2011. [func] dnssec-signzone can now update the SOA record of

author David Hankins <dhankins@isc.org>

Thu, 13 Apr 2006 18:09:46 +0000 (18:09 +0000)

committer David Hankins <dhankins@isc.org>

Thu, 13 Apr 2006 18:09:46 +0000 (18:09 +0000)
author David Hankins <dhankins@isc.org>
Thu, 13 Apr 2006 18:09:46 +0000 (18:09 +0000)
committer David Hankins <dhankins@isc.org>
Thu, 13 Apr 2006 18:09:46 +0000 (18:09 +0000)
diff --git a/CHANGES b/CHANGES

index bcc664804bd68ba4bdf406cf9cb1ead027a7dca9..eb0e313221fe691eda61faf46a5c8db6efdf8df4 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2011.  [func]          dnssec-signzone can now update the SOA record of
+                       the signed zone, either as an increment or as the
+                       system time(). [RT #15633]
  
         --- 9.4.0a4 released ---
  
diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c

index 896c593983919ec03bae0c5ffe8bb04faccc6252..bb4010c55b60b0b86bf75eaf98cad37c41fd42c3 100644 (file)
--- a/bin/dnssec/dnssec-signzone.c
+++ b/bin/dnssec/dnssec-signzone.c
@@ -16,7 +16,7 @@
   * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
   */
  
-/* $Id: dnssec-signzone.c,v 1.177.18.19 2006/02/21 23:53:34 marka Exp $ */
+/* $Id: dnssec-signzone.c,v 1.177.18.20 2006/04/13 18:09:46 dhankins Exp $ */
  
  /*! \file */
  
@@ -61,6 +61,7 @@
  #include <dns/rdatastruct.h>
  #include <dns/rdatatype.h>
  #include <dns/result.h>
+#include <dns/soa.h>
  #include <dns/time.h>
  
  #include <dst/dst.h>
@@ -88,6 +89,10 @@ struct signer_key_struct {
  #define SIGNER_EVENT_WRITE     (SIGNER_EVENTCLASS + 0)
  #define SIGNER_EVENT_WORK      (SIGNER_EVENTCLASS + 1)
  
+#define SOA_SERIAL_KEEP                0
+#define SOA_SERIAL_INCREMENT   1
+#define SOA_SERIAL_UNIXTIME    2
+
  typedef struct signer_event sevent_t;
  struct signer_event {
         ISC_EVENT_COMMON(sevent_t);
@@ -131,6 +136,7 @@ static isc_boolean_t ignoreksk = ISC_FALSE;
  static dns_name_t *dlv = NULL;
  static dns_fixedname_t dlv_fixed;
  static dns_master_style_t *dsstyle = NULL;
+static unsigned int serialformat = SOA_SERIAL_KEEP;
  
  #define INCSTAT(counter)               \
         if (printstats) {               \
@@ -1042,6 +1048,81 @@ soattl(void) {
         return (ttl);
  }
  
