->resolver, fp);
1530 return (ISC_R_SUCCESS);
1535 dns_view_flushcache(dns_view_t *view) {
1536 return (dns_view_flushcache2(view, ISC_FALSE));
1540 dns_view_flushcache2(dns_view_t *view, isc_boolean_t fixuponly) {
1541 isc_result_t result;
1543 REQUIRE(DNS_VIEW_VALID(view));
1545 if (view->cachedb == NULL)
1546 return (ISC_R_SUCCESS);
1548 result = dns_cache_flush(view->cache);
1549 if (result != ISC_R_SUCCESS)
1553 if (view->acache != NULL)
1554 dns_acache_putdb(view->acache, view->cachedb);
1556 dns_db_detach(&view->cachedb);
1557 dns_cache_attachdb(view->cache, &view->cachedb);
1559 if (view->acache != NULL)
1560 dns_acache_setdb(view->acache, view->cachedb);
1561 if (view->resolver != NULL)
1562 dns_resolver_flushbadcache(view->resolver, NULL);
1565 dns_adb_flush(view->adb);
1566 return (ISC_R_SUCCESS);
1570 dns_view_flushname(dns_view_t *view, dns_name_t *name) {
1572 REQUIRE(DNS_VIEW_VALID(view));
1574 if (view->adb != NULL)
1575 dns_adb_flushname(view->adb, name);
1576 if (view->cache == NULL)
1577 return (ISC_R_SUCCESS);
1578 if (view->resolver != NULL)
1579 dns_resolver_flushbadcache(view->resolver, name);
1580 return (dns_cache_flushname(view->cache, name));
1584 dns_view_adddelegationonly(dns_view_t *view, dns_name_t *name) {
1585 isc_result_t result;
1589 REQUIRE(DNS_VIEW_VALID(view));
1591 if (view->delonly == NULL) {
1592 view->delonly = isc_mem_get(view->mctx,
1593 sizeof(dns_namelist_t) *
1594 DNS_VIEW_DELONLYHASH);
1595 if (view->delonly == NULL)
1596 return (ISC_R_NOMEMORY);
1597 for (hash = 0; hash < DNS_VIEW_DELONLYHASH; hash++)
1598 ISC_LIST_INIT(view->delonly[hash]);
1600 hash = dns_name_hash(name, ISC_FALSE) % DNS_VIEW_DELONLYHASH;
1601 new = ISC_LIST_HEAD(view->delonly[hash]);
1602 while (new != NULL && !dns_name_equal(new, name))
1603 new = ISC_LIST_NEXT(new, link);
1605 return (ISC_R_SUCCESS);
1606 new = isc_mem_get(view->mctx, sizeof(*new));
1608 return (ISC_R_NOMEMORY);
1609 dns_name_init(new, NULL);
1610 result = dns_name_dup(name, view->mctx, new);
1611 if (result == ISC_R_SUCCESS)
1612 ISC_LIST_APPEND(view->delonly[hash], new, link);
1614 isc_mem_put(view->mctx, new, sizeof(*new));
1619 dns_view_excludedelegationonly(dns_view_t *view, dns_name_t *name) {
1620 isc_result_t result;
1624 REQUIRE(DNS_VIEW_VALID(view));
1626 if (view->rootexclude == NULL) {
1627 view->rootexclude = isc_mem_get(view->mctx,
1628 sizeof(dns_namelist_t) *
1629 DNS_VIEW_DELONLYHASH);
1630 if (view->rootexclude == NULL)
1631 return (ISC_R_NOMEMORY);
1632 for (hash = 0; hash < DNS_VIEW_DELONLYHASH; hash++)
1633 ISC_LIST_INIT(view->rootexclude[hash]);
1635 hash = dns_name_hash(name, ISC_FALSE) % DNS_VIEW_DELONLYHASH;
1636 new = ISC_LIST_HEAD(view->rootexclude[hash]);
1637 while (new != NULL && !dns_name_equal(new, name))
1638 new = ISC_LIST_NEXT(new, link);
1640 return (ISC_R_SUCCESS);
1641 new = isc_mem_get(view->mctx, sizeof(*new));
1643 return (ISC_R_NOMEMORY);
1644 dns_name_init(new, NULL);
1645 result = dns_name_dup(name, view->mctx, new);
1646 if (result == ISC_R_SUCCESS)
1647 ISC_LIST_APPEND(view->rootexclude[hash], new, link);
1649 isc_mem_put(view->mctx, new, sizeof(*new));
1654 dns_view_isdelegationonly(dns_view_t *view, dns_name_t *name) {
1658 REQUIRE(DNS_VIEW_VALID(view));
1660 if (!view->rootdelonly && view->delonly == NULL)
1663 hash = dns_name_hash(name, ISC_FALSE) % DNS_VIEW_DELONLYHASH;
1664 if (view->rootdelonly && dns_name_countlabels(name) <= 2) {
1665 if (view->rootexclude == NULL)
1667 new = ISC_LIST_HEAD(view->rootexclude[hash]);
1668 while (new != NULL && !dns_name_equal(new, name))
1669 new = ISC_LIST_NEXT(new, link);
1674 if (view->delonly == NULL)
1677 new = ISC_LIST_HEAD(view->delonly[hash]);
1678 while (new != NULL && !dns_name_equal(new, name))
1679 new = ISC_LIST_NEXT(new, link);
1686 dns_view_setrootdelonly(dns_view_t *view, isc_boolean_t value) {
1687 REQUIRE(DNS_VIEW_VALID(view));
