2 * This file is part of PowerDNS or dnsdist.
3 * Copyright -- PowerDNS.COM B.V. and its contributors
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of version 2 of the GNU General Public License as
7 * published by the Free Software Foundation.
9 * In addition, for the avoidance of any doubt, permission is granted to
10 * link this program with OpenSSL and to (re)distribute the binaries
11 * produced as the result of such linking.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
29 #include <sys/types.h>
35 #include <boost/algorithm/string.hpp>
36 #include <system_error>
38 #include "pdns/dnsseckeeper.hh"
39 #include "pdns/dnssecinfra.hh"
40 #include "pdns/base32.hh"
41 #include "pdns/namespaces.hh"
42 #include "pdns/dns.hh"
43 #include "pdns/dnsbackend.hh"
44 #include "bindbackend2.hh"
45 #include "pdns/dnspacket.hh"
46 #include "pdns/zoneparser-tng.hh"
47 #include "pdns/bindparserclasses.hh"
48 #include "pdns/logger.hh"
49 #include "pdns/arguments.hh"
50 #include "pdns/qtype.hh"
51 #include "pdns/misc.hh"
52 #include "pdns/dynlistener.hh"
53 #include "pdns/lock.hh"
54 #include "pdns/namespaces.hh"
57 All instances of this backend share one s_state, which is indexed by zone name and zone id.
58 The s_state is protected by a read/write lock, and the goal it to only interact with it briefly.
59 When a query comes in, we take a read lock and COPY the best zone to answer from s_state (BB2DomainInfo object)
60 All answers are served from this copy.
62 To interact with s_state, use safeGetBBDomainInfo (search on name or id), safePutBBDomainInfo (to update)
63 or safeRemoveBBDomainInfo. These all lock as they should.
65 Several functions need to traverse s_state to get data for the rest of PowerDNS. When doing so,
66 you need to manually take the s_state_lock (read).
68 Parsing zones happens with parseZone(), which fills a BB2DomainInfo object. This can then be stored with safePutBBDomainInfo.
70 Finally, the BB2DomainInfo contains all records as a LookButDontTouch object. This makes sure you only look, but don't touch, since
71 the records might be in use in other places.
74 Bind2Backend::state_t
Bind2Backend::s_state
;
75 int Bind2Backend::s_first
=1;
76 bool Bind2Backend::s_ignore_broken_records
=false;
78 pthread_rwlock_t
Bind2Backend::s_state_lock
=PTHREAD_RWLOCK_INITIALIZER
;
79 pthread_mutex_t
Bind2Backend::s_supermaster_config_lock
=PTHREAD_MUTEX_INITIALIZER
; // protects writes to config file
80 pthread_mutex_t
Bind2Backend::s_startup_lock
=PTHREAD_MUTEX_INITIALIZER
;
81 string
Bind2Backend::s_binddirectory
;
84 std::mutex LookButDontTouch
<T
>::s_lock
;
86 BB2DomainInfo::BB2DomainInfo()
94 void BB2DomainInfo::setCheckInterval(time_t seconds
)
96 d_checkinterval
=seconds
;
99 bool BB2DomainInfo::current()
108 if(time(0) - d_lastcheck
< d_checkinterval
)
111 if(d_filename
.empty())
114 return (getCtime()==d_ctime
);
117 time_t BB2DomainInfo::getCtime()
121 if(d_filename
.empty() || stat(d_filename
.c_str(),&buf
)<0)
127 void BB2DomainInfo::setCtime()
130 if(stat(d_filename
.c_str(),&buf
)<0)
132 d_ctime
=buf
.st_ctime
;
135 bool Bind2Backend::safeGetBBDomainInfo(int id
, BB2DomainInfo
* bbd
)
137 ReadLock
rl(&s_state_lock
);
138 state_t::const_iterator iter
= s_state
.find(id
);
139 if(iter
== s_state
.end())
145 bool Bind2Backend::safeGetBBDomainInfo(const DNSName
& name
, BB2DomainInfo
* bbd
)
147 ReadLock
rl(&s_state_lock
);
148 typedef state_t::index
<NameTag
>::type nameindex_t
;
149 nameindex_t
& nameindex
= boost::multi_index::get
<NameTag
>(s_state
);
151 nameindex_t::const_iterator iter
= nameindex
.find(name
);
152 if(iter
== nameindex
.end())
158 bool Bind2Backend::safeRemoveBBDomainInfo(const DNSName
& name
)
160 WriteLock
rl(&s_state_lock
);
161 typedef state_t::index
<NameTag
>::type nameindex_t
;
162 nameindex_t
& nameindex
= boost::multi_index::get
<NameTag
>(s_state
);
164 nameindex_t::iterator iter
= nameindex
.find(name
);
165 if(iter
== nameindex
.end())
167 nameindex
.erase(iter
);
171 void Bind2Backend::safePutBBDomainInfo(const BB2DomainInfo
& bbd
)
173 WriteLock
rl(&s_state_lock
);
174 replacing_insert(s_state
, bbd
);
177 void Bind2Backend::setNotified(uint32_t id
, uint32_t serial
)
180 if (!safeGetBBDomainInfo(id
, &bbd
))
182 bbd
.d_lastnotified
= serial
;
183 safePutBBDomainInfo(bbd
);
186 void Bind2Backend::setFresh(uint32_t domain_id
)
189 if(safeGetBBDomainInfo(domain_id
, &bbd
)) {
190 bbd
.d_lastcheck
=time(0);
191 safePutBBDomainInfo(bbd
);
195 bool Bind2Backend::startTransaction(const DNSName
&qname
, int id
)
198 d_transaction_tmpname
.clear();
203 throw DBException("domain_id 0 is invalid for this backend.");
208 if(safeGetBBDomainInfo(id
, &bbd
)) {
209 d_transaction_tmpname
= bbd
.d_filename
+ "XXXXXX";
210 int fd
= mkstemp(&d_transaction_tmpname
.at(0));
212 throw DBException("Unable to create a unique temporary zonefile '"+d_transaction_tmpname
+"': "+stringerror());
216 d_of
= std::unique_ptr
<ofstream
>(new ofstream(d_transaction_tmpname
.c_str()));
