OpenDNSSEC-signer  2.0.4
zone.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2009 NLNet Labs. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  * notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  * notice, this list of conditions and the following disclaimer in the
11  * documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
15  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
17  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
19  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
20  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
21  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
22  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
23  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24  *
25  */
26 
32 #include "adapter/adapter.h"
33 #include "file.h"
34 #include "hsm.h"
35 #include "locks.h"
36 #include "log.h"
37 #include "status.h"
38 #include "util.h"
39 #include "signer/backup.h"
40 #include "signer/zone.h"
41 #include "wire/netio.h"
42 #include "compat.h"
43 
44 #include <ldns/ldns.h>
45 
46 static const char* zone_str = "zone";
47 
48 
53 zone_type*
54 zone_create(char* name, ldns_rr_class klass)
55 {
56  zone_type* zone = NULL;
57  int err;
58 
59  if (!name || !klass) {
60  return NULL;
61  }
62  CHECKALLOC(zone = (zone_type*) calloc(1, sizeof(zone_type)));
63  /* [start] PS 9218653: Drop trailing dot in domain name */
64  if (strlen(name) > 1 && name[strlen(name)-1] == '.') {
65  name[strlen(name)-1] = '\0';
66  }
67  /* [end] PS 9218653 */
68 
69  if (pthread_mutex_init(&zone->zone_lock, NULL)) {
70  free(zone);
71  return NULL;
72  }
73  if (pthread_mutex_init(&zone->xfr_lock, NULL)) {
74  (void)pthread_mutex_destroy(&zone->zone_lock);
75  free(zone);
76  return NULL;
77  }
78 
79  zone->name = strdup(name);
80  if (!zone->name) {
81  ods_log_error("[%s] unable to create zone %s: allocator_strdup() "
82  "failed", zone_str, name);
83  zone_cleanup(zone);
84  return NULL;
85  }
86  zone->klass = klass;
87  zone->default_ttl = 3600; /* TODO: configure --default-ttl option? */
88  zone->apex = ldns_dname_new_frm_str(name);
89  /* check zone->apex? */
90  zone->notify_command = NULL;
91  zone->notify_ns = NULL;
92  zone->notify_args = NULL;
93  zone->policy_name = NULL;
94  zone->signconf_filename = NULL;
95  zone->adinbound = NULL;
96  zone->adoutbound = NULL;
97  zone->zl_status = ZONE_ZL_OK;
98  zone->task = NULL;
99  zone->xfrd = NULL;
100  zone->notify = NULL;
101  zone->db = namedb_create((void*)zone);
102  if (!zone->db) {
103  ods_log_error("[%s] unable to create zone %s: namedb_create() "
104  "failed", zone_str, name);
105  zone_cleanup(zone);
106  return NULL;
107  }
108  zone->ixfr = ixfr_create((void*)zone);
109  if (!zone->ixfr) {
110  ods_log_error("[%s] unable to create zone %s: ixfr_create() "
111  "failed", zone_str, name);
112  zone_cleanup(zone);
113  return NULL;
114  }
115  zone->signconf = signconf_create();
116  if (!zone->signconf) {
117  ods_log_error("[%s] unable to create zone %s: signconf_create() "
118  "failed", zone_str, name);
119  zone_cleanup(zone);
120  return NULL;
121  }
122  zone->stats = stats_create();
