]> git.ipfire.org Git - thirdparty/pdns.git/blob - pdns/reczones.cc
projects / thirdparty / pdns.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
rec: ensure correct service user on debian
[thirdparty/pdns.git] / pdns / reczones.cc
1 /*
2 * This file is part of PowerDNS or dnsdist.
3 * Copyright -- PowerDNS.COM B.V. and its contributors
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of version 2 of the GNU General Public License as
7 * published by the Free Software Foundation.
8 *
9 * In addition, for the avoidance of any doubt, permission is granted to
10 * link this program with OpenSSL and to (re)distribute the binaries
11 * produced as the result of such linking.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
22 #ifdef HAVE_CONFIG_H
23 #include "config.h"
24 #endif
25 #include "syncres.hh"
26 #include "arguments.hh"
27 #include "zoneparser-tng.hh"
28 #include "logger.hh"
29 #include "dnsrecords.hh"
30 #include "root-addresses.hh"
31
32 extern int g_argc;
33 extern char** g_argv;
34
35 void primeHints(void)
36 {
37 // prime root cache
38 const vState validationState = Insecure;
39 vector<DNSRecord> nsset;
40 if(!t_RC)
41 t_RC = std::unique_ptr<MemRecursorCache>(new MemRecursorCache());
42
43 if(::arg()["hint-file"].empty()) {
44 DNSRecord arr, aaaarr, nsrr;
45 nsrr.d_name=g_rootdnsname;
46 arr.d_type=QType::A;
47 aaaarr.d_type=QType::AAAA;
48 nsrr.d_type=QType::NS;
49 arr.d_ttl=aaaarr.d_ttl=nsrr.d_ttl=time(0)+3600000;
50
51 for(char c='a';c<='m';++c) {
52 char templ[40];
53 strncpy(templ,"a.root-servers.net.", sizeof(templ) - 1);
54 templ[sizeof(templ)-1] = '\0';
55 *templ=c;
56 aaaarr.d_name=arr.d_name=DNSName(templ);
57 nsrr.d_content=std::make_shared<NSRecordContent>(DNSName(templ));
58 arr.d_content=std::make_shared<ARecordContent>(ComboAddress(rootIps4[c-'a']));
59 vector<DNSRecord> aset;
60 aset.push_back(arr);
61 t_RC->replace(time(0), DNSName(templ), QType(QType::A), aset, vector<std::shared_ptr<RRSIGRecordContent>>(), vector<std::shared_ptr<DNSRecord>>(), true, boost::none, validationState); // auth, nuke it all
62 if (rootIps6[c-'a'] != NULL) {
63 aaaarr.d_content=std::make_shared<AAAARecordContent>(ComboAddress(rootIps6[c-'a']));
64
65 vector<DNSRecord> aaaaset;
66 aaaaset.push_back(aaaarr);
67 t_RC->replace(time(0), DNSName(templ), QType(QType::AAAA), aaaaset, vector<std::shared_ptr<RRSIGRecordContent>>(), vector<std::shared_ptr<DNSRecord>>(), true, boost::none, validationState);
68 }
69
70 nsset.push_back(nsrr);
71 }
72 }
73 else {
74 ZoneParserTNG zpt(::arg()["hint-file"]);
75 DNSResourceRecord rr;
76
77 while(zpt.get(rr)) {
78 rr.ttl+=time(0);
79 if(rr.qtype.getCode()==QType::A) {
80 vector<DNSRecord> aset;
81 aset.push_back(DNSRecord(rr));
82 t_RC->replace(time(0), rr.qname, QType(QType::A), aset, vector<std::shared_ptr<RRSIGRecordContent>>(), vector<std::shared_ptr<DNSRecord>>(), true, boost::none, validationState); // auth, etc see above