218 unlink(d_transaction_tmpname
.c_str());
222 throw DBException("Unable to open temporary zonefile '"+d_transaction_tmpname
+"': "+stringerror());
227 *d_of
<<"; Written by PowerDNS, don't edit!"<<endl
;
228 *d_of
<<"; Zone '"<<bbd
.d_name
<<"' retrieved from master "<<endl
<<"; at "<<nowTime()<<endl
; // insert master info here again
235 bool Bind2Backend::commitTransaction()
237 if(d_transaction_id
< 0)
242 if(safeGetBBDomainInfo(d_transaction_id
, &bbd
)) {
243 if(rename(d_transaction_tmpname
.c_str(), bbd
.d_filename
.c_str())<0)
244 throw DBException("Unable to commit (rename to: '" + bbd
.d_filename
+"') AXFRed zone: "+stringerror());
245 queueReloadAndStore(bbd
.d_id
);
253 bool Bind2Backend::abortTransaction()
255 // -1 = dnssec speciality
256 // 0 = invalid transact
257 // >0 = actual transaction
258 if(d_transaction_id
> 0) {
259 unlink(d_transaction_tmpname
.c_str());
267 bool Bind2Backend::feedRecord(const DNSResourceRecord
&rr
, const DNSName
&ordername
, bool ordernameIsNSEC3
)
270 if (!safeGetBBDomainInfo(d_transaction_id
, &bbd
))
274 string name
= bbd
.d_name
.toString();
275 if (bbd
.d_name
.empty()) {
276 qname
= rr
.qname
.toString();
278 else if (rr
.qname
.isPartOf(bbd
.d_name
)) {
279 if (rr
.qname
== bbd
.d_name
) {
283 DNSName relName
= rr
.qname
.makeRelative(bbd
.d_name
);
284 qname
= relName
.toStringNoDot();
288 throw DBException("out-of-zone data '"+rr
.qname
.toLogString()+"' during AXFR of zone '"+bbd
.d_name
.toLogString()+"'");
291 shared_ptr
<DNSRecordContent
> drc(DNSRecordContent::mastermake(rr
.qtype
.getCode(), 1, rr
.content
));
292 string content
= drc
->getZoneRepresentation();
294 // SOA needs stripping too! XXX FIXME - also, this should not be here I think
295 switch(rr
.qtype
.getCode()) {
301 stripDomainSuffix(&content
, name
);
305 *d_of
<<qname
<<"\t"<<rr
.ttl
<<"\t"<<rr
.qtype
.getName()<<"\t"<<content
<<endl
;
311 void Bind2Backend::getUpdatedMasters(vector
<DomainInfo
> *changedDomains
)
313 vector
<DomainInfo
> consider
;
315 ReadLock
rl(&s_state_lock
);
317 for(state_t::const_iterator i
= s_state
.begin(); i
!= s_state
.end() ; ++i
) {
318 if(i
->d_kind
!= DomainInfo::Master
&& this->alsoNotify
.empty() && i
->d_also_notify
.empty())
324 di
.last_check
=i
->d_lastcheck
;
325 di
.notified_serial
=i
->d_lastnotified
;
327 di
.kind
=DomainInfo::Master
;
328 consider
.push_back(di
);
333 for(DomainInfo
& di
: consider
) {
336 this->getSOA(di
.zone
, soadata
); // we might not *have* a SOA yet, but this might trigger a load of it
341 if(di
.notified_serial
!= soadata
.serial
) {
343 if(safeGetBBDomainInfo(di
.id
, &bbd
)) {
344 bbd
.d_lastnotified
=soadata
.serial
;
345 safePutBBDomainInfo(bbd
);
347 if(di
.notified_serial
) { // don't do notification storm on startup
348 di
.serial
=soadata
.serial
;
349 changedDomains
->push_back(di
);
355 void Bind2Backend::getAllDomains(vector
<DomainInfo
> *domains
, bool include_disabled
)
359 // prevent deadlock by using getSOA() later on
361 ReadLock
rl(&s_state_lock
);
363 for(state_t::const_iterator i
= s_state
.begin(); i
!= s_state
.end() ; ++i
) {
367 di
.last_check
=i
->d_lastcheck
;
369 di
.masters
=i
->d_masters
;
371 domains
->push_back(di
);
375 for(DomainInfo
&di
: *domains
) {
376 // do not corrupt di if domain supplied by another backend.
377 if (di
.backend
!= this)
380 this->getSOA(di
.zone
, soadata
);
384 di
.serial
=soadata
.serial
;
388 void Bind2Backend::getUnfreshSlaveInfos(vector
<DomainInfo
> *unfreshDomains
)
390 vector
<DomainInfo
> domains
;
392 ReadLock
rl(&s_state_lock
);
393 for(state_t::const_iterator i
= s_state
.begin(); i
!= s_state
.end() ; ++i
) {
394 if(i
->d_kind
!= DomainInfo::Slave
)
399 sd
.masters
=i
->d_masters
;
400 sd
.last_check
=i
->d_lastcheck
;
402 sd
.kind
=DomainInfo::Slave
;
403 domains
.push_back(sd
);
407 for(DomainInfo
&sd
: domains
) {
412 getSOA(sd
.zone
,soadata
); // we might not *have* a SOA yet
415 sd
.serial
=soadata
.serial
;
416 if(sd
.last_check
+soadata
.refresh
< (unsigned int)time(0))
417 unfreshDomains
->push_back(sd
);
421 bool Bind2Backend::getDomainInfo(const DNSName
& domain
, DomainInfo
&di
, bool getSerial
)
424 if(!safeGetBBDomainInfo(domain
, &bbd
))
429 di
.masters
=bbd
.d_masters
;
430 di
.last_check
=bbd
.d_lastcheck
;
439 getSOA(bbd
.d_name
,sd
); // we might not *have* a SOA yet
448 void Bind2Backend::alsoNotifies(const DNSName
& domain
, set
<string
> *ips
)
450 // combine global list with local list
451 for(set
<string
>::iterator i
= this->alsoNotify
.begin(); i
!= this->alsoNotify
.end(); i
++) {
454 // check metadata too if available
456 if (getDomainMetadata(domain
, "ALSO-NOTIFY", meta
)) {
457 for(const auto& str
: meta
) {
461 ReadLock
rl(&s_state_lock
);
462 for(state_t::const_iterator i
= s_state
.begin(); i
!= s_state
.end() ; ++i
) {
463 if(i
->d_name
== domain
) {
464 for(set
<string
>::iterator it
= i
->d_also_notify
.begin(); it
!= i
->d_also_notify
.end(); it
++) {
472 // only parses, does NOT add to s_state!
