From b126cf8dbf225ff5b12c9a7b6a241d80babf8a42 Mon Sep 17 00:00:00 2001 From: "Jeremy C. Reed" Date: Mon, 10 Oct 2011 21:59:40 -0500 Subject: [PATCH 01/77] [trac1286] change check_PROGRAMS to noinst_PROGRAMS And for check_LTLIBRARIES to noinst_LTLIBRARIES too. This is so a regular "make" will build the test programs and libraries too. So the "make check" will just run the tests (and not build them). This is to help with test-driven development. This reverses some from #1091, plus does the rest too. Note that doing a "make check" before a "make" does not currently work due to dependencies depending on each other (e.g. python/isc/log tests needs datasrc but python/isc/datasrc tests need log_config_update). --- src/bin/auth/tests/Makefile.am | 2 +- src/bin/resolver/tests/Makefile.am | 2 +- src/bin/sockcreator/tests/Makefile.am | 2 +- src/lib/acl/tests/Makefile.am | 2 +- src/lib/asiodns/tests/Makefile.am | 2 +- src/lib/asiolink/tests/Makefile.am | 2 +- src/lib/bench/tests/Makefile.am | 2 +- src/lib/cache/tests/Makefile.am | 2 +- src/lib/cc/tests/Makefile.am | 2 +- src/lib/config/tests/Makefile.am | 2 +- src/lib/cryptolink/tests/Makefile.am | 2 +- src/lib/datasrc/tests/Makefile.am | 2 +- src/lib/dns/tests/Makefile.am | 2 +- src/lib/exceptions/tests/Makefile.am | 2 +- src/lib/log/tests/Makefile.am | 6 +++--- src/lib/nsas/tests/Makefile.am | 2 +- src/lib/resolve/tests/Makefile.am | 2 +- src/lib/server_common/tests/Makefile.am | 2 +- src/lib/util/pyunittests/Makefile.am | 2 +- src/lib/util/tests/Makefile.am | 2 +- src/lib/util/unittests/Makefile.am | 2 +- tests/tools/badpacket/Makefile.am | 2 +- tests/tools/badpacket/tests/Makefile.am | 2 +- 23 files changed, 25 insertions(+), 25 deletions(-) diff --git a/src/bin/auth/tests/Makefile.am b/src/bin/auth/tests/Makefile.am index a4bd6fa08d..d27386e62e 100644 --- a/src/bin/auth/tests/Makefile.am +++ b/src/bin/auth/tests/Makefile.am @@ -67,4 +67,4 @@ run_unittests_LDADD += $(top_builddir)/src/lib/nsas/libnsas.la run_unittests_LDADD += $(top_builddir)/src/lib/util/unittests/libutil_unittests.la endif -check_PROGRAMS = $(TESTS) +noinst_PROGRAMS = $(TESTS) diff --git a/src/bin/resolver/tests/Makefile.am b/src/bin/resolver/tests/Makefile.am index 14d92fe705..12ddab307d 100644 --- a/src/bin/resolver/tests/Makefile.am +++ b/src/bin/resolver/tests/Makefile.am @@ -60,4 +60,4 @@ run_unittests_CXXFLAGS += -Wno-unused-parameter endif endif -check_PROGRAMS = $(TESTS) +noinst_PROGRAMS = $(TESTS) diff --git a/src/bin/sockcreator/tests/Makefile.am b/src/bin/sockcreator/tests/Makefile.am index b3ca3443be..223e76108d 100644 --- a/src/bin/sockcreator/tests/Makefile.am +++ b/src/bin/sockcreator/tests/Makefile.am @@ -21,4 +21,4 @@ run_unittests_LDADD += $(top_builddir)/src/lib/util/unittests/libutil_unittests. run_unittests_LDADD += $(top_builddir)/src/lib/util/io/libutil_io.la endif -check_PROGRAMS = $(TESTS) +noinst_PROGRAMS = $(TESTS) diff --git a/src/lib/acl/tests/Makefile.am b/src/lib/acl/tests/Makefile.am index 2074c64ea8..636951199b 100644 --- a/src/lib/acl/tests/Makefile.am +++ b/src/lib/acl/tests/Makefile.am @@ -37,4 +37,4 @@ run_unittests_LDADD += $(top_builddir)/src/lib/exceptions/libexceptions.la run_unittests_LDADD += $(top_builddir)/src/lib/acl/libdnsacl.la endif -check_PROGRAMS = $(TESTS) +noinst_PROGRAMS = $(TESTS) diff --git a/src/lib/asiodns/tests/Makefile.am b/src/lib/asiodns/tests/Makefile.am index 5a45430623..f49d485c68 100644 --- a/src/lib/asiodns/tests/Makefile.am +++ b/src/lib/asiodns/tests/Makefile.am @@ -47,4 +47,4 @@ run_unittests_CXXFLAGS += -Wno-error endif endif -check_PROGRAMS = $(TESTS) +noinst_PROGRAMS = $(TESTS) diff --git a/src/lib/asiolink/tests/Makefile.am b/src/lib/asiolink/tests/Makefile.am index 94643c0950..984cf07bfd 100644 --- a/src/lib/asiolink/tests/Makefile.am +++ b/src/lib/asiolink/tests/Makefile.am @@ -53,4 +53,4 @@ run_unittests_CXXFLAGS += -Wno-error endif endif -check_PROGRAMS = $(TESTS) +noinst_PROGRAMS = $(TESTS) diff --git a/src/lib/bench/tests/Makefile.am b/src/lib/bench/tests/Makefile.am index 2a6e2c66ce..3f8a67863b 100644 --- a/src/lib/bench/tests/Makefile.am +++ b/src/lib/bench/tests/Makefile.am @@ -22,6 +22,6 @@ run_unittests_LDADD += $(top_builddir)/src/lib/exceptions/libexceptions.la run_unittests_LDADD += $(GTEST_LDADD) endif -check_PROGRAMS = $(TESTS) +noinst_PROGRAMS = $(TESTS) EXTRA_DIST = testdata/query.txt diff --git a/src/lib/cache/tests/Makefile.am b/src/lib/cache/tests/Makefile.am index 0b95036313..a215c568ae 100644 --- a/src/lib/cache/tests/Makefile.am +++ b/src/lib/cache/tests/Makefile.am @@ -62,7 +62,7 @@ run_unittests_LDADD += $(top_builddir)/src/lib/util/unittests/libutil_unittests. run_unittests_LDADD += $(top_builddir)/src/lib/exceptions/libexceptions.la endif -check_PROGRAMS = $(TESTS) +noinst_PROGRAMS = $(TESTS) EXTRA_DIST = testdata/message_cname_referral.wire EXTRA_DIST += testdata/message_example_com_soa.wire diff --git a/src/lib/cc/tests/Makefile.am b/src/lib/cc/tests/Makefile.am index eebd10354e..476085582c 100644 --- a/src/lib/cc/tests/Makefile.am +++ b/src/lib/cc/tests/Makefile.am @@ -32,4 +32,4 @@ run_unittests_LDADD += $(top_builddir)/src/lib/exceptions/libexceptions.la endif -check_PROGRAMS = $(TESTS) +noinst_PROGRAMS = $(TESTS) diff --git a/src/lib/config/tests/Makefile.am b/src/lib/config/tests/Makefile.am index 4fb147d011..7153e094ea 100644 --- a/src/lib/config/tests/Makefile.am +++ b/src/lib/config/tests/Makefile.am @@ -31,4 +31,4 @@ run_unittests_LDADD += $(top_builddir)/src/lib/util/unittests/libutil_unittests. endif -check_PROGRAMS = $(TESTS) +noinst_PROGRAMS = $(TESTS) diff --git a/src/lib/cryptolink/tests/Makefile.am b/src/lib/cryptolink/tests/Makefile.am index 2861edc837..fbdd13f880 100644 --- a/src/lib/cryptolink/tests/Makefile.am +++ b/src/lib/cryptolink/tests/Makefile.am @@ -24,4 +24,4 @@ run_unittests_LDADD += $(top_builddir)/src/lib/util/unittests/libutil_unittests. run_unittests_LDADD += $(top_builddir)/src/lib/exceptions/libexceptions.la endif -check_PROGRAMS = $(TESTS) +noinst_PROGRAMS = $(TESTS) diff --git a/src/lib/datasrc/tests/Makefile.am b/src/lib/datasrc/tests/Makefile.am index 0be8cd2b2a..3d2ba6d4a7 100644 --- a/src/lib/datasrc/tests/Makefile.am +++ b/src/lib/datasrc/tests/Makefile.am @@ -62,7 +62,7 @@ run_unittests_LDADD += $(top_builddir)/src/lib/testutils/libtestutils.la run_unittests_LDADD += $(top_builddir)/src/lib/util/unittests/libutil_unittests.la endif -check_PROGRAMS = $(TESTS) +noinst_PROGRAMS = $(TESTS) EXTRA_DIST = testdata/brokendb.sqlite3 EXTRA_DIST += testdata/example.com.signed diff --git a/src/lib/dns/tests/Makefile.am b/src/lib/dns/tests/Makefile.am index 4fe8214715..37946782bd 100644 --- a/src/lib/dns/tests/Makefile.am +++ b/src/lib/dns/tests/Makefile.am @@ -71,4 +71,4 @@ run_unittests_LDADD += $(top_builddir)/src/lib/util/unittests/libutil_unittests. run_unittests_LDADD += $(top_builddir)/src/lib/exceptions/libexceptions.la endif -check_PROGRAMS = $(TESTS) +noinst_PROGRAMS = $(TESTS) diff --git a/src/lib/exceptions/tests/Makefile.am b/src/lib/exceptions/tests/Makefile.am index 35161a1fed..2444b025c6 100644 --- a/src/lib/exceptions/tests/Makefile.am +++ b/src/lib/exceptions/tests/Makefile.am @@ -20,4 +20,4 @@ run_unittests_LDADD = $(GTEST_LDADD) run_unittests_LDADD += $(top_builddir)/src/lib/exceptions/libexceptions.la endif -check_PROGRAMS = $(TESTS) +noinst_PROGRAMS = $(TESTS) diff --git a/src/lib/log/tests/Makefile.am b/src/lib/log/tests/Makefile.am index 8ca561dbd7..a5f793ce9e 100644 --- a/src/lib/log/tests/Makefile.am +++ b/src/lib/log/tests/Makefile.am @@ -45,7 +45,7 @@ run_unittests_LDADD += $(top_builddir)/src/lib/exceptions/libexceptions.la run_unittests_LDADD += $(top_builddir)/src/lib/util/unittests/libutil_unittests.la endif -check_PROGRAMS = logger_example +noinst_PROGRAMS = logger_example logger_example_SOURCES = logger_example.cc logger_example_CPPFLAGS = $(AM_CPPFLAGS) $(GTEST_INCLUDES) logger_example_LDFLAGS = $(AM_LDFLAGS) $(LOG4CPLUS_LDFLAGS) @@ -53,7 +53,7 @@ logger_example_LDADD = $(top_builddir)/src/lib/log/liblog.la logger_example_LDADD += $(top_builddir)/src/lib/util/libutil.la logger_example_LDADD += $(top_builddir)/src/lib/exceptions/libexceptions.la -check_PROGRAMS += init_logger_test +noinst_PROGRAMS += init_logger_test init_logger_test_SOURCES = init_logger_test.cc init_logger_test_CPPFLAGS = $(AM_CPPFLAGS) $(GTEST_INCLUDES) init_logger_test_LDFLAGS = $(AM_LDFLAGS) $(LOG4CPLUS_LDFLAGS) @@ -61,7 +61,7 @@ init_logger_test_LDADD = $(top_builddir)/src/lib/log/liblog.la init_logger_test_LDADD += $(top_builddir)/src/lib/util/libutil.la init_logger_test_LDADD += $(top_builddir)/src/lib/exceptions/libexceptions.la -check_PROGRAMS += $(TESTS) +noinst_PROGRAMS += $(TESTS) # Additional test using the shell. These are principally tests # where the global logging environment is affected, and where the diff --git a/src/lib/nsas/tests/Makefile.am b/src/lib/nsas/tests/Makefile.am index 8845187e20..420e8971f1 100644 --- a/src/lib/nsas/tests/Makefile.am +++ b/src/lib/nsas/tests/Makefile.am @@ -60,4 +60,4 @@ run_unittests_LDADD += $(top_builddir)/src/lib/util/unittests/libutil_unittests. run_unittests_LDADD += $(top_builddir)/src/lib/exceptions/libexceptions.la endif -check_PROGRAMS = $(TESTS) +noinst_PROGRAMS = $(TESTS) diff --git a/src/lib/resolve/tests/Makefile.am b/src/lib/resolve/tests/Makefile.am index 7c42c367a9..cf05d9b08e 100644 --- a/src/lib/resolve/tests/Makefile.am +++ b/src/lib/resolve/tests/Makefile.am @@ -38,4 +38,4 @@ run_unittests_LDADD += $(top_builddir)/src/lib/exceptions/libexceptions.la endif -check_PROGRAMS = $(TESTS) +noinst_PROGRAMS = $(TESTS) diff --git a/src/lib/server_common/tests/Makefile.am b/src/lib/server_common/tests/Makefile.am index d07be523a1..d7e113af1c 100644 --- a/src/lib/server_common/tests/Makefile.am +++ b/src/lib/server_common/tests/Makefile.am @@ -49,6 +49,6 @@ run_unittests_LDADD += $(top_builddir)/src/lib/config/libcfgclient.la run_unittests_LDADD += $(top_builddir)/src/lib/config/tests/libfake_session.la endif -check_PROGRAMS = $(TESTS) +noinst_PROGRAMS = $(TESTS) EXTRA_DIST = testdata/spec.spec diff --git a/src/lib/util/pyunittests/Makefile.am b/src/lib/util/pyunittests/Makefile.am index 02fb8c2355..dd2d39ac1a 100644 --- a/src/lib/util/pyunittests/Makefile.am +++ b/src/lib/util/pyunittests/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = -I$(top_srcdir)/src/lib -I$(top_builddir)/src/lib AM_CPPFLAGS += $(BOOST_INCLUDES) AM_CXXFLAGS = $(B10_CXXFLAGS) -check_LTLIBRARIES = pyunittests_util.la +noinst_LTLIBRARIES = pyunittests_util.la pyunittests_util_la_SOURCES = pyunittests_util.cc pyunittests_util_la_CPPFLAGS = $(AM_CPPFLAGS) $(PYTHON_INCLUDES) diff --git a/src/lib/util/tests/Makefile.am b/src/lib/util/tests/Makefile.am index b61804e12c..47243f8273 100644 --- a/src/lib/util/tests/Makefile.am +++ b/src/lib/util/tests/Makefile.am @@ -40,4 +40,4 @@ run_unittests_LDADD += \ run_unittests_LDADD += $(top_builddir)/src/lib/exceptions/libexceptions.la endif -check_PROGRAMS = $(TESTS) +noinst_PROGRAMS = $(TESTS) diff --git a/src/lib/util/unittests/Makefile.am b/src/lib/util/unittests/Makefile.am index 8006262010..bbb0d49b87 100644 --- a/src/lib/util/unittests/Makefile.am +++ b/src/lib/util/unittests/Makefile.am @@ -1,7 +1,7 @@ AM_CPPFLAGS = -I$(top_srcdir)/src/lib -I$(top_builddir)/src/lib AM_CXXFLAGS = $(B10_CXXFLAGS) -check_LTLIBRARIES = libutil_unittests.la +noinst_LTLIBRARIES = libutil_unittests.la libutil_unittests_la_SOURCES = fork.h fork.cc resolver.h libutil_unittests_la_SOURCES += newhook.h newhook.cc libutil_unittests_la_SOURCES += testdata.h testdata.cc diff --git a/tests/tools/badpacket/Makefile.am b/tests/tools/badpacket/Makefile.am index 61b76b2911..fcba404818 100644 --- a/tests/tools/badpacket/Makefile.am +++ b/tests/tools/badpacket/Makefile.am @@ -12,7 +12,7 @@ endif CLEANFILES = *.gcno *.gcda -check_PROGRAMS = badpacket +noinst_PROGRAMS = badpacket badpacket_SOURCES = badpacket.cc badpacket_SOURCES += command_options.cc command_options.h badpacket_SOURCES += header_flags.h diff --git a/tests/tools/badpacket/tests/Makefile.am b/tests/tools/badpacket/tests/Makefile.am index a110e11921..2daa6646f4 100644 --- a/tests/tools/badpacket/tests/Makefile.am +++ b/tests/tools/badpacket/tests/Makefile.am @@ -29,4 +29,4 @@ run_unittests_LDADD += $(top_builddir)/src/lib/exceptions/libexceptions.la run_unittests_LDADD += $(top_builddir)/src/lib/util/unittests/libutil_unittests.la endif -check_PROGRAMS = $(TESTS) +noinst_PROGRAMS = $(TESTS) From 0b6ac7ed34c708e6e92c41dc28bc8589864cecd3 Mon Sep 17 00:00:00 2001 From: "Jeremy C. Reed" Date: Tue, 11 Oct 2011 11:01:13 -0500 Subject: [PATCH 02/77] [trac1286] don't install libfake_session and libtestutils Not specific to the initial goal of this ticket, but brought up in the ticket: also change the Makefiles for libfake_session and libtestutils to use noinst_. --- src/lib/config/tests/Makefile.am | 2 +- src/lib/testutils/Makefile.am | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/config/tests/Makefile.am b/src/lib/config/tests/Makefile.am index 7153e094ea..2f1fc6fc1b 100644 --- a/src/lib/config/tests/Makefile.am +++ b/src/lib/config/tests/Makefile.am @@ -11,7 +11,7 @@ endif CLEANFILES = *.gcno *.gcda -lib_LTLIBRARIES = libfake_session.la +noinst_LTLIBRARIES = libfake_session.la libfake_session_la_SOURCES = fake_session.h fake_session.cc TESTS = diff --git a/src/lib/testutils/Makefile.am b/src/lib/testutils/Makefile.am index ae5c6dabc8..a511d24be3 100644 --- a/src/lib/testutils/Makefile.am +++ b/src/lib/testutils/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS += $(BOOST_INCLUDES) AM_CXXFLAGS=$(B10_CXXFLAGS) if HAVE_GTEST -lib_LTLIBRARIES = libtestutils.la +noinst_LTLIBRARIES = libtestutils.la libtestutils_la_SOURCES = srv_test.h srv_test.cc libtestutils_la_SOURCES += dnsmessage_test.h dnsmessage_test.cc From b9aefd1018b099666908d64650c8a5ea3e153ff4 Mon Sep 17 00:00:00 2001 From: JINMEI Tatuya Date: Tue, 11 Oct 2011 19:37:26 -0700 Subject: [PATCH 03/77] [1294] changed the default of zones/ixfr_disabled to true. also make sure the spec default is used when unspecified. --- doc/guide/bind10-guide.xml | 60 ++++++++++++++++++++++++------------- src/bin/xfrin/b10-xfrin.xml | 2 +- src/bin/xfrin/xfrin.py.in | 17 +++++++---- 3 files changed, 51 insertions(+), 28 deletions(-) diff --git a/doc/guide/bind10-guide.xml b/doc/guide/bind10-guide.xml index 34607e9105..08ed200adf 100644 --- a/doc/guide/bind10-guide.xml +++ b/doc/guide/bind10-guide.xml @@ -1278,13 +1278,19 @@ TODO that is, they don't work for an in-memory data source. - - To enable IXFR, you need to - configure b10-xfrin with an explicit zone - configuration for the zone. - For example, to enable IXFR for a zone named "example.com" - (whose master address is assumed to be 2001:db8::53 here), - run the following at the bindctl prompt: +
+ Configuration for Incoming Zone Transfers + + In practice, you need to specify a list of secondary zones to + enable incoming zone transfers for these zones (you can still + trigger a zone transfer manually, without a prior configuration + (see below)). + + + + For example, to enable zone transfers for a zone named "example.com" + (whose master address is assumed to be 2001:db8::53 here), + run the following at the bindctl prompt: > config add Xfrin/zones > config set Xfrin/zones[0]/name "" @@ -1292,16 +1298,22 @@ TODO > config commit (We assume there has been no zone configuration before). - Note that you do NOT have to explicitly enable IXFR in the zone - configuration; once it's defined, IXFR is enabled by default. - This also means if you specify a zone configuration for some - other reason but don't want to use IXFR for that zone, you need - to disable it explicitly: + +
+
+ Enabling IXFR + + As noted above, b10-xfrin uses AXFR for + zone transfers by default. To enable IXFR for zone transfers + for a particular zone, set the ixfr_disabled + configuration parameter to true. + In the above example of configuration sequence, you'll need + to add the following before performing commit: > config set Xfrin/zones[0]/ixfr_disabled true - + - + One reason why IXFR is disabled by default in the current release is because it does not support automatic fallback from IXFR to AXFR when it encounters a primary server that doesn't support @@ -1315,7 +1327,8 @@ TODO make this selection automatically. These features will be implemented in a near future version, at which point we will enable IXFR by default. - + +
- - To manually trigger a zone transfer to retrieve a remote zone, - you may use the bindctl utility. - For example, at the bindctl prompt run: +
+ Trigger an Incoming Zone Transfer Manually + + + To manually trigger a zone transfer to retrieve a remote zone, + you may use the bindctl utility. + For example, at the bindctl prompt run: + + > Xfrin retransfer zone_name="" master= + +
- > Xfrin retransfer zone_name="" master= - diff --git a/src/bin/xfrin/b10-xfrin.xml b/src/bin/xfrin/b10-xfrin.xml index 824d5fa006..454a82b40c 100644 --- a/src/bin/xfrin/b10-xfrin.xml +++ b/src/bin/xfrin/b10-xfrin.xml @@ -110,7 +110,7 @@ in separate zonemgr process. class (defaults to IN), master_addr (the zone master to transfer from), master_port (defaults to 53), - ixfr_disabled (defaults to false), and + ixfr_disabled (defaults to true), and tsig_key (optional TSIG key to use). The tsig_key is specified using a full string colon-delimited name:key:algorithm representation (e.g. diff --git a/src/bin/xfrin/xfrin.py.in b/src/bin/xfrin/xfrin.py.in index 28d5d50942..db6fab7b37 100755 --- a/src/bin/xfrin/xfrin.py.in +++ b/src/bin/xfrin/xfrin.py.in @@ -876,7 +876,12 @@ class ZoneInfo: self.set_master_port(config_data.get('master_port')) self.set_zone_class(config_data.get('class')) self.set_tsig_key(config_data.get('tsig_key')) - self.set_ixfr_disabled(config_data.get('ixfr_disabled')) + # XXX: harecode the default for ixfr_disabled. We should retrieve + # it from the + ixfr_disabled = config_data.get('ixfr_disabled') + if ixfr_disabled is None: + ixfr_disabled = True + self.set_ixfr_disabled(ixfr_disabled) def set_name(self, name_str): """Set the name for this zone given a name string. @@ -952,14 +957,14 @@ class ZoneInfo: raise XfrinZoneInfoException(errmsg) def set_ixfr_disabled(self, ixfr_disabled): - """Set ixfr_disabled. If set to False (the default), it will use + """Set ixfr_disabled. If set to False, it will use IXFR for incoming transfers. If set to True, it will use AXFR. At this moment there is no automatic fallback""" - # don't care what type it is; if evaluates to true, set to True - if ixfr_disabled: - self.ixfr_disabled = True + if ixfr_disabled is None: + self.ixfr_disabled = \ + self._module_cc.get_default_value("zones/ixfr_disabled") else: - self.ixfr_disabled = False + self.ixfr_disabled = ixfr_disabled def get_master_addr_info(self): return (self.master_addr.family, socket.SOCK_STREAM, From 2878aadf0276c7a52832c7ca7f3bddf5e348d79c Mon Sep 17 00:00:00 2001 From: JINMEI Tatuya Date: Tue, 11 Oct 2011 19:39:02 -0700 Subject: [PATCH 04/77] [1294] change the default for ixfr_disabled (forgot to commit this) --- src/bin/xfrin/xfrin.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/bin/xfrin/xfrin.spec b/src/bin/xfrin/xfrin.spec index bc937205d8..9a5154aebc 100644 --- a/src/bin/xfrin/xfrin.spec +++ b/src/bin/xfrin/xfrin.spec @@ -47,7 +47,7 @@ { "item_name": "ixfr_disabled", "item_type": "boolean", "item_optional": false, - "item_default": false + "item_default": true } ] } From d7711ce221b04a035afa9d454c8baf53ec0cb9f0 Mon Sep 17 00:00:00 2001 From: "Jeremy C. Reed" Date: Wed, 12 Oct 2011 05:40:47 -0500 Subject: [PATCH 05/77] [trac1294] fix typo in comment --- src/bin/xfrin/xfrin.py.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/bin/xfrin/xfrin.py.in b/src/bin/xfrin/xfrin.py.in index db6fab7b37..88e64c6787 100755 --- a/src/bin/xfrin/xfrin.py.in +++ b/src/bin/xfrin/xfrin.py.in @@ -876,7 +876,7 @@ class ZoneInfo: self.set_master_port(config_data.get('master_port')) self.set_zone_class(config_data.get('class')) self.set_tsig_key(config_data.get('tsig_key')) - # XXX: harecode the default for ixfr_disabled. We should retrieve + # XXX: hardcode the default for ixfr_disabled. We should retrieve # it from the ixfr_disabled = config_data.get('ixfr_disabled') if ixfr_disabled is None: From 1bbe7018238856b949b449bdacb43bcf90c79bef Mon Sep 17 00:00:00 2001 From: Jelte Jansen Date: Wed, 12 Oct 2011 13:19:30 +0200 Subject: [PATCH 06/77] [1294] changed ixfr_disabled to use_ixfr and reversed its interpretation also removed the additional None check (it was checked twice) --- doc/guide/bind10-guide.xml | 14 +++++++------- src/bin/xfrin/b10-xfrin.xml | 6 +++--- src/bin/xfrin/tests/xfrin_test.py | 26 +++++++++++++------------- src/bin/xfrin/xfrin.py.in | 24 ++++++++++-------------- src/bin/xfrin/xfrin.spec | 4 ++-- 5 files changed, 35 insertions(+), 39 deletions(-) diff --git a/doc/guide/bind10-guide.xml b/doc/guide/bind10-guide.xml index 08ed200adf..fd58285ed9 100644 --- a/doc/guide/bind10-guide.xml +++ b/doc/guide/bind10-guide.xml @@ -1304,13 +1304,13 @@ TODO
