]>
git.ipfire.org Git - thirdparty/dhcp.git/blob - common/dns.c
3 Domain Name Service subroutines. */
6 * Copyright (c) 2000 Internet Software Consortium.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of The Internet Software Consortium nor the names
19 * of its contributors may be used to endorse or promote products derived
20 * from this software without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND
23 * CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
24 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
25 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
26 * DISCLAIMED. IN NO EVENT SHALL THE INTERNET SOFTWARE CONSORTIUM OR
27 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
29 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
30 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
31 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
32 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
33 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 * This software has been written for the Internet Software Consortium
37 * by Ted Lemon in cooperation with Vixie Enterprises and Nominum, Inc.
38 * To learn more about the Internet Software Consortium, see
39 * ``http://www.isc.org/''. To learn more about Vixie Enterprises,
40 * see ``http://www.vix.com''. To learn more about Nominum, Inc., see
41 * ``http://www.nominum.com''.
45 static char copyright
[] =
46 "$Id: dns.c,v 1.18 2000/03/17 03:59:01 mellon Exp $ Copyright (c) 2000 The Internet Software Consortium. All rights reserved.\n";
50 #include "arpa/nameser.h"
52 /* This file is kind of a crutch for the BIND 8 nsupdate code, which has
53 * itself been cruelly hacked from its original state. What this code
54 * does is twofold: first, it maintains a database of zone cuts that can
55 * be used to figure out which server should be contacted to update any
56 * given domain name. Secondly, it maintains a set of named TSIG keys,
57 * and associates those keys with zones. When an update is requested for
58 * a particular zone, the key associated with that zone is used for the
61 * The way this works is that you define the domain name to which an
62 * SOA corresponds, and the addresses of some primaries for that domain name:
66 * secondary 10.0.22.1, 10.0.23.1;
67 * tsig-key "FOO.COM Key";
70 * If an update is requested for GAZANGA.TOPANGA.FOO.COM, then the name
71 * server looks in its database for a zone record for "GAZANGA.TOPANGA.FOO.COM",
72 * doesn't find it, looks for one for "TOPANGA.FOO.COM", doesn't find *that*,
73 * looks for "FOO.COM", finds it. So it
74 * attempts the update to the primary for FOO.COM. If that times out, it
75 * tries the secondaries. You can list multiple primaries if you have some
76 * kind of magic name server that supports that. You shouldn't list
77 * secondaries that don't know how to forward updates (e.g., BIND 8 doesn't
78 * support update forwarding, AFAIK). If no TSIG key is listed, the update
79 * is attempted without TSIG.
81 * The DHCP server tries to find an existing zone for any given name by
82 * trying to look up a local zone structure for each domain containing
83 * that name, all the way up to '.'. If it finds one cached, it tries
84 * to use that one to do the update. That's why it tries to update
85 * "FOO.COM" above, even though theoretically it should try GAZANGA...
86 * and TOPANGA... first.
88 * If the update fails with a predefined or cached zone (we'll get to
89 * those in a second), then it tries to find a more specific zone. This
90 * is done by looking first for an SOA for GAZANGA.TOPANGA.FOO.COM. Then
91 * an SOA for TOPANGA.FOO.COM is sought. If during this search a predefined
92 * or cached zone is found, the update fails - there's something wrong
95 * If a more specific zone _is_ found, that zone is cached for the length of
96 * its TTL in the same database as that described above. TSIG updates are
97 * never done for cached zones - if you want TSIG updates you _must_
98 * write a zone definition linking the key to the zone. In cases where you
99 * know for sure what the key is but do not want to hardcode the IP addresses
100 * of the primary or secondaries, a zone declaration can be made that doesn't
101 * include any primary or secondary declarations. When the DHCP server
102 * encounters this while hunting up a matching zone for a name, it looks up
103 * the SOA, fills in the IP addresses, and uses that record for the update.
104 * If the SOA lookup returns NXRRSET, a warning is printed and the zone is
105 * discarded, TSIG key and all. The search for the zone then continues as if
106 * the zone record hadn't been found. Zones without IP addresses don't
107 * match when initially hunting for a predefined or cached zone to update.