473 void Bind2Backend::parseZoneFile(BB2DomainInfo
*bbd
)
475 NSEC3PARAMRecordContent ns3pr
;
479 nsec3zone
=dk
.getNSEC3PARAM(bbd
->d_name
, &ns3pr
);
481 nsec3zone
=getNSEC3PARAM(bbd
->d_name
, &ns3pr
);
483 auto records
= std::make_shared
<recordstorage_t
>();
484 ZoneParserTNG
zpt(bbd
->d_filename
, bbd
->d_name
, s_binddirectory
);
485 zpt
.setMaxGenerateSteps(::arg().asNum("max-generate-steps"));
486 DNSResourceRecord rr
;
489 if(rr
.qtype
.getCode() == QType::NSEC
|| rr
.qtype
.getCode() == QType::NSEC3
|| rr
.qtype
.getCode() == QType::NSEC3PARAM
)
490 continue; // we synthesise NSECs on demand
492 insertRecord(records
, bbd
->d_name
, rr
.qname
, rr
.qtype
, rr
.content
, rr
.ttl
, "");
494 fixupOrderAndAuth(records
, bbd
->d_name
, nsec3zone
, ns3pr
);
495 doEmptyNonTerminals(records
, bbd
->d_name
, nsec3zone
, ns3pr
);
498 bbd
->d_checknow
=false;
499 bbd
->d_status
="parsed into memory at "+nowTime();
500 bbd
->d_records
= LookButDontTouch
<recordstorage_t
>(records
);
503 /** THIS IS AN INTERNAL FUNCTION! It does moadnsparser prio impedance matching
504 Much of the complication is due to the efforts to benefit from std::string reference counting copy on write semantics */
505 void Bind2Backend::insertRecord(std::shared_ptr
<recordstorage_t
>& records
, const DNSName
& zoneName
, const DNSName
&qname
, const QType
&qtype
, const string
&content
, int ttl
, const std::string
& hashed
, bool *auth
)
512 else if(bdr
.qname
.isPartOf(zoneName
))
513 bdr
.qname
= bdr
.qname
.makeRelative(zoneName
);
515 string msg
= "Trying to insert non-zone data, name='"+bdr
.qname
.toLogString()+"', qtype="+qtype
.getName()+", zone='"+zoneName
.toLogString()+"'";
516 if(s_ignore_broken_records
) {
517 g_log
<<Logger::Warning
<<msg
<< " ignored" << endl
;
521 throw PDNSException(msg
);
524 // bdr.qname.swap(bdr.qname);
526 if(!records
->empty() && bdr
.qname
==boost::prior(records
->end())->qname
)
527 bdr
.qname
=boost::prior(records
->end())->qname
;
530 bdr
.qtype
=qtype
.getCode();
532 bdr
.nsec3hash
= hashed
;
534 if (auth
) // Set auth on empty non-terminals
540 records
->insert(bdr
);
543 string
Bind2Backend::DLReloadNowHandler(const vector
<string
>&parts
, Utility::pid_t ppid
)
547 for(vector
<string
>::const_iterator i
=parts
.begin()+1;i
<parts
.end();++i
) {
550 if(safeGetBBDomainInfo(zone
, &bbd
)) {
552 bb2
.queueReloadAndStore(bbd
.d_id
);
553 if (!safeGetBBDomainInfo(zone
, &bbd
)) // Read the *new* domain status
554 ret
<< *i
<< ": [missing]\n";
556 ret
<< *i
<< ": "<< (bbd
.d_wasRejectedLastReload
? "[rejected]": "") <<"\t"<<bbd
.d_status
<<"\n";
559 ret
<< *i
<< " no such domain\n";
561 if(ret
.str().empty())
562 ret
<<"no domains reloaded";
567 string
Bind2Backend::DLDomStatusHandler(const vector
<string
>&parts
, Utility::pid_t ppid
)
571 if(parts
.size() > 1) {
572 for(vector
<string
>::const_iterator i
=parts
.begin()+1;i
<parts
.end();++i
) {
574 if(safeGetBBDomainInfo(DNSName(*i
), &bbd
)) {
575 ret
<< *i
<< ": "<< (bbd
.d_loaded
? "": "[rejected]") <<"\t"<<bbd
.d_status
<<"\n";
578 ret
<< *i
<< " no such domain\n";
583 ReadLock
rl(&s_state_lock
);
584 for(state_t::const_iterator i
= s_state
.begin(); i
!= s_state
.end() ; ++i
) {
585 ret
<< i
->d_name
<< ": "<< (i
->d_loaded
? "": "[rejected]") <<"\t"<<i
->d_status
<<"\n";
589 if(ret
.str().empty())
590 ret
<<"no domains passed";
595 static void printDomainExtendedStatus(ostringstream
& ret
, const BB2DomainInfo
& info
)
597 ret
<< info
.d_name
<< ": " << std::endl
;
598 ret
<< "\t Status: " << info
.d_status
<< std::endl
;
599 ret
<< "\t Internal ID: " << info
.d_id
<< std::endl
;
600 ret
<< "\t On-disk file: " << info
.d_filename
<< " (" << info
.d_ctime
<< ")" << std::endl
;
602 switch (info
.d_kind
) {
603 case DomainInfo::Master
:
606 case DomainInfo::Slave
:
613 ret
<< "\t Masters: " << std::endl
;
614 for (const auto& master
: info
.d_masters
) {
615 ret
<< "\t\t - " << master
.toStringWithPort() << std::endl
;
617 ret
<< "\t Also Notify: " << std::endl
;
618 for (const auto& also
: info
.d_also_notify
) {
619 ret
<< "\t\t - " << also
<< std::endl
;
621 ret
<< "\t Number of records: " << info
.d_records
.getEntriesCount() << std::endl
;
622 ret
<< "\t Loaded: " << info
.d_loaded
<< std::endl
;
623 ret
<< "\t Check now: " << info
.d_checknow
<< std::endl
;
624 ret
<< "\t Check interval: " << info
.getCheckInterval() << std::endl
;
625 ret
<< "\t Last check: " << info
.d_lastcheck
<< std::endl
;
626 ret
<< "\t Last notified: " << info
.d_lastnotified
<< std::endl
;
629 string
