3130. [func] Support alternate methods for managing a dynamic

zone's serial number.  Two methods are currently
                        defined using serial-update-method, "increment"
                        (default) and "unixtime".  [RT #23849]

CHANGES

@@ -1,3 +1,8 @@
+3130.	[func]		Support alternate methods for managing a dynamic
+			zone's serial number.  Two methods are currently
+			defined using serial-update-method, "increment"
+			(default) and "unixtime".  [RT #23849]
+
 3129.	[bug]		Named could crash on 'rndc reconfig' when
 			allow-new-zones was set to yes and named ACLs
 			were used. [RT #22739]

bin/named/config.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: config.c,v 1.118 2011/05/23 20:10:01 each Exp $ */
+/* $Id: config.c,v 1.119 2011/07/01 02:25:47 marka Exp $ */
 
 /*! \file */
 
@@ -209,6 +209,7 @@ options {\n\
 	check-srv-cname warn;\n\
 	zero-no-soa-ttl yes;\n\
 	update-check-ksk yes;\n\
+	serial-update-method increment;\n\
 	dnssec-update-mode maintain;\n\
 	dnssec-dnskey-kskonly no;\n\
 	dnssec-loadkeys-interval 60;\n\

bin/named/update.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: update.c,v 1.194 2011/06/10 23:47:31 tbox Exp $ */
+/* $Id: update.c,v 1.195 2011/07/01 02:25:47 marka Exp $ */
 
 #include <config.h>
 
@@ -47,6 +47,7 @@
 #include <dns/soa.h>
 #include <dns/ssu.h>
 #include <dns/tsig.h>
+#include <dns/update.h>
 #include <dns/view.h>
 #include <dns/zone.h>
 #include <dns/zt.h>
@@ -1425,8 +1426,8 @@ get_current_rr(dns_message_t *msg, dns_section_t section,
 	 */
 
 static isc_result_t
-increment_soa_serial(dns_db_t *db, dns_dbversion_t *ver,
-		     dns_diff_t *diff, isc_mem_t *mctx)
+update_soa_serial(dns_db_t *db, dns_dbversion_t *ver, dns_diff_t *diff,
+		  isc_mem_t *mctx, dns_updatemethod_t method)
 {
 	dns_difftuple_t *deltuple = NULL;
 	dns_difftuple_t *addtuple = NULL;
@@ -1438,12 +1439,7 @@ increment_soa_serial(dns_db_t *db, dns_dbversion_t *ver,
 	addtuple->op = DNS_DIFFOP_ADD;
 
 	serial = dns_soa_getserial(&addtuple->rdata);
-
-	/* RFC1982 */
-	serial = (serial + 1) & 0xFFFFFFFF;
-	if (serial == 0)
-		serial = 1;
-
+	serial = dns_update_soaserial(serial, method);
 	dns_soa_setserial(serial, &addtuple->rdata);
 	CHECK(do_one_tuple(&deltuple, db, ver, diff));
 	CHECK(do_one_tuple(&addtuple, db, ver, diff));
@@ -4187,7 +4183,8 @@ update_action(isc_task_t *task, isc_event_t *event) {
 		 * changed as a result of an update operation.
 		 */
 		if (! soa_serial_changed) {
-			CHECK(increment_soa_serial(db, ver, &diff, mctx));
+			CHECK(update_soa_serial(db, ver, &diff, mctx,
+				       dns_zone_getserialupdatemethod(zone)));
 		}
 
 		CHECK(check_mx(client, zone, db, ver, &diff));

bin/named/zoneconf.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zoneconf.c,v 1.177 2011/05/23 20:10:01 each Exp $ */
+/* $Id: zoneconf.c,v 1.178 2011/07/01 02:25:47 marka Exp $ */
 
