diff --git a/ChangeLog b/ChangeLog index 2db865e9c1..a179232895 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,31 @@ +300. [func]* tomek + libdhcp: DHCP packet library was implemented. Currently it handles + packet reception, option parsing, option generation and output + packet building. Generic and specialized classes for several + DHCPv6 options (IA_NA, IAADDR, address-list) are available. A + simple code was added that leverages libdhcp. It is a skeleton + DHCPv6 server. It receives incoming SOLICIT and REQUEST messages + and responds with proper ADVERTISE and REPLY. Note that since + LeaseManager is not implemented, server assigns the same + hardcoded lease for every client. This change removes existing + DHCPv6 echo server as it was only a proof of concept code. + (Trac #1186, git 67ea6de047d4dbd63c25fe7f03f5d5cc2452ad7d) + +299. [build] jreed + Do not install the libfake_session, libtestutils, or libbench + libraries. They are used by tests within the source tree. + Convert all test-related makefiles to build test code at + regular make time to better work with test-driven development. + This reverts some of #1901. (The tests are ran using "make + check".) + (Trac #1286, git cee641fd3d12341d6bfce5a6fbd913e3aebc1e8e) + +bind10-devel-20111014 released on October 14, 2011 + +298. [doc] jreed + Shorten README. Include plain text format of the Guide. + (git d1897d3, git 337198f) + 297. [func] dvv Implement the SPF rrtype according to RFC4408. (Trac #1140, git 146934075349f94ee27f23bf9ff01711b94e369e) @@ -23,7 +51,7 @@ how to configure it and operational notes. (Trac #1212, multiple git merges) -293. [func]* tomek +293. [func]* tomek b10-dhcp6: Implemented DHCPv6 echo server. It joins DHCPv6 multicast groups and listens to incoming DHCPv6 client messages. Received messages are then echoed back to clients. This @@ -37,12 +65,13 @@ Implement the DLV rrtype according to RFC4431. (Trac #1144, git d267c0511a07c41cd92e3b0b9ee9bf693743a7cf) -291. [func] naokikambe +291. [func] naokikambe Statistics items are specified by each module's spec file. Stats module can read these through the config manager. Stats module and stats httpd report statistics data and statistics schema by each module via both bindctl and HTTP/XML. - (Trac #928,#929,#930,#1175, git 054699635affd9c9ecbe7a108d880829f3ba229e) + (Trac #928,#929,#930,#1175, + git 054699635affd9c9ecbe7a108d880829f3ba229e) 290. [func] jinmei libdns++/pydnspp: added an option parameter to the "from wire" @@ -54,7 +83,7 @@ 289. [func]* jinmei b10-xfrout: ACLs for xfrout can now be configured per zone basis. - A per zone ACl is part of a more general zone configuration. A + A per zone ACL is part of a more general zone configuration. A quick example for configuring an ACL for zone "example.com" that rejects any transfer request for that zone is as follows: > config add Xfrout/zone_config @@ -70,7 +99,7 @@ configuration. (Trac #1165, git 698176eccd5d55759fe9448b2c249717c932ac31) -288. [bug] stephen +288. [bug] stephen Fixed problem whereby the order in which component files appeared in rdataclass.cc was system dependent, leading to problems on some systems where data types were used before the header file in which @@ -85,7 +114,7 @@ python files from the common directly (such as "site-packages"). (Trac #1101, git 0eb576518f81c3758c7dbaa2522bd8302b1836b3) -286. [func] ocean +286. [func] ocean libdns++: Implement the HINFO rrtype support according to RFC1034, and RFC1035. (Trac #1112, git 12d62d54d33fbb1572a1aa3089b0d547d02924aa) @@ -101,14 +130,14 @@ log a warning and try to do zone transfer for them. (Trac #1153, git 0a39659638fc68f60b95b102968d7d0ad75443ea) -283. [bug] zhanglikun +283. [bug] zhanglikun Make stats and boss processes wait for answer messages from each other in block mode to avoid orphan answer messages, add an internal command "getstats" to boss process for getting statistics data from boss. (Trac #519, git 67d8e93028e014f644868fede3570abb28e5fb43) -282. [func] ocean +282. [func] ocean libdns++: Implement the NAPTR rrtype according to RFC2915, RFC2168 and RFC3403. (Trac #1130, git 01d8d0f13289ecdf9996d6d5d26ac0d43e30549c) diff --git a/README b/README index 4b84a88939..99e2ece2c1 100644 --- a/README +++ b/README @@ -1,3 +1,4 @@ + This is the source for the development version of BIND 10. BIND is the popular implementation of a DNS server, developer @@ -11,7 +12,7 @@ interfaces. Nevertheless it is ready to use now for testing the new BIND 10 infrastructure ideas. The Year 3 goals of the five year plan are described here: - http://bind10.isc.org/wiki/Year3Goals + http://bind10.isc.org/wiki/Year3Goals This release includes the bind10 master process, b10-msgq message bus, b10-auth authoritative DNS server (with SQLite3 and in-memory @@ -21,12 +22,15 @@ AXFR inbound service, b10-xfrout outgoing AXFR service, b10-zonemgr secondary manager, b10-stats statistics collection and reporting daemon, b10-stats-httpd for HTTP access to XML-formatted stats, b10-host DNS lookup utility, and a new libdns++ library for C++ -with a python wrapper. +with a python wrapper. BIND 10 also provides an experimental DHCPv6 +echo server, b10-dhcp6. -Documentation is included and also available via the BIND 10 -website at http://bind10.isc.org/ +Documentation is included with the source. See doc/guide/bind10-guide.txt +(or bind10-guide.html) for installation instructions. The +documentation is also available via the BIND 10 website at +http://bind10.isc.org/ -The latest released source may be downloaded from: +The latest released source tar file may be downloaded from: ftp://ftp.isc.org/isc/bind10/ @@ -40,15 +44,11 @@ Bugs may be reported as tickets via the developers website: http://bind10.isc.org/ -BUILDING - -See the Guide for detailed installation directions at -doc/guide/bind10-guide.html. - -Simple build instructions: +Simple build and installation instructions: ./configure make + make install If building from Git repository, run: @@ -56,197 +56,11 @@ If building from Git repository, run: before running ./configure -Requires autoconf 2.59 or newer. +See the Guide for detailed installation directions at +doc/guide/bind10-guide.txt. -Use automake-1.11 or better for working Python 3.1 tests. -Alternatively, you could manually specify an absolute path to python -executable by the --with-pythonpath option of the configure script, -e.g., -% ./configure --with-pythonpath=/usr/local/bin/python3.1 +For operating system specific tips see the wiki at: -Operating-System specific tips: + http://bind10.isc.org/wiki/SystemSpecificNotes -- FreeBSD - You may need to install a python binding for sqlite3 by hand. - A sample procedure is as follows: - - add the following to /etc/make.conf - PYTHON_VERSION=3.1 - - build and install the python binding from ports, assuming the top - directory of the ports system is /usr/ports - % cd /usr/ports/databases/py-sqlite3/ - % make - % sudo make install - -INSTALLATION - -Install with: - - make install - -TESTS - -The tests use the googletests framework for C++. It is available -from http://code.google.com/p/googletest/. To enable the tests, -configure BIND 10 with: - - ./configure --with-gtest - -Then run "make check" to run these tests. - -TEST COVERAGE - -Code coverage reports may be generated using make. These are -based on running on the unit tests. The resulting reports are placed -in coverage-cpp-html and coverage-python-html directories for C++ -and Python, respectively. - -The code coverage report for the C++ tests uses LCOV. It is available -from http://ltp.sourceforge.net/. To generate the HTML report, -first configure BIND 10 with: - - ./configure --with-lcov - -The code coverage report for the Python tests uses coverage.py (aka -pycoverage). It is available from http://nedbatchelder.com/code/coverage/. -To generate the HTML report, first configure BIND 10 with: - - ./configure --with-pycoverage - -Doing code coverage tests: - - make coverage - Does the clean, perform, and report targets for C++ and Python. - - make clean-coverage - Zeroes the code coverage counters and removes the HTML reports - for C++ and Python. - - make perform-coverage - Runs the C++ (using the googletests framework) and Python - tests. - - make report-coverage - Generates the coverage reports in HTML for C++ and Python. - - make clean-cpp-coverage - Zeroes the code coverage counters and removes the HTML report - for the C++ tests. - - make clean-python-coverage - Zeroes the code coverage counters and removes the HTML report - for the Python tests. - - make report-cpp-coverage - Generates the coverage report in HTML for C++, excluding - some unrelated headers. The HTML reports are placed in a - directory called coverage-cpp-html/. - - make report-python-coverage - Generates the coverage report in HTML for Python. The HTML - reports are placed in a directory called coverage-python-html/. - -DEVELOPERS - -The generated run_*.sh scripts available in the src/bin directories -are for running the code using the source tree. - -RUNNING - -You can start the BIND 10 processes by running bind10 which is -installed to the sbin directory under the installation prefix. -The default location is: - - /usr/local/sbin/bind10 - -For development work, you can also run the bind10 services from the -source tree: - - ./src/bin/bind10/run_bind10.sh - -(Which will use the modules and configurations also from the source -tree.) - -CONFIGURATION - -Commands can be given through the bindctl tool. - -The server must be running for bindctl to work. - -The following configuration commands are available - -help: show the different command modules - help: show the commands for module - help: show info for the command - - -config show [identifier]: Show the currently set values. If no identifier is - given, the current location is used. If a config - option is a list or a map, the value is not - shown directly, but must be requested separately. -config go [identifier]: Go to the given location within the configuration. -config set [identifier] : Set a configuration value. -config unset [identifier]: Remove a value (reverts to default if the option - is mandatory). -config add [identifier] : add a value to a list -config remove [identifier] : remove a value from a list -config revert: Revert all changes that have not been committed -config commit: Commit all changes -config diff: Show the changes that have not been committed yet - - -EXAMPLE SESSION - -~> bindctl -["login success "] login as root -> help -BindCtl, verstion 0.1 -usage: [param1 = value1 [, param2 = value2]] -Type Tab character to get the hint of module/command/paramters. -Type "help(? h)" for help on bindctl. -Type " help" for help on the specific module. -Type " help" for help on the specific command. - -Available module names: - help Get help for bindctl - config Configuration commands - Xfrin same here - Auth same here - Boss same here -> config help -Module config Configuration commands -Available commands: - help (Get help for module) - show (Show configuration) - add (Add entry to configuration list) - remove (Remove entry from configuration list) - set (Set a configuration value) - unset (Unset a configuration value) - diff (Show all local changes) - revert (Revert all local changes) - commit (Commit all local changes) - go (Go to a specific configuration part) -> config show -Xfrin/ module -Auth/ module -Boss/ module -> config show Xfrin -transfers_in: 10 integer -> config go Auth -/Auth> config show -database_file: None string -/Auth> config set database_file /tmp/bind10_zones.db -/Auth> config commit -/Auth> config go / -> config show Auth/ -database_file: /tmp/bind10_zones.db string -> config diff -{} -> config set Auth/foobar -Error: missing identifier or value -> config set Auth/database_file foobar -> config diff -{'Auth': {'database_file': 'foobar'}} -> config revert -> config diff -{} -> quit +Please see the wiki and the doc/ directory for various documentation. diff --git a/configure.ac b/configure.ac index 664ce482ad..d14395c868 100644 --- a/configure.ac +++ b/configure.ac @@ -872,6 +872,8 @@ AC_CONFIG_FILES([Makefile src/lib/dns/python/Makefile src/lib/dns/python/tests/Makefile src/lib/dns/benchmarks/Makefile + src/lib/dhcp/Makefile + src/lib/dhcp/tests/Makefile src/lib/exceptions/Makefile src/lib/exceptions/tests/Makefile src/lib/datasrc/Makefile diff --git a/doc/Doxyfile b/doc/Doxyfile index 8be9098bd7..ee5aaf83bc 100644 --- a/doc/Doxyfile +++ b/doc/Doxyfile @@ -574,7 +574,7 @@ INPUT = ../src/lib/exceptions ../src/lib/cc \ ../src/lib/log/compiler ../src/lib/asiolink/ ../src/lib/nsas \ ../src/lib/testutils ../src/lib/cache ../src/lib/server_common/ \ ../src/bin/sockcreator/ ../src/lib/util/ \ - ../src/lib/resolve ../src/lib/acl ../src/bin/dhcp6 + ../src/lib/resolve ../src/lib/acl ../src/bin/dhcp6 ../src/lib/dhcp # This tag can be used to specify the character encoding of the source files # that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is diff --git a/doc/guide/Makefile.am b/doc/guide/Makefile.am index c84ad06a35..239f235a5e 100644 --- a/doc/guide/Makefile.am +++ b/doc/guide/Makefile.am @@ -1,5 +1,5 @@ EXTRA_DIST = bind10-guide.css -EXTRA_DIST += bind10-guide.xml bind10-guide.html +EXTRA_DIST += bind10-guide.xml bind10-guide.html bind10-guide.txt EXTRA_DIST += bind10-messages.xml bind10-messages.html # This is not a "man" manual, but reuse this for now for docbook. @@ -15,6 +15,11 @@ bind10-guide.html: bind10-guide.xml http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl \ $(srcdir)/bind10-guide.xml +HTML2TXT = elinks -dump -no-numbering -no-references + +bind10-guide.txt: bind10-guide.html + $(HTML2TXT) $(srcdir)/bind10-guide.html > $@ + bind10-messages.html: bind10-messages.xml xsltproc --novalid --xinclude --nonet \ --path $(top_builddir)/doc \ diff --git a/doc/guide/bind10-guide.html b/doc/guide/bind10-guide.html index 1070a2e4a8..97ffb845fb 100644 --- a/doc/guide/bind10-guide.html +++ b/doc/guide/bind10-guide.html @@ -1,12 +1,14 @@ -BIND 10 Guide

BIND 10 Guide

Administrator Reference for BIND 10

This is the reference guide for BIND 10 version +BIND 10 Guide

BIND 10 Guide

Administrator Reference for BIND 10

This is the reference guide for BIND 10 version 20110809.

Copyright © 2010-2011 Internet Systems Consortium, Inc.

Abstract

BIND 10 is a Domain Name System (DNS) suite managed by Internet Systems Consortium (ISC). It includes DNS libraries and modular components for controlling authoritative and recursive DNS servers.

This is the reference guide for BIND 10 version 20110809. - The most up-to-date version of this document, along with - other documents for BIND 10, can be found at http://bind10.isc.org/docs.

Table of Contents

1. Introduction
Supported Platforms
Required Software
Starting and Stopping the Server
Managing BIND 10
2. Installation
Building Requirements
Quick start
Installation from source
Download Tar File
Retrieve from Git
Configure before the build
Build
Install
Install Hierarchy
3. Starting BIND10 with bind10
Starting BIND 10
4. Command channel
5. Configuration manager
6. Remote control daemon
Configuration specification for b10-cmdctl
7. Control and configure user interface
8. Authoritative Server
Server Configurations
Data Source Backends
Loading Master Zones Files
9. Incoming Zone Transfers
10. Outbound Zone Transfers
11. Secondary Manager
12. Recursive Name Server
Access Control
Forwarding
13. Statistics
14. Logging
Logging configuration
Loggers
Output Options
Example session
Logging Message Format

Chapter 1. Introduction

Table of Contents

Supported Platforms
Required Software
Starting and Stopping the Server
Managing BIND 10

+ The most up-to-date version of this document (in PDF, HTML, + and plain text formats), along with other documents for + BIND 10, can be found at http://bind10.isc.org/docs. +

Table of Contents

1. Introduction
Supported Platforms
Required Software
Starting and Stopping the Server
Managing BIND 10
2. Installation
Building Requirements
Quick start
Installation from source
Download Tar File
Retrieve from Git
Configure before the build
Build
Install
Install Hierarchy
3. Starting BIND10 with bind10
Starting BIND 10
4. Command channel
5. Configuration manager
6. Remote control daemon
Configuration specification for b10-cmdctl
7. Control and configure user interface
8. Authoritative Server
Server Configurations
Data Source Backends
Loading Master Zones Files
9. Incoming Zone Transfers
Configuration for Incoming Zone Transfers
Enabling IXFR
Trigger an Incoming Zone Transfer Manually
10. Outbound Zone Transfers
11. Secondary Manager
12. Recursive Name Server
Access Control
Forwarding
13. Statistics
14. Logging
Logging configuration
Loggers
Output Options
Example session
Logging Message Format

Chapter 1. Introduction

Table of Contents

Supported Platforms
Required Software
Starting and Stopping the Server
Managing BIND 10

BIND is the popular implementation of a DNS server, developer interfaces, and DNS tools. BIND 10 is a rewrite of BIND 9. BIND 10 is written in C++ and Python @@ -18,7 +20,7 @@ BIND 10 provides a EDNS0- and DNSSEC-capable authoritative DNS server and a caching recursive name server which also provides forwarding. -

Supported Platforms

+

Supported Platforms

BIND 10 builds have been tested on Debian GNU/Linux 5, Ubuntu 9.10, NetBSD 5, Solaris 10, FreeBSD 7 and 8, and CentOS Linux 5.3. @@ -28,7 +30,7 @@ It is planned for BIND 10 to build, install and run on Windows and standard Unix-type platforms. -

Required Software

+

Required Software

BIND 10 requires Python 3.1. Later versions may work, but Python 3.1 is the minimum version which will work.

