3289. [bug] 'rndc retransfer' failed for inline zones. [RT #28036]

diff --git a/CHANGES b/CHANGES
index 9f6140a84e30c2fd922742edf1aa777381efc3d2..7f04dab5958052c9fac6cedd33bf04f06628c838 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+3289.  [bug]           'rndc retransfer' failed for inline zones. [RT #28036]
+
 3288.  [bug]           dlz_destroy() function wasn't correctly registered
                        by the DLZ dlopen driver. [RT #28056]
 

diff --git a/bin/named/server.c b/bin/named/server.c
index de227e7d7678262e4865595ab77f20a3fc898055..aa672f75fa1799594ef43e4c012f9e2c42c1b5bb 100644 (file)
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: server.c,v 1.638.4.4 2012/02/22 00:35:52 each Exp $ */
+/* $Id: server.c,v 1.638.4.5 2012/02/23 07:02:18 marka Exp $ */
 
 /*! \file */
 
@@ -5987,6 +5987,7 @@ isc_result_t
 ns_server_retransfercommand(ns_server_t *server, char *args) {
        isc_result_t result;
        dns_zone_t *zone = NULL;
+       dns_zone_t *raw = NULL;
        dns_zonetype_t type;
 
        result = zone_from_args(server, args, NULL, &zone, NULL, ISC_TRUE);
@@ -5994,6 +5995,12 @@ ns_server_retransfercommand(ns_server_t *server, char *args) {
                return (result);
        if (zone == NULL)
                return (ISC_R_UNEXPECTEDEND);
+       dns_zone_getraw(zone, &raw);
+       if (raw != NULL) {
+               dns_zone_detach(&zone);
+               dns_zone_attach(raw, &zone);
+               dns_zone_detach(&raw);
+       }
        type = dns_zone_gettype(zone);
        if (type == dns_zone_slave || type == dns_zone_stub)
                dns_zone_forcereload(zone);

diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c
index 9a5cd93bc5c1769eecba2eb4a87c33802ce34223..38b3f506b2cd1234cf03f26c47ebc0c074fd9da9 100644 (file)
--- a/bin/named/zoneconf.c
+++ b/bin/named/zoneconf.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zoneconf.c,v 1.186.22.2 2012/01/31 23:47:02 tbox Exp $ */
+/* $Id: zoneconf.c,v 1.186.22.3 2012/02/23 07:02:19 marka Exp $ */
 
 /*% */
 
@@ -1134,7 +1134,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
                        dns_zone_setoption(raw, DNS_ZONEOPT_IXFRFROMDIFFS,
                                           ISC_TRUE);
                        dns_zone_setoption(zone, DNS_ZONEOPT_IXFRFROMDIFFS,
-                                          ISC_FALSE);
+                                          ISC_TRUE);
                } else
                        dns_zone_setoption(zone, DNS_ZONEOPT_IXFRFROMDIFFS,
                                           ixfrdiff);

diff --git a/bin/tests/system/inline/clean.sh b/bin/tests/system/inline/clean.sh
index 1f4a85cad0b1b5d77365fc2a0d8b09d417868a12..160e54b2c0f6070a262d8327d22d0326862198e3 100644 (file)
--- a/bin/tests/system/inline/clean.sh
+++ b/bin/tests/system/inline/clean.sh
@@ -12,7 +12,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: clean.sh,v 1.12 2012/01/17 08:26:03 marka Exp $
+# $Id: clean.sh,v 1.12.12.1 2012/02/23 07:02:19 marka Exp $
 
 rm -f */named.memstats
 rm -f */named.run
@@ -24,6 +24,9 @@ rm -f ns1/root.db
 rm -f ns1/root.db.signed
 rm -f ns2/bits.db
 rm -f ns2/bits.db.jnl
+rm -f ns1/signer.out
+rm -f ns2/retransfer.db
+rm -f ns2/retransfer.db.jnl
 rm -f ns3/K*
 rm -f ns3/bits.bk
 rm -f ns3/bits.bk.jnl
@@ -49,6 +52,10 @@ rm -f ns3/expired.db
 rm -f ns3/expired.db.jnl
 rm -f ns3/expired.db.signed
 rm -f ns3/expired.db.signed.jnl
+rm -f ns3/retransfer.bk
+rm -f ns3/retransfer.bk.jnl
+rm -f ns3/retransfer.bk.signed
+rm -f ns3/retransfer.bk.signed.jnl
 rm -f ns4/K*
 rm -f ns4/noixfr.db
 rm -f ns4/noixfr.db.jnl

diff --git a/bin/tests/system/inline/ns1/root.db.in b/bin/tests/system/inline/ns1/root.db.in
index b91c6bd647525b45db4358bd982d48a3b80fc0da..906806983ae683e873fe067acfe89ca0880f0329 100644 (file)
--- a/bin/tests/system/inline/ns1/root.db.in
+++ b/bin/tests/system/inline/ns1/root.db.in
@@ -12,7 +12,7 @@
 ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 ; PERFORMANCE OF THIS SOFTWARE.
 