 /*% */
 
@@ -1357,6 +1357,16 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
 			else
 				INSIST(0);
 		}
+
+		obj = NULL;
+		result = ns_config_get(maps, "serial-update-method", &obj);
+		INSIST(result == ISC_R_SUCCESS && obj != NULL);
+		if (strcasecmp(cfg_obj_asstring(obj), "unixtime") == 0)
+			dns_zone_setserialupdatemethod(zone,
+						    dns_updatemethod_unixtime);
+		else
+			dns_zone_setserialupdatemethod(zone,
+						  dns_updatemethod_increment);
 	}
 
 	/*

bin/tests/system/nsupdate/clean.sh

@@ -15,14 +15,14 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: clean.sh,v 1.24 2011/05/23 22:25:32 each Exp $
+# $Id: clean.sh,v 1.25 2011/07/01 02:25:47 marka Exp $
 
 #
 # Clean up after zone transfer tests.
 #
 
-rm -f dig.out.ns1 dig.out.ns2 dig.out.ns1.after ns1/*.jnl ns2/*.jnl \
-    ns1/example.db ns1/update.db ns1/other.db ns1/ddns.key
+rm -f ns1/*.jnl ns2/*.jnl
+rm -f ns1/example.db ns1/unixtime.db ns1/update.db ns1/other.db ns1/ddns.key
 rm -f nsupdate.out
 rm -f random.data
 rm -f ns2/example.bk
@@ -33,6 +33,6 @@ rm -f ns3/example.db.jnl ns3/example.db
 rm -f ns3/nsec3param.test.db.signed.jnl ns3/nsec3param.test.db ns3/nsec3param.test.db.signed ns3/dsset-nsec3param.test.
 rm -f ns3/dnskey.test.db.signed.jnl ns3/dnskey.test.db ns3/dnskey.test.db.signed ns3/dsset-dnskey.test.
 rm -f ns3/K*
-rm -f dig.out.ns3.*
+rm -f dig.out.*
 rm -f jp.out.ns3.*
 rm -f Kxxx.*

bin/tests/system/nsupdate/ns1/named.conf

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named.conf,v 1.21 2011/05/06 23:47:29 tbox Exp $ */
+/* $Id: named.conf,v 1.22 2011/07/01 02:25:47 marka Exp $ */
 
 controls { /* empty */ };
 
@@ -80,3 +80,13 @@ zone "update.nil" {
 	allow-transfer { any; };
 	also-notify { othermasters; };
 };
+
+zone "unixtime.nil" {
+	type master;
+	file "unixtime.db";
+	check-integrity no;
+	allow-update { any; };
+	allow-transfer { any; };
+	serial-update-method unixtime;
+};
+

bin/tests/system/nsupdate/setup.sh

@@ -15,7 +15,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: setup.sh,v 1.18 2011/05/06 23:47:29 tbox Exp $
+# $Id: setup.sh,v 1.19 2011/07/01 02:25:47 marka Exp $
 
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
@@ -30,6 +30,7 @@ rm -f ns3/example.db.jnl
 
 cp -f ns1/example1.db ns1/example.db
 sed 's/example.nil/other.nil/g' ns1/example1.db > ns1/other.db
+sed 's/example.nil/unixtime.nil/g' ns1/example1.db > ns1/unixtime.db
 cp -f ns3/example.db.in ns3/example.db
 
 # update_test.pl has its own zone file because it

bin/tests/system/nsupdate/tests.sh

@@ -15,7 +15,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: tests.sh,v 1.40 2011/06/21 22:15:05 each Exp $
+# $Id: tests.sh,v 1.41 2011/07/01 02:25:47 marka Exp $
 
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
@@ -217,6 +217,27 @@ then
         status=1
 fi
 
