send_ok(ssl);
}
+/** do the auth_zone_transfer command */
+static void
+do_auth_zone_transfer(RES* ssl, struct worker* worker, char* arg)
+{
+ size_t nmlen;
+ int nmlabs;
+ uint8_t* nm = NULL;
+ struct auth_zones* az = worker->env.auth_zones;
+ if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs))
+ return;
+ if(!az || !auth_zones_startprobesequence(az, &worker->env, nm, nmlen,
+ LDNS_RR_CLASS_IN)) {
+ (void)ssl_printf(ssl, "error zone xfr task not found %s\n", arg);
+ return;
+ }
+ send_ok(ssl);
+}
+
/** do the set_option command */
static void
do_set_option(RES* ssl, struct worker* worker, char* arg)
} else if(cmdcmp(p, "auth_zone_reload", 16)) {
do_auth_zone_reload(ssl, worker, skipwhite(p+16));
return;
+ } else if(cmdcmp(p, "auth_zone_transfer", 18)) {
+ do_auth_zone_transfer(ssl, worker, skipwhite(p+18));
+ return;
} else if(cmdcmp(p, "stub_add", 8)) {
/* must always distribute this cmd */
if(rc) distribute_cmd(rc, ssl, cmd);
- tag for 1.7.3rc1.
- trunk has 1.7.4.
- unbound-control auth_zone_reload _zone_ option rereads the zonefile.
+ - unbound-control auth_zone_transfer _zone_ option starts the probe
+ sequence for a master to transfer the zone from and transfers when
+ a new zone version is available.
14 June 2018: Wouter
- #4103: Fix that auth-zone does not insist on SOA record first in
you set unbound to validate with for-upstream yes and that can be cleared
with \fBflush_zone\fR \fIzone\fR.
.TP
+.B auth_zone_transfer \fIzone\fR
+Tranfer the auth zone from master. The auth zone probe sequence is started,
+where the masters are probed to see if they have an updated zone (with the SOA
+serial check). And then the zone is transferred for a newer zone version.
+.TP
.B view_list_local_zones \fIview\fR
\fIlist_local_zones\fR for given view.
.TP
return 1;
}
+int auth_zones_startprobesequence(struct auth_zones* az,
+ struct module_env* env, uint8_t* nm, size_t nmlen, uint16_t dclass)
+{
+ struct auth_xfer* xfr;
+ lock_rw_rdlock(&az->lock);
+ xfr = auth_xfer_find(az, nm, nmlen, dclass);
+ if(!xfr) {
+ lock_rw_unlock(&az->lock);
+ return 0;
+ }
+ lock_basic_lock(&xfr->lock);
+ lock_rw_unlock(&az->lock);
+
+ xfr_process_notify(xfr, env, 0, 0, NULL);
+ return 1;
+}
+
/** set a zone expired */
static void
auth_xfer_set_expired(struct auth_xfer* xfr, struct module_env* env,
* returns 0 if no soa record in the notify */
int auth_zone_parse_notify_serial(struct sldns_buffer* pkt, uint32_t *serial);
+/** for the zone and if not already going, starts the probe sequence.
+ * false if zone cannot be found. This is like a notify arrived and was
+ * accepted for that zone. */
+int auth_zones_startprobesequence(struct auth_zones* az,
+ struct module_env* env, uint8_t* nm, size_t nmlen, uint16_t dclass);
+
/** read auth zone from zonefile. caller must lock zone. false on failure */
int auth_zone_read_zonefile(struct auth_zone* z);
printf(" +a list all, also not ratelimited\n");
printf(" list_auth_zones list auth zones\n");
printf(" auth_zone_reload zone reload auth zone from zonefile\n");
+ printf(" auth_zone_transfer zone transfer auth zone from master\n");
printf(" view_list_local_zones view list local-zones in view\n");
printf(" view_list_local_data view list local-data RRs in view\n");
printf(" view_local_zone view name type add local-zone in view\n");
projects / thirdparty / unbound.git / commitdiff
