Maintained by: NLnet Labs
Macros | Functions
authzone.c File Reference

This file contains the functions for an authority zone. More...

#include "config.h"
#include "services/authzone.h"
#include "util/data/dname.h"
#include "util/data/msgparse.h"
#include "util/data/msgreply.h"
#include "util/data/msgencode.h"
#include "util/data/packed_rrset.h"
#include "util/regional.h"
#include "util/net_help.h"
#include "util/netevent.h"
#include "util/config_file.h"
#include "util/log.h"
#include "util/module.h"
#include "util/random.h"
#include "services/cache/dns.h"
#include "services/outside_network.h"
#include "services/listen_dnsport.h"
#include "services/mesh.h"
#include "sldns/rrdef.h"
#include "sldns/pkthdr.h"
#include "sldns/sbuffer.h"
#include "sldns/str2wire.h"
#include "sldns/wire2str.h"
#include "sldns/parseutil.h"
#include "sldns/keyraw.h"
#include "validator/val_nsec3.h"
#include "validator/val_secalgo.h"
#include <ctype.h>

Macros

#define N3HASHBUFLEN   32
 bytes to use for NSEC3 hash buffer. More...
 
#define MAX_CNAME_CHAIN   8
 max number of CNAMEs we are willing to follow (in one answer)
 
#define AUTH_PROBE_TIMEOUT   100 /* msec */
 timeout for probe packets for SOA
 
#define AUTH_PROBE_TIMEOUT_STOP   1000 /* msec */
 when to stop with SOA probes (when exponential timeouts exceed this)
 
#define AUTH_TRANSFER_TIMEOUT   10000 /* msec */
 
#define AUTH_TRANSFER_MAX_BACKOFF   86400 /* sec */
 
#define AUTH_HTTP_PORT   80
 
#define AUTH_HTTPS_PORT   443
 
#define MAX_INCLUDE_DEPTH   10
 
#define SERIAL_BITS   32
 

Functions

static void xfr_set_timeout (struct auth_xfer *xfr, struct module_env *env, int failure, int lookup_only)
 pick up nextprobe task to start waiting to perform transfer actions More...
 
static void xfr_probe_send_or_end (struct auth_xfer *xfr, struct module_env *env)
 move to sending the probe packets, next if fails. More...
 
static int xfr_start_probe (struct auth_xfer *xfr, struct module_env *env, struct auth_master *spec)
 pick up probe task with specified(or NULL) destination first, or transfer task if nothing to probe, or false if already in progress More...
 
void auth_xfer_delete (struct auth_xfer *xfr)
 delete xfer structure (not its tree entry) More...
 
static struct dns_msgmsg_create (struct regional *region, struct query_info *qinfo)
 create new dns_msg
 
static int msg_grow_array (struct regional *region, struct dns_msg *msg)
 grow rrset array by one in msg
 
static time_t get_rrset_ttl (struct ub_packed_rrset_key *k)
 get ttl of rrset
 
static struct ub_packed_rrset_keyauth_packed_rrset_copy_region (struct auth_zone *z, struct auth_data *node, struct auth_rrset *rrset, struct regional *region, time_t adjust)
 Copy rrset into region from domain-datanode and packet rrset.
 
static void msg_ttl (struct dns_msg *msg)
 fix up msg->rep TTL and prefetch ttl
 
static int msg_rrset_duplicate (struct dns_msg *msg, uint8_t *nm, size_t nmlen, uint16_t type, uint16_t dclass)
 see if rrset is a duplicate in the answer message
 
static int msg_add_rrset_an (struct auth_zone *z, struct regional *region, struct dns_msg *msg, struct auth_data *node, struct auth_rrset *rrset)
 add rrset to answer section (no auth, add rrsets yet)
 
static int msg_add_rrset_ns (struct auth_zone *z, struct regional *region, struct dns_msg *msg, struct auth_data *node, struct auth_rrset *rrset)
 add rrset to authority section (no additonal section rrsets yet)
 
static int msg_add_rrset_ar (struct auth_zone *z, struct regional *region, struct dns_msg *msg, struct auth_data *node, struct auth_rrset *rrset)
 add rrset to additional section
 
struct auth_zonesauth_zones_create (void)
 Create auth zones structure.
 
int auth_zone_cmp (const void *z1, const void *z2)
 compare auth_zones for sorted rbtree
 
int auth_data_cmp (const void *z1, const void *z2)
 compare auth_data for sorted rbtree
 
int auth_xfer_cmp (const void *z1, const void *z2)
 compare auth_xfer for sorted rbtree
 
static void auth_rrset_delete (struct auth_rrset *rrset)
 delete auth rrset node
 
static void auth_data_delete (struct auth_data *n)
 delete auth data domain node
 
static void auth_data_del (rbnode_type *n, void *ATTR_UNUSED(arg))
 helper traverse to delete zones
 
static void auth_zone_delete (struct auth_zone *z)
 delete an auth zone structure (tree remove must be done elsewhere)
 
struct auth_zoneauth_zone_create (struct auth_zones *az, uint8_t *nm, size_t nmlen, uint16_t dclass)
 create an auth zone. More...
 
struct auth_zoneauth_zone_find (struct auth_zones *az, uint8_t *nm, size_t nmlen, uint16_t dclass)
 find an auth zone by name (exact match by name or NULL returned)
 
struct auth_xferauth_xfer_find (struct auth_zones *az, uint8_t *nm, size_t nmlen, uint16_t dclass)
 find an xfer zone by name (exact match by name or NULL returned)
 
static int auth_zone_find_less_equal (struct auth_zones *az, uint8_t *nm, size_t nmlen, uint16_t dclass, struct auth_zone **z)
 find an auth zone or sorted less-or-equal, return true if exact
 
struct auth_zoneauth_zones_find_zone (struct auth_zones *az, uint8_t *name, size_t name_len, uint16_t dclass)
 find the auth zone that is above the given name More...
 
static struct auth_zoneauth_zones_find_or_add_zone (struct auth_zones *az, char *name)
 find or create zone with name str. More...
 
static struct auth_xferauth_zones_find_or_add_xfer (struct auth_zones *az, struct auth_zone *z)
 find or create xfer zone with name str. More...
 
int auth_zone_set_zonefile (struct auth_zone *z, char *zonefile)
 set auth zone zonefile string. More...
 
int auth_zone_set_fallback (struct auth_zone *z, char *fallbackstr)
 set auth zone fallback. More...
 
static struct auth_dataaz_domain_create (struct auth_zone *z, uint8_t *nm, size_t nmlen)
 create domain with the given name
 
static struct auth_dataaz_find_name (struct auth_zone *z, uint8_t *nm, size_t nmlen)
 find domain with exactly the given name
 
static void az_find_domain (struct auth_zone *z, struct query_info *qinfo, int *node_exact, struct auth_data **node)
 Find domain name (or closest match)
 
static struct auth_dataaz_domain_find_or_create (struct auth_zone *z, uint8_t *dname, size_t dname_len)
 find or create domain with name in zone
 
static struct auth_rrsetaz_domain_rrset (struct auth_data *n, uint16_t t)
 find rrset of given type in the domain
 
static void domain_remove_rrset (struct auth_data *node, uint16_t rr_type)
 remove rrset of this type from domain
 
static int az_rrset_find_rr (struct packed_rrset_data *d, uint8_t *rdata, size_t len, size_t *index)
 find an rr index in the rrset. More...
 
static int az_rrset_find_rrsig (struct packed_rrset_data *d, uint8_t *rdata, size_t len, size_t *index)
 find an rrsig index in the rrset. More...
 
static int rdata_duplicate (struct packed_rrset_data *d, uint8_t *rdata, size_t len)
 see if rdata is duplicate
 
static uint16_t rrsig_rdata_get_type_covered (uint8_t *rdata, size_t rdatalen)
 get rrsig type covered from rdata. More...
 
static int rrset_remove_rr (struct auth_rrset *rrset, size_t index)
 remove RR from existing RRset. More...
 
static int rrset_add_rr (struct auth_rrset *rrset, uint32_t rr_ttl, uint8_t *rdata, size_t rdatalen, int insert_sig)
 add RR to existing RRset. More...
 