+n=`expr $n + 1`
+echo "I:check that unixtime serial number is correctly generated ($n)"
+oldserial=`$DIG +short unixtime.nil. soa @10.53.0.1 -p 5300 | awk '{print $3}'` || ret=1
+$NSUPDATE <<END > /dev/null 2>&1 || ret=1
+    server 10.53.0.1 5300
+    ttl 600
+    update add new.unixtime.nil in a 1.2.3.4
+    send
+END
+now=`$PERL -e 'print time()."\n";'`
+sleep 1
+serial=`$DIG +short unixtime.nil. soa @10.53.0.1 -p 5300 | awk '{print $3}'` || ret=1
+[ "$oldserial" -ne "$serial" ] || ret=1
+# allow up to 2 seconds difference between the serial
+# number and the unix epoch date but no more
+$PERL -e 'exit 1 if abs($ARGV[1] - $ARGV[0]) > 2;' $now $serial || ret=1
+if [ $ret -ne 0 ]; then
+    echo "I:failed"
+    status=1
+fi
+
 if $PERL -e 'use Net::DNS;' 2>/dev/null
 then
     echo "I:running update.pl test"

doc/arm/Bv9ARM-book.xml

@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- File: $Id: Bv9ARM-book.xml,v 1.496 2011/06/21 05:33:21 marka Exp $ -->
+<!-- File: $Id: Bv9ARM-book.xml,v 1.497 2011/07/01 02:25:47 marka Exp $ -->
 <book xmlns:xi="http://www.w3.org/2001/XInclude">
   <title>BIND 9 Administrator Reference Manual</title>
 
@@ -10099,6 +10099,7 @@ view "external" {
     <optional> key-directory <replaceable>path_name</replaceable>; </optional>
     <optional> auto-dnssec <constant>allow</constant>|<constant>maintain</constant>|<constant>off</constant>; </optional>
     <optional> zero-no-soa-ttl <replaceable>yes_or_no</replaceable> ; </optional>
+    <optional> serial-update-method <constant>increment</constant>|<constant>unixtime</constant>; </optional>
 };
 
 zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replaceable></optional> {
@@ -11234,6 +11235,31 @@ example.com. NS ns2.example.net.
                 </listitem>
               </varlistentry>
 
+              <varlistentry>
+                <term><command>serial-update-method</command></term>
+                <listitem>
+                  <para>
+                    Zones configured for dynamic DNS may use this
+                    option to set the update method that will be used for
+                    the zone serial number in the SOA record.
+                  </para>
+                  <para>
+                    With the default setting of
+                    <command>serial-update-method increment;</command>, the
+                    SOA serial number will be incremented by one each time
+                    the zone is updated.
+                  </para>
+                  <para>
+                    When set to 
+                    <command>serial-update-method unixtime;</command>, the
+                    SOA serial number will be set to the number of seconds
+                    since the UNIX epoch, unless the serial number is
+                    already greater than or equal to that value, in which
+                    case it is simply incremented by one.
+                  </para>
+                </listitem>
+              </varlistentry>
+
               <varlistentry>
                 <term><command>multi-master</command></term>
                 <listitem>

lib/dns/Makefile.in

@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.178 2011/03/10 04:36:16 each Exp $
+# $Id: Makefile.in,v 1.179 2011/07/01 02:25:47 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -69,7 +69,7 @@ DNSOBJS =	acache.@O@ acl.@O@ adb.@O@ byaddr.@O@ \
 		rriterator.@O@ sdb.@O@ \
 		sdlz.@O@ soa.@O@ ssu.@O@ ssu_external.@O@ \
 		stats.@O@ tcpmsg.@O@ time.@O@ timer.@O@ tkey.@O@ \
-		tsec.@O@ tsig.@O@ ttl.@O@ validator.@O@ \
+		tsec.@O@ tsig.@O@ ttl.@O@ update.@O@ validator.@O@ \
 		version.@O@ view.@O@ xfrin.@O@ zone.@O@ zonekey.@O@ zt.@O@
 
 OBJS=		${DNSOBJS} ${OTHEROBJS} ${DSTOBJS}
@@ -95,7 +95,7 @@ DNSSRCS =	acache.c acl.c adb.c byaddr.c \
 		resolver.c result.c rootns.c rpz.c rriterator.c \
 		sdb.c sdlz.c soa.c ssu.c ssu_external.c \
 		stats.c tcpmsg.c time.c timer.c tkey.c \
-		tsec.c tsig.c ttl.c validator.c \
+		tsec.c tsig.c ttl.c update.c validator.c \
 		version.c view.c xfrin.c zone.c zonekey.c zt.c ${OTHERSRCS}
 