-; $Id: root.db.in,v 1.7 2012/01/10 23:46:58 tbox Exp $
+; $Id: root.db.in,v 1.7.14.1 2012/02/23 07:02:19 marka Exp $
 
 $TTL 300
 .                      IN SOA  gson.nominum.com. a.root.servers.nil. (
@@ -44,3 +44,6 @@ ns3.updated.          A       10.53.0.3
 
 expired.                       NS      ns3.expired.
 ns3.expired.           A       10.53.0.3
+
+retransfer.                    NS      ns3.retransfer.
+ns3.retransfer.                A       10.53.0.3

diff --git a/bin/tests/system/inline/ns1/sign.sh b/bin/tests/system/inline/ns1/sign.sh
index b2688ea2b8c6fb0c14dee51dc625360f9aa40c7e..b4b40bfc9df3d8b77932725af5e77da80058aee0 100644 (file)
--- a/bin/tests/system/inline/ns1/sign.sh
+++ b/bin/tests/system/inline/ns1/sign.sh
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: sign.sh,v 1.3 2011/12/22 07:32:40 each Exp $
+# $Id: sign.sh,v 1.3.20.1 2012/02/23 07:02:19 marka Exp $
 
 SYSTEMTESTTOP=../..
 . $SYSTEMTESTTOP/conf.sh
@@ -26,7 +26,8 @@ rm -f K.+*+*.key
 rm -f K.+*+*.private
 keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
 keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
-$SIGNER -S -x -T 1200 -o ${zone} root.db > /dev/null 2>&1
+$SIGNER -S -x -T 1200 -o ${zone} root.db > signer.out 2>&1
+[ $? = 0 ] || cat signer.out
 
 cat ${keyname}.key | grep -v '^; ' | $PERL -n -e '
 local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;

diff --git a/bin/tests/system/inline/ns2/named.conf b/bin/tests/system/inline/ns2/named.conf
index 2392a647180acc4df59d619f9b7dd31613ead036..2dc32ad5a232cbcfaa9ef1bc64d1708ee2b4980a 100644 (file)
--- a/bin/tests/system/inline/ns2/named.conf
+++ b/bin/tests/system/inline/ns2/named.conf
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named.conf,v 1.2 2011/08/30 23:46:52 tbox Exp $ */
+/* $Id: named.conf,v 1.2.138.1 2012/02/23 07:02:19 marka Exp $ */
 
 // NS2
 
@@ -38,3 +38,10 @@ zone "bits" {
        file "bits.db";
        allow-update { any; };
 };
+
+zone "retransfer" {
+       type master;
+       file "retransfer.db";
+       allow-update { any; };
+       notify no;
+};

diff --git a/bin/tests/system/inline/ns3/named.conf b/bin/tests/system/inline/ns3/named.conf
index f0ac5950ce9ea67ad7cd235eaa0bf9bc5929e99d..a1d092b25e4a5b000527e36fa5c3ac5241b2efbc 100644 (file)
--- a/bin/tests/system/inline/ns3/named.conf
+++ b/bin/tests/system/inline/ns3/named.conf
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named.conf,v 1.7 2012/01/10 23:46:58 tbox Exp $ */
+/* $Id: named.conf,v 1.7.14.1 2012/02/23 07:02:19 marka Exp $ */
 
 // NS3
 
@@ -86,3 +86,11 @@ zone "expired" {
        allow-update { any; };
        file "expired.db";
 };
+
+zone "retransfer" {
+       type slave;
+       masters { 10.53.0.2; };
+       inline-signing yes;
+       auto-dnssec maintain;
+       file "retransfer.bk";
+};

diff --git a/bin/tests/system/inline/ns3/sign.sh b/bin/tests/system/inline/ns3/sign.sh
index 58eb9aca794bb6f93630533bab198c285aed6ef0..4fe0e10c08644e35961bd9493e0954d2729d80de 100644 (file)
--- a/bin/tests/system/inline/ns3/sign.sh
+++ b/bin/tests/system/inline/ns3/sign.sh
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: sign.sh,v 1.7 2012/01/10 23:46:58 tbox Exp $
+# $Id: sign.sh,v 1.7.14.1 2012/02/23 07:02:20 marka Exp $
 