Bind2Backend::DLDomExtendedStatusHandler(const vector
<string
>&parts
, Utility::pid_t ppid
)
633 if (parts
.size() > 1) {
634 for (const auto& part
: parts
) {
636 if (safeGetBBDomainInfo(DNSName(part
), &bbd
)) {
637 printDomainExtendedStatus(ret
, bbd
);
640 ret
<< part
<< " no such domain" << std::endl
;
645 ReadLock
rl(&s_state_lock
);
646 for (const auto& state
: s_state
) {
647 printDomainExtendedStatus(ret
, state
);
651 if (ret
.str().empty()) {
652 ret
<< "no domains passed" << std::endl
;
658 string
Bind2Backend::DLListRejectsHandler(const vector
<string
>&parts
, Utility::pid_t ppid
)
661 ReadLock
rl(&s_state_lock
);
662 for(state_t::const_iterator i
= s_state
.begin(); i
!= s_state
.end() ; ++i
) {
664 ret
<<i
->d_name
<<"\t"<<i
->d_status
<<endl
;
669 string
Bind2Backend::DLAddDomainHandler(const vector
<string
>&parts
, Utility::pid_t ppid
)
672 return "ERROR: Domain name and zone filename are required";
674 DNSName
domainname(parts
[1]);
675 const string
&filename
= parts
[2];
677 if(safeGetBBDomainInfo(domainname
, &bbd
))
678 return "Already loaded";
680 if (!boost::starts_with(filename
, "/") && ::arg()["chroot"].empty())
681 return "Unable to load zone " + domainname
.toLogString() + " from " + filename
+ " as the filename is not absolute.";
684 if (stat(filename
.c_str(), &buf
) != 0)
685 return "Unable to load zone " + domainname
.toLogString() + " from " + filename
+ ": " + strerror(errno
);
687 Bind2Backend bb2
; // createdomainentry needs access to our configuration
688 bbd
=bb2
.createDomainEntry(domainname
, filename
);
689 bbd
.d_filename
=filename
;
693 bbd
.d_status
="parsing into memory";
696 safePutBBDomainInfo(bbd
);
698 g_log
<<Logger::Warning
<<"Zone "<<domainname
<< " loaded"<<endl
;
699 return "Loaded zone " + domainname
.toLogString() + " from " + filename
;
702 Bind2Backend::Bind2Backend(const string
&suffix
, bool loadZones
)
704 d_getAllDomainMetadataQuery_stmt
= NULL
;
705 d_getDomainMetadataQuery_stmt
= NULL
;
706 d_deleteDomainMetadataQuery_stmt
= NULL
;
707 d_insertDomainMetadataQuery_stmt
= NULL
;
708 d_getDomainKeysQuery_stmt
= NULL
;
709 d_deleteDomainKeyQuery_stmt
= NULL
;
710 d_insertDomainKeyQuery_stmt
= NULL
;
711 d_GetLastInsertedKeyIdQuery_stmt
= NULL
;
712 d_activateDomainKeyQuery_stmt
= NULL
;
713 d_deactivateDomainKeyQuery_stmt
= NULL
;
714 d_getTSIGKeyQuery_stmt
= NULL
;
715 d_setTSIGKeyQuery_stmt
= NULL
;
716 d_deleteTSIGKeyQuery_stmt
= NULL
;
717 d_getTSIGKeysQuery_stmt
= NULL
;
719 setArgPrefix("bind"+suffix
);
720 d_logprefix
="[bind"+suffix
+"backend]";
721 d_hybrid
=mustDo("hybrid");
723 s_ignore_broken_records
=mustDo("ignore-broken-records");
725 if (!loadZones
&& d_hybrid
)
728 Lock
l(&s_startup_lock
);
740 extern DynListener
*dl
;
741 dl
->registerFunc("BIND-RELOAD-NOW", &DLReloadNowHandler
, "bindbackend: reload domains", "<domains>");
742 dl
->registerFunc("BIND-DOMAIN-STATUS", &DLDomStatusHandler
, "bindbackend: list status of all domains", "[domains]");
743 dl
->registerFunc("BIND-DOMAIN-EXTENDED-STATUS", &DLDomExtendedStatusHandler
, "bindbackend: list the extended status of all domains", "[domains]");
744 dl
->registerFunc("BIND-LIST-REJECTS", &DLListRejectsHandler
, "bindbackend: list rejected domains");
745 dl
->registerFunc("BIND-ADD-ZONE", &DLAddDomainHandler
, "bindbackend: add zone", "<domain> <filename>");
748 Bind2Backend::~Bind2Backend()
749 { freeStatements(); } // deallocate statements
751 void Bind2Backend::rediscover(string
*status
)
756 void Bind2Backend::reload()
758 WriteLock
rwl(&s_state_lock
);
759 for(state_t::iterator i
= s_state
.begin(); i
!= s_state
.end() ; ++i
) {
760 i
->d_checknow
=true; // being a bit cheeky here, don't index state_t on this (mutable)
764 void Bind2Backend::fixupOrderAndAuth(std::shared_ptr
<recordstorage_t
>& records
, const DNSName
& zoneName
, bool nsec3zone
, NSEC3PARAMRecordContent ns3pr
)
768 set
<DNSName
> nssets
, dssets
;
770 for(const auto& bdr
: *records
) {
771 if(!bdr
.qname
.isRoot() && bdr
.qtype
== QType::NS
)
772 nssets
.insert(bdr
.qname
);
773 else if(bdr
.qtype
== QType::DS
)
774 dssets
.insert(bdr
.qname
);
777 for(auto iter
= records
->begin(); iter
!= records
->end(); iter
++) {
779 shorter
= iter
->qname
;
781 if (!iter
->qname
.isRoot() && shorter
.chopOff() && !iter
->qname
.isRoot()) {
783 if(nssets
.count(shorter
)) {
787 } while(shorter
.chopOff() && !iter
->qname
.isRoot());
790 iter
->auth
= (!skip
&& (iter
->qtype
== QType::DS
|| iter
->qtype
== QType::RRSIG
|| !nssets
.count(iter
->qname
)));
792 if(!skip
&& nsec3zone
&& iter
->qtype
!= QType::RRSIG
