diff --git a/CHANGES b/CHANGES index b5837cfd1b..232878e8b2 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,8 @@ +3130. [func] Support alternate methods for managing a dynamic + zone's serial number. Two methods are currently + defined using serial-update-method, "increment" + (default) and "unixtime". [RT #23849] + 3129. [bug] Named could crash on 'rndc reconfig' when allow-new-zones was set to yes and named ACLs were used. [RT #22739] diff --git a/bin/named/config.c b/bin/named/config.c index fe102d2b02..5d5fc43e20 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: config.c,v 1.118 2011/05/23 20:10:01 each Exp $ */ +/* $Id: config.c,v 1.119 2011/07/01 02:25:47 marka Exp $ */ /*! \file */ @@ -209,6 +209,7 @@ options {\n\ check-srv-cname warn;\n\ zero-no-soa-ttl yes;\n\ update-check-ksk yes;\n\ + serial-update-method increment;\n\ dnssec-update-mode maintain;\n\ dnssec-dnskey-kskonly no;\n\ dnssec-loadkeys-interval 60;\n\ diff --git a/bin/named/update.c b/bin/named/update.c index a70a28073c..b2dec79bc7 100644 --- a/bin/named/update.c +++ b/bin/named/update.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: update.c,v 1.194 2011/06/10 23:47:31 tbox Exp $ */ +/* $Id: update.c,v 1.195 2011/07/01 02:25:47 marka Exp $ */ #include @@ -47,6 +47,7 @@ #include #include #include +#include #include #include #include @@ -1425,8 +1426,8 @@ get_current_rr(dns_message_t *msg, dns_section_t section, */ static isc_result_t -increment_soa_serial(dns_db_t *db, dns_dbversion_t *ver, - dns_diff_t *diff, isc_mem_t *mctx) +update_soa_serial(dns_db_t *db, dns_dbversion_t *ver, dns_diff_t *diff, + isc_mem_t *mctx, dns_updatemethod_t method) { dns_difftuple_t *deltuple = NULL; dns_difftuple_t *addtuple = NULL; @@ -1438,12 +1439,7 @@ increment_soa_serial(dns_db_t *db, dns_dbversion_t *ver, addtuple->op = DNS_DIFFOP_ADD; serial = dns_soa_getserial(&addtuple->rdata); - - /* RFC1982 */ - serial = (serial + 1) & 0xFFFFFFFF; - if (serial == 0) - serial = 1; - + serial = dns_update_soaserial(serial, method); dns_soa_setserial(serial, &addtuple->rdata); CHECK(do_one_tuple(&deltuple, db, ver, diff)); CHECK(do_one_tuple(&addtuple, db, ver, diff)); @@ -4187,7 +4183,8 @@ update_action(isc_task_t *task, isc_event_t *event) { * changed as a result of an update operation. */ if (! soa_serial_changed) { - CHECK(increment_soa_serial(db, ver, &diff, mctx)); + CHECK(update_soa_serial(db, ver, &diff, mctx, + dns_zone_getserialupdatemethod(zone))); } CHECK(check_mx(client, zone, db, ver, &diff)); diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c index 8764ec1c6c..32f6825fa1 100644 --- a/bin/named/zoneconf.c +++ b/bin/named/zoneconf.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zoneconf.c,v 1.177 2011/05/23 20:10:01 each Exp $ */ +/* $Id: zoneconf.c,v 1.178 2011/07/01 02:25:47 marka Exp $ */ /*% */ @@ -1357,6 +1357,16 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, else INSIST(0); } + + obj = NULL; + result = ns_config_get(maps, "serial-update-method", &obj); + INSIST(result == ISC_R_SUCCESS && obj != NULL); + if (strcasecmp(cfg_obj_asstring(obj), "unixtime") == 0) + dns_zone_setserialupdatemethod(zone, + dns_updatemethod_unixtime); + else + dns_zone_setserialupdatemethod(zone, + dns_updatemethod_increment); } /* diff --git a/bin/tests/system/nsupdate/clean.sh b/bin/tests/system/nsupdate/clean.sh