@@ -138,7 +140,7 @@ and, of course, DNS. These include detailed developer documentation and code examples. -

Chapter 2. Installation

Table of Contents

Building Requirements
Quick start
Installation from source
Download Tar File
Retrieve from Git
Configure before the build
Build
Install
Install Hierarchy

Building Requirements

+

Chapter 2. Installation

Table of Contents

Building Requirements
Quick start
Installation from source
Download Tar File
Retrieve from Git
Configure before the build
Build
Install
Install Hierarchy

Building Requirements

In addition to the run-time requirements, building BIND 10 from source code requires various development include headers.

Note

@@ -202,14 +204,14 @@ the Git code revision control system or as a downloadable tar file. It may also be available in pre-compiled ready-to-use packages from operating system vendors. -

Download Tar File

+

Download Tar File

Downloading a release tar file is the recommended method to obtain the source code.

The BIND 10 releases are available as tar file downloads from ftp://ftp.isc.org/isc/bind10/. Periodic development snapshots may also be available. -

Retrieve from Git

+

Retrieve from Git

Downloading this "bleeding edge" code is recommended only for developers or advanced users. Using development code in a production environment is not recommended. @@ -243,7 +245,7 @@ autoheader, automake, and related commands. -

Configure before the build

+

Configure before the build

BIND 10 uses the GNU Build System to discover build environment details. To generate the makefiles using the defaults, simply run: @@ -274,16 +276,16 @@

If the configure fails, it may be due to missing or old dependencies. -

Build

+

Build

After the configure step is complete, to build the executables from the C++ code and prepare the Python scripts, run: 

$ make

-

Install

+

Install

To install the BIND 10 executables, support files, and documentation, run: 

$ make install

-

Note

The install step may require superuser privileges.

Install Hierarchy

+

Note

The install step may require superuser privileges.

Install Hierarchy

The following is the layout of the complete BIND 10 installation:

  • bin/ — @@ -505,12 +507,12 @@ shutdown the details and relays (over a b10-msgq command channel) the configuration on to the specified module.

    -

Chapter 8. Authoritative Server

Table of Contents

Server Configurations
Data Source Backends
Loading Master Zones Files

+

Chapter 8. Authoritative Server

Table of Contents

Server Configurations
Data Source Backends
Loading Master Zones Files

The b10-auth is the authoritative DNS server. It supports EDNS0 and DNSSEC. It supports IPv6. Normally it is started by the bind10 master process. -

Server Configurations

+

Server Configurations

b10-auth is configured via the b10-cfgmgr configuration manager. The module name is Auth. @@ -530,7 +532,7 @@ This may be a temporary setting until then.

shutdown
Stop the authoritative DNS server.

-

Data Source Backends

Note

+

Data Source Backends

Note

For the development prototype release, b10-auth supports a SQLite3 data source backend and in-memory data source backend. @@ -544,7 +546,7 @@ This may be a temporary setting until then. The default is /usr/local/var/.) This data file location may be changed by defining the database_file configuration. -

Loading Master Zones Files

+

Loading Master Zones Files

RFC 1035 style DNS master zone files may imported into a BIND 10 data source by using the b10-loadzone utility. @@ -573,28 +575,69 @@ This may be a temporary setting until then. If you reload a zone already existing in the database, all records from that prior zone disappear and a whole new set appears. -

Chapter 9. Incoming Zone Transfers

+

Chapter 9. Incoming Zone Transfers

Table of Contents

Configuration for Incoming Zone Transfers
Enabling IXFR
Trigger an Incoming Zone Transfer Manually

Incoming zones are transferred using the b10-xfrin process which is started by bind10. - When received, the zone is stored in the BIND 10 - data store, and its records can be served by + When received, the zone is stored in the corresponding BIND 10 + data source, and its records can be served by b10-auth. In combination with b10-zonemgr (for automated SOA checks), this allows the BIND 10 server to provide secondary service. +

+ The b10-xfrin process supports both AXFR and + IXFR. Due to some implementation limitations of the current + development release, however, it only tries AXFR by default, + and care should be taken to enable IXFR.

Note

- The current development release of BIND 10 only supports - AXFR. (IXFR is not supported.) + In the current development release of BIND 10, incoming zone + transfers are only available for SQLite3-based data sources, + that is, they don't work for an in-memory data source. +

Configuration for Incoming Zone Transfers

+ In practice, you need to specify a list of secondary zones to + enable incoming zone transfers for these zones (you can still + trigger a zone transfer manually, without a prior configuration + (see below)). +

+ For example, to enable zone transfers for a zone named "example.com" + (whose master address is assumed to be 2001:db8::53 here), + run the following at the bindctl prompt: + 

> config add Xfrin/zones
+> config set Xfrin/zones[0]/name "example.com"
+> config set Xfrin/zones[0]/master_addr "2001:db8::53"
+> config commit

+ (We assume there has been no zone configuration before). +

Enabling IXFR

+ As noted above, b10-xfrin uses AXFR for + zone transfers by default. To enable IXFR for zone transfers + for a particular zone, set the use_ixfr + configuration parameter to true. + In the above example of configuration sequence, you'll need + to add the following before performing commit: + 

> config set Xfrin/zones[0]/use_ixfr true

+

Note

+ One reason why IXFR is disabled by default in the current + release is because it does not support automatic fallback from IXFR to + AXFR when it encounters a primary server that doesn't support + outbound IXFR (and, not many existing implementations support + it). Another, related reason is that it does not use AXFR even + if it has no knowledge about the zone (like at the very first + time the secondary server is set up). IXFR requires the + "current version" of the zone, so obviously it doesn't work + in this situation and AXFR is the only workable choice. + The current release of b10-xfrin does not + make this selection automatically. + These features will be implemented in a near future + version, at which point we will enable IXFR by default. +

Trigger an Incoming Zone Transfer Manually

+ To manually trigger a zone transfer to retrieve a remote zone, + you may use the bindctl utility. + For example, at the bindctl prompt run: -

- To manually trigger a zone transfer to retrieve a remote zone, - you may use the bindctl utility. - For example, at the bindctl prompt run: - - 

> Xfrin retransfer zone_name="foo.example.org" master=192.0.2.99

-

Chapter 10. Outbound Zone Transfers

+ 

> Xfrin retransfer zone_name="foo.example.org" master=192.0.2.99

+

Chapter 10. Outbound Zone Transfers

The b10-xfrout process is started by bind10. When the b10-auth authoritative DNS server @@ -622,7 +665,7 @@ This may be a temporary setting until then.

Note

Access control (such as allowing notifies) is not yet provided. The primary/secondary service is not yet complete. -

Chapter 12. Recursive Name Server

Table of Contents

Access Control
Forwarding

+

Chapter 12. Recursive Name Server

Table of Contents

Access Control
Forwarding

The b10-resolver process is started by bind10. @@ -656,7 +699,7 @@ This may be a temporary setting until then.

(Replace the 2 as needed; run config show - Resolver/listen_on if needed.)

Access Control

+ Resolver/listen_on” if needed.)

Access Control

By default, the b10-resolver daemon only accepts DNS queries from the localhost (127.0.0.1 and ::1). The Resolver/query_acl configuration may @@ -689,7 +732,7 @@ This may be a temporary setting until then.

(Replace the 2 as needed; run config show Resolver/query_acl if needed.)

Note

This prototype access control configuration - syntax may be changed.

Forwarding

+ syntax may be changed.

Forwarding

To enable forwarding, the upstream address and port must be configured to forward queries to, such as: @@ -743,7 +786,7 @@ This may be a temporary setting until then. } }

-

Chapter 14. Logging

Table of Contents

Logging configuration
Loggers
Output Options
Example session
Logging Message Format

Logging configuration

+

Chapter 14. Logging

Table of Contents

Logging configuration
Loggers
Output Options
Example session
Logging Message Format

Logging configuration

The logging system in BIND 10 is configured through the Logging module. All BIND 10 modules will look at the @@ -752,7 +795,7 @@ This may be a temporary setting until then. -

Loggers

+

Loggers

Within BIND 10, a message is logged through a component called a "logger". Different parts of BIND 10 log messages @@ -773,7 +816,7 @@ This may be a temporary setting until then. (what to log), and the output_options (where to log). -

name (string)

+

name (string)

Each logger in the system has a name, the name being that of the component using it to log messages. For instance, if you want to configure logging for the resolver module, @@ -846,7 +889,7 @@ This may be a temporary setting until then. Auth.cache logger will appear in the output with a logger name of b10-auth.cache). -

severity (string)

+

severity (string)

This specifies the category of messages logged. Each message is logged with an associated severity which @@ -862,7 +905,7 @@ This may be a temporary setting until then. -

output_options (list)

+

output_options (list)

Each logger can have zero or more output_options. These specify where log @@ -872,7 +915,7 @@ This may be a temporary setting until then. The other options for a logger are: -

debuglevel (integer)

+

debuglevel (integer)

When a logger's severity is set to DEBUG, this value specifies what debug messages should be printed. It ranges @@ -881,7 +924,7 @@ This may be a temporary setting until then. If severity for the logger is not DEBUG, this value is ignored. -

additive (true or false)

+

additive (true or false)

If this is true, the output_options from the parent will be used. For example, if there are two @@ -895,18 +938,18 @@ This may be a temporary setting until then. -

Output Options

+

Output Options

The main settings for an output option are the destination and a value called output, the meaning of which depends on the destination that is set. -

destination (string)

+

destination (string)

The destination is the type of output. It can be one of: -

  • console
  • file
  • syslog

output (string)

+

  • console
  • file
  • syslog

output (string)

Depending on what is set as the output destination, this value is interpreted as follows: @@ -928,12 +971,12 @@ This may be a temporary setting until then. The other options for output_options are: -

flush (true of false)

+

flush (true of false)

Flush buffers after each log message. Doing this will reduce performance but will ensure that if the program terminates abnormally, all messages up to the point of termination are output. -

maxsize (integer)

+

maxsize (integer)

Only relevant when destination is file, this is maximum file size of output files in bytes. When the maximum size is reached, the file is renamed and a new file opened. @@ -942,11 +985,11 @@ This may be a temporary setting until then. etc.)

If this is 0, no maximum file size is used. -

maxver (integer)

+

maxver (integer)

Maximum number of old log files to keep around when rolling the output file. Only relevant when destination is file. -

Example session

+

Example session

In this example we want to set the global logging to write to the file /var/log/my_bind10.log, @@ -1107,7 +1150,7 @@ Logging/loggers[0]/output_options[0]/maxver 8 integer (modified) And every module will now be using the values from the logger named *. -