83 } else if(rr.qtype.getCode()==QType::AAAA) {
84 vector<DNSRecord> aaaaset;
85 aaaaset.push_back(DNSRecord(rr));
86 t_RC->replace(time(0), rr.qname, QType(QType::AAAA), aaaaset, vector<std::shared_ptr<RRSIGRecordContent>>(), vector<std::shared_ptr<DNSRecord>>(), true, boost::none, validationState);
87 } else if(rr.qtype.getCode()==QType::NS) {
88 rr.content=toLower(rr.content);
89 nsset.push_back(DNSRecord(rr));
90 }
91 }
92 }
93 t_RC->doWipeCache(g_rootdnsname, false, QType::NS);
94 t_RC->replace(time(0), g_rootdnsname, QType(QType::NS), nsset, vector<std::shared_ptr<RRSIGRecordContent>>(), vector<std::shared_ptr<DNSRecord>>(), false, boost::none, validationState); // and stuff in the cache
95 }
96
97 static void makeNameToIPZone(std::shared_ptr<SyncRes::domainmap_t> newMap, const DNSName& hostname, const string& ip)
98 {
99 SyncRes::AuthDomain ad;
100 ad.d_rdForward=false;
101
102 DNSRecord dr;
103 dr.d_name=hostname;
104 dr.d_place=DNSResourceRecord::ANSWER;
105 dr.d_ttl=86400;
106 dr.d_type=QType::SOA;
107 dr.d_class = 1;
108 dr.d_content = DNSRecordContent::mastermake(QType::SOA, 1, "localhost. root 1 604800 86400 2419200 604800");
109
110 ad.d_records.insert(dr);
111
112 dr.d_type=QType::NS;
113 dr.d_content=std::make_shared<NSRecordContent>("localhost.");
114
115 ad.d_records.insert(dr);
116
117 dr.d_type=QType::A;
118 dr.d_content = DNSRecordContent::mastermake(QType::A, 1, ip);
119 ad.d_records.insert(dr);
120
121 if(newMap->count(dr.d_name)) {
122 g_log<<Logger::Warning<<"Hosts file will not overwrite zone '"<<dr.d_name<<"' already loaded"<<endl;
123 }
124 else {
125 g_log<<Logger::Warning<<"Inserting forward zone '"<<dr.d_name<<"' based on hosts file"<<endl;
126 ad.d_name=dr.d_name;
127 (*newMap)[ad.d_name]=ad;
128 }
129 }
130
131 //! parts[0] must be an IP address, the rest must be host names
132 static void makeIPToNamesZone(std::shared_ptr<SyncRes::domainmap_t> newMap, const vector<string>& parts)
133 {
134 string address=parts[0];
135 vector<string> ipparts;
136 stringtok(ipparts, address,".");
137
138 SyncRes::AuthDomain ad;
139 ad.d_rdForward=false;
140
141 DNSRecord dr;
142 for(int n=ipparts.size()-1; n>=0 ; --n) {
143 dr.d_name.appendRawLabel(ipparts[n]);
144 }
145 dr.d_name.appendRawLabel("in-addr");
146 dr.d_name.appendRawLabel("arpa");
147 dr.d_class = 1;
148 dr.d_place=DNSResourceRecord::ANSWER;
149 dr.d_ttl=86400;
150 dr.d_type=QType::SOA;
151 dr.d_content=DNSRecordContent::mastermake(QType::SOA, 1, "localhost. root 1 604800 86400 2419200 604800");
152
153 ad.d_records.insert(dr);
154
155 dr.d_type=QType::NS;
156 dr.d_content=std::make_shared<NSRecordContent>(DNSName("localhost."));
157
158 ad.d_records.insert(dr);
159 dr.d_type=QType::PTR;
160
161 if(ipparts.size()==4) // otherwise this is a partial zone
162 for(unsigned int n=1; n < parts.size(); ++n) {
163 dr.d_content=DNSRecordContent::mastermake(QType::PTR, 1, DNSName(parts[n]).toString()); // XXX FIXME DNSNAME PAIN CAN THIS BE RIGHT?