index 6f5285d8b1..0801da96de 100644 --- a/bin/tests/system/nsupdate/clean.sh +++ b/bin/tests/system/nsupdate/clean.sh @@ -15,14 +15,14 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: clean.sh,v 1.24 2011/05/23 22:25:32 each Exp $ +# $Id: clean.sh,v 1.25 2011/07/01 02:25:47 marka Exp $ # # Clean up after zone transfer tests. # -rm -f dig.out.ns1 dig.out.ns2 dig.out.ns1.after ns1/*.jnl ns2/*.jnl \ - ns1/example.db ns1/update.db ns1/other.db ns1/ddns.key +rm -f ns1/*.jnl ns2/*.jnl +rm -f ns1/example.db ns1/unixtime.db ns1/update.db ns1/other.db ns1/ddns.key rm -f nsupdate.out rm -f random.data rm -f ns2/example.bk @@ -33,6 +33,6 @@ rm -f ns3/example.db.jnl ns3/example.db rm -f ns3/nsec3param.test.db.signed.jnl ns3/nsec3param.test.db ns3/nsec3param.test.db.signed ns3/dsset-nsec3param.test. rm -f ns3/dnskey.test.db.signed.jnl ns3/dnskey.test.db ns3/dnskey.test.db.signed ns3/dsset-dnskey.test. rm -f ns3/K* -rm -f dig.out.ns3.* +rm -f dig.out.* rm -f jp.out.ns3.* rm -f Kxxx.* diff --git a/bin/tests/system/nsupdate/ns1/named.conf b/bin/tests/system/nsupdate/ns1/named.conf index afa1c2c220..0132c2259a 100644 --- a/bin/tests/system/nsupdate/ns1/named.conf +++ b/bin/tests/system/nsupdate/ns1/named.conf @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.21 2011/05/06 23:47:29 tbox Exp $ */ +/* $Id: named.conf,v 1.22 2011/07/01 02:25:47 marka Exp $ */ controls { /* empty */ }; @@ -80,3 +80,13 @@ zone "update.nil" { allow-transfer { any; }; also-notify { othermasters; }; }; + +zone "unixtime.nil" { + type master; + file "unixtime.db"; + check-integrity no; + allow-update { any; }; + allow-transfer { any; }; + serial-update-method unixtime; +}; + diff --git a/bin/tests/system/nsupdate/setup.sh b/bin/tests/system/nsupdate/setup.sh index a3b8ea7380..6f3af2f494 100644 --- a/bin/tests/system/nsupdate/setup.sh +++ b/bin/tests/system/nsupdate/setup.sh @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: setup.sh,v 1.18 2011/05/06 23:47:29 tbox Exp $ +# $Id: setup.sh,v 1.19 2011/07/01 02:25:47 marka Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh @@ -30,6 +30,7 @@ rm -f ns3/example.db.jnl cp -f ns1/example1.db ns1/example.db sed 's/example.nil/other.nil/g' ns1/example1.db > ns1/other.db +sed 's/example.nil/unixtime.nil/g' ns1/example1.db > ns1/unixtime.db cp -f ns3/example.db.in ns3/example.db # update_test.pl has its own zone file because it diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh index b0cc0d0894..136af2318f 100644 --- a/bin/tests/system/nsupdate/tests.sh +++ b/bin/tests/system/nsupdate/tests.sh @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.40 2011/06/21 22:15:05 each Exp $ +# $Id: tests.sh,v 1.41 2011/07/01 02:25:47 marka Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh @@ -217,6 +217,27 @@ then status=1 fi +n=`expr $n + 1` +echo "I:check that unixtime serial number is correctly generated ($n)" +oldserial=`$DIG +short unixtime.nil. soa @10.53.0.1 -p 5300 | awk '{print $3}'` || ret=1 +$NSUPDATE < /dev/null 2>&1 || ret=1 + server 10.53.0.1 5300 + ttl 600 + update add new.unixtime.nil in a 1.2.3.4 + send +END +now=`$PERL -e 'print time()."