2 * This file is part of PowerDNS or dnsdist.
3 * Copyright -- PowerDNS.COM B.V. and its contributors
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of version 2 of the GNU General Public License as
7 * published by the Free Software Foundation.
9 * In addition, for the avoidance of any doubt, permission is granted to
10 * link this program with OpenSSL and to (re)distribute the binaries
11 * produced as the result of such linking.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
29 #include <sys/types.h>
35 #include <boost/algorithm/string.hpp>
36 #include <system_error>
38 #include "pdns/dnsseckeeper.hh"
39 #include "pdns/dnssecinfra.hh"
40 #include "pdns/base32.hh"
41 #include "pdns/namespaces.hh"
42 #include "pdns/dns.hh"
43 #include "pdns/dnsbackend.hh"
44 #include "bindbackend2.hh"
45 #include "pdns/dnspacket.hh"
46 #include "pdns/zoneparser-tng.hh"
47 #include "pdns/bindparserclasses.hh"
48 #include "pdns/logger.hh"
49 #include "pdns/arguments.hh"
50 #include "pdns/qtype.hh"
51 #include "pdns/misc.hh"
52 #include "pdns/dynlistener.hh"
53 #include "pdns/lock.hh"
54 #include "pdns/namespaces.hh"
57 All instances of this backend share one s_state, which is indexed by zone name and zone id.
58 The s_state is protected by a read/write lock, and the goal it to only interact with it briefly.
59 When a query comes in, we take a read lock and COPY the best zone to answer from s_state (BB2DomainInfo object)
60 All answers are served from this copy.
62 To interact with s_state, use safeGetBBDomainInfo (search on name or id), safePutBBDomainInfo (to update)
63 or safeRemoveBBDomainInfo. These all lock as they should.
65 Several functions need to traverse s_state to get data for the rest of PowerDNS. When doing so,
66 you need to manually take the s_state_lock (read).
68 Parsing zones happens with parseZone(), which fills a BB2DomainInfo object. This can then be stored with safePutBBDomainInfo.
70 Finally, the BB2DomainInfo contains all records as a LookButDontTouch object. This makes sure you only look, but don't touch, since
71 the records might be in use in other places.
74 Bind2Backend::state_t
Bind2Backend::s_state
;
75 int Bind2Backend::s_first
=1;
76 bool Bind2Backend::s_ignore_broken_records
=false;
78 pthread_rwlock_t
Bind2Backend::s_state_lock
=PTHREAD_RWLOCK_INITIALIZER
;
79 pthread_mutex_t
Bind2Backend::s_supermaster_config_lock
=PTHREAD_MUTEX_INITIALIZER
; // protects writes to config file
80 pthread_mutex_t
Bind2Backend::s_startup_lock
=PTHREAD_MUTEX_INITIALIZER
;
81 string
Bind2Backend::s_binddirectory
;
83 BB2DomainInfo::BB2DomainInfo()
91 void BB2DomainInfo::setCheckInterval(time_t seconds
)
93 d_checkinterval
=seconds
;
96 bool BB2DomainInfo::current()
105 if(time(0) - d_lastcheck
< d_checkinterval
)
108 if(d_filename
.empty())
111 return (getCtime()==d_ctime
);
114 time_t BB2DomainInfo::getCtime()
118 if(d_filename
.empty() || stat(d_filename
.c_str(),&buf
)<0)
124 void BB2DomainInfo::setCtime()
127 if(stat(d_filename
.c_str(),&buf
)<0)
129 d_ctime
=buf
.st_ctime
;
132 bool Bind2Backend::safeGetBBDomainInfo(int id
, BB2DomainInfo
* bbd
)
134 ReadLock
rl(&s_state_lock
);
135 state_t::const_iterator iter
= s_state
.find(id
);
136 if(iter
== s_state
.end())
142 bool Bind2Backend::safeGetBBDomainInfo(const DNSName
& name
, BB2DomainInfo
* bbd
)
144 ReadLock
rl(&s_state_lock
);
145 typedef state_t::index
<NameTag
>::type nameindex_t
;
146 nameindex_t
& nameindex
= boost::multi_index::get
<NameTag
>(s_state
);
148 nameindex_t::const_iterator iter
= nameindex
.find(name
);
149 if(iter
== nameindex
.end())
155 bool Bind2Backend::safeRemoveBBDomainInfo(const DNSName
& name
)
157 WriteLock
rl(&s_state_lock
);
158 typedef state_t::index
<NameTag
>::type nameindex_t
;
159 nameindex_t
& nameindex
= boost::multi_index::get
<NameTag
>(s_state
);
161 nameindex_t::iterator iter
= nameindex
.find(name
);
162 if(iter
== nameindex
.end())
164 nameindex
.erase(iter
);
168 void Bind2Backend::safePutBBDomainInfo(const BB2DomainInfo
& bbd
)
170 WriteLock
rl(&s_state_lock
);
171 replacing_insert(s_state
, bbd
);
174 void Bind2Backend::setNotified(uint32_t id
, uint32_t serial
)
177 if (!safeGetBBDomainInfo(id
, &bbd
))
179 bbd
.d_lastnotified
= serial
;
180 safePutBBDomainInfo(bbd
);
183 void Bind2Backend::setFresh(uint32_t domain_id
)
186 if(safeGetBBDomainInfo(domain_id
, &bbd
)) {
187 bbd
.d_lastcheck
=time(0);
188 safePutBBDomainInfo(bbd
);
192 bool Bind2Backend::startTransaction(const DNSName
&qname
, int id
)
195 d_transaction_tmpname
.clear();
200 throw DBException("domain_id 0 is invalid for this backend.");
205 if(safeGetBBDomainInfo(id
, &bbd
)) {
206 d_transaction_tmpname
= bbd
.d_filename
+ "XXXXXX";
207 int fd
= mkstemp(&d_transaction_tmpname
.at(0));
209 throw DBException("Unable to create a unique temporary zonefile '"+d_transaction_tmpname
+"': "+stringerror());
213 d_of
= std::unique_ptr
<ofstream