 SRCS = ${DSTSRCS} ${DNSSRCS}

lib/dns/include/dns/types.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: types.h,v 1.143 2010/12/08 02:46:16 marka Exp $ */
+/* $Id: types.h,v 1.144 2011/07/01 02:25:48 marka Exp $ */
 
 #ifndef DNS_TYPES_H
 #define DNS_TYPES_H 1
@@ -332,6 +332,20 @@ typedef enum {
 	dns_severity_fail
 } dns_severity_t;
 
+/*%
+ * DNS Serial Number Update Method.
+ *
+ * \li	_increment:	Add one to the current serial, skipping 0.
+ * \li	_unixtime:	Set to the seconds since 00:00 Jan 1, 1970,
+ *			if possible.
+ * \li	_yyyymmvv:	Set to Year, Month, Version, if possible.
+ *			(Not yet implemented)
+ */
+typedef enum {
+	dns_updatemethod_increment = 0,
+	dns_updatemethod_unixtime
+} dns_updatemethod_t;
+
 /*
  * Functions.
  */

lib/dns/include/dns/update.h

@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2011  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: update.h,v 1.2 2011/07/01 02:25:48 marka Exp $ */
+
+#ifndef DNS_UPDATE_H
+#define DNS_UPDATE_H 1
+
+/*! \file dns/update.h */
+
+/***
+ ***	Imports
+ ***/
+
+#include <isc/lang.h>
+
+#include <dns/types.h>
+
+ISC_LANG_BEGINDECLS
+
+/***
+ ***	Functions
+ ***/
+
+isc_uint32_t
+dns_update_soaserial(isc_uint32_t serial, dns_updatemethod_t method);
+/*%<
+ * Return the next serial number after 'serial', depending on the
+ * update method 'method':
+ *
+ *\li	* dns_updatemethod_increment increments the serial number by one
+ *\li	* dns_updatemethod_unixtime sets the serial number to the current
+ *	  time (seconds since UNIX epoch) if possible, or increments by one
+ *	  if not.
+ */
+
+ISC_LANG_ENDDECLS
+
+#endif /* DNS_UPDATE_H */

lib/dns/include/dns/zone.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zone.h,v 1.189 2011/05/23 20:10:03 each Exp $ */
+/* $Id: zone.h,v 1.190 2011/07/01 02:25:48 marka Exp $ */
 
 #ifndef DNS_ZONE_H
 #define DNS_ZONE_H 1
@@ -1890,6 +1890,26 @@ dns_zone_setrefreshkeyinterval(dns_zone_t *zone, isc_uint32_t interval);
  * \li	'zone' to be valid.
  */
 
+void
+dns_zone_setserialupdatemethod(dns_zone_t *zone, dns_updatemethod_t method);
+/*%
+ * Sets the update method to use when incrementing the zone serial number
+ * due to a DDNS update.  Valid options are dns_updatemethod_increment
+ * and dns_updatemethod_unixtime.
+ *
+ * Requires:
+ * \li	'zone' to be valid.
+ */
+
+dns_updatemethod_t
+dns_zone_getserialupdatemethod(dns_zone_t *zone);
+/*%
+ * Returns the update method to be used when incrementing the zone serial
+ * number due to a DDNS update.
+ *
+ * Requires:
+ * \li	'zone' to be valid.
+ */
 ISC_LANG_ENDDECLS
 
 #endif /* DNS_ZONE_H */

lib/dns/tests/Makefile.in

@@ -12,7 +12,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.3 2011/03/09 07:22:31 marka Exp $
+# $Id: Makefile.in,v 1.4 2011/07/01 02:25:48 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -37,10 +37,10 @@ DNSDEPLIBS =	../libdns.@A@
 LIBS =		@LIBS@ @ATFLIBS@
 
 OBJS =		dnstest.@O@
-SRCS =		dnstest.c master_test.c time_test.c
+SRCS =		dnstest.c master_test.c time_test.c update_test.c
 