\n";'` +sleep 1 +serial=`$DIG +short unixtime.nil. soa @10.53.0.1 -p 5300 | awk '{print $3}'` || ret=1 +[ "$oldserial" -ne "$serial" ] || ret=1 +# allow up to 2 seconds difference between the serial +# number and the unix epoch date but no more +$PERL -e 'exit 1 if abs($ARGV[1] - $ARGV[0]) > 2;' $now $serial || ret=1 +if [ $ret -ne 0 ]; then + echo "I:failed" + status=1 +fi + if $PERL -e 'use Net::DNS;' 2>/dev/null then echo "I:running update.pl test" diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml index 6e835aa1dc..5b62fb9012 100644 --- a/doc/arm/Bv9ARM-book.xml +++ b/doc/arm/Bv9ARM-book.xml @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> - + BIND 9 Administrator Reference Manual @@ -10099,6 +10099,7 @@ view "external" { key-directory path_name; auto-dnssec allow|maintain|off; zero-no-soa-ttl yes_or_no ; + serial-update-method increment|unixtime; }; zone zone_name class { @@ -11234,6 +11235,31 @@ example.com. NS ns2.example.net. + + serial-update-method + + + Zones configured for dynamic DNS may use this + option to set the update method that will be used for + the zone serial number in the SOA record. + + + With the default setting of + serial-update-method increment;, the + SOA serial number will be incremented by one each time + the zone is updated. + + + When set to + serial-update-method unixtime;, the + SOA serial number will be set to the number of seconds + since the UNIX epoch, unless the serial number is + already greater than or equal to that value, in which + case it is simply incremented by one. + + + + multi-master diff --git a/lib/dns/Makefile.in b/lib/dns/Makefile.in index e38bb54cb7..b46b90cdb2 100644 --- a/lib/dns/Makefile.in +++ b/lib/dns/Makefile.in @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.178 2011/03/10 04:36:16 each Exp $ +# $Id: Makefile.in,v 1.179 2011/07/01 02:25:47 marka Exp $ srcdir = @srcdir@ VPATH = @srcdir@ @@ -69,7 +69,7 @@ DNSOBJS = acache.@O@ acl.@O@ adb.@O@ byaddr.@O@ \ rriterator.@O@ sdb.@O@ \ sdlz.@O@ soa.@O@ ssu.@O@ ssu_external.@O@ \ stats.@O@ tcpmsg.@O@ time.@O@ timer.@O@ tkey.@O@ \ - tsec.@O@ tsig.@O@ ttl.@O@ validator.@O@ \ + tsec.@O@ tsig.@O@ ttl.@O@ update.@O@ validator.@O@ \ version.@O@ view.@O@ xfrin.@O@ zone.@O@ zonekey.@O@ zt.@O@ OBJS= ${DNSOBJS} ${OTHEROBJS} ${DSTOBJS} @@ -95,7 +95,7 @@ DNSSRCS = acache.c acl.c adb.c byaddr.c \ resolver.c result.c rootns.c rpz.c rriterator.c \ sdb.c sdlz.c soa.c ssu.c ssu_external.c \ stats.c tcpmsg.c time.c timer.c tkey.c \ - tsec.c tsig.c ttl.c validator.c \ + tsec.c tsig.c ttl.c update.c validator.c \ version.c view.c xfrin.c zone.c zonekey.c zt.c ${OTHERSRCS} SRCS = ${DSTSRCS} ${DNSSRCS} diff --git a/lib/dns/include/dns/types.h b/lib/dns/include/dns/types.h index fef4d7a3f3..cbcf8b990e 100644 --- a/lib/dns/include/dns/types.h +++ b/lib/dns/include/dns/types.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: types.h,v 1.143 2010/12/08 02:46:16 marka Exp $ */ +/* $Id: types.h,v 1.144 2011/07/01 02:25:48 marka Exp $ */ #ifndef DNS_TYPES_H #define DNS_TYPES_H 1 @@ -332,6 +332,20 @@ typedef enum { dns_severity_fail } dns_severity_t; +/*% + * DNS Serial Number Update Method. + * + * \li _increment: Add one to the current serial, skipping 0. + * \li _unixtime: Set to the seconds since 00:00 Jan 1, 1970, + * if possible. + * \li _yyyymmvv: Set to Year, Month, Version, if possible. + * (Not yet implemented) + */ +typedef enum { + dns_updatemethod_increment = 0, + dns_updatemethod_unixtime +} dns_updatemethod_t; + /* * Functions. */ diff --git a/lib/dns/include/dns/update.h