 SYSTEMTESTTOP=../..
 . $SYSTEMTESTTOP/conf.sh
@@ -66,3 +66,10 @@ keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
 keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
 $DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
 $SIGNER -PS -s 20100101000000 -e 20110101000000 -O raw -L 2000042407 -o ${zone} ${zone}.db > /dev/null 2>&1
+
+zone=retransfer
+rm -f K${zone}.+*+*.key
+rm -f K${zone}.+*+*.private
+keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
+keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
+$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db

diff --git a/bin/tests/system/inline/setup.sh b/bin/tests/system/inline/setup.sh
index cc55dbcb5b14961f9d4866b4cc30c0a73845f03a..cad840e9d498cd1c1ae32874f5e0b295d9e64b61 100644 (file)
--- a/bin/tests/system/inline/setup.sh
+++ b/bin/tests/system/inline/setup.sh
@@ -12,7 +12,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: setup.sh,v 1.10 2012/01/10 23:46:58 tbox Exp $
+# $Id: setup.sh,v 1.10.14.1 2012/02/23 07:02:19 marka Exp $
 
 sh clean.sh
 
@@ -21,6 +21,7 @@ rm -f ns1/root.db.signed
 
 touch ns2/trusted.conf
 cp ns2/bits.db.in ns2/bits.db
+cp ns2/bits.db.in ns2/retransfer.db
 rm -f ns2/bits.db.jnl
 
 cp ns3/master.db.in ns3/master.db

diff --git a/bin/tests/system/inline/tests.sh b/bin/tests/system/inline/tests.sh
index 5d435ed1ce7cb433d824a28ae297a0817a40dfe9..0ec1c7c87c6a7e1d7c0db5444040a85ead5bc400 100644 (file)
--- a/bin/tests/system/inline/tests.sh
+++ b/bin/tests/system/inline/tests.sh
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: tests.sh,v 1.16.12.1 2012/01/31 01:11:54 each Exp $
+# $Id: tests.sh,v 1.16.12.2 2012/02/23 07:02:19 marka Exp $
 
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
@@ -693,4 +693,53 @@ $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 sync -clean dynamic 2>&1 || re
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`
 
+$NSUPDATE << EOF
+zone retransfer
+server 10.53.0.2 5300
+update add added.retransfer 0 A 1.2.3.4
+send
+
+EOF
+
+n=`expr $n + 1`
+echo "I:checking that the retransfer record is added on the hidden master ($n)"
+ret=0
+$DIG $DIGOPTS @10.53.0.2 -p 5300 added.retransfer A > dig.out.ns2.test$n
+grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1
+grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+n=`expr $n + 1`
+echo "I:checking that the change has not been transfered due to notify ($n)"
+ret=0
+for i in 0 1 2 3 4 5 6 7 8 9
+do
+       ans=0
+       $DIG $DIGOPTS @10.53.0.3 -p 5300 added.retransfer A > dig.out.ns3.test$n
+       grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ans=1
+       [ $ans = 0 ] && break
+       sleep 1
+done
+if [ $ans != 1 ]; then echo "I:failed"; ret=1; fi
+status=`expr $status + $ret`
+n=`expr $n + 1`
+
+echo "I:check rndc retransfer of a inline slave zone works ($n)"
+ret=0
+$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 retransfer retransfer 2>&1 || ret=1
+for i in 0 1 2 3 4 5 6 7 8 9
+do
+       ans=0
+       $DIG $DIGOPTS @10.53.0.3 -p 5300 added.retransfer A > dig.out.ns3.test$n
+       grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ans=1
+       grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ans=1
+       [ $ans = 0 ] && break
+       sleep 1
+done
+[ $ans = 1 ] && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 exit $status

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 327bc7588986aa783a290a040bbcb75bdd4d095b..c73625fc7f47e2e56fc9afa86be7443cdf3e052f 100644 (file)
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zone.c,v 1.667.2.3 2012/02/22 00:35:53 each Exp $ */
+/* $Id: zone.c,v 1.667.2.4 2012/02/23 07:02:20 marka Exp $ */
 
 /*! \file */
 
@@ -12367,6 +12367,14 @@ receive_secure_serial(isc_task_t *task, isc_event_t *event) {
 
        UNUSED(task);
 
+       /*
+        * zone->db may be NULL if the load from disk failed.
+        */
+       if (zone->db == NULL) {
+               result = ISC_R_FAILURE;
+               goto failure;
+       }
+
        /*
         * We first attempt to sync the raw zone to the secure zone
         * by using the raw zone's journal, applying all the deltas
@@ -12517,6 +12525,56 @@ zone_send_secureserial(dns_zone_t *zone, isc_boolean_t locked,
        return (ISC_R_SUCCESS);
 }
 