Enabling IXFR - As noted above, b10-xfrin uses AXFR for - zone transfers by default. To enable IXFR for zone transfers - for a particular zone, set the ixfr_disabled - configuration parameter to true. - In the above example of configuration sequence, you'll need - to add the following before performing commit: - > config set Xfrin/zones[0]/ixfr_disabled true + As noted above, b10-xfrin uses AXFR for + zone transfers by default. To enable IXFR for zone transfers + for a particular zone, set the use_ixfr + configuration parameter to true. + In the above example of configuration sequence, you'll need + to add the following before performing commit: + > config set Xfrin/zones[0]/use_ixfr true diff --git a/src/bin/xfrin/b10-xfrin.xml b/src/bin/xfrin/b10-xfrin.xml index 454a82b40c..30eccb500e 100644 --- a/src/bin/xfrin/b10-xfrin.xml +++ b/src/bin/xfrin/b10-xfrin.xml @@ -110,7 +110,7 @@ in separate zonemgr process. class (defaults to IN), master_addr (the zone master to transfer from), master_port (defaults to 53), - ixfr_disabled (defaults to true), and + use_ixfr (defaults to false), and tsig_key (optional TSIG key to use). The tsig_key is specified using a full string colon-delimited name:key:algorithm representation (e.g. @@ -158,7 +158,7 @@ in separate zonemgr process. according to the SOA's REFRESH time to tell b10-xfrin that the zone needs to do a zone refresh. - This is an internal command and not exposed to the administrator. + This is an internal command and not exposed to the administrator. @@ -208,7 +208,7 @@ add a usage example of xfrin --> diff --git a/src/bin/xfrin/tests/xfrin_test.py b/src/bin/xfrin/tests/xfrin_test.py index 5d3a16e96e..b9997ec80e 100644 --- a/src/bin/xfrin/tests/xfrin_test.py +++ b/src/bin/xfrin/tests/xfrin_test.py @@ -1937,12 +1937,12 @@ class TestXfrin(unittest.TestCase): self.assertEqual(zone_info.tsig_key.to_text(), TSIGKey(zone_config['tsig_key']).to_text()) else: self.assertIsNone(zone_info.tsig_key) - if 'ixfr_disabled' in zone_config and\ - zone_config.get('ixfr_disabled'): - self.assertTrue(zone_info.ixfr_disabled) + if 'use_ixfr' in zone_config and\ + zone_config.get('use_ixfr'): + self.assertTrue(zone_info.use_ixfr) else: # if not set, should default to False - self.assertFalse(zone_info.ixfr_disabled) + self.assertFalse(zone_info.use_ixfr) def test_command_handler_zones(self): config1 = { 'transfers_in': 3, @@ -1950,7 +1950,7 @@ class TestXfrin(unittest.TestCase): { 'name': 'test.example.', 'master_addr': '192.0.2.1', 'master_port': 53, - 'ixfr_disabled': False + 'use_ixfr': False } ]} self.assertEqual(self.xfr.config_handler(config1)['result'][0], 0) @@ -1962,7 +1962,7 @@ class TestXfrin(unittest.TestCase): 'master_addr': '192.0.2.2', 'master_port': 53, 'tsig_key': "example.com:SFuWd/q99SzF8Yzd1QbB9g==", - 'ixfr_disabled': True + 'use_ixfr': True } ]} self.assertEqual(self.xfr.config_handler(config2)['result'][0], 0) @@ -2072,37 +2072,37 @@ class TestXfrin(unittest.TestCase): # since this has failed, we should still have the previous config self._check_zones_config(config2) - def common_ixfr_setup(self, xfr_mode, ixfr_disabled): + def common_ixfr_setup(self, xfr_mode, use_ixfr): # This helper method explicitly sets up a zone configuration with - # ixfr_disabled, and invokes either retransfer or refresh. + # use_ixfr, and invokes either retransfer or refresh. # Shared by some of the following test cases. config = {'zones': [ {'name': 'example.com.', 'master_addr': '192.0.2.1', - 'ixfr_disabled': ixfr_disabled}]} + 'use_ixfr': use_ixfr}]} self.assertEqual(self.xfr.config_handler(config)['result'][0], 0) self.assertEqual(self.xfr.command_handler(xfr_mode, self.args)['result'][0], 0) def test_command_handler_retransfer_ixfr_enabled(self): # If IXFR is explicitly enabled in config, IXFR will be used - self.common_ixfr_setup('retransfer', False) + self.common_ixfr_setup('retransfer', True) self.assertEqual(RRType.IXFR(), self.xfr.xfrin_started_request_type) def test_command_handler_refresh_ixfr_enabled(self): # Same for refresh - self.common_ixfr_setup('refresh', False) + self.common_ixfr_setup('refresh', True) self.assertEqual(RRType.IXFR(), self.xfr.xfrin_started_request_type) def test_command_handler_retransfer_ixfr_disabled(self): # Similar to the previous case, but explicitly disabled. AXFR should # be used. - self.common_ixfr_setup('retransfer', True) + self.common_ixfr_setup('retransfer', False) self.assertEqual(RRType.AXFR(), self.xfr.xfrin_started_request_type) def test_command_handler_refresh_ixfr_disabled(self): # Same for refresh - self.common_ixfr_setup('refresh', True) + self.common_ixfr_setup('refresh', False) self.assertEqual(RRType.AXFR(), self.xfr.xfrin_started_request_type) def raise_interrupt(): diff --git a/src/bin/xfrin/xfrin.py.in b/src/bin/xfrin/xfrin.py.in index 88e64c6787..ac2c4c97a5 100755 --- a/src/bin/xfrin/xfrin.py.in +++ b/src/bin/xfrin/xfrin.py.in @@ -876,12 +876,8 @@ class ZoneInfo: self.set_master_port(config_data.get('master_port')) self.set_zone_class(config_data.get('class')) self.set_tsig_key(config_data.get('tsig_key')) - # XXX: hardcode the default for ixfr_disabled. We should retrieve - # it from the - ixfr_disabled = config_data.get('ixfr_disabled') - if ixfr_disabled is None: - ixfr_disabled = True - self.set_ixfr_disabled(ixfr_disabled) + use_ixfr = config_data.get('use_ixfr') + self.set_use_ixfr(use_ixfr) def set_name(self, name_str): """Set the name for this zone given a name string. @@ -956,15 +952,15 @@ class ZoneInfo: errmsg = "bad TSIG key string: " + tsig_key_str raise XfrinZoneInfoException(errmsg) - def set_ixfr_disabled(self, ixfr_disabled): - """Set ixfr_disabled. If set to False, it will use - IXFR for incoming transfers. If set to True, it will use AXFR. + def set_use_ixfr(self, use_ixfr): + """Set use_ixfr. If set to True, it will use + IXFR for incoming transfers. If set to False, it will use AXFR. At this moment there is no automatic fallback""" - if ixfr_disabled is None: - self.ixfr_disabled = \ - self._module_cc.get_default_value("zones/ixfr_disabled") + if use_ixfr is None: + self.use_ixfr = \ + self._module_cc.get_default_value("zones/use_ixfr") else: - self.ixfr_disabled = ixfr_disabled + self.use_ixfr = use_ixfr def get_master_addr_info(self): return (self.master_addr.family, socket.SOCK_STREAM, @@ -1091,7 +1087,7 @@ class Xfrin: request_type = RRType.AXFR() if zone_info: tsig_key = zone_info.tsig_key - if not zone_info.ixfr_disabled: + if zone_info.use_ixfr: request_type = RRType.IXFR() db_file = args.get('db_file') or self._get_db_file() ret = self.xfrin_start(zone_name, diff --git a/src/bin/xfrin/xfrin.spec b/src/bin/xfrin/xfrin.spec index 9a5154aebc..c1ba61e41b 100644 --- a/src/bin/xfrin/xfrin.spec +++ b/src/bin/xfrin/xfrin.spec @@ -44,10 +44,10 @@ "item_type": "string", "item_optional": true }, - { "item_name": "ixfr_disabled", + { "item_name": "use_ixfr", "item_type": "boolean", "item_optional": false, - "item_default": true + "item_default": false } ] } From 45970604c644066bd34abd15c8877d5969462250 Mon Sep 17 00:00:00 2001 From: "Jeremy C. Reed" Date: Wed, 12 Oct 2011 08:40:15 -0500 Subject: [PATCH 07/77] [trac1294] add comment pointing to ticket todo --- doc/guide/bind10-guide.xml | 2 ++ src/bin/xfrin/b10-xfrin.xml | 1 + src/bin/xfrin/xfrin.py.in | 1 + 3 files changed, 4 insertions(+) diff --git a/doc/guide/bind10-guide.xml b/doc/guide/bind10-guide.xml index fd58285ed9..46038189fd 100644 --- a/doc/guide/bind10-guide.xml +++ b/doc/guide/bind10-guide.xml @@ -1271,6 +1271,7 @@ TODO development release, however, it only tries AXFR by default, and care should be taken to enable IXFR. + In the current development release of BIND 10, incoming zone @@ -1313,6 +1314,7 @@ TODO > config set Xfrin/zones[0]/use_ixfr true + One reason why IXFR is disabled by default in the current release is because it does not support automatic fallback from IXFR to diff --git a/src/bin/xfrin/b10-xfrin.xml b/src/bin/xfrin/b10-xfrin.xml index 30eccb500e..dc9a6cd978 100644 --- a/src/bin/xfrin/b10-xfrin.xml +++ b/src/bin/xfrin/b10-xfrin.xml @@ -75,6 +75,7 @@ in separate zonemgr process. and care should be taken to enable IXFR. See the BIND 10 Guide for more details. + This daemon communicates with BIND 10 over a diff --git a/src/bin/xfrin/xfrin.py.in b/src/bin/xfrin/xfrin.py.in index ac2c4c97a5..7498fd808c 100755 --- a/src/bin/xfrin/xfrin.py.in +++ b/src/bin/xfrin/xfrin.py.in @@ -956,6 +956,7 @@ class ZoneInfo: """Set use_ixfr. If set to True, it will use IXFR for incoming transfers. If set to False, it will use AXFR. At this moment there is no automatic fallback""" + # TODO: http://bind10.isc.org/ticket/1279 if use_ixfr is None: self.use_ixfr = \ self._module_cc.get_default_value("zones/use_ixfr") From ee8c0398005c5aff53be33b07d9d0b6fdd353175 Mon Sep 17 00:00:00 2001 From: Jelte Jansen Date: Wed, 12 Oct 2011 15:41:25 +0200 Subject: [PATCH 08/77] [1294] rename test and add some comments --- src/bin/xfrin/tests/xfrin_test.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/bin/xfrin/tests/xfrin_test.py b/src/bin/xfrin/tests/xfrin_test.py index b9997ec80e..0cb7dc2601 100644 --- a/src/bin/xfrin/tests/xfrin_test.py +++ b/src/bin/xfrin/tests/xfrin_test.py @@ -1944,7 +1944,11 @@ class TestXfrin(unittest.TestCase): # if not set, should default to False self.assertFalse(zone_info.use_ixfr) - def test_command_handler_zones(self): + def test_config_handler_zones(self): + # This test passes a number of good and bad configs, and checks whether + # the values are reflected in the structure that will dictate the + # actual behaviour. It also checks if bad values are correctly + # handled config1 = { 'transfers_in': 3, 'zones': [ { 'name': 'test.example.', From aadf8f9a5d8dfe13ae2196b61c406c8a8e1d05e7 Mon Sep 17 00:00:00 2001 From: "Jeremy C. Reed" Date: Wed, 12 Oct 2011 09:10:04 -0500 Subject: [PATCH 09/77] [master] for #1274, Use python_PYTHON for the python scripts Use python_PYTHON for the python scripts. This results in installing byte compiled version. Removed files from EXTRA_DIST as they are now in dist by default. Added CLEANFILES to clean up .pyc in build directory. Note that I am keeping the installation directory the same. --- src/bin/cfgmgr/plugins/Makefile.am | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/bin/cfgmgr/plugins/Makefile.am b/src/bin/cfgmgr/plugins/Makefile.am index 529a4ed481..5a4cfef4c3 100644 --- a/src/bin/cfgmgr/plugins/Makefile.am +++ b/src/bin/cfgmgr/plugins/Makefile.am @@ -1,11 +1,14 @@ SUBDIRS = tests -EXTRA_DIST = README tsig_keys.py tsig_keys.spec -EXTRA_DIST += logging.spec b10logging.py + +EXTRA_DIST = README logging.spec tsig_keys.spec config_plugindir = @prefix@/share/@PACKAGE@/config_plugins -config_plugin_DATA = tsig_keys.py tsig_keys.spec -config_plugin_DATA += b10logging.py logging.spec +config_plugin_DATA = logging.spec tsig_keys.spec +python_PYTHON = b10logging.py tsig_keys.py +pythondir = $(config_plugindir) + +CLEANFILES = b10logging.pyc tsig_keys.pyc CLEANDIRS = __pycache__ clean-local: From 681e0e8b37fcf732b0f4caabae3695756e6a1e9f Mon Sep 17 00:00:00 2001 From: Jelte Jansen Date: Wed, 12 Oct 2011 17:03:18 +0200 Subject: [PATCH 10/77] [1298] check notify source address against the master address in the config. error if they don't match, start transfer if they do --- src/bin/xfrin/tests/xfrin_test.py | 21 +++++++++++++++++++-- src/bin/xfrin/xfrin.py.in | 25 ++++++++++++++++++------- src/bin/xfrin/xfrin_messages.mes | 6 ++++++ 3 files changed, 43 insertions(+), 9 deletions(-) diff --git a/src/bin/xfrin/tests/xfrin_test.py b/src/bin/xfrin/tests/xfrin_test.py index 0cb7dc2601..3316305426 100644 --- a/src/bin/xfrin/tests/xfrin_test.py +++ b/src/bin/xfrin/tests/xfrin_test.py @@ -1891,7 +1891,7 @@ class TestXfrin(unittest.TestCase): self.assertEqual(self.xfr.command_handler("notify", self.args)['result'][0], 1) - def test_command_handler_notify_known_zone(self): + def test_command_handler_notify_known_zone_bad_addr(self): # try it with a known zone self.args['master'] = TEST_MASTER_IPV6_ADDRESS @@ -1903,6 +1903,23 @@ class TestXfrin(unittest.TestCase): } ]} self.xfr.config_handler(zones) + # the command should now fail + self.assertEqual(self.xfr.command_handler("notify", + self.args)['result'][0], 1) + + def test_command_handler_notify_known_zone(self): + # try it with a known zone + self.args['master'] = TEST_MASTER_IPV6_ADDRESS + + # but use a different address in the actual command + zones = { 'zones': [ + { 'name': TEST_ZONE_NAME_STR, + 'master_addr': TEST_MASTER_IPV6_ADDRESS, + 'master_port': TEST_MASTER_PORT + } + ]} + self.xfr.config_handler(zones) + # the command should now fail self.assertEqual(self.xfr.command_handler("notify", self.args)['result'][0], 0) @@ -1911,7 +1928,7 @@ class TestXfrin(unittest.TestCase): # This is actually NOT the address given in the command, which # would at this point not make sense, see the TODO in # xfrin.py.in Xfrin.command_handler()) - self.assertEqual(TEST_MASTER_IPV4_ADDRESS, + self.assertEqual(TEST_MASTER_IPV6_ADDRESS, self.xfr.xfrin_started_master_addr) self.assertEqual(int(TEST_MASTER_PORT), self.xfr.xfrin_started_master_port) diff --git a/src/bin/xfrin/xfrin.py.in b/src/bin/xfrin/xfrin.py.in index 7498fd808c..03a208a1c1 100755 --- a/src/bin/xfrin/xfrin.py.in +++ b/src/bin/xfrin/xfrin.py.in @@ -1061,6 +1061,8 @@ class Xfrin: # we should check if it matches one of them, and then use it.) (zone_name, rrclass) = self._parse_zone_name_and_class(args) zone_info = self._get_zone_info(zone_name, rrclass) + notify_addr = self._parse_master_and_port(args, zone_name, + rrclass) if zone_info is None: # TODO what to do? no info known about zone. defaults? errmsg = "Got notification to retransfer unknown zone " + zone_name.to_text() @@ -1068,13 +1070,22 @@ class Xfrin: answer = create_answer(1, errmsg) else: master_addr = zone_info.get_master_addr_info() - ret = self.xfrin_start(zone_name, - rrclass, - self._get_db_file(), - master_addr, - zone_info.tsig_key, RRType.AXFR(), - True) - answer = create_answer(ret[0], ret[1]) + request_type = RRType.AXFR() + if notify_addr == master_addr: + ret = self.xfrin_start(zone_name, + rrclass, + self._get_db_file(), + master_addr, + zone_info.tsig_key, request_type, + True) + answer = create_answer(ret[0], ret[1]) + else: + errmsg = "Got notification for " + zone_name.to_text()\ + + "from unknown address: " + notify_addr[2][0]; + logger.error(XFRIN_NOTIFY_UNKNOWN_MASTER, + zone_name.to_text(), notify_addr[2][0], + master_addr[2][0]) + answer = create_answer(1, errmsg) elif command == 'retransfer' or command == 'refresh': # Xfrin receives the retransfer/refresh from cmdctl(sent by bindctl). diff --git a/src/bin/xfrin/xfrin_messages.mes b/src/bin/xfrin/xfrin_messages.mes index a5bbdf74dc..e5d173347e 100644 --- a/src/bin/xfrin/xfrin_messages.mes +++ b/src/bin/xfrin/xfrin_messages.mes @@ -70,6 +70,12 @@ was killed. There was a problem sending a message to the zone manager. This most likely means that the msgq daemon has quit or was killed. +% XFRIN_NOTIFY_UNKNOWN_MASTER got notification to retransfer zone %1 from %2, expected %3 +The system received a notify for the given zone, but the address it came +from does not match the master address in the Xfrin configuration. The notify +is ignored. This may indicate that the configuration for the master is wrong, +that a wrong machine is sending notifies, or that fake notifies are being sent. + % XFRIN_IMPORT_DNS error importing python DNS module: %1 There was an error importing the python DNS module pydnspp. The most likely cause is a PYTHONPATH problem. From ee7fff3113f67a7dddbf069e2a555e6dbac97f69 Mon Sep 17 00:00:00 2001 From: Jelte Jansen Date: Wed, 12 Oct 2011 17:05:35 +0200 Subject: [PATCH 11/77] [1294] also check and do IXFR on notify not just on retransfer and refresh --- src/bin/xfrin/xfrin.py.in | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/bin/xfrin/xfrin.py.in b/src/bin/xfrin/xfrin.py.in index 7498fd808c..59baa1151f 100755 --- a/src/bin/xfrin/xfrin.py.in +++ b/src/bin/xfrin/xfrin.py.in @@ -1067,12 +1067,15 @@ class Xfrin: logger.error(XFRIN_RETRANSFER_UNKNOWN_ZONE, zone_name.to_text()) answer = create_answer(1, errmsg) else: + request_type = RRType.AXFR() + if zone_info.use_ixfr: + request_type = RRType.IXFR() master_addr = zone_info.get_master_addr_info() ret = self.xfrin_start(zone_name, rrclass, self._get_db_file(), master_addr, - zone_info.tsig_key, RRType.AXFR(), + zone_info.tsig_key, request_type, True) answer = create_answer(ret[0], ret[1]) From b9a2e86c2ee8d688a3e12877eb6dc4894a7eae24 Mon Sep 17 00:00:00 2001 From: JINMEI Tatuya Date: Wed, 12 Oct 2011 10:30:09 -0700 Subject: [PATCH 12/77] [1294] simplify the code a bit --- src/bin/xfrin/xfrin.py.in | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/bin/xfrin/xfrin.py.in b/src/bin/xfrin/xfrin.py.in index 59baa1151f..315d06a6f1 100755 --- a/src/bin/xfrin/xfrin.py.in +++ b/src/bin/xfrin/xfrin.py.in @@ -876,8 +876,7 @@ class ZoneInfo: self.set_master_port(config_data.get('master_port')) self.set_zone_class(config_data.get('class')) self.set_tsig_key(config_data.get('tsig_key')) - use_ixfr = config_data.get('use_ixfr') - self.set_use_ixfr(use_ixfr) + self.set_use_ixfr(config_data.get('use_ixfr')) def set_name(self, name_str): """Set the name for this zone given a name string. From fd39e4e890ce175901311b9e11291628743edde4 Mon Sep 17 00:00:00 2001 From: JINMEI Tatuya Date: Wed, 12 Oct 2011 10:30:38 -0700 Subject: [PATCH 13/77] [1294] makde sure the default value of use_ixfr actually applies (the previous test succeeds just by accident) --- src/bin/xfrin/tests/xfrin_test.py | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/src/bin/xfrin/tests/xfrin_test.py b/src/bin/xfrin/tests/xfrin_test.py index 0cb7dc2601..2862431a2d 100644 --- a/src/bin/xfrin/tests/xfrin_test.py +++ b/src/bin/xfrin/tests/xfrin_test.py @@ -98,10 +98,15 @@ class XfrinTestTimeoutException(Exception): class MockCC(): def get_default_value(self, identifier): + # The returned values should be identical to the spec file + # XXX: these should be retrieved from the spec file + # (see MyCCSession of xfrout_test.py.in) if identifier == "zones/master_port": return TEST_MASTER_PORT if identifier == "zones/class": return TEST_RRCLASS_STR + if identifier == "zones/use_ixfr": + return False class MockDataSourceClient(): '''A simple mock data source client. @@ -2076,6 +2081,18 @@ class TestXfrin(unittest.TestCase): # since this has failed, we should still have the previous config self._check_zones_config(config2) + def test_config_handler_zones_default(self): + # Checking it some default config values apply. Using a separate + # test case for a fresh xfr object. + config = { 'zones': [ + { 'name': 'test.example.', + 'master_addr': '192.0.2.1', + 'master_port': 53, + } + ]} + self.assertEqual(self.xfr.config_handler(config)['result'][0], 0) + self._check_zones_config(config) + def common_ixfr_setup(self, xfr_mode, use_ixfr): # This helper method explicitly sets up a zone configuration with # use_ixfr, and invokes either retransfer or refresh. From b684bcd2eb5a0def50c149319ab8df379155121f Mon Sep 17 00:00:00 2001 From: JINMEI Tatuya Date: Wed, 12 Oct 2011 11:49:55 -0700 Subject: [PATCH 14/77] [1298] corrected comments about the test to match the recent change. also, commented out now-meaningless tests rather than tweaking them to let them pass in a superficial manner (we'll discuss this). --- src/bin/xfrin/tests/xfrin_test.py | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/src/bin/xfrin/tests/xfrin_test.py b/src/bin/xfrin/tests/xfrin_test.py index 3316305426..a239530efa 100644 --- a/src/bin/xfrin/tests/xfrin_test.py +++ b/src/bin/xfrin/tests/xfrin_test.py @@ -1911,7 +1911,7 @@ class TestXfrin(unittest.TestCase): # try it with a known zone self.args['master'] = TEST_MASTER_IPV6_ADDRESS - # but use a different address in the actual command + # with a zone configuration that has a matching master address. zones = { 'zones': [ { 'name': TEST_ZONE_NAME_STR, 'master_addr': TEST_MASTER_IPV6_ADDRESS, @@ -1919,19 +1919,23 @@ class TestXfrin(unittest.TestCase): } ]} self.xfr.config_handler(zones) - # the command should now fail self.assertEqual(self.xfr.command_handler("notify", self.args)['result'][0], 0) + # Note: The rest of the tests won't pass due to the change in #1298 + # We should probably simply remove the test cases, but for now we + # just comment them out. (Note also that the comment about 'not + # from the config' is now wrong, because we used the matching address.) + # # and see if we used the address from the command, and not from # the config # This is actually NOT the address given in the command, which # would at this point not make sense, see the TODO in # xfrin.py.in Xfrin.command_handler()) - self.assertEqual(TEST_MASTER_IPV6_ADDRESS, - self.xfr.xfrin_started_master_addr) - self.assertEqual(int(TEST_MASTER_PORT), - self.xfr.xfrin_started_master_port) +# self.assertEqual(TEST_MASTER_IPV4_ADDRESS, +# self.xfr.xfrin_started_master_addr) +# self.assertEqual(int(TEST_MASTER_PORT), +# self.xfr.xfrin_started_master_port) def test_command_handler_unknown(self): self.assertEqual(self.xfr.command_handler("xxx", None)['result'][0], 1) From 930d4317ed56bdb7cb0d7d53bac5db297ddd0551 Mon Sep 17 00:00:00 2001 From: reed Date: Thu, 13 Oct 2011 08:19:13 -0500 Subject: [PATCH 15/77] Quick hack for ticket #1300 to workaround dlopen can't find library This was from jinmei. The real fix will be done in #1292. --- src/bin/bind10/Makefile.am | 1 + src/bin/bind10/bind10_src.py.in | 16 ++++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/src/bin/bind10/Makefile.am b/src/bin/bind10/Makefile.am index 5ec0c9f4a6..69ea256157 100644 --- a/src/bin/bind10/Makefile.am +++ b/src/bin/bind10/Makefile.am @@ -33,6 +33,7 @@ $(PYTHON_LOGMSGPKG_DIR)/work/bind10_messages.py : bind10_messages.mes # this is done here since configure.ac AC_OUTPUT doesn't expand exec_prefix bind10: bind10_src.py $(PYTHON_LOGMSGPKG_DIR)/work/bind10_messages.py $(SED) -e "s|@@PYTHONPATH@@|@pyexecdir@|" \ + -e "s|@@LIBDIR@@|$(libdir)|" \ -e "s|@@LIBEXECDIR@@|$(pkglibexecdir)|" bind10_src.py >$@ chmod a+x $@ diff --git a/src/bin/bind10/bind10_src.py.in b/src/bin/bind10/bind10_src.py.in index 1687cb1655..299509a90f 100755 --- a/src/bin/bind10/bind10_src.py.in +++ b/src/bin/bind10/bind10_src.py.in @@ -579,6 +579,22 @@ class BoB: self.start_simple("b10-xfrout", c_channel_env) def start_xfrin(self, c_channel_env): + # XXX: a quick-hack workaround. xfrin will implicitly use dynamically + # loadable data source modules, which will be installed in $(libdir). + # On some OSes (including MacOS X and *BSDs) the main process (python) + # cannot find the modules unless they are located in a common shared + # object path or a path in the (DY)LD_LIBRARY_PATH. We should seek + # a cleaner solution, but for a short term workaround we specify the + # path here, unconditionally, and without even bothering which + # environment varialbe should be used. + if not "B10_FROM_SOURCE" in os.environ: + cur_path = os.getenv('DYLD_LIBRARY_PATH') + cur_path = '' if cur_path is None else ':' + cur_path + c_channel_env['DYLD_LIBRARY_PATH'] = "@@LIBDIR@@" + cur_path + + cur_path = os.getenv('LD_LIBRARY_PATH') + cur_path = '' if cur_path is None else ':' + cur_path + c_channel_env['LD_LIBRARY_PATH'] = "@@LIBDIR@@" + cur_path self.start_simple("b10-xfrin", c_channel_env) def start_zonemgr(self, c_channel_env): From e2c88f03e394ed8ebcfcff936ee888bf593e22d1 Mon Sep 17 00:00:00 2001 From: reed Date: Thu, 13 Oct 2011 08:19:46 -0500 Subject: [PATCH 16/77] fix typo in comment in #1300 quick hack --- src/bin/bind10/bind10_src.py.