164 ad.d_records.insert(dr);
165 }
166
167 if(newMap->count(dr.d_name)) {
168 g_log<<Logger::Warning<<"Will not overwrite zone '"<<dr.d_name<<"' already loaded"<<endl;
169 }
170 else {
171 if(ipparts.size()==4)
172 g_log<<Logger::Warning<<"Inserting reverse zone '"<<dr.d_name<<"' based on hosts file"<<endl;
173 ad.d_name = dr.d_name;
174 (*newMap)[ad.d_name]=ad;
175 }
176 }
177
178
179
180 /* mission in life: parse three cases
181 1) 1.2.3.4
182 2) 1.2.3.4:5300
183 3) 2001::1
184 4) [2002::1]:53
185 */
186
187 ComboAddress parseIPAndPort(const std::string& input, uint16_t port)
188 {
189 if(input.find(':') == string::npos || input.empty()) // common case
190 return ComboAddress(input, port);
191
192 pair<string,string> both;
193
194 try { // case 2
195 both=splitField(input,':');
196 uint16_t newport=static_cast<uint16_t>(pdns_stou(both.second));
197 return ComboAddress(both.first, newport);
198 }
199 catch(...){}
200
201 if(input[0]=='[') { // case 4
202 both=splitField(input.substr(1),']');
203 return ComboAddress(both.first, both.second.empty() ? port : static_cast<uint16_t>(pdns_stou(both.second.substr(1))));
204 }
205
206 return ComboAddress(input, port); // case 3
207 }
208
209
210 void convertServersForAD(const std::string& input, SyncRes::AuthDomain& ad, const char* sepa, bool verbose=true)
211 {
212 vector<string> servers;
213 stringtok(servers, input, sepa);
214 ad.d_servers.clear();
215
216 for(vector<string>::const_iterator iter = servers.begin(); iter != servers.end(); ++iter) {
217 if(verbose && iter != servers.begin())
218 g_log<<", ";
219
220 ComboAddress addr=parseIPAndPort(*iter, 53);
221 if(verbose)
222 g_log<<addr.toStringWithPort();
223 ad.d_servers.push_back(addr);
224 }
225 if(verbose)
226 g_log<<endl;
227 }
228
229 void* pleaseWipeNegCache()
230 {
231 SyncRes::clearNegCache();
232 return 0;
233 }
234
235 void* pleaseUseNewSDomainsMap(std::shared_ptr<SyncRes::domainmap_t> newmap)
236 {
237 SyncRes::setDomainMap(newmap);
238 return 0;
239 }
240
241 string reloadAuthAndForwards()
242 {
243 std::shared_ptr<SyncRes::domainmap_t> original=SyncRes::getDomainMap();
244
245 try {
246 g_log<<Logger::Warning<<"Reloading zones, purging data from cache"<<endl;
247
248 string configname=::arg()["config-dir"]+"/recursor.conf";
249 if(::arg()["config-name"]!="") {
250 configname=::arg()["config-dir"]+"/recursor-"+::arg()["config-name"]+".conf";
251 }
252 cleanSlashes(configname);
253
254 if(!::arg().preParseFile(configname.c_str(), "forward-zones"))
255 throw runtime_error("Unable to re-parse configuration file '"+configname+"'");
256 ::arg().preParseFile(configname.c_str(), "forward-zones-file");
257 ::arg().preParseFile(configname.c_str(), "forward-zones-recurse");
258 ::arg().preParseFile(configname.c_str(), "auth-zones");
259 ::arg().preParseFile(configname.c_str(), "export-etc-hosts", "off");
260 ::arg().preParseFile(configname.c_str(), "serve-rfc1918");
261 ::arg().preParseFile(configname.c_str(), "include-dir");
262 ::arg().preParse(g_argc, g_argv, "include-dir");
263
264 // then process includes
265 std::vector<std::string> extraConfigs;
266 ::arg().gatherIncludes(extraConfigs);
267
268 for(const std::string& fn : extraConfigs) {
269 if(!::arg().preParseFile(fn.c_str(), "forward-zones", ::arg()["forward-zones"]))
270 throw runtime_error("Unable to re-parse configuration file include '"+fn+"'");
271 ::arg().preParseFile(fn.c_str(), "forward-zones-file", ::arg()["forward-zones-file"]);
272 ::arg().preParseFile(fn.c_str(), "forward-zones-recurse", ::arg()["forward-zones-recurse"]);
273 ::arg().preParseFile(fn.c_str(), "auth-zones",::arg()["auth-zones"]);