&& (iter
->auth
|| (iter
->qtype
== QType::NS
&& !ns3pr
.d_flags
) || dssets
.count(iter
->qname
))) {
793 Bind2DNSRecord bdr
= *iter
;
794 bdr
.nsec3hash
= toBase32Hex(hashQNameWithSalt(ns3pr
, bdr
.qname
+zoneName
));
795 records
->replace(iter
, bdr
);
798 // cerr<<iter->qname<<"\t"<<QType(iter->qtype).getName()<<"\t"<<iter->nsec3hash<<"\t"<<iter->auth<<endl;
802 void Bind2Backend::doEmptyNonTerminals(std::shared_ptr
<recordstorage_t
>& records
, const DNSName
& zoneName
, bool nsec3zone
, NSEC3PARAMRecordContent ns3pr
)
807 map
<DNSName
, bool> nonterm
;
809 uint32_t maxent
= ::arg().asNum("max-ent-entries");
811 for(const auto& bdr
: *records
)
812 qnames
.insert(bdr
.qname
);
814 for(const auto& bdr
: *records
) {
816 if (!bdr
.auth
&& bdr
.qtype
== QType::NS
)
817 auth
= (!nsec3zone
|| !ns3pr
.d_flags
);
822 while(shorter
.chopOff())
824 if(!qnames
.count(shorter
))
828 g_log
<<Logger::Error
<<"Zone '"<<zoneName
<<"' has too many empty non terminals."<<endl
;
832 if (!nonterm
.count(shorter
)) {
833 nonterm
.insert(pair
<DNSName
, bool>(shorter
, auth
));
836 nonterm
[shorter
] = true;
841 DNSResourceRecord rr
;
845 for(auto& nt
: nonterm
)
848 rr
.qname
= nt
.first
+ zoneName
;
849 if(nsec3zone
&& nt
.second
)
850 hashed
= toBase32Hex(hashQNameWithSalt(ns3pr
, rr
.qname
));
851 insertRecord(records
, zoneName
, rr
.qname
, rr
.qtype
, rr
.content
, rr
.ttl
, hashed
, &nt
.second
);
853 // cerr<<rr.qname<<"\t"<<rr.qtype.getName()<<"\t"<<hashed<<"\t"<<nt.second<<endl;
857 void Bind2Backend::loadConfig(string
* status
)
859 static int domain_id
=1;
861 if(!getArg("config").empty()) {
864 BP
.parse(getArg("config"));
866 catch(PDNSException
&ae
) {
867 g_log
<<Logger::Error
<<"Error parsing bind configuration: "<<ae
.reason
<<endl
;
871 vector
<BindDomainInfo
> domains
=BP
.getDomains();
872 this->alsoNotify
= BP
.getAlsoNotify();
874 s_binddirectory
=BP
.getDirectory();
875 // ZP.setDirectory(d_binddirectory);
877 g_log
<<Logger::Warning
<<d_logprefix
<<" Parsing "<<domains
.size()<<" domain(s), will report when done"<<endl
;
879 set
<DNSName
> oldnames
, newnames
;
881 ReadLock
rl(&s_state_lock
);
882 for(const BB2DomainInfo
& bbd
: s_state
) {
883 oldnames
.insert(bbd
.d_name
);
891 for(vector
<BindDomainInfo
>::iterator i
=domains
.begin(); i
!=domains
.end(); ++i
)
893 if(stat(i
->filename
.c_str(), &st
) == 0) {
894 i
->d_dev
= st
.st_dev
;
895 i
->d_ino
= st
.st_ino
;
899 sort(domains
.begin(), domains
.end()); // put stuff in inode order
900 for(vector
<BindDomainInfo
>::const_iterator i
=domains
.begin();
904 if (!(i
->hadFileDirective
)) {
905 g_log
<<Logger::Warning
<<d_logprefix
<<" Zone '"<<i
->name
<<"' has no 'file' directive set in "<<getArg("config")<<endl
;
911 g_log
<<Logger::Notice
<<d_logprefix
<<" Zone '"<<i
->name
<<"' has no type specified, assuming 'native'"<<endl
;
912 if(i
->type
!="master" && i
->type
!="slave" && i
->type
!= "native" && i
->type
!= "") {
913 g_log
<<Logger::Warning
<<d_logprefix
<<" Warning! Skipping zone '"<<i
->name
<<"' because type '"<<i
->type
<<"' is invalid"<<endl
;
921 if(!safeGetBBDomainInfo(i
->name
, &bbd
)) {
923 bbd
.d_id
=domain_id
++;
924 bbd
.setCheckInterval(getArgAsNum("check-interval"));
925 bbd
.d_lastnotified
=0;
929 // overwrite what we knew about the domain
931 bool filenameChanged
= (bbd
.d_filename
!=i
->filename
);
932 bbd
.d_filename
=i
->filename
;
933 bbd
.d_masters
=i
->masters
;
934 bbd
.d_also_notify
=i
->alsoNotify
;
936 bbd
.d_kind
= DomainInfo::Native
;
937 if (i
->type
== "master")
938 bbd
.d_kind
= DomainInfo::Master
;
939 if (i
->type
== "slave")
940 bbd
.d_kind
= DomainInfo::Slave
;
942 newnames
.insert(bbd
.d_name
);
943 if(filenameChanged
|| !bbd
.d_loaded
|| !bbd
.current()) {
944 g_log
<<Logger::Info
<<d_logprefix
<<" parsing '"<<i
->name
<<"' from file '"<<i
->filename
<<"'"<<endl
;
949 catch(PDNSException
&ae
) {
951 msg
<<" error at "+nowTime()+" parsing '"<<i
->name
<<"' from file '"<<i
->filename
<<"': "<<ae
.reason
;
955 bbd
.d_status
=msg
.str();
957 g_log
<<Logger::Warning
<<d_logprefix
<<msg
.str()<<endl
;
960 catch(std::system_error
&ae
) {
962 if (ae
.code().value() == ENOENT
&& isNew
&& i
->type
== "slave")
963 msg
<<" error at "+nowTime()<<" no file found for new slave domain '"<<i
->name
<<"'. Has not been AXFR'd yet";
965 msg
<<" error at "+nowTime()+" parsing '"<<i
->name
<<"' from file '"<<i
->filename
<<"': "<<ae
.what();
969 bbd
.d_status
=msg
.str();
970 g_log
<<Logger::Warning
<<d_logprefix
<<msg
.str()<<endl
;
973 catch(std::exception
&ae
) {
975 msg