>(new ofstream(d_transaction_tmpname
.c_str()));
215 unlink(d_transaction_tmpname
.c_str());
219 throw DBException("Unable to open temporary zonefile '"+d_transaction_tmpname
+"': "+stringerror());
224 *d_of
<<"; Written by PowerDNS, don't edit!"<<endl
;
225 *d_of
<<"; Zone '"<<bbd
.d_name
<<"' retrieved from master "<<endl
<<"; at "<<nowTime()<<endl
; // insert master info here again
232 bool Bind2Backend::commitTransaction()
234 if(d_transaction_id
< 0)
239 if(safeGetBBDomainInfo(d_transaction_id
, &bbd
)) {
240 if(rename(d_transaction_tmpname
.c_str(), bbd
.d_filename
.c_str())<0)
241 throw DBException("Unable to commit (rename to: '" + bbd
.d_filename
+"') AXFRed zone: "+stringerror());
242 queueReloadAndStore(bbd
.d_id
);
250 bool Bind2Backend::abortTransaction()
252 // -1 = dnssec speciality
253 // 0 = invalid transact
254 // >0 = actual transaction
255 if(d_transaction_id
> 0) {
256 unlink(d_transaction_tmpname
.c_str());
264 bool Bind2Backend::feedRecord(const DNSResourceRecord
&rr
, const DNSName
&ordername
, bool ordernameIsNSEC3
)
267 if (!safeGetBBDomainInfo(d_transaction_id
, &bbd
))
271 string name
= bbd
.d_name
.toString();
272 if (bbd
.d_name
.empty()) {
273 qname
= rr
.qname
.toString();
275 else if (rr
.qname
.isPartOf(bbd
.d_name
)) {
276 if (rr
.qname
== bbd
.d_name
) {
280 DNSName relName
= rr
.qname
.makeRelative(bbd
.d_name
);
281 qname
= relName
.toStringNoDot();
285 throw DBException("out-of-zone data '"+rr
.qname
.toLogString()+"' during AXFR of zone '"+bbd
.d_name
.toLogString()+"'");
288 shared_ptr
<DNSRecordContent
> drc(DNSRecordContent::mastermake(rr
.qtype
.getCode(), 1, rr
.content
));
289 string content
= drc
->getZoneRepresentation();
291 // SOA needs stripping too! XXX FIXME - also, this should not be here I think
292 switch(rr
.qtype
.getCode()) {
298 stripDomainSuffix(&content
, name
);
302 *d_of
<<qname
<<"\t"<<rr
.ttl
<<"\t"<<rr
.qtype
.getName()<<"\t"<<content
<<endl
;
308 void Bind2Backend::getUpdatedMasters(vector
<DomainInfo
> *changedDomains
)
310 vector
<DomainInfo
> consider
;
312 ReadLock
rl(&s_state_lock
);
314 for(state_t::const_iterator i
= s_state
.begin(); i
!= s_state
.end() ; ++i
) {
315 if(i
->d_kind
!= DomainInfo::Master
&& this->alsoNotify
.empty() && i
->d_also_notify
.empty())
321 di
.last_check
=i
->d_lastcheck
;
322 di
.notified_serial
=i
->d_lastnotified
;
324 di
.kind
=DomainInfo::Master
;
325 consider
.push_back(di
);
330 for(DomainInfo
& di
: consider
) {
333 this->getSOA(di
.zone
, soadata
); // we might not *have* a SOA yet, but this might trigger a load of it
338 if(di
.notified_serial
!= soadata
.serial
) {
340 if(safeGetBBDomainInfo(di
.id
, &bbd
)) {
341 bbd
.d_lastnotified
=soadata
.serial
;
342 safePutBBDomainInfo(bbd
);
344 if(di
.notified_serial
) { // don't do notification storm on startup
345 di
.serial
=soadata
.serial
;
346 changedDomains
->push_back(di
);
352 void Bind2Backend::getAllDomains(vector
<DomainInfo
> *domains
, bool include_disabled
)
356 // prevent deadlock by using getSOA() later on
358 ReadLock
rl(&s_state_lock
);
360 for(state_t::const_iterator i
= s_state
.begin(); i
!= s_state
.end() ; ++i
) {
364 di
.last_check
=i
->d_lastcheck
;
366 di
.masters
=i
->d_masters
;
368 domains
->push_back(di
);
372 for(DomainInfo
&di
: *domains
) {
373 // do not corrupt di if domain supplied by another backend.
374 if (di
.backend
!= this)
377 this->getSOA(di
.zone
, soadata
);
381 di
.serial
=soadata
.serial
;
385 void Bind2Backend::getUnfreshSlaveInfos(vector
<DomainInfo
> *unfreshDomains
)
387 vector
<DomainInfo
> domains
;
389 ReadLock
rl(&s_state_lock
);
390 for(state_t::const_iterator i
= s_state
.begin(); i
!= s_state
.end() ; ++i
) {
391 if(i
->d_kind
!= DomainInfo::Slave
)
396 sd
.masters
=i
->d_masters
;
397 sd
.last_check
=i
->d_lastcheck
;
399 sd
.kind
=DomainInfo::Slave
;
400 domains
.push_back(sd
);
404 for(DomainInfo
&sd
: domains
) {
409 getSOA(sd
.zone
,soadata
); // we might not *have* a SOA yet
412 sd
.serial
=soadata
.serial
;
413 if(sd
.last_check
+soadata
.refresh
< (unsigned int)time(0))
414 unfreshDomains
->push_back(sd
);
418 bool Bind2Backend::getDomainInfo(const DNSName
& domain
, DomainInfo
&di
, bool getSerial
)
421 if(!safeGetBBDomainInfo(domain
, &bbd
))
426 di
.masters
=bbd
.d_masters
;
427 di
.last_check
=bbd
.d_lastcheck
;
436 getSOA(bbd
.d_name
,sd
); // we might not *have* a SOA yet
445 void Bind2Backend::alsoNotifies(const DNSName
& domain
, set
<string
> *ips
)
447 // combine global list with local list
448 for(set
<string
>::iterator i
= this->alsoNotify
.begin(); i
!= this->alsoNotify
.end(); i
++) {
451 ReadLock
rl(&s_state_lock
);
452 for(state_t::const_iterator i
= s_state
.begin(); i
!= s_state
.end() ; ++i
) {
453 if(i
->d_name
== domain
) {
454 for(set
<string
>::iterator it
= i
->d_also_notify
.begin(); it
!= i
->d_also_notify
.end(); it
++) {
462 // only parses, does NOT add to s_state!