static struct auth_rrsetrrset_create (struct auth_data *node, uint16_t rr_type, uint32_t rr_ttl, uint8_t *rdata, size_t rdatalen)
 Create new rrset for node with packed rrset with one RR element.
 
static size_t rrsig_num_that_cover (struct auth_rrset *rrsig, uint16_t rr_type, size_t *sigsz)
 count number (and size) of rrsigs that cover a type
 
static int rrset_moveover_rrsigs (struct auth_data *node, uint16_t rr_type, struct auth_rrset *rrset, struct auth_rrset *rrsig)
 See if rrsig set has covered sigs for rrset and move them over.
 
static int rrsigs_copy_from_rrset_to_rrsigset (struct auth_rrset *rrset, struct auth_rrset *rrsigset)
 copy the rrsigs from the rrset to the rrsig rrset, because the rrset is going to be deleted. More...
 
static int az_domain_add_rr (struct auth_data *node, uint16_t rr_type, uint32_t rr_ttl, uint8_t *rdata, size_t rdatalen, int *duplicate)
 Add rr to node, ignores duplicate RRs, rdata points to buffer with rdatalen octets, starts with 2bytelength. More...
 
static int az_insert_rr (struct auth_zone *z, uint8_t *rr, size_t rr_len, size_t dname_len, int *duplicate)
 insert RR into zone, ignore duplicates
 
static int az_domain_remove_rr (struct auth_data *node, uint16_t rr_type, uint8_t *rdata, size_t rdatalen, int *nonexist)
 Remove rr from node, ignores nonexisting RRs, rdata points to buffer with rdatalen octets, starts with 2bytelength. More...
 
static int az_remove_rr (struct auth_zone *z, uint8_t *rr, size_t rr_len, size_t dname_len, int *nonexist)
 remove RR from zone, ignore if it does not exist, false on alloc failure
 
static int decompress_rr_into_buffer (struct sldns_buffer *buf, uint8_t *pkt, size_t pktlen, uint8_t *dname, uint16_t rr_type, uint16_t rr_class, uint32_t rr_ttl, uint8_t *rr_data, uint16_t rr_rdlen)
 decompress an RR into the buffer where it'll be an uncompressed RR with uncompressed dname and uncompressed rdata (dnames)
 
static int az_insert_rr_decompress (struct auth_zone *z, uint8_t *pkt, size_t pktlen, struct sldns_buffer *scratch_buffer, uint8_t *dname, uint16_t rr_type, uint16_t rr_class, uint32_t rr_ttl, uint8_t *rr_data, uint16_t rr_rdlen, int *duplicate)
 insert RR into zone, from packet, decompress RR, if duplicate is nonNULL set the flag but otherwise ignore duplicates
 
static int az_remove_rr_decompress (struct auth_zone *z, uint8_t *pkt, size_t pktlen, struct sldns_buffer *scratch_buffer, uint8_t *dname, uint16_t rr_type, uint16_t rr_class, uint32_t rr_ttl, uint8_t *rr_data, uint16_t rr_rdlen, int *nonexist)
 remove RR from zone, from packet, decompress RR, if nonexist is nonNULL set the flag but otherwise ignore nonexisting entries
 
static int az_parse_file (struct auth_zone *z, FILE *in, uint8_t *rr, size_t rrbuflen, struct sldns_file_parse_state *state, char *fname, int depth)
 Parse zonefile. More...
 
int auth_zone_read_zonefile (struct auth_zone *z)
 read auth zone from zonefile. More...
 
static int write_out (FILE *out, const char *str, size_t len)
 write buffer to file and check return codes
 
static int auth_rr_to_string (uint8_t *nm, size_t nmlen, uint16_t tp, uint16_t cl, struct packed_rrset_data *data, size_t i, char *s, size_t buflen)
 convert auth rr to string
 
static int auth_zone_write_rrset (struct auth_zone *z, struct auth_data *node, struct auth_rrset *r, FILE *out)
 write rrset to file
 
static int auth_zone_write_domain (struct auth_zone *z, struct auth_data *n, FILE *out)
 write domain to file
 
int auth_zone_write_file (struct auth_zone *z, const char *fname)
 Write auth zone data to file, in zonefile format.
 
static int auth_zones_read_zones (struct auth_zones *az)
 read all auth zones from file (if they have)
 
int auth_zone_get_serial (struct auth_zone *z, uint32_t *serial)
 find serial number of zone or false if none More...
 
static int xfr_find_soa (struct auth_zone *z, struct auth_xfer *xfr)
 Find auth_zone SOA and populate the values in xfr(soa values). More...
 
static int auth_xfer_setup (struct auth_zone *z, struct auth_xfer *x)
 Setup auth_xfer zone This populates the have_zone, soa values, and so on times. More...
 
static int auth_zones_setup_zones (struct auth_zones *az)
 Setup all zones. More...
 
static int auth_zones_cfg (struct auth_zones *az, struct config_auth *c)
 set config items and create zones
 
static void az_setall_deleted (struct auth_zones *az)
 set all auth zones deleted, then in auth_zones_cfg, it marks them as nondeleted (if they are still in the config), and then later we can find deleted zones
 
static void az_delete_deleted_zones (struct auth_zones *az)
 find zones that are marked deleted and delete them. More...
 
int auth_zones_apply_cfg (struct auth_zones *az, struct config_file *cfg, int setup)
 Apply configuration to auth zones. More...
 
void auth_chunks_delete (struct auth_transfer *at)
 delete chunks More...
 
static void auth_free_master_addrs (struct auth_addr *list)
 free master addr list
 
static void auth_free_masters (struct auth_master *list)
 free the masters list
 
static void auth_zone_del (rbnode_type *n, void *ATTR_UNUSED(arg))
 helper traverse to delete zones
 
static void auth_xfer_del (rbnode_type *n, void *ATTR_UNUSED(arg))
 helper traverse to delete xfer zones
 
void auth_zones_delete (struct auth_zones *az)
 Delete auth zones structure.
 
static int domain_has_only_nsec3 (struct auth_data *n)
 true if domain has only nsec3
 
static struct auth_dataaz_find_wildcard_domain (struct auth_zone *z, uint8_t *nm, size_t nmlen)
 see if the domain has a wildcard child '*.domain'
 
static struct auth_dataaz_find_wildcard (struct auth_zone *z, struct query_info *qinfo, struct auth_data *ce)
 find wildcard between qname and cename
 
static struct auth_dataaz_find_candidate_ce (struct auth_zone *z, struct query_info *qinfo, struct auth_data *n)
 domain is not exact, find first candidate ce (name that matches a part of qname) in tree
 
static struct auth_dataaz_domain_go_up (struct auth_zone *z, struct auth_data *n)
 go up the auth tree to next existing name. More...
 
static int az_find_ce (struct auth_zone *z, struct query_info *qinfo, struct auth_data *node, int node_exact, struct auth_data **ce, struct auth_rrset **rrset)
 Find the closest encloser, an name that exists and is above the qname. More...
 
static int az_add_additionals_from (struct auth_zone *z, struct regional *region, struct dns_msg *msg, struct auth_rrset *rrset, size_t offset)
 add additional A/AAAA from domain names in rrset rdata (+offset) offset is number of bytes in rdata where the dname is located. More...
 
static int az_add_negative_soa (struct auth_zone *z, struct regional *region, struct dns_msg *msg)
 add negative SOA record (with negative TTL)
 
static int az_empty_nonterminal (struct auth_zone *z, struct query_info *qinfo, struct auth_data *node)
 See if the query goes to empty nonterminal (that has no auth_data, but there are nodes underneath. More...
 
static size_t synth_cname_buf (uint8_t *qname, size_t qname_len, size_t dname_len, uint8_t *dtarg, size_t dtarglen, uint8_t *buf, size_t buflen)
 create synth cname target name in buffer, or fail if too long
 
static int create_synth_cname (uint8_t *qname, size_t qname_len, struct regional *region, struct auth_data *node, struct auth_rrset *dname, uint16_t dclass, struct ub_packed_rrset_key **cname)
 create synthetic CNAME rrset for in a DNAME answer in region, false on alloc failure, cname==NULL when name too long. More...
 