Logging Message Format

+

Logging Message Format

Each message written by BIND 10 to the configured logging destinations comprises a number of components that identify the origin of the message and, if the message indicates diff --git a/doc/guide/bind10-guide.txt b/doc/guide/bind10-guide.txt new file mode 100644 index 0000000000..619d56f4ec --- /dev/null +++ b/doc/guide/bind10-guide.txt @@ -0,0 +1,1201 @@ + BIND 10 Guide + +Administrator Reference for BIND 10 + + This is the reference guide for BIND 10 version 20110809. + + Copyright (c) 2010-2011 Internet Systems Consortium, Inc. + + Abstract + + BIND 10 is a Domain Name System (DNS) suite managed by Internet Systems + Consortium (ISC). It includes DNS libraries and modular components for + controlling authoritative and recursive DNS servers. + + This is the reference guide for BIND 10 version 20110809. The most + up-to-date version of this document (in PDF, HTML, and plain text + formats), along with other documents for BIND 10, can be found at + http://bind10.isc.org/docs. + + -------------------------------------------------------------------------- + + Table of Contents + + 1. Introduction + + Supported Platforms + + Required Software + + Starting and Stopping the Server + + Managing BIND 10 + + 2. Installation + + Building Requirements + + Quick start + + Installation from source + + Download Tar File + + Retrieve from Git + + Configure before the build + + Build + + Install + + Install Hierarchy + + 3. Starting BIND10 with bind10 + + Starting BIND 10 + + 4. Command channel + + 5. Configuration manager + + 6. Remote control daemon + + Configuration specification for b10-cmdctl + + 7. Control and configure user interface + + 8. Authoritative Server + + Server Configurations + + Data Source Backends + + Loading Master Zones Files + + 9. Incoming Zone Transfers + + Configuration for Incoming Zone Transfers + + Enabling IXFR + + Trigger an Incoming Zone Transfer Manually + + 10. Outbound Zone Transfers + + 11. Secondary Manager + + 12. Recursive Name Server + + Access Control + + Forwarding + + 13. Statistics + + 14. Logging + + Logging configuration + + Loggers + + Output Options + + Example session + + Logging Message Format + +Chapter 1. Introduction + + Table of Contents + + Supported Platforms + + Required Software + + Starting and Stopping the Server + + Managing BIND 10 + + BIND is the popular implementation of a DNS server, developer interfaces, + and DNS tools. BIND 10 is a rewrite of BIND 9. BIND 10 is written in C++ + and Python and provides a modular environment for serving and maintaining + DNS. + + Note + + This guide covers the experimental prototype of BIND 10 version 20110809. + + Note + + BIND 10 provides a EDNS0- and DNSSEC-capable authoritative DNS server and + a caching recursive name server which also provides forwarding. + +Supported Platforms + + BIND 10 builds have been tested on Debian GNU/Linux 5, Ubuntu 9.10, NetBSD + 5, Solaris 10, FreeBSD 7 and 8, and CentOS Linux 5.3. It has been tested + on Sparc, i386, and amd64 hardware platforms. It is planned for BIND 10 to + build, install and run on Windows and standard Unix-type platforms. + +Required Software + + BIND 10 requires Python 3.1. Later versions may work, but Python 3.1 is + the minimum version which will work. + + BIND 10 uses the Botan crypto library for C++. It requires at least Botan + version 1.8. + + BIND 10 uses the log4cplus C++ logging library. It requires at least + log4cplus version 1.0.3. + + The authoritative server requires SQLite 3.3.9 or newer. The b10-xfrin, + b10-xfrout, and b10-zonemgr modules require the libpython3 library and the + Python _sqlite3.so module. + + Note + + Some operating systems do not provide these dependencies in their default + installation nor standard packages collections. You may need to install + them separately. + +Starting and Stopping the Server + + BIND 10 is modular. Part of this modularity is accomplished using multiple + cooperating processes which, together, provide the server functionality. + This is a change from the previous generation of BIND software, which used + a single process. + + At first, running many different processes may seem confusing. However, + these processes are started, stopped, and maintained by a single command, + bind10. This command starts a master process which will start other + processes as needed. The processes started by the bind10 command have + names starting with "b10-", including: + + o b10-msgq -- Message bus daemon. This process coordinates communication + between all of the other BIND 10 processes. + o b10-auth -- Authoritative DNS server. This process serves DNS + requests. + o b10-cfgmgr -- Configuration manager. This process maintains all of the + configuration for BIND 10. + o b10-cmdctl -- Command and control service. This process allows + external control of the BIND 10 system. + o b10-resolver -- Recursive name server. This process handles incoming + queries. + o b10-stats -- Statistics collection daemon. This process collects and + reports statistics data. + o b10-xfrin -- Incoming zone transfer service. This process is used to + transfer a new copy of a zone into BIND 10, when acting as a secondary + server. + o b10-xfrout -- Outgoing zone transfer service. This process is used to + handle transfer requests to send a local zone to a remote secondary + server, when acting as a master server. + o b10-zonemgr -- Secondary manager. This process keeps track of timers + and other necessary information for BIND 10 to act as a slave server. + + These are ran automatically by bind10 and do not need to be run manually. + +Managing BIND 10 + + Once BIND 10 is running, a few commands are used to interact directly with + the system: + + o bindctl -- interactive administration interface. This is a + command-line tool which allows an administrator to control BIND 10. + o b10-loadzone -- zone file loader. This tool will load standard + masterfile-format zone files into BIND 10. + o b10-cmdctl-usermgr -- user access control. This tool allows an + administrator to authorize additional users to manage BIND 10. + + The tools and modules are covered in full detail in this guide. In + addition, manual pages are also provided in the default installation. + + BIND 10 also provides libraries and programmer interfaces for C++ and + Python for the message bus, configuration backend, and, of course, DNS. + These include detailed developer documentation and code examples. + +Chapter 2. Installation + + Table of Contents + + Building Requirements + + Quick start + + Installation from source + + Download Tar File + + Retrieve from Git + + Configure before the build + + Build + + Install + + Install Hierarchy + +Building Requirements + + In addition to the run-time requirements, building BIND 10 from source + code requires various development include headers. + + Note + + Some operating systems have split their distribution packages into a + run-time and a development package. You will need to install the + development package versions, which include header files and libraries, to + build BIND 10 from source code. + + Building from source code requires the Boost build-time headers. At least + Boost version 1.35 is required. + + To build BIND 10, also install the Botan (at least version 1.8) and the + log4cplus (at least version 1.0.3) development include headers. + + The Python Library and Python _sqlite3 module are required to enable the + Xfrout and Xfrin support. + + Note + + The Python related libraries and modules need to be built for Python 3.1. + + Building BIND 10 also requires a C++ compiler and standard development + headers, make, and pkg-config. BIND 10 builds have been tested with GCC + g++ 3.4.3, 4.1.2, 4.1.3, 4.2.1, 4.3.2, and 4.4.1; Clang++ 2.8; and Sun C++ + 5.10. + +Quick start + + Note + + This quickly covers the standard steps for installing and deploying BIND + 10 as an authoritative name server using its defaults. For + troubleshooting, full customizations and further details, see the + respective chapters in the BIND 10 guide. + + To quickly get started with BIND 10, follow these steps. + + 1. Install required build dependencies. + 2. Download the BIND 10 source tar file from + ftp://ftp.isc.org/isc/bind10/. + 3. Extract the tar file: + + $ gzcat bind10-VERSION.tar.gz | tar -xvf - + + 4. Go into the source and run configure: + + $ cd bind10-VERSION + $ ./configure + + 5. Build it: + + $ make + + 6. Install it (to default /usr/local): + + $ make install + + 7. Start the server: + + $ /usr/local/sbin/bind10 + + 8. Test it; for example: + + $ dig @127.0.0.1 -c CH -t TXT authors.bind + + 9. Load desired zone file(s), for example: + + $ b10-loadzone your.zone.example.org + + 10. Test the new zone. + +Installation from source + + BIND 10 is open source software written in C++ and Python. It is freely + available in source code form from ISC via the Git code revision control + system or as a downloadable tar file. It may also be available in + pre-compiled ready-to-use packages from operating system vendors. + + Download Tar File + + Downloading a release tar file is the recommended method to obtain the + source code. + + The BIND 10 releases are available as tar file downloads from + ftp://ftp.isc.org/isc/bind10/. Periodic development snapshots may also be + available. + + Retrieve from Git + + Downloading this "bleeding edge" code is recommended only for developers + or advanced users. Using development code in a production environment is + not recommended. + + Note + + When using source code retrieved via Git additional software will be + required: automake (v1.11 or newer), libtoolize, and autoconf (2.59 or + newer). These may need to be installed. + + The latest development code, including temporary experiments and + un-reviewed code, is available via the BIND 10 code revision control + system. This is powered by Git and all the BIND 10 development is public. + The leading development is done in the "master". + + The code can be checked out from git://bind10.isc.org/bind10; for example: + + $ git clone git://bind10.isc.org/bind10 + + When checking out the code from the code version control system, it + doesn't include the generated configure script, Makefile.in files, nor the + related configure files. They can be created by running autoreconf with + the --install switch. This will run autoconf, aclocal, libtoolize, + autoheader, automake, and related commands. + + Configure before the build + + BIND 10 uses the GNU Build System to discover build environment details. + To generate the makefiles using the defaults, simply run: + + $ ./configure + + Run ./configure with the --help switch to view the different options. The + commonly-used options are: + + --prefix + Define the installation location (the default is /usr/local/). + + --with-boost-include + Define the path to find the Boost headers. + + --with-pythonpath + Define the path to Python 3.1 if it is not in the standard + execution path. + + --with-gtest + Enable building the C++ Unit Tests using the Google Tests + framework. Optionally this can define the path to the gtest header + files and library. + + For example, the following configures it to find the Boost headers, find + the Python interpreter, and sets the installation location: + + $ ./configure \ + --with-boost-include=/usr/pkg/include \ + --with-pythonpath=/usr/pkg/bin/python3.1 \ + --prefix=/opt/bind10 + + If the configure fails, it may be due to missing or old dependencies. + + Build + + After the configure step is complete, to build the executables from the + C++ code and prepare the Python scripts, run: + + $ make + + Install + + To install the BIND 10 executables, support files, and documentation, run: + + $ make install + + Note + + The install step may require superuser privileges. + + Install Hierarchy + + The following is the layout of the complete BIND 10 installation: + + o bin/ -- general tools and diagnostic clients. + o etc/bind10-devel/ -- configuration files. + o lib/ -- libraries and python modules. + o libexec/bind10-devel/ -- executables that a user wouldn't normally run + directly and are not run independently. These are the BIND 10 modules + which are daemons started by the bind10 tool. + o sbin/ -- commands used by the system administrator. + o share/bind10-devel/ -- configuration specifications. + o share/man/ -- manual pages (online documentation). + o var/bind10-devel/ -- data source and configuration databases. + +Chapter 3. Starting BIND10 with bind10 + + Table of Contents + + Starting BIND 10 + + BIND 10 provides the bind10 command which starts up the required + processes. bind10 will also restart processes that exit unexpectedly. This + is the only command needed to start the BIND 10 system. + + After starting the b10-msgq communications channel, bind10 connects to it, + runs the configuration manager, and reads its own configuration. Then it + starts the other modules. + + The b10-msgq and b10-cfgmgr services make up the core. The b10-msgq daemon + provides the communication channel between every part of the system. The + b10-cfgmgr daemon is always needed by every module, if only to send + information about themselves somewhere, but more importantly to ask about + their own settings, and about other modules. The bind10 master process + will also start up b10-cmdctl for admins to communicate with the system, + b10-auth for authoritative DNS service or b10-resolver for recursive name + service, b10-stats for statistics collection, b10-xfrin for inbound DNS + zone transfers, b10-xfrout for outbound DNS zone transfers, and + b10-zonemgr for secondary service. + +Starting BIND 10 + + To start the BIND 10 service, simply run bind10. Run it with the --verbose + switch to get additional debugging or diagnostic output. + + Note + + If the setproctitle Python module is detected at start up, the process + names for the Python-based daemons will be renamed to better identify them + instead of just "python". This is not needed on some operating systems. + +Chapter 4. Command channel + + The BIND 10 components use the b10-msgq message routing daemon to + communicate with other BIND 10 components. The b10-msgq implements what is + called the "Command Channel". Processes intercommunicate by sending + messages on the command channel. Example messages include shutdown, get + configurations, and set configurations. This Command Channel is not used + for DNS message passing. It is used only to control and monitor the BIND + 10 system. + + Administrators do not communicate directly with the b10-msgq daemon. By + default, BIND 10 uses port 9912 for the b10-msgq service. It listens on + 127.0.0.1. + +Chapter 5. Configuration manager + + The configuration manager, b10-cfgmgr, handles all BIND 10 system + configuration. It provides persistent storage for configuration, and + notifies running modules of configuration changes. + + The b10-auth and b10-xfrin daemons and other components receive their + configurations from the configuration manager over the b10-msgq command + channel. + + The administrator doesn't connect to it directly, but uses a user + interface to communicate with the configuration manager via b10-cmdctl's + REST-ful interface. b10-cmdctl is covered in Chapter 6, Remote control + daemon. + + Note + + The development prototype release only provides the bindctl as a user + interface to b10-cmdctl. Upcoming releases will provide another + interactive command-line interface and a web-based interface. + + The b10-cfgmgr daemon can send all specifications and all current settings + to the bindctl client (via b10-cmdctl). + + b10-cfgmgr relays configurations received from b10-cmdctl to the + appropriate modules. + + The stored configuration file is at + /usr/local/var/bind10-devel/b10-config.db. (The full path is what was + defined at build configure time for --localstatedir. The default is + /usr/local/var/.) The format is loosely based on JSON and is directly + parseable python, but this may change in a future version. This + configuration data file is not manually edited by the administrator. + + The configuration manager does not have any command line arguments. + Normally it is not started manually, but is automatically started using + the bind10 master process (as covered in Chapter 3, Starting BIND10 with + bind10). + +Chapter 6. Remote control daemon + + Table of Contents + + Configuration specification for b10-cmdctl + + b10-cmdctl is the gateway between administrators and the BIND 10 system. + It is a HTTPS server that uses standard HTTP Digest Authentication for + username and password validation. It provides a REST-ful interface for + accessing and controlling BIND 10. + + When b10-cmdctl starts, it firsts asks b10-cfgmgr about what modules are + running and what their configuration is (over the b10-msgq channel). Then + it will start listening on HTTPS for clients -- the user interface -- such + as bindctl. + + b10-cmdctl directly sends commands (received from the user interface) to + the specified component. Configuration changes are actually commands to + b10-cfgmgr so are sent there. + + The HTTPS server requires a private key, such as a RSA PRIVATE KEY. The + default location is at /usr/local/etc/bind10-devel/cmdctl-keyfile.pem. (A + sample key is at /usr/local/share/bind10-devel/cmdctl-keyfile.pem.) It + also uses a certificate located at + /usr/local/etc/bind10-devel/cmdctl-certfile.pem. (A sample certificate is + at /usr/local/share/bind10-devel/cmdctl-certfile.pem.) This may be a + self-signed certificate or purchased from a certification authority. + + Note + + The HTTPS server doesn't support a certificate request from a client (at + this time). The b10-cmdctl daemon does not provide a public service. If + any client wants to control BIND 10, then a certificate needs to be first + received from the BIND 10 administrator. The BIND 10 installation provides + a sample PEM bundle that matches the sample key and certificate. + + The b10-cmdctl daemon also requires the user account file located at + /usr/local/etc/bind10-devel/cmdctl-accounts.csv. This comma-delimited file + lists the accounts with a user name, hashed password, and salt. (A sample + file is at /usr/local/share/bind10-devel/cmdctl-accounts.csv. It contains + the user named "root" with the password "bind10".) + + The administrator may create a user account with the b10-cmdctl-usermgr + tool. + + By default the HTTPS server listens on the localhost port 8080. The port + can be set by using the --port command line option. The address to listen + on can be set using the --address command line argument. Each HTTPS + connection is stateless and timesout in 1200 seconds by default. This can + be redefined by using the --idle-timeout command line argument. + +Configuration specification for b10-cmdctl + + The configuration items for b10-cmdctl are: key_file cert_file + accounts_file + + The control commands are: print_settings shutdown + +Chapter 7. Control and configure user interface + + Note + + For this development prototype release, bindctl is the only user + interface. It is expected that upcoming releases will provide another + interactive command-line interface and a web-based interface for + controlling and configuring BIND 10. + + The bindctl tool provides an interactive prompt for configuring, + controlling, and querying the BIND 10 components. It communicates directly + with a REST-ful interface over HTTPS provided by b10-cmdctl. It doesn't + communicate to any other components directly. + + Configuration changes are actually commands to b10-cfgmgr. So when bindctl + sends a configuration, it is sent to b10-cmdctl (over a HTTPS connection); + then b10-cmdctl sends the command (over a b10-msgq command channel) to + b10-cfgmgr which then stores the details and relays (over a b10-msgq + command channel) the configuration on to the specified module. + +Chapter 8. Authoritative Server + + Table of Contents + + Server Configurations + + Data Source Backends + + Loading Master Zones Files + + The b10-auth is the authoritative DNS server. It supports EDNS0 and + DNSSEC. It supports IPv6. Normally it is started by the bind10 master + process. + +Server Configurations + + b10-auth is configured via the b10-cfgmgr configuration manager. The + module name is "Auth". The configuration data item is: + + database_file + This is an optional string to define the path to find the SQLite3 + database file. Note: Later the DNS server will use various data + source backends. This may be a temporary setting until then. + + The configuration command is: + + shutdown + Stop the authoritative DNS server. + +Data Source Backends + + Note + + For the development prototype release, b10-auth supports a SQLite3 data + source backend and in-memory data source backend. Upcoming versions will + be able to use multiple different data sources, such as MySQL and Berkeley + DB. + + By default, the SQLite3 backend uses the data file located at + /usr/local/var/bind10-devel/zone.sqlite3. (The full path is what was + defined at build configure time for --localstatedir. The default is + /usr/local/var/.) This data file location may be changed by defining the + "database_file" configuration. + +Loading Master Zones Files + + RFC 1035 style DNS master zone files may imported into a BIND 10 data + source by using the b10-loadzone utility. + + b10-loadzone supports the following special directives (control entries): + + $INCLUDE + Loads an additional zone file. This may be recursive. + + $ORIGIN + Defines the relative domain name. + + $TTL + Defines the time-to-live value used for following records that + don't