<<" error at "+nowTime()+" parsing '"<<i
->name
<<"' from file '"<<i
->filename
<<"': "<<ae
.what();
979 bbd
.d_status
=msg
.str();
981 g_log
<<Logger::Warning
<<d_logprefix
<<msg
.str()<<endl
;
984 safePutBBDomainInfo(bbd
);
988 vector
<DNSName
> diff
;
990 set_difference(oldnames
.begin(), oldnames
.end(), newnames
.begin(), newnames
.end(), back_inserter(diff
));
991 unsigned int remdomains
=diff
.size();
993 for(const DNSName
& name
: diff
) {
994 safeRemoveBBDomainInfo(name
);
997 // count number of entirely new domains
999 set_difference(newnames
.begin(), newnames
.end(), oldnames
.begin(), oldnames
.end(), back_inserter(diff
));
1000 newdomains
=diff
.size();
1003 msg
<<" Done parsing domains, "<<rejected
<<" rejected, "<<newdomains
<<" new, "<<remdomains
<<" removed";
1007 g_log
<<Logger::Error
<<d_logprefix
<<msg
.str()<<endl
;
1011 void Bind2Backend::queueReloadAndStore(unsigned int id
)
1013 BB2DomainInfo bbold
;
1015 if(!safeGetBBDomainInfo(id
, &bbold
))
1017 BB2DomainInfo
bbnew(bbold
);
1018 /* make sure that nothing will be able to alter the existing records,
1019 we will load them from the zone file instead */
1020 bbnew
.d_records
= LookButDontTouch
<recordstorage_t
>();
1021 parseZoneFile(&bbnew
);
1022 bbnew
.d_checknow
=false;
1023 bbnew
.d_wasRejectedLastReload
=false;
1024 safePutBBDomainInfo(bbnew
);
1025 g_log
<<Logger::Warning
<<"Zone '"<<bbnew
.d_name
<<"' ("<<bbnew
.d_filename
<<") reloaded"<<endl
;
1027 catch(PDNSException
&ae
) {
1029 msg
<<" error at "+nowTime()+" parsing '"<<bbold
.d_name
<<"' from file '"<<bbold
.d_filename
<<"': "<<ae
.reason
;
1030 g_log
<<Logger::Warning
<<" error parsing '"<<bbold
.d_name
<<"' from file '"<<bbold
.d_filename
<<"': "<<ae
.reason
<<endl
;
1031 bbold
.d_status
=msg
.str();
1032 bbold
.d_wasRejectedLastReload
=true;
1033 safePutBBDomainInfo(bbold
);
1035 catch(std::exception
&ae
) {
1037 msg
<<" error at "+nowTime()+" parsing '"<<bbold
.d_name
<<"' from file '"<<bbold
.d_filename
<<"': "<<ae
.what();
1038 g_log
<<Logger::Warning
<<" error parsing '"<<bbold
.d_name
<<"' from file '"<<bbold
.d_filename
<<"': "<<ae
.what()<<endl
;
1039 bbold
.d_status
=msg
.str();
1040 bbold
.d_wasRejectedLastReload
=true;
1041 safePutBBDomainInfo(bbold
);
1045 bool Bind2Backend::findBeforeAndAfterUnhashed(std::shared_ptr
<const recordstorage_t
>& records
, const DNSName
& qname
, DNSName
& unhashed
, DNSName
& before
, DNSName
& after
)
1047 // for(const auto& record: *records)
1048 // cerr<<record.qname<<"\t"<<makeHexDump(record.qname.toDNSString())<<endl;
1050 recordstorage_t::const_iterator iterBefore
, iterAfter
;
1052 iterBefore
= iterAfter
= records
->upper_bound(qname
.makeLowerCase());
1054 if(iterBefore
!= records
->begin())
1056 while((!iterBefore
->auth
&& iterBefore
->qtype
!= QType::NS
) || !iterBefore
->qtype
)
1058 before
=iterBefore
->qname
;
1060 if(iterAfter
== records
->end()) {
1061 iterAfter
= records
->begin();
1063 while((!iterAfter
->auth
&& iterAfter
->qtype
!= QType::NS
) || !iterAfter
->qtype
) {
1065 if(iterAfter
== records
->end()) {
1066 iterAfter
= records
->begin();
1071 after
= iterAfter
->qname
;
1076 bool Bind2Backend::getBeforeAndAfterNamesAbsolute(uint32_t id
, const DNSName
& qname
, DNSName
& unhashed
, DNSName
& before
, DNSName
& after
)
1079 if (!safeGetBBDomainInfo(id
, &bbd
))
1082 NSEC3PARAMRecordContent ns3pr
;
1087 nsec3zone
=dk
.getNSEC3PARAM(bbd
.d_name
, &ns3pr
);
1089 nsec3zone
=getNSEC3PARAM(bbd
.d_name
, &ns3pr
);
1091 shared_ptr
<const recordstorage_t
> records
= bbd
.d_records
.get();
1093 return findBeforeAndAfterUnhashed(records
, qname
, unhashed
, before
, after
);
1096 auto& hashindex
=boost::multi_index::get
<NSEC3Tag
>(*records
);
1098 // for(auto iter = first; iter != hashindex.end(); iter++)
1099 // cerr<<iter->nsec3hash<<endl;
1101 auto first
= hashindex
.upper_bound("");
1102 auto iter
= hashindex
.upper_bound(qname
.toStringNoDot());
1104 if (iter
== hashindex
.end()) {
1106 before
= DNSName(iter
->nsec3hash
);
1107 after
= DNSName(first
->nsec3hash
);
1109 after
= DNSName(iter
->nsec3hash
);
1113 iter
= --hashindex
.end();
1114 before
= DNSName(iter
->nsec3hash
);
1116 unhashed
= iter
->qname
+bbd
.d_name
;
1122 void Bind2Backend::lookup(const QType
&qtype
, const DNSName
&qname
, int zoneId
, DNSPacket
*pkt_p
)
1126 static bool mustlog
=::arg().mustDo("query-logging");
1133 g_log
<<Logger::Warning
<<"Lookup for '"<<qtype
.getName()<<"' of '"<<qname
<<"' within zoneID "<<zoneId
<<endl
;
1136 if ((found
= (safeGetBBDomainInfo(zoneId
, &bbd
) && qname
.isPartOf(bbd
.d_name