274 ::arg().preParseFile(fn.c_str(), "export-etc-hosts",::arg()["export-etc-hosts"]);
275 ::arg().preParseFile(fn.c_str(), "serve-rfc1918",::arg()["serve-rfc1918"]);
276 }
277
278 ::arg().preParse(g_argc, g_argv, "forward-zones");
279 ::arg().preParse(g_argc, g_argv, "forward-zones-file");
280 ::arg().preParse(g_argc, g_argv, "forward-zones-recurse");
281 ::arg().preParse(g_argc, g_argv, "auth-zones");
282 ::arg().preParse(g_argc, g_argv, "export-etc-hosts");
283 ::arg().preParse(g_argc, g_argv, "serve-rfc1918");
284
285 std::shared_ptr<SyncRes::domainmap_t> newDomainMap = parseAuthAndForwards();
286
287 // purge both original and new names
288 std::set<DNSName> oldAndNewDomains;
289 for(const auto& i : *newDomainMap) {
290 oldAndNewDomains.insert(i.first);
291 }
292
293 if(original) {
294 for(const auto& i : *original) {
295 oldAndNewDomains.insert(i.first);
296 }
297 }
298
299 for(const auto i : oldAndNewDomains) {
300 broadcastAccFunction<uint64_t>(boost::bind(pleaseWipeCache, i, true));
301 broadcastAccFunction<uint64_t>(boost::bind(pleaseWipePacketCache, i, true));
302 broadcastAccFunction<uint64_t>(boost::bind(pleaseWipeAndCountNegCache, i, true));
303 }
304
305 broadcastFunction(boost::bind(pleaseUseNewSDomainsMap, newDomainMap));
306 return "ok\n";
307 }
308 catch(std::exception& e) {
309 g_log<<Logger::Error<<"Encountered error reloading zones, keeping original data: "<<e.what()<<endl;
310 }
311 catch(PDNSException& ae) {
312 g_log<<Logger::Error<<"Encountered error reloading zones, keeping original data: "<<ae.reason<<endl;
313 }
314 catch(...) {
315 g_log<<Logger::Error<<"Encountered unknown error reloading zones, keeping original data"<<endl;
316 }
317 return "reloading failed, see log\n";
318 }
319
320 std::shared_ptr<SyncRes::domainmap_t> parseAuthAndForwards()
321 {
322 TXTRecordContent::report();
323 OPTRecordContent::report();
324
325 auto newMap = std::make_shared<SyncRes::domainmap_t>();
326
327 typedef vector<string> parts_t;
328 parts_t parts;
329 const char *option_names[3]={"auth-zones", "forward-zones", "forward-zones-recurse"};
330 for(int n=0; n < 3 ; ++n ) {
331 parts.clear();
332 stringtok(parts, ::arg()[option_names[n]], " ,\t\n\r");
333 for(parts_t::const_iterator iter = parts.begin(); iter != parts.end(); ++iter) {
334 SyncRes::AuthDomain ad;
335 if ((*iter).find('=') == string::npos)
336 throw PDNSException("Error parsing '" + *iter + "', missing =");
337 pair<string,string> headers=splitField(*iter, '=');
338 trim(headers.first);
339 trim(headers.second);
340 // headers.first=toCanonic("", headers.first);
341 if(n==0) {
342 ad.d_rdForward = false;
343 g_log<<Logger::Error<<"Parsing authoritative data for zone '"<<headers.first<<"' from file '"<<headers.second<<"'"<<endl;
344 ZoneParserTNG zpt(headers.second, DNSName(headers.first));
345 DNSResourceRecord rr;
346 DNSRecord dr;
347 while(zpt.get(rr)) {
348 try {
349 dr=DNSRecord(rr);
350 dr.d_place=DNSResourceRecord::ANSWER;
351 }
352 catch(std::exception &e) {
353 throw PDNSException("Error parsing record '"+rr.qname.toLogString()+"' of type "+rr.qtype.getName()+" in zone '"+headers.first+"' from file '"+headers.second+"': "+e.what());
354 }
355 catch(...) {
356 throw PDNSException("Error parsing record '"+rr.qname.toLogString()+"' of type "+rr.qtype.getName()+" in zone '"+headers.first+"' from file '"+headers.second+"'");
357 }
358
359 ad.d_records.insert(dr);
360 }
361 }
362 else {
363 g_log<<Logger::Error<<"Redirecting queries for zone '"<<headers.first<<"' ";
364 if(n == 2) {
365 g_log<<"with recursion ";