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/bin/bind10/bind10_src.py.in b/src/bin/bind10/bind10_src.py.in index 299509a90f..94747f21c2 100755 --- a/src/bin/bind10/bind10_src.py.in +++ b/src/bin/bind10/bind10_src.py.in @@ -586,7 +586,7 @@ class BoB: # object path or a path in the (DY)LD_LIBRARY_PATH. We should seek # a cleaner solution, but for a short term workaround we specify the # path here, unconditionally, and without even bothering which - # environment varialbe should be used. + # environment variable should be used. if not "B10_FROM_SOURCE" in os.environ: cur_path = os.getenv('DYLD_LIBRARY_PATH') cur_path = '' if cur_path is None else ':' + cur_path From 99aa9fc05044158e0f41e56da538bd1162d869e2 Mon Sep 17 00:00:00 2001 From: "Jeremy C. Reed" Date: Thu, 13 Oct 2011 09:09:58 -0500 Subject: [PATCH 17/77] [master] mention other guide formats are available on website --- doc/guide/bind10-guide.xml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/doc/guide/bind10-guide.xml b/doc/guide/bind10-guide.xml index 46038189fd..21bb671efb 100644 --- a/doc/guide/bind10-guide.xml +++ b/doc/guide/bind10-guide.xml @@ -41,9 +41,10 @@ This is the reference guide for BIND 10 version &__VERSION__;. - The most up-to-date version of this document, along with - other documents for BIND 10, can be found at . + The most up-to-date version of this document (in PDF, HTML, + and plain text formats), along with other documents for + BIND 10, can be found at . + This is the reference guide for BIND 10 version &__VERSION__;. From acb0565bb4ddaf1d51abc511459478e738dff6d7 Mon Sep 17 00:00:00 2001 From: "Jeremy C. Reed" Date: Thu, 13 Oct 2011 09:10:35 -0500 Subject: [PATCH 18/77] [master] build a text version of the guide This was brought up at ISC All-Hands. This will be included in the tarball. For now this will be included in the repo too (a different commit will add it). I am using elinks for now. Note for now nothing in make forces it to be rebuilt, so no tool is needed for this. --- doc/guide/Makefile.am | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/doc/guide/Makefile.am b/doc/guide/Makefile.am index c84ad06a35..aaf896048c 100644 --- a/doc/guide/Makefile.am +++ b/doc/guide/Makefile.am @@ -1,7 +1,12 @@ EXTRA_DIST = bind10-guide.css -EXTRA_DIST += bind10-guide.xml bind10-guide.html +EXTRA_DIST += bind10-guide.xml bind10-guide.html bind10-guide.txt EXTRA_DIST += bind10-messages.xml bind10-messages.html +HTML2TXT ?= elinks -dump -no-numbering -no-references + +bind10-guide.txt: bind10-guide.html + $(HTML2TXT) $(srcdir)/bind10-guide.html > $@ + # This is not a "man" manual, but reuse this for now for docbook. if ENABLE_MAN From d1897d34676045b89edc09a767f8d0ab14d662c9 Mon Sep 17 00:00:00 2001 From: "Jeremy C. Reed" Date: Thu, 13 Oct 2011 09:12:40 -0500 Subject: [PATCH 19/77] [master] add the rendered text file of bind10-guide.txt As asked at ISC All Hands. We can later discuss if we don't want rendered documents in repo. --- doc/guide/bind10-guide.txt | 1201 ++++++++++++++++++++++++++++++++++++ 1 file changed, 1201 insertions(+) create mode 100644 doc/guide/bind10-guide.txt diff --git a/doc/guide/bind10-guide.txt b/doc/guide/bind10-guide.txt new file mode 100644 index 0000000000..619d56f4ec --- /dev/null +++ b/doc/guide/bind10-guide.txt @@ -0,0 +1,1201 @@ + BIND 10 Guide + +Administrator Reference for BIND 10 + + This is the reference guide for BIND 10 version 20110809. + + Copyright (c) 2010-2011 Internet Systems Consortium, Inc. + + Abstract + + BIND 10 is a Domain Name System (DNS) suite managed by Internet Systems + Consortium (ISC). It includes DNS libraries and modular components for + controlling authoritative and recursive DNS servers. + + This is the reference guide for BIND 10 version 20110809. The most + up-to-date version of this document (in PDF, HTML, and plain text + formats), along with other documents for BIND 10, can be found at + http://bind10.isc.org/docs. + + -------------------------------------------------------------------------- + + Table of Contents + + 1. Introduction + + Supported Platforms + + Required Software + + Starting and Stopping the Server + + Managing BIND 10 + + 2. Installation + + Building Requirements + + Quick start + + Installation from source + + Download Tar File + + Retrieve from Git + + Configure before the build + + Build + + Install + + Install Hierarchy + + 3. Starting BIND10 with bind10 + + Starting BIND 10 + + 4. Command channel + + 5. Configuration manager + + 6. Remote control daemon + + Configuration specification for b10-cmdctl + + 7. Control and configure user interface + + 8. Authoritative Server + + Server Configurations + + Data Source Backends + + Loading Master Zones Files + + 9. Incoming Zone Transfers + + Configuration for Incoming Zone Transfers + + Enabling IXFR + + Trigger an Incoming Zone Transfer Manually + + 10. Outbound Zone Transfers + + 11. Secondary Manager + + 12. Recursive Name Server + + Access Control + + Forwarding + + 13. Statistics + + 14. Logging + + Logging configuration + + Loggers + + Output Options + + Example session + + Logging Message Format + +Chapter 1. Introduction + + Table of Contents + + Supported Platforms + + Required Software + + Starting and Stopping the Server + + Managing BIND 10 + + BIND is the popular implementation of a DNS server, developer interfaces, + and DNS tools. BIND 10 is a rewrite of BIND 9. BIND 10 is written in C++ + and Python and provides a modular environment for serving and maintaining + DNS. + + Note + + This guide covers the experimental prototype of BIND 10 version 20110809. + + Note + + BIND 10 provides a EDNS0- and DNSSEC-capable authoritative DNS server and + a caching recursive name server which also provides forwarding. + +Supported Platforms + + BIND 10 builds have been tested on Debian GNU/Linux 5, Ubuntu 9.10, NetBSD + 5, Solaris 10, FreeBSD 7 and 8, and CentOS Linux 5.3. It has been tested + on Sparc, i386, and amd64 hardware platforms. It is planned for BIND 10 to + build, install and run on Windows and standard Unix-type platforms. + +Required Software + + BIND 10 requires Python 3.1. Later versions may work, but Python 3.1 is + the minimum version which will work. + + BIND 10 uses the Botan crypto library for C++. It requires at least Botan + version 1.8. + + BIND 10 uses the log4cplus C++ logging library. It requires at least + log4cplus version 1.0.3. + + The authoritative server requires SQLite 3.3.9 or newer. The b10-xfrin, + b10-xfrout, and b10-zonemgr modules require the libpython3 library and the + Python _sqlite3.so module. + + Note + + Some operating systems do not provide these dependencies in their default + installation nor standard packages collections. You may need to install + them separately. + +Starting and Stopping the Server + + BIND 10 is modular. Part of this modularity is accomplished using multiple + cooperating processes which, together, provide the server functionality. + This is a change from the previous generation of BIND software, which used + a single process. + + At first, running many different processes may seem confusing. However, + these processes are started, stopped, and maintained by a single command, + bind10. This command starts a master process which will start other + processes as needed. The processes started by the bind10 command have + names starting with "b10-", including: + + o b10-msgq -- Message bus daemon. This process coordinates communication + between all of the other BIND 10 processes. + o b10-auth -- Authoritative DNS server. This process serves DNS + requests. + o b10-cfgmgr -- Configuration manager. This process maintains all of the + configuration for BIND 10. + o b10-cmdctl -- Command and control service. This process allows + external control of the BIND 10 system. + o b10-resolver -- Recursive name server. This process handles incoming + queries. + o b10-stats -- Statistics collection daemon. This process collects and + reports statistics data. + o b10-xfrin -- Incoming zone transfer service. This process is used to + transfer a new copy of a zone into BIND 10, when acting as a secondary + server. + o b10-xfrout -- Outgoing zone transfer service. This process is used to + handle transfer requests to send a local zone to a remote secondary + server, when acting as a master server. + o b10-zonemgr -- Secondary manager. This process keeps track of timers + and other necessary information for BIND 10 to act as a slave server. + + These are ran automatically by bind10 and do not need to be run manually. + +Managing BIND 10 + + Once BIND 10 is running, a few commands are used to interact directly with + the system: + + o bindctl -- interactive administration interface. This is a + command-line tool which allows an administrator to control BIND 10. + o b10-loadzone -- zone file loader. This tool will load standard + masterfile-format zone files into BIND 10. + o b10-cmdctl-usermgr -- user access control. This tool allows an + administrator to authorize additional users to manage BIND 10. + + The tools and modules are covered in full detail in this guide. In + addition, manual pages are also provided in the default installation. + + BIND 10 also provides libraries and programmer interfaces for C++ and + Python for the message bus, configuration backend, and, of course, DNS. + These include detailed developer documentation and code examples. + +Chapter 2. Installation + + Table of Contents + + Building Requirements + + Quick start + + Installation from source + + Download Tar File + + Retrieve from Git + + Configure before the build + + Build + + Install + + Install Hierarchy + +Building Requirements + + In addition to the run-time requirements, building BIND 10 from source + code requires various development include headers. + + Note + + Some operating systems have split their distribution packages into a + run-time and a development package. You will need to install the + development package versions, which include header files and libraries, to + build BIND 10 from source code. + + Building from source code requires the Boost build-time headers. At least + Boost version 1.35 is required. + + To build BIND 10, also install the Botan (at least version 1.8) and the + log4cplus (at least version 1.0.3) development include headers. + + The Python Library and Python _sqlite3 module are required to enable the + Xfrout and Xfrin support. + + Note + + The Python related libraries and modules need to be built for Python 3.1. + + Building BIND 10 also requires a C++ compiler and standard development + headers, make, and pkg-config. BIND 10 builds have been tested with GCC + g++ 3.4.3, 4.1.2, 4.1.3, 4.2.1, 4.3.2, and 4.4.1; Clang++ 2.8; and Sun C++ + 5.10. + +Quick start + + Note + + This quickly covers the standard steps for installing and deploying BIND + 10 as an authoritative name server using its defaults. For + troubleshooting, full customizations and further details, see the + respective chapters in the BIND 10 guide. + + To quickly get started with BIND 10, follow these steps. + + 1. Install required build dependencies. + 2. Download the BIND 10 source tar file from + ftp://ftp.isc.org/isc/bind10/. + 3. Extract the tar file: + + $ gzcat bind10-VERSION.tar.gz | tar -xvf - + + 4. Go into the source and run configure: + + $ cd bind10-VERSION + $ ./configure + + 5. Build it: + + $ make + + 6. Install it (to default /usr/local): + + $ make install + + 7. Start the server: + + $ /usr/local/sbin/bind10 + + 8. Test it; for example: + + $ dig @127.0.0.1 -c CH -t TXT authors.bind + + 9. Load desired zone file(s), for example: + + $ b10-loadzone your.zone.example.org + + 10. Test the new zone. + +Installation from source + + BIND 10 is open source software written in C++ and Python. It is freely + available in source code form from ISC via the Git code revision control + system or as a downloadable tar file. It may also be available in + pre-compiled ready-to-use packages from operating system vendors. + + Download Tar File + + Downloading a release tar file is the recommended method to obtain the + source code. + + The BIND 10 releases are available as tar file downloads from + ftp://ftp.isc.org/isc/bind10/. Periodic development snapshots may also be + available. + + Retrieve from Git + + Downloading this "bleeding edge" code is recommended only for developers + or advanced users. Using development code in a production environment is + not recommended. + + Note + + When using source code retrieved via Git additional software will be + required: automake (v1.11 or newer), libtoolize, and autoconf (2.59 or + newer). These may need to be installed. + + The latest development code, including temporary experiments and + un-reviewed code, is available via the BIND 10 code revision control + system. This is powered by Git and all the BIND 10 development is public. + The leading development is done in the "master". + + The code can be checked out from git://bind10.isc.org/bind10; for example: + + $ git clone git://bind10.isc.org/bind10 + + When checking out the code from the code version control system, it + doesn't include the generated configure script, Makefile.in files, nor the + related configure files. They can be created by running autoreconf with + the --install switch. This will run autoconf, aclocal, libtoolize, + autoheader, automake, and related commands. + + Configure before the build + + BIND 10 uses the GNU Build System to discover build environment details. + To generate the makefiles using the defaults, simply run: + + $ ./configure + + Run ./configure with the --help switch to view the different options. The + commonly-used options are: + + --prefix + Define the installation location (the default is /usr/local/). + + --with-boost-include + Define the path to find the Boost headers. + + --with-pythonpath + Define the path to Python 3.1 if it is not in the standard + execution path. + + --with-gtest + Enable building the C++ Unit Tests using the Google Tests + framework. Optionally this can define the path to the gtest header + files and library. + + For example, the following configures it to find the Boost headers, find + the Python interpreter, and sets the installation location: + + $ ./configure \ + --with-boost-include=/usr/pkg/include \ + --with-pythonpath=/usr/pkg/bin/python3.1 \ + --prefix=/opt/bind10 + + If the configure fails, it may be due to missing or old dependencies. + + Build + + After the configure step is complete, to build the executables from the + C++ code and prepare the Python scripts, run: + + $ make + + Install + + To install the BIND 10 executables, support files, and documentation, run: + + $ make install + + Note + + The install step may require superuser privileges. + + Install Hierarchy + + The following is the layout of the complete BIND 10 installation: + + o bin/ -- general tools and diagnostic clients. + o etc/bind10-devel/ -- configuration files. + o lib/ -- libraries and python modules. + o libexec/bind10-devel/ -- executables that a user wouldn't normally run + directly and are not run independently. These are the BIND 10 modules + which are daemons started by the bind10 tool. + o sbin/ -- commands used by the system administrator. + o share/bind10-devel/ -- configuration specifications. + o share/man/ -- manual pages (online documentation). + o var/bind10-devel/ -- data source and configuration databases. + +Chapter 3. Starting BIND10 with bind10 + + Table of Contents + + Starting BIND 10 + + BIND 10 provides the bind10 command which starts up the required + processes. bind10 will also restart processes that exit unexpectedly. This + is the only command needed to start the BIND 10 system. + + After starting the b10-msgq communications channel, bind10 connects to it, + runs the configuration manager, and reads its own configuration. Then it + starts the other modules. + + The b10-msgq and b10-cfgmgr services make up the core. The b10-msgq daemon + provides the communication channel between every part of the system. The + b10-cfgmgr daemon is always needed by every module, if only to send + information about themselves somewhere, but more importantly to ask about + their own settings, and about other modules. The bind10 master process + will also start up b10-cmdctl for admins to communicate with the system, + b10-auth for authoritative DNS service or b10-resolver for recursive name + service, b10-stats for statistics collection, b10-xfrin for inbound DNS + zone transfers, b10-xfrout for outbound DNS zone transfers, and + b10-zonemgr for secondary service. + +Starting BIND 10 + + To start the BIND 10 service, simply run bind10. Run it with the --verbose + switch to get additional debugging or diagnostic output. + + Note + + If the setproctitle Python module is detected at start up, the process + names for the Python-based daemons will be renamed to better identify them + instead of just "python". This is not needed on some operating systems. + +Chapter 4. Command channel + + The BIND 10 components use the b10-msgq message routing daemon to + communicate with other BIND 10 components. The b10-msgq implements what is + called the "Command Channel". Processes intercommunicate by sending + messages on the command channel. Example messages include shutdown, get + configurations, and set configurations. This Command Channel is not used + for DNS message passing. It is used only to control and monitor the BIND + 10 system. + + Administrators do not communicate directly with the b10-msgq daemon. By + default, BIND 10 uses port 9912 for the b10-msgq service. It listens on + 127.0.0.1. + +Chapter 5. Configuration manager + + The configuration manager, b10-cfgmgr, handles all BIND 10 system + configuration. It provides persistent storage for configuration, and + notifies running modules of configuration changes. + + The b10-auth and b10-xfrin daemons and other components receive their + configurations from the configuration manager over the b10-msgq command + channel. + + The administrator doesn't connect to it directly, but uses a user + interface to communicate with the configuration manager via b10-cmdctl's + REST-ful interface. b10-cmdctl is covered in Chapter 6, Remote control + daemon. + + Note + + The development prototype release only provides the bindctl as a user + interface to b10-cmdctl. Upcoming releases will provide another + interactive command-line interface and a web-based interface. + + The b10-cfgmgr daemon can send all specifications and all current settings + to the bindctl client (via b10-cmdctl). + + b10-cfgmgr relays configurations received from b10-cmdctl to the + appropriate modules. + + The stored configuration file is at + /usr/local/var/bind10-devel/b10-config.db. (The full path is what was + defined at build configure time for --localstatedir. The default is + /usr/local/var/.) The format is loosely based on JSON and is directly + parseable python, but this may change in a future version. This + configuration data file is not manually edited by the administrator. + + The configuration manager does not have any command line arguments. + Normally it is not started manually, but is automatically started using + the bind10 master process (as covered in Chapter 3, Starting BIND10 with + bind10). + +Chapter 6. Remote control daemon + + Table of Contents + + Configuration specification for b10-cmdctl + + b10-cmdctl is the gateway between administrators and the BIND 10 system. + It is a HTTPS server that uses standard HTTP Digest Authentication for + username and password validation. It provides a REST-ful interface for + accessing and controlling BIND 10. + + When b10-cmdctl starts, it firsts asks b10-cfgmgr about what modules are + running and what their configuration is (over the b10-msgq channel). Then + it will start listening on HTTPS for clients -- the user interface -- such + as bindctl. + + b10-cmdctl directly sends commands (received from the user interface) to + the specified component. Configuration changes are actually commands to + b10-cfgmgr so are sent there. + + The HTTPS server requires a private key, such as a RSA PRIVATE KEY. The + default location is at /usr/local/etc/bind10-devel/cmdctl-keyfile.pem. (A + sample key is at /usr/local/share/bind10-devel/cmdctl-keyfile.pem.) It + also uses a certificate located at + /usr/local/etc/bind10-devel/cmdctl-certfile.pem. (A sample certificate is + at /usr/local/share/bind10-devel/cmdctl-certfile.pem.) This may be a + self-signed certificate or purchased from a certification authority. + + Note + + The HTTPS server doesn't support a certificate request from a client (at + this time). The b10-cmdctl daemon does not provide a public service. If + any client wants to control BIND 10, then a certificate needs to be first + received from the BIND 10 administrator. The BIND 10 installation provides + a sample PEM bundle that matches the sample key and certificate. + + The b10-cmdctl daemon also requires the user account file located at + /usr/local/etc/bind10-devel/cmdctl-accounts.csv. This comma-delimited file + lists the accounts with a user name, hashed password, and salt. (A sample + file is at /usr/local/share/bind10-devel/cmdctl-accounts.csv. It contains + the user named "root" with the password "bind10".) + + The administrator may create a user account with the b10-cmdctl-usermgr + tool. + + By default the HTTPS server listens on the localhost port 8080. The port + can be set by using the --port command line option. The address to listen + on can be set using the --address command line argument. Each HTTPS + connection is stateless and timesout in 1200 seconds by default. This can + be redefined by using the --idle-timeout command line argument. + +Configuration specification for b10-cmdctl + + The configuration items for b10-cmdctl are: key_file cert_file + accounts_file + + The control commands are: print_settings shutdown + +Chapter 7. Control and configure user interface + + Note + + For this development prototype release, bindctl is the only user + interface. It is expected that upcoming releases will provide another + interactive command-line interface and a web-based interface for + controlling and configuring BIND 10. + + The bindctl tool provides an interactive prompt for configuring, + controlling, and querying the BIND 10 components. It communicates directly + with a REST-ful interface over HTTPS provided by b10-cmdctl. It doesn't + communicate to any other components directly. + + Configuration changes are actually commands to b10-cfgmgr. So when bindctl + sends a configuration, it is sent to b10-cmdctl (over a HTTPS connection); + then b10-cmdctl sends the command (over a b10-msgq command channel) to + b10-cfgmgr which then stores the details and relays (over a b10-msgq + command channel) the configuration on to the specified module. + +Chapter 8. Authoritative Server + + Table of Contents + + Server Configurations + + Data Source Backends + + Loading Master Zones Files + + The b10-auth is the authoritative DNS server. It supports EDNS0 and + DNSSEC. It supports IPv6. Normally it is started by the bind10 master + process. + +Server