static int add_synth_cname (struct auth_zone *z, uint8_t *qname, size_t qname_len, struct regional *region, struct dns_msg *msg, struct auth_data *dname, struct auth_rrset *rrset)
 add a synthesized CNAME to the answer section
 
static void az_change_dnames (struct dns_msg *msg, uint8_t *oldname, uint8_t *newname, size_t newlen, int an_only)
 Change a dname to a different one, for wildcard namechange.
 
static struct auth_rrsetaz_find_nsec_cover (struct auth_zone *z, struct auth_data **node)
 find NSEC record covering the query
 
static int az_nsec_wildcard_denial (struct auth_zone *z, struct regional *region, struct dns_msg *msg, uint8_t *cenm, size_t cenmlen)
 Find NSEC and add for wildcard denial.
 
static int az_nsec3_param (struct auth_zone *z, int *algo, size_t *iter, uint8_t **salt, size_t *saltlen)
 Find the NSEC3PARAM rrset (if any) and if true you have the parameters.
 
static size_t az_nsec3_hash (uint8_t *buf, size_t buflen, uint8_t *nm, size_t nmlen, int algo, size_t iter, uint8_t *salt, size_t saltlen)
 Hash a name with nsec3param into buffer, it has zone name appended. More...
 
static int az_nsec3_hashname (struct auth_zone *z, uint8_t *hashname, size_t *hashnmlen, uint8_t *nm, size_t nmlen, int algo, size_t iter, uint8_t *salt, size_t saltlen)
 Hash name and return b32encoded hashname for lookup, zone name appended.
 
struct auth_dataaz_nsec3_findnode (struct auth_zone *z, uint8_t *hashnm, size_t hashnmlen)
 Find the datanode that covers the nsec3hash-name.
 
static struct auth_dataaz_nsec3_find_cover (struct auth_zone *z, uint8_t *nm, size_t nmlen, int algo, size_t iter, uint8_t *salt, size_t saltlen)
 Find cover for hashed(nm, nmlen) (or NULL)
 
static struct auth_dataaz_nsec3_find_exact (struct auth_zone *z, uint8_t *nm, size_t nmlen, int algo, size_t iter, uint8_t *salt, size_t saltlen)
 Find exact match for hashed(nm, nmlen) NSEC3 record or NULL.
 
static void az_nsec3_get_nextcloser (uint8_t *cenm, uint8_t *qname, size_t qname_len, uint8_t **nx, size_t *nxlen)
 Return nextcloser name (as a ref into the qname). More...
 
static struct auth_dataaz_nsec3_find_ce (struct auth_zone *z, uint8_t **cenm, size_t *cenmlen, int *no_exact_ce, int algo, size_t iter, uint8_t *salt, size_t saltlen)
 Find the closest encloser that has exact NSEC3. More...
 
static int az_nsec3_insert (struct auth_zone *z, struct regional *region, struct dns_msg *msg, struct auth_data *node)
 
static int az_add_nsec3_proof (struct auth_zone *z, struct regional *region, struct dns_msg *msg, uint8_t *cenm, size_t cenmlen, uint8_t *qname, size_t qname_len, int nxproof, int wcproof)
 add NSEC3 records to the zone for the nsec3 proof. More...
 
static int az_generate_positive_answer (struct auth_zone *z, struct regional *region, struct dns_msg *msg, struct auth_data *node, struct auth_rrset *rrset)
 generate answer for positive answer
 
static int az_generate_any_answer (struct auth_zone *z, struct regional *region, struct dns_msg *msg, struct auth_data *node)
 generate answer for type ANY answer
 
static int follow_cname_chain (struct auth_zone *z, uint16_t qtype, struct regional *region, struct dns_msg *msg, struct packed_rrset_data *d)
 follow cname chain and add more data to the answer section
 
static int az_generate_cname_answer (struct auth_zone *z, struct query_info *qinfo, struct regional *region, struct dns_msg *msg, struct auth_data *node, struct auth_rrset *rrset)
 generate answer for cname answer
 
static int az_generate_notype_answer (struct auth_zone *z, struct regional *region, struct dns_msg *msg, struct auth_data *node)
 generate answer for notype answer
 
static int az_generate_referral_answer (struct auth_zone *z, struct regional *region, struct dns_msg *msg, struct auth_data *ce, struct auth_rrset *rrset)
 generate answer for referral answer
 
static int az_generate_dname_answer (struct auth_zone *z, struct query_info *qinfo, struct regional *region, struct dns_msg *msg, struct auth_data *ce, struct auth_rrset *rrset)
 generate answer for DNAME answer
 
static int az_generate_wildcard_answer (struct auth_zone *z, struct query_info *qinfo, struct regional *region, struct dns_msg *msg, struct auth_data *ce, struct auth_data *wildcard, struct auth_data *node)
 generate answer for wildcard answer
 
static int az_generate_nxdomain_answer (struct auth_zone *z, struct regional *region, struct dns_msg *msg, struct auth_data *ce, struct auth_data *node)
 generate answer for nxdomain answer
 
static int az_generate_answer_with_node (struct auth_zone *z, struct query_info *qinfo, struct regional *region, struct dns_msg *msg, struct auth_data *node)
 Create answers when an exact match exists for the domain name.
 
static int az_generate_answer_nonexistnode (struct auth_zone *z, struct query_info *qinfo, struct regional *region, struct dns_msg *msg, struct auth_data *ce, struct auth_rrset *rrset, struct auth_data *node)
 Generate answer without an existing-node that we can use. More...
 
static int auth_zone_generate_answer (struct auth_zone *z, struct query_info *qinfo, struct regional *region, struct dns_msg **msg, int *fallback)
 Lookup answer in a zone. More...
 
int auth_zones_lookup (struct auth_zones *az, struct query_info *qinfo, struct regional *region, struct dns_msg **msg, int *fallback, uint8_t *dp_nm, size_t dp_nmlen)
 Use auth zones to lookup the answer to a query. More...
 
static void auth_answer_encode (struct query_info *qinfo, struct module_env *env, struct edns_data *edns, sldns_buffer *buf, struct regional *temp, struct dns_msg *msg)
 encode auth answer
 
static void auth_error_encode (struct query_info *qinfo, struct module_env *env, struct edns_data *edns, sldns_buffer *buf, struct regional *temp, int rcode)
 encode auth error answer
 
int auth_zones_answer (struct auth_zones *az, struct module_env *env, struct query_info *qinfo, struct edns_data *edns, struct sldns_buffer *buf, struct regional *temp)
 Answer query from auth zone. More...
 
int auth_zones_can_fallback (struct auth_zones *az, uint8_t *nm, size_t nmlen, uint16_t dclass)
 see if the auth zone for the name can fallback More...
 
int auth_zone_parse_notify_serial (sldns_buffer *pkt, uint32_t *serial)
 process notify packet and read serial number from SOA. More...
 
static int addr_in_list (struct auth_addr *list, struct sockaddr_storage *addr, socklen_t addrlen)
 see if addr appears in the list
 
static int addr_matches_master (struct auth_master *master, struct sockaddr_storage *addr, socklen_t addrlen, struct auth_master **fromhost)
 check if an address matches a master specification (or one of its addresses in the addr list)
 
static int az_xfr_allowed_notify (struct auth_xfer *xfr, struct sockaddr_storage *addr, socklen_t addrlen, struct auth_master **fromhost)
 check access list for notifies
 
static int xfr_serial_means_update (struct auth_xfer *xfr, uint32_t serial)
 see if the serial means the zone has to be updated, i.e. More...
 
static void xfr_note_notify_serial (struct auth_xfer *xfr, int has_serial, uint32_t serial)
 note notify serial, updates the notify information in the xfr struct
 
static void xfr_process_notify (struct auth_xfer *xfr, struct module_env *env, int has_serial, uint32_t serial, struct auth_master *fromhost)
 process a notify serial, start new probe or note serial. More...
 
int auth_zones_notify (struct auth_zones *az, struct module_env *env, uint8_t *nm, size_t nmlen, uint16_t dclass, struct sockaddr_storage *addr, socklen_t addrlen, int has_serial, uint32_t serial, int *refused)
 process notify for auth zones. More...
 