+/*%
+ * Increment (or set if nonzero) the SOA serial
+ */
+static isc_result_t
+setsoaserial(isc_uint32_t serial) {
+       isc_result_t result;
+       dns_dbnode_t *node = NULL;
+       dns_rdataset_t rdataset;
+       dns_rdata_t rdata = DNS_RDATA_INIT;
+       isc_uint32_t old_serial, new_serial;
+
+       result = dns_db_getoriginnode(gdb, &node);
+       if (result != ISC_R_SUCCESS)
+               return result;
+
+       dns_rdataset_init(&rdataset);
+
+       result = dns_db_findrdataset(gdb, node, gversion,
+                                    dns_rdatatype_soa, 0,
+                                    0, &rdataset, NULL);
+       if (result != ISC_R_SUCCESS)
+               goto cleanup;
+
+       result = dns_rdataset_first(&rdataset);
+       RUNTIME_CHECK(result == ISC_R_SUCCESS);
+
+       dns_rdataset_current(&rdataset, &rdata);
+
+       old_serial = dns_soa_getserial(&rdata);
+
+       if (serial) {
+               /* Set SOA serial to the value provided. */
+               new_serial = serial;
+       } else {
+               /* Increment SOA serial using RFC 1982 arithmetics */
+               new_serial = (old_serial + 1) & 0xFFFFFFFF;
+               if (new_serial == 0)
+                       new_serial = 1;
+       }
+
+       /* If the new serial is not likely to cause a zone transfer
+        * (a/ixfr) from servers having the old serial, warn the user.
+        *
+        * RFC1982 section 7 defines the maximum increment to be
+        * (2^(32-1))-1.  Using u_int32_t arithmetic, we can do a single
+        * comparison.  (5 - 6 == (2^32)-1, not negative-one)
+        */
+       if (new_serial == old_serial ||
+           (new_serial - old_serial) > 0x7fffffffU)
+               fprintf(stderr, "%s: warning: Serial number not advanced, "
+                       "zone may not transfer\n", program);
+
+       dns_soa_setserial(new_serial, &rdata);
+
+       result = dns_db_deleterdataset(gdb, node, gversion,
+                                      dns_rdatatype_soa, 0);
+       check_result(result, "dns_db_deleterdataset");
+       if (result != ISC_R_SUCCESS)
+               goto cleanup;
+
+       result = dns_db_addrdataset(gdb, node, gversion,
+                                   0, &rdataset, 0, NULL);
+       check_result(result, "dns_db_addrdataset");
+       if (result != ISC_R_SUCCESS)
+               goto cleanup;
+
+cleanup:
+       dns_rdataset_disassociate(&rdataset);
+       if (node != NULL)
+               dns_db_detachnode(gdb, &node);
+       dns_rdata_reset(&rdata);
+
+       return (result);
+}
+
  /*%
   * Delete any RRSIG records at a node.
   */
@@ -1690,6 +1771,8 @@ usage(void) {
         fprintf(stderr, "\t\tfile format of input zonefile (text)\n");
         fprintf(stderr, "\t-O format:\n");
         fprintf(stderr, "\t\tfile format of signed zone file (text)\n");
+       fprintf(stderr, "\t-N format:\n");
+       fprintf(stderr, "\t\tsoa serial format of signed zone file (keep)\n");
         fprintf(stderr, "\t-r randomdev:\n");
         fprintf(stderr, "\t\ta file containing random data\n");
         fprintf(stderr, "\t-a:\t");
@@ -1749,6 +1832,7 @@ main(int argc, char *argv[]) {
         char *startstr = NULL, *endstr = NULL, *classname = NULL;
         char *origin = NULL, *file = NULL, *output = NULL;
         char *inputformatstr = NULL, *outputformatstr = NULL;
+       char *serialformatstr = NULL;
         char *dskeyfile[MAXDSKEYS];
         int ndskeys = 0;
         char *endp;
@@ -1776,7 +1860,7 @@ main(int argc, char *argv[]) {
         dns_result_register();
  
         while ((ch = isc_commandline_parse(argc, argv,
-                                          "ac:d:e:f:ghi:I:j:k:l:n:o:O:pr:s:Stv:z"))
+                                          "ac:d:e:f:ghi:I:j:k:l:n:N:o:O:pr:s:Stv:z"))
                != -1) {
                 switch (ch) {
                 case 'a':
@@ -1853,6 +1937,10 @@ main(int argc, char *argv[]) {
                                 fatal("number of cpus must be numeric");
                         break;
  
+               case 'N':
+                       serialformatstr = isc_commandline_argument;
+                       break;
+
                 case 'o':
                         origin = isc_commandline_argument;
                         break;
@@ -1974,6 +2062,18 @@ main(int argc, char *argv[]) {
                         fatal("unknown file format: %s\n", outputformatstr);
         }
  
+       if (serialformatstr != NULL) {
+               if (strcasecmp(serialformatstr, "keep") == 0)
+                       serialformat = SOA_SERIAL_KEEP;
+               else if (strcasecmp(serialformatstr, "increment") == 0 ||
+                        strcasecmp(serialformatstr, "incr") == 0)
+                       serialformat = SOA_SERIAL_INCREMENT;
+               else if (strcasecmp(serialformatstr, "unixtime") == 0)
+                       serialformat = SOA_SERIAL_UNIXTIME;
+               else
+                       fatal("unknown soa serial format: %s\n", serialformatstr);
+       }
+
         result = dns_master_stylecreate(&dsstyle,  DNS_STYLEFLAG_NO_TTL,
                                         0, 24, 0, 0, 0, 8, mctx);
         check_result(result, "dns_master_stylecreate");
@@ -2078,6 +2178,19 @@ main(int argc, char *argv[]) {
         result = dns_db_newversion(gdb, &gversion);
         check_result(result, "dns_db_newversion()");
  