include a TTL. + + The -o argument may be used to define the default origin for loaded zone + file records. + + Note + + In the development prototype release, only the SQLite3 back end is used. + By default, it stores the zone data in + /usr/local/var/bind10-devel/zone.sqlite3 unless the -d switch is used to + set the database filename. Multiple zones are stored in a single SQLite3 + zone database. + + If you reload a zone already existing in the database, all records from + that prior zone disappear and a whole new set appears. + +Chapter 9. Incoming Zone Transfers + + Table of Contents + + Configuration for Incoming Zone Transfers + + Enabling IXFR + + Trigger an Incoming Zone Transfer Manually + + Incoming zones are transferred using the b10-xfrin process which is + started by bind10. When received, the zone is stored in the corresponding + BIND 10 data source, and its records can be served by b10-auth. In + combination with b10-zonemgr (for automated SOA checks), this allows the + BIND 10 server to provide "secondary" service. + + The b10-xfrin process supports both AXFR and IXFR. Due to some + implementation limitations of the current development release, however, it + only tries AXFR by default, and care should be taken to enable IXFR. + + Note + + In the current development release of BIND 10, incoming zone transfers are + only available for SQLite3-based data sources, that is, they don't work + for an in-memory data source. + +Configuration for Incoming Zone Transfers + + In practice, you need to specify a list of secondary zones to enable + incoming zone transfers for these zones (you can still trigger a zone + transfer manually, without a prior configuration (see below)). + + For example, to enable zone transfers for a zone named "example.com" + (whose master address is assumed to be 2001:db8::53 here), run the + following at the bindctl prompt: + + > config add Xfrin/zones + > config set Xfrin/zones[0]/name "example.com" + > config set Xfrin/zones[0]/master_addr "2001:db8::53" + > config commit + + (We assume there has been no zone configuration before). + +Enabling IXFR + + As noted above, b10-xfrin uses AXFR for zone transfers by default. To + enable IXFR for zone transfers for a particular zone, set the use_ixfr + configuration parameter to true. In the above example of configuration + sequence, you'll need to add the following before performing commit: + + > config set Xfrin/zones[0]/use_ixfr true + + Note + + One reason why IXFR is disabled by default in the current release is + because it does not support automatic fallback from IXFR to AXFR when it + encounters a primary server that doesn't support outbound IXFR (and, not + many existing implementations support it). Another, related reason is that + it does not use AXFR even if it has no knowledge about the zone (like at + the very first time the secondary server is set up). IXFR requires the + "current version" of the zone, so obviously it doesn't work in this + situation and AXFR is the only workable choice. The current release of + b10-xfrin does not make this selection automatically. These features will + be implemented in a near future version, at which point we will enable + IXFR by default. + +Trigger an Incoming Zone Transfer Manually + + To manually trigger a zone transfer to retrieve a remote zone, you may use + the bindctl utility. For example, at the bindctl prompt run: + + > Xfrin retransfer zone_name="foo.example.org" master=192.0.2.99 + +Chapter 10. Outbound Zone Transfers + + The b10-xfrout process is started by bind10. When the b10-auth + authoritative DNS server receives an AXFR request, b10-xfrout sends the + zone. This is used to provide master DNS service to share zones to + secondary name servers. The b10-xfrout is also used to send NOTIFY + messages to slaves. + + Note + + The current development release of BIND 10 only supports AXFR. (IXFR is + not supported.) Access control is not yet provided. + +Chapter 11. Secondary Manager + + The b10-zonemgr process is started by bind10. It keeps track of SOA + refresh, retry, and expire timers and other details for BIND 10 to perform + as a slave. When the b10-auth authoritative DNS server receives a NOTIFY + message, b10-zonemgr may tell b10-xfrin to do a refresh to start an + inbound zone transfer. The secondary manager resets its counters when a + new zone is transferred in. + + Note + + Access control (such as allowing notifies) is not yet provided. The + primary/secondary service is not yet complete. + +Chapter 12. Recursive Name Server + + Table of Contents + + Access Control + + Forwarding + + The b10-resolver process is started by bind10. + + The main bind10 process can be configured to select to run either the + authoritative or resolver or both. By default, it starts the authoritative + service. You may change this using bindctl, for example: + + > config set Boss/start_auth false + > config set Boss/start_resolver true + > config commit + + The master bind10 will stop and start the desired services. + + By default, the resolver listens on port 53 for 127.0.0.1 and ::1. The + following example shows how it can be configured to listen on an + additional address (and port): + + > config add Resolver/listen_on + > config set Resolver/listen_on[2]/address "192.168.1.1" + > config set Resolver/listen_on[2]/port 53 + > config commit + + (Replace the "2" as needed; run "config show Resolver/listen_on" if + needed.) + +Access Control + + By default, the b10-resolver daemon only accepts DNS queries from the + localhost (127.0.0.1 and ::1). The Resolver/query_acl configuration may be + used to reject, drop, or allow specific IPs or networks. This + configuration list is first match. + + The configuration's action item may be set to "ACCEPT" to allow the + incoming query, "REJECT" to respond with a DNS REFUSED return code, or + "DROP" to ignore the query without any response (such as a blackhole). For + more information, see the respective debugging messages: + RESOLVER_QUERY_ACCEPTED, RESOLVER_QUERY_REJECTED, and + RESOLVER_QUERY_DROPPED. + + The required configuration's from item is set to an IPv4 or IPv6 address, + addresses with an network mask, or to the special lowercase keywords + "any6" (for any IPv6 address) or "any4" (for any IPv4 address). + + For example to allow the 192.168.1.0/24 network to use your recursive name + server, at the bindctl prompt run: + + > config add Resolver/query_acl + > config set Resolver/query_acl[2]/action "ACCEPT" + > config set Resolver/query_acl[2]/from "192.168.1.0/24" + > config commit + + (Replace the "2" as needed; run "config show Resolver/query_acl" if + needed.) + + Note + + This prototype access control configuration syntax may be changed. + +Forwarding + + To enable forwarding, the upstream address and port must be configured to + forward queries to, such as: + + > config set Resolver/forward_addresses [{ "address": "192.168.1.1", "port": 53 }] + > config commit + + (Replace 192.168.1.1 to point to your full resolver.) + + Normal iterative name service can be re-enabled by clearing the forwarding + address(es); for example: + + > config set Resolver/forward_addresses [] + > config commit + +Chapter 13. Statistics + + The b10-stats process is started by bind10. It periodically collects + statistics data from various modules and aggregates it. + + This stats daemon provides commands to identify if it is running, show + specified or all statistics data, show specified or all statistics data + schema, and set specified statistics data. For example, using bindctl: + + > Stats show + { + "Auth": { + "queries.tcp": 1749, + "queries.udp": 867868 + }, + "Boss": { + "boot_time": "2011-01-20T16:59:03Z" + }, + "Stats": { + "boot_time": "2011-01-20T16:59:05Z", + "last_update_time": "2011-01-20T17:04:05Z", + "lname": "4d3869d9_a@jreed.example.net", + "report_time": "2011-01-20T17:04:06Z", + "timestamp": 1295543046.823504 + } + } + + +Chapter 14. Logging + + Table of Contents + + Logging configuration + + Loggers + + Output Options + + Example session + + Logging Message Format + +Logging configuration + + The logging system in BIND 10 is configured through the Logging module. + All BIND 10 modules will look at the configuration in Logging to see what + should be logged and to where. + + Loggers + + Within BIND 10, a message is logged through a component called a "logger". + Different parts of BIND 10 log messages through different loggers, and + each logger can be configured independently of one another. + + In the Logging module, you can specify the configuration for zero or more + loggers; any that are not specified will take appropriate default values.. + + The three most important elements of a logger configuration are the name + (the component that is generating the messages), the severity (what to + log), and the output_options (where to log). + + name (string) + + Each logger in the system has a name, the name being that of the component + using it to log messages. For instance, if you want to configure logging + for the resolver module, you add an entry for a logger named "Resolver". + This configuration will then be used by the loggers in the Resolver + module, and all the libraries used by it. + + If you want to specify logging for one specific library within the module, + you set the name to module.library. For example, the logger used by the + nameserver address store component has the full name of "Resolver.nsas". + If there is no entry in Logging for a particular library, it will use the + configuration given for the module. + + To illustrate this, suppose you want the cache library to log messages of + severity DEBUG, and the rest of the resolver code to log messages of + severity INFO. To achieve this you specify two loggers, one with the name + "Resolver" and severity INFO, and one with the name "Resolver.cache" with + severity DEBUG. As there are no entries for other libraries (e.g. the + nsas), they will use the configuration for the module ("Resolver"), so + giving the desired behavior. + + One special case is that of a module name of "*" (asterisks), which is + interpreted as any module. You can set global logging options by using + this, including setting the logging configuration for a library that is + used by multiple modules (e.g. "*.config" specifies the configuration + library code in whatever module is using it). + + If there are multiple logger specifications in the configuration that + might match a particular logger, the specification with the more specific + logger name takes precedence. For example, if there are entries for for + both "*" and "Resolver", the resolver module -- and all libraries it uses + -- will log messages according to the configuration in the second entry + ("Resolver"). All other modules will use the configuration of the first + entry ("*"). If there was also a configuration entry for "Resolver.cache", + the cache library within the resolver would use that in preference to the + entry for "Resolver". + + One final note about the naming. When specifying the module name within a + logger, use the name of the module as specified in bindctl, e.g. + "Resolver" for the resolver module, "Xfrout" for the xfrout module, etc. + When the message is logged, the message will include the name of the + logger generating the message, but with the module name replaced by the + name of the process implementing the module (so for example, a message + generated by the "Auth.cache" logger will appear in the output with a + logger name of "b10-auth.cache"). + + severity (string) + + This specifies the category of messages logged. Each message is logged + with an associated severity which may be one of the following (in + descending order of severity): + + o FATAL + o ERROR + o WARN + o INFO + o DEBUG + + When the severity of a logger is set to one of these values, it will only + log messages of that severity, and the severities above it. The severity + may also be set to NONE, in which case all messages from that logger are + inhibited. + + output_options (list) + + Each logger can have zero or more output_options. These specify where log + messages are sent to. These are explained in detail below. + + The other options for a logger are: + + debuglevel (integer) + + When a logger's severity is set to DEBUG, this value specifies what debug + messages should be printed. It ranges from 0 (least verbose) to 99 (most + verbose). + + If severity for the logger is not DEBUG, this value is ignored. + + additive (true or false) + + If this is true, the output_options from the parent will be used. For + example, if there are two loggers configured; "Resolver" and + "Resolver.cache", and additive is true in the second, it will write the + log messages not only to the destinations specified for "Resolver.cache", + but also to the destinations as specified in the output_options in the + logger named "Resolver". + + Output Options + + The main settings for an output option are the destination and a value + called output, the meaning of which depends on the destination that is + set. + + destination (string) + + The destination is the type of output. It can be one of: + + o console + o file + o syslog + + output (string) + + Depending on what is set as the output destination, this value is + interpreted as follows: + + destination is "console" + The value of output must be one of "stdout" (messages printed to + standard output) or "stderr" (messages printed to standard error). + + destination is "file" + The value of output is interpreted as a file name; log messages + will be appended to this file. + + destination is "syslog" + The value of output is interpreted as the syslog facility (e.g. + local0) that should be used for log messages. + + The other options for output_options are: + + flush (true of false) + + Flush buffers after each log message. Doing this will reduce performance + but will ensure that if the program terminates abnormally, all messages up + to the point of termination are output. + + maxsize (integer) + + Only relevant when destination is file, this is maximum file size of + output files in bytes. When the maximum size is reached, the file is + renamed and a new file opened. (For example, a ".1" is appended to the + name -- if a ".1" file exists, it is renamed ".2", etc.) + + If this is 0, no maximum file size is used. + + maxver (integer) + + Maximum number of old log files to keep around when rolling the output + file. Only relevant when destination is "file". + + Example session + + In this example we want to set the global logging to write to the file + /var/log/my_bind10.log, at severity WARN. We want the authoritative server + to log at DEBUG with debuglevel 40, to a different file + (/tmp/debug_messages). + + Start bindctl. + + ["login success "] + > config show Logging + Logging/loggers [] list + + By default, no specific loggers are configured, in which case the severity + defaults to INFO and the output is written to stderr. + + Let's first add a default logger: + + > config add Logging/loggers + > config show Logging + Logging/loggers/ list (modified) + + The loggers value line changed to indicate that it is no longer an empty + list: + + > config show Logging/loggers + Logging/loggers[0]/name "" string (default) + Logging/loggers[0]/severity "INFO" string (default) + Logging/loggers[0]/debuglevel 0 integer (default) + Logging/loggers[0]/additive false boolean (default) + Logging/loggers[0]/output_options [] list (default) + + The name is mandatory, so we must set it. We will also change the severity + as well. Let's start with the global logger. + + > config set Logging/loggers[0]/name * + > config set Logging/loggers[0]/severity WARN + > config show Logging/loggers + Logging/loggers[0]/name "*" string (modified) + Logging/loggers[0]/severity "WARN" string (modified) + Logging/loggers[0]/debuglevel 0 integer (default) + Logging/loggers[0]/additive false boolean (default) + Logging/loggers[0]/output_options [] list (default) + + Of course, we need to specify where we want the log messages to go, so we + add an entry for an output option. + + > config add Logging/loggers[0]/output_options + > config show Logging/loggers[0]/output_options + Logging/loggers[0]/output_options[0]/destination "console" string (default) + Logging/loggers[0]/output_options[0]/output "stdout" string (default) + Logging/loggers[0]/output_options[0]/flush false boolean (default) + Logging/loggers[0]/output_options[0]/maxsize 0 integer (default) + Logging/loggers[0]/output_options[0]/maxver 0 integer (default) + + These aren't the values we are looking for. + + > config set Logging/loggers[0]/output_options[0]/destination file + > config set Logging/loggers[0]/output_options[0]/output /var/log/bind10.log + > config set Logging/loggers[0]/output_options[0]/maxsize 30000 + > config set Logging/loggers[0]/output_options[0]/maxver 8 + + Which would make the entire configuration for this logger look like: + + > config show all Logging/loggers + Logging/loggers[0]/name "*" string (modified) + Logging/loggers[0]/severity "WARN" string (modified) + Logging/loggers[0]/debuglevel 0 integer (default) + Logging/loggers[0]/additive false boolean (default) + Logging/loggers[0]/output_options[0]/destination "file" string (modified) + Logging/loggers[0]/output_options[0]/output "/var/log/bind10.log" string (modified) + Logging/loggers[0]/output_options[0]/flush false boolean (default) + Logging/loggers[0]/output_options[0]/maxsize 30000 integer (modified) + Logging/loggers[0]/output_options[0]/maxver 8 integer (modified) + + That looks OK, so let's commit it before we add the configuration for the + authoritative server's logger. + + > config commit + + Now that we have set it, and checked each value along the way, adding a + second entry is quite similar. + + > config add Logging/loggers + > config set Logging/loggers[1]/name Auth + > config set Logging/loggers[1]/severity DEBUG + > config set Logging/loggers[1]/debuglevel 40 + > config add Logging/loggers[1]/output_options + > config set Logging/loggers[1]/output_options[0]/destination file + > config set Logging/loggers[1]/output_options[0]/output /tmp/auth_debug.log + > config commit + + And that's it. Once we have found whatever it was we needed the debug + messages for, we can simply remove the second logger to let the + authoritative server use the same settings as the rest. + + > config remove Logging/loggers[1] + > config commit + + And every module will now be using the values from the logger named "*". + +Logging Message Format + + Each message written by BIND 10 to the configured logging destinations + comprises a number of components that identify the origin of the message + and, if the message indicates a problem, information about the problem + that may be useful in fixing it. + + Consider the message below logged to a file: + + 2011-06-15 13:48:22.034 ERROR [b10-resolver.asiolink] + ASIODNS_OPENSOCK error 111 opening TCP socket to 127.0.0.1(53) + + Note: the layout of messages written to the system logging file (syslog) + may be slightly different. This message has been split across two lines + here for display reasons; in the logging file, it will appear on one + line.) + + The log message comprises a number of components: + + 2011-06-15 13:48:22.034 + + The date and time at which the message was generated. + + ERROR + + The severity of the message. + + [b10-resolver.asiolink] + + The source of the message. This comprises two components: the BIND + 10 process generating the message (in this case, b10-resolver) and + the module within the program from which the message originated + (which in the example is the asynchronous I/O link module, + asiolink). + + ASIODNS_OPENSOCK + + The message identification. Every message in BIND 10 has a unique + identification, which can be used as an index into the BIND 10 + Messages Manual (http://bind10.isc.org/docs/bind10-messages.html) + from which more information can be obtained. + + error 111 opening TCP socket to 127.0.0.1(53) + + A brief description of the cause of the problem. Within this text, + information relating to the condition that caused the message to + be logged will be included. In this example, error number 111 (an + operating system-specific error number) was encountered when + trying to open a TCP connection to port 53 on the local system + (address 127.0.0.1). The next step would be to find out the reason + for the failure by consulting your system's documentation to + identify what error number 111 means. diff --git a/doc/guide/bind10-guide.xml b/doc/guide/bind10-guide.xml index 34607e9105..21bb671efb 100644 --- a/doc/guide/bind10-guide.xml +++ b/doc/guide/bind10-guide.xml @@ -41,9 +41,10 @@ This is the reference guide for BIND 10 version &__VERSION__;. - The most up-to-date version of this document, along with - other documents for BIND 10, can be found at . + The most up-to-date version of this document (in PDF, HTML, + and plain text formats), along with other documents for + BIND 10, can be found at . + This is the reference guide for BIND 10 version &__VERSION__;. @@ -1271,6 +1272,7 @@ TODO development release, however, it only tries AXFR by default, and care should be taken to enable IXFR. + In the current development release of BIND 10, incoming zone @@ -1278,13 +1280,19 @@ TODO that is, they don't work for an in-memory data source. - - To enable IXFR, you need to - configure b10-xfrin with an explicit zone - configuration for the zone. - For example, to enable IXFR for a zone named "example.com" - (whose master address is assumed to be 2001:db8::53 here), - run the following at the bindctl prompt: +