109 * When an update is attempted and no predefined or cached zone is found
110 * that matches any enclosing domain of the domain being updated, the DHCP
111 * server goes through the same process that is done when the update to a
112 * predefined or cached zone fails - starting with the most specific domain
113 * name (GAZANGA.TOPANGA.FOO.COM) and moving to the least specific (the root),
114 * it tries to look up an SOA record. When it finds one, it creates a cached
115 * zone and attempts an update, and gives up if the update fails.
117 * TSIG keys are defined like this:
119 * tsig-key "FOO.COM Key" HMAC-MD5.SIG-ALG.REG.INT <CSHL>;
121 * CSHL is a colon-seperated list of hexadecimal bytes that make up
122 * the key. It's also permissible to use a quoted string here - this will
123 * be translated as the ASCII bytes making up the string, and will not include
124 * any NUL termination. The key name can be any text string, and the
125 * key type must be one of the key types defined in the draft or by the IANA.
126 * Currently only the HMAC-MD5... key type is supported.
129 struct hash_table
*tsig_key_hash
;
130 struct hash_table
*dns_zone_hash
;
132 isc_result_t
enter_dns_zone (struct dns_zone
*zone
)
137 tz
= hash_lookup (dns_zone_hash
, zone
-> name
, 0);
139 return ISC_R_SUCCESS
;
141 delete_hash_entry (dns_zone_hash
, zone
-> name
, 0);
144 new_hash ((hash_reference
)dns_zone_reference
,
145 (hash_dereference
)dns_zone_dereference
);
147 return ISC_R_NOMEMORY
;
149 add_hash (dns_zone_hash
, zone
-> name
, 0, zone
);
150 return ISC_R_SUCCESS
;
153 isc_result_t
dns_zone_lookup (struct dns_zone
**zone
, const char *name
) {
157 return ISC_R_NOTFOUND
;
158 tz
= hash_lookup (dns_zone_hash
, name
, 0);
160 return ISC_R_NOTFOUND
;
161 if (!dns_zone_reference (zone
, tz
, MDL
))
162 return ISC_R_UNEXPECTED
;
163 return ISC_R_SUCCESS
;
166 isc_result_t
enter_tsig_key (struct tsig_key
*tkey
)
171 tk
= hash_lookup (tsig_key_hash
, tkey
-> name
, 0);
173 return ISC_R_SUCCESS
;
175 delete_hash_entry (tsig_key_hash
, tkey
-> name
, 0);
178 new_hash ((hash_reference
)tsig_key_reference
,
179 (hash_dereference
)tsig_key_dereference
);
181 return ISC_R_NOMEMORY
;
183 add_hash (tsig_key_hash
, tkey
-> name
, 0, tkey
);
184 return ISC_R_SUCCESS
;
188 isc_result_t
tsig_key_lookup (struct tsig_key
**tkey
, const char *name
) {
192 return ISC_R_NOTFOUND
;
193 tk
= hash_lookup (tsig_key_hash
, name
, 0);
195 return ISC_R_NOTFOUND
;
196 if (!tsig_key_reference (tkey
, tk
, MDL
))
197 return ISC_R_UNEXPECTED
;
198 return ISC_R_SUCCESS
;
201 int dns_zone_dereference (ptr
, file
, line
)
202 struct dns_zone
**ptr
;
207 struct dns_zone
*dns_zone
;
210 log_error ("%s(%d): null pointer", file
, line
);
211 #if defined (POINTER_DEBUG)
219 *ptr
= (struct dns_zone
*)0;
220 --dns_zone
-> refcnt
;
221 rc_register (file
, line
, ptr
, dns_zone
, dns_zone
-> refcnt
);
222 if (dns_zone
-> refcnt
> 0)
225 if (dns_zone
-> refcnt
< 0) {
226 log_error ("%s(%d): negative refcnt!", file
, line
);
227 #if defined (DEBUG_RC_HISTORY)
230 #if defined (POINTER_DEBUG)
237 if (dns_zone
-> name
)
238 dfree (dns_zone
-> name
, file
, line
);
240 tsig_key_dereference (&dns_zone
-> key
, file
, line
);
241 if (dns_zone
-> primary
)
242 option_cache_dereference (&dns_zone
-> primary
, file
, line
);
243 if (dns_zone
-> secondary
)
244 option_cache_dereference (&dns_zone
-> secondary
, file
, line
);
245 dfree (dns_zone
, file
, line
);