Configurations + + b10-auth is configured via the b10-cfgmgr configuration manager. The + module name is "Auth". The configuration data item is: + + database_file + This is an optional string to define the path to find the SQLite3 + database file. Note: Later the DNS server will use various data + source backends. This may be a temporary setting until then. + + The configuration command is: + + shutdown + Stop the authoritative DNS server. + +Data Source Backends + + Note + + For the development prototype release, b10-auth supports a SQLite3 data + source backend and in-memory data source backend. Upcoming versions will + be able to use multiple different data sources, such as MySQL and Berkeley + DB. + + By default, the SQLite3 backend uses the data file located at + /usr/local/var/bind10-devel/zone.sqlite3. (The full path is what was + defined at build configure time for --localstatedir. The default is + /usr/local/var/.) This data file location may be changed by defining the + "database_file" configuration. + +Loading Master Zones Files + + RFC 1035 style DNS master zone files may imported into a BIND 10 data + source by using the b10-loadzone utility. + + b10-loadzone supports the following special directives (control entries): + + $INCLUDE + Loads an additional zone file. This may be recursive. + + $ORIGIN + Defines the relative domain name. + + $TTL + Defines the time-to-live value used for following records that + don't include a TTL. + + The -o argument may be used to define the default origin for loaded zone + file records. + + Note + + In the development prototype release, only the SQLite3 back end is used. + By default, it stores the zone data in + /usr/local/var/bind10-devel/zone.sqlite3 unless the -d switch is used to + set the database filename. Multiple zones are stored in a single SQLite3 + zone database. + + If you reload a zone already existing in the database, all records from + that prior zone disappear and a whole new set appears. + +Chapter 9. Incoming Zone Transfers + + Table of Contents + + Configuration for Incoming Zone Transfers + + Enabling IXFR + + Trigger an Incoming Zone Transfer Manually + + Incoming zones are transferred using the b10-xfrin process which is + started by bind10. When received, the zone is stored in the corresponding + BIND 10 data source, and its records can be served by b10-auth. In + combination with b10-zonemgr (for automated SOA checks), this allows the + BIND 10 server to provide "secondary" service. + + The b10-xfrin process supports both AXFR and IXFR. Due to some + implementation limitations of the current development release, however, it + only tries AXFR by default, and care should be taken to enable IXFR. + + Note + + In the current development release of BIND 10, incoming zone transfers are + only available for SQLite3-based data sources, that is, they don't work + for an in-memory data source. + +Configuration for Incoming Zone Transfers + + In practice, you need to specify a list of secondary zones to enable + incoming zone transfers for these zones (you can still trigger a zone + transfer manually, without a prior configuration (see below)). + + For example, to enable zone transfers for a zone named "example.com" + (whose master address is assumed to be 2001:db8::53 here), run the + following at the bindctl prompt: + + > config add Xfrin/zones + > config set Xfrin/zones[0]/name "example.com" + > config set Xfrin/zones[0]/master_addr "2001:db8::53" + > config commit + + (We assume there has been no zone configuration before). + +Enabling IXFR + + As noted above, b10-xfrin uses AXFR for zone transfers by default. To + enable IXFR for zone transfers for a particular zone, set the use_ixfr + configuration parameter to true. In the above example of configuration + sequence, you'll need to add the following before performing commit: + + > config set Xfrin/zones[0]/use_ixfr true + + Note + + One reason why IXFR is disabled by default in the current release is + because it does not support automatic fallback from IXFR to AXFR when it + encounters a primary server that doesn't support outbound IXFR (and, not + many existing implementations support it). Another, related reason is that + it does not use AXFR even if it has no knowledge about the zone (like at + the very first time the secondary server is set up). IXFR requires the + "current version" of the zone, so obviously it doesn't work in this + situation and AXFR is the only workable choice. The current release of + b10-xfrin does not make this selection automatically. These features will + be implemented in a near future version, at which point we will enable + IXFR by default. + +Trigger an Incoming Zone Transfer Manually + + To manually trigger a zone transfer to retrieve a remote zone, you may use + the bindctl utility. For example, at the bindctl prompt run: + + > Xfrin retransfer zone_name="foo.example.org" master=192.0.2.99 + +Chapter 10. Outbound Zone Transfers + + The b10-xfrout process is started by bind10. When the b10-auth + authoritative DNS server receives an AXFR request, b10-xfrout sends the + zone. This is used to provide master DNS service to share zones to + secondary name servers. The b10-xfrout is also used to send NOTIFY + messages to slaves. + + Note + + The current development release of BIND 10 only supports AXFR. (IXFR is + not supported.) Access control is not yet provided. + +Chapter 11. Secondary Manager + + The b10-zonemgr process is started by bind10. It keeps track of SOA + refresh, retry, and expire timers and other details for BIND 10 to perform + as a slave. When the b10-auth authoritative DNS server receives a NOTIFY + message, b10-zonemgr may tell b10-xfrin to do a refresh to start an + inbound zone transfer. The secondary manager resets its counters when a + new zone is transferred in. + + Note + + Access control (such as allowing notifies) is not yet provided. The + primary/secondary service is not yet complete. + +Chapter 12. Recursive Name Server + + Table of Contents + + Access Control + + Forwarding + + The b10-resolver process is started by bind10. + + The main bind10 process can be configured to select to run either the + authoritative or resolver or both. By default, it starts the authoritative + service. You may change this using bindctl, for example: + + > config set Boss/start_auth false + > config set Boss/start_resolver true + > config commit + + The master bind10 will stop and start the desired services. + + By default, the resolver listens on port 53 for 127.0.0.1 and ::1. The + following example shows how it can be configured to listen on an + additional address (and port): + + > config add Resolver/listen_on + > config set Resolver/listen_on[2]/address "192.168.1.1" + > config set Resolver/listen_on[2]/port 53 + > config commit + + (Replace the "2" as needed; run "config show Resolver/listen_on" if + needed.) + +Access Control + + By default, the b10-resolver daemon only accepts DNS queries from the + localhost (127.0.0.1 and ::1). The Resolver/query_acl configuration may be + used to reject, drop, or allow specific IPs or networks. This + configuration list is first match. + + The configuration's action item may be set to "ACCEPT" to allow the + incoming query, "REJECT" to respond with a DNS REFUSED return code, or + "DROP" to ignore the query without any response (such as a blackhole). For + more information, see the respective debugging messages: + RESOLVER_QUERY_ACCEPTED, RESOLVER_QUERY_REJECTED, and + RESOLVER_QUERY_DROPPED. + + The required configuration's from item is set to an IPv4 or IPv6 address, + addresses with an network mask, or to the special lowercase keywords + "any6" (for any IPv6 address) or "any4" (for any IPv4 address). + + For example to allow the 192.168.1.0/24 network to use your recursive name + server, at the bindctl prompt run: + + > config add Resolver/query_acl + > config set Resolver/query_acl[2]/action "ACCEPT" + > config set Resolver/query_acl[2]/from "192.168.1.0/24" + > config commit + + (Replace the "2" as needed; run "config show Resolver/query_acl" if + needed.) + + Note + + This prototype access control configuration syntax may be changed. + +Forwarding + + To enable forwarding, the upstream address and port must be configured to + forward queries to, such as: + + > config set Resolver/forward_addresses [{ "address": "192.168.1.1", "port": 53 }] + > config commit + + (Replace 192.168.1.1 to point to your full resolver.) + + Normal iterative name service can be re-enabled by clearing the forwarding + address(es); for example: + + > config set Resolver/forward_addresses [] + > config commit + +Chapter 13. Statistics + + The b10-stats process is started by bind10. It periodically collects + statistics data from various modules and aggregates it. + + This stats daemon provides commands to identify if it is running, show + specified or all statistics data, show specified or all statistics data + schema, and set specified statistics data. For example, using bindctl: + + > Stats show + { + "Auth": { + "queries.tcp": 1749, + "queries.udp": 867868 + }, + "Boss": { + "boot_time": "2011-01-20T16:59:03Z" + }, + "Stats": { + "boot_time": "2011-01-20T16:59:05Z", + "last_update_time": "2011-01-20T17:04:05Z", + "lname": "4d3869d9_a@jreed.example.net", + "report_time": "2011-01-20T17:04:06Z", + "timestamp": 1295543046.823504 + } + } + + +Chapter 14. Logging + + Table of Contents + + Logging configuration + + Loggers + + Output Options + + Example session + + Logging Message Format + +Logging configuration + + The logging system in BIND 10 is configured through the Logging module. + All BIND 10 modules will look at the configuration in Logging to see what + should be logged and to where. + + Loggers + + Within BIND 10, a message is logged through a component called a "logger". + Different parts of BIND 10 log messages through different loggers, and + each logger can be configured independently of one another. + + In the Logging module, you can specify the configuration for zero or more + loggers; any that are not specified will take appropriate default values.. + + The three most important elements of a logger configuration are the name + (the component that is generating the messages), the severity (what to + log), and the output_options (where to log). + + name (string) + + Each logger in the system has a name, the name being that of the component + using it to log messages. For instance, if you want to configure logging + for the resolver module, you add an entry for a logger named "Resolver". + This configuration will then be used by the loggers in the Resolver + module, and all the libraries used by it. + + If you want to specify logging for one specific library within the module, + you set the name to module.library. For example, the logger used by the + nameserver address store component has the full name of "Resolver.nsas". + If there is no entry in Logging for a particular library, it will use the + configuration given for the module. + + To illustrate this, suppose you want the cache library to log messages of + severity DEBUG, and the rest of the resolver code to log messages of + severity INFO. To achieve this you specify two loggers, one with the name + "Resolver" and severity INFO, and one with the name "Resolver.cache" with + severity DEBUG. As there are no entries for other libraries (e.g. the + nsas), they will use the configuration for the module ("Resolver"), so + giving the desired behavior. + + One special case is that of a module name of "*" (asterisks), which is + interpreted as any module. You can set global logging options by using + this, including setting the logging configuration for a library that is + used by multiple modules (e.g. "*.config" specifies the configuration + library code in whatever module is using it). + + If there are multiple logger specifications in the configuration that + might match a particular logger, the specification with the more specific + logger name takes precedence. For example, if there are entries for for + both "*" and "Resolver", the resolver module -- and all libraries it uses + -- will log messages according to the configuration in the second entry + ("Resolver"). All other modules will use the configuration of the first + entry ("*"). If there was also a configuration entry for "Resolver.cache", + the cache library within the resolver would use that in preference to the + entry for "Resolver". + + One final note about the naming. When specifying the module name within a + logger, use the name of the module as specified in bindctl, e.g. + "Resolver" for the resolver module, "Xfrout" for the xfrout module, etc. + When the message is logged, the message will include the name of the + logger generating the message, but with the module name replaced by the + name of the process implementing the module (so for example, a message + generated by the "Auth.cache" logger will appear in the output with a + logger name of "b10-auth.cache"). + + severity (string) + + This specifies the category of messages logged. Each message is logged + with an associated severity which may be one of the following (in + descending order of severity): + + o FATAL + o ERROR + o WARN + o INFO + o DEBUG + + When the severity of a logger is set to one of these values, it will only + log messages of that severity, and the severities above it. The severity + may also be set to NONE, in which case all messages from that logger are + inhibited. + + output_options (list) + + Each logger can have zero or more output_options. These specify where log + messages are sent to. These are explained in detail below. + + The other options for a logger are: + + debuglevel (integer) + + When a logger's severity is set to DEBUG, this value specifies what debug + messages should be printed. It ranges from 0 (least verbose) to 99 (most + verbose). + + If severity for the logger is not DEBUG, this value is ignored. + + additive (true or false) + + If this is true, the output_options from the parent will be used. For + example, if there are two loggers configured; "Resolver" and + "Resolver.cache", and additive is true in the second, it will write the + log messages not only to the destinations specified for "Resolver.cache", + but also to the destinations as specified in the output_options in the + logger named "Resolver". + + Output Options + + The main settings for an output option are the destination and a value + called output, the meaning of which depends on the destination that is + set. + + destination (string) + + The destination is the type of output. It can be one of: + + o console + o file + o syslog + + output (string) + + Depending on what is set as the output destination, this value is + interpreted as follows: + + destination is "console" + The value of output must be one of "stdout" (messages printed to + standard output) or "stderr" (messages printed to standard error). + + destination is "file" + The value of output is interpreted as a file name; log messages + will be appended to this file. + + destination is "syslog" + The value of output is interpreted as the syslog facility (e.g. + local0) that should be used for log messages. + + The other options for output_options are: + + flush (true of false) + + Flush buffers after each log message. Doing this will reduce performance + but will ensure that if the program terminates abnormally, all messages up + to the point of termination are output. + + maxsize (integer) + + Only relevant when destination is file, this is maximum file size of + output files in bytes. When the maximum size is reached, the file is + renamed and a new file opened. (For example, a ".1" is appended to the + name -- if a ".1" file exists, it is renamed ".2", etc.) + + If this is 0, no maximum file size is used. + + maxver (integer) + + Maximum number of old log files to keep around when rolling the output + file. Only relevant when destination is "file". + + Example session + + In this example we want to set the global logging to write to the file + /var/log/my_bind10.log, at severity WARN. We want the authoritative server + to log at DEBUG with debuglevel 40, to a different file + (/tmp/debug_messages). + + Start bindctl. + + ["login success "] + > config show Logging + Logging/loggers [] list + + By default, no specific loggers are configured, in which case the severity + defaults to INFO and the output is written to stderr. + + Let's first add a default logger: + + > config add Logging/loggers + > config show Logging + Logging/loggers/ list (modified) + + The loggers value line changed to indicate that it is no longer an empty + list: + + > config show Logging/loggers + Logging/loggers[0]/name "" string (default) + Logging/loggers[0]/severity "INFO" string (default) + Logging/loggers[0]/debuglevel 0 integer (default) + Logging/loggers[0]/additive false boolean (default) + Logging/loggers[0]/output_options [] list (default) + + The name is mandatory, so we must set it. We will also change the severity + as well. Let's start with the global logger. + + > config set Logging/loggers[0]/name * + > config set Logging/loggers[0]/severity WARN + > config show Logging/loggers + Logging/loggers[0]/name "*" string (modified) + Logging/loggers[0]/severity "WARN" string (modified) + Logging/loggers[0]/debuglevel 0 integer (default) + Logging/loggers[0]/additive false boolean (default) + Logging/loggers[0]/output_options [] list (default) + + Of course, we need to specify where we want the log messages to go, so we + add an entry for an output option. + + > config add Logging/loggers[0]/output_options + > config show Logging/loggers[0]/output_options + Logging/loggers[0]/output_options[0]/destination "console" string (default) + Logging/loggers[0]/output_options[0]/output "stdout" string (default) + Logging/loggers[0]/output_options[0]/flush false boolean (default) + Logging/loggers[0]/output_options[0]/maxsize 0 integer (default) + Logging/loggers[0]/output_options[0]/maxver 0 integer (default) + + These aren't the values we are looking for. + + > config set Logging/loggers[0]/output_options[0]/destination file + > config set Logging/loggers[0]/output_options[0]/output /var/log/bind10.log + > config set Logging/loggers[0]/output_options[0]/maxsize 30000 + > config set Logging/loggers[0]/output_options[0]/maxver 8 + + Which would make the entire configuration for this logger look like: + + > config show all Logging/loggers + Logging/loggers[0]/name "*" string (modified) + Logging/loggers[0]/severity "WARN" string (modified) + Logging/loggers[0]/debuglevel 0 integer (default) + Logging/loggers[0]/additive false boolean (default) + Logging/loggers[0]/output_options[0]/destination "file" string (modified) + Logging/loggers[0]/output_options[0]/output "/var/log/bind10.log" string (modified) + Logging/loggers[0]/output_options[0]/flush false boolean (default) + Logging/loggers[0]/output_options[0]/maxsize 30000 integer (modified) + Logging/loggers[0]/output_options[0]/maxver 8 integer (modified) + + That looks OK, so let's commit it before we add the configuration for the + authoritative server's logger. + + > config commit + + Now that we have set it, and checked each value along the way, adding a + second entry is quite similar. + + > config add Logging/loggers + > config set Logging/loggers[1]/name Auth + > config set Logging/loggers[1]/severity DEBUG + > config set Logging/loggers[1]/debuglevel 40 + > config add Logging/loggers[1]/output_options + > config set Logging/loggers[1]/output_options[0]/destination file + > config set Logging/loggers[1]/output_options[0]/output /tmp/auth_debug.log + > config commit + + And that's it. Once we have found whatever it was we needed the debug + messages for, we can simply remove the second logger to let the + authoritative server use the same settings as the rest. + + > config remove Logging/loggers[1] + > config commit + + And every module will now be using the values from the logger named "*". + +Logging Message Format + + Each message written by BIND 10 to the configured logging destinations + comprises a number of components that identify the origin of the message + and, if the message indicates a problem, information about the problem + that may be useful in fixing it. + + Consider the message below logged to a file: + + 2011-06-15 13:48:22.034 ERROR [b10-resolver.asiolink] + ASIODNS_OPENSOCK error 111 opening TCP socket to 127.0.0.1(53) + + Note: the layout of messages written to the system logging file (syslog) + may be slightly different. This message has been split across two lines + here for display reasons; in the logging file, it will appear on one + line.) + + The log message comprises a number of components: + + 2011-06-15 13:48:22.034 + + The date and time at which the message was generated. + + ERROR + + The severity of the message. + + [b10-resolver.asiolink] + + The source of the message. This comprises two components: the BIND + 10 process generating the message (in this case, b10-resolver) and + the module within the program from which the message originated + (which in the example is the asynchronous I/O link module, + asiolink). + + ASIODNS_OPENSOCK + + The message identification. Every message in BIND 10 has a unique + identification, which can be used as an index into the BIND 10 + Messages Manual (http://bind10.isc.org/docs/bind10-messages.html) + from which more information can be obtained. + + error 111 opening TCP socket to 127.0.0.1(53) + + A brief description of the cause of the problem. Within this text, + information relating to the condition that caused the message to + be logged will be included. In this example, error number 111 (an + operating system-specific error number) was encountered when + trying to open a TCP connection to port 53 on the local system + (address 127.0.0.1). The next step would be to find out the reason + for the failure by consulting your system's documentation to + identify what error number 111 means. From b0b09a77b7dab7b961f4424d05c135e9eb045b80 Mon Sep 17 00:00:00 2001 From: "Jeremy C. Reed" Date: Thu, 13 Oct 2011 09:14:15 -0500 Subject: [PATCH 20/77] [master] regenerated HTML version of guide mostly catching up on IXFR documentation additions. --- doc/guide/bind10-guide.html | 135 ++++++++++++++++++++++++------------ 1 file changed, 89 insertions(+), 46 deletions(-) diff --git a/doc/guide/bind10-guide.html b/doc/guide/bind10-guide.html index 1070a2e4a8..97ffb845fb 100644 --- a/doc/guide/bind10-guide.html +++ b/doc/guide/bind10-guide.html @@ -1,12 +1,14 @@ -BIND 10 Guide

