From: Wouter Wijngaards Date: Mon, 23 Apr 2018 14:42:30 +0000 (+0000) Subject: - list_auth_zones unbound-control command. X-Git-Tag: release-1.7.1rc1~14 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ea6266f73641be024bb33542021122e2f1f1820d;p=thirdparty%2Funbound.git - list_auth_zones unbound-control command. git-svn-id: file:///svn/unbound/trunk@4650 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/daemon/remote.c b/daemon/remote.c index c58e36189..cfc91eb98 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -68,6 +68,7 @@ #include "services/cache/infra.h" #include "services/mesh.h" #include "services/localzone.h" +#include "services/authzone.h" #include "util/storage/slabhash.h" #include "util/fptr_wlist.h" #include "util/data/dname.h" @@ -2543,6 +2544,36 @@ do_list_stubs(SSL* ssl, struct worker* worker) } } +/** do the list_auth_zones command */ +static void +do_list_auth_zones(SSL* ssl, struct auth_zones* az) +{ + struct auth_zone* z; + char buf[257], buf2[256]; + lock_rw_rdlock(&az->lock); + RBTREE_FOR(z, struct auth_zone*, &az->ztree) { + lock_rw_rdlock(&z->lock); + dname_str(z->name, buf); + if(z->zone_expired) + snprintf(buf2, sizeof(buf2), "expired"); + else { + uint32_t serial = 0; + if(auth_zone_get_serial(z, &serial)) + snprintf(buf2, sizeof(buf2), "serial %u", + (unsigned)serial); + else snprintf(buf2, sizeof(buf2), "no serial"); + } + if(!ssl_printf(ssl, "%s\t%s\n", buf, buf2)) { + /* failure to print */ + lock_rw_unlock(&z->lock); + lock_rw_unlock(&az->lock); + return; + } + lock_rw_unlock(&z->lock); + } + lock_rw_unlock(&az->lock); +} + /** do the list_local_zones command */ static void do_list_local_zones(SSL* ssl, struct local_zones* zones) @@ -2803,6 +2834,9 @@ execute_cmd(struct daemon_remote* rc, SSL* ssl, char* cmd, } else if(cmdcmp(p, "ip_ratelimit_list", 17)) { do_ip_ratelimit_list(ssl, worker, p+17); return; + } else if(cmdcmp(p, "list_auth_zones", 15)) { + do_list_auth_zones(ssl, worker->env.auth_zones); + return; } else if(cmdcmp(p, "stub_add", 8)) { /* must always distribute this cmd */ if(rc) distribute_cmd(rc, ssl, cmd); diff --git a/doc/Changelog b/doc/Changelog index 1556830c1..7b81fa46f 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -8,6 +8,7 @@ - Attempt for auth zone fix; add of callback in mesh gets from callback does not skip callback of result. - Fix cname classification with qname minimisation enabled. + - list_auth_zones unbound-control command. 20 April 2018: Wouter - man page documentation for dns-over-tls forward-addr '#' notation. diff --git a/doc/unbound-control.8.in b/doc/unbound-control.8.in index 887441196..c207bee6b 100644 --- a/doc/unbound-control.8.in +++ b/doc/unbound-control.8.in @@ -289,6 +289,10 @@ estimated qps and qps limit from config. With +a it prints all ips, not just the ratelimited ips, with their estimated qps. The ratelimited ips are dropped before checking the cache. .TP +.B list_auth_zones +List the auth zones that are configured. Printed one per line with a +status, indicating if the zone is expired and current serial number. +.TP .B view_list_local_zones \fIview\fR \fIlist_local_zones\fR for given view. .TP diff --git a/services/authzone.c b/services/authzone.c index 4ade1fc62..1f56ac8cf 100644 --- a/services/authzone.c +++ b/services/authzone.c @@ -1724,6 +1724,24 @@ auth_zones_read_zones(struct auth_zones* az) return 1; } +/** find serial number of zone or false if none */ +int +auth_zone_get_serial(struct auth_zone* z, uint32_t* serial) +{ + struct auth_data* apex; + struct auth_rrset* soa; + struct packed_rrset_data* d; + apex = az_find_name(z, z->name, z->namelen); + if(!apex) return 0; + soa = az_domain_rrset(apex, LDNS_RR_TYPE_SOA); + if(!soa || soa->data->count==0) + return 0; /* no RRset or no RRs in rrset */ + if(soa->data->rr_len[0] < 2+4*5) return 0; /* SOA too short */ + d = soa->data; + *serial = sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-20)); + return 1; +} + /** Find auth_zone SOA and populate the values in xfr(soa values). */ static int xfr_find_soa(struct auth_zone* z, struct auth_xfer* xfr) diff --git a/services/authzone.h b/services/authzone.h index 8de18bf73..4e06c0654 100644 --- a/services/authzone.h +++ b/services/authzone.h @@ -591,6 +591,9 @@ int auth_zone_parse_notify_serial(struct sldns_buffer* pkt, uint32_t *serial); /** read auth zone from zonefile. caller must lock zone. false on failure */ int auth_zone_read_zonefile(struct auth_zone* z); +/** find serial number of zone or false if none (no SOA record) */ +int auth_zone_get_serial(struct auth_zone* z, uint32_t* serial); + /** compare auth_zones for sorted rbtree */ int auth_zone_cmp(const void* z1, const void* z2); diff --git a/smallapp/unbound-control.c b/smallapp/unbound-control.c index afb764d46..2337e7a73 100644 --- a/smallapp/unbound-control.c +++ b/smallapp/unbound-control.c @@ -142,6 +142,7 @@ usage(void) printf(" ratelimit_list [+a] list ratelimited domains\n"); printf(" ip_ratelimit_list [+a] list ratelimited ip addresses\n"); printf(" +a list all, also not ratelimited\n"); + printf(" list_auth_zones list auth zones\n"); printf(" view_list_local_zones view list local-zones in view\n"); printf(" view_list_local_data view list local-data RRs in view\n"); printf(" view_local_zone view name type add local-zone in view\n");