b/lib/dns/include/dns/update.h new file mode 100644 index 0000000000..117e5223d1 --- /dev/null +++ b/lib/dns/include/dns/update.h @@ -0,0 +1,52 @@ +/* + * Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: update.h,v 1.2 2011/07/01 02:25:48 marka Exp $ */ + +#ifndef DNS_UPDATE_H +#define DNS_UPDATE_H 1 + +/*! \file dns/update.h */ + +/*** + *** Imports + ***/ + +#include + +#include + +ISC_LANG_BEGINDECLS + +/*** + *** Functions + ***/ + +isc_uint32_t +dns_update_soaserial(isc_uint32_t serial, dns_updatemethod_t method); +/*%< + * Return the next serial number after 'serial', depending on the + * update method 'method': + * + *\li * dns_updatemethod_increment increments the serial number by one + *\li * dns_updatemethod_unixtime sets the serial number to the current + * time (seconds since UNIX epoch) if possible, or increments by one + * if not. + */ + +ISC_LANG_ENDDECLS + +#endif /* DNS_UPDATE_H */ diff --git a/lib/dns/include/dns/zone.h b/lib/dns/include/dns/zone.h index 496dfe2514..c4ff59030c 100644 --- a/lib/dns/include/dns/zone.h +++ b/lib/dns/include/dns/zone.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zone.h,v 1.189 2011/05/23 20:10:03 each Exp $ */ +/* $Id: zone.h,v 1.190 2011/07/01 02:25:48 marka Exp $ */ #ifndef DNS_ZONE_H #define DNS_ZONE_H 1 @@ -1890,6 +1890,26 @@ dns_zone_setrefreshkeyinterval(dns_zone_t *zone, isc_uint32_t interval); * \li 'zone' to be valid. */ +void +dns_zone_setserialupdatemethod(dns_zone_t *zone, dns_updatemethod_t method); +/*% + * Sets the update method to use when incrementing the zone serial number + * due to a DDNS update. Valid options are dns_updatemethod_increment + * and dns_updatemethod_unixtime. + * + * Requires: + * \li 'zone' to be valid. + */ + +dns_updatemethod_t +dns_zone_getserialupdatemethod(dns_zone_t *zone); +/*% + * Returns the update method to be used when incrementing the zone serial + * number due to a DDNS update. + * + * Requires: + * \li 'zone' to be valid. + */ ISC_LANG_ENDDECLS #endif /* DNS_ZONE_H */ diff --git a/lib/dns/tests/Makefile.in b/lib/dns/tests/Makefile.in index afbc5b7244..222120b39b 100644 --- a/lib/dns/tests/Makefile.in +++ b/lib/dns/tests/Makefile.in @@ -12,7 +12,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.3 2011/03/09 07:22:31 marka Exp $ +# $Id: Makefile.in,v 1.4 2011/07/01 02:25:48 marka Exp $ srcdir = @srcdir@ VPATH = @srcdir@ @@ -37,10 +37,10 @@ DNSDEPLIBS = ../libdns.@A@ LIBS = @LIBS@ @ATFLIBS@ OBJS = dnstest.@O@ -SRCS = dnstest.c master_test.c time_test.c +SRCS = dnstest.c master_test.c time_test.c update_test.c SUBDIRS = -TARGETS = master_test@EXEEXT@ time_test@EXEEXT@ +TARGETS = master_test@EXEEXT@ time_test@EXEEXT@ update_test@EXEEXT@ @BIND9_MAKE_RULES@ @@ -53,5 +53,11 @@ time_test@EXEEXT@: time_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \ time_test.@O@ dnstest.@O@ ${DNSLIBS} \ ${ISCLIBS} ${LIBS} + +update_test@EXEEXT@: update_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \ + update_test.@O@ dnstest.