123  zone->rrstore = rrset_store_initialize();
124  return zone;
125 }
126 
131 ods_status
133 {
134  ods_status status = ODS_STATUS_OK;
135  signconf_type* signconf = NULL;
136  char* datestamp = NULL;
137 
138  if (!zone || !zone->name || !zone->signconf) {
139  return ODS_STATUS_ASSERT_ERR;
140  }
141  if (!zone->signconf_filename) {
142  ods_log_warning("[%s] zone %s has no signconf filename, treat as "
143  "insecure?", zone_str, zone->name);
144  return ODS_STATUS_INSECURE;
145  }
146  status = signconf_update(&signconf, zone->signconf_filename,
147  zone->signconf->last_modified);
148  if (status == ODS_STATUS_OK) {
149  if (!signconf) {
150  /* this is unexpected */
151  ods_log_alert("[%s] unable to load signconf for zone %s: signconf "
152  "status ok but no signconf stored", zone_str, zone->name);
153  return ODS_STATUS_ASSERT_ERR;
154  }
155  (void)time_datestamp(signconf->last_modified, "%Y-%m-%d %T",
156  &datestamp);
157  ods_log_debug("[%s] zone %s signconf file %s is modified since %s",
158  zone_str, zone->name, zone->signconf_filename,
159  datestamp?datestamp:"Unknown");
160  free((void*)datestamp);
161  *new_signconf = signconf;
162  } else if (status == ODS_STATUS_UNCHANGED) {
163  /* OPENDNSSEC-686: changes happening within one second will not be
164  * seen
165  */
166  (void)time_datestamp(zone->signconf->last_modified,
167  "%Y-%m-%d %T", &datestamp);
168  ods_log_verbose("[%s] zone %s signconf file %s is unchanged since "
169  "%s", zone_str, zone->name, zone->signconf_filename,
170  datestamp?datestamp:"Unknown");
171  free((void*)datestamp);
172  } else {
173  ods_log_error("[%s] unable to load signconf for zone %s: signconf %s "
174  "%s", zone_str, zone->name, zone->signconf_filename,
175  ods_status2str(status));
176  }
177  return status;
178 }
179 
180 
185 ods_status
187 {
188  task_type* task = NULL;
189  ods_status status = ODS_STATUS_OK;
190 
191  ods_log_assert(taskq);
192  ods_log_assert(zone);
193  ods_log_assert(zone->name);
194  ods_log_assert(zone->task);
195  ods_log_debug("[%s] reschedule task for zone %s", zone_str, zone->name);
196  lock_basic_lock(&taskq->schedule_lock);
197  task = unschedule_task(taskq, zone->task);
198  if (task != NULL) {
199  if (task->what != what) {
200  task->halted = task->what;
201  task->halted_when = task->when;
202  task->interrupt = what;
203  }
205  if (task->what > what) {
206  task->what = what;
207  }
208  task->when = time_now();
209  status = schedule_task(taskq, task, 0);
210  } else {
211  /* task not queued, being worked on? */
212  ods_log_verbose("[%s] unable to reschedule task for zone %s now: "
213  "task is not queued (task will be rescheduled when it is put "
214  "back on the queue)", zone_str, zone->name);
215  task = zone->task;
216  task->interrupt = what;
217  /* task->halted(_when) set by worker */
218  }
219  lock_basic_unlock(&taskq->schedule_lock);
220  zone->task = task;
221  return status;
222 }
223 
224 
229 ods_status
231 {
232  hsm_ctx_t* ctx = NULL;
233  uint32_t ttl = 0;
234  unsigned int i;
235  ods_status status = ODS_STATUS_OK;
236  rrset_type* rrset = NULL;
237  rr_type* dnskey = NULL;
238 