static void auth_xfer_set_expired (struct auth_xfer *xfr, struct module_env *env, int expired)
 set a zone expired
 
static struct auth_masterfind_master_by_host (struct auth_master *list, char *host)
 find master (from notify or probe) in list of masters
 
static void xfr_masterlist_free_addrs (struct auth_master *list)
 delete the looked up auth_addrs for all the masters in the list
 
static struct auth_addrauth_addr_list_copy (struct auth_addr *source)
 copy a list of auth_addrs
 
static struct auth_masterauth_master_copy (struct auth_master *o)
 copy a master to a new structure, NULL on alloc failure
 
static void probe_copy_masters_for_allow_notify (struct auth_xfer *xfr)
 copy the master addresses from the task_probe lookups to the allow_notify list of masters
 
static void xfr_transfer_start_lookups (struct auth_xfer *xfr)
 start the lookups for task_transfer
 
static void xfr_transfer_move_to_next_lookup (struct auth_xfer *xfr, struct module_env *env)
 move to the next lookup of hostname for task_transfer
 
static void xfr_probe_start_lookups (struct auth_xfer *xfr)
 start the lookups for task_probe
 
static void xfr_probe_move_to_next_lookup (struct auth_xfer *xfr, struct module_env *env)
 move to the next lookup of hostname for task_probe
 
static void xfr_transfer_start_list (struct auth_xfer *xfr, struct auth_master *spec)
 start the iteration of the task_transfer list of masters
 
static void xfr_probe_start_list (struct auth_xfer *xfr, struct auth_master *spec)
 start the iteration of the task_probe list of masters
 
static struct auth_masterxfr_transfer_current_master (struct auth_xfer *xfr)
 pick up the master that is being scanned right now, task_transfer
 
static struct auth_masterxfr_probe_current_master (struct auth_xfer *xfr)
 pick up the master that is being scanned right now, task_probe
 
static int xfr_transfer_end_of_list (struct auth_xfer *xfr)
 true if at end of list, task_transfer
 
static int xfr_probe_end_of_list (struct auth_xfer *xfr)
 true if at end of list, task_probe
 
static void xfr_transfer_nextmaster (struct auth_xfer *xfr)
 move to next master in list, task_transfer
 
static void xfr_probe_nextmaster (struct auth_xfer *xfr)
 move to next master in list, task_probe
 
static void xfr_create_soa_probe_packet (struct auth_xfer *xfr, sldns_buffer *buf, uint16_t id)
 create SOA probe packet for xfr
 
static void xfr_create_ixfr_packet (struct auth_xfer *xfr, sldns_buffer *buf, uint16_t id, struct auth_master *master)
 create IXFR/AXFR packet for xfr
 
static int check_packet_ok (sldns_buffer *pkt, uint16_t qtype, struct auth_xfer *xfr, uint32_t *serial)
 check if returned packet is OK
 
static int chunkline_get_line (struct auth_chunk **chunk, size_t *chunk_pos, sldns_buffer *buf)
 read one line from chunks into buffer at current position
 
static int chunkline_count_parens (sldns_buffer *buf, size_t start)
 count number of open and closed parenthesis in a chunkline
 
static void chunkline_remove_trailcomment (sldns_buffer *buf, size_t start)
 remove trailing ;... More...
 
static int chunkline_is_comment_line_or_empty (sldns_buffer *buf)
 see if a chunkline is a comment line (or empty line)
 
static int chunkline_get_line_collated (struct auth_chunk **chunk, size_t *chunk_pos, sldns_buffer *buf)
 find a line with ( ) collated
 
static int http_parse_origin (sldns_buffer *buf, struct sldns_file_parse_state *pstate)
 process $ORIGIN for http
 
static int http_parse_ttl (sldns_buffer *buf, struct sldns_file_parse_state *pstate)
 process $TTL for http
 
static int chunkline_non_comment_RR (struct auth_chunk **chunk, size_t *chunk_pos, sldns_buffer *buf, struct sldns_file_parse_state *pstate)
 find noncomment RR line in chunks, collates lines if ( ) format
 
static int http_zonefile_syntax_check (struct auth_xfer *xfr, sldns_buffer *buf)
 check syntax of chunklist zonefile, parse first RR, return false on failure and return a string in the scratch buffer (first RR string) on failure. More...
 
static size_t chunklist_sum (struct auth_chunk *list)
 sum sizes of chunklist
 
static void chunkline_newline_removal (sldns_buffer *buf)
 remove newlines from collated line
 
static int http_parse_add_rr (struct auth_xfer *xfr, struct auth_zone *z, sldns_buffer *buf, struct sldns_file_parse_state *pstate)
 for http download, parse and add RR to zone
 
static void chunk_rrlist_start (struct auth_xfer *xfr, struct auth_chunk **rr_chunk, int *rr_num, size_t *rr_pos)
 RR list iterator, returns RRs from answer section one by one from the dns packets in the chunklist.
 
static int chunk_rrlist_end (struct auth_chunk *rr_chunk, int rr_num)
 RR list iterator, see if we are at the end of the list.
 
static void chunk_rrlist_gonext (struct auth_chunk **rr_chunk, int *rr_num, size_t *rr_pos, size_t rr_nextpos)
 RR list iterator, move to next RR.
 
static int chunk_rrlist_get_current (struct auth_chunk *rr_chunk, int rr_num, size_t rr_pos, uint8_t **rr_dname, uint16_t *rr_type, uint16_t *rr_class, uint32_t *rr_ttl, uint16_t *rr_rdlen, uint8_t **rr_rdata, size_t *rr_nextpos)
 RR iterator, get current RR information, false on parse error.
 
static void log_rrlist_position (const char *label, struct auth_chunk *rr_chunk, uint8_t *rr_dname, uint16_t rr_type, size_t rr_counter)
 print log message where we are in parsing the zone transfer
 
static int ixfr_start_serial (struct auth_chunk *rr_chunk, int rr_num, size_t rr_pos, uint8_t *rr_dname, uint16_t rr_type, uint16_t rr_class, uint32_t rr_ttl, uint16_t rr_rdlen, uint8_t *rr_rdata, size_t rr_nextpos, uint32_t transfer_serial, uint32_t xfr_serial)
 check that start serial is OK for ixfr. More...
 
static int apply_ixfr (struct auth_xfer *xfr, struct auth_zone *z, struct sldns_buffer *scratch_buffer)
 apply IXFR to zone in memory. More...
 
static int apply_axfr (struct auth_xfer *xfr, struct auth_zone *z, struct sldns_buffer *scratch_buffer)
 apply AXFR to zone in memory. More...
 
static int apply_http (struct auth_xfer *xfr, struct auth_zone *z, struct sldns_buffer *scratch_buffer)
 apply HTTP to zone in memory. More...
 
static int auth_zone_write_chunks (struct auth_xfer *xfr, const char *fname)
 write http chunks to zonefile to create downloaded file
 
static void xfr_write_after_update (struct auth_xfer *xfr, struct module_env *env)
 write to zonefile after zone has been updated
 
static int xfr_process_chunk_list (struct auth_xfer *xfr, struct module_env *env, int *ixfr_fail)
 process chunk list and update zone in memory, return false if it did not work
 
static void xfr_transfer_disown (struct auth_xfer *xfr)
 disown task_transfer. More...
 
static int xfr_transfer_lookup_host (struct auth_xfer *xfr, struct module_env *env)
 lookup a host name for its addresses, if needed
 
static int xfr_transfer_init_fetch (struct auth_xfer *xfr, struct module_env *env)
 initiate TCP to the target and fetch zone. More...
 
static void xfr_transfer_nexttarget_or_end (struct auth_xfer *xfr, struct module_env *env)
 perform next lookup, next transfer TCP, or end and resume wait time task
 
static void xfr_master_add_addrs (struct auth_master *m, struct ub_packed_rrset_key *rrset, uint16_t rrtype)
 add addrs from A or AAAA rrset to the master
 
void auth_xfer_transfer_lookup_callback (void *arg, int rcode, sldns_buffer *buf, enum sec_status ATTR_UNUSED(sec), char *ATTR_UNUSED(why_bogus))
 callback for task_transfer lookup of host name, of A or AAAA
 
static int check_xfer_packet (sldns_buffer *pkt, struct auth_xfer *xfr, int *gonextonfail, int *transferdone)
 check if xfer (AXFR or IXFR) packet is OK. More...
 