)))) {
1137 domain
= bbd
.d_name
;
1142 found
= safeGetBBDomainInfo(domain
, &bbd
);
1143 } while (!found
&& qtype
!= QType::SOA
&& domain
.chopOff());
1148 g_log
<<Logger::Warning
<<"Found no authoritative zone for '"<<qname
<<"' and/or id "<<bbd
.d_id
<<endl
;
1149 d_handle
.d_list
=false;
1154 g_log
<<Logger::Warning
<<"Found a zone '"<<domain
<<"' (with id " << bbd
.d_id
<<") that might contain data "<<endl
;
1156 d_handle
.id
=bbd
.d_id
;
1157 d_handle
.qname
=qname
.makeRelative(domain
); // strip domain name
1158 d_handle
.qtype
=qtype
;
1159 d_handle
.domain
=domain
;
1163 throw DBException("Zone for '"+bbd
.d_name
.toLogString()+"' in '"+bbd
.d_filename
+"' temporarily not available (file missing, or master dead)"); // fsck
1166 if(!bbd
.current()) {
1167 g_log
<<Logger::Warning
<<"Zone '"<<bbd
.d_name
<<"' ("<<bbd
.d_filename
<<") needs reloading"<<endl
;
1168 queueReloadAndStore(bbd
.d_id
);
1169 if (!safeGetBBDomainInfo(domain
, &bbd
))
1170 throw DBException("Zone '"+bbd
.d_name
.toLogString()+"' ("+bbd
.d_filename
+") gone after reload"); // if we don't throw here, we crash for some reason
1173 d_handle
.d_records
= bbd
.d_records
.get();
1175 if(d_handle
.d_records
->empty())
1176 DLOG(g_log
<<"Query with no results"<<endl
);
1178 d_handle
.mustlog
= mustlog
;
1180 auto& hashedidx
= boost::multi_index::get
<UnorderedNameTag
>(*d_handle
.d_records
);
1181 auto range
= hashedidx
.equal_range(d_handle
.qname
);
1183 if(range
.first
==range
.second
) {
1184 d_handle
.d_list
=false;
1185 d_handle
.d_iter
= d_handle
.d_end_iter
= range
.first
;
1189 d_handle
.d_iter
=range
.first
;
1190 d_handle
.d_end_iter
=range
.second
;
1193 d_handle
.d_list
=false;
1196 Bind2Backend::handle::handle()
1201 bool Bind2Backend::get(DNSResourceRecord
&r
)
1203 if(!d_handle
.d_records
) {
1204 if(d_handle
.mustlog
)
1205 g_log
<<Logger::Warning
<<"There were no answers"<<endl
;
1209 if(!d_handle
.get(r
)) {
1210 if(d_handle
.mustlog
)
1211 g_log
<<Logger::Warning
<<"End of answers"<<endl
;
1217 if(d_handle
.mustlog
)
1218 g_log
<<Logger::Warning
<<"Returning: '"<<r
.qtype
.getName()<<"' of '"<<r
.qname
<<"', content: '"<<r
.content
<<"'"<<endl
;
1222 bool Bind2Backend::handle::get(DNSResourceRecord
&r
)
1227 return get_normal(r
);
1230 void Bind2Backend::handle::reset()
1238 bool Bind2Backend::handle::get_normal(DNSResourceRecord
&r
)
1240 DLOG(g_log
<< "Bind2Backend get() was called for "<<qtype
.getName() << " record for '"<<
1241 qname
<<"' - "<<d_records
->size()<<" available in total!"<<endl
);
1243 if(d_iter
==d_end_iter
) {
1247 while(d_iter
!=d_end_iter
&& !(qtype
.getCode()==QType::ANY
|| (d_iter
)->qtype
==qtype
.getCode())) {
1248 DLOG(g_log
<<Logger::Warning
<<"Skipped "<<qname
<<"/"<<QType(d_iter
->qtype
).getName()<<": '"<<d_iter
->content
<<"'"<<endl
);
1251 if(d_iter
==d_end_iter
) {
1254 DLOG(g_log
<< "Bind2Backend get() returning a rr with a "<<QType(d_iter
->qtype
).getCode()<<endl
);
1256 r
.qname
=qname
.empty() ? domain
: (qname
+domain
);
1258 r
.content
=(d_iter
)->content
;
1259 // r.domain_id=(d_iter)->domain_id;
1260 r
.qtype
=(d_iter
)->qtype
;
1261 r
.ttl
=(d_iter
)->ttl
;
1263 //if(!d_iter->auth && r.qtype.getCode() != QType::A && r.qtype.getCode()!=QType::AAAA && r.qtype.getCode() != QType::NS)
1264 // cerr<<"Warning! Unauth response for qtype "<< r.qtype.getName() << " for '"<<r.qname<<"'"<<endl;
1265 r
.auth
= d_iter
->auth
;
1272 bool Bind2Backend::list(const DNSName
& target
, int id
, bool include_disabled
)
1276 if(!safeGetBBDomainInfo(id
, &bbd
))
1280 DLOG(g_log
<<"Bind2Backend constructing handle for list of "<<id
<<endl
);
1282 d_handle
.d_records
=bbd
.d_records
.get(); // give it a copy, which will stay around
1283 d_handle
.d_qname_iter
= d_handle
.d_records
->begin();
1284 d_handle
.d_qname_end
=d_handle
.d_records
->end(); // iter now points to a vector of pointers to vector<BBResourceRecords>
1287 d_handle
.domain
=bbd
.d_name
;
1288 d_handle
.d_list
=true;
1292 bool Bind2Backend::handle::get_list(DNSResourceRecord
&r
)
1294 if(d_qname_iter
!=d_qname_end
) {
1295 r
.qname
=d_qname_iter
->qname
.empty() ? domain
: (d_qname_iter
->qname
+domain
);
1297 r
.content
=(d_qname_iter
)->content
;
1298 r
.qtype
=(d_qname_iter
)->qtype
;
1299 r
.ttl
=(d_qname_iter
)->ttl
;
1300 r
.auth
= d_qname_iter
->auth
;
1307 bool Bind2Backend::superMasterBackend(const string
&ip
, const DNSName
& domain
, const vector
<DNSResourceRecord
>&nsset
, string
*nameserver
, string
*account
, DNSBackend
**db
)
1309 // Check whether we have a configfile available.