239  if (!zone || !zone->db || !zone->signconf || !zone->signconf->keys) {
240  return ODS_STATUS_ASSERT_ERR;
241  }
242  ods_log_assert(zone->name);
243 
244  /* hsm access */
245  ctx = hsm_create_context();
246  if (ctx == NULL) {
247  ods_log_error("[%s] unable to publish keys for zone %s: "
248  "error creating libhsm context", zone_str, zone->name);
249  return ODS_STATUS_HSM_ERR;
250  }
251  ttl = zone->default_ttl;
252  /* dnskey ttl */
253  if (zone->signconf->dnskey_ttl) {
254  ttl = (uint32_t) duration2time(zone->signconf->dnskey_ttl);
255  }
256  /* publish keys */
257  for (i=0; i < zone->signconf->keys->count; i++) {
258  if (!zone->signconf->keys->keys[i].publish) {
259  continue;
260  }
261  if (!zone->signconf->keys->keys[i].dnskey) {
262  /* get dnskey */
263  if (zone->signconf->keys->keys[i].resourcerecord) {
264  if ((status = rrset_getliteralrr(&zone->signconf->keys->keys[i].dnskey, zone->signconf->keys->keys[i].resourcerecord, ttl, zone->apex)) != ODS_STATUS_OK) {
265  ods_log_error("[%s] unable to publish dnskeys for zone %s: "
266  "error decoding literal dnskey", zone_str, zone->name);
267  hsm_destroy_context(ctx);
268  return status;
269  }
270  } else {
271  status = lhsm_get_key(ctx, zone->apex,
272  &zone->signconf->keys->keys[i]);
273  if (status != ODS_STATUS_OK) {
274  ods_log_error("[%s] unable to publish dnskeys for zone %s: "
275  "error creating dnskey", zone_str, zone->name);
276  break;
277  }
278  }
279  }
280  ods_log_debug("[%s] publish %s DNSKEY locator %s", zone_str,
281  zone->name, zone->signconf->keys->keys[i].locator);
282  ods_log_assert(zone->signconf->keys->keys[i].dnskey);
283  ldns_rr_set_ttl(zone->signconf->keys->keys[i].dnskey, ttl);
284  ldns_rr_set_class(zone->signconf->keys->keys[i].dnskey, zone->klass);
285  status = zone_add_rr(zone, zone->signconf->keys->keys[i].dnskey, 0);
286  if (status == ODS_STATUS_UNCHANGED) {
287  /* rr already exists, adjust pointer */
288  rrset = zone_lookup_rrset(zone, zone->apex, LDNS_RR_TYPE_DNSKEY);
289  ods_log_assert(rrset);
290  dnskey = rrset_lookup_rr(rrset,
291  zone->signconf->keys->keys[i].dnskey);
292  ods_log_assert(dnskey);
293  if (dnskey->rr != zone->signconf->keys->keys[i].dnskey) {
294  ldns_rr_free(zone->signconf->keys->keys[i].dnskey);
295  }
296  zone->signconf->keys->keys[i].dnskey = dnskey->rr;
297  status = ODS_STATUS_OK;
298  } else if (status != ODS_STATUS_OK) {
299  ods_log_error("[%s] unable to publish dnskeys for zone %s: "
300  "error adding dnskey", zone_str, zone->name);
301  break;
302  }
303  }
304  /* done */
305  hsm_destroy_context(ctx);
306  return status;
307 }
308 
309 
314 void
316 {
317  uint16_t i = 0;
318  rrset_type* rrset = NULL;
319  rr_type* dnskey = NULL;
320  if (!zone || !zone->signconf || !zone->signconf->keys) {
321  return;
322  }
323  rrset = zone_lookup_rrset(zone, zone->apex, LDNS_RR_TYPE_DNSKEY);
324  /* unlink dnskey rrs */
325  for (i=0; i < zone->signconf->keys->count; i++) {
326  if (rrset && zone->signconf->keys->keys[i].dnskey) {
327  dnskey = rrset_lookup_rr(rrset,
328  zone->signconf->keys->keys[i].dnskey);
329  if (dnskey && !dnskey->exists &&
330  dnskey->rr == zone->signconf->keys->keys[i].dnskey) {
