51 #include <ldns/ldns.h>
53 static const char* zone_str =
"zone";
66 if (!name || !klass) {
74 ods_log_error(
"[%s] unable to create zone %s: create allocator "
75 "failed", zone_str, name);
82 ods_log_error(
"[%s] unable to create zone %s: allocator failed",
91 if (strlen(name) > 1 && name[strlen(name)-1] ==
'.') {
92 name[strlen(name)-1] =
'\0';
98 zone->
dname = ldns_dname_new_frm_str(name);
99 ldns_dname2canonical(zone->
dname);
117 ods_log_error(
"[%s] unable to create zone %s: create zonedata "
118 "failed", zone_str, name);
125 ods_log_error(
"[%s] unable to create zone %s: create signconf "
126 "failed", zone_str, name);
148 ldns_rdf* soa_min = NULL;
149 ldns_rr_type type = LDNS_RR_TYPE_FIRST;
159 ods_log_error(
"[%s] unable to add RR: no storage", zone_str);
166 ods_log_error(
"[%s] unable to add RR: no signconf", zone_str);
172 if (ldns_dname_compare(zone->
dname, ldns_rr_owner(rr)) != 0 &&
173 !ldns_dname_is_subdomain(ldns_rr_owner(rr), zone->
dname)) {
175 zone_str, zone->
name?zone->
name:
"(null)");
182 type = ldns_rr_get_type(rr);
186 zone_str, zone->
name?zone->
name:
"(null)", tmp);
187 ldns_rr_set_ttl(rr, tmp);
189 if (type == LDNS_RR_TYPE_SOA) {
193 zone_str, zone->
name?zone->
name:
"(null)", tmp);
194 ldns_rr_set_ttl(rr, tmp);
199 zone_str, zone->
name?zone->
name:
"(null)", tmp);
200 soa_min = ldns_rr_set_rdf(rr,
201 ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, tmp),
204 ldns_rdf_deep_free(soa_min);
207 "rdata", zone_str, zone->
name?zone->
name:
"(null)");
228 if (ldns_dname_compare(domain->
dname, zone->
dname) == 0) {
254 ods_log_error(
"[%s] unable to add RR: pend RR failed", zone_str);
259 if (zone->
stats && do_stats) {
283 ods_log_error(
"[%s] unable to del RR: no storage", zone_str);
308 if (
rrset_del_rr(rrset, rr, (ldns_rr_get_type(rr) == LDNS_RR_TYPE_DNSKEY))
310 ods_log_error(
"[%s] unable to del RR: pend RR failed", zone_str);
315 if (do_stats && zone->
stats) {
327 dnskey_withdraw(
zone_type* zone, ldns_rr_list* del)
329 ldns_rr* clone = NULL;
333 for (i=0; i < ldns_rr_list_rr_count(del); i++) {
334 clone = ldns_rr_clone(ldns_rr_list_rr(del, i));
349 nsec3param_withdraw(
zone_type* zone, ldns_rr* rr)
351 ldns_rr* clone = NULL;
357 clone = ldns_rr_clone(rr);
375 ldns_rr_list* del = NULL;
376 char* datestamp = NULL;
383 ods_log_error(
"[%s] unable to load signconf: no zone", zone_str);
389 "insecure?", zone_str, zone->
name);
399 ods_log_error(
"[%s] unable to load signconf: zone %s signconf "
400 "%s: storage empty", zone_str, zone->
name,
406 ods_log_debug(
"[%s] zone %s signconf file %s is modified since %s",
408 datestamp?datestamp:
"Unknown");
409 free((
void*)datestamp);
412 del = ldns_rr_list_new();
415 "signconf %s: ldns_rr_list_new() failed",
424 status = dnskey_withdraw(zone, del);
426 ldns_rr_list_free(del);
429 "signconf %s: failed to delete DNSKEY from RRset",
443 "signconf %s: failed to delete NSEC3PARAM RRset",
470 ods_log_debug(
"[%s] zone %s switch to new signconf", zone_str,
481 "%Y-%m-%d %T", &datestamp);
484 datestamp?datestamp:
"Unknown");
485 free((
void*)datestamp);
487 ods_log_error(
"[%s] unable to load signconf: zone %s signconf %s: "
502 hsm_ctx_t* ctx = NULL;
507 ldns_rr* dnskey = NULL;
511 ods_log_error(
"[%s] unable to publish dnskeys: no zone", zone_str);
517 ods_log_error(
"[%s] unable to publish dnskeys zone %s: no signconf",
518 zone_str, zone->
name);
524 ods_log_error(
"[%s] unable to publish dnskeys zone %s: no keys",
525 zone_str, zone->
name);
531 ods_log_error(
"[%s] unable to publish dnskeys zone %s: no zonedata",
532 zone_str, zone->
name);
543 ctx = hsm_create_context();
545 ods_log_error(
"[%s] unable to publish dnskeys for zone %s: error "