BIND 10 Guide

Administrator Reference for BIND 10

This is the reference guide for BIND 10 version +BIND 10 Guide

BIND 10 Guide

Administrator Reference for BIND 10

This is the reference guide for BIND 10 version 20110809.

Copyright © 2010-2011 Internet Systems Consortium, Inc.

Abstract

BIND 10 is a Domain Name System (DNS) suite managed by Internet Systems Consortium (ISC). It includes DNS libraries and modular components for controlling authoritative and recursive DNS servers.

This is the reference guide for BIND 10 version 20110809. - The most up-to-date version of this document, along with - other documents for BIND 10, can be found at http://bind10.isc.org/docs.

Table of Contents

1. Introduction
Supported Platforms
Required Software
Starting and Stopping the Server
Managing BIND 10
2. Installation
Building Requirements
Quick start
Installation from source
Download Tar File
Retrieve from Git
Configure before the build
Build
Install
Install Hierarchy
3. Starting BIND10 with bind10
Starting BIND 10
4. Command channel
5. Configuration manager
6. Remote control daemon
Configuration specification for b10-cmdctl
7. Control and configure user interface
8. Authoritative Server
Server Configurations
Data Source Backends
Loading Master Zones Files
9. Incoming Zone Transfers
10. Outbound Zone Transfers
11. Secondary Manager
12. Recursive Name Server
Access Control
Forwarding
13. Statistics
14. Logging
Logging configuration
Loggers
Output Options
Example session
Logging Message Format

Chapter 1. Introduction

Table of Contents

Supported Platforms
Required Software
Starting and Stopping the Server
Managing BIND 10

+ The most up-to-date version of this document (in PDF, HTML, + and plain text formats), along with other documents for + BIND 10, can be found at http://bind10.isc.org/docs. +

Table of Contents

1. Introduction
Supported Platforms
Required Software
Starting and Stopping the Server
Managing BIND 10
2. Installation
Building Requirements
Quick start
Installation from source
Download Tar File
Retrieve from Git
Configure before the build
Build
Install
Install Hierarchy
3. Starting BIND10 with bind10
Starting BIND 10
4. Command channel
5. Configuration manager
6. Remote control daemon
Configuration specification for b10-cmdctl
7. Control and configure user interface
8. Authoritative Server
Server Configurations
Data Source Backends
Loading Master Zones Files
9. Incoming Zone Transfers
Configuration for Incoming Zone Transfers
Enabling IXFR
Trigger an Incoming Zone Transfer Manually
10. Outbound Zone Transfers
11. Secondary Manager
12. Recursive Name Server
Access Control
Forwarding
13. Statistics
14. Logging
Logging configuration
Loggers
Output Options
Example session
Logging Message Format

Chapter 1. Introduction

Table of Contents

Supported Platforms
Required Software
Starting and Stopping the Server
Managing BIND 10

BIND is the popular implementation of a DNS server, developer interfaces, and DNS tools. BIND 10 is a rewrite of BIND 9. BIND 10 is written in C++ and Python @@ -18,7 +20,7 @@ BIND 10 provides a EDNS0- and DNSSEC-capable authoritative DNS server and a caching recursive name server which also provides forwarding. -

Supported Platforms

+

Supported Platforms

BIND 10 builds have been tested on Debian GNU/Linux 5, Ubuntu 9.10, NetBSD 5, Solaris 10, FreeBSD 7 and 8, and CentOS Linux 5.3. @@ -28,7 +30,7 @@ It is planned for BIND 10 to build, install and run on Windows and standard Unix-type platforms. -

Required Software

+

Required Software

BIND 10 requires Python 3.1. Later versions may work, but Python 3.1 is the minimum version which will work.

@@ -138,7 +140,7 @@ and, of course, DNS. These include detailed developer documentation and code examples. -

Chapter 2. Installation

Table of Contents

Building Requirements
Quick start
Installation from source
Download Tar File
Retrieve from Git
Configure before the build
Build
Install
Install Hierarchy

Building Requirements

+

Chapter 2. Installation

Table of Contents

Building Requirements
Quick start
Installation from source
Download Tar File
Retrieve from Git
Configure before the build
Build
Install
Install Hierarchy

Building Requirements

In addition to the run-time requirements, building BIND 10 from source code requires various development include headers.

Note

@@ -202,14 +204,14 @@ the Git code revision control system or as a downloadable tar file. It may also be available in pre-compiled ready-to-use packages from operating system vendors. -

Download Tar File

+

Download Tar File

Downloading a release tar file is the recommended method to obtain the source code.

The BIND 10 releases are available as tar file downloads from ftp://ftp.isc.org/isc/bind10/. Periodic development snapshots may also be available. -

Retrieve from Git

+

Retrieve from Git

Downloading this "bleeding edge" code is recommended only for developers or advanced users. Using development code in a production environment is not recommended. @@ -243,7 +245,7 @@ autoheader, automake, and related commands. -

Configure before the build

+

Configure before the build

BIND 10 uses the GNU Build System to discover build environment details. To generate the makefiles using the defaults, simply run: @@ -274,16 +276,16 @@

If the configure fails, it may be due to missing or old dependencies. -

Build

+

Build

After the configure step is complete, to build the executables from the C++ code and prepare the Python scripts, run: 

$ make

-

Install

+

Install

To install the BIND 10 executables, support files, and documentation, run: 

$ make install

-

Note

The install step may require superuser privileges.

Install Hierarchy

+

Note

The install step may require superuser privileges.

Install Hierarchy

The following is the layout of the complete BIND 10 installation:

  • bin/ — @@ -505,12 +507,12 @@ shutdown the details and relays (over a b10-msgq command channel) the configuration on to the specified module.

    -

Chapter 8. Authoritative Server

Table of Contents

Server Configurations
Data Source Backends
Loading Master Zones Files

+

Chapter 8. Authoritative Server

Table of Contents

Server Configurations
Data Source Backends
Loading Master Zones Files

The b10-auth is the authoritative DNS server. It supports EDNS0 and DNSSEC. It supports IPv6. Normally it is started by the bind10 master process. -

Server Configurations

+

Server Configurations

b10-auth is configured via the b10-cfgmgr configuration manager. The module name is Auth. @@ -530,7 +532,7 @@ This may be a temporary setting until then.

shutdown
Stop the authoritative DNS server.

-

Data Source Backends

Note

+

Data Source Backends

Note

For the development prototype release, b10-auth supports a SQLite3 data source backend and in-memory data source backend. @@ -544,7 +546,7 @@ This may be a temporary setting until then. The default is /usr/local/var/.) This data file location may be changed by defining the database_file configuration. -

Loading Master Zones Files

+

Loading Master Zones Files

RFC 1035 style DNS master zone files may imported into a BIND 10 data source by using the b10-loadzone utility. @@ -573,28 +575,69 @@ This may be a temporary setting until then. If you reload a zone already existing in the database, all records from that prior zone disappear and a whole new set appears. -

Chapter 9. Incoming Zone Transfers

+

Chapter 9. Incoming Zone Transfers

Table of Contents

Configuration for Incoming Zone Transfers
Enabling IXFR
Trigger an Incoming Zone Transfer Manually

Incoming zones are transferred using the b10-xfrin process which is started by bind10. - When received, the zone is stored in the BIND 10 - data store, and its records can be served by + When received, the zone is stored in the corresponding BIND 10 + data source, and its records can be served by b10-auth. In combination with b10-zonemgr (for automated SOA checks), this allows the BIND 10 server to provide secondary service. +

+ The b10-xfrin process supports both AXFR and + IXFR. Due to some implementation limitations of the current + development release, however, it only tries AXFR by default, + and care should be taken to enable IXFR.

Note

- The current development release of BIND 10 only supports - AXFR. (IXFR is not supported.) + In the current development release of BIND 10, incoming zone + transfers are only available for SQLite3-based data sources, + that is, they don't work for an in-memory data source. +

Configuration for Incoming Zone Transfers

+ In practice, you need to specify a list of secondary zones to + enable incoming zone transfers for these zones (you can still + trigger a zone transfer manually, without a prior configuration + (see below)). +

+ For example, to enable zone transfers for a zone named "example.com" + (whose master address is assumed to be 2001:db8::53 here), + run the following at the bindctl prompt: + 

> config add Xfrin/zones
+> config set Xfrin/zones[0]/name "example.com"
+> config set Xfrin/zones[0]/master_addr "2001:db8::53"
+> config commit

+ (We assume there has been no zone configuration before). +

Enabling IXFR

+ As noted above, b10-xfrin uses AXFR for + zone transfers by default. To enable IXFR for zone transfers + for a particular zone, set the use_ixfr + configuration parameter to true. + In the above example of configuration sequence, you'll need + to add the following before performing commit: + 

> config set Xfrin/zones[0]/use_ixfr true

+

Note

+ One reason why IXFR is disabled by default in the current + release is because it does not support automatic fallback from IXFR to + AXFR when it encounters a primary server that doesn't support + outbound IXFR (and, not many existing implementations support + it). Another, related reason is that it does not use AXFR even + if it has no knowledge about the zone (like at the very first + time the secondary server is set up). IXFR requires the + "current version" of the zone, so obviously it doesn't work + in this situation and AXFR is the only workable choice. + The current release of b10-xfrin does not + make this selection automatically. + These features will be implemented in a near future + version, at which point we will enable IXFR by default. +

Trigger an Incoming Zone Transfer Manually

+ To manually trigger a zone transfer to retrieve a remote zone, + you may use the bindctl utility. + For example, at the bindctl prompt run: -

- To manually trigger a zone transfer to retrieve a remote zone, - you may use the bindctl utility. - For example, at the bindctl prompt run: - - 

> Xfrin retransfer zone_name="foo.example.org" master=192.0.2.99

-

Chapter 10. Outbound Zone Transfers

+ 

> Xfrin retransfer zone_name="foo.example.org" master=192.0.2.99

+

Chapter 10. Outbound Zone Transfers

The b10-xfrout process is started by bind10. When the b10-auth authoritative DNS server @@ -622,7 +665,7 @@ This may be a temporary setting until then.

Note

Access control (such as allowing notifies) is not yet provided. The primary/secondary service is not yet complete. -

Chapter 12. Recursive Name Server

Table of Contents

Access Control
Forwarding

+

Chapter 12. Recursive Name Server

Table of Contents

Access Control
Forwarding

The b10-resolver process is started by bind10. @@ -656,7 +699,7 @@ This may be a temporary setting until then.

(Replace the 2 as needed; run config show - Resolver/listen_on if needed.)

Access Control

+ Resolver/listen_on” if needed.)

Access Control

By default, the b10-resolver daemon only accepts DNS queries from the localhost (127.0.0.1 and ::1). The Resolver/query_acl configuration may @@ -689,7 +732,7 @@ This may be a temporary setting until then.

(Replace the 2 as needed; run config show Resolver/query_acl if needed.)

Note

This prototype access control configuration - syntax may be changed.

Forwarding

+ syntax may be changed.

Forwarding

To enable forwarding, the upstream address and port must be configured to forward queries to, such as: @@ -743,7 +786,7 @@ This may be a temporary setting until then. } }

-

Chapter 14. Logging

Table of Contents

Logging configuration
Loggers
Output Options
Example session
Logging Message Format

Logging configuration

+

Chapter 14. Logging

Table of Contents

Logging configuration
Loggers
Output Options
Example session
Logging Message Format

Logging configuration

The logging system in BIND 10 is configured through the Logging module. All BIND 10 modules will look at the @@ -752,7 +795,7 @@ This may be a temporary setting until then. -

Loggers

+

Loggers

Within BIND 10, a message is logged through a component called a "logger". Different parts of BIND 10 log messages @@ -773,7 +816,7 @@ This may be a temporary setting until then. (what to log), and the output_options (where to log). -

name (string)

+

name (string)

Each logger in the system has a name, the name being that of the component using it to log messages. For instance, if you want to configure logging for the resolver module, @@ -846,7 +889,7 @@ This may be a temporary setting until then. Auth.cache logger will appear in the output with a logger name of b10-auth.cache). -

severity (string)

+

severity (string)

This specifies the category of messages logged. Each message is logged with an associated severity which @@ -862,7 +905,7 @@ This may be a temporary setting until then. -

output_options (list)

+

output_options (list)

Each logger can have zero or more output_options. These specify where log @@ -872,7 +915,7 @@ This may be a temporary setting until then. The other options for a logger are: -

debuglevel (integer)

+

debuglevel (integer)

When a logger's severity is set to DEBUG, this value specifies what debug messages should be printed. It ranges @@ -881,7 +924,7 @@ This may be a temporary setting until then. If severity for the logger is not DEBUG, this value is ignored. -

additive (true or false)

+

additive (true or false)

If this is true, the output_options from the parent will be used. For example, if there are two @@ -895,18 +938,18 @@ This may be a temporary setting until then. -

Output Options

+

Output Options

The main settings for an output option are the destination and a value called output, the meaning of which depends on the destination that is set. -

destination (string)

+

destination (string)

The destination is the type of output. It can be one of: -

  • console
  • file
  • syslog

output (string)

+

  • console
  • file
  • syslog

output (string)

Depending on what is set as the output destination, this value is interpreted as follows: @@ -928,12 +971,12 @@ This may be a temporary setting until then. The other options for output_options are: -

flush (true of false)

+

flush (true of false)

Flush buffers after each log message. Doing this will reduce performance but will ensure that if the program terminates abnormally, all messages up to the point of termination are output. -

maxsize (integer)

+

maxsize (integer)

Only relevant when destination is file, this is maximum file size of output files in bytes. When the maximum size is reached, the file is renamed and a new file opened. @@ -942,11 +985,11 @@ This may be a temporary setting until then. etc.)

If this is 0, no maximum file size is used. -

maxver (integer)

+

maxver (integer)

Maximum number of old log files to keep around when rolling the output file. Only relevant when destination is file. -

Example session

+

Example session

In this example we want to set the global logging to write to the file /var/log/my_bind10.log, @@ -1107,7 +1150,7 @@ Logging/loggers[0]/output_options[0]/maxver 8 integer (modified) And every module will now be using the values from the logger named *. -