+ Configuration for Incoming Zone Transfers + + In practice, you need to specify a list of secondary zones to + enable incoming zone transfers for these zones (you can still + trigger a zone transfer manually, without a prior configuration + (see below)). + + + + For example, to enable zone transfers for a zone named "example.com" + (whose master address is assumed to be 2001:db8::53 here), + run the following at the bindctl prompt: > config add Xfrin/zones > config set Xfrin/zones[0]/name "" @@ -1292,16 +1300,23 @@ TODO > config commit (We assume there has been no zone configuration before). - Note that you do NOT have to explicitly enable IXFR in the zone - configuration; once it's defined, IXFR is enabled by default. - This also means if you specify a zone configuration for some - other reason but don't want to use IXFR for that zone, you need - to disable it explicitly: + +
- > config set Xfrin/zones[0]/ixfr_disabled true - +
+ Enabling IXFR + + As noted above, b10-xfrin uses AXFR for + zone transfers by default. To enable IXFR for zone transfers + for a particular zone, set the use_ixfr + configuration parameter to true. + In the above example of configuration sequence, you'll need + to add the following before performing commit: + > config set Xfrin/zones[0]/use_ixfr true + - + + One reason why IXFR is disabled by default in the current release is because it does not support automatic fallback from IXFR to AXFR when it encounters a primary server that doesn't support @@ -1315,7 +1330,8 @@ TODO make this selection automatically. These features will be implemented in a near future version, at which point we will enable IXFR by default. - + +
- - To manually trigger a zone transfer to retrieve a remote zone, - you may use the bindctl utility. - For example, at the bindctl prompt run: +
+ Trigger an Incoming Zone Transfer Manually + + + To manually trigger a zone transfer to retrieve a remote zone, + you may use the bindctl utility. + For example, at the bindctl prompt run: + + > Xfrin retransfer zone_name="" master= + +
- > Xfrin retransfer zone_name="" master= - diff --git a/doc/guide/bind10-messages.xml b/doc/guide/bind10-messages.xml index f5c44b33d8..bade381d2e 100644 --- a/doc/guide/bind10-messages.xml +++ b/doc/guide/bind10-messages.xml @@ -244,6 +244,14 @@ packet. + +AUTH_INVALID_STATISTICS_DATA invalid specification of statistics data specified + +An error was encountered when the authoritiative server specified +statistics data which is invalid for the auth specification file. + + + AUTH_LOAD_TSIG loading TSIG keys @@ -581,6 +589,14 @@ started according to the configuration. + +BIND10_INVALID_STATISTICS_DATA invalid specification of statistics data specified + +An error was encountered when the boss module specified +statistics data which is invalid for the boss specification file. + + + BIND10_INVALID_USER invalid user: %1 @@ -1150,7 +1166,7 @@ Debug message. The resolver is trying to look up data in the RRset cache. -CACHE_RRSET_NOT_FOUND no RRset found for %1/%2/%3 +CACHE_RRSET_NOT_FOUND no RRset found for %1/%2/%3 in cache Debug message which can follow CACHE_RRSET_LOOKUP. This means the data is not in the cache. @@ -1773,13 +1789,12 @@ means no limit. - -DATASRC_DATABASE_FIND_ERROR error retrieving data from datasource %1: %2 + +DATASRC_DATABASE_COVER_NSEC_UNSUPPORTED %1 doesn't support DNSSEC when asked for NSEC data covering %2 -This was an internal error while reading data from a datasource. This can either -mean the specific data source implementation is not behaving correctly, or the -data it provides is invalid. The current search is aborted. -The error message contains specific information about the error. +The datasource tried to provide an NSEC proof that the named domain does not +exist, but the database backend doesn't support DNSSEC. No proof is included +in the answer as a result. @@ -1795,28 +1810,9 @@ name and type in the database. DATASRC_DATABASE_FIND_TTL_MISMATCH TTL values differ in %1 for elements of %2/%3/%4, setting to %5 The datasource backend provided resource records for the given RRset with -different TTL values. The TTL of the RRSET is set to the lowest value, which -is printed in the log message. - - - - -DATASRC_DATABASE_FIND_UNCAUGHT_ERROR uncaught general error retrieving data from datasource %1: %2 - -There was an uncaught general exception while reading data from a datasource. -This most likely points to a logic error in the code, and can be considered a -bug. The current search is aborted. Specific information about the exception is -printed in this error message. - - - - -DATASRC_DATABASE_FIND_UNCAUGHT_ISC_ERROR uncaught error retrieving data from datasource %1: %2 - -There was an uncaught ISC exception while reading data from a datasource. This -most likely points to a logic error in the code, and can be considered a bug. -The current search is aborted. Specific information about the exception is -printed in this error message. +different TTL values. This isn't allowed on the wire and is considered +an error, so we set it to the lowest value we found (but we don't modify the +database). The data in database should be checked and fixed. @@ -1846,6 +1842,15 @@ instead. + +DATASRC_DATABASE_FOUND_EMPTY_NONTERMINAL empty non-terminal %2 in %1 + +The domain name doesn't have any RRs, so it doesn't exist in the database. +However, it has a subdomain, so it exists in the DNS address space. So we +return NXRRSET instead of NXDOMAIN. + + + DATASRC_DATABASE_FOUND_NXDOMAIN search in datasource %1 resulted in NXDOMAIN for %2/%3/%4 @@ -1871,6 +1876,132 @@ returned is printed. + +DATASRC_DATABASE_ITERATE iterating zone %1 + +The program is reading the whole zone, eg. not searching for data, but going +through each of the RRsets there. + + + + +DATASRC_DATABASE_ITERATE_END iterating zone finished + +While iterating through the zone, the program reached end of the data. + + + + +DATASRC_DATABASE_ITERATE_NEXT next RRset in zone is %1/%2 + +While iterating through the zone, the program extracted next RRset from it. +The name and RRtype of the RRset is indicated in the message. + + + + +DATASRC_DATABASE_ITERATE_TTL_MISMATCH TTL values differ for RRs of %1/%2/%3, setting to %4 + +While iterating through the zone, the time to live for RRs of the given RRset +were found to be different. This isn't allowed on the wire and is considered +an error, so we set it to the lowest value we found (but we don't modify the +database). The data in database should be checked and fixed. + + + + +DATASRC_DATABASE_UPDATER_COMMIT updates committed for '%1/%2' on %3 + +Debug information. A set of updates to a zone has been successfully +committed to the corresponding database backend. The zone name, +its class and the database name are printed. + + + + +DATASRC_DATABASE_UPDATER_CREATED zone updater created for '%1/%2' on %3 + +Debug information. A zone updater object is created to make updates to +the shown zone on the shown backend database. + + + + +DATASRC_DATABASE_UPDATER_DESTROYED zone updater destroyed for '%1/%2' on %3 + +Debug information. A zone updater object is destroyed, either successfully +or after failure of, making updates to the shown zone on the shown backend +database. + + + + +DATASRC_DATABASE_UPDATER_ROLLBACK zone updates roll-backed for '%1/%2' on %3 + +A zone updater is being destroyed without committing the changes. +This would typically mean the update attempt was aborted due to some +error, but may also be a bug of the application that forgets committing +the changes. The intermediate changes made through the updater won't +be applied to the underlying database. The zone name, its class, and +the underlying database name are shown in the log message. + + + + +DATASRC_DATABASE_UPDATER_ROLLBACKFAIL failed to roll back zone updates for '%1/%2' on %3: %4 + +A zone updater is being destroyed without committing the changes to +the database, and attempts to rollback incomplete updates, but it +unexpectedly fails. The higher level implementation does not expect +it to fail, so this means either a serious operational error in the +underlying data source (such as a system failure of a database) or +software bug in the underlying data source implementation. In either +case if this message is logged the administrator should carefully +examine the underlying data source to see what exactly happens and +whether the data is still valid. The zone name, its class, and the +underlying database name as well as the error message thrown from the +database module are shown in the log message. + + + + +DATASRC_DATABASE_WILDCARD constructing RRset %3 from wildcard %2 in %1 + +The database doesn't contain directly matching domain, but it does contain a +wildcard one which is being used to synthesize the answer. + + + + +DATASRC_DATABASE_WILDCARD_CANCEL_NS canceled wildcard match on %2 because %3 contains NS in %1 + +The database was queried to provide glue data and it didn't find direct match. +It could create it from given wildcard, but matching wildcards is forbidden +under a zone cut, which was found. Therefore the delegation will be returned +instead. + + + + +DATASRC_DATABASE_WILDCARD_CANCEL_SUB wildcard %2 can't be used to construct %3 because %4 exists in %1 + +The answer could be constructed using the wildcard, but the given subdomain +exists, therefore this name is something like empty non-terminal (actually, +from the protocol point of view, it is empty non-terminal, but the code +discovers it differently). + + + + +DATASRC_DATABASE_WILDCARD_EMPTY implicit wildcard %2 used to construct %3 in %1 + +The given wildcard exists implicitly in the domainspace, as empty nonterminal +(eg. there's something like subdomain.*.example.org, so *.example.org exists +implicitly, but is empty). This will produce NXRRSET, because the constructed +domain is empty as well as the wildcard. + + + DATASRC_DO_QUERY handling query for '%1/%2' @@ -2750,6 +2881,15 @@ generated. + +LIBXFRIN_DIFFERENT_TTL multiple data with different TTLs (%1, %2) on %3/%4. Adjusting %2 -> %1. + +The xfrin module received an update containing multiple rdata changes for the +same RRset. But the TTLs of these don't match each other. As we combine them +together, the later one get's overwritten to the earlier one in the sequence. + + + LOGIMPL_ABOVE_MAX_DEBUG debug level of %1 is too high and will be set to the maximum of %2 @@ -4103,21 +4243,17 @@ configuration update from the configuration manager. - -STATS_RECEIVED_REMOVE_COMMAND received command to remove %1 + +STATS_RECEIVED_SHOWSCHEMA_ALL_COMMAND received command to show all statistics schema -A remove command for the given name was sent to the stats module, and -the given statistics value will now be removed. It will not appear in -statistics reports until it appears in a statistics update from a -module again. +The stats module received a command to show all statistics schemas of all modules. - -STATS_RECEIVED_RESET_COMMAND received command to reset all statistics + +STATS_RECEIVED_SHOWSCHEMA_NAME_COMMAND received command to show statistics schema for %1 -The stats module received a command to clear all collected statistics. -The data is cleared until it receives an update from the modules again. +The stats module received a command to show the specified statistics schema of the specified module. @@ -4168,6 +4304,21 @@ to send its data to the stats module. + +STATS_STARTING starting + +The stats module will be now starting. + + + + +STATS_START_ERROR stats module error: %1 + +An internal error occurred while starting the stats module. The stats +module will be now shutting down. + + + STATS_STOPPED_BY_KEYBOARD keyboard interrupt, shutting down @@ -4191,39 +4342,28 @@ Please check your installation. XFRIN_AXFR_DATABASE_FAILURE AXFR transfer of zone %1 failed: %2 The AXFR transfer for the given zone has failed due to a database problem. -The error is shown in the log message. +The error is shown in the log message. Note: due to the code structure +this can only happen for AXFR. - -XFRIN_AXFR_INTERNAL_FAILURE AXFR transfer of zone %1 failed: %2 + +XFRIN_AXFR_INCONSISTENT_SOA AXFR SOAs are inconsistent for %1: %2 expected, %3 received -The AXFR transfer for the given zone has failed due to an internal -problem in the bind10 python wrapper library. -The error is shown in the log message. - - - - -XFRIN_AXFR_TRANSFER_FAILURE AXFR transfer of zone %1 failed: %2 - -The AXFR transfer for the given zone has failed due to a protocol error. -The error is shown in the log message. - - - - -XFRIN_AXFR_TRANSFER_STARTED AXFR transfer of zone %1 started - -A connection to the master server has been made, the serial value in -the SOA record has been checked, and a zone transfer has been started. - - - - -XFRIN_AXFR_TRANSFER_SUCCESS AXFR transfer of zone %1 succeeded - -The AXFR transfer of the given zone was successfully completed. +The serial fields of the first and last SOAs of AXFR (including AXFR-style +IXFR) are not the same. According to RFC 5936 these two SOAs must be the +"same" (not only for the serial), but it is still not clear what the +receiver should do if this condition does not hold. There was a discussion +about this at the IETF dnsext wg: +http://www.ietf.org/mail-archive/web/dnsext/current/msg07908.html +and the general feeling seems that it would be better to reject the +transfer if a mismatch is detected. On the other hand, also as noted +in that email thread, neither BIND 9 nor NSD performs any comparison +on the SOAs. For now, we only check the serials (ignoring other fields) +and only leave a warning log message when a mismatch is found. If it +turns out to happen with a real world primary server implementation +and that server actually feeds broken data (e.g. mixed versions of +zone), we can consider a stricter action. @@ -4280,6 +4420,27 @@ shown in the log message. + +XFRIN_GOT_INCREMENTAL_RESP got incremental response for %1 + +In an attempt of IXFR processing, the begenning SOA of the first difference +(following the initial SOA that specified the final SOA for all the +differences) was found. This means a connection for xfrin tried IXFR +and really aot a response for incremental updates. + + + + +XFRIN_GOT_NONINCREMENTAL_RESP got nonincremental response for %1 + +Non incremental transfer was detected at the "first data" of a transfer, +which is the RR following the initial SOA. Non incremental transfer is +either AXFR or AXFR-style IXFR. In the latter case, it means that +in a response to IXFR query the first data is not SOA or its SOA serial +is not equal to the