+static isc_result_t
+checkandaddsoa(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
+              dns_rdataset_t *rdataset, isc_uint32_t oldserial)
+{
+       dns_rdata_soa_t soa;
+       dns_rdata_t rdata = DNS_RDATA_INIT;
+       dns_rdatalist_t temprdatalist;
+       dns_rdataset_t temprdataset;
+       isc_buffer_t b;
+       isc_result_t result;
+       unsigned char buf[DNS_SOA_BUFFERSIZE];
+
+       result = dns_rdataset_first(rdataset);
+       RUNTIME_CHECK(result == ISC_R_SUCCESS);
+       dns_rdataset_current(rdataset, &rdata);
+       dns_rdata_tostruct(&rdata, &soa, NULL);
+       
+       if (isc_serial_gt(soa.serial, oldserial))
+               return (dns_db_addrdataset(db, node, version, 0, rdataset, 0,
+                                          NULL));
+       /*
+        * Always bump the serial.
+        */
+       oldserial++;
+       if (oldserial == 0)
+               oldserial++;
+       soa.serial = oldserial;
+
+       /*
+        * Construct a replacement rdataset.
+        */
+       dns_rdata_reset(&rdata);
+       isc_buffer_init(&b, buf, sizeof(buf));
+       result = dns_rdata_fromstruct(&rdata, rdataset->rdclass,
+                                     dns_rdatatype_soa, &soa, &b);
+       RUNTIME_CHECK(result == ISC_R_SUCCESS);
+       temprdatalist.rdclass = rdata.rdclass;
+       temprdatalist.type = rdata.type;
+       temprdatalist.covers = 0;
+       temprdatalist.ttl = rdataset->ttl;
+       ISC_LIST_INIT(temprdatalist.rdata);
+       ISC_LIST_APPEND(temprdatalist.rdata, &rdata, link);
+
+       dns_rdataset_init(&temprdataset);
+       result = dns_rdatalist_tordataset(&temprdatalist, &temprdataset);
+       RUNTIME_CHECK(result == ISC_R_SUCCESS);
+       return (dns_db_addrdataset(db, node, version, 0, &temprdataset,
+                                  0, NULL));
+}
+
 static void
 receive_secure_db(isc_task_t *task, isc_event_t *event) {
        isc_result_t result;
@@ -12530,6 +12588,8 @@ receive_secure_db(isc_task_t *task, isc_event_t *event) {
        dns_rdataset_t rdataset;
        dns_dbversion_t *version = NULL;
        isc_time_t loadtime;
+       unsigned int oldserial = 0;
+       isc_boolean_t have_oldserial = ISC_FALSE;
 
        UNUSED(task);
 
@@ -12544,6 +12604,11 @@ receive_secure_db(isc_task_t *task, isc_event_t *event) {
        dns_rdataset_init(&rdataset);
 
        TIME_NOW(&loadtime);
+       if (zone->db != NULL) {
+               result = dns_db_getsoaserial(zone->db, NULL, &oldserial);
+               if (result == ISC_R_SUCCESS)
+                       have_oldserial = ISC_TRUE;
+       }
 
        result = dns_db_create(zone->mctx, zone->db_argv[0],
                               &zone->origin, dns_dbtype_zone, zone->rdclass,
@@ -12586,9 +12651,14 @@ receive_secure_db(isc_task_t *task, isc_event_t *event) {
                                dns_rdataset_disassociate(&rdataset);
                                continue;
                        }
-
-                       result = dns_db_addrdataset(db, node, version, 0,
-                                                   &rdataset, 0, NULL);
+                       if (rdataset.type == dns_rdatatype_soa &&
+                           have_oldserial) {
+                               result = checkandaddsoa(db, node, version,
+                                                       &rdataset, oldserial);
+                       } else
+                               result = dns_db_addrdataset(db, node, version,
+                                                           0, &rdataset, 0,
+                                                           NULL);
                        if (result != ISC_R_SUCCESS)
                                goto failure;
 
@@ -12837,9 +12907,7 @@ zone_replacedb(dns_zone_t *zone, dns_db_t *db, isc_boolean_t dump) {
 
        dns_db_closeversion(db, &ver, ISC_FALSE);
 
-       isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
-                     DNS_LOGMODULE_ZONE, ISC_LOG_DEBUG(3),
-                     "replacing zone database");
+       dns_zone_log(zone, ISC_LOG_DEBUG(3), "replacing zone database");
 
        if (zone->db != NULL)
                zone_detachdb(zone);