Logging Message Format

+

Logging Message Format

Each message written by BIND 10 to the configured logging destinations comprises a number of components that identify the origin of the message and, if the message indicates From 337198f6b8e619d836e9c51399be97e7a6038674 Mon Sep 17 00:00:00 2001 From: "Jeremy C. Reed" Date: Thu, 13 Oct 2011 09:28:46 -0500 Subject: [PATCH 21/77] [master] shorten README As discussed at ISC all hands shortened README a lot. Reduced by almost 200 lines. Mention DHCP echo server. Point to guide in txt format (now in repo). Removed some redundant details that are in guide. NOTE: This removed details about 1) gtest / make check 2) coverage testing; 3) run_*.sh ; 4) running (already in guide); 5) bindctl config examples. I will make sure these are documented in guide, in the wiki, or at least re-added to the doc/ directory. But some may not be in this week's snapshot tarball. I opened one ticket to handle the bindctl config examples (#1302). This was discussed a little on jabber. --- README | 218 +++++---------------------------------------------------- 1 file changed, 16 insertions(+), 202 deletions(-) diff --git a/README b/README index 4b84a88939..99e2ece2c1 100644 --- a/README +++ b/README @@ -1,3 +1,4 @@ + This is the source for the development version of BIND 10. BIND is the popular implementation of a DNS server, developer @@ -11,7 +12,7 @@ interfaces. Nevertheless it is ready to use now for testing the new BIND 10 infrastructure ideas. The Year 3 goals of the five year plan are described here: - http://bind10.isc.org/wiki/Year3Goals + http://bind10.isc.org/wiki/Year3Goals This release includes the bind10 master process, b10-msgq message bus, b10-auth authoritative DNS server (with SQLite3 and in-memory @@ -21,12 +22,15 @@ AXFR inbound service, b10-xfrout outgoing AXFR service, b10-zonemgr secondary manager, b10-stats statistics collection and reporting daemon, b10-stats-httpd for HTTP access to XML-formatted stats, b10-host DNS lookup utility, and a new libdns++ library for C++ -with a python wrapper. +with a python wrapper. BIND 10 also provides an experimental DHCPv6 +echo server, b10-dhcp6. -Documentation is included and also available via the BIND 10 -website at http://bind10.isc.org/ +Documentation is included with the source. See doc/guide/bind10-guide.txt +(or bind10-guide.html) for installation instructions. The +documentation is also available via the BIND 10 website at +http://bind10.isc.org/ -The latest released source may be downloaded from: +The latest released source tar file may be downloaded from: ftp://ftp.isc.org/isc/bind10/ @@ -40,15 +44,11 @@ Bugs may be reported as tickets via the developers website: http://bind10.isc.org/ -BUILDING - -See the Guide for detailed installation directions at -doc/guide/bind10-guide.html. - -Simple build instructions: +Simple build and installation instructions: ./configure make + make install If building from Git repository, run: @@ -56,197 +56,11 @@ If building from Git repository, run: before running ./configure -Requires autoconf 2.59 or newer. +See the Guide for detailed installation directions at +doc/guide/bind10-guide.txt. -Use automake-1.11 or better for working Python 3.1 tests. -Alternatively, you could manually specify an absolute path to python -executable by the --with-pythonpath option of the configure script, -e.g., -% ./configure --with-pythonpath=/usr/local/bin/python3.1 +For operating system specific tips see the wiki at: -Operating-System specific tips: + http://bind10.isc.org/wiki/SystemSpecificNotes -- FreeBSD - You may need to install a python binding for sqlite3 by hand. - A sample procedure is as follows: - - add the following to /etc/make.conf - PYTHON_VERSION=3.1 - - build and install the python binding from ports, assuming the top - directory of the ports system is /usr/ports - % cd /usr/ports/databases/py-sqlite3/ - % make - % sudo make install - -INSTALLATION - -Install with: - - make install - -TESTS - -The tests use the googletests framework for C++. It is available -from http://code.google.com/p/googletest/. To enable the tests, -configure BIND 10 with: - - ./configure --with-gtest - -Then run "make check" to run these tests. - -TEST COVERAGE - -Code coverage reports may be generated using make. These are -based on running on the unit tests. The resulting reports are placed -in coverage-cpp-html and coverage-python-html directories for C++ -and Python, respectively. - -The code coverage report for the C++ tests uses LCOV. It is available -from http://ltp.sourceforge.net/. To generate the HTML report, -first configure BIND 10 with: - - ./configure --with-lcov - -The code coverage report for the Python tests uses coverage.py (aka -pycoverage). It is available from http://nedbatchelder.com/code/coverage/. -To generate the HTML report, first configure BIND 10 with: - - ./configure --with-pycoverage - -Doing code coverage tests: - - make coverage - Does the clean, perform, and report targets for C++ and Python. - - make clean-coverage - Zeroes the code coverage counters and removes the HTML reports - for C++ and Python. - - make perform-coverage - Runs the C++ (using the googletests framework) and Python - tests. - - make report-coverage - Generates the coverage reports in HTML for C++ and Python. - - make clean-cpp-coverage - Zeroes the code coverage counters and removes the HTML report - for the C++ tests. - - make clean-python-coverage - Zeroes the code coverage counters and removes the HTML report - for the Python tests. - - make report-cpp-coverage - Generates the coverage report in HTML for C++, excluding - some unrelated headers. The HTML reports are placed in a - directory called coverage-cpp-html/. - - make report-python-coverage - Generates the coverage report in HTML for Python. The HTML - reports are placed in a directory called coverage-python-html/. - -DEVELOPERS - -The generated run_*.sh scripts available in the src/bin directories -are for running the code using the source tree. - -RUNNING - -You can start the BIND 10 processes by running bind10 which is -installed to the sbin directory under the installation prefix. -The default location is: - - /usr/local/sbin/bind10 - -For development work, you can also run the bind10 services from the -source tree: - - ./src/bin/bind10/run_bind10.sh - -(Which will use the modules and configurations also from the source -tree.) - -CONFIGURATION - -Commands can be given through the bindctl tool. - -The server must be running for bindctl to work. - -The following configuration commands are available - -help: show the different command modules - help: show the commands for module - help: show info for the command - - -config show [identifier]: Show the currently set values. If no identifier is - given, the current location is used. If a config - option is a list or a map, the value is not - shown directly, but must be requested separately. -config go [identifier]: Go to the given location within the configuration. -config set [identifier] : Set a configuration value. -config unset [identifier]: Remove a value (reverts to default if the option - is mandatory). -config add [identifier] : add a value to a list -config remove [identifier] : remove a value from a list -config revert: Revert all changes that have not been committed -config commit: Commit all changes -config diff: Show the changes that have not been committed yet - - -EXAMPLE SESSION - -~> bindctl -["login success "] login as root -> help -BindCtl, verstion 0.1 -usage: [param1 = value1 [, param2 = value2]] -Type Tab character to get the hint of module/command/paramters. -Type "help(? h)" for help on bindctl. -Type " help" for help on the specific module. -Type " help" for help on the specific command. - -Available module names: - help Get help for bindctl - config Configuration commands - Xfrin same here - Auth same here - Boss same here -> config help -Module config Configuration commands -Available commands: - help (Get help for module) - show (Show configuration) - add (Add entry to configuration list) - remove (Remove entry from configuration list) - set (Set a configuration value) - unset (Unset a configuration value) - diff (Show all local changes) - revert (Revert all local changes) - commit (Commit all local changes) - go (Go to a specific configuration part) -> config show -Xfrin/ module -Auth/ module -Boss/ module -> config show Xfrin -transfers_in: 10 integer -> config go Auth -/Auth> config show -database_file: None string -/Auth> config set database_file /tmp/bind10_zones.db -/Auth> config commit -/Auth> config go / -> config show Auth/ -database_file: /tmp/bind10_zones.db string -> config diff -{} -> config set Auth/foobar -Error: missing identifier or value -> config set Auth/database_file foobar -> config diff -{'Auth': {'database_file': 'foobar'}} -> config revert -> config diff -{} -> quit +Please see the wiki and the doc/ directory for various documentation. From 163fa80307a1ab8882a1895ab1e2e12d22c8fd4b Mon Sep 17 00:00:00 2001 From: "Jeremy C. Reed" Date: Thu, 13 Oct 2011 09:48:02 -0500 Subject: [PATCH 22/77] [master] regenerate man page catch up on ixfr config change bump date in XML too. --- src/bin/xfrin/b10-xfrin.8 | 30 ++++++++++-------------------- src/bin/xfrin/b10-xfrin.xml | 2 +- 2 files changed, 11 insertions(+), 21 deletions(-) diff --git a/src/bin/xfrin/b10-xfrin.8 b/src/bin/xfrin/b10-xfrin.8 index 54dbe7c701..056103a1b5 100644 --- a/src/bin/xfrin/b10-xfrin.8 +++ b/src/bin/xfrin/b10-xfrin.8 @@ -2,12 +2,12 @@ .\" Title: b10-xfrin .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.75.2 -.\" Date: September 8, 2011 +.\" Date: October 12, 2011 .\" Manual: BIND10 .\" Source: BIND10 .\" Language: English .\" -.TH "B10\-XFRIN" "8" "September 8, 2011" "BIND10" "BIND10" +.TH "B10\-XFRIN" "8" "October 12, 2011" "BIND10" "BIND10" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -29,23 +29,11 @@ The \fBb10\-xfrin\fR daemon provides the BIND 10 incoming DNS zone transfer service\&. Normally it is started by the \fBbind10\fR(8) -boss process\&. When triggered it can request and receive a zone transfer and store the zone in a BIND 10 zone data store\&. -.if n \{\ -.sp -.\} -.RS 4 -.it 1 an-trap -.nr an-no-space-flag 1 -.nr an-break-flag 1 -.br -.ps +1 -\fBNote\fR -.ps -1 -.br -.sp -This prototype release only supports AXFR\&. IXFR is not implemented\&. -.sp .5v -.RE +boss process\&. When triggered it can request and receive a zone transfer and store the zone in a BIND 10 zone data source\&. +.PP +The +\fBb10\-xfrin\fR +daemon supports both AXFR and IXFR\&. Due to some implementation limitations of the current development release, however, it only tries AXFR by default, and care should be taken to enable IXFR\&. See the BIND 10 Guide for more details\&. .PP This daemon communicates with BIND 10 over a \fBb10-msgq\fR(8) @@ -77,7 +65,9 @@ daemon\&. The list items are: \fImaster_addr\fR (the zone master to transfer from), \fImaster_port\fR -(defaults to 53), and +(defaults to 53), +\fIuse_ixfr\fR +(defaults to false), and \fItsig_key\fR (optional TSIG key to use)\&. The \fItsig_key\fR diff --git a/src/bin/xfrin/b10-xfrin.xml b/src/bin/xfrin/b10-xfrin.xml index dc9a6cd978..231681c13b 100644 --- a/src/bin/xfrin/b10-xfrin.xml +++ b/src/bin/xfrin/b10-xfrin.xml @@ -20,7 +20,7 @@ - September 8, 2011 + October 12, 2011 From 41040f22c80fd9f300f4f75cae3177a5360a80e2 Mon Sep 17 00:00:00 2001 From: "Jeremy C. Reed" Date: Thu, 13 Oct 2011 09:50:56 -0500 Subject: [PATCH 23/77] [master] regenerate XML for various message log changes --- doc/guide/bind10-messages.xml | 358 +++++++++++++++++++++++++++------- 1 file changed, 290 insertions(+), 68 deletions(-) diff --git a/doc/guide/bind10-messages.xml b/doc/guide/bind10-messages.xml index f5c44b33d8..bade381d2e 100644 --- a/doc/guide/bind10-messages.xml +++ b/doc/guide/bind10-messages.xml @@ -244,6 +244,14 @@ packet. + +AUTH_INVALID_STATISTICS_DATA invalid specification of statistics data specified + +An error was encountered when the authoritiative server specified +statistics data which is invalid for the auth specification file. + + + AUTH_LOAD_TSIG loading TSIG keys @@ -581,6 +589,14 @@ started according to the configuration. + +BIND10_INVALID_STATISTICS_DATA invalid specification of statistics data specified + +An error was encountered when the boss module specified +statistics data which is invalid for the boss specification file. + + + BIND10_INVALID_USER invalid user: %1 @@ -1150,7 +1166,7 @@ Debug message. The resolver is trying to look up data in the RRset cache. -CACHE_RRSET_NOT_FOUND no RRset found for %1/%2/%3 +CACHE_RRSET_NOT_FOUND no RRset found for %1/%2/%3 in cache Debug message which can follow CACHE_RRSET_LOOKUP. This means the data is not in the cache. @@ -1773,13 +1789,12 @@ means no limit. - -DATASRC_DATABASE_FIND_ERROR error retrieving data from datasource %1: %2 + +DATASRC_DATABASE_COVER_NSEC_UNSUPPORTED %1 doesn't support DNSSEC when asked for NSEC data covering %2 -This was an internal error while reading data from a datasource. This can either -mean the specific data source implementation is not behaving correctly, or the -data it provides is invalid. The current search is aborted. -The error message contains specific information about the error. +The datasource tried to provide an NSEC proof that the named domain does not +exist, but the database backend doesn't support DNSSEC. No proof is included +in the answer as a result. @@ -1795,28 +1810,9 @@ name and type in the database. DATASRC_DATABASE_FIND_TTL_MISMATCH TTL values differ in %1 for elements of %2/%3/%4, setting to %5 The datasource backend provided resource records for the given RRset with -different TTL values. The TTL of the RRSET is set to the lowest value, which -is printed in the log message. - - - - -DATASRC_DATABASE_FIND_UNCAUGHT_ERROR uncaught general error retrieving data from datasource %1: %2 - -There was an uncaught general exception while reading data from a datasource. -This most likely points to a logic error in the code, and can be considered a -bug. The current search is aborted. Specific information about the exception is -printed in this error message. - - - - -DATASRC_DATABASE_FIND_UNCAUGHT_ISC_ERROR uncaught error retrieving data from datasource %1: %2 - -There was an uncaught ISC exception while reading data from a datasource. This -most likely points to a logic error in the code, and can be considered a bug. -The current search is aborted. Specific information about the exception is -printed in this error message. +different TTL values. This isn't allowed on the wire and is considered +an error, so we set it to the lowest value we found (but we don't modify the +database). The data in database should be checked and fixed. @@ -1846,6 +1842,15 @@ instead. + +DATASRC_DATABASE_FOUND_EMPTY_NONTERMINAL empty non-terminal %2 in %1 + +The domain name doesn't have any RRs, so it doesn't exist in the database. +However, it has a subdomain, so it exists in the DNS address space. So we +return NXRRSET instead of NXDOMAIN. + + + DATASRC_DATABASE_FOUND_NXDOMAIN search in datasource %1 resulted in NXDOMAIN for %2/%3/%4 @@ -1871,6 +1876,132 @@ returned is printed. + +DATASRC_DATABASE_ITERATE iterating zone %1 + +The program is reading the whole zone, eg. not searching for data, but going +through each of the RRsets there. + + + + +DATASRC_DATABASE_ITERATE_END iterating zone finished + +While iterating through the zone, the program reached end of the data. + + + + +DATASRC_DATABASE_ITERATE_NEXT next RRset in zone is %1/%2 + +While iterating through the zone, the program extracted next RRset from it. +The name and RRtype of the RRset is indicated in the message. + + + + +DATASRC_DATABASE_ITERATE_TTL_MISMATCH TTL values differ for RRs of %1/%2/%3, setting to %4 + +While iterating through the zone, the time to live for RRs of the given RRset +were found to be different. This isn't allowed on the wire and is considered +an error, so we set it to the lowest value we found (but we don't modify the +database). The data in database should be checked and fixed. + + + + +DATASRC_DATABASE_UPDATER_COMMIT updates committed for '%1/%2' on %3 + +Debug information. A set of updates to a zone has been successfully +committed to the corresponding database backend. The zone name, +its class and the database name are printed. + + + + +DATASRC_DATABASE_UPDATER_CREATED zone updater created for '%1/%2' on %3 + +Debug information. A zone updater object is created to make updates to +the shown zone on the shown backend database. + + + + +DATASRC_DATABASE_UPDATER_DESTROYED zone updater destroyed for '%1/%2' on %3 + +Debug information. A zone updater object is destroyed, either successfully +or after failure of, making updates to the shown zone on the shown backend +database. + + + + +DATASRC_DATABASE_UPDATER_ROLLBACK zone updates roll-backed for '%1/%2' on %3 + +A zone updater is being destroyed without committing the changes. +This would typically mean the update attempt was aborted due to some +error, but may also be a bug of the application that forgets committing +the changes. The intermediate changes made through the updater won't +be applied to the underlying database. The zone name, its class, and +the underlying database name are shown in the log message. + + + + +DATASRC_DATABASE_UPDATER_ROLLBACKFAIL failed to roll back zone updates for '%1/%2' on %3: %4 + +A zone updater is being destroyed without committing the changes to +the database, and attempts to rollback incomplete updates, but it +unexpectedly fails. The higher level implementation does not expect +it to fail, so this means either a serious operational error in the +underlying data source (such as a system failure of a database) or +software bug in the underlying data source implementation. In either +case if this message is logged the administrator should carefully +examine the underlying data source to see what exactly happens and +whether the data is still valid. The zone name, its class, and the +underlying database name as well as the error message thrown from the +database module are shown in the log message. + + + + +DATASRC_DATABASE_WILDCARD constructing RRset %3 from wildcard %2 in %1 + +The database doesn't contain directly matching domain, but it does contain a +wildcard one which is being used to synthesize the answer. + + + + +DATASRC_DATABASE_WILDCARD_CANCEL_NS canceled wildcard match on %2 because %3 contains NS in %1 + +The database was queried to provide glue data and it didn't find direct match. +It could create it from given wildcard, but matching wildcards is forbidden +under a zone cut, which was found. Therefore the delegation will be returned +instead. + + + + +DATASRC_DATABASE_WILDCARD_CANCEL_SUB wildcard %2 can't be used to construct %3 because %4 exists in %1 + +The answer could be constructed using the wildcard, but the given subdomain +exists, therefore this name is something like empty non-terminal (actually, +from the protocol point of view, it is empty non-terminal, but the code +discovers it differently). + + + + +DATASRC_DATABASE_WILDCARD_EMPTY implicit wildcard %2 used to construct %3 in %1 + +The given wildcard exists implicitly in the domainspace, as empty nonterminal +(eg. there's something like subdomain.