 SUBDIRS =
-TARGETS =	master_test@EXEEXT@ time_test@EXEEXT@
+TARGETS =	master_test@EXEEXT@ time_test@EXEEXT@ update_test@EXEEXT@
 
 @BIND9_MAKE_RULES@
 
@@ -53,5 +53,11 @@ time_test@EXEEXT@: time_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
 	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
 			time_test.@O@ dnstest.@O@ ${DNSLIBS} \
 				${ISCLIBS} ${LIBS}
+
+update_test@EXEEXT@: update_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+			update_test.@O@ dnstest.@O@ ${DNSLIBS} \
+				${ISCLIBS} ${LIBS}
+
 clean distclean::
 	rm -f ${TARGETS}

lib/dns/update.c

@@ -0,0 +1,28 @@
+/*
+ * Copyright
+ */
+
+#include "config.h"
+
+#include <isc/stdtime.h>
+#include <isc/serial.h>
+
+#include <dns/update.h>
+
+isc_uint32_t
+dns_update_soaserial(isc_uint32_t serial, dns_updatemethod_t method) {
+	isc_stdtime_t now;
+
+        if (method == dns_updatemethod_unixtime) {
+		isc_stdtime_get(&now);
+	        if (now != 0 && isc_serial_gt(now, serial))
+                	return (now);
+	}
+
+	/* RFC1982 */
+	serial = (serial + 1) & 0xFFFFFFFF;
+	if (serial == 0)
+		serial = 1;
+
+	return (serial);
+}

lib/dns/win32/libdns.def

@@ -185,6 +185,7 @@ dns_dispatchmgr_setavailports
 dns_dispatchmgr_setblackhole
 dns_dispatchmgr_setblackportlist
 dns_dispatchmgr_setstats
+dns_dlz_writeablezone
 dns_dlzallowzonexfr
 dns_dlzconfigure
 dns_dlzcreate
@@ -193,7 +194,6 @@ dns_dlzfindzone
 dns_dlzregister
 dns_dlzstrtoargv
 dns_dlzunregister
-dns_dlz_writeablezone
 dns_dns64_aaaafroma
 dns_dns64_aaaaok
 dns_dns64_append
@@ -208,8 +208,8 @@ dns_dnssec_keyfromrdata
 dns_dnssec_keylistfromrdataset
 dns_dnssec_selfsigns
 dns_dnssec_sign
-dns_dnssec_signs
 dns_dnssec_signmessage
+dns_dnssec_signs
 dns_dnssec_updatekeys
 dns_dnssec_verify
 dns_dnssec_verify2
@@ -697,6 +697,7 @@ dns_tsigrcode_fromtext
 dns_tsigrcode_totext
 dns_ttl_fromtext
 dns_ttl_totext
+dns_update_soaserial
 dns_validator_cancel
 dns_validator_create
 dns_validator_destroy
@@ -800,6 +801,7 @@ dns_zone_getqueryacl
 dns_zone_getrequeststats
 dns_zone_getserial
 dns_zone_getserial2
+dns_zone_getserialupdatemethod
 dns_zone_getsigresigninginterval
 dns_zone_getsigvalidityinterval
 dns_zone_getssutable
@@ -875,6 +877,7 @@ dns_zone_setprivatetype
 dns_zone_setqueryacl
 dns_zone_setqueryonacl
 dns_zone_setrequeststats
+dns_zone_setserialupdatemethod
 dns_zone_setsignatures
 dns_zone_setsigresigninginterval
 dns_zone_setsigvalidityinterval

lib/dns/win32/libdns.dsp

@@ -402,6 +402,10 @@ SOURCE=..\include\dns\types.h
 # End Source File
 # Begin Source File
 
+SOURCE=..\include\dns\update.h
+# End Source File
+# Begin Source File
+
 SOURCE=..\include\dns\validator.h
 # End Source File
 # Begin Source File
@@ -690,6 +694,10 @@ SOURCE=..\ttl.c
 # End Source File
 # Begin Source File
 