static int xfer_link_data (sldns_buffer *pkt, struct auth_xfer *xfr)
 Link the data from this packet into the worklist of transferred data.
 
static void process_list_end_transfer (struct auth_xfer *xfr, struct module_env *env)
 task transfer. More...
 
int auth_xfer_transfer_tcp_callback (struct comm_point *c, void *arg, int err, struct comm_reply *ATTR_UNUSED(repinfo))
 callback for task_transfer tcp connections
 
int auth_xfer_transfer_http_callback (struct comm_point *c, void *arg, int err, struct comm_reply *repinfo)
 callback for task_transfer http connections
 
static void xfr_start_transfer (struct auth_xfer *xfr, struct module_env *env, struct auth_master *master)
 start transfer task by this worker , xfr is locked. More...
 
static void xfr_probe_disown (struct auth_xfer *xfr)
 disown task_probe. More...
 
static int xfr_probe_send_probe (struct auth_xfer *xfr, struct module_env *env, int timeout)
 send the UDP probe to the master, this is part of task_probe
 
void auth_xfer_probe_timer_callback (void *arg)
 callback for task_probe timer More...
 
int auth_xfer_probe_udp_callback (struct comm_point *c, void *arg, int err, struct comm_reply *repinfo)
 callback for task_probe udp packets More...
 
static int xfr_probe_lookup_host (struct auth_xfer *xfr, struct module_env *env)
 lookup a host name for its addresses, if needed
 
void auth_xfer_probe_lookup_callback (void *arg, int rcode, sldns_buffer *buf, enum sec_status ATTR_UNUSED(sec), char *ATTR_UNUSED(why_bogus))
 callback for task_probe lookup of host name, of A or AAAA
 
static void xfr_nextprobe_disown (struct auth_xfer *xfr)
 disown task_nextprobe. More...
 
void auth_xfer_timer (void *arg)
 xfer nextprobe timeout callback, this is part of task_nextprobe
 
static int have_probe_targets (struct auth_master *list)
 return true if there are probe (SOA UDP query) targets in the master list
 
void auth_xfer_pickup_initial (struct auth_zones *az, struct module_env *env)
 initial pick up of worker timeouts, ties events to worker event loop More...
 
void auth_zones_cleanup (struct auth_zones *az)
 Cleanup auth zones. More...
 
static struct auth_xferauth_xfer_new (struct auth_zone *z)
 malloc the xfer and tasks More...
 
struct auth_xferauth_xfer_create (struct auth_zones *az, struct auth_zone *z)
 Create auth_xfer structure. More...
 
static struct auth_masterauth_master_new (struct auth_master ***list)
 create new auth_master structure
 
static char * dup_prefix (char *str, size_t num)
 dup_prefix : create string from initial part of other string, malloced
 
static char * dup_all (char *str)
 dup string and print error on error
 
static char * str_find_first_of_chars (char *s, char a, char b)
 find first of two characters
 
static int parse_url (char *url, char **host, char **file, int *port, int *ssl)
 parse URL into host and file parts, false on malloc or parse error
 
int xfer_set_masters (struct auth_master **list, struct config_auth *c, int with_http)
 Set masters in auth xfer structure from config. More...
 
int compare_serial (uint32_t a, uint32_t b)
 

Detailed Description

This file contains the functions for an authority zone.

This zone is queried by the iterator, just like a stub or forward zone, but then the data is locally held.

Macro Definition Documentation

◆ N3HASHBUFLEN

#define N3HASHBUFLEN   32

bytes to use for NSEC3 hash buffer.

20 for sha1

Referenced by az_nsec3_hash(), and az_nsec3_hashname().

Function Documentation

◆ xfr_set_timeout()

static void xfr_set_timeout ( struct auth_xfer xfr,
struct module_env env,
int  failure,
int  lookup_only 
)
static

pick up nextprobe task to start waiting to perform transfer actions

for task_nextprobe.

determine next timeout for auth_xfer. Also (re)sets timer.

Parameters
xfrtask structure
envmodule environment, with worker and time.
failureset true if timer should be set for failure retry.
lookup_onlyonly perform lookups when timer done, 0 sec timeout

References auth_nextprobe::backoff, auth_xfer::lease_time, log_assert, auth_nextprobe::next_probe, module_env::now, auth_xfer::task_nextprobe, and module_env::worker.

Referenced by auth_xfer_pickup_initial(), auth_xfer_probe_udp_callback(), process_list_end_transfer(), xfr_probe_send_or_end(), and xfr_transfer_nexttarget_or_end().

◆ xfr_probe_send_or_end()

static void xfr_probe_send_or_end ( struct auth_xfer xfr,
struct module_env env 
)
static

◆ xfr_start_probe()

static int xfr_start_probe ( struct auth_xfer xfr,
struct module_env env,
struct auth_master spec 
)
static

pick up probe task with specified(or NULL) destination first, or transfer task if nothing to probe, or false if already in progress

start task_probe if possible, if no masters for probe start task_transfer returns true if task has been started, and false if the task is already in progress.

References auth_probe::cp, have_probe_targets(), auth_probe::masters, auth_probe::only_lookup, auth_xfer::task_probe, auth_xfer::task_transfer, module_env::worker, xfr_probe_send_or_end(), xfr_probe_start_list(), xfr_probe_start_lookups(), and xfr_start_transfer().

Referenced by auth_xfer_timer(), process_list_end_transfer(), and xfr_process_notify().

◆ auth_xfer_delete()

void auth_xfer_delete ( struct auth_xfer xfr)

◆ auth_zone_create()

struct auth_zone* auth_zone_create ( struct auth_zones az,
uint8_t *  nm,
size_t  nmlen,
uint16_t  dclass 
)

◆ auth_zones_find_zone()

struct auth_zone* auth_zones_find_zone ( struct auth_zones az,
uint8_t *  name,
size_t  name_len,
uint16_t  dclass 
)

find the auth zone that is above the given name

Find the auth zone that is above the given qname.

References auth_zone_find(), auth_zone_find_less_equal(), auth_zone::dclass, dname_count_size_labels(), dname_get_shared_topdomain(), dname_is_root(), dname_remove_label(), and auth_zone::name.

Referenced by auth_zone_delegpt(), and auth_zones_answer().

◆ auth_zones_find_or_add_zone()

static struct auth_zone* auth_zones_find_or_add_zone ( struct auth_zones az,
char *  name 
)
static

find or create zone with name str.

caller must have lock on az. returns a wrlocked zone

References auth_zone_create(), auth_zone_find(), LDNS_MAX_DOMAINLEN, LDNS_RR_CLASS_IN, auth_zone::lock, log_err(), auth_zone::name, and sldns_str2wire_dname_buf().

Referenced by auth_zones_cfg().

◆ auth_zones_find_or_add_xfer()

static struct auth_xfer* auth_zones_find_or_add_xfer ( struct auth_zones az,
struct auth_zone z 
)
static

find or create xfer zone with name str.

caller must have lock on az. returns a locked xfer

References auth_xfer_create(), auth_xfer_find(), auth_zone::dclass, auth_xfer::lock, auth_zone::name, and auth_zone::namelen.

Referenced by auth_zones_cfg().

◆ auth_zone_set_zonefile()

int auth_zone_set_zonefile ( struct auth_zone z,
char *  zonefile 
)

set auth zone zonefile string.

caller must have lock on zone

References log_err(), and auth_zone::zonefile.

Referenced by auth_zones_cfg().

◆ auth_zone_set_fallback()

int auth_zone_set_fallback ( struct auth_zone z,
char *  fallbackstr 
)

set auth zone fallback.

caller must have lock on zone

References auth_zone::fallback_enabled, and log_err().

◆ az_rrset_find_rr()

static int az_rrset_find_rr ( struct packed_rrset_data d,
uint8_t *  rdata,
size_t  len,
size_t *  index 
)
static

find an rr index in the rrset.

returns true if found

References packed_rrset_data::count, packed_rrset_data::rr_data, and packed_rrset_data::rr_len.

Referenced by az_domain_remove_rr().