*.example.org, so *.example.org exists +implicitly, but is empty). This will produce NXRRSET, because the constructed +domain is empty as well as the wildcard. + + + DATASRC_DO_QUERY handling query for '%1/%2' @@ -2750,6 +2881,15 @@ generated. + +LIBXFRIN_DIFFERENT_TTL multiple data with different TTLs (%1, %2) on %3/%4. Adjusting %2 -> %1. + +The xfrin module received an update containing multiple rdata changes for the +same RRset. But the TTLs of these don't match each other. As we combine them +together, the later one get's overwritten to the earlier one in the sequence. + + + LOGIMPL_ABOVE_MAX_DEBUG debug level of %1 is too high and will be set to the maximum of %2 @@ -4103,21 +4243,17 @@ configuration update from the configuration manager. - -STATS_RECEIVED_REMOVE_COMMAND received command to remove %1 + +STATS_RECEIVED_SHOWSCHEMA_ALL_COMMAND received command to show all statistics schema -A remove command for the given name was sent to the stats module, and -the given statistics value will now be removed. It will not appear in -statistics reports until it appears in a statistics update from a -module again. +The stats module received a command to show all statistics schemas of all modules. - -STATS_RECEIVED_RESET_COMMAND received command to reset all statistics + +STATS_RECEIVED_SHOWSCHEMA_NAME_COMMAND received command to show statistics schema for %1 -The stats module received a command to clear all collected statistics. -The data is cleared until it receives an update from the modules again. +The stats module received a command to show the specified statistics schema of the specified module. @@ -4168,6 +4304,21 @@ to send its data to the stats module. + +STATS_STARTING starting + +The stats module will be now starting. + + + + +STATS_START_ERROR stats module error: %1 + +An internal error occurred while starting the stats module. The stats +module will be now shutting down. + + + STATS_STOPPED_BY_KEYBOARD keyboard interrupt, shutting down @@ -4191,39 +4342,28 @@ Please check your installation. XFRIN_AXFR_DATABASE_FAILURE AXFR transfer of zone %1 failed: %2 The AXFR transfer for the given zone has failed due to a database problem. -The error is shown in the log message. +The error is shown in the log message. Note: due to the code structure +this can only happen for AXFR. - -XFRIN_AXFR_INTERNAL_FAILURE AXFR transfer of zone %1 failed: %2 + +XFRIN_AXFR_INCONSISTENT_SOA AXFR SOAs are inconsistent for %1: %2 expected, %3 received -The AXFR transfer for the given zone has failed due to an internal -problem in the bind10 python wrapper library. -The error is shown in the log message. - - - - -XFRIN_AXFR_TRANSFER_FAILURE AXFR transfer of zone %1 failed: %2 - -The AXFR transfer for the given zone has failed due to a protocol error. -The error is shown in the log message. - - - - -XFRIN_AXFR_TRANSFER_STARTED AXFR transfer of zone %1 started - -A connection to the master server has been made, the serial value in -the SOA record has been checked, and a zone transfer has been started. - - - - -XFRIN_AXFR_TRANSFER_SUCCESS AXFR transfer of zone %1 succeeded - -The AXFR transfer of the given zone was successfully completed. +The serial fields of the first and last SOAs of AXFR (including AXFR-style +IXFR) are not the same. According to RFC 5936 these two SOAs must be the +"same" (not only for the serial), but it is still not clear what the +receiver should do if this condition does not hold. There was a discussion +about this at the IETF dnsext wg: +http://www.ietf.org/mail-archive/web/dnsext/current/msg07908.html +and the general feeling seems that it would be better to reject the +transfer if a mismatch is detected. On the other hand, also as noted +in that email thread, neither BIND 9 nor NSD performs any comparison +on the SOAs. For now, we only check the serials (ignoring other fields) +and only leave a warning log message when a mismatch is found. If it +turns out to happen with a real world primary server implementation +and that server actually feeds broken data (e.g. mixed versions of +zone), we can consider a stricter action. @@ -4280,6 +4420,27 @@ shown in the log message. + +XFRIN_GOT_INCREMENTAL_RESP got incremental response for %1 + +In an attempt of IXFR processing, the begenning SOA of the first difference +(following the initial SOA that specified the final SOA for all the +differences) was found. This means a connection for xfrin tried IXFR +and really aot a response for incremental updates. + + + + +XFRIN_GOT_NONINCREMENTAL_RESP got nonincremental response for %1 + +Non incremental transfer was detected at the "first data" of a transfer, +which is the RR following the initial SOA. Non incremental transfer is +either AXFR or AXFR-style IXFR. In the latter case, it means that +in a response to IXFR query the first data is not SOA or its SOA serial +is not equal to the requested SOA serial. + + + XFRIN_IMPORT_DNS error importing python DNS module: %1 @@ -4305,6 +4466,16 @@ likely means that the msgq daemon has quit or was killed. + +XFRIN_NOTIFY_UNKNOWN_MASTER got notification to retransfer zone %1 from %2, expected %3 + +The system received a notify for the given zone, but the address it came +from does not match the master address in the Xfrin configuration. The notify +is ignored. This may indicate that the configuration for the master is wrong, +that a wrong machine is sending notifies, or that fake notifies are being sent. + + + XFRIN_RETRANSFER_UNKNOWN_ZONE got notification to retransfer unknown zone %1 @@ -4338,6 +4509,38 @@ exception message is printed in the log message. + +XFRIN_XFR_OTHER_FAILURE %1 transfer of zone %2 failed: %3 + +The XFR transfer for the given zone has failed due to a problem outside +of the xfrin module. Possible reasons are a broken DNS message or failure +in database connection. The error is shown in the log message. + + + + +XFRIN_XFR_TRANSFER_FAILURE %1 transfer of zone %2 failed: %3 + +The XFR transfer for the given zone has failed due to a protocol error. +The error is shown in the log message. + + + + +XFRIN_XFR_TRANSFER_STARTED %1 transfer of zone %2 started + +A connection to the master server has been made, the serial value in +the SOA record has been checked, and a zone transfer has been started. + + + + +XFRIN_XFR_TRANSFER_SUCCESS %1 transfer of zone %2 succeeded + +The XFR transfer of the given zone was successfully completed. + + + XFROUT_AXFR_TRANSFER_DONE transfer of %1/%2 complete @@ -4401,6 +4604,14 @@ configuration manager b10-cfgmgr is not running. + +XFROUT_CONFIG_ERROR error found in configuration data: %1 + +The xfrout process encountered an error when installing the configuration at +startup time. Details of the error are included in the log message. + + + XFROUT_FETCH_REQUEST_ERROR socket error while fetching a request from the auth daemon @@ -4430,6 +4641,17 @@ system and your specific installation. + +XFROUT_MODULECC_SESSION_ERROR error encountered by configuration/command module: %1 + +There was a problem in the lower level module handling configuration and +control commands. This could happen for various reasons, but the most likely +cause is that the configuration database contains a syntax error and xfrout +failed to start at initialization. A detailed error message from the module +will also be displayed. + + + XFROUT_NEW_CONFIG Update xfrout configuration From 554a8b40e84b9f778f398b7ff15d86140255bc89 Mon Sep 17 00:00:00 2001 From: "Jeremy C. Reed" Date: Thu, 13 Oct 2011 09:55:36 -0500 Subject: [PATCH 24/77] [master] ChangeLog police See http://bind10.isc.org/wiki/ChangeLogDetails use a tab before the keyword type. use two tabs before the committer username. line too long --- ChangeLog | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2db865e9c1..8e401b8ea7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,7 +23,7 @@ how to configure it and operational notes. (Trac #1212, multiple git merges) -293. [func]* tomek +293. [func]* tomek b10-dhcp6: Implemented DHCPv6 echo server. It joins DHCPv6 multicast groups and listens to incoming DHCPv6 client messages. Received messages are then echoed back to clients. This @@ -37,12 +37,13 @@ Implement the DLV rrtype according to RFC4431. (Trac #1144, git d267c0511a07c41cd92e3b0b9ee9bf693743a7cf) -291. [func] naokikambe +291. [func] naokikambe Statistics items are specified by each module's spec file. Stats module can read these through the config manager. Stats module and stats httpd report statistics data and statistics schema by each module via both bindctl and HTTP/XML. - (Trac #928,#929,#930,#1175, git 054699635affd9c9ecbe7a108d880829f3ba229e) + (Trac #928,#929,#930,#1175, + git 054699635affd9c9ecbe7a108d880829f3ba229e) 290. [func] jinmei libdns++/pydnspp: added an option parameter to the "from wire" @@ -70,7 +71,7 @@ configuration. (Trac #1165, git 698176eccd5d55759fe9448b2c249717c932ac31) -288. [bug] stephen +288. [bug] stephen Fixed problem whereby the order in which component files appeared in rdataclass.cc was system dependent, leading to problems on some systems where data types were used before the header file in which @@ -85,7 +86,7 @@ python files from the common directly (such as "site-packages"). (Trac #1101, git 0eb576518f81c3758c7dbaa2522bd8302b1836b3) -286. [func] ocean +286. [func] ocean libdns++: Implement the HINFO rrtype support according to RFC1034, and RFC1035. (Trac #1112, git 12d62d54d33fbb1572a1aa3089b0d547d02924aa) @@ -101,14 +102,14 @@ log a warning and try to do zone transfer for them. (Trac #1153, git 0a39659638fc68f60b95b102968d7d0ad75443ea) -283. [bug] zhanglikun +283. [bug] zhanglikun Make stats and boss processes wait for answer messages from each other in block mode to avoid orphan answer messages, add an internal command "getstats" to boss process for getting statistics data from boss. (Trac #519, git 67d8e93028e014f644868fede3570abb28e5fb43) -282. [func] ocean +282. [func] ocean libdns++: Implement the NAPTR rrtype according to RFC2915, RFC2168 and RFC3403. (Trac #1130, git 01d8d0f13289ecdf9996d6d5d26ac0d43e30549c) From a3e0ed25ca88b74d92e9bfa11414e137b5982de8 Mon Sep 17 00:00:00 2001 From: "Jeremy C. Reed" Date: Thu, 13 Oct 2011 10:00:26 -0500 Subject: [PATCH 25/77] [master] add entry for doc changes to changelog --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index 8e401b8ea7..e05162eb38 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +298. [doc] jreed + Shorten README. Include plain text format of the Guide. + (git d1897d3, git 337198f) + 297. [func] dvv Implement the SPF rrtype according to RFC4408. (Trac #1140, git 146934075349f94ee27f23bf9ff01711b94e369e) From c3dafdb35cc8cd72e972a0d8212ddea3c09c330c Mon Sep 17 00:00:00 2001 From: "Jeremy C. Reed" Date: Thu, 13 Oct 2011 10:02:01 -0500 Subject: [PATCH 26/77] [master] typo fix in changelog --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index e05162eb38..4ea701ebde 100644 --- a/ChangeLog +++ b/ChangeLog @@ -59,7 +59,7 @@ 289. [func]* jinmei b10-xfrout: ACLs for xfrout can now be configured per zone basis. - A per zone ACl is part of a more general zone configuration. A + A per zone ACL is part of a more general zone configuration. A quick example for configuring an ACL for zone "example.com" that rejects any transfer request for that zone is as follows: > config add Xfrout/zone_config From 9578ddf805881e30dc4ae2124bcae6b24b580f65 Mon Sep 17 00:00:00 2001 From: "Jeremy C. Reed" Date: Thu, 13 Oct 2011 10:03:26 -0500 Subject: [PATCH 27/77] [master] add release date to changelog --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 4ea701ebde..92f98dd363 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,5 @@ +bind10-devel-20111014 released on October 14, 2011 + 298. [doc] jreed Shorten README. Include plain text format of the Guide. (git d1897d3, git 337198f) From a6646243196e059b1c137c939787117e78523b57 Mon Sep 17 00:00:00 2001 From: "Jeremy C. Reed" Date: Thu, 13 Oct 2011 10:05:56 -0500 Subject: [PATCH 28/77] [master] don't use ?= for variable assignment Solaris make says: make: Fatal error in reader: Makefile, line 397: Badly formed macro assignment It is fine with NetBSD's bmake and GNU gmake. Anyways, it is not used by any target. This was to choose the HTML-renderer. --- doc/guide/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/guide/Makefile.am b/doc/guide/Makefile.am index aaf896048c..f7fcddb01c 100644 --- a/doc/guide/Makefile.am +++ b/doc/guide/Makefile.am @@ -2,7 +2,7 @@ EXTRA_DIST = bind10-guide.css EXTRA_DIST += bind10-guide.xml bind10-guide.html bind10-guide.txt EXTRA_DIST += bind10-messages.xml bind10-messages.html -HTML2TXT ?= elinks -dump -no-numbering -no-references +HTML2TXT = elinks -dump -no-numbering -no-references bind10-guide.txt: bind10-guide.html $(HTML2TXT) $(srcdir)/bind10-guide.html > $@ From 5f9a52abbd9f785ab878e71907c8b6dfa587fab1 Mon Sep 17 00:00:00 2001 From: "Jeremy C. Reed" Date: Fri, 14 Oct 2011 07:15:25 -0500 Subject: [PATCH 29/77] [master] put the text file generation within ENABLE_MAN conditional The FreeBSD distcheck failed during uninstall time as it attempted to regenerate the file. Its dependency was from the same second. Running make with debugging showed: Examining bind10-guide.txt...non-existent...modified before source (../../../doc /guide/bind10-guide.html)...out-of-date. --- doc/guide/Makefile.am | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/doc/guide/Makefile.am b/doc/guide/Makefile.am index f7fcddb01c..239f235a5e 100644 --- a/doc/guide/Makefile.am +++ b/doc/guide/Makefile.am @@ -2,11 +2,6 @@ EXTRA_DIST = bind10-guide.css EXTRA_DIST += bind10-guide.xml bind10-guide.html bind10-guide.txt EXTRA_DIST += bind10-messages.xml bind10-messages.html -HTML2TXT = elinks -dump -no-numbering -no-references - -bind10-guide.txt: bind10-guide.html - $(HTML2TXT) $(srcdir)/bind10-guide.html > $@ - # This is not a "man" manual, but reuse this for now for docbook. if ENABLE_MAN @@ -20,6 +15,11 @@ bind10-guide.html: bind10-guide.xml http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl \ $(srcdir)/bind10-guide.xml +HTML2TXT = elinks -dump -no-numbering -no-references + +bind10-guide.txt: bind10-guide.html + $(HTML2TXT) $(srcdir)/bind10-guide.html > $@ + bind10-messages.html: bind10-messages.xml xsltproc --novalid --xinclude --nonet \ --path $(top_builddir)/doc \ From d647a4589362d2b6efee86e58c9fb38e7084deb4 Mon Sep 17 00:00:00 2001 From: Tomek Mrugalski Date: Fri, 19 Aug 2011 17:12:12 +0200 Subject: [PATCH 30/77] [1186] Initial libdhcp skeleton implementation. --- configure.ac | 2 + doc/Doxyfile | 2 +- src/bin/dhcp6/Makefile.am | 5 +- src/bin/dhcp6/dhcp6.h | 184 ------------------ src/bin/dhcp6/dhcp6_srv.cc | 2 +- src/bin/dhcp6/iface_mgr.cc | 2 +- src/bin/dhcp6/iface_mgr.h | 2 +- src/bin/dhcp6/tests/Makefile.am | 5 +- src/bin/dhcp6/tests/iface_mgr_unittest.cc | 2 +- src/lib/Makefile.am | 6 +- src/lib/dhcp/Makefile.am | 32 +++ src/lib/dhcp/README | 11 ++ src/lib/dhcp/dhcp6.h | 184 ++++++++++++++++++ src/{bin/dhcp6 => lib/dhcp}/pkt6.cc | 4 +- src/{bin/dhcp6 => lib/dhcp}/pkt6.h | 0 src/lib/dhcp/tests/Makefile.am | 40 ++++ src/lib/dhcp/tests/libdhcp_unittest.cc | 42 ++++ .../dhcp6 => lib/dhcp}/tests/pkt6_unittest.cc | 2 +- 18 files changed, 327 insertions(+), 200 deletions(-) delete mode 100644 src/bin/dhcp6/dhcp6.h create mode 100644 src/lib/dhcp/Makefile.am create mode 100644 src/lib/dhcp/README create mode 100644 src/lib/dhcp/dhcp6.h rename src/{bin/dhcp6 => lib/dhcp}/pkt6.cc (96%) rename src/{bin/dhcp6 => lib/dhcp}/pkt6.h (100%) create mode 100644 src/lib/dhcp/tests/Makefile.am create mode 100644 src/lib/dhcp/tests/libdhcp_unittest.cc rename src/{bin/dhcp6 => lib/dhcp}/tests/pkt6_unittest.cc (98%) diff --git a/configure.ac b/configure.ac index b0f5f45fd4..438883d3a8 100644 --- a/configure.ac +++ b/configure.ac @@ -870,6 +870,8 @@ AC_CONFIG_FILES([Makefile src/lib/dns/python/Makefile src/lib/dns/python/tests/Makefile src/lib/dns/benchmarks/Makefile + src/lib/dhcp/Makefile + src/lib/dhcp/tests/Makefile src/lib/exceptions/Makefile src/lib/exceptions/tests/Makefile src/lib/datasrc/Makefile diff --git a/doc/Doxyfile b/doc/Doxyfile index 8be9098bd7..ee5aaf83bc 100644 --- a/doc/Doxyfile +++ b/doc/Doxyfile @@ -574,7 +574,7 @@ INPUT = ../src/lib/exceptions ../src/lib/cc \ ../src/lib/log/compiler ../src/lib/asiolink/ ../src/lib/nsas \ ../src/lib/testutils ../src/lib/cache ../src/lib/server_common/ \ ../src/bin/sockcreator/ ../src/lib/util/ \ - ../src/lib/resolve ../src/lib/acl ../src/bin/dhcp6 + ../src/lib/resolve ../src/lib/acl ../src/bin/dhcp6 ../src/lib/dhcp # This tag can be used to specify the character encoding of the source files # that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is diff --git a/src/bin/dhcp6/Makefile.am b/src/bin/dhcp6/Makefile.am index 805d6bbccb..a131e2c4db 100644 --- a/src/bin/dhcp6/Makefile.am +++ b/src/bin/dhcp6/Makefile.am @@ -31,11 +31,12 @@ spec_config.h: spec_config.h.pre BUILT_SOURCES = spec_config.h pkglibexec_PROGRAMS = b10-dhcp6 -b10_dhcp6_SOURCES = main.cc iface_mgr.cc pkt6.cc dhcp6_srv.cc -b10_dhcp6_SOURCES += iface_mgr.h pkt6.h dhcp6_srv.h dhcp6.h +b10_dhcp6_SOURCES = main.cc iface_mgr.cc dhcp6_srv.cc +b10_dhcp6_SOURCES += iface_mgr.h dhcp6_srv.h b10_dhcp6_LDADD = $(top_builddir)/src/lib/datasrc/libdatasrc.la b10_dhcp6_LDADD += $(top_builddir)/src/lib/dns/libdns++.la b10_dhcp6_LDADD += $(top_builddir)/src/lib/util/libutil.la +b10_dhcp6_LDADD += $(top_builddir)/src/lib/dhcp/libdhcp.la b10_dhcp6_LDADD += $(top_builddir)/src/lib/config/libcfgclient.la b10_dhcp6_LDADD += $(top_builddir)/src/lib/cc/libcc.la b10_dhcp6_LDADD += $(top_builddir)/src/lib/exceptions/libexceptions.la diff --git a/src/bin/dhcp6/dhcp6.h b/src/bin/dhcp6/dhcp6.h deleted file mode 100644 index b5512f31df..0000000000 --- a/src/bin/dhcp6/dhcp6.h +++ /dev/null @@ -1,184 +0,0 @@ -// Copyright (C) 2006-2011 Internet Systems Consortium, Inc. ("ISC") -// -// Permission to use, copy, modify, and/or distribute this software for any -// purpose with or without fee is hereby granted, provided that the above -// copyright notice and this permission notice appear in all copies. -// -// THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -// REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -// AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -// INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -// LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -// OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -// PERFORMANCE OF THIS SOFTWARE. - -#ifndef DHCP6_H -#define DHCP6_H - -/* DHCPv6 Option codes: */ - -#define D6O_CLIENTID 1 /* RFC3315 */ -#define D6O_SERVERID 2 -#define D6O_IA_NA 3 -#define D6O_IA_TA 4 -#define D6O_IAADDR 5 -#define D6O_ORO 6 -#define D6O_PREFERENCE 7 -#define D6O_ELAPSED_TIME 8 -#define D6O_RELAY_MSG 9 -/* Option code 10 unassigned. */ -#define D6O_AUTH 11 -#define D6O_UNICAST 12 -#define D6O_STATUS_CODE 13 -#define D6O_RAPID_COMMIT 14 -#define D6O_USER_CLASS 15 -#define D6O_VENDOR_CLASS 16 -#define D6O_VENDOR_OPTS 17 -#define D6O_INTERFACE_ID 18 -#define D6O_RECONF_MSG 19 -#define D6O_RECONF_ACCEPT 20 -#define D6O_SIP_SERVERS_DNS 21 /* RFC3319 */ -#define D6O_SIP_SERVERS_ADDR 22 /* RFC3319 */ -#define D6O_NAME_SERVERS 23 /* RFC3646 */ -#define D6O_DOMAIN_SEARCH 24 /* RFC3646 */ -#define D6O_IA_PD 25 /* RFC3633 */ -#define D6O_IAPREFIX 26 /* RFC3633 */ -#define D6O_NIS_SERVERS 27 /* RFC3898 */ -#define D6O_NISP_SERVERS 28 /* RFC3898 */ -#define D6O_NIS_DOMAIN_NAME 29 /* RFC3898 */ -#define D6O_NISP_DOMAIN_NAME 30 /* RFC3898 */ -#define D6O_SNTP_SERVERS 31 /* RFC4075 */ -#define D6O_INFORMATION_REFRESH_TIME 32 /* RFC4242 */ -#define D6O_BCMCS_SERVER_D 33 /* RFC4280 */ -#define D6O_BCMCS_SERVER_A 34 /* RFC4280 */ -/* 35 is unassigned */ -#define D6O_GEOCONF_CIVIC 36 /* RFC4776 */ -#define D6O_REMOTE_ID 37 /* RFC4649 */ -#define D6O_SUBSCRIBER_ID 38 /* RFC4580 */ -#define D6O_CLIENT_FQDN 39 /* RFC4704 */ -#define D6O_PANA_AGENT 40 /* paa-option */ -#define D6O_NEW_POSIX_TIMEZONE 41 /* RFC4833 */ -#define D6O_NEW_TZDB_TIMEZONE 42 /* RFC4833 */ -#define D6O_ERO 43 /* RFC4994 */ -#define D6O_LQ_QUERY 44 /* RFC5007 */ -#define D6O_CLIENT_DATA 45 /* RFC5007 */ -#define D6O_CLT_TIME 46 /* RFC5007 */ -#define D6O_LQ_RELAY_DATA 47 /* RFC5007 */ -#define D6O_LQ_CLIENT_LINK 48 /* RFC5007 */ - -/* - * Status Codes, from RFC 3315 section 24.4, and RFC 3633, 5007. - */ -#define STATUS_Success 0 -#define STATUS_UnspecFail 1 -#define STATUS_NoAddrsAvail 2 -#define STATUS_NoBinding 3 -#define STATUS_NotOnLink 4 -#define STATUS_UseMulticast 5 -#define STATUS_NoPrefixAvail 6 -#define STATUS_UnknownQueryType 7 -#define STATUS_MalformedQuery 8 -#define STATUS_NotConfigured 9 -#define STATUS_NotAllowed 10 - -/* - * DHCPv6 message types, defined in section 5.3 of RFC 3315 - */ -#define DHCPV6_SOLICIT 1 -#define DHCPV6_ADVERTISE 2 -#define DHCPV6_REQUEST 3 -#define DHCPV6_CONFIRM 4 -#define DHCPV6_RENEW 5 -#define DHCPV6_REBIND 6 -#define DHCPV6_REPLY 7 -#define DHCPV6_RELEASE 8 -#define DHCPV6_DECLINE 9 -#define DHCPV6_RECONFIGURE 10 -#define DHCPV6_INFORMATION_REQUEST 11 -#define DHCPV6_RELAY_FORW 12 -#define DHCPV6_RELAY_REPL 13 -#define DHCPV6_LEASEQUERY 14 -#define DHCPV6_LEASEQUERY_REPLY 15 - -extern const char *dhcpv6_type_names[]; -extern const int dhcpv6_type_name_max; - -/* DUID type definitions (RFC3315 section 9). - */ -#define DUID_LLT 1 -#define DUID_EN 2 -#define DUID_LL 3 - -/* Offsets into IA_*'s where Option spaces commence. */ -#define IA_NA_OFFSET 12 /* IAID, T1, T2, all 4 octets each */ -#define IA_TA_OFFSET 4 /* IAID only, 4 octets */ -#define IA_PD_OFFSET 12 /* IAID, T1, T2, all 4 octets each */ - -/* Offset into IAADDR's where Option spaces commence. */ -#define IAADDR_OFFSET 24 - -/* Offset into IAPREFIX's where Option spaces commence. */ -#define IAPREFIX_OFFSET 25 - -/* Offset into LQ_QUERY's where Option spaces commence. */ -#define LQ_QUERY_OFFSET 17 - -/* - * DHCPv6 well-known multicast addressess, from section 5.1 of RFC 3315 - */ -#define ALL_DHCP_RELAY_AGENTS_AND_SERVERS "ff02::1:2" -#define ALL_DHCP_SERVERS "ff05::1:3" - -#define DHCP6_CLIENT_PORT 546 -#define DHCP6_SERVER_PORT 547 - -/* - * DHCPv6 Retransmission Constants (RFC3315 section 5.5, RFC 5007) - */ - -#define SOL_MAX_DELAY 1 -#define SOL_TIMEOUT 1 -#define SOL_MAX_RT 120 -#define REQ_TIMEOUT 1 -#define REQ_MAX_RT 30 -#define REQ_MAX_RC 10 -#define CNF_MAX_DELAY 1 -#define CNF_TIMEOUT 1 -#define CNF_MAX_RT 4 -#define CNF_MAX_RD 10 -#define REN_TIMEOUT 10 -#define REN_MAX_RT 600 -#define REB_TIMEOUT 10 -#define REB_MAX_RT 600 -#define INF_MAX_DELAY 1 -#define INF_TIMEOUT 1 -#define INF_MAX_RT 120 -#define REL_TIMEOUT 1 -#define REL_MAX_RC 5 -#define DEC_TIMEOUT 1 -#define DEC_MAX_RC 5 -#define REC_TIMEOUT 2 -#define REC_MAX_RC 8 -#define HOP_COUNT_LIMIT 32 -#define LQ6_TIMEOUT 1 -#define LQ6_MAX_RT 10 -#define LQ6_MAX_RC 5 - -/* Leasequery query-types (RFC 5007) */ - -#define LQ6QT_BY_ADDRESS 1 -#define LQ6QT_BY_CLIENTID 2 - -/* - * DUID time starts 2000-01-01. - * This constant is the number of seconds since 1970-01-01, - * when the Unix epoch began. - */ -#define DUID_TIME_EPOCH 946684800 - -/* Information-Request Time option (RFC 4242) */ - -#define IRT_DEFAULT 86400 -#define IRT_MINIMUM 600 - -#endif diff --git a/src/bin/dhcp6/dhcp6_srv.cc b/src/bin/dhcp6/dhcp6_srv.cc index 4d9244f865..dd5156455e 100644 --- a/src/bin/dhcp6/dhcp6_srv.cc +++ b/src/bin/dhcp6/dhcp6_srv.cc @@ -12,7 +12,7 @@ // OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR // PERFORMANCE OF THIS SOFTWARE. -#include "dhcp6/pkt6.h" +#include "dhcp/pkt6.h" #include "dhcp6/iface_mgr.h" #include "dhcp6/dhcp6_srv.h" diff --git a/src/bin/dhcp6/iface_mgr.cc b/src/bin/dhcp6/iface_mgr.cc index 1e2551a76e..a08db2c1d8 100644 --- a/src/bin/dhcp6/iface_mgr.cc +++ b/src/bin/dhcp6/iface_mgr.cc @@ -18,8 +18,8 @@ #include #include +#include "dhcp/dhcp6.h" #include "dhcp6/iface_mgr.h" -#include "dhcp6/dhcp6.h" #include "exceptions/exceptions.h" using namespace std; diff --git a/src/bin/dhcp6/iface_mgr.h b/src/bin/dhcp6/iface_mgr.h index 39061dafc1..d4badac498 100644 --- a/src/bin/dhcp6/iface_mgr.h +++ b/src/bin/dhcp6/iface_mgr.h @@ -17,7 +17,7 @@ #include #include "io_address.h" -#include "dhcp6/pkt6.h" +#include "dhcp/pkt6.h" namespace isc { diff --git a/src/bin/dhcp6/tests/Makefile.am b/src/bin/dhcp6/tests/Makefile.am index ae9d8e3173..4ed870f2f5 100644 --- a/src/bin/dhcp6/tests/Makefile.am +++ b/src/bin/dhcp6/tests/Makefile.am @@ -45,11 +45,9 @@ if HAVE_GTEST TESTS += dhcp6_unittests -dhcp6_unittests_SOURCES = ../pkt6.h ../pkt6.cc -dhcp6_unittests_SOURCES += ../iface_mgr.h ../iface_mgr.cc +dhcp6_unittests_SOURCES = ../iface_mgr.h ../iface_mgr.cc dhcp6_unittests_SOURCES += ../dhcp6_srv.h ../dhcp6_srv.cc dhcp6_unittests_SOURCES += dhcp6_unittests.cc -dhcp6_unittests_SOURCES += pkt6_unittest.cc dhcp6_unittests_SOURCES += iface_mgr_unittest.cc dhcp6_unittests_SOURCES += dhcp6_srv_unittest.cc @@ -58,6 +56,7 @@ dhcp6_unittests_LDFLAGS = $(AM_LDFLAGS) $(GTEST_LDFLAGS) dhcp6_unittests_LDADD = $(GTEST_LDADD) dhcp6_unittests_LDADD += $(SQLITE_LIBS) dhcp6_unittests_LDADD += $(top_builddir)/src/lib/asiolink/libasiolink.la +dhcp6_unittests_LDADD += $(top_builddir)/src/lib/dhcp/libdhcp.la dhcp6_unittests_LDADD += $(top_builddir)/src/lib/config/libcfgclient.la dhcp6_unittests_LDADD += $(top_builddir)/src/lib/cc/libcc.la dhcp6_unittests_LDADD += $(top_builddir)/src/lib/exceptions/libexceptions.la diff --git a/src/bin/dhcp6/tests/iface_mgr_unittest.cc b/src/bin/dhcp6/tests/iface_mgr_unittest.cc index c9a9d724c0..589aeb0358 100644 --- a/src/bin/dhcp6/tests/iface_mgr_unittest.cc +++ b/src/bin/dhcp6/tests/iface_mgr_unittest.cc @@ -21,7 +21,7 @@ #include #include "io_address.h" -#include "dhcp6/pkt6.h" +#include "dhcp/pkt6.h" #include "dhcp6/iface_mgr.h" using namespace std; diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index 04eee45f8d..c825e662af 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -1,3 +1,3 @@ -SUBDIRS = exceptions util log cryptolink dns cc config acl xfr bench \ - asiolink asiodns nsas cache resolve testutils datasrc \ - server_common python +SUBDIRS = exceptions util log cryptolink dns cc config python xfr \ + bench asiolink asiodns nsas cache resolve testutils datasrc \ + acl server_common dhcp diff --git a/src/lib/dhcp/Makefile.am b/src/lib/dhcp/Makefile.am new file mode 100644 index 0000000000..ba3241cda7 --- /dev/null +++ b/src/lib/dhcp/Makefile.am @@ -0,0 +1,32 @@ +SUBDIRS = . tests + +AM_CPPFLAGS = -I$(top_builddir)/src/lib -I$(top_srcdir)/src/lib +AM_CPPFLAGS += -I$(top_srcdir)/src/lib/asiolink +AM_CPPFLAGS += -I$(top_builddir)/src/lib/asiolink +AM_CPPFLAGS += $(BOOST_INCLUDES) + +CLEANFILES = *.gcno *.gcda + +lib_LTLIBRARIES = libdhcp.la +libdhcp_la_SOURCES = +libdhcp_la_SOURCES += libdhcp.cc libdhcp.h +libdhcp_la_SOURCES += dhcp6.h +libdhcp_la_SOURCES += pkt6.cc pkt6.h + +EXTRA_DIST = README +EXTRA_DIST += logimpl_messages.mes +EXTRA_DIST += log_messages.mes + +# Note: the ordering matters: -Wno-... must follow -Wextra (defined in +# B10_CXXFLAGS) +libdhcp_la_CXXFLAGS = $(AM_CXXFLAGS) +if USE_GXX +libdhcp_la_CXXFLAGS += -Wall +endif +if USE_CLANGPP +# Same for clang++, but we need to turn off -Werror completely. +libdhcp_la_CXXFLAGS += -Wall +endif +libdhcp_la_CPPFLAGS = $(AM_CPPFLAGS) $(LOG4CPLUS_INCLUDES) +libdhcp_la_LDFLAGS = $(LOG4CPLUS_LDFLAGS) +libdhcp_la_LIBADD = $(top_builddir)/src/lib/util/libutil.la diff --git a/src/lib/dhcp/README b/src/lib/dhcp/README new file mode 100644 index 0000000000..6c5353d003 --- /dev/null +++ b/src/lib/dhcp/README @@ -0,0 +1,11 @@ +This directory holds implementation for libdhcp. + + +Basic Ideas +=========== + + +Notes +===== +This work just begun. Don't expect to see much useful code here. +We are working on it. \ No newline at end of file diff --git a/src/lib/dhcp/dhcp6.h b/src/lib/dhcp/dhcp6.h new file mode 100644 index 0000000000..b3ee0bfd7b --- /dev/null +++ b/src/lib/dhcp/dhcp6.h @@ -0,0 +1,184 @@ +// Copyright (C) 2006-2011 Internet Systems Consortium, Inc. ("ISC") +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +// REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +// AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +// INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +// LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +// OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +// PERFORMANCE OF THIS SOFTWARE. + +#ifndef DHCP6_H +#define DHCP6_H + +/* DHCPv6 Option codes: */ + +#define D6O_CLIENTID 1 /* RFC3315 */ +#define D6O_SERVERID 2 +#define D6O_IA_NA 3 +#define D6O_IA_TA 4 +#define D6O_IAADDR 5 +#define D6O_ORO 6 +#define D6O_PREFERENCE 7 +#define D6O_ELAPSED_TIME 8 +#define D6O_RELAY_MSG 9 +/* Option code 10 unassigned. */ +#define D6O_AUTH 11 +#define D6O_UNICAST 12 +#define D6O_STATUS_CODE 13 +#define D6O_RAPID_COMMIT 14 +#define D6O_USER_CLASS 15 +#define D6O_VENDOR_CLASS 16 +#define D6O_VENDOR_OPTS 17 +#define D6O_INTERFACE_ID 18 +#define D6O_RECONF_MSG 19 +#define D6O_RECONF_ACCEPT 20 +#define D6O_SIP_SERVERS_DNS 21 /* RFC3319 */ +#define D6O_SIP_SERVERS_ADDR 22 /* RFC3319 */ +#define D6O_NAME_SERVERS 23 /* RFC3646 */ +#define D6O_DOMAIN_SEARCH 24 /* RFC3646 */ +#define D6O_IA_PD 25 /* RFC3633 */ +#define D6O_IAPREFIX 26 /* RFC3633 */ +#define D6O_NIS_SERVERS 27 /* RFC3898 */ +#define D6O_NISP_SERVERS 28 /* RFC3898 */ +#define D6O_NIS_DOMAIN_NAME 29 /* RFC3898 */ +#define D6O_NISP_DOMAIN_NAME 30 /* RFC3898 */ +#define D6O_SNTP_SERVERS 31 /* RFC4075 */ +#define D6O_INFORMATION_REFRESH_TIME 32 /* RFC4242 */ +#define D6O_BCMCS_SERVER_D 33 /* RFC4280 */ +#define D6O_BCMCS_SERVER_A 34 /* RFC4280 */ +/* 35 is unassigned */ +#define D6O_GEOCONF_CIVIC 36 /* RFC4776 */ +#define D6O_REMOTE_ID 37 /* RFC4649 */ +#define D6O_SUBSCRIBER_ID 38 /* RFC4580 */ +#define D6O_CLIENT_FQDN 39 /* RFC4704 */ +#define D6O_PANA_AGENT 40 /* paa-option */ +#define D6O_NEW_POSIX_TIMEZONE 41 /* RFC4833 */ +#define D6O_NEW_TZDB_TIMEZONE 42 /* RFC4833 */ +#define D6O_ERO 43 /* RFC4994 */ +#define D6O_LQ_QUERY 44 /* RFC5007 */ +#define D6O_CLIENT_DATA 45 /* RFC5007 */ +#define D6O_CLT_TIME 46 /* RFC5007 */ +#define D6O_LQ_RELAY_DATA 47 /* RFC5007 */ +#define D6O_LQ_CLIENT_LINK 48 /* RFC5007 */ + +/* + * Status Codes, from RFC 3315 section 24.4, and RFC 3633, 5007. + */ +#define STATUS_Success 0 +#define STATUS_UnspecFail 1 +#define STATUS_NoAddrsAvail 2 +#define STATUS_NoBinding 3 +#define STATUS_NotOnLink 4 +#define STATUS_UseMulticast 5 +#define STATUS_NoPrefixAvail 6 +#define STATUS_UnknownQueryType 7 +#define STATUS_MalformedQuery 8 +#define STATUS_NotConfigured 9 +#define STATUS_NotAllowed 10 + +/* + * DHCPv6 message types, defined in section 5.3 of RFC 3315 + */ +#define DHCPV6_SOLICIT 1 +#define DHCPV6_ADVERTISE 2 +#define DHCPV6_REQUEST 3 +#define DHCPV6_CONFIRM 4 +#define DHCPV6_RENEW 5 +#define DHCPV6_REBIND 6 +#define DHCPV6_REPLY 7 +#define DHCPV6_RELEASE 8 +#define DHCPV6_DECLINE 9 +#define DHCPV6_RECONFIGURE 10 +#define DHCPV6_INFORMATION_REQUEST 11 +#define DHCPV6_RELAY_FORW 12 +#define DHCPV6_RELAY_REPL 13 +#define DHCPV6_LEASEQUERY 14 +#define DHCPV6_LEASEQUERY_REPLY 15 + +extern const char *dhcpv6_type_names[]; +extern const int dhcpv6_type_name_max; + +/* DUID type definitions (RFC3315 section 9). + */ +#define DUID_LLT 1 +#define DUID_EN 2 +#define DUID_LL 3 + +/* Offsets into IA_*'s where Option spaces commence. */ +#define IA_NA_OFFSET 12 /* IAID, T1, T2, all 4 octets each */ +#define IA_TA_OFFSET 4 /* IAID only, 4 octets */ +#define IA_PD_OFFSET 12 /* IAID, T1, T2, all 4 octets each */ + +/* Offset into IAADDR's where Option spaces commence. */ +#define IAADDR_OFFSET 24 + +/* Offset into IAPREFIX's where Option spaces commence. */ +#define IAPREFIX_OFFSET 25 + +/* Offset into LQ_QUERY's where Option spaces commence. */ +#define LQ_QUERY_OFFSET 17 + +/* + * DHCPv6 well-known multicast addressess, from section 5.1 of RFC 3315 + */ +#define ALL_DHCP_RELAY_AGENTS_AND_SERVERS "ff02::1:2" +#define ALL_DHCP_SERVERS "ff05::1:3" + +#define DHCP6_CLIENT_PORT 546 +#define DHCP6_SERVER_PORT 547 + +/* + * DHCPv6 Retransmission Constants (RFC3315 section 5.5, RFC 5007) + */ + +#define SOL_MAX_DELAY 1 +#define SOL_TIMEOUT 1 +#define SOL_MAX_RT 120 +#define REQ_TIMEOUT 1 +#define REQ_MAX_RT 30 +#define REQ_MAX_RC 10 +#define CNF_MAX_DELAY 1 +#define CNF_TIMEOUT 1 +#define CNF_MAX_RT 4 +#define CNF_MAX_RD 10 +#define REN_TIMEOUT 10 +#define REN_MAX_RT 600 +#define REB_TIMEOUT 10 +#define REB_MAX_RT 600 +#define INF_MAX_DELAY 1 +#define INF_TIMEOUT 1 +#define INF_MAX_RT 120 +#define REL_TIMEOUT 1 +#define REL_MAX_RC 5 +#define DEC_TIMEOUT 1 +#define DEC_MAX_RC 5 +#define REC_TIMEOUT 2 +#define REC_MAX_RC 8 +#define HOP_COUNT_LIMIT 32 +#define LQ6_TIMEOUT 1 +#define LQ6_MAX_RT 10 +#define LQ6_MAX_RC 5 + +/* Leasequery query-types (RFC 5007) */ + +#define LQ6QT_BY_ADDRESS 1 +#define LQ6QT_BY_CLIENTID 2 + +/* + * DUID time starts 2000-01-01. + * This constant is the number of seconds since 1970-01-01, + * when the Unix epoch began. + */ +#define DUID_TIME_EPOCH 946684800 + +/* Information-Request Time option (RFC 4242) */ + +#define IRT_DEFAULT 86400 +#define IRT_MINIMUM 600 + +#endif diff --git a/src/bin/dhcp6/pkt6.cc b/src/lib/dhcp/pkt6.cc similarity index 96% rename from src/bin/dhcp6/pkt6.cc rename to src/lib/dhcp/pkt6.cc index 5dcab86fe5..5f1fa85fca 100644 --- a/src/bin/dhcp6/pkt6.cc +++ b/src/lib/dhcp/pkt6.cc @@ -13,8 +13,8 @@ // PERFORMANCE OF THIS SOFTWARE. -#include "dhcp6/dhcp6.h" -#include "dhcp6/pkt6.h" +#include "dhcp/dhcp6.h" +#include "dhcp/pkt6.h" #include namespace isc { diff --git a/src/bin/dhcp6/pkt6.h b/src/lib/dhcp/pkt6.h similarity index 100% rename from src/bin/dhcp6/pkt6.h rename to src/lib/dhcp/pkt6.h diff --git a/src/lib/dhcp/tests/Makefile.am b/src/lib/dhcp/tests/Makefile.am new file mode 100644 index 0000000000..65a6694681 --- /dev/null +++ b/src/lib/dhcp/tests/Makefile.am @@ -0,0 +1,40 @@ +SUBDIRS = . + +AM_CPPFLAGS = -I$(top_builddir)/src/lib -I$(top_srcdir)/src/lib +AM_CPPFLAGS += -I$(top_srcdir)/src/lib/asiolink +AM_CPPFLAGS += -I$(top_builddir)/src/lib/asiolink +AM_CPPFLAGS += $(BOOST_INCLUDES) +AM_CXXFLAGS = $(B10_CXXFLAGS) + +if USE_STATIC_LINK +AM_LDFLAGS = -static +endif + +CLEANFILES = *.gcno *.gcda + +TESTS = +if HAVE_GTEST +TESTS += libdhcp_unittests +libdhcp_unittests_SOURCES = run_unittests.cc +libdhcp_unittests_SOURCES += ../libdhcp.h ../libdhcp.cc libdhcp_unittest.cc +libdhcp_unittests_SOURCES += ../pkt6.h ../pkt6.cc pkt6_unittest.cc + +libdhcp_unittests_CPPFLAGS = $(AM_CPPFLAGS) $(GTEST_INCLUDES) $(LOG4CPLUS_INCLUDES) +libdhcp_unittests_LDFLAGS = $(AM_LDFLAGS) $(GTEST_LDFLAGS) + +libdhcp_unittests_CXXFLAGS = $(AM_CXXFLAGS) +if USE_CLANGPP +# This is to workaround unused variables tcout and tcerr in +# log4cplus's streams.h. +libdhcp_unittests_CXXFLAGS += -Wno-unused-variable +endif +libdhcp_unittests_LDADD = $(GTEST_LDADD) +libdhcp_unittests_LDADD += $(top_builddir)/src/lib/log/liblog.la +libdhcp_unittests_LDADD += $(top_builddir)/src/lib/util/unittests/libutil_unittests.la +libdhcp_unittests_LDADD += $(top_builddir)/src/lib/util/libutil.la +libdhcp_unittests_LDADD += $(top_builddir)/src/lib/asiolink/libasiolink.la +libdhcp_unittests_LDADD += $(top_builddir)/src/lib/exceptions/libexceptions.la +libdhcp_unittests_LDADD += $(top_builddir)/src/lib/util/unittests/libutil_unittests.la +endif + +noinst_PROGRAMS = $(TESTS) diff --git a/src/lib/dhcp/tests/libdhcp_unittest.cc b/src/lib/dhcp/tests/libdhcp_unittest.cc new file mode 100644 index 0000000000..9a2151ce7b --- /dev/null +++ b/src/lib/dhcp/tests/libdhcp_unittest.cc @@ -0,0 +1,42 @@ +// Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +// REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +// AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +// INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +// LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +// OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +// PERFORMANCE OF THIS SOFTWARE. + +#include +#include +#include + +#include +#include + +#include "dhcp/libdhcp.h" + +using namespace std; +using namespace isc; +using namespace isc::dhcp; + +namespace { +class LibDhcpTest : public ::testing::Test { +public: + LibDhcpTest() { + } +}; + +TEST_F(LibDhcpTest, basic) { + // dummy test + + // an attempt to bind this socket will fail. + EXPECT_EQ(LibDHCP::version(), "0"); +} + +} diff --git a/src/bin/dhcp6/tests/pkt6_unittest.cc b/src/lib/dhcp/tests/pkt6_unittest.cc similarity index 98% rename from src/bin/dhcp6/tests/pkt6_unittest.cc rename to src/lib/dhcp/tests/pkt6_unittest.cc index 5054c45f67..9bf31f7318 100644 --- a/src/bin/dhcp6/tests/pkt6_unittest.cc +++ b/src/lib/dhcp/tests/pkt6_unittest.cc @@ -20,7 +20,7 @@ #include -#include "dhcp6/pkt6.h" +#include "dhcp/pkt6.h" using namespace std; using namespace isc; From f4c7155d41cb008a1a180e567e142ce096a21b88 Mon Sep 17 00:00:00 2001 From: Tomek Mrugalski Date: Fri, 19 Aug 2011 18:51:50 +0200 Subject: [PATCH 31/77] [1186] Added missing libdhcp.cc|h files. --- src/lib/dhcp/libdhcp.cc | 21 +++++++++++++++++++++ src/lib/dhcp/libdhcp.h | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+) create mode 100644 src/lib/dhcp/libdhcp.cc create mode 100644 src/lib/dhcp/libdhcp.h diff --git a/src/lib/dhcp/libdhcp.cc b/src/lib/dhcp/libdhcp.cc new file mode 100644 index 0000000000..c7af264d0d --- /dev/null +++ b/src/lib/dhcp/libdhcp.cc @@ -0,0 +1,21 @@ +// Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +// REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +// AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +// INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +// LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +// OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +// PERFORMANCE OF THIS SOFTWARE. + +#include "dhcp/libdhcp.h" + +using namespace isc::dhcp; + +std::string LibDHCP::version() { + return "0"; +} diff --git a/src/lib/dhcp/libdhcp.h b/src/lib/dhcp/libdhcp.h new file mode 100644 index 0000000000..4b0b35f0de --- /dev/null +++ b/src/lib/dhcp/libdhcp.h @@ -0,0 +1,34 @@ +// Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +// REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +// AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +// INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +// LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +// OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +// PERFORMANCE OF THIS SOFTWARE. + +#ifndef LIBDHCP_H_ +#define LIBDHCP_H_ + +#include + +namespace isc { +namespace dhcp { + +class LibDHCP { + +public: + static std::string version(); + + +}; + +} +} + +#endif From b47533e918cb5b0c2befe7b0da315819b009c47f Mon Sep 17 00:00:00 2001 From: Tomek Mrugalski Date: Tue, 23 Aug 2011 21:21:11 +0200 Subject: [PATCH 32/77] [1186] libdhcp now is able to parse and build packets and options. --- src/bin/dhcp6/tests/iface_mgr_unittest.cc | 55 +++++ src/lib/dhcp/Makefile.am | 1 + src/lib/dhcp/libdhcp.cc | 91 ++++++++- src/lib/dhcp/libdhcp.h | 17 +- src/lib/dhcp/option.cc | 192 ++++++++++++++++++ src/lib/dhcp/option.h | 109 ++++++++++ src/lib/dhcp/pkt6.cc | 235 +++++++++++++++++++++- src/lib/dhcp/pkt6.h | 60 +++++- src/lib/dhcp/tests/Makefile.am | 1 + src/lib/dhcp/tests/libdhcp_unittest.cc | 1 - src/lib/dhcp/tests/option_unittest.cc | 81 ++++++++ src/lib/dhcp/tests/pkt6_unittest.cc | 71 ++++++- src/lib/dhcp/tests/run_unittests.cc | 25 +++ 13 files changed, 913 insertions(+), 26 deletions(-) create mode 100644 src/lib/dhcp/option.cc create mode 100644 src/lib/dhcp/option.h create mode 100644 src/lib/dhcp/tests/option_unittest.cc create mode 100644 src/lib/dhcp/tests/run_unittests.cc diff --git a/src/bin/dhcp6/tests/iface_mgr_unittest.cc b/src/bin/dhcp6/tests/iface_mgr_unittest.cc index 589aeb0358..b38a9b2d80 100644 --- a/src/bin/dhcp6/tests/iface_mgr_unittest.cc +++ b/src/bin/dhcp6/tests/iface_mgr_unittest.cc @@ -54,6 +54,61 @@ public: } }; +// uncomment this test to create packet writer. It will +// write incoming DHCPv6 packets as C arrays. That is useful +// for generating test sequences based on actual traffic +// +// TODO: this potentially should be moved to a separate tool +// + +#if 0 +TEST_F(IfaceMgrTest, dhcp6Sniffer) { + // testing socket operation in a portable way is tricky + // without interface detection implemented + + unlink("interfaces.txt"); + + ofstream interfaces("interfaces.txt", ios::ate); + interfaces << "eth0 fe80::21e:8cff:fe9b:7349"; + interfaces.close(); + + NakedIfaceMgr * ifacemgr = new NakedIfaceMgr(); + + Pkt6 * pkt = 0; + int cnt = 0; + cout << "---8X-----------------------------------------" << endl; + while (true) { + pkt = ifacemgr->receive(); + + cout << "// Received " << pkt->data_len_ << " bytes packet:" << endl; + cout << "Pkt6 *capture" << cnt++ << "() {" << endl; + cout << " Pkt6* pkt;" << endl; + cout << " pkt = new Pkt6(" << pkt->data_len_ << ");" << endl; + cout << " pkt->remote_port_ = " << pkt-> remote_port_ << ";" << endl; + cout << " pkt->remote_addr_ = IOAddress(\"" << pkt->remote_addr_.toText() << "\");" << endl; + cout << " pkt->local_port_ = " << pkt-> local_port_ << ";" << endl; + cout << " pkt->local_addr_ = IOAddress(\"" << pkt->local_addr_.toText() << "\");" << endl; + cout << " pkt->ifindex_ = " << pkt->ifindex_ << ";" << endl; + cout << " pkt->iface_ = \"" << pkt->iface_ << "\";" << endl; + for (int i=0; i< pkt->data_len_; i++) { + cout << " pkt->data_[" << i << "]=" << (int)(unsigned char)pkt->data_[i] << "; "; + if (!(i%4)) + cout << endl; + } + cout << endl; + cout << " return (pkt);" << endl; + cout << "}" << endl << endl; + + delete pkt; + } + cout << "---8X-----------------------------------------" << endl; + + // never happens. Infinite loop is infinite + delete pkt; + delete ifacemgr; +} +#endif + TEST_F(IfaceMgrTest, basic) { // checks that IfaceManager can be instantiated diff --git a/src/lib/dhcp/Makefile.am b/src/lib/dhcp/Makefile.am index ba3241cda7..a0ddc56f13 100644 --- a/src/lib/dhcp/Makefile.am +++ b/src/lib/dhcp/Makefile.am @@ -10,6 +10,7 @@ CLEANFILES = *.gcno *.gcda lib_LTLIBRARIES = libdhcp.la libdhcp_la_SOURCES = libdhcp_la_SOURCES += libdhcp.cc libdhcp.h +libdhcp_la_SOURCES += option.cc option.h libdhcp_la_SOURCES += dhcp6.h libdhcp_la_SOURCES += pkt6.cc pkt6.h diff --git a/src/lib/dhcp/libdhcp.cc b/src/lib/dhcp/libdhcp.cc index c7af264d0d..d03fd3cf66 100644 --- a/src/lib/dhcp/libdhcp.cc +++ b/src/lib/dhcp/libdhcp.cc @@ -12,10 +12,97 @@ // OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR // PERFORMANCE OF THIS SOFTWARE. +#include +#include #include "dhcp/libdhcp.h" +#include "config.h" +using namespace std; using namespace isc::dhcp; -std::string LibDHCP::version() { - return "0"; +std::string +LibDHCP::version() { + return PACKAGE_VERSION; +} + +/** + * Parses provided buffer and creates Option objects. + * + * Parses provided buf array and stores created Option objects + * in options container. + * + * @param buf Buffer to be parsed. + * @param offset Specifies offset for the first option. + * @param options Reference to option container. Options will be + * put here. + * + * @return offset to first byte after last parsed option + */ +unsigned int +LibDHCP::unpackOptions6(boost::shared_array& buf, + int buf_len, + unsigned short offset, + isc::dhcp::Option::Option6Lst& options) { + int len = buf_len - offset; + while (len>4) { + int opt_type = buf[offset]*256 + buf[offset+1]; + offset += 2; + len -= 2; + int opt_len = buf[offset]*256 + buf[offset+1]; + offset += 2; + len -= 2; + + if (opt_len > len) { + cout << "Packet truncated. Unable to parse option " << opt_type + << ". " << len << " bytes left in buffer, but option " + << "len=" << opt_len << endl; + return (offset); + } + + boost::shared_ptr