463 void Bind2Backend::parseZoneFile(BB2DomainInfo
*bbd
)
465 NSEC3PARAMRecordContent ns3pr
;
469 nsec3zone
=dk
.getNSEC3PARAM(bbd
->d_name
, &ns3pr
);
471 nsec3zone
=getNSEC3PARAM(bbd
->d_name
, &ns3pr
);
473 bbd
->d_records
= shared_ptr
<recordstorage_t
>(new recordstorage_t());
475 ZoneParserTNG
zpt(bbd
->d_filename
, bbd
->d_name
, s_binddirectory
);
476 DNSResourceRecord rr
;
479 if(rr
.qtype
.getCode() == QType::NSEC
|| rr
.qtype
.getCode() == QType::NSEC3
|| rr
.qtype
.getCode() == QType::NSEC3PARAM
)
480 continue; // we synthesise NSECs on demand
482 insertRecord(*bbd
, rr
.qname
, rr
.qtype
, rr
.content
, rr
.ttl
, "");
484 fixupOrderAndAuth(*bbd
, nsec3zone
, ns3pr
);
485 doEmptyNonTerminals(*bbd
, nsec3zone
, ns3pr
);
488 bbd
->d_checknow
=false;
489 bbd
->d_status
="parsed into memory at "+nowTime();
492 /** THIS IS AN INTERNAL FUNCTION! It does moadnsparser prio impedance matching
493 Much of the complication is due to the efforts to benefit from std::string reference counting copy on write semantics */
494 void Bind2Backend::insertRecord(BB2DomainInfo
& bb2
, const DNSName
&qname
, const QType
&qtype
, const string
&content
, int ttl
, const std::string
& hashed
, bool *auth
)
497 shared_ptr
<recordstorage_t
> records
= bb2
.d_records
.getWRITABLE();
500 if(bb2
.d_name
.empty())
502 else if(bdr
.qname
.isPartOf(bb2
.d_name
))
503 bdr
.qname
= bdr
.qname
.makeRelative(bb2
.d_name
);
505 string msg
= "Trying to insert non-zone data, name='"+bdr
.qname
.toLogString()+"', qtype="+qtype
.getName()+", zone='"+bb2
.d_name
.toLogString()+"'";
506 if(s_ignore_broken_records
) {
507 g_log
<<Logger::Warning
<<msg
<< " ignored" << endl
;
511 throw PDNSException(msg
);
514 // bdr.qname.swap(bdr.qname);
516 if(!records
->empty() && bdr
.qname
==boost::prior(records
->end())->qname
)
517 bdr
.qname
=boost::prior(records
->end())->qname
;
520 bdr
.qtype
=qtype
.getCode();
522 bdr
.nsec3hash
= hashed
;
524 if (auth
) // Set auth on empty non-terminals
530 records
->insert(bdr
);
533 string
Bind2Backend::DLReloadNowHandler(const vector
<string
>&parts
, Utility::pid_t ppid
)
537 for(vector
<string
>::const_iterator i
=parts
.begin()+1;i
<parts
.end();++i
) {
540 if(safeGetBBDomainInfo(zone
, &bbd
)) {
542 bb2
.queueReloadAndStore(bbd
.d_id
);
543 if (!safeGetBBDomainInfo(zone
, &bbd
)) // Read the *new* domain status
544 ret
<< *i
<< ": [missing]\n";
546 ret
<< *i
<< ": "<< (bbd
.d_wasRejectedLastReload
? "[rejected]": "") <<"\t"<<bbd
.d_status
<<"\n";
549 ret
<< *i
<< " no such domain\n";
551 if(ret
.str().empty())
552 ret
<<"no domains reloaded";
557 string
Bind2Backend::DLDomStatusHandler(const vector
<string
>&parts
, Utility::pid_t ppid
)
561 if(parts
.size() > 1) {
562 for(vector
<string
>::const_iterator i
=parts
.begin()+1;i
<parts
.end();++i
) {
564 if(safeGetBBDomainInfo(DNSName(*i
), &bbd
)) {
565 ret
<< *i
<< ": "<< (bbd
.d_loaded
? "": "[rejected]") <<"\t"<<bbd
.d_status
<<"\n";
568 ret
<< *i
<< " no such domain\n";
572 ReadLock
rl(&s_state_lock
);
573 for(state_t::const_iterator i
= s_state
.begin(); i
!= s_state
.end() ; ++i
) {
574 ret
<< i
->d_name
<< ": "<< (i
->d_loaded
? "": "[rejected]") <<"\t"<<i
->d_status
<<"\n";
578 if(ret
.str().empty())
579 ret
<<"no domains passed";
584 string
Bind2Backend::DLListRejectsHandler(const vector
<string
>&parts
, Utility::pid_t ppid
)
587 ReadLock
rl(&s_state_lock
);
588 for(state_t::const_iterator i
= s_state
.begin(); i
!= s_state
.end() ; ++i
) {
590 ret
<<i
->d_name
<<"\t"<<i
->d_status
<<endl
;
595 string
Bind2Backend::DLAddDomainHandler(const vector
<string
>&parts
, Utility::pid_t ppid
)
598 return "ERROR: Domain name and zone filename are required";
600 DNSName
domainname(parts
[1]);
601 const string
&filename
= parts
[2];
603 if(safeGetBBDomainInfo(domainname
, &bbd
))
604 return "Already loaded";
606 if (!boost::starts_with(filename
, "/") && ::arg()["chroot"].empty())
607 return "Unable to load zone " + domainname
.toLogString() + " from " + filename
+ " as the filename is not absolute.";
610 if (stat(filename
.c_str(), &buf
) != 0)
611 return "Unable to load zone " + domainname
.toLogString() + " from " + filename