+       switch (serialformat) {
+               case SOA_SERIAL_INCREMENT:
+                       setsoaserial(0);
+                       break;
+               case SOA_SERIAL_UNIXTIME:
+                       setsoaserial(now);
+                       break;
+               case SOA_SERIAL_KEEP:
+               default:
+                       /* do nothing */
+                       break;
+       }
+
         nsecify();
  
         if (!nokeys) {
diff --git a/bin/dnssec/dnssec-signzone.docbook b/bin/dnssec/dnssec-signzone.docbook

index b58e0d5557ccdaa8bbcb5379fc349df2674bd997..bcddaebfd484c6c7bf12610248c4a47a801a5d08 100644 (file)
--- a/bin/dnssec/dnssec-signzone.docbook
+++ b/bin/dnssec/dnssec-signzone.docbook
@@ -18,7 +18,7 @@
   - PERFORMANCE OF THIS SOFTWARE.
  -->
  
-<!-- $Id: dnssec-signzone.docbook,v 1.10.18.10 2005/07/19 05:55:43 marka Exp $ -->
+<!-- $Id: dnssec-signzone.docbook,v 1.10.18.11 2006/04/13 18:09:46 dhankins Exp $ -->
  <refentry id="man.dnssec-signzone">
    <refentryinfo>
      <date>June 30, 2000</date>
@@ -26,7 +26,7 @@
  
    <refmeta>
      <refentrytitle><application>dnssec-signzone</application></refentrytitle>
-    <manvolnum>8</manvolnum>
+   <manvolnum>8</manvolnum>
      <refmiscinfo>BIND9</refmiscinfo>
    </refmeta>
  
@@ -65,7 +65,7 @@
        <arg><option>-i <replaceable class="parameter">interval</replaceable></option></arg>
        <arg><option>-I <replaceable class="parameter">input-format</replaceable></option></arg>
        <arg><option>-j <replaceable class="parameter">jitter</replaceable></option></arg>
-      <arg><option>-n <replaceable class="parameter">nthreads</replaceable></option></arg>
+      <arg><option>-N <replaceable class="parameter">soa-serial-format</replaceable></option></arg>
        <arg><option>-o <replaceable class="parameter">origin</replaceable></option></arg>
        <arg><option>-O <replaceable class="parameter">output-format</replaceable></option></arg>
        <arg><option>-p</option></arg>
@@ -281,6 +281,44 @@
          </listitem>
        </varlistentry>
  
+      <varlistentry>
+        <term>-N <replaceable class="parameter">soa-serial-format</replaceable></term>
+        <listitem>
+          <para>
+            The SOA serial number format of the signed zone.
+           Possible formats are <command>"keep"</command> (default),
+            <command>"increment"</commmand> and
+           <command>"unixtime"</command>.
+          </para>
+
+          <variablelist>
+           <varlistentry>
+             <term><command>"keep"</command></term>
+              <listitem>
+                <para>Do not modify the SOA serial number.</para>
+             </listitem>
+            </varlistentry>
+
+           <varlistentry>
+             <term><command>"increment"</command></term>
+              <listitem>
+                <para>Increment the SOA serial number using RFC 1982
+                      arithmetics.</para>
+             </listitem>
+            </varlistentry>
+
+           <varlistentry>
+             <term><command>"unixtime"</command></term>
+              <listitem>
+                <para>Set the SOA serial number to the number of seconds
+               since epoch.</para>
+             </listitem>
+            </varlistentry>
+        </variablelist>
+
+        </listitem>
+      </varlistentry>
+
        <varlistentry>
          <term>-o <replaceable class="parameter">origin</replaceable></term>
          <listitem>
author	David Hankins <dhankins@isc.org>
	Thu, 13 Apr 2006 18:09:46 +0000 (18:09 +0000)
committer	David Hankins <dhankins@isc.org>
	Thu, 13 Apr 2006 18:09:46 +0000 (18:09 +0000)
CHANGES		patch \| blob \| blame \| history
bin/dnssec/dnssec-signzone.c		patch \| blob \| blame \| history
bin/dnssec/dnssec-signzone.docbook		patch \| blob \| blame \| history