◆ az_rrset_find_rrsig()

static int az_rrset_find_rrsig ( struct packed_rrset_data d,
uint8_t *  rdata,
size_t  len,
size_t *  index 
)
static

find an rrsig index in the rrset.

returns true if found

References packed_rrset_data::count, packed_rrset_data::rr_data, packed_rrset_data::rr_len, and packed_rrset_data::rrsig_count.

Referenced by az_domain_remove_rr().

◆ rrsig_rdata_get_type_covered()

static uint16_t rrsig_rdata_get_type_covered ( uint8_t *  rdata,
size_t  rdatalen 
)
static

get rrsig type covered from rdata.

Parameters
rdatardata in wireformat, starting with 16bit rdlength.
rdatalenlength of rdata buffer.
Returns
type covered (or 0).

Referenced by az_domain_add_rr(), az_domain_remove_rr(), rrset_moveover_rrsigs(), and rrsig_num_that_cover().

◆ rrset_remove_rr()

static int rrset_remove_rr ( struct auth_rrset rrset,
size_t  index 
)
static

◆ rrset_add_rr()

static int rrset_add_rr ( struct auth_rrset rrset,
uint32_t  rr_ttl,
uint8_t *  rdata,
size_t  rdatalen,
int  insert_sig 
)
static

◆ rrsigs_copy_from_rrset_to_rrsigset()

static int rrsigs_copy_from_rrset_to_rrsigset ( struct auth_rrset rrset,
struct auth_rrset rrsigset 
)
static

copy the rrsigs from the rrset to the rrsig rrset, because the rrset is going to be deleted.

reallocates the RRSIG rrset data.

References packed_rrset_data::count, auth_rrset::data, rdata_duplicate(), packed_rrset_data::rr_data, packed_rrset_data::rr_len, packed_rrset_data::rr_ttl, rrset_add_rr(), and packed_rrset_data::rrsig_count.

Referenced by az_domain_remove_rr().

◆ az_domain_add_rr()

static int az_domain_add_rr ( struct auth_data node,
uint16_t  rr_type,
uint32_t  rr_ttl,
uint8_t *  rdata,
size_t  rdatalen,
int *  duplicate 
)
static

Add rr to node, ignores duplicate RRs, rdata points to buffer with rdatalen octets, starts with 2bytelength.

References az_domain_rrset(), auth_rrset::data, LDNS_RR_TYPE_RRSIG, rdata_duplicate(), rrset_add_rr(), rrset_create(), rrset_moveover_rrsigs(), and rrsig_rdata_get_type_covered().

Referenced by az_insert_rr().

◆ az_domain_remove_rr()

static int az_domain_remove_rr ( struct auth_data node,
uint16_t  rr_type,
uint8_t *  rdata,
size_t  rdatalen,
int *  nonexist 
)
static

◆ az_parse_file()

static int az_parse_file ( struct auth_zone z,
FILE *  in,
uint8_t *  rr,
size_t  rrbuflen,
struct sldns_file_parse_state state,
char *  fname,
int  depth 
)
static

Parse zonefile.

Parameters
zzone to read in.
infile to read from (just opened).
rrbuffer to use for RRs, 64k. passed so that recursive includes can use the same buffer and do not grow the stack too much.
rrbuflensizeof rr buffer.
stateparse state with $ORIGIN, $TTL and 'prev-dname' and so on, that is kept between includes. The lineno is set at 1 and then increased by the function.
fnamefile name.
depthrecursion depth for includes returns false on failure, has printed an error message

References sldns_file_parse_state::lineno, and sldns_fp2wire_rr_buf().

Referenced by auth_zone_read_zonefile().

◆ auth_zone_read_zonefile()

int auth_zone_read_zonefile ( struct auth_zone z)

◆ auth_zone_get_serial()

int auth_zone_get_serial ( struct auth_zone z,
uint32_t *  serial 
)

find serial number of zone or false if none

find serial number of zone or false if none (no SOA record)

References az_domain_rrset(), az_find_name(), packed_rrset_data::count, auth_rrset::data, LDNS_RR_TYPE_SOA, auth_zone::name, auth_zone::namelen, and packed_rrset_data::rr_len.

Referenced by do_list_auth_zones().

◆ xfr_find_soa()

static int xfr_find_soa ( struct auth_zone z,
struct auth_xfer xfr 
)
static

◆ auth_xfer_setup()

static int auth_xfer_setup ( struct auth_zone z,
struct auth_xfer x 
)
static

Setup auth_xfer zone This populates the have_zone, soa values, and so on times.

Doesn't do network traffic yet, can set option flags.

Parameters
zlocked by caller, and modified for setup
xlocked by caller, and modified.
Returns
false on failure.

References xfr_find_soa().

Referenced by auth_zones_setup_zones().

◆ auth_zones_setup_zones()

static int auth_zones_setup_zones ( struct auth_zones az)
static

Setup all zones.

Parameters
azauth zones structure
Returns
false on failure.

References auth_xfer_find(), auth_xfer_setup(), auth_zone::dclass, auth_zones::lock, auth_zone::lock, auth_xfer::lock, auth_zone::name, auth_zone::namelen, RBTREE_FOR, and auth_zones::ztree.

Referenced by auth_zones_apply_cfg().

◆ az_delete_deleted_zones()

static void az_delete_deleted_zones ( struct auth_zones az)
static

find zones that are marked deleted and delete them.

This is called from apply_cfg, and there are no threads and no workers, so the xfr can just be deleted.

References auth_xfer_delete(), auth_xfer_find(), auth_zone_delete(), auth_zone::dclass, auth_zone::delete_next, auth_zones::lock, auth_zone::lock, auth_zone::name, auth_zone::namelen, auth_zone::node, auth_xfer::node, rbtree_delete(), RBTREE_FOR, auth_zones::xtree, auth_zone::zone_deleted, and auth_zones::ztree.

Referenced by auth_zones_apply_cfg().

◆ auth_zones_apply_cfg()

int auth_zones_apply_cfg ( struct auth_zones az,
struct config_file cfg,
int  setup 
)

Apply configuration to auth zones.

Reads zonefiles.

Parameters
azauth zones structure
cfgconfig to apply.
setupif true, also sets up values in the auth zones structure
Returns
false on failure.

References auth_zones_cfg(), auth_zones_read_zones(), auth_zones_setup_zones(), config_file::auths, az_delete_deleted_zones(), az_setall_deleted(), log_err(), log_warn(), config_auth::name, and config_auth::next.

Referenced by check_auth(), and context_finalize().

◆ auth_chunks_delete()

void auth_chunks_delete ( struct auth_transfer at)

delete chunks

Parameters
attransfer structure with chunks list. The chunks and their data are freed.

References auth_transfer::chunks_first, auth_transfer::chunks_last, auth_chunk::data, and auth_chunk::next.

Referenced by auth_xfer_delete(), auth_xfer_transfer_http_callback(), auth_zones_cleanup(), and process_list_end_transfer().

◆ az_domain_go_up()

static struct auth_data* az_domain_go_up ( struct auth_zone z,
struct auth_data n 
)
static

go up the auth tree to next existing name.

References az_find_name(), dname_is_root(), dname_remove_label(), auth_data::name, and auth_data::namelen.

Referenced by az_find_ce().

◆ az_find_ce()

static int az_find_ce ( struct auth_zone z,
struct query_info qinfo,
struct auth_data node,
int  node_exact,
struct auth_data **  ce,
struct auth_rrset **  rrset 
)
static

Find the closest encloser, an name that exists and is above the qname.

return true if the node (param node) is existing, nonobscured and can be used to generate answers from. It is then also node_exact. returns false if the node is not good enough (or it wasn't node_exact) in this case the ce can be filled. if ce is NULL, no ce exists, and likely the zone is completely empty, not even with a zone apex. if ce is nonNULL it is the closest enclosing upper name (that exists itself for answer purposes). That name may have DNAME, NS or wildcard rrset is the closest DNAME or NS rrset that was found.

References az_domain_go_up(), az_domain_rrset(), az_find_candidate_ce(), domain_has_only_nsec3(), LDNS_RR_TYPE_DNAME, LDNS_RR_TYPE_DS, LDNS_RR_TYPE_NS, auth_zone::namelen, auth_data::namelen, auth_data::node, query_info::qname_len, and query_info::qtype.