+SOURCE=..\update.c
+# End Source File
+# Begin Source File
+
 SOURCE=..\validator.c
 # End Source File
 # Begin Source File

lib/dns/win32/libdns.mak

@@ -195,6 +195,7 @@ CLEAN :
 	-@erase "$(INTDIR)\tkey.obj"
 	-@erase "$(INTDIR)\tsig.obj"
 	-@erase "$(INTDIR)\ttl.obj"
+	-@erase "$(INTDIR)\update.obj"
 	-@erase "$(INTDIR)\validator.obj"
 	-@erase "$(INTDIR)\vc60.idb"
 	-@erase "$(INTDIR)\version.obj"
@@ -319,6 +320,7 @@ LINK32_OBJS= \
 	"$(INTDIR)\tkey.obj" \
 	"$(INTDIR)\tsig.obj" \
 	"$(INTDIR)\ttl.obj" \
+	"$(INTDIR)\update.obj" \
 	"$(INTDIR)\validator.obj" \
 	"$(INTDIR)\version.obj" \
 	"$(INTDIR)\view.obj" \
@@ -525,6 +527,8 @@ CLEAN :
 	-@erase "$(INTDIR)\tsig.sbr"
 	-@erase "$(INTDIR)\ttl.obj"
 	-@erase "$(INTDIR)\ttl.sbr"
+	-@erase "$(INTDIR)\update.obj"
+	-@erase "$(INTDIR)\update.sbr"
 	-@erase "$(INTDIR)\validator.obj"
 	-@erase "$(INTDIR)\validator.sbr"
 	-@erase "$(INTDIR)\vc60.idb"
@@ -655,6 +659,7 @@ BSC32_SBRS= \
 	"$(INTDIR)\tkey.sbr" \
 	"$(INTDIR)\tsig.sbr" \
 	"$(INTDIR)\ttl.sbr" \
+	"$(INTDIR)\update.sbr" \
 	"$(INTDIR)\validator.sbr" \
 	"$(INTDIR)\version.sbr" \
 	"$(INTDIR)\view.sbr" \
@@ -750,6 +755,7 @@ LINK32_OBJS= \
 	"$(INTDIR)\tkey.obj" \
 	"$(INTDIR)\tsig.obj" \
 	"$(INTDIR)\ttl.obj" \
+	"$(INTDIR)\update.obj" \
 	"$(INTDIR)\validator.obj" \
 	"$(INTDIR)\version.obj" \
 	"$(INTDIR)\view.obj" \
@@ -1928,6 +1934,24 @@ SOURCE=..\ttl.c
 	$(CPP) $(CPP_PROJ) $(SOURCE)
 
 
+!ENDIF 
+
+SOURCE=..\update.c
+
+!IF  "$(CFG)" == "libdns - Win32 Release"
+
+
+"$(INTDIR)\update.obj" : $(SOURCE) "$(INTDIR)"
+	$(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF  "$(CFG)" == "libdns - Win32 Debug"
+
+
+"$(INTDIR)\update.obj"	"$(INTDIR)\update.sbr" : $(SOURCE) "$(INTDIR)"
+	$(CPP) $(CPP_PROJ) $(SOURCE)
+
+
 !ENDIF 
 
 SOURCE=..\validator.c

lib/dns/zone.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zone.c,v 1.615 2011/06/10 23:47:32 tbox Exp $ */
+/* $Id: zone.c,v 1.616 2011/07/01 02:25:48 marka Exp $ */
 
 /*! \file */
 
@@ -76,6 +76,7 @@
 #include <dns/ssu.h>
 #include <dns/stats.h>
 #include <dns/tsig.h>
+#include <dns/update.h>
 #include <dns/xfrin.h>
 #include <dns/zone.h>
 
@@ -339,6 +340,11 @@ struct dns_zone {
 	 * whether a rpz radix was needed when last loaded
 	 */
 	isc_boolean_t           rpz_zone;
+
+	/*%
+	 * Serial number update method.
+	 */
+	dns_updatemethod_t	updatemethod;
 };
 