@O@ ${DNSLIBS} \ + ${ISCLIBS} ${LIBS} + clean distclean:: rm -f ${TARGETS} diff --git a/lib/dns/update.c b/lib/dns/update.c new file mode 100644 index 0000000000..fbd6dc7f85 --- /dev/null +++ b/lib/dns/update.c @@ -0,0 +1,28 @@ +/* + * Copyright + */ + +#include "config.h" + +#include +#include + +#include + +isc_uint32_t +dns_update_soaserial(isc_uint32_t serial, dns_updatemethod_t method) { + isc_stdtime_t now; + + if (method == dns_updatemethod_unixtime) { + isc_stdtime_get(&now); + if (now != 0 && isc_serial_gt(now, serial)) + return (now); + } + + /* RFC1982 */ + serial = (serial + 1) & 0xFFFFFFFF; + if (serial == 0) + serial = 1; + + return (serial); +} diff --git a/lib/dns/win32/libdns.def b/lib/dns/win32/libdns.def index 1397362b96..108e1569af 100644 --- a/lib/dns/win32/libdns.def +++ b/lib/dns/win32/libdns.def @@ -185,6 +185,7 @@ dns_dispatchmgr_setavailports dns_dispatchmgr_setblackhole dns_dispatchmgr_setblackportlist dns_dispatchmgr_setstats +dns_dlz_writeablezone dns_dlzallowzonexfr dns_dlzconfigure dns_dlzcreate @@ -193,7 +194,6 @@ dns_dlzfindzone dns_dlzregister dns_dlzstrtoargv dns_dlzunregister -dns_dlz_writeablezone dns_dns64_aaaafroma dns_dns64_aaaaok dns_dns64_append @@ -208,8 +208,8 @@ dns_dnssec_keyfromrdata dns_dnssec_keylistfromrdataset dns_dnssec_selfsigns dns_dnssec_sign -dns_dnssec_signs dns_dnssec_signmessage +dns_dnssec_signs dns_dnssec_updatekeys dns_dnssec_verify dns_dnssec_verify2 @@ -697,6 +697,7 @@ dns_tsigrcode_fromtext dns_tsigrcode_totext dns_ttl_fromtext dns_ttl_totext +dns_update_soaserial dns_validator_cancel dns_validator_create dns_validator_destroy @@ -800,6 +801,7 @@ dns_zone_getqueryacl dns_zone_getrequeststats dns_zone_getserial dns_zone_getserial2 +dns_zone_getserialupdatemethod dns_zone_getsigresigninginterval dns_zone_getsigvalidityinterval dns_zone_getssutable @@ -875,6 +877,7 @@ dns_zone_setprivatetype dns_zone_setqueryacl dns_zone_setqueryonacl dns_zone_setrequeststats +dns_zone_setserialupdatemethod dns_zone_setsignatures dns_zone_setsigresigninginterval dns_zone_setsigvalidityinterval diff --git a/lib/dns/win32/libdns.dsp b/lib/dns/win32/libdns.dsp index 6ce4a5586a..c13d952232 100644 --- a/lib/dns/win32/libdns.dsp +++ b/lib/dns/win32/libdns.dsp @@ -402,6 +402,10 @@ SOURCE=..\include\dns\types.h # End Source File # Begin Source File +SOURCE=..\include\dns\update.h +# End Source File +# Begin Source File + SOURCE=..\include\dns\validator.h # End Source File # Begin Source File @@ -690,6 +694,10 @@ SOURCE=..\ttl.c # End Source File # Begin Source File +SOURCE=..\update.c +# End Source File +# Begin Source File + SOURCE=..\validator.c # End Source File # Begin Source File diff --git a/lib/dns/win32/libdns.mak b/lib/dns/win32/libdns.mak index ab869329d3..89f082e2a9 100644 --- a/lib/dns/win32/libdns.mak +++ b/lib/dns/win32/libdns.mak @@ -195,6 +195,7 @@ CLEAN : -@erase "$(INTDIR)\tkey.obj" -@erase "$(INTDIR)\tsig.obj" -@erase "$(INTDIR)\ttl.obj" + -@erase "$(INTDIR)\update.obj" -@erase "$(INTDIR)\validator.obj" -@erase "$(INTDIR)\vc60.idb" -@erase "$(INTDIR)\version.obj" @@ -319,6 +320,7 @@ LINK32_OBJS= \ "$(INTDIR)\tkey.obj" \ "$(INTDIR)\tsig.obj" \ "$(INTDIR)\ttl.obj" \ + "$(INTDIR)\update.obj" \ "$(INTDIR)\validator.obj" \ "$(INTDIR)\version.obj" \ "$(INTDIR)\view.obj" \ @@ -525,6 +527,8 @@ CLEAN : -@erase "$(INTDIR)\tsig.sbr" -@erase "$(INTDIR)\ttl.obj" -@erase "$(INTDIR)\ttl.sbr" + -@erase "$(INTDIR)\update.obj" + -@erase "$(INTDIR)\update.sbr" -@erase "$(INTDIR)\validator.obj" -@erase "$(INTDIR)\validator.sbr" -@erase "$(INTDIR)\vc60.idb" @@ -655,6 +659,7 @@ BSC32_SBRS= \ "$(INTDIR)\tkey.sbr" \ "$(INTDIR)\tsig.sbr" \ "$(INTDIR)\ttl.sbr" \ + "$(INTDIR)\update.sbr" \ "$(INTDIR)\validator.sbr" \ "$(INTDIR)\version.sbr" \ "$(INTDIR)\view.sbr" \ @@ -750,6 +755,7 @@ LINK32_OBJS= \ "$(INTDIR)\tkey.obj" \ "$(INTDIR)\tsig.obj" \ "$(INTDIR)\ttl.obj" \ + "$(INTDIR)\update.obj" \ "$(INTDIR)\validator.obj" \ "$(INTDIR)\version.obj" \ "$(INTDIR)\view.obj" \ @@ -1928,6 +1934,24 @@ SOURCE=..