Referenced by auth_zone_generate_answer().

◆ az_add_additionals_from()

static int az_add_additionals_from ( struct auth_zone z,
struct regional region,
struct dns_msg msg,
struct auth_rrset rrset,
size_t  offset 
)
static

add additional A/AAAA from domain names in rrset rdata (+offset) offset is number of bytes in rdata where the dname is located.

References az_domain_rrset(), az_find_name(), packed_rrset_data::count, auth_rrset::data, dname_valid(), LDNS_RR_TYPE_A, LDNS_RR_TYPE_AAAA, msg_add_rrset_ar(), packed_rrset_data::rr_data, and packed_rrset_data::rr_len.

Referenced by az_generate_positive_answer().

◆ az_empty_nonterminal()

static int az_empty_nonterminal ( struct auth_zone z,
struct query_info qinfo,
struct auth_data node 
)
static

See if the query goes to empty nonterminal (that has no auth_data, but there are nodes underneath.

We already checked that there are not NS, or DNAME above, so that we only need to check if some node exists below (with nonempty rr list), return true if emptynonterminal

References auth_zone::data, dname_strict_subdomain_c(), auth_data::name, auth_data::node, query_info::qname, rbtree_first(), rbtree_next(), RBTREE_NULL, and auth_data::rrsets.

Referenced by az_generate_answer_nonexistnode().

◆ create_synth_cname()

static int create_synth_cname ( uint8_t *  qname,
size_t  qname_len,
struct regional region,
struct auth_data node,
struct auth_rrset dname,
uint16_t  dclass,
struct ub_packed_rrset_key **  cname 
)
static

create synthetic CNAME rrset for in a DNAME answer in region, false on alloc failure, cname==NULL when name too long.

References packed_rrset_data::count, auth_rrset::data, LDNS_MAX_DOMAINLEN, packed_rrset_data::rr_data, and packed_rrset_data::rr_len.

Referenced by add_synth_cname().

◆ az_nsec3_hash()

static size_t az_nsec3_hash ( uint8_t *  buf,
size_t  buflen,
uint8_t *  nm,
size_t  nmlen,
int  algo,
size_t  iter,
uint8_t *  salt,
size_t  saltlen 
)
static

Hash a name with nsec3param into buffer, it has zone name appended.

return length of hash

References LDNS_MAX_DOMAINLEN, N3HASHBUFLEN, nsec3_hash_algo_size_supported(), query_dname_tolower(), and secalgo_nsec3_hash().

Referenced by az_nsec3_hashname().

◆ az_nsec3_get_nextcloser()

static void az_nsec3_get_nextcloser ( uint8_t *  cenm,
uint8_t *  qname,
size_t  qname_len,
uint8_t **  nx,
size_t *  nxlen 
)
static

Return nextcloser name (as a ref into the qname).

This is one label more than the cenm (cename must be a suffix of qname)

References dname_count_labels(), dname_remove_labels(), dname_strict_subdomain(), and log_assert.

◆ az_nsec3_find_ce()

static struct auth_data* az_nsec3_find_ce ( struct auth_zone z,
uint8_t **  cenm,
size_t *  cenmlen,
int *  no_exact_ce,
int  algo,
size_t  iter,
uint8_t *  salt,
size_t  saltlen 
)
static

Find the closest encloser that has exact NSEC3.

updated cenm to the new name. If it went up no-exact-ce is true.

References az_nsec3_find_exact(), dname_remove_label(), auth_zone::namelen, and auth_data::node.

Referenced by az_add_nsec3_proof().

◆ az_add_nsec3_proof()

static int az_add_nsec3_proof ( struct auth_zone z,
struct regional region,
struct dns_msg msg,
uint8_t *  cenm,
size_t  cenmlen,
uint8_t *  qname,
size_t  qname_len,
int  nxproof,
int  wcproof 
)
static

add NSEC3 records to the zone for the nsec3 proof.

Specify with the flags with parts of the proof are required. the ce is the exact matching name (for notype) but also delegation points. qname is the one where the nextcloser name can be derived from. If NSEC3 is not properly there (in the zone) nothing is added. always enabled: include nsec3 proving about the Closest Encloser. that is an exact match that should exist for it. If that does not exist, a higher exact match + nxproof is enabled (for some sort of opt-out empty nonterminal cases). nxproof: include denial of the qname. wcproof: include denial of wildcard (wildcard.ce).

References az_nsec3_find_ce(), az_nsec3_param(), and auth_data::node.

Referenced by az_generate_wildcard_answer().

◆ az_generate_answer_nonexistnode()

static int az_generate_answer_nonexistnode ( struct auth_zone z,
struct query_info qinfo,
struct regional region,
struct dns_msg msg,
struct auth_data ce,
struct auth_rrset rrset,
struct auth_data node 
)
static

◆ auth_zone_generate_answer()

static int auth_zone_generate_answer ( struct auth_zone z,
struct query_info qinfo,
struct regional region,
struct dns_msg **  msg,
int *  fallback 
)
static

◆ auth_zones_lookup()

int auth_zones_lookup ( struct auth_zones az,
struct query_info qinfo,
struct regional region,
struct dns_msg **  msg,
int *  fallback,
uint8_t *  dp_nm,
size_t  dp_nmlen 
)

Use auth zones to lookup the answer to a query.

The query is from the iterator. And the auth zones attempts to provide the answer instead of going to the internet.

Parameters
azauth zones structure.
qinfoquery info to lookup.
regionregion to use to allocate the reply in.
msgreply is stored here (if one).
fallbackif true, fallback to making a query to the internet.
dp_nmname of delegation point to look for. This zone is used to answer the query. If the dp_nm is not found, fallback is set to true and false returned.
dp_nmlenlength of dp_nm.
Returns
0: failure (an error of some sort, like servfail). if 0 and fallback is true, fallback to the internet. if 0 and fallback is false, like getting servfail. If true, an answer is available.

References auth_zone_find(), auth_zone_generate_answer(), auth_zone::for_upstream, auth_zones::lock, auth_zone::lock, and query_info::qclass.

Referenced by q_ans_query().

◆ auth_zones_answer()

int auth_zones_answer ( struct auth_zones az,
struct module_env env,
struct query_info qinfo,
struct edns_data edns,
struct sldns_buffer buf,
struct regional temp 
)

Answer query from auth zone.

Create authoritative answer.

Parameters
azauth zones structure.
envthe module environment.
qinfoquery info (parsed).
ednsedns info (parsed).
bufbuffer with query ID and flags, also for reply.
temptemporary storage region.
Returns
false if not answered

References auth_error_encode(), auth_zone_generate_answer(), auth_zones_find_zone(), dname_remove_label(), auth_zone::for_downstream, auth_zones::have_downstream, LDNS_RR_TYPE_DS, auth_zones::lock, auth_zone::lock, auth_zones::num_query_down, query_info::qclass, query_info::qname, query_info::qname_len, and query_info::qtype.

Referenced by handle_newq().

◆ auth_zones_can_fallback()

int auth_zones_can_fallback ( struct auth_zones az,
uint8_t *  nm,
size_t  nmlen,
uint16_t  dclass 
)

see if the auth zone for the name can fallback

Parameters
azauth zones
nmname of delegation point.
nmlenlength of nm.
dclassclass of zone to look for.
Returns
true if fallback_enabled is true. false if not. if the zone does not exist, fallback is true (more lenient) also true if zone does not do upstream requests.

References auth_zone_find(), auth_zone::dclass, auth_zone::fallback_enabled, auth_zone::for_upstream, auth_zones::lock, and auth_zone::lock.

◆ auth_zone_parse_notify_serial()

int auth_zone_parse_notify_serial ( struct sldns_buffer pkt,
uint32_t *  serial 
)

process notify packet and read serial number from SOA.

returns 0 if no soa record in the notify

References query_info_parse(), and sldns_buffer_set_position().

◆ xfr_serial_means_update()

static int xfr_serial_means_update ( struct auth_xfer xfr,
uint32_t  serial 
)
static

see if the serial means the zone has to be updated, i.e.

the serial is newer than the zone serial, or we have no zone

References auth_xfer::have_zone, and auth_xfer::zone_expired.