1688 view->rootdelonly = value;
1692 dns_view_getrootdelonly(dns_view_t *view) {
1693 REQUIRE(DNS_VIEW_VALID(view));
1694 return (view->rootdelonly);
1699 dns_view_freezezones(dns_view_t *view, isc_boolean_t value) {
1701 REQUIRE(DNS_VIEW_VALID(view));
1702 REQUIRE(view->zonetable != NULL);
1704 return (dns_zt_freezezones(view->zonetable, value));
1709 dns_view_setresstats(dns_view_t *view, isc_stats_t *stats) {
1711 REQUIRE(DNS_VIEW_VALID(view));
1712 REQUIRE(!view->frozen);
1713 REQUIRE(view->resstats == NULL);
1715 isc_stats_attach(stats, &view->resstats);
1719 dns_view_getresstats(dns_view_t *view, isc_stats_t **statsp) {
1720 REQUIRE(DNS_VIEW_VALID(view));
1721 REQUIRE(statsp != NULL && *statsp == NULL);
1723 if (view->resstats != NULL)
1724 isc_stats_attach(view->resstats, statsp);
1728 dns_view_setresquerystats(dns_view_t *view, dns_stats_t *stats) {
1729 REQUIRE(DNS_VIEW_VALID(view));
1730 REQUIRE(!view->frozen);
1731 REQUIRE(view->resquerystats == NULL);
1733 dns_stats_attach(stats, &view->resquerystats);
1737 dns_view_getresquerystats(dns_view_t *view, dns_stats_t **statsp) {
1738 REQUIRE(DNS_VIEW_VALID(view));
1739 REQUIRE(statsp != NULL && *statsp == NULL);
1741 if (view->resquerystats != NULL)
1742 dns_stats_attach(view->resquerystats, statsp);
1746 dns_view_initsecroots(dns_view_t *view, isc_mem_t *mctx) {
1747 REQUIRE(DNS_VIEW_VALID(view));
1748 if (view->secroots_priv != NULL)
1749 dns_keytable_detach(&view->secroots_priv);
1750 return (dns_keytable_create(mctx, &view->secroots_priv));
1754 dns_view_getsecroots(dns_view_t *view, dns_keytable_t **ktp) {
1755 REQUIRE(DNS_VIEW_VALID(view));
1756 REQUIRE(ktp != NULL && *ktp == NULL);
1757 if (view->secroots_priv == NULL)
1758 return (ISC_R_NOTFOUND);
1759 dns_keytable_attach(view->secroots_priv, ktp);
1760 return (ISC_R_SUCCESS);
1764 dns_view_issecuredomain(dns_view_t *view, dns_name_t *name,
1765 isc_boolean_t *secure_domain) {
1766 REQUIRE(DNS_VIEW_VALID(view));
1768 if (view->secroots_priv == NULL)
1769 return (ISC_R_NOTFOUND);
1770 return (dns_keytable_issecuredomain(view->secroots_priv, name,
1775 dns_view_untrust(dns_view_t *view, dns_name_t *keyname,
1776 dns_rdata_dnskey_t *dnskey, isc_mem_t *mctx)
1778 isc_result_t result;
1779 unsigned char data[4096];
1780 dns_rdata_t rdata = DNS_RDATA_INIT;
1781 isc_buffer_t buffer;
1782 dst_key_t *key = NULL;
1783 dns_keytable_t *sr = NULL;
1786 * Clear the revoke bit, if set, so that the key will match what's
1789 dnskey->flags &= ~DNS_KEYFLAG_REVOKE;
1791 /* Convert dnskey to DST key. */
1792 isc_buffer_init(&buffer, data, sizeof(data));
1793 dns_rdata_fromstruct(&rdata, dnskey->common.rdclass,
1794 dns_rdatatype_dnskey, dnskey, &buffer);
1795 result = dns_dnssec_keyfromrdata(keyname, &rdata, mctx, &key);
1796 if (result != ISC_R_SUCCESS)
1798 result = dns_view_getsecroots(view, &sr);
1799 if (result == ISC_R_SUCCESS) {
1800 dns_keytable_deletekeynode(sr, key);
1801 dns_keytable_detach(&sr);
1809 dns_view_setnewzones(dns_view_t *view, isc_boolean_t allow, void *cfgctx,
1810 void (*cfg_destroy)(void **))
1812 REQUIRE(DNS_VIEW_VALID(view));
1813 REQUIRE((cfgctx != NULL && cfg_destroy != NULL) || !allow);
1816 if (view->new_zone_file != NULL) {
1817 isc_mem_free(view->mctx, view->new_zone_file);
1818 view->new_zone_file = NULL;
1821 if (view->new_zone_config != NULL) {
1822 view->cfg_destroy(&view->new_zone_config);
1823 view->cfg_destroy = NULL;
1827 char buffer[ISC_SHA256_DIGESTSTRINGLENGTH + sizeof(NZF)];
1828 isc_sha256_data((void *)view->name, strlen(view->name), buffer);
1829 /* Truncate the hash at 16 chars; full length is overkill */
1830 isc_string_printf(buffer + 16, sizeof(NZF), "%s", NZF);
1831 view->new_zone_file = isc_mem_strdup(view->mctx, buffer);
1832 view->new_zone_config = cfgctx;
1833 view->cfg_destroy = cfg_destroy;
1838 UNUSED(cfg_destroy);
projects / FreeBSD / stable / 8.git / blob