366 ad.d_rdForward = true;
367 }
368 else ad.d_rdForward = false;
369 g_log<<"to: ";
370
371 convertServersForAD(headers.second, ad, ";");
372 if(n == 2) {
373 ad.d_rdForward = true;
374 }
375 }
376
377 ad.d_name = DNSName(headers.first);
378 (*newMap)[ad.d_name]=ad;
379 }
380 }
381
382 if(!::arg()["forward-zones-file"].empty()) {
383 g_log<<Logger::Warning<<"Reading zone forwarding information from '"<<::arg()["forward-zones-file"]<<"'"<<endl;
384 SyncRes::AuthDomain ad;
385 auto fp = std::unique_ptr<FILE, int(*)(FILE*)>(fopen(::arg()["forward-zones-file"].c_str(), "r"), fclose);
386 if(!fp) {
387 throw PDNSException("Error opening forward-zones-file '"+::arg()["forward-zones-file"]+"': "+stringerror());
388 }
389
390 string line;
391 int linenum=0;
392 uint64_t before = newMap->size();
393 while(linenum++, stringfgets(fp.get(), line)) {
394 trim(line);
395 if (line[0] == '#') // Comment line, skip to the next line
396 continue;
397 string domain, instructions;
398 tie(domain, instructions)=splitField(line, '=');
399 instructions = splitField(instructions, '#').first; // Remove EOL comments
400 trim(domain);
401 trim(instructions);
402 if(domain.empty() && instructions.empty()) { // empty line
403 continue;
404 }
405 if(boost::starts_with(domain,"+")) {
406 domain=domain.c_str()+1;
407 ad.d_rdForward = true;
408 }
409 else
410 ad.d_rdForward = false;
411 if(domain.empty()) {
412 throw PDNSException("Error parsing line "+std::to_string(linenum)+" of " +::arg()["forward-zones-file"]);
413 }
414
415 try {
416 convertServersForAD(instructions, ad, ",; ", false);
417 }
418 catch(...) {
419 throw PDNSException("Conversion error parsing line "+std::to_string(linenum)+" of " +::arg()["forward-zones-file"]);
420 }
421
422 ad.d_name = DNSName(domain);
423 (*newMap)[ad.d_name]=ad;
424 }
425 g_log<<Logger::Warning<<"Done parsing " << newMap->size() - before<<" forwarding instructions from file '"<<::arg()["forward-zones-file"]<<"'"<<endl;
426 }
427
428 if(::arg().mustDo("export-etc-hosts")) {
429 string line;
430 string fname=::arg()["etc-hosts-file"];
431
432 ifstream ifs(fname.c_str());
433 if(!ifs) {
434 g_log<<Logger::Warning<<"Could not open "<<fname<<" for reading"<<endl;
435 }
436 else {
437 string searchSuffix = ::arg()["export-etc-hosts-search-suffix"];
438 string::size_type pos;
439 while(getline(ifs,line)) {
440 pos=line.find('#');
441 if(pos!=string::npos)
442 line.resize(pos);
443 trim(line);
444 if(line.empty())
445 continue;
446 parts.clear();
447 stringtok(parts, line, "\t\r\n ");
448 if(parts[0].find(':')!=string::npos)
449 continue;
450
451 for(unsigned int n=1; n < parts.size(); ++n) {
452 if(searchSuffix.empty() || parts[n].find('.') != string::npos)
453 makeNameToIPZone(newMap, DNSName(parts[n]), parts[0]);
454 else {
455 DNSName canonic=toCanonic(DNSName(searchSuffix), parts[n]); /// XXXX DNSName pain
456 if(canonic != DNSName(parts[n])) { // XXX further DNSName pain
457 makeNameToIPZone(newMap, canonic, parts[0]);
458 }
459 }
460 }
461 makeIPToNamesZone(newMap, parts);
462 }
463 }
464 }
465 if(::arg().mustDo("serve-rfc1918")) {
466 g_log<<Logger::Warning<<"Inserting rfc 1918 private space zones"<<endl;
467 parts.clear();
468 parts.push_back("127");
469 makeIPToNamesZone(newMap, parts);
470 parts[0]="10";
471 makeIPToNamesZone(newMap, parts);
472
473 parts[0]="192.168";
474 makeIPToNamesZone(newMap, parts);
475 for(int n=16; n < 32; n++) {
476 parts[0]="172."+std::to_string(n);
477 makeIPToNamesZone(newMap,parts);
478 }
479 }
480 return newMap;
481 }
482
Unnamed repository; edit this file 'description' to name the repository.