Referenced by auth_xfer_probe_udp_callback(), process_list_end_transfer(), and xfr_process_notify().

◆ xfr_process_notify()

static void xfr_process_notify ( struct auth_xfer xfr,
struct module_env env,
int  has_serial,
uint32_t  serial,
struct auth_master fromhost 
)
static

process a notify serial, start new probe or note serial.

xfr is locked

References auth_xfer::lock, xfr_note_notify_serial(), xfr_serial_means_update(), and xfr_start_probe().

Referenced by auth_zones_notify().

◆ auth_zones_notify()

int auth_zones_notify ( struct auth_zones az,
struct module_env env,
uint8_t *  nm,
size_t  nmlen,
uint16_t  dclass,
struct sockaddr_storage *  addr,
socklen_t  addrlen,
int  has_serial,
uint32_t  serial,
int *  refused 
)

process notify for auth zones.

first checks the access list. Then processes the notify. This starts the probe sequence or it notes the serial number (if any)

Parameters
azauth zones structure.
envmodule env of the worker that is handling the notify. it will pick up the task probe (or transfer), unless already in progress by another worker.
nmname of the zone. Uncompressed. from query.
nmlenlength of name.
dclassclass of zone.
addrsource address of notify
addrlenlength of addr.
has_serialif true, the notify has a serial attached.
serialthe serial number, if has_serial is true.
refusedis set to true on failure to note refused access.
Returns
fail on failures (refused is false) and when access is denied (refused is true). True when processed.

References auth_xfer_find(), az_xfr_allowed_notify(), auth_zones::lock, auth_xfer::lock, and xfr_process_notify().

◆ chunkline_remove_trailcomment()

static void chunkline_remove_trailcomment ( sldns_buffer buf,
size_t  start 
)
static

remove trailing ;...

comment from a line in the chunkline buffer

References sldns_buffer_position(), sldns_buffer_read_u8_at(), and sldns_buffer_set_position().

Referenced by chunkline_get_line_collated().

◆ http_zonefile_syntax_check()

static int http_zonefile_syntax_check ( struct auth_xfer xfr,
sldns_buffer buf 
)
static

◆ ixfr_start_serial()

static int ixfr_start_serial ( struct auth_chunk rr_chunk,
int  rr_num,
size_t  rr_pos,
uint8_t *  rr_dname,
uint16_t  rr_type,
uint16_t  rr_class,
uint32_t  rr_ttl,
uint16_t  rr_rdlen,
uint8_t *  rr_rdata,
size_t  rr_nextpos,
uint32_t  transfer_serial,
uint32_t  xfr_serial 
)
static

check that start serial is OK for ixfr.

we are at rr_counter == 0, and we are going to check rr_counter == 1 (has to be type SOA) serial

References chunk_rrlist_end(), chunk_rrlist_get_current(), chunk_rrlist_gonext(), LDNS_RR_TYPE_SOA, VERB_OPS, and verbose().

◆ apply_ixfr()

static int apply_ixfr ( struct auth_xfer xfr,
struct auth_zone z,
struct sldns_buffer scratch_buffer 
)
static

apply IXFR to zone in memory.

z is locked. false on failure(mallocfail)

References chunk_rrlist_end(), chunk_rrlist_get_current(), chunk_rrlist_start(), LDNS_RR_TYPE_SOA, log_rrlist_position(), and verbosity.

Referenced by xfr_process_chunk_list().

◆ apply_axfr()

static int apply_axfr ( struct auth_xfer xfr,
struct auth_zone z,
struct sldns_buffer scratch_buffer 
)
static

◆ apply_http()

static int apply_http ( struct auth_xfer xfr,
struct auth_zone z,
struct sldns_buffer scratch_buffer 
)
static

◆ xfr_transfer_disown()

static void xfr_transfer_disown ( struct auth_xfer xfr)
static

disown task_transfer.

caller must hold xfr.lock

References comm_point_delete(), auth_transfer::cp, and auth_xfer::task_transfer.

Referenced by auth_zones_cleanup(), process_list_end_transfer(), and xfr_transfer_nexttarget_or_end().

◆ xfr_transfer_init_fetch()

static int xfr_transfer_init_fetch ( struct auth_xfer xfr,
struct module_env env 
)
static

◆ check_xfer_packet()

static int check_xfer_packet ( sldns_buffer pkt,
struct auth_xfer xfr,
int *  gonextonfail,
int *  transferdone 
)
static

check if xfer (AXFR or IXFR) packet is OK.

return false if we lost connection (SERVFAIL, or unreadable). return false if we need to move from IXFR to AXFR, with gonextonfail set to false, so the same master is tried again, but with AXFR. return true if fine to link into data. return true with transferdone=true when the transfer has ended.

References sldns_buffer_begin(), and sldns_buffer_limit().

◆ process_list_end_transfer()

static void process_list_end_transfer ( struct auth_xfer xfr,
struct module_env env 
)
static

◆ xfr_start_transfer()

static void xfr_start_transfer ( struct auth_xfer xfr,
struct module_env env,
struct auth_master master 
)
static

◆ xfr_probe_disown()

static void xfr_probe_disown ( struct auth_xfer xfr)
static

◆ auth_xfer_probe_timer_callback()

void auth_xfer_probe_timer_callback ( void *  arg)

◆ auth_xfer_probe_udp_callback()

int auth_xfer_probe_udp_callback ( struct comm_point c,
void *  arg,
int  err,
struct comm_reply repinfo 
)

◆ xfr_nextprobe_disown()

static void xfr_nextprobe_disown ( struct auth_xfer xfr)
static

disown task_nextprobe.

caller must hold xfr.lock

References comm_timer_delete(), auth_nextprobe::next_probe, auth_xfer::task_nextprobe, and auth_nextprobe::timer.

Referenced by auth_xfer_timer(), and auth_zones_cleanup().

◆ auth_xfer_pickup_initial()

void auth_xfer_pickup_initial ( struct auth_zones az,
struct module_env env 
)

initial pick up of worker timeouts, ties events to worker event loop

Parameters
azauth zones structure
envworker env, of first worker that receives the events (if any) in its eventloop.

References auth_xfer::have_zone, auth_xfer::lease_time, auth_zones::lock, auth_xfer::lock, module_env::now, RBTREE_FOR, auth_xfer::task_nextprobe, xfr_set_timeout(), and auth_zones::xtree.

◆ auth_zones_cleanup()

void auth_zones_cleanup ( struct auth_zones az)

Cleanup auth zones.

This removes all events from event bases. Stops the xfr tasks. But leaves zone data.

Parameters
azauth zones structure.

References auth_chunks_delete(), auth_zones::lock, auth_xfer::lock, RBTREE_FOR, auth_xfer::task_nextprobe, auth_xfer::task_probe, auth_xfer::task_transfer, xfr_nextprobe_disown(), xfr_probe_disown(), xfr_transfer_disown(), and auth_zones::xtree.

Referenced by daemon_cleanup().

◆ auth_xfer_new()

static struct auth_xfer* auth_xfer_new ( struct auth_zone z)
static

◆ auth_xfer_create()

struct auth_xfer* auth_xfer_create ( struct auth_zones az,
struct auth_zone z 
)

Create auth_xfer structure.

This populates the have_zone, soa values, and so on times. and sets the timeout, if a zone transfer is needed a short timeout is set. For that the auth_zone itself must exist (and read in zonefile) returns false on alloc failure.

References auth_xfer_new(), log_err(), auth_xfer::node, rbtree_insert(), and auth_zones::xtree.

Referenced by auth_zones_find_or_add_xfer().

◆ xfer_set_masters()

int xfer_set_masters ( struct auth_master **  list,
struct config_auth c,
int  with_http 
)

Set masters in auth xfer structure from config.

Parameters
listpointer to start of list. The malloced list is returned here.
cthe config items to copy over.
with_httpif true, http urls are also included, before the masters.
Returns
false on failure.

References auth_master::allow_notify, config_auth::allow_notify, auth_master_new(), auth_master::file, auth_master::host, auth_master::http, auth_master::ixfr, log_err(), config_auth::masters, config_strlist::next, parse_url(), auth_master::port, auth_master::ssl, config_strlist::str, and config_auth::urls.

Referenced by auth_zones_cfg().