 #define DNS_ZONE_FLAG(z,f) (ISC_TF(((z)->flags & (f)) != 0))
@@ -3069,8 +3075,8 @@ update_one_rr(dns_db_t *db, dns_dbversion_t *ver, dns_diff_t *diff,
 }
 
 static isc_result_t
-increment_soa_serial(dns_db_t *db, dns_dbversion_t *ver,
-		     dns_diff_t *diff, isc_mem_t *mctx) {
+update_soa_serial(dns_db_t *db, dns_dbversion_t *ver, dns_diff_t *diff,
+		  isc_mem_t *mctx, dns_updatemethod_t method) {
 	dns_difftuple_t *deltuple = NULL;
 	dns_difftuple_t *addtuple = NULL;
 	isc_uint32_t serial;
@@ -3081,12 +3087,7 @@ increment_soa_serial(dns_db_t *db, dns_dbversion_t *ver,
 	addtuple->op = DNS_DIFFOP_ADD;
 
 	serial = dns_soa_getserial(&addtuple->rdata);
-
-	/* RFC1982 */
-	serial = (serial + 1) & 0xFFFFFFFF;
-	if (serial == 0)
-		serial = 1;
-
+	serial = dns_update_soaserial(serial, method);
 	dns_soa_setserial(serial, &addtuple->rdata);
 	CHECK(do_one_tuple(&deltuple, db, ver, diff));
 	CHECK(do_one_tuple(&addtuple, db, ver, diff));
@@ -3311,7 +3312,8 @@ sync_keyzone(dns_zone_t *zone, dns_db_t *db) {
 
 	if (changed) {
 		/* Write changes to journal file. */
-		CHECK(increment_soa_serial(db, ver, &diff, zone->mctx));
+		CHECK(update_soa_serial(db, ver, &diff, zone->mctx,
+					zone->updatemethod));
 		CHECK(zone_journal(zone, &diff, "sync_keyzone"));
 
 		DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_LOADED);
@@ -5133,10 +5135,11 @@ zone_resigninc(dns_zone_t *zone) {
 		goto failure;
 	}
 
-	result = increment_soa_serial(db, version, &sig_diff, zone->mctx);
+	result = update_soa_serial(db, version, &sig_diff, zone->mctx,
+				   zone->updatemethod);
 	if (result != ISC_R_SUCCESS) {
 		dns_zone_log(zone, ISC_LOG_ERROR,
-			     "zone_resigninc:increment_soa_serial -> %s\n",
+			     "zone_resigninc:update_soa_serial -> %s\n",
 			     dns_result_totext(result));
 		goto failure;
 	}
@@ -6513,10 +6516,11 @@ zone_nsec3chain(dns_zone_t *zone) {
 		goto failure;
 	}
 
-	result = increment_soa_serial(db, version, &sig_diff, zone->mctx);
+	result = update_soa_serial(db, version, &sig_diff, zone->mctx,
+				   zone->updatemethod);
 	if (result != ISC_R_SUCCESS) {
 		dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:"
-			     "increment_soa_serial -> %s\n",
+			     "update_soa_serial -> %s\n",
 			     dns_result_totext(result));
 		goto failure;
 	}
@@ -7075,10 +7079,11 @@ zone_sign(dns_zone_t *zone) {
 		goto failure;
 	}
 
-	result = increment_soa_serial(db, version, &sig_diff, zone->mctx);
+	result = update_soa_serial(db, version, &sig_diff, zone->mctx,
+				   zone->updatemethod);
 	if (result != ISC_R_SUCCESS) {
 		dns_zone_log(zone, ISC_LOG_ERROR,
-			     "zone_sign:increment_soa_serial -> %s\n",
+			     "zone_sign:update_soa_serial -> %s\n",
 			     dns_result_totext(result));
 		goto failure;
 	}
@@ -7855,7 +7860,8 @@ keyfetch_done(isc_task_t *task, isc_event_t *event) {
 
 	if (!ISC_LIST_EMPTY(diff.tuples)) {
 		/* Write changes to journal file. */
-		CHECK(increment_soa_serial(kfetch->db, ver, &diff, mctx));
+		CHECK(update_soa_serial(kfetch->db, ver, &diff, mctx,
+					zone->updatemethod));
 		CHECK(zone_journal(zone, &diff, "keyfetch_done"));
 		commit = ISC_TRUE;
 