requested SOA serial. + + + XFRIN_IMPORT_DNS error importing python DNS module: %1 @@ -4305,6 +4466,16 @@ likely means that the msgq daemon has quit or was killed. + +XFRIN_NOTIFY_UNKNOWN_MASTER got notification to retransfer zone %1 from %2, expected %3 + +The system received a notify for the given zone, but the address it came +from does not match the master address in the Xfrin configuration. The notify +is ignored. This may indicate that the configuration for the master is wrong, +that a wrong machine is sending notifies, or that fake notifies are being sent. + + + XFRIN_RETRANSFER_UNKNOWN_ZONE got notification to retransfer unknown zone %1 @@ -4338,6 +4509,38 @@ exception message is printed in the log message. + +XFRIN_XFR_OTHER_FAILURE %1 transfer of zone %2 failed: %3 + +The XFR transfer for the given zone has failed due to a problem outside +of the xfrin module. Possible reasons are a broken DNS message or failure +in database connection. The error is shown in the log message. + + + + +XFRIN_XFR_TRANSFER_FAILURE %1 transfer of zone %2 failed: %3 + +The XFR transfer for the given zone has failed due to a protocol error. +The error is shown in the log message. + + + + +XFRIN_XFR_TRANSFER_STARTED %1 transfer of zone %2 started + +A connection to the master server has been made, the serial value in +the SOA record has been checked, and a zone transfer has been started. + + + + +XFRIN_XFR_TRANSFER_SUCCESS %1 transfer of zone %2 succeeded + +The XFR transfer of the given zone was successfully completed. + + + XFROUT_AXFR_TRANSFER_DONE transfer of %1/%2 complete @@ -4401,6 +4604,14 @@ configuration manager b10-cfgmgr is not running. + +XFROUT_CONFIG_ERROR error found in configuration data: %1 + +The xfrout process encountered an error when installing the configuration at +startup time. Details of the error are included in the log message. + + + XFROUT_FETCH_REQUEST_ERROR socket error while fetching a request from the auth daemon @@ -4430,6 +4641,17 @@ system and your specific installation. + +XFROUT_MODULECC_SESSION_ERROR error encountered by configuration/command module: %1 + +There was a problem in the lower level module handling configuration and +control commands. This could happen for various reasons, but the most likely +cause is that the configuration database contains a syntax error and xfrout +failed to start at initialization. A detailed error message from the module +will also be displayed. + + + XFROUT_NEW_CONFIG Update xfrout configuration diff --git a/src/bin/auth/tests/Makefile.am b/src/bin/auth/tests/Makefile.am index a4bd6fa08d..d27386e62e 100644 --- a/src/bin/auth/tests/Makefile.am +++ b/src/bin/auth/tests/Makefile.am @@ -67,4 +67,4 @@ run_unittests_LDADD += $(top_builddir)/src/lib/nsas/libnsas.la run_unittests_LDADD += $(top_builddir)/src/lib/util/unittests/libutil_unittests.la endif -check_PROGRAMS = $(TESTS) +noinst_PROGRAMS = $(TESTS) diff --git a/src/bin/bind10/Makefile.am b/src/bin/bind10/Makefile.am index 5ec0c9f4a6..69ea256157 100644 --- a/src/bin/bind10/Makefile.am +++ b/src/bin/bind10/Makefile.am @@ -33,6 +33,7 @@ $(PYTHON_LOGMSGPKG_DIR)/work/bind10_messages.py : bind10_messages.mes # this is done here since configure.ac AC_OUTPUT doesn't expand exec_prefix bind10: bind10_src.py $(PYTHON_LOGMSGPKG_DIR)/work/bind10_messages.py $(SED) -e "s|@@PYTHONPATH@@|@pyexecdir@|" \ + -e "s|@@LIBDIR@@|$(libdir)|" \ -e "s|@@LIBEXECDIR@@|$(pkglibexecdir)|" bind10_src.py >$@ chmod a+x $@ diff --git a/src/bin/bind10/bind10_src.py.in b/src/bin/bind10/bind10_src.py.in index 1687cb1655..94747f21c2 100755 --- a/src/bin/bind10/bind10_src.py.in +++ b/src/bin/bind10/bind10_src.py.in @@ -579,6 +579,22 @@ class BoB: self.start_simple("b10-xfrout", c_channel_env) def start_xfrin(self, c_channel_env): + # XXX: a quick-hack workaround. xfrin will implicitly use dynamically + # loadable data source modules, which will be installed in $(libdir). + # On some OSes (including MacOS X and *BSDs) the main process (python) + # cannot find the modules unless they are located in a common shared + # object path or a path in the (DY)LD_LIBRARY_PATH. We should seek + # a cleaner solution, but for a short term workaround we specify the + # path here, unconditionally, and without even bothering which + # environment variable should be used. + if not "B10_FROM_SOURCE" in os.environ: + cur_path = os.getenv('DYLD_LIBRARY_PATH') + cur_path = '' if cur_path is None else ':' + cur_path + c_channel_env['DYLD_LIBRARY_PATH'] = "@@LIBDIR@@" + cur_path + + cur_path = os.getenv('LD_LIBRARY_PATH') + cur_path = '' if cur_path is None else ':' + cur_path + c_channel_env['LD_LIBRARY_PATH'] = "@@LIBDIR@@" + cur_path self.start_simple("b10-xfrin", c_channel_env) def start_zonemgr(self, c_channel_env): diff --git a/src/bin/cfgmgr/plugins/Makefile.am b/src/bin/cfgmgr/plugins/Makefile.am index 529a4ed481..5a4cfef4c3 100644 --- a/src/bin/cfgmgr/plugins/Makefile.am +++ b/src/bin/cfgmgr/plugins/Makefile.am @@ -1,11 +1,14 @@ SUBDIRS = tests -EXTRA_DIST = README tsig_keys.py tsig_keys.spec -EXTRA_DIST += logging.spec b10logging.py + +EXTRA_DIST = README logging.spec tsig_keys.spec config_plugindir = @prefix@/share/@PACKAGE@/config_plugins -config_plugin_DATA = tsig_keys.py tsig_keys.spec -config_plugin_DATA += b10logging.py logging.spec +config_plugin_DATA = logging.spec tsig_keys.spec +python_PYTHON = b10logging.py tsig_keys.py +pythondir = $(config_plugindir) + +CLEANFILES = b10logging.pyc tsig_keys.pyc CLEANDIRS = __pycache__ clean-local: diff --git a/src/bin/dhcp6/Makefile.am b/src/bin/dhcp6/Makefile.am index 805d6bbccb..690ba5f17a 100644 --- a/src/bin/dhcp6/Makefile.am +++ b/src/bin/dhcp6/Makefile.am @@ -4,9 +4,7 @@ AM_CPPFLAGS = -I$(top_srcdir)/src/lib -I$(top_builddir)/src/lib AM_CPPFLAGS += -I$(top_srcdir)/src/bin -I$(top_builddir)/src/bin AM_CPPFLAGS += -I$(top_srcdir)/src/lib/dns -I$(top_builddir)/src/lib/dns AM_CPPFLAGS += -I$(top_srcdir)/src/lib/cc -I$(top_builddir)/src/lib/cc -AM_CPPFLAGS += -I$(top_srcdir)/src/lib/asiolink -AM_CPPFLAGS += -I$(top_builddir)/src/lib/asiolink -AM_CPPFLAGS += $(BOOST_INCLUDES) + AM_CPPFLAGS += $(BOOST_INCLUDES) AM_CXXFLAGS = $(B10_CXXFLAGS) @@ -31,20 +29,14 @@ spec_config.h: spec_config.h.pre BUILT_SOURCES = spec_config.h pkglibexec_PROGRAMS = b10-dhcp6 -b10_dhcp6_SOURCES = main.cc iface_mgr.cc pkt6.cc dhcp6_srv.cc -b10_dhcp6_SOURCES += iface_mgr.h pkt6.h dhcp6_srv.h dhcp6.h -b10_dhcp6_LDADD = $(top_builddir)/src/lib/datasrc/libdatasrc.la -b10_dhcp6_LDADD += $(top_builddir)/src/lib/dns/libdns++.la -b10_dhcp6_LDADD += $(top_builddir)/src/lib/util/libutil.la -b10_dhcp6_LDADD += $(top_builddir)/src/lib/config/libcfgclient.la -b10_dhcp6_LDADD += $(top_builddir)/src/lib/cc/libcc.la + +b10_dhcp6_SOURCES = main.cc iface_mgr.cc dhcp6_srv.cc +b10_dhcp6_SOURCES += iface_mgr.h dhcp6_srv.h + +b10_dhcp6_LDADD = $(top_builddir)/src/lib/dhcp/libdhcp.la b10_dhcp6_LDADD += $(top_builddir)/src/lib/exceptions/libexceptions.la -b10_dhcp6_LDADD += $(top_builddir)/src/lib/asiodns/libasiodns.la b10_dhcp6_LDADD += $(top_builddir)/src/lib/asiolink/libasiolink.la b10_dhcp6_LDADD += $(top_builddir)/src/lib/log/liblog.la -b10_dhcp6_LDADD += $(top_builddir)/src/lib/xfr/libxfr.la -b10_dhcp6_LDADD += $(top_builddir)/src/lib/server_common/libserver_common.la -b10_dhcp6_LDADD += $(SQLITE_LIBS) # TODO: config.h.in is wrong because doesn't honor pkgdatadir # and can't use @datadir@ because doesn't expand default ${prefix} diff --git a/src/bin/dhcp6/dhcp6.h b/src/bin/dhcp6/dhcp6.h deleted file mode 100644 index b5512f31df..0000000000 --- a/src/bin/dhcp6/dhcp6.h +++ /dev/null @@ -1,184 +0,0 @@ -// Copyright (C) 2006-2011 Internet Systems Consortium, Inc. ("ISC") -// -// Permission to use, copy, modify, and/or distribute this software for any -// purpose with or without fee is hereby granted, provided that the above -// copyright notice and this permission notice appear in all copies. -// -// THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -// REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -// AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -// INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -// LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -// OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -// PERFORMANCE OF THIS SOFTWARE. - -#ifndef DHCP6_H -#define DHCP6_H - -/* DHCPv6 Option codes: */ - -#define D6O_CLIENTID 1 /* RFC3315 */ -#define D6O_SERVERID 2 -#define D6O_IA_NA 3 -#define D6O_IA_TA 4 -#define D6O_IAADDR 5 -#define D6O_ORO 6 -#define D6O_PREFERENCE 7 -#define D6O_ELAPSED_TIME 8 -#define D6O_RELAY_MSG 9 -/* Option code 10 unassigned. */ -#define D6O_AUTH 11 -#define D6O_UNICAST 12 -#define D6O_STATUS_CODE 13 -#define D6O_RAPID_COMMIT 14 -#define D6O_USER_CLASS 15 -#define D6O_VENDOR_CLASS 16 -#define D6O_VENDOR_OPTS 17 -#define D6O_INTERFACE_ID 18 -#define D6O_RECONF_MSG 19 -#define D6O_RECONF_ACCEPT 20 -#define D6O_SIP_SERVERS_DNS 21 /* RFC3319 */ -#define D6O_SIP_SERVERS_ADDR 22 /* RFC3319 */ -#define D6O_NAME_SERVERS 23 /* RFC3646 */ -#define D6O_DOMAIN_SEARCH 24 /* RFC3646 */ -#define D6O_IA_PD 25 /* RFC3633 */ -#define D6O_IAPREFIX 26 /* RFC3633 */ -#define D6O_NIS_SERVERS 27 /* RFC3898 */ -#define D6O_NISP_SERVERS 28 /* RFC3898 */ -#define D6O_NIS_DOMAIN_NAME 29 /* RFC3898 */ -#define D6O_NISP_DOMAIN_NAME 30 /* RFC3898 */ -#define D6O_SNTP_SERVERS 31 /* RFC4075 */ -#define D6O_INFORMATION_REFRESH_TIME 32 /* RFC4242 */ -#define D6O_BCMCS_SERVER_D 33 /* RFC4280 */ -#define D6O_BCMCS_SERVER_A 34 /* RFC4280 */ -/* 35 is unassigned */ -#define D6O_GEOCONF_CIVIC 36 /* RFC4776 */ -#define D6O_REMOTE_ID 37 /* RFC4649 */ -#define D6O_SUBSCRIBER_ID 38 /* RFC4580 */ -#define D6O_CLIENT_FQDN 39 /* RFC4704 */ -#define D6O_PANA_AGENT 40 /* paa-option */ -#define D6O_NEW_POSIX_TIMEZONE 41 /* RFC4833 */ -#define D6O_NEW_TZDB_TIMEZONE 42 /* RFC4833 */ -#define D6O_ERO 43 /* RFC4994 */ -#define D6O_LQ_QUERY 44 /* RFC5007 */ -#define D6O_CLIENT_DATA 45 /* RFC5007 */ -#define D6O_CLT_TIME 46 /* RFC5007 */ -#define D6O_LQ_RELAY_DATA 47 /* RFC5007 */ -#define D6O_LQ_CLIENT_LINK 48 /* RFC5007 */ - -/* - * Status Codes, from RFC 3315 section 24.4, and RFC 3633, 5007. - */ -#define STATUS_Success 0 -#define STATUS_UnspecFail 1 -#define STATUS_NoAddrsAvail 2 -#define STATUS_NoBinding 3 -#define STATUS_NotOnLink 4 -#define STATUS_UseMulticast 5 -#define STATUS_NoPrefixAvail 6 -#define STATUS_UnknownQueryType 7 -#define STATUS_MalformedQuery 8 -#define STATUS_NotConfigured 9 -#define STATUS_NotAllowed 10 - -/* - * DHCPv6 message types, defined in section 5.3 of RFC 3315 - */ -#define DHCPV6_SOLICIT 1 -#define DHCPV6_ADVERTISE 2 -#define DHCPV6_REQUEST 3 -#define DHCPV6_CONFIRM 4 -#define DHCPV6_RENEW 5 -#define DHCPV6_REBIND 6 -#define DHCPV6_REPLY 7 -#define DHCPV6_RELEASE 8 -#define DHCPV6_DECLINE 9 -#define DHCPV6_RECONFIGURE 10 -#define DHCPV6_INFORMATION_REQUEST 11 -#define DHCPV6_RELAY_FORW 12 -#define DHCPV6_RELAY_REPL 13 -#define DHCPV6_LEASEQUERY 14 -#define DHCPV6_LEASEQUERY_REPLY 15 - -extern const char *dhcpv6_type_names[]; -extern const int dhcpv6_type_name_max; - -/* DUID type definitions (RFC3315 section 9). - */ -#define DUID_LLT 1 -#define DUID_EN 2 -#define DUID_LL 3 - -/* Offsets into IA_*'s where Option spaces commence. */ -#define IA_NA_OFFSET 12 /* IAID, T1, T2, all 4 octets each */ -#define IA_TA_OFFSET 4 /* IAID only, 4 octets */ -#define IA_PD_OFFSET 12 /* IAID, T1, T2, all 4 octets each */ - -/* Offset into IAADDR's where Option spaces commence. */ -#define IAADDR_OFFSET 24 - -/* Offset into IAPREFIX's where Option spaces commence. */ -#define IAPREFIX_OFFSET 25 - -/* Offset into LQ_QUERY's where Option spaces commence. */ -#define LQ_QUERY_OFFSET 17 - -/* - * DHCPv6 well-known multicast addressess, from section 5.1 of RFC 3315 - */ -#define ALL_DHCP_RELAY_AGENTS_AND_SERVERS "ff02::1:2" -#define ALL_DHCP_SERVERS "ff05::1:3" - -#define DHCP6_CLIENT_PORT 546 -#define DHCP6_SERVER_PORT 547 - -/* - * DHCPv6 Retransmission Constants (RFC3315 section 5.5, RFC 5007) - */ - -#define SOL_MAX_DELAY 1 -#define SOL_TIMEOUT 1 -#define SOL_MAX_RT 120 -#define REQ_TIMEOUT 1 -#define REQ_MAX_RT 30 -#define REQ_MAX_RC 10 -#define CNF_MAX_DELAY 1 -#define CNF_TIMEOUT 1 -#define CNF_MAX_RT 4 -#define CNF_MAX_RD 10 -#define REN_TIMEOUT 10 -#define REN_MAX_RT 600 -#define REB_TIMEOUT 10 -#define REB_MAX_RT 600 -#define INF_MAX_DELAY 1 -#define INF_TIMEOUT 1 -#define INF_MAX_RT 120 -#define REL_TIMEOUT 1 -#define REL_MAX_RC 5 -#define DEC_TIMEOUT 1 -#define DEC_MAX_RC 5 -#define REC_TIMEOUT 2 -#define REC_MAX_RC 8 -#define HOP_COUNT_LIMIT 32 -#define LQ6_TIMEOUT 1 -#define LQ6_MAX_RT 10 -#define LQ6_MAX_RC 5 - -/* Leasequery query-types (RFC 5007) */ - -#define LQ6QT_BY_ADDRESS 1 -#define LQ6QT_BY_CLIENTID 2 - -/* - * DUID time starts 2000-01-01. - * This constant is the number of seconds since 1970-01-01, - * when the Unix epoch began. - */ -#define DUID_TIME_EPOCH 946684800 - -/* Information-Request Time option (RFC 4242) */ - -#define IRT_DEFAULT 86400 -#define IRT_MINIMUM 600 - -#endif diff --git a/src/bin/dhcp6/dhcp6_srv.cc b/src/bin/dhcp6/dhcp6_srv.cc index 4d9244f865..ba5afec9e8 100644 --- a/src/bin/dhcp6/dhcp6_srv.cc +++ b/src/bin/dhcp6/dhcp6_srv.cc @@ -12,12 +12,18 @@ // OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR // PERFORMANCE OF THIS SOFTWARE. -#include "dhcp6/pkt6.h" +#include "dhcp/dhcp6.h" +#include "dhcp/pkt6.h" #include "dhcp6/iface_mgr.h" #include "dhcp6/dhcp6_srv.h" +#include "dhcp/option6_ia.h" +#include "dhcp/option6_iaaddr.h" +#include "asiolink/io_address.h" using namespace std; using namespace isc; +using namespace isc::dhcp; +using namespace isc::asiolink; Dhcpv6Srv::Dhcpv6Srv() { cout << "Initialization" << endl; @@ -25,6 +31,12 @@ Dhcpv6Srv::Dhcpv6Srv() { // first call to instance() will create IfaceMgr (it's a singleton) // it may throw something if things go wrong IfaceMgr::instance(); + + /// @todo: instantiate LeaseMgr here once it is imlpemented. + + setServerID(); + + shutdown = false; } Dhcpv6Srv::~Dhcpv6Srv() { @@ -33,23 +45,187 @@ Dhcpv6Srv::~Dhcpv6Srv() { bool Dhcpv6Srv::run() { - while (true) { - Pkt6* pkt; + while (!shutdown) { + boost::shared_ptr query; // client's message + boost::shared_ptr rsp; // server's response - pkt = IfaceMgr::instance().receive(); + query = IfaceMgr::instance().receive(); - if (pkt) { - cout << "Received " << pkt->data_len_ << " bytes, echoing back." - << endl; - IfaceMgr::instance().send(*pkt); - delete pkt; + if (query) { + if (!query->unpack()) { + cout << "Failed to parse incoming packet" << endl; + continue; + } + switch (query->getType()) { + case DHCPV6_SOLICIT: + rsp = processSolicit(query); + break; + case DHCPV6_REQUEST: + rsp = processRequest(query); + break; + case DHCPV6_RENEW: + rsp = processRenew(query); + break; + case DHCPV6_REBIND: + rsp = processRebind(query); + break; + case DHCPV6_CONFIRM: + rsp = processConfirm(query); + break; + case DHCPV6_RELEASE: + rsp = processRelease(query); + break; + case DHCPV6_DECLINE: + rsp = processDecline(query); + break; + case DHCPV6_INFORMATION_REQUEST: + rsp = processInfRequest(query); + break; + default: + cout << "Unknown pkt type received:" + << query->getType() << endl; + } + + cout << "Received " << query->data_len_ << " bytes packet type=" + << query->getType() << endl; + cout << query->toText(); + if (rsp) { + rsp->remote_addr_ = query->remote_addr_; + rsp->local_addr_ = query->local_addr_; + rsp->remote_port_ = DHCP6_CLIENT_PORT; + rsp->local_port_ = DHCP6_SERVER_PORT; + rsp->ifindex_ = query->ifindex_; + rsp->iface_ = query->iface_; + cout << "Replying with:" << rsp->getType() << endl; + cout << rsp->toText(); + cout << "----" << endl; + if (rsp->pack()) { + cout << "#### pack successful." << endl; + } + IfaceMgr::instance().send(rsp); + } } - // TODO add support for config session (see src/bin/auth/main.cc) - // so this daemon can be controlled from bob - sleep(1); - + // TODO add support for config session (see src/bin/auth/main.cc) + // so this daemon can be controlled from bob } return (true); } + +void +Dhcpv6Srv::setServerID() { + /// TODO implement this for real once interface detection is done. + /// Use hardcoded server-id for now + + boost::shared_array srvid(new uint8_t[14]); + srvid[0] = 0; + srvid[1] = 1; // DUID type 1 = DUID-LLT (see section 9.2 of RFC3315) + srvid[2] = 0; + srvid[3] = 6; // HW type = ethernet (I think. I'm typing this from my head + // in hotel, without Internet connection) + for (int i=4; i<14; i++) { + srvid[i]=i-4; + } + serverid_ = boost::shared_ptr + This daemon communicates with BIND 10 over a @@ -110,7 +111,7 @@ in separate zonemgr process. class (defaults to IN), master_addr (the zone master to transfer from), master_port (defaults to 53), - ixfr_disabled (defaults to false), and + use_ixfr (defaults to false), and tsig_key (optional TSIG key to use). The tsig_key is specified using a full string colon-delimited name:key:algorithm representation (e.g. @@ -158,7 +159,7 @@ in separate zonemgr process. according to the SOA's REFRESH time to tell b10-xfrin that the zone needs to do a zone refresh. - This is an internal command and not exposed to the administrator. + This is an internal command and not exposed to the administrator. @@ -208,7 +209,7 @@ add a usage example of xfrin --> diff --git a/src/bin/xfrin/tests/xfrin_test.py b/src/bin/xfrin/tests/xfrin_test.py index 5d3a16e96e..65bd968125 100644 --- a/src/bin/xfrin/tests/xfrin_test.py +++ b/src/bin/xfrin/tests/xfrin_test.py @@ -98,10 +98,15 @@ class XfrinTestTimeoutException(Exception): class MockCC(): def get_default_value(self, identifier): + # The returned values should be identical to the spec file + # XXX: these should be retrieved from the spec file + # (see MyCCSession of xfrout_test.py.in) if identifier == "zones/master_port": return TEST_MASTER_PORT if identifier == "zones/class": return TEST_RRCLASS_STR + if identifier == "zones/use_ixfr": + return False class MockDataSourceClient(): '''A simple mock data source client. @@ -1891,7 +1896,7 @@ class TestXfrin(unittest.TestCase): self.assertEqual(self.xfr.command_handler("notify", self.args)['result'][0], 1) - def test_command_handler_notify_known_zone(self): + def test_command_handler_notify_known_zone_bad_addr(self): # try it with a known zone self.args['master'] = TEST_MASTER_IPV6_ADDRESS @@ -1903,18 +1908,39 @@ class TestXfrin(unittest.TestCase): } ]} self.xfr.config_handler(zones) + # the command should now fail + self.assertEqual(self.xfr.command_handler("notify", + self.args)['result'][0], 1) + + def test_command_handler_notify_known_zone(self): + # try it with a known zone + self.args['master'] = TEST_MASTER_IPV6_ADDRESS + + # with a zone configuration that has a matching master address. + zones = { 'zones': [ + { 'name': TEST_ZONE_NAME_STR, + 'master_addr': TEST_MASTER_IPV6_ADDRESS, + 'master_port': TEST_MASTER_PORT + } + ]} + self.xfr.config_handler(zones) self.assertEqual(self.xfr.command_handler("notify", self.args)['result'][0], 0) + # Note: The rest of the tests won't pass due to the change in #1298 + # We should probably simply remove the test cases, but for now we + # just comment them out. (Note also that the comment about 'not + # from the config' is now wrong, because we used the matching address.) + # # and see if we used the address from the command, and not from # the config # This is actually NOT the address given in the command, which # would at this point not make sense, see the TODO in # xfrin.py.in Xfrin.command_handler()) - self.assertEqual(TEST_MASTER_IPV4_ADDRESS, - self.xfr.xfrin_started_master_addr) - self.assertEqual(int(TEST_MASTER_PORT), - self.xfr.xfrin_started_master_port) +# self.assertEqual(TEST_MASTER_IPV4_ADDRESS, +# self.xfr.xfrin_started_master_addr) +# self.assertEqual(int(TEST_MASTER_PORT), +# self.xfr.xfrin_started_master_port) def test_command_handler_unknown(self): self.assertEqual(self.xfr.command_handler("xxx", None)['result'][0], 1) @@ -1937,20 +1963,24 @@ class TestXfrin(unittest.TestCase): self.assertEqual(zone_info.tsig_key.to_text(), TSIGKey(zone_config['tsig_key']).to_text()) else: self.assertIsNone(zone_info.tsig_key) - if 'ixfr_disabled' in zone_config and\ - zone_config.get('ixfr_disabled'): - self.assertTrue(zone_info.ixfr_disabled) + if 'use_ixfr' in zone_config and\ + zone_config.get('use_ixfr'): + self.assertTrue(zone_info.use_ixfr) else: # if not set, should default to False - self.assertFalse(zone_info.ixfr_disabled) + self.assertFalse(zone_info.use_ixfr) - def test_command_handler_zones(self): + def test_config_handler_zones(self): + # This test passes a number of good and bad configs, and checks whether + # the values are reflected in the structure that will dictate the + # actual behaviour. It also checks if bad values are correctly + # handled config1 = { 'transfers_in': 3, 'zones': [ { 'name': 'test.example.', 'master_addr': '192.0.2.1', 'master_port': 53, - 'ixfr_disabled': False + 'use_ixfr': False } ]} self.assertEqual(self.xfr.config_handler(config1)['result'][0], 0) @@ -1962,7 +1992,7 @@ class TestXfrin(unittest.TestCase): 'master_addr': '192.0.2.2', 'master_port': 53, 'tsig_key': "example.com:SFuWd/q99SzF8Yzd1QbB9g==", - 'ixfr_disabled': True + 'use_ixfr': True } ]} self.assertEqual(self.xfr.config_handler(config2)['result'][0], 0) @@ -2072,37 +2102,49 @@ class TestXfrin(unittest.TestCase): # since this has failed, we should still have the previous config self._check_zones_config(config2) - def common_ixfr_setup(self, xfr_mode, ixfr_disabled): + def test_config_handler_zones_default(self): + # Checking it some default config values apply. Using a separate + # test case for a fresh xfr object. + config = { 'zones': [ + { 'name': 'test.example.', + 'master_addr': '192.0.2.1', + 'master_port': 53, + } + ]} + self.assertEqual(self.xfr.config_handler(config)['result'][0], 0) + self._check_zones_config(config) + + def common_ixfr_setup(self, xfr_mode, use_ixfr): # This helper method explicitly sets up a zone configuration with - # ixfr_disabled, and invokes either retransfer or refresh. + # use_ixfr, and invokes either retransfer or refresh. # Shared by some of the following test cases. config = {'zones': [ {'name': 'example.com.', 'master_addr': '192.0.2.1', - 'ixfr_disabled': ixfr_disabled}]} + 'use_ixfr': use_ixfr}]} self.assertEqual(self.xfr.config_handler(config)['result'][0], 0) self.assertEqual(self.xfr.command_handler(xfr_mode, self.args)['result'][0], 0) def test_command_handler_retransfer_ixfr_enabled(self): # If IXFR is explicitly enabled in config, IXFR will be used - self.common_ixfr_setup('retransfer', False) + self.common_ixfr_setup('retransfer', True) self.assertEqual(RRType.IXFR(), self.xfr.xfrin_started_request_type) def test_command_handler_refresh_ixfr_enabled(self): # Same for refresh - self.common_ixfr_setup('refresh', False) + self.common_ixfr_setup('refresh', True) self.assertEqual(RRType.IXFR(), self.xfr.xfrin_started_request_type) def test_command_handler_retransfer_ixfr_disabled(self): # Similar to the previous case, but explicitly disabled. AXFR should # be used. - self.common_ixfr_setup('retransfer', True) + self.common_ixfr_setup('retransfer', False) self.assertEqual(RRType.AXFR(), self.xfr.xfrin_started_request_type) def test_command_handler_refresh_ixfr_disabled(self): # Same for refresh - self.common_ixfr_setup('refresh', True) + self.common_ixfr_setup('refresh', False) self.assertEqual(RRType.AXFR(), self.xfr.xfrin_started_request_type) def raise_interrupt(): diff --git a/src/bin/xfrin/xfrin.py.in b/src/bin/xfrin/xfrin.py.in index 28d5d50942..1f5d9a1518 100755 --- a/src/bin/xfrin/xfrin.py.in +++ b/src/bin/xfrin/xfrin.py.in @@ -876,7 +876,7 @@ class ZoneInfo: self.set_master_port(config_data.get('master_port')) self.set_zone_class(config_data.get('class')) self.set_tsig_key(config_data.get('tsig_key')) - self.set_ixfr_disabled(config_data.get('ixfr_disabled')) + self.set_use_ixfr(config_data.get('use_ixfr')) def set_name(self, name_str): """Set the name for this zone given a name string. @@ -951,15 +951,16 @@ class ZoneInfo: errmsg = "bad TSIG key string: " + tsig_key_str raise XfrinZoneInfoException(errmsg) - def set_ixfr_disabled(self, ixfr_disabled): - """Set ixfr_disabled. If set to False (the default), it will use - IXFR for incoming transfers. If set to True, it will use AXFR. + def set_use_ixfr(self, use_ixfr): + """Set use_ixfr. If set to True, it will use + IXFR for incoming transfers. If set to False, it will use AXFR. At this moment there is no automatic fallback""" - # don't care what type it is; if evaluates to true, set to True - if ixfr_disabled: - self.ixfr_disabled = True + # TODO: http://bind10.isc.org/ticket/1279 + if use_ixfr is None: + self.use_ixfr = \ + self._module_cc.get_default_value("zones/use_ixfr") else: - self.ixfr_disabled = False + self.use_ixfr = use_ixfr def get_master_addr_info(self): return (self.master_addr.family, socket.SOCK_STREAM, @@ -1059,20 +1060,33 @@ class Xfrin: # we should check if it matches one of them, and then use it.) (zone_name, rrclass) = self._parse_zone_name_and_class(args) zone_info = self._get_zone_info(zone_name, rrclass) + notify_addr = self._parse_master_and_port(args, zone_name, + rrclass) if zone_info is None: # TODO what to do? no info known about zone. defaults? errmsg = "Got notification to retransfer unknown zone " + zone_name.to_text() logger.error(XFRIN_RETRANSFER_UNKNOWN_ZONE, zone_name.to_text()) answer = create_answer(1, errmsg) else: + request_type = RRType.AXFR() + if zone_info.use_ixfr: + request_type = RRType.IXFR() master_addr = zone_info.get_master_addr_info() - ret = self.xfrin_start(zone_name, - rrclass, - self._get_db_file(), - master_addr, - zone_info.tsig_key, RRType.AXFR(), - True) - answer = create_answer(ret[0], ret[1]) + if notify_addr == master_addr: + ret = self.xfrin_start(zone_name, + rrclass, + self._get_db_file(), + master_addr, + zone_info.tsig_key, request_type, + True) + answer = create_answer(ret[0], ret[1]) + else: + errmsg = "Got notification for " + zone_name.to_text()\ + + "from unknown address: " + notify_addr[2][0]; + logger.error(XFRIN_NOTIFY_UNKNOWN_MASTER, + zone_name.to_text(), notify_addr[2][0], + master_addr[2][0]) + answer = create_answer(1, errmsg) elif command == 'retransfer' or command == 'refresh': # Xfrin receives the retransfer/refresh from cmdctl(sent by bindctl). @@ -1086,7 +1100,7 @@ class Xfrin: request_type = RRType.AXFR() if zone_info: tsig_key = zone_info.tsig_key - if not zone_info.ixfr_disabled: + if zone_info.use_ixfr: request_type = RRType.IXFR() db_file = args.get('db_file') or self._get_db_file() ret = self.xfrin_start(zone_name, diff --git a/src/bin/xfrin/xfrin.spec b/src/bin/xfrin/xfrin.spec index bc937205d8..c1ba61e41b 100644 --- a/src/bin/xfrin/xfrin.spec +++ b/src/bin/xfrin/xfrin.spec @@ -44,7 +44,7 @@ "item_type": "string", "item_optional": true }, - { "item_name": "ixfr_disabled", + { "item_name": "use_ixfr", "item_type": "boolean", "item_optional": false, "item_default": false diff --git a/src/bin/xfrin/xfrin_messages.mes b/src/bin/xfrin/xfrin_messages.mes index a5bbdf74dc..e5d173347e 100644 --- a/src/bin/xfrin/xfrin_messages.mes +++ b/src/bin/xfrin/xfrin_messages.mes @@ -70,6 +70,12 @@ was killed. There was a problem sending a message to the zone manager. This most likely means that the msgq daemon has quit or was killed. +% XFRIN_NOTIFY_UNKNOWN_MASTER got notification to retransfer zone %1 from %2, expected %3 +The system received a notify for the given zone, but the address it came +from does not match the master address in the Xfrin configuration. The notify +is ignored. This may indicate that the configuration for the master is wrong, +that a wrong machine is sending notifies, or that fake notifies are being sent. + % XFRIN_IMPORT_DNS error importing python DNS module: %1 There was an error importing the python DNS module pydnspp. The most likely cause is a PYTHONPATH problem. diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index 04eee45f8d..a569ea75fd 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -1,3 +1,3 @@ SUBDIRS = exceptions util log cryptolink dns cc config acl xfr bench \ asiolink asiodns nsas cache resolve testutils datasrc \ - server_common python + server_common python dhcp diff --git a/src/lib/acl/tests/Makefile.am b/src/lib/acl/tests/Makefile.am index 2074c64ea8..636951199b 100644 --- a/src/lib/acl/tests/Makefile.am +++ b/src/lib/acl/tests/Makefile.am @@ -37,4 +37,4 @@ run_unittests_LDADD += $(top_builddir)/src/lib/exceptions/libexceptions.la run_unittests_LDADD += $(top_builddir)/src/lib/acl/libdnsacl.la endif -check_PROGRAMS = $(TESTS) +noinst_PROGRAMS = $(TESTS) diff --git a/src/lib/asiodns/tests/Makefile.am b/src/lib/asiodns/tests/Makefile.am index 5a45430623..f49d485c68 100644 --- a/src/lib/asiodns/tests/Makefile.am +++ b/src/lib/asiodns/tests/Makefile.am @@ -47,4 +47,4 @@ run_unittests_CXXFLAGS += -Wno-error endif endif -check_PROGRAMS = $(TESTS) +noinst_PROGRAMS = $(TESTS) diff --git a/src/lib/asiolink/io_address.cc b/src/lib/asiolink/io_address.cc index 7e2f5d45ea..51c033282b 100644 --- a/src/lib/asiolink/io_address.cc +++ b/src/lib/asiolink/io_address.cc @@ -23,7 +23,7 @@ #include #include #include - +#include using namespace asio; using asio::ip::udp; @@ -54,6 +54,22 @@ IOAddress::toText() const { return (asio_address_.to_string()); } +IOAddress +IOAddress::from_bytes(short family, const uint8_t* data) { + if (data == NULL) { + isc_throw(BadValue, "NULL pointer received."); + } else + if ( (family != AF_INET) && (family != AF_INET6) ) { + isc_throw(BadValue, "Invalid family type. Only AF_INET and AF_INET6" + << "are supported"); + } + + BOOST_STATIC_ASSERT(INET6_ADDRSTRLEN >= INET_ADDRSTRLEN); + char addr_str[INET6_ADDRSTRLEN]; + inet_ntop(family, data, addr_str, INET6_ADDRSTRLEN); + return IOAddress(string(addr_str)); +} + short IOAddress::getFamily() const { if (asio_address_.is_v4()) { @@ -63,7 +79,7 @@ IOAddress::getFamily() const { } } -const asio::ip::address& +const asio::ip::address& IOAddress::getAddress() const { return asio_address_; } diff --git a/src/lib/asiolink/io_address.h b/src/lib/asiolink/io_address.h index 1b488fa9c8..9fac580b8f 100644 --- a/src/lib/asiolink/io_address.h +++ b/src/lib/asiolink/io_address.h @@ -29,6 +29,12 @@ namespace isc { namespace asiolink { + /// Defines length of IPv6 address. + const static size_t V6ADDRESS_LEN = 16; + + /// Defines length of IPv4 address. + const static size_t V4ADDRESS_LEN = 4; + /// \brief The \c IOAddress class represents an IP addresses (version /// agnostic) /// @@ -87,6 +93,16 @@ public: /// \return AF_INET for IPv4 or AF_INET6 for IPv6. short getFamily() const; + + /// \brief Creates an address from over wire data. + /// + /// \param family AF_NET for IPv4 or AF_NET6 for IPv6. + /// \param data pointer to first char of data + /// + /// \return Created IOAddress object + static IOAddress + from_bytes(short family, const uint8_t* data); + /// \brief Compare addresses for equality /// /// \param other Address to compare against. diff --git a/src/lib/asiolink/tests/Makefile.am b/src/lib/asiolink/tests/Makefile.am index 94643c0950..984cf07bfd 100644 --- a/src/lib/asiolink/tests/Makefile.am +++ b/src/lib/asiolink/tests/Makefile.am @@ -53,4 +53,4 @@ run_unittests_CXXFLAGS += -Wno-error endif endif -check_PROGRAMS = $(TESTS) +noinst_PROGRAMS = $(TESTS) diff --git a/src/lib/asiolink/tests/io_address_unittest.cc b/src/lib/asiolink/tests/io_address_unittest.cc index 56368a1627..eddb0e80e0 100644 --- a/src/lib/asiolink/tests/io_address_unittest.cc +++ b/src/lib/asiolink/tests/io_address_unittest.cc @@ -63,3 +63,23 @@ TEST(IOAddressTest, Family) { EXPECT_EQ(AF_INET, IOAddress("192.0.2.1").getFamily()); EXPECT_EQ(AF_INET6, IOAddress("2001:0DB8:0:0::0012").getFamily()); } + +TEST(IOAddressTest, from_bytes) { + // 2001:db8:1::dead:beef + uint8_t v6[] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x01, 0, 0, + 0, 0, 0, 0, 0xde, 0xad, 0xbe, 0xef }; + + uint8_t v4[] = { 192, 0 , 2, 3 }; + + IOAddress addr("::"); + EXPECT_NO_THROW({ + addr = IOAddress::from_bytes(AF_INET6, v6); + }); + EXPECT_EQ("2001:db8:1::dead:beef", addr.toText()); + + EXPECT_NO_THROW({ + addr = IOAddress::from_bytes(AF_INET, v4); + }); + EXPECT_EQ(addr.toText(), IOAddress("192.0.2.3").toText()); +} diff --git a/src/lib/bench/Makefile.am b/src/lib/bench/Makefile.am index 866404fd03..514b3b302f 100644 --- a/src/lib/bench/Makefile.am +++ b/src/lib/bench/Makefile.am @@ -6,6 +6,6 @@ AM_CXXFLAGS = $(B10_CXXFLAGS) CLEANFILES = *.gcno *.gcda -lib_LTLIBRARIES = libbench.la +noinst_LTLIBRARIES = libbench.la libbench_la_SOURCES = benchmark_util.h benchmark_util.cc EXTRA_DIST = benchmark.h diff --git a/src/lib/bench/tests/Makefile.am b/src/lib/bench/tests/Makefile.am index 2a6e2c66ce..3f8a67863b 100644 --- a/src/lib/bench/tests/Makefile.am +++ b/src/lib/bench/tests/Makefile.am @@ -22,6 +22,6 @@ run_unittests_LDADD += $(top_builddir)/src/lib/exceptions/libexceptions.la run_unittests_LDADD += $(GTEST_LDADD) endif -check_PROGRAMS = $(TESTS) +noinst_PROGRAMS = $(TESTS) EXTRA_DIST = testdata/query.txt diff --git a/src/lib/cache/tests/Makefile.am b/src/lib/cache/tests/Makefile.am index 0b95036313..a215c568ae 100644 --- a/src/lib/cache/tests/Makefile.am +++ b/src/lib/cache/tests/Makefile.am @@ -62,7 +62,7 @@ run_unittests_LDADD += $(top_builddir)/src/lib/util/unittests/libutil_unittests. run_unittests_LDADD += $(top_builddir)/src/lib/exceptions/libexceptions.la endif -check_PROGRAMS = $(TESTS) +noinst_PROGRAMS = $(TESTS) EXTRA_DIST = testdata/message_cname_referral.wire EXTRA_DIST += testdata/message_example_com_soa.wire diff --git a/src/lib/cc/tests/Makefile.am b/src/lib/cc/tests/Makefile.am index eebd10354e..476085582c 100644 --- a/src/lib/cc/tests/Makefile.am +++ b/src/lib/cc/tests/Makefile.am @@ -32,4 +32,4 @@ run_unittests_LDADD += $(top_builddir)/src/lib/exceptions/libexceptions.la endif -check_PROGRAMS = $(TESTS) +noinst_PROGRAMS = $(TESTS) diff --git a/src/lib/config/tests/Makefile.am b/src/lib/config/tests/Makefile.am index 4fb147d011..2f1fc6fc1b 100644 --- a/src/lib/config/tests/Makefile.am +++ b/src/lib/config/tests/Makefile.am @@ -11,7 +11,7 @@ endif CLEANFILES = *.gcno *.gcda -lib_LTLIBRARIES = libfake_session.la +noinst_LTLIBRARIES = libfake_session.la libfake_session_la_SOURCES = fake_session.h fake_session.cc TESTS = @@ -31,4 +31,4 @@ run_unittests_LDADD += $(top_builddir)/src/lib/util/unittests/libutil_unittests. endif -check_PROGRAMS = $(TESTS) +noinst_PROGRAMS = $(TESTS) diff --git a/src/lib/cryptolink/tests/Makefile.am b/src/lib/cryptolink/tests/Makefile.am index 2861edc837..fbdd13f880 100644 --- a/src/lib/cryptolink/tests/Makefile.am +++ b/src/lib/cryptolink/tests/Makefile.am @@ -24,4 +24,4 @@ run_unittests_LDADD += $(top_builddir)/src/lib/util/unittests/libutil_unittests. run_unittests_LDADD += $(top_builddir)/src/lib/exceptions/libexceptions.la endif -check_PROGRAMS = $(TESTS) +noinst_PROGRAMS = $(TESTS) diff --git a/src/lib/datasrc/tests/Makefile.am b/src/lib/datasrc/tests/Makefile.am index 0be8cd2b2a..3d2ba6d4a7 100644 --- a/src/lib/datasrc/tests/Makefile.am +++ b/src/lib/datasrc/tests/Makefile.am @@ -62,7 +62,7 @@ run_unittests_LDADD += $(top_builddir)/src/lib/testutils/libtestutils.la run_unittests_LDADD += $(top_builddir)/src/lib/util/unittests/libutil_unittests.la endif -check_PROGRAMS = $(TESTS) +noinst_PROGRAMS = $(TESTS) EXTRA_DIST = testdata/brokendb.sqlite3 EXTRA_DIST += testdata/example.com.signed diff --git a/src/lib/dhcp/Makefile.am b/src/lib/dhcp/Makefile.am new file mode 100644 index 0000000000..e146adb294 --- /dev/null +++ b/src/lib/dhcp/Makefile.am @@ -0,0 +1,25 @@ +SUBDIRS = . tests + +AM_CPPFLAGS = -I$(top_builddir)/src/lib -I$(top_srcdir)/src/lib +AM_CPPFLAGS += $(BOOST_INCLUDES) + +AM_CXXFLAGS = $(B10_CXXFLAGS) + +CLEANFILES = *.gcno *.gcda + +lib_LTLIBRARIES = libdhcp.la +libdhcp_la_SOURCES = +libdhcp_la_SOURCES += libdhcp.cc libdhcp.h +libdhcp_la_SOURCES += option.cc option.h +libdhcp_la_SOURCES += option6_ia.cc option6_ia.h +libdhcp_la_SOURCES += option6_iaaddr.cc option6_iaaddr.h +libdhcp_la_SOURCES += option6_addrlst.cc option6_addrlst.h +libdhcp_la_SOURCES += dhcp6.h +libdhcp_la_SOURCES += pkt6.cc pkt6.h + +EXTRA_DIST = README +#EXTRA_DIST += log_messages.mes + +libdhcp_la_CXXFLAGS = $(AM_CXXFLAGS) +libdhcp_la_CPPFLAGS = $(AM_CPPFLAGS) $(LOG4CPLUS_INCLUDES) +libdhcp_la_LIBADD = $(top_builddir)/src/lib/util/libutil.la diff --git a/src/lib/dhcp/README b/src/lib/dhcp/README new file mode 100644 index 0000000000..6c5353d003 --- /dev/null +++ b/src/lib/dhcp/README @@ -0,0 +1,11 @@ +This directory holds implementation for libdhcp. + + +Basic Ideas +=========== + + +Notes +===== +This work just begun. Don't expect to see much useful code here. +We are working on it. \ No newline at end of file diff --git a/src/lib/dhcp/dhcp6.h b/src/lib/dhcp/dhcp6.h new file mode 100644 index 0000000000..6012003b96 --- /dev/null +++ b/src/lib/dhcp/dhcp6.h @@ -0,0 +1,184 @@ +// Copyright (C) 2006-2011 Internet Systems Consortium, Inc. ("ISC") +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +// REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +// AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +// INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +// LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +// OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +// PERFORMANCE OF THIS SOFTWARE. + +#ifndef DHCP6_H +#define DHCP6_H + +/* DHCPv6 Option codes: */ + +#define D6O_CLIENTID 1 /* RFC3315 */ +#define D6O_SERVERID 2 +#define D6O_IA_NA 3 +#define D6O_IA_TA 4 +#define D6O_IAADDR 5 +#define D6O_ORO 6 +#define D6O_PREFERENCE 7 +#define D6O_ELAPSED_TIME 8 +#define D6O_RELAY_MSG 9 +/* Option code 10 unassigned. */ +#define D6O_AUTH 11 +#define D6O_UNICAST 12 +#define D6O_STATUS_CODE 13 +#define D6O_RAPID_COMMIT 14 +#define D6O_USER_CLASS 15 +#define D6O_VENDOR_CLASS 16 +#define D6O_VENDOR_OPTS 17 +#define D6O_INTERFACE_ID 18 +#define D6O_RECONF_MSG 19 +#define D6O_RECONF_ACCEPT 20 +#define D6O_SIP_SERVERS_DNS 21 /* RFC3319 */ +#define D6O_SIP_SERVERS_ADDR 22 /* RFC3319 */ +#define D6O_NAME_SERVERS 23 /* RFC3646 */ +#define D6O_DOMAIN_SEARCH 24 /* RFC3646 */ +#define D6O_IA_PD 25 /* RFC3633 */ +#define D6O_IAPREFIX 26 /* RFC3633 */ +#define D6O_NIS_SERVERS 27 /* RFC3898 */ +#define D6O_NISP_SERVERS 28 /* RFC3898 */ +#define D6O_NIS_DOMAIN_NAME 29 /* RFC3898 */ +#define D6O_NISP_DOMAIN_NAME 30 /* RFC3898 */ +#define D6O_SNTP_SERVERS 31 /* RFC4075 */ +#define D6O_INFORMATION_REFRESH_TIME 32 /* RFC4242 */ +#define D6O_BCMCS_SERVER_D 33 /* RFC4280 */ +#define D6O_BCMCS_SERVER_A 34 /* RFC4280 */ +/* 35 is unassigned */ +#define D6O_GEOCONF_CIVIC 36 /* RFC4776 */ +#define D6O_REMOTE_ID 37 /* RFC4649 */ +#define D6O_SUBSCRIBER_ID 38 /* RFC4580 */ +#define D6O_CLIENT_FQDN 39 /* RFC4704 */ +#define D6O_PANA_AGENT 40 /* paa-option */ +#define D6O_NEW_POSIX_TIMEZONE 41 /* RFC4833 */ +#define D6O_NEW_TZDB_TIMEZONE 42 /* RFC4833 */ +#define D6O_ERO 43 /* RFC4994 */ +#define D6O_LQ_QUERY 44 /* RFC5007 */ +#define D6O_CLIENT_DATA 45 /* RFC5007 */ +#define D6O_CLT_TIME 46 /* RFC5007 */ +#define D6O_LQ_RELAY_DATA 47 /* RFC5007 */ +#define D6O_LQ_CLIENT_LINK 48 /* RFC5007 */ + +/* + * Status Codes, from RFC 3315 section 24.4, and RFC 3633, 5007. + */ +#define STATUS_Success 0 +#define STATUS_UnspecFail 1 +#define STATUS_NoAddrsAvail 2 +#define STATUS_NoBinding 3 +#define STATUS_NotOnLink 4 +#define STATUS_UseMulticast 5 +#define STATUS_NoPrefixAvail 6 +#define STATUS_UnknownQueryType 7 +#define STATUS_MalformedQuery 8 +#define STATUS_NotConfigured 9 +#define STATUS_NotAllowed 10 + +/* + * DHCPv6 message types, defined in section 5.3 of RFC 3315 + */ +#define DHCPV6_SOLICIT 1 +#define DHCPV6_ADVERTISE 2 +#define DHCPV6_REQUEST 3 +#define DHCPV6_CONFIRM 4 +#define DHCPV6_RENEW 5 +#define DHCPV6_REBIND 6 +#define DHCPV6_REPLY 7 +#define DHCPV6_RELEASE 8 +#define DHCPV6_DECLINE 9 +#define DHCPV6_RECONFIGURE 10 +#define DHCPV6_INFORMATION_REQUEST 11 +#define DHCPV6_RELAY_FORW 12 +#define DHCPV6_RELAY_REPL 13 +#define DHCPV6_LEASEQUERY 14 +#define DHCPV6_LEASEQUERY_REPLY 15 + +extern const char *dhcpv6_type_names[]; +extern const int dhcpv6_type_name_max; + +/* DUID type definitions (RFC3315 section 9). + */ +#define DUID_LLT 1 +#define DUID_EN 2 +#define DUID_LL 3 + +/* Offsets into IA_*'s where Option spaces commence. */ +#define IA_NA_OFFSET 12 /* IAID, T1, T2, all 4 octets each */ +#define IA_TA_OFFSET 4 /* IAID only, 4 octets */ +#define IA_PD_OFFSET 12 /* IAID, T1, T2, all 4 octets each */ + +/* Offset into IAADDR's where Option spaces commence. */ +#define IAADDR_OFFSET 24 + +/* Offset into IAPREFIX's where Option spaces commence. */ +#define IAPREFIX_OFFSET 25 + +/* Offset into LQ_QUERY's where Option spaces commence. */ +#define LQ_QUERY_OFFSET 17 + +/* + * DHCPv6 well-known multicast addressess, from section 5.1 of RFC 3315 + */ +#define ALL_DHCP_RELAY_AGENTS_AND_SERVERS "ff02::1:2" +#define ALL_DHCP_SERVERS "ff05::1:3" + +#define DHCP6_CLIENT_PORT 546 +#define DHCP6_SERVER_PORT 547 + +/* + * DHCPv6 Retransmission Constants (RFC3315 section 5.5, RFC 5007) + */ + +#define SOL_MAX_DELAY 1 +#define SOL_TIMEOUT 1 +#define SOL_MAX_RT 120 +#define REQ_TIMEOUT 1 +#define REQ_MAX_RT 30 +#define REQ_MAX_RC 10 +#define CNF_MAX_DELAY 1 +#define CNF_TIMEOUT 1 +#define CNF_MAX_RT 4 +#define CNF_MAX_RD 10 +#define REN_TIMEOUT 10 +#define REN_MAX_RT 600 +#define REB_TIMEOUT 10 +#define REB_MAX_RT 600 +#define INF_MAX_DELAY 1 +#define INF_TIMEOUT 1 +#define INF_MAX_RT 120 +#define REL_TIMEOUT 1 +#define REL_MAX_RC 5 +#define DEC_TIMEOUT 1 +#define DEC_MAX_RC 5 +#define REC_TIMEOUT 2 +#define REC_MAX_RC 8 +#define HOP_COUNT_LIMIT 32 +#define LQ6_TIMEOUT 1 +#define LQ6_MAX_RT 10 +#define LQ6_MAX_RC 5 + +/* Leasequery query-types (RFC 5007) */ + +#define LQ6QT_BY_ADDRESS 1 +#define LQ6QT_BY_CLIENTID 2 + +/* + * DUID time starts 2000-01-01. + * This constant is the number of seconds since 1970-01-01, + * when the Unix epoch began. + */ +#define DUID_TIME_EPOCH 946684800 + +/* Information-Request Time option (RFC 4242) */ + +#define IRT_DEFAULT 86400 +#define IRT_MINIMUM 600 + +#endif diff --git a/src/lib/dhcp/libdhcp.cc b/src/lib/dhcp/libdhcp.cc new file mode 100644 index 0000000000..8e6314e3b9 --- /dev/null +++ b/src/lib/dhcp/libdhcp.cc @@ -0,0 +1,130 @@ +// Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +// REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +// AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +// INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +// LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +// OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +// PERFORMANCE OF THIS SOFTWARE. + +#include +#include +#include "dhcp/libdhcp.h" +#include "config.h" +#include "dhcp6.h" + +#include "option.h" +#include "option6_ia.h" +#include "option6_iaaddr.h" + +using namespace std; +using namespace isc::dhcp; + +// static array with factories for options +std::map LibDHCP::v6factories_; + +unsigned int +LibDHCP::unpackOptions6(const boost::shared_array buf, + unsigned int buf_len, + unsigned int offset, unsigned int parse_len, + isc::dhcp::Option::Option6Collection& options) { + if (offset + parse_len > buf_len) { + isc_throw(OutOfRange, "Option parse failed. Tried to parse " + << parse_len << " bytes at offset " << offset + << ": out of buffer"); + } + unsigned int end = offset + parse_len; + + while (offset +4 <= end) { + uint16_t opt_type = buf[offset]*256 + buf[offset+1]; + offset += 2; + uint16_t opt_len = buf[offset]*256 + buf[offset+1]; + offset += 2; + + if (offset + opt_len > end ) { + cout << "Option " << opt_type << " truncated." << endl; + return (offset); + } + boost::shared_ptr