+ ": " + strerror(errno
);
613 Bind2Backend bb2
; // createdomainentry needs access to our configuration
614 bbd
=bb2
.createDomainEntry(domainname
, filename
);
615 bbd
.d_filename
=filename
;
619 bbd
.d_status
="parsing into memory";
622 safePutBBDomainInfo(bbd
);
624 g_log
<<Logger::Warning
<<"Zone "<<domainname
<< " loaded"<<endl
;
625 return "Loaded zone " + domainname
.toLogString() + " from " + filename
;
628 Bind2Backend::Bind2Backend(const string
&suffix
, bool loadZones
)
630 d_getAllDomainMetadataQuery_stmt
= NULL
;
631 d_getDomainMetadataQuery_stmt
= NULL
;
632 d_deleteDomainMetadataQuery_stmt
= NULL
;
633 d_insertDomainMetadataQuery_stmt
= NULL
;
634 d_getDomainKeysQuery_stmt
= NULL
;
635 d_deleteDomainKeyQuery_stmt
= NULL
;
636 d_insertDomainKeyQuery_stmt
= NULL
;
637 d_GetLastInsertedKeyIdQuery_stmt
= NULL
;
638 d_activateDomainKeyQuery_stmt
= NULL
;
639 d_deactivateDomainKeyQuery_stmt
= NULL
;
640 d_getTSIGKeyQuery_stmt
= NULL
;
641 d_setTSIGKeyQuery_stmt
= NULL
;
642 d_deleteTSIGKeyQuery_stmt
= NULL
;
643 d_getTSIGKeysQuery_stmt
= NULL
;
645 setArgPrefix("bind"+suffix
);
646 d_logprefix
="[bind"+suffix
+"backend]";
647 d_hybrid
=mustDo("hybrid");
649 s_ignore_broken_records
=mustDo("ignore-broken-records");
651 if (!loadZones
&& d_hybrid
)
654 Lock
l(&s_startup_lock
);
666 extern DynListener
*dl
;
667 dl
->registerFunc("BIND-RELOAD-NOW", &DLReloadNowHandler
, "bindbackend: reload domains", "<domains>");
668 dl
->registerFunc("BIND-DOMAIN-STATUS", &DLDomStatusHandler
, "bindbackend: list status of all domains", "[domains]");
669 dl
->registerFunc("BIND-LIST-REJECTS", &DLListRejectsHandler
, "bindbackend: list rejected domains");
670 dl
->registerFunc("BIND-ADD-ZONE", &DLAddDomainHandler
, "bindbackend: add zone", "<domain> <filename>");
673 Bind2Backend::~Bind2Backend()
674 { freeStatements(); } // deallocate statements
676 void Bind2Backend::rediscover(string
*status
)
681 void Bind2Backend::reload()
683 WriteLock
rwl(&s_state_lock
);
684 for(state_t::iterator i
= s_state
.begin(); i
!= s_state
.end() ; ++i
) {
685 i
->d_checknow
=true; // being a bit cheeky here, don't index state_t on this (mutable)
689 void Bind2Backend::fixupOrderAndAuth(BB2DomainInfo
& bbd
, bool nsec3zone
, NSEC3PARAMRecordContent ns3pr
)
691 shared_ptr
<recordstorage_t
> records
= bbd
.d_records
.getWRITABLE();
695 set
<DNSName
> nssets
, dssets
;
697 for(const auto& bdr
: *records
) {
698 if(!bdr
.qname
.isRoot() && bdr
.qtype
== QType::NS
)
699 nssets
.insert(bdr
.qname
);
700 else if(bdr
.qtype
== QType::DS
)
701 dssets
.insert(bdr
.qname
);
704 for(auto iter
= records
->begin(); iter
!= records
->end(); iter
++) {
706 shorter
= iter
->qname
;
708 if (!iter
->qname
.isRoot() && shorter
.chopOff() && !iter
->qname
.isRoot()) {
710 if(nssets
.count(shorter
)) {
714 } while(shorter
.chopOff() && !iter
->qname
.isRoot());
717 iter
->auth
= (!skip
&& (iter
->qtype
== QType::DS
|| iter
->qtype
== QType::RRSIG
|| !nssets
.count(iter
->qname
)));
719 if(!skip
&& nsec3zone
&& iter
->qtype
!= QType::RRSIG
&& (iter
->auth
|| (iter
->qtype
== QType::NS
&& !ns3pr
.d_flags
) || dssets
.count(iter
->qname
))) {
720 Bind2DNSRecord bdr
= *iter
;
721 bdr
.nsec3hash
= toBase32Hex(hashQNameWithSalt(ns3pr
, bdr
.qname
+bbd
.d_name
));
722 records
->replace(iter
, bdr
);
725 // cerr<<iter->qname<<"\t"<<QType(iter->qtype).getName()<<"\t"<<iter->nsec3hash<<"\t"<<iter->auth<<endl;
729 void Bind2Backend::doEmptyNonTerminals(BB2DomainInfo
& bbd
, bool nsec3zone
, NSEC3PARAMRecordContent ns3pr
)
731 shared_ptr
<const recordstorage_t
> records
= bbd
.d_records
.get();
736 map
<DNSName
, bool> nonterm
;
738 uint32_t maxent
= ::arg().asNum("max-ent-entries");
740 for(const auto& bdr
: *records
)
741 qnames
.insert(bdr
.qname
);
743 for(const auto& bdr
: *records
) {
745 if (!bdr
.auth
&& bdr
.qtype
== QType::NS
)
746 auth
= (!nsec3zone
|| !ns3pr
.d_flags
);
751 while(shorter
.chopOff())
753 if(!qnames
.count(shorter
))
757 g_log
<<Logger::Error
<<"Zone '"<<bbd
.d_name
<<"' has too many empty non terminals."<<endl
;
761 if (!nonterm
.count(shorter
)) {
762 nonterm
.insert(pair
<DNSName
, bool>(shorter
, auth
));
765 nonterm
[shorter