546 "creating libhsm context", zone_str, zone->
name);
561 "error creating DNSKEY for key %s", zone_str,
568 dnskey = ldns_rr_clone(key->
dnskey);
570 }
else if (do_publish) {
571 ldns_rr_set_ttl(key->
dnskey, ttl);
573 ldns_rr2canonical(key->
dnskey);
574 dnskey = ldns_rr_clone(key->
dnskey);
582 "error adding DNSKEY[%u] for key %s", zone_str,
583 zone->
name, ldns_calc_keytag(dnskey),
595 hsm_destroy_context(ctx);
608 ldns_rr* nsec3params_rr = NULL;
610 int doe_rollover = 0;
613 ods_log_error(
"[%s] unable to prepare NSEC3: no zone", zone_str);
619 ods_log_error(
"[%s] unable to prepare NSEC3: no signconf", zone_str);
640 ods_log_error(
"[%s] unable to prepare zone %s for NSEC3: failed "
641 "to create NSEC3 parameters", zone_str, zone->
name);
649 }
else if (doe_rollover) {
650 nsec3params_rr = ldns_rr_new_frm_type(LDNS_RR_TYPE_NSEC3PARAMS);
651 if (!nsec3params_rr) {
652 ods_log_error(
"[%s] unable to prepare zone %s for NSEC3: failed "
653 "to create NSEC3PARAM RR", zone_str, zone->
name);
660 ldns_rr_set_class(nsec3params_rr, zone->
klass);
661 ldns_rr_set_ttl(nsec3params_rr, 0);
662 ldns_rr_set_owner(nsec3params_rr, ldns_rdf_clone(zone->
dname));
663 ldns_nsec3_add_param_rdfs(nsec3params_rr,
672 ldns_set_bit(ldns_rdf_data(ldns_rr_rdf(nsec3params_rr, 1)), 7, 0);
674 ldns_rr2canonical(nsec3params_rr);
681 zone_str, zone->
name);
684 ldns_rr_free(nsec3params_rr);
699 char* filename = NULL;
708 free((
void*)filename);
711 fprintf(fd,
"%s\n", ODS_SE_FILE_MAGIC);
713 fprintf(fd,
";;Zone: name %s class %i ttl %u inbound %u internal "
742 fprintf(fd,
"%s\n", ODS_SE_FILE_MAGIC);
758 char* filename = NULL;
760 const char* token = NULL;
765 uint32_t inbound = 0;
766 uint32_t
internal = 0;
767 uint32_t outbound = 0;
779 const char* salt = NULL;
780 ldns_rr* nsec3params_rr = NULL;
793 free((
void*)filename);
873 ldns_rr_new_frm_fp(&nsec3params_rr, fd, NULL, NULL, NULL) ||
904 free((
void*)filename);
909 zone->
klass = (ldns_rr_class) klass;
930 nsec3params->
rr = nsec3params_rr;
933 zone->
task = (
void*) task;
988 free((
void*)filename);
1009 zone->
klass = (ldns_rr_class) klass;
1032 ods_log_error(
"[%s] unable to recover zone %s: corrupted file",
1033 zone_str, zone->
name);
1049 ldns_rr_free(nsec3params_rr);
1050 nsec3params_rr = NULL;
1052 nsec3params->
rr = NULL;
1097 ods_log_error(
"[%s] failed to merge policy %s name to zone "
1116 ods_log_error(
"[%s] failed to merge signconf filename %s to "
1154 hsm_ctx_t* ctx = NULL;
1162 ctx = hsm_create_context();
1164 ods_log_error(
"[%s] unable to prepare signing keys for zone %s: "
1165 "error creating libhsm context", zone_str, zone->
name);
1174 ods_log_error(
"[%s] unable to prepare signing keys for zone %s: "
1175 "error getting dnskey", zone_str, zone->
name);
1184 hsm_destroy_context(ctx);
1200 ldns_rdf* serial = NULL;
1202 if (!zone || !zone->
name) {
1203 ods_log_error(
"[%s] unable to update serial: no zone", zone_str);
1210 ods_log_error(
"[%s] unable to update serial: no signconf", zone_str);
1216 ods_log_error(
"[%s] unable to update serial: no zonedata", zone_str);
1223 ods_log_error(
"[%s] unable to update serial: failed to increment",
1231 ods_log_error(
"[%s] unable to update serial: apex not found",
1240 ods_log_error(
"[%s] unable to update serial: SOA RRset not found",
1247 if (rrset->
rrs && rrset->
rrs->rr) {
1248 serial = ldns_rr_set_rdf(rrset->
rrs->rr,
1249 ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32,
1252 if (ldns_rdf2native_int32(serial) !=
1256 ldns_rdf_deep_free(serial);
1258 ods_log_error(
"[%s] unable to update serial: failed to replace "
1259 "SOA SERIAL rdata", zone_str);
1274 if (fd && zone && zone->
zonedata) {
1313 ldns_rdf_deep_free(zone->
dname);