@@ -8012,7 +8018,8 @@ zone_refreshkeys(dns_zone_t *zone) {
 					 &kfetch->fetch);
 	}
 	if (!ISC_LIST_EMPTY(diff.tuples)) {
-		CHECK(increment_soa_serial(db, ver, &diff, zone->mctx));
+		CHECK(update_soa_serial(db, ver, &diff, zone->mctx,
+					zone->updatemethod));
 		CHECK(zone_journal(zone, &diff, "sync_keyzone"));
 		commit = ISC_TRUE;
 		DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_LOADED);
@@ -14305,7 +14312,8 @@ zone_rekey(dns_zone_t *zone) {
 			CHECK(add_signing_records(db, zone->privatetype,
 						  ver, &diff,
 						  ISC_TF(newalg || fullsign)));
-			CHECK(increment_soa_serial(db, ver, &diff, mctx));
+			CHECK(update_soa_serial(db, ver, &diff, mctx,
+						zone->updatemethod));
 			CHECK(add_chains(zone, db, ver, &diff));
 			CHECK(sign_apex(zone, db, ver, &diff, &sig_diff));
 			CHECK(zone_journal(zone, &sig_diff, "zone_rekey"));
@@ -14596,3 +14604,15 @@ dns_zone_setrefreshkeyinterval(dns_zone_t *zone, isc_uint32_t interval) {
 	zone->refreshkeyinterval = interval * 60;
 	return (ISC_R_SUCCESS);
 }
+
+void
+dns_zone_setserialupdatemethod(dns_zone_t *zone, dns_updatemethod_t method) {
+	REQUIRE(DNS_ZONE_VALID(zone));
+	zone->updatemethod = method;
+}
+
+dns_updatemethod_t
+dns_zone_getserialupdatemethod(dns_zone_t *zone) {
+	REQUIRE(DNS_ZONE_VALID(zone));
+	return(zone->updatemethod);
+}

lib/isccfg/namedconf.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: namedconf.c,v 1.138 2011/05/23 20:10:03 each Exp $ */
+/* $Id: namedconf.c,v 1.139 2011/07/01 02:25:48 marka Exp $ */
 
 /*! \file */
 
@@ -553,6 +553,12 @@ static cfg_type_t cfg_type_dnssecupdatemode = {
 	&cfg_rep_string, &dnssecupdatemode_enums
 };
 
+static const char *updatemethods_enums[] = { "increment", "unixtime", NULL };
+static cfg_type_t cfg_type_updatemethod = {
+	"updatemethod", cfg_parse_enum, cfg_print_ustring, cfg_doc_enum,
+	&cfg_rep_string, &updatemethods_enums
+};
+
 static cfg_type_t cfg_type_rrsetorder = {
 	"rrsetorder", cfg_parse_bracketed_list, cfg_print_bracketed_list, cfg_doc_bracketed_list,
 	&cfg_rep_list, &cfg_type_rrsetorderingelement
@@ -1388,6 +1394,7 @@ zone_clauses[] = {
 	{ "notify-source-v6", &cfg_type_sockaddr6wild, 0 },
 	{ "notify-to-soa", &cfg_type_boolean, 0 },
 	{ "nsec3-test-zone", &cfg_type_boolean, CFG_CLAUSEFLAG_TESTONLY },
+	{ "serial-update-method", &cfg_type_updatemethod, 0 },
 	{ "sig-signing-nodes", &cfg_type_uint32, 0 },
 	{ "sig-signing-signatures", &cfg_type_uint32, 0 },
 	{ "sig-signing-type", &cfg_type_uint32, 0 },