] = true;
770 DNSResourceRecord rr
;
774 for(auto& nt
: nonterm
)
777 rr
.qname
= nt
.first
+ bbd
.d_name
;
778 if(nsec3zone
&& nt
.second
)
779 hashed
= toBase32Hex(hashQNameWithSalt(ns3pr
, rr
.qname
));
780 insertRecord(bbd
, rr
.qname
, rr
.qtype
, rr
.content
, rr
.ttl
, hashed
, &nt
.second
);
782 // cerr<<rr.qname<<"\t"<<rr.qtype.getName()<<"\t"<<hashed<<"\t"<<nt.second<<endl;
786 void Bind2Backend::loadConfig(string
* status
)
788 static int domain_id
=1;
790 if(!getArg("config").empty()) {
793 BP
.parse(getArg("config"));
795 catch(PDNSException
&ae
) {
796 g_log
<<Logger::Error
<<"Error parsing bind configuration: "<<ae
.reason
<<endl
;
800 vector
<BindDomainInfo
> domains
=BP
.getDomains();
801 this->alsoNotify
= BP
.getAlsoNotify();
803 s_binddirectory
=BP
.getDirectory();
804 // ZP.setDirectory(d_binddirectory);
806 g_log
<<Logger::Warning
<<d_logprefix
<<" Parsing "<<domains
.size()<<" domain(s), will report when done"<<endl
;
808 set
<DNSName
> oldnames
, newnames
;
810 ReadLock
rl(&s_state_lock
);
811 for(const BB2DomainInfo
& bbd
: s_state
) {
812 oldnames
.insert(bbd
.d_name
);
820 for(vector
<BindDomainInfo
>::iterator i
=domains
.begin(); i
!=domains
.end(); ++i
)
822 if(stat(i
->filename
.c_str(), &st
) == 0) {
823 i
->d_dev
= st
.st_dev
;
824 i
->d_ino
= st
.st_ino
;
828 sort(domains
.begin(), domains
.end()); // put stuff in inode order
829 for(vector
<BindDomainInfo
>::const_iterator i
=domains
.begin();
833 if (!(i
->hadFileDirective
)) {
834 g_log
<<Logger::Warning
<<d_logprefix
<<" Zone '"<<i
->name
<<"' has no 'file' directive set in "<<getArg("config")<<endl
;
840 g_log
<<Logger::Notice
<<d_logprefix
<<" Zone '"<<i
->name
<<"' has no type specified, assuming 'native'"<<endl
;
841 if(i
->type
!="master" && i
->type
!="slave" && i
->type
!= "native" && i
->type
!= "") {
842 g_log
<<Logger::Warning
<<d_logprefix
<<" Warning! Skipping zone '"<<i
->name
<<"' because type '"<<i
->type
<<"' is invalid"<<endl
;
850 if(!safeGetBBDomainInfo(i
->name
, &bbd
)) {
852 bbd
.d_id
=domain_id
++;
853 bbd
.setCheckInterval(getArgAsNum("check-interval"));
854 bbd
.d_lastnotified
=0;
858 // overwrite what we knew about the domain
860 bool filenameChanged
= (bbd
.d_filename
!=i
->filename
);
861 bbd
.d_filename
=i
->filename
;
862 bbd
.d_masters
=i
->masters
;
863 bbd
.d_also_notify
=i
->alsoNotify
;
865 bbd
.d_kind
= DomainInfo::Native
;
866 if (i
->type
== "master")
867 bbd
.d_kind
= DomainInfo::Master
;
868 if (i
->type
== "slave")
869 bbd
.d_kind
= DomainInfo::Slave
;
871 newnames
.insert(bbd
.d_name
);
872 if(filenameChanged
|| !bbd
.d_loaded
|| !bbd
.current()) {
873 g_log
<<Logger::Info
<<d_logprefix
<<" parsing '"<<i
->name
<<"' from file '"<<i
->filename
<<"'"<<endl
;
878 catch(PDNSException
&ae
) {
880 msg
<<" error at "+nowTime()+" parsing '"<<i
->name
<<"' from file '"<<i
->filename
<<"': "<<ae
.reason
;
884 bbd
.d_status
=msg
.str();
886 g_log
<<Logger::Warning
<<d_logprefix
<<msg
.str()<<endl
;
889 catch(std::system_error
&ae
) {
891 if (ae
.code().value() == ENOENT
&& isNew
&& i
->type
== "slave")
892 msg
<<" error at "+nowTime()<<" no file found for new slave domain '"<<i
->name
<<"'. Has not been AXFR'd yet";
894 msg
<<" error at "+nowTime()+" parsing '"<<i
->name
<<"' from file '"<<i
->filename
<<"': "<<ae
.what();
898 bbd
.d_status
=msg
.str();
899 g_log
<<Logger::Warning
<<d_logprefix
<<msg
.str()<<endl
;
902 catch(std::exception
&ae
) {
904 msg
<<" error at "+nowTime()+" parsing '"<<i
->name
<<"' from file '"<<i
->filename
<<"': "<<ae
.what();
908 bbd
.d_status
=msg
.str();
910 g_log
<<Logger::Warning
<<d_logprefix
<<msg
.str()<<endl
;
913 safePutBBDomainInfo(bbd
);
917 vector
<DNSName
> diff
;
919 set_difference(oldnames
.begin(), oldnames
.end(), newnames
.begin(), newnames
.end(), back_inserter(diff
));
920 unsigned int remdomains
=diff
.size();
922 for(const DNSName
& name
: diff
) {
923 safeRemoveBBDomainInfo(name
);
926 // count number of entirely new domains
928 set_difference(newnames
.begin(), newnames
.end(), oldnames
.begin(), oldnames
.end(), back_inserter(diff
));
929 newdomains
=diff
.size();
932 msg
<<" Done parsing domains, "<<rejected