\ttl.c $(CPP) $(CPP_PROJ) $(SOURCE) +!ENDIF + +SOURCE=..\update.c + +!IF "$(CFG)" == "libdns - Win32 Release" + + +"$(INTDIR)\update.obj" : $(SOURCE) "$(INTDIR)" + $(CPP) $(CPP_PROJ) $(SOURCE) + + +!ELSEIF "$(CFG)" == "libdns - Win32 Debug" + + +"$(INTDIR)\update.obj" "$(INTDIR)\update.sbr" : $(SOURCE) "$(INTDIR)" + $(CPP) $(CPP_PROJ) $(SOURCE) + + !ENDIF SOURCE=..\validator.c diff --git a/lib/dns/zone.c b/lib/dns/zone.c index 012293bd61..8d915d8111 100644 --- a/lib/dns/zone.c +++ b/lib/dns/zone.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zone.c,v 1.615 2011/06/10 23:47:32 tbox Exp $ */ +/* $Id: zone.c,v 1.616 2011/07/01 02:25:48 marka Exp $ */ /*! \file */ @@ -76,6 +76,7 @@ #include #include #include +#include #include #include @@ -339,6 +340,11 @@ struct dns_zone { * whether a rpz radix was needed when last loaded */ isc_boolean_t rpz_zone; + + /*% + * Serial number update method. + */ + dns_updatemethod_t updatemethod; }; #define DNS_ZONE_FLAG(z,f) (ISC_TF(((z)->flags & (f)) != 0)) @@ -3069,8 +3075,8 @@ update_one_rr(dns_db_t *db, dns_dbversion_t *ver, dns_diff_t *diff, } static isc_result_t -increment_soa_serial(dns_db_t *db, dns_dbversion_t *ver, - dns_diff_t *diff, isc_mem_t *mctx) { +update_soa_serial(dns_db_t *db, dns_dbversion_t *ver, dns_diff_t *diff, + isc_mem_t *mctx, dns_updatemethod_t method) { dns_difftuple_t *deltuple = NULL; dns_difftuple_t *addtuple = NULL; isc_uint32_t serial; @@ -3081,12 +3087,7 @@ increment_soa_serial(dns_db_t *db, dns_dbversion_t *ver, addtuple->op = DNS_DIFFOP_ADD; serial = dns_soa_getserial(&addtuple->rdata); - - /* RFC1982 */ - serial = (serial + 1) & 0xFFFFFFFF; - if (serial == 0) - serial = 1; - + serial = dns_update_soaserial(serial, method); dns_soa_setserial(serial, &addtuple->rdata); CHECK(do_one_tuple(&deltuple, db, ver, diff)); CHECK(do_one_tuple(&addtuple, db, ver, diff)); @@ -3311,7 +3312,8 @@ sync_keyzone(dns_zone_t *zone, dns_db_t *db) { if (changed) { /* Write changes to journal file. */ - CHECK(increment_soa_serial(db, ver, &diff, zone->mctx)); + CHECK(update_soa_serial(db, ver, &diff, zone->mctx, + zone->updatemethod)); CHECK(zone_journal(zone, &diff, "sync_keyzone")); DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_LOADED); @@ -5133,10 +5135,11 @@ zone_resigninc(dns_zone_t *zone) { goto failure; } - result = increment_soa_serial(db, version, &sig_diff, zone->mctx); + result = update_soa_serial(db, version, &sig_diff, zone->mctx, + zone->updatemethod); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, - "zone_resigninc:increment_soa_serial -> %s\n", + "zone_resigninc:update_soa_serial -> %s\n", dns_result_totext(result)); goto failure; } @@ -6513,10 +6516,11 @@ zone_nsec3chain(dns_zone_t *zone) { goto failure; } - result = increment_soa_serial(db, version, &sig_diff, zone->mctx); + result = update_soa_serial(db, version, &sig_diff, zone->mctx, + zone->updatemethod); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:" - "increment_soa_serial -> %s\n", + "update_soa_serial -> %s\n", dns_result_totext(result)); goto failure; } @@ -7075,10 +7079,11 @@ zone_sign(dns_zone_t *zone) { goto failure; } - result = increment_soa_serial(db, version, &sig_diff, zone->mctx); + result = update_soa_serial(db, version, &sig_diff, zone->mctx, + zone->updatemethod); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, - "zone_sign:increment_soa_serial -> %s\n", + "zone_sign:update_soa_serial -> %s\n", dns_result_totext(result)); goto failure; } @@ -7855,7 +7860,8 @@ keyfetch_done(isc_task_t *task, isc_event_t *event) { if (!ISC_LIST_EMPTY(diff.tuples)) { /* Write changes to journal file. */ - CHECK(increment_soa_serial(kfetch->db, ver, &diff, mctx)); + CHECK(update_soa_serial(kfetch->db, ver, &diff, mctx, + zone->updatemethod)); CHECK(zone_journal(zone, &diff, "keyfetch_done")); commit = ISC_TRUE; @@ -8012,7 +8018,8 @@ zone_refreshkeys(dns_zone_t *zone) { &kfetch->fetch); } if (!ISC_LIST_EMPTY(diff.tuples)) { - CHECK(increment_soa_serial(db, ver, &diff, zone->mctx)); + CHECK(update_soa_serial(db, ver, &diff, zone->mctx, + zone->updatemethod)); CHECK(zone_journal(zone, &diff, "sync_keyzone")); commit = ISC_TRUE; DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_LOADED); @@ -14305,7 +14312,8 @@ zone_rekey(dns_zone_t *zone) { CHECK(add_signing_records(db, zone->privatetype, ver, &diff, ISC_TF(newalg || fullsign))); - CHECK(increment_soa_serial(db, ver, &diff, mctx)); + CHECK(update_soa_serial(db, ver, &diff, mctx, + zone->updatemethod)); CHECK(add_chains(zone, db, ver, &diff)); CHECK(sign_apex(zone, db, ver, &diff, &sig_diff)); CHECK(zone_journal(zone, &sig_diff, "zone_rekey")); @@ -14596,3 +14604,15 @@ dns_zone_setrefreshkeyinterval(dns_zone_t *zone, isc_uint32_t interval) { zone->refreshkeyinterval = interval * 60; return (ISC_R_SUCCESS); } + +void +dns_zone_setserialupdatemethod(dns_zone_t *zone, dns_updatemethod_t method) { + REQUIRE(DNS_ZONE_VALID(zone)); + zone->updatemethod = method; +} + +dns_updatemethod_t +dns_zone_getserialupdatemethod(dns_zone_t *zone) { + REQUIRE(DNS_ZONE_VALID(zone)); + return(zone->updatemethod); +} diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c index 491ab71390..d7912e7f49 100644 --- a/lib/isccfg/namedconf.c +++ b/lib/isccfg/namedconf.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: namedconf.c,v 1.138 2011/05/23 20:10:03 each Exp $ */ +/* $Id: namedconf.c,v 1.139 2011/07/01 02:25:48 marka Exp $ */ /*! \file */ @@ -553,6 +553,12 @@ static cfg_type_t cfg_type_dnssecupdatemode = { &cfg_rep_string, &dnssecupdatemode_enums }; +static const char *updatemethods_enums[] = { "increment", "unixtime", NULL }; +static cfg_type_t cfg_type_updatemethod = { + "updatemethod", cfg_parse_enum, cfg_print_ustring, cfg_doc_enum, + &cfg_rep_string, &updatemethods_enums +}; + static cfg_type_t cfg_type_rrsetorder = { "rrsetorder", cfg_parse_bracketed_list, cfg_print_bracketed_list, cfg_doc_bracketed_list, &cfg_rep_list, &cfg_type_rrsetorderingelement @@ -1388,6 +1394,7 @@ zone_clauses[] = { { "notify-source-v6", &cfg_type_sockaddr6wild, 0 }, { "notify-to-soa", &cfg_type_boolean, 0 }, { "nsec3-test-zone", &cfg_type_boolean, CFG_CLAUSEFLAG_TESTONLY }, + { "serial-update-method", &cfg_type_updatemethod, 0 }, { "sig-signing-nodes", &cfg_type_uint32, 0 }, { "sig-signing-signatures", &cfg_type_uint32, 0 }, { "sig-signing-type", &cfg_type_uint32, 0 },