1310 if (getArg("supermaster-config").empty())
1313 ifstream
c_if(getArg("supermasters").c_str(), std::ios::in
); // this was nocreate?
1315 g_log
<< Logger::Error
<< "Unable to open supermasters file for read: " << stringerror() << endl
;
1320 // <ip> <accountname>
1321 string line
, sip
, saccount
;
1322 while (getline(c_if
, line
)) {
1323 std::istringstream
ii(line
);
1332 if (sip
!= ip
) // ip not found in authorization list - reject
1335 // ip authorized as supermaster - accept
1337 if (saccount
.length() > 0)
1338 *account
= saccount
.c_str();
1343 BB2DomainInfo
Bind2Backend::createDomainEntry(const DNSName
& domain
, const string
&filename
)
1346 { // Find a free zone id nr.
1347 ReadLock
rl(&s_state_lock
);
1348 if (!s_state
.empty()) {
1349 newid
= s_state
.rbegin()->d_id
+1;
1354 bbd
.d_kind
= DomainInfo::Native
;
1356 bbd
.d_records
= std::make_shared
<recordstorage_t
>();
1357 bbd
.d_name
= domain
;
1358 bbd
.setCheckInterval(getArgAsNum("check-interval"));
1359 bbd
.d_filename
= filename
;
1364 bool Bind2Backend::createSlaveDomain(const string
&ip
, const DNSName
& domain
, const string
&nameserver
, const string
&account
)
1366 string filename
= getArg("supermaster-destdir")+'/'+domain
.toStringNoDot();
1368 g_log
<< Logger::Warning
<< d_logprefix
1369 << " Writing bind config zone statement for superslave zone '" << domain
1370 << "' from supermaster " << ip
<< endl
;
1373 Lock
l2(&s_supermaster_config_lock
);
1375 ofstream
c_of(getArg("supermaster-config").c_str(), std::ios::app
);
1377 g_log
<< Logger::Error
<< "Unable to open supermaster configfile for append: " << stringerror() << endl
;
1378 throw DBException("Unable to open supermaster configfile for append: "+stringerror());
1382 c_of
<< "# Superslave zone '" << domain
.toString() << "' (added: " << nowTime() << ") (account: " << account
<< ')' << endl
;
1383 c_of
<< "zone \"" << domain
.toStringNoDot() << "\" {" << endl
;
1384 c_of
<< "\ttype slave;" << endl
;
1385 c_of
<< "\tfile \"" << filename
<< "\";" << endl
;
1386 c_of
<< "\tmasters { " << ip
<< "; };" << endl
;
1387 c_of
<< "};" << endl
;
1391 BB2DomainInfo bbd
= createDomainEntry(domain
, filename
);
1392 bbd
.d_kind
= DomainInfo::Slave
;
1393 bbd
.d_masters
.push_back(ComboAddress(ip
, 53));
1395 safePutBBDomainInfo(bbd
);
1399 bool Bind2Backend::searchRecords(const string
&pattern
, int maxResults
, vector
<DNSResourceRecord
>& result
)
1401 SimpleMatch
sm(pattern
,true);
1402 static bool mustlog
=::arg().mustDo("query-logging");
1404 g_log
<<Logger::Warning
<<"Search for pattern '"<<pattern
<<"'"<<endl
;
1407 ReadLock
rl(&s_state_lock
);
1409 for(state_t::const_iterator i
= s_state
.begin(); i
!= s_state
.end() ; ++i
) {
1411 if (!safeGetBBDomainInfo(i
->d_id
, &h
)) {
1415 shared_ptr
<const recordstorage_t
> rhandle
= h
.d_records
.get();
1417 for(recordstorage_t::const_iterator ri
= rhandle
->begin(); result
.size() < static_cast<vector
<DNSResourceRecord
>::size_type
>(maxResults
) && ri
!= rhandle
->end(); ri
++) {
1418 DNSName name
= ri
->qname
.empty() ? i
->d_name
: (ri
->qname
+i
->d_name
);
1419 if (sm
.match(name
) || sm
.match(ri
->content
)) {
1420 DNSResourceRecord r
;
1422 r
.domain_id
=i
->d_id
;
1423 r
.content
=ri
->content
;
1427 result
.push_back(r
);
1436 class Bind2Factory
: public BackendFactory
1439 Bind2Factory() : BackendFactory("bind") {}
1441 void declareArguments(const string
&suffix
="")
1443 declare(suffix
,"ignore-broken-records","Ignore records that are out-of-bound for the zone.","no");
1444 declare(suffix
,"config","Location of named.conf","");
1445 declare(suffix
,"check-interval","Interval for zonefile changes","0");
1446 declare(suffix
,"supermaster-config","Location of (part of) named.conf where pdns can write zone-statements to","");
1447 declare(suffix
,"supermasters","List of IP-addresses of supermasters","");
1448 declare(suffix
,"supermaster-destdir","Destination directory for newly added slave zones",::arg()["config-dir"]);
1449 declare(suffix
,"dnssec-db","Filename to store & access our DNSSEC metadatabase, empty for none", "");
1450 declare(suffix
,"dnssec-db-journal-mode","SQLite3 journal mode", "WAL");
1451 declare(suffix
,"hybrid","Store DNSSEC metadata in other backend","no");
1454 DNSBackend
*make(const string
&suffix
="")
1456 assertEmptySuffix(suffix
);
1457 return new Bind2Backend(suffix
);
1460 DNSBackend
*makeMetadataOnly(const string
&suffix
="")
1462 assertEmptySuffix(suffix
);
1463 return new Bind2Backend(suffix
, false);
1466 void assertEmptySuffix(const string
&suffix
)
1469 throw PDNSException("launch= suffixes are not supported on the bindbackend");
1473 //! Magic class that is activated when the dynamic library is loaded
1479 BackendMakers().report(new Bind2Factory
);
1480 g_log
<< Logger::Info
<< "[bind2backend] This is the bind backend version " << VERSION
1481 #ifndef REPRODUCIBLE
1482 << " (" __DATE__
" " __TIME__
")"
1485 << " (with bind-dnssec-db support)"
1487 << " reporting" << endl
;
1490 static Bind2Loader bind2loader
;