<<" rejected, "<<newdomains
<<" new, "<<remdomains
<<" removed";
936 g_log
<<Logger::Error
<<d_logprefix
<<msg
.str()<<endl
;
940 void Bind2Backend::queueReloadAndStore(unsigned int id
)
944 if(!safeGetBBDomainInfo(id
, &bbold
))
946 BB2DomainInfo
bbnew(bbold
);
947 parseZoneFile(&bbnew
);
948 bbnew
.d_checknow
=false;
949 bbnew
.d_wasRejectedLastReload
=false;
950 safePutBBDomainInfo(bbnew
);
951 g_log
<<Logger::Warning
<<"Zone '"<<bbnew
.d_name
<<"' ("<<bbnew
.d_filename
<<") reloaded"<<endl
;
953 catch(PDNSException
&ae
) {
955 msg
<<" error at "+nowTime()+" parsing '"<<bbold
.d_name
<<"' from file '"<<bbold
.d_filename
<<"': "<<ae
.reason
;
956 g_log
<<Logger::Warning
<<" error parsing '"<<bbold
.d_name
<<"' from file '"<<bbold
.d_filename
<<"': "<<ae
.reason
<<endl
;
957 bbold
.d_status
=msg
.str();
958 bbold
.d_wasRejectedLastReload
=true;
959 safePutBBDomainInfo(bbold
);
961 catch(std::exception
&ae
) {
963 msg
<<" error at "+nowTime()+" parsing '"<<bbold
.d_name
<<"' from file '"<<bbold
.d_filename
<<"': "<<ae
.what();
964 g_log
<<Logger::Warning
<<" error parsing '"<<bbold
.d_name
<<"' from file '"<<bbold
.d_filename
<<"': "<<ae
.what()<<endl
;
965 bbold
.d_status
=msg
.str();
966 bbold
.d_wasRejectedLastReload
=true;
967 safePutBBDomainInfo(bbold
);
971 bool Bind2Backend::findBeforeAndAfterUnhashed(BB2DomainInfo
& bbd
, const DNSName
& qname
, DNSName
& unhashed
, DNSName
& before
, DNSName
& after
)
973 shared_ptr
<const recordstorage_t
> records
= bbd
.d_records
.get();
975 // for(const auto& record: *records)
976 // cerr<<record.qname<<"\t"<<makeHexDump(record.qname.toDNSString())<<endl;
978 recordstorage_t::const_iterator iterBefore
, iterAfter
;
980 iterBefore
= iterAfter
= records
->upper_bound(qname
.makeLowerCase());
982 if(iterBefore
!= records
->begin())
984 while((!iterBefore
->auth
&& iterBefore
->qtype
!= QType::NS
) || !iterBefore
->qtype
)
986 before
=iterBefore
->qname
;
988 if(iterAfter
== records
->end()) {
989 iterAfter
= records
->begin();
991 while((!iterAfter
->auth
&& iterAfter
->qtype
!= QType::NS
) || !iterAfter
->qtype
) {
993 if(iterAfter
== records
->end()) {
994 iterAfter
= records
->begin();
999 after
= iterAfter
->qname
;
1004 bool Bind2Backend::getBeforeAndAfterNamesAbsolute(uint32_t id
, const DNSName
& qname
, DNSName
& unhashed
, DNSName
& before
, DNSName
& after
)
1007 if (!safeGetBBDomainInfo(id
, &bbd
))
1010 NSEC3PARAMRecordContent ns3pr
;
1015 nsec3zone
=dk
.getNSEC3PARAM(bbd
.d_name
, &ns3pr
);
1017 nsec3zone
=getNSEC3PARAM(bbd
.d_name
, &ns3pr
);
1020 return findBeforeAndAfterUnhashed(bbd
, qname
, unhashed
, before
, after
);
1023 auto& hashindex
=boost::multi_index::get
<NSEC3Tag
>(*bbd
.d_records
.getWRITABLE());
1025 // for(auto iter = first; iter != hashindex.end(); iter++)
1026 // cerr<<iter->nsec3hash<<endl;
1028 auto first
= hashindex
.upper_bound("");
1029 auto iter
= hashindex
.upper_bound(qname
.toStringNoDot());
1031 if (iter
== hashindex
.end()) {
1033 before
= DNSName(iter
->nsec3hash
);
1034 after
= DNSName(first
->nsec3hash
);
1036 after
= DNSName(iter
->nsec3hash
);
1040 iter
= --hashindex
.end();
1041 before
= DNSName(iter
->nsec3hash
);
1043 unhashed
= iter
->qname
+bbd
.d_name
;
1049 void Bind2Backend::lookup(const QType
&qtype
, const DNSName
&qname
, DNSPacket
*pkt_p
, int zoneId
)
1052 DNSName
domain(qname
);
1054 static bool mustlog
=::arg().mustDo("query-logging");
1056 g_log
<<Logger::Warning
<<"Lookup for '"<<qtype
.getName()<<"' of '"<<domain
<<"' within zoneID "<<zoneId
<<endl
;
1061 found
= safeGetBBDomainInfo(domain
, &bbd
);
1062 } while ((!found
|| (zoneId
!= (int)bbd
.d_id
&& zoneId
!= -1)) && domain
.chopOff());
1066 g_log
<<Logger::Warning
<<"Found no authoritative zone for "<<qname
<<endl
;
1067 d_handle
.d_list
=false;
1072 g_log
<<Logger::Warning
<<"Found a zone '"<<domain
<<"' (with id " << bbd
.d_id
<<") that might contain data "<<endl
;
1074 d_handle
.id
=bbd
.d_id
;
1076 DLOG(g_log
<<"Bind2Backend constructing handle for search for "<<qtype
.getName()<<" for "<<
1080 d_handle
.qname
=qname
;
1081 else if(qname
.isPartOf(domain
))
1082 d_handle
.qname
=qname
.makeRelative(domain
); // strip domain name
1084 d_handle
.qtype
=qtype
;
1085 d_handle
.domain
=domain
;
1089 throw DBException("Zone for '"+bbd
.d_name
.toLogString()+"' in '"+bbd
.d_filename
+"' temporarily not available (file missing, or master dead)"); // fsck
1092 if(!bbd
.current()) {
1093 g_log
<<Logger::Warning
<<"Zone '"<<bbd
.d_name
<<"' ("<<bbd
.d_filename
<<") needs reloading"<<endl
;
1094 queueReloadAndStore(bbd
.d_id
);
1095 if (!safeGetBBDomainInfo(domain
, &bbd
))
1096 throw DBException("Zone '"+bbd
.d_name
.toLogString()+"' ("+bbd
.d_filename
+") gone after reload"); // if we don't throw here, we crash for some reason
1099 d_handle
.d_records
= bbd
.d_records
.get();
1101 if(d_handle
.d_records
->empty())
1102 DLOG(g_log
<<"Query with no results"<<endl
);
1104 d_handle
.mustlog
= mustlog
;
1106 auto& hashedidx
= boost::multi_index::get
<UnorderedNameTag
>(*d_handle
.d_records
);
1107 auto range
= hashedidx
.equal_range(d_handle
.qname
);
1109 if(range
.first
==range
.second
) {
1110 d_handle
.d_list
=false;
1111 d_handle
.d_iter
= d_handle
.d_end_iter
= range
.first
;
1115 d_handle
.d_iter
=range
.first
;
1116 d_handle
.d_end_iter
=range
.second
;
1119 d_handle
.d_list
=false;
1122 Bind2Backend::handle::handle()
1127 bool Bind2Backend::get(DNSResourceRecord
&r
)
1129 if(!d_handle
.d_records
) {
1130 if(d_handle
.mustlog
)
1131 g_log
<<Logger::Warning
<<"There were no answers"<<endl
;
1135 if(!d_handle
.get(r
)) {
1136 if(d_handle
.mustlog
)
1137 g_log
<<Logger::Warning
<<"End of answers"<<endl
;
1143 if(d_handle
.mustlog
)
1144 g_log
<<Logger::Warning
<<"Returning: '"<<r
.qtype
.getName()<<"' of '"<<r
.qname
<<"', content: '"<<r
.content
<<"'"<<endl
;
1148 bool Bind2Backend::handle::get(DNSResourceRecord
&r
)
1153 return get_normal(r
);
1156 void Bind2Backend::handle::reset()
1164 bool Bind2Backend::handle::get_normal(DNSResourceRecord
&r
)
1166 DLOG(g_log
<< "Bind2Backend get() was called for "<<qtype
.getName() << " record for '"<<
1167 qname
<<"' - "<<d_records
->size()<<" available in total!"<<endl
);
1169 if(d_iter
==d_end_iter
) {
1173 while(d_iter
!=d_end_iter
&& !(qtype
.getCode()==QType::ANY
|| (d_iter
)->qtype
==qtype
.getCode())) {
1174 DLOG(g_log
<<Logger::Warning
<<"Skipped "<<qname
<<"/"<<QType(d_iter
->qtype
).getName()<<": '"<<d_iter
->content
<<"'"<<endl
);
1177 if(d_iter
==d_end_iter
) {
1180 DLOG(g_log
<< "Bind2Backend get() returning a rr with a "<<QType(d_iter
->qtype
).getCode()<<endl
);
1182 r
.qname
=qname
.empty() ? domain
: (qname
+domain
);
1184 r
.content
=(d_iter
)->content
;
1185 // r.domain_id=(d_iter)->domain_id;
1186 r
.qtype
=(d_iter
)->qtype
;
1187 r
.ttl
=(d_iter
)->ttl
;
1189 //if(!d_iter->auth && r.qtype.getCode() != QType::A && r.qtype.getCode()!=QType::AAAA && r.qtype.getCode() != QType::NS)
1190 // cerr<<"Warning! Unauth response for qtype "<< r.qtype.getName() << " for '"<<r.qname<<"'"<<endl;
1191 r
.auth
= d_iter
->auth
;
1198 bool Bind2Backend::list(const DNSName
& target
, int id
, bool include_disabled
)
1202 if(!safeGetBBDomainInfo(id
, &bbd
))
1206 DLOG(g_log
<<"Bind2Backend constructing handle for list of "<<id
<<endl
);
1208 d_handle
.d_records
=bbd
.d_records
.get(); // give it a copy, which will stay around
1209 d_handle
.d_qname_iter
= d_handle
.d_records
->begin();
1210 d_handle
.d_qname_end
=d_handle
.d_records
->end(); // iter now points to a vector of pointers to vector<BBResourceRecords>
1213 d_handle
.domain
=bbd
.d_name
;
1214 d_handle
.d_list
=true;
1218 bool Bind2Backend::handle::get_list(DNSResourceRecord
&r
)
1220 if(d_qname_iter
!=d_qname_end
) {
1221 r
.qname
=d_qname_iter
->qname
.empty() ? domain
: (d_qname_iter
->qname
+domain
);
1223 r
.content
=(d_qname_iter
)->content
;
1224 r
.qtype
=(d_qname_iter
)->qtype
;
1225 r
.ttl
=(d_qname_iter
)->ttl
;
1226 r
.auth
= d_qname_iter
->auth
;
1233 bool Bind2Backend::superMasterBackend(const string
&ip
, const DNSName
& domain
, const vector
<DNSResourceRecord
>&nsset
, string
*nameserver
, string
*account
, DNSBackend
**db
)
1235 // Check whether we have a configfile available.
1236 if (getArg("supermaster-config").empty())
1239 ifstream
c_if(getArg("supermasters").c_str(), std::ios::in
); // this was nocreate?
1241 g_log
<< Logger::Error
<< "Unable to open supermasters file for read: " << stringerror() << endl
;
1246 // <ip> <accountname>
1247 string line
, sip
, saccount
;
1248 while (getline(c_if
, line
)) {
1249 std::istringstream
ii(line
);
1258 if (sip
!= ip
) // ip not found in authorization list - reject
1261 // ip authorized as supermaster - accept
1263 if (saccount
.length() > 0)
1264 *account
= saccount
.c_str();
1269 BB2DomainInfo
Bind2Backend::createDomainEntry(const DNSName
& domain
, const string
&filename
)
1272 { // Find a free zone id nr.
1273 ReadLock
rl(&s_state_lock
);
1274 if (!s_state
.empty()) {
1275 newid
= s_state
.rbegin()->d_id
+1;
1280 bbd
.d_kind
= DomainInfo::Native
;
1282 bbd
.d_records
= shared_ptr
<recordstorage_t
>(new recordstorage_t
);
1283 bbd
.d_name
= domain
;
1284 bbd
.setCheckInterval(getArgAsNum("check-interval"));
1285 bbd
.d_filename
= filename
;
1290 bool Bind2Backend::createSlaveDomain(const string
&ip
, const DNSName
& domain
, const string
&nameserver
, const string
&account
)
1292 string filename
= getArg("supermaster-destdir")+'/'+domain
.toStringNoDot();
1294 g_log
<< Logger::Warning
<< d_logprefix
1295 << " Writing bind config zone statement for superslave zone '" << domain
1296 << "' from supermaster " << ip
<< endl
;
1299 Lock
l2(&s_supermaster_config_lock
);
1301 ofstream
c_of(getArg("supermaster-config").c_str(), std::ios::app
);
1303 g_log
<< Logger::Error
<< "Unable to open supermaster configfile for append: " << stringerror() << endl
;
1304 throw DBException("Unable to open supermaster configfile for append: "+stringerror());
1308 c_of
<< "# Superslave zone '" << domain
.toString() << "' (added: " << nowTime() << ") (account: " << account
<< ')' << endl
;
1309 c_of
<< "zone \"" << domain
.toStringNoDot() << "\" {" << endl
;
1310 c_of
<< "\ttype slave;" << endl
;
1311 c_of
<< "\tfile \"" << filename
<< "\";" << endl
;
1312 c_of
<< "\tmasters { " << ip
<< "; };" << endl
;
1313 c_of
<< "};" << endl
;
1317 BB2DomainInfo bbd
= createDomainEntry(domain
, filename
);
1318 bbd
.d_kind
= DomainInfo::Slave
;
1319 bbd
.d_masters
.push_back(ComboAddress(ip
, 53));
1321 safePutBBDomainInfo(bbd
);
1325 bool Bind2Backend::searchRecords(const string
&pattern
, int maxResults
, vector
<DNSResourceRecord
>& result
)
1327 SimpleMatch
sm(pattern
,true);
1328 static bool mustlog
=::arg().mustDo("query-logging");
1330 g_log
<<Logger::Warning
<<"Search for pattern '"<<pattern
<<"'"<<endl
;
1333 ReadLock
rl(&s_state_lock
);
1335 for(state_t::const_iterator i
= s_state
.begin(); i
!= s_state
.end() ; ++i
) {
1337 if (!safeGetBBDomainInfo(i
->d_id
, &h
)) {
1341 shared_ptr
<const recordstorage_t
> rhandle
= h
.d_records
.get();
1343 for(recordstorage_t::const_iterator ri
= rhandle
->begin(); result
.size() < static_cast<vector
<DNSResourceRecord
>::size_type
>(maxResults
) && ri
!= rhandle
->end(); ri
++) {
1344 DNSName name
= ri
->qname
.empty() ? i
->d_name
: (ri
->qname
+i
->d_name
);
1345 if (sm
.match(name
) || sm
.match(ri
->content
)) {
1346 DNSResourceRecord r
;
1348 r
.domain_id
=i
->d_id
;
1349 r
.content
=ri
->content
;
1353 result
.push_back(r
);
1362 class Bind2Factory
: public BackendFactory
1365 Bind2Factory() : BackendFactory("bind") {}
1367 void declareArguments(const string
&suffix
="")
1369 declare(suffix
,"ignore-broken-records","Ignore records that are out-of-bound for the zone.","no");
1370 declare(suffix
,"config","Location of named.conf","");
1371 declare(suffix
,"check-interval","Interval for zonefile changes","0");
1372 declare(suffix
,"supermaster-config","Location of (part of) named.conf where pdns can write zone-statements to","");
1373 declare(suffix
,"supermasters","List of IP-addresses of supermasters","");
1374 declare(suffix
,"supermaster-destdir","Destination directory for newly added slave zones",::arg()["config-dir"]);
1375 declare(suffix
,"dnssec-db","Filename to store & access our DNSSEC metadatabase, empty for none", "");
1376 declare(suffix
,"dnssec-db-journal-mode","SQLite3 journal mode", "WAL");
1377 declare(suffix
,"hybrid","Store DNSSEC metadata in other backend","no");
1380 DNSBackend
*make(const string
&suffix
="")
1382 assertEmptySuffix(suffix
);
1383 return new Bind2Backend(suffix
);
1386 DNSBackend
*makeMetadataOnly(const string
&suffix
="")
1388 assertEmptySuffix(suffix
);
1389 return new Bind2Backend(suffix
, false);
1392 void assertEmptySuffix(const string
&suffix
)
1395 throw PDNSException("launch= suffixes are not supported on the bindbackend");
1399 //! Magic class that is activated when the dynamic library is loaded
1405 BackendMakers().report(new Bind2Factory
);
1406 g_log
<< Logger::Info
<< "[bind2backend] This is the bind backend version " << VERSION
1407 #ifndef REPRODUCIBLE
1408 << " (" __DATE__
" " __TIME__
")"
1411 << " (with bind-dnssec-db support)"
1413 << " reporting" << endl
;
1416 static Bind2Loader bind2loader
;