331  zone->signconf->keys->keys[i].dnskey = NULL;
332  }
333  }
334  }
335 }
336 
337 
342 ods_status
344 {
345  rrset_type* rrset = NULL;
346  rr_type* n3prr = NULL;
347  ldns_rr* rr = NULL;
348  ods_status status = ODS_STATUS_OK;
349 
350  if (!zone || !zone->name || !zone->db || !zone->signconf) {
351  return ODS_STATUS_ASSERT_ERR;
352  }
353  if (!zone->signconf->nsec3params) {
354  /* NSEC */
355  ods_log_assert(zone->signconf->nsec_type == LDNS_RR_TYPE_NSEC);
356  return ODS_STATUS_OK;
357  }
358 
359  if (!zone->signconf->nsec3params->rr) {
360  uint32_t paramttl =
361  (uint32_t) duration2time(zone->signconf->nsec3param_ttl);
362  rr = ldns_rr_new_frm_type(LDNS_RR_TYPE_NSEC3PARAMS);
363  if (!rr) {
364  ods_log_error("[%s] unable to publish nsec3params for zone %s: "
365  "error creating rr (%s)", zone_str, zone->name,
366  ods_status2str(status));
367  return ODS_STATUS_MALLOC_ERR;
368  }
369  ldns_rr_set_class(rr, zone->klass);
370  ldns_rr_set_ttl(rr, paramttl);
371  ldns_rr_set_owner(rr, ldns_rdf_clone(zone->apex));
372  ldns_nsec3_add_param_rdfs(rr,
373  zone->signconf->nsec3params->algorithm, 0,
375  zone->signconf->nsec3params->salt_len,
376  zone->signconf->nsec3params->salt_data);
381  ldns_set_bit(ldns_rdf_data(ldns_rr_rdf(rr, 1)), 7, 0);
382  zone->signconf->nsec3params->rr = rr;
383  }
384 
385  /* Delete all nsec3param rrs. */
386  (void) zone_del_nsec3params(zone);
387 
388  ods_log_assert(zone->signconf->nsec3params->rr);
389  status = zone_add_rr(zone, zone->signconf->nsec3params->rr, 0);
390  if (status == ODS_STATUS_UNCHANGED) {
391  /* rr already exists, adjust pointer */
392  rrset = zone_lookup_rrset(zone, zone->apex, LDNS_RR_TYPE_NSEC3PARAMS);
393  ods_log_assert(rrset);
394  n3prr = rrset_lookup_rr(rrset, zone->signconf->nsec3params->rr);
395  ods_log_assert(n3prr);
396  if (n3prr->rr != zone->signconf->nsec3params->rr) {
397  ldns_rr_free(zone->signconf->nsec3params->rr);
398  }
399  zone->signconf->nsec3params->rr = n3prr->rr;
400  status = ODS_STATUS_OK;
401  } else if (status != ODS_STATUS_OK) {
402  ods_log_error("[%s] unable to publish nsec3params for zone %s: "
403  "error adding nsec3params (%s)", zone_str,
404  zone->name, ods_status2str(status));
405  }
406  return status;
407 }
408 
409 
414 void
416 {
417  rrset_type* rrset = NULL;
418  rr_type* n3prr = NULL;
419 
420  if (!zone || !zone->signconf || !zone->signconf->nsec3params) {
421  return;
422  }
423  rrset = zone_lookup_rrset(zone, zone->apex, LDNS_RR_TYPE_NSEC3PARAMS);
424  if (rrset && zone->signconf->nsec3params->rr) {
425  n3prr = rrset_lookup_rr(rrset, zone->signconf->nsec3params->rr);
426  if (n3prr && !n3prr->exists &&
427  n3prr->rr == zone->signconf->nsec3params->rr) {
428  zone->signconf->nsec3params->rr = NULL;
429  }
430  }
431 }
432 
433 
438 ods_status
440 {
441  hsm_ctx_t* ctx = NULL;
442  uint16_t i = 0;
443  ods_status status = ODS_STATUS_OK;
444 
445  if (!zone || !zone->db || !zone->signconf || !zone->signconf->keys) {
446  return ODS_STATUS_ASSERT_ERR;
447  }
448  ods_log_assert(zone->name);
449  /* hsm access */
450  ctx = hsm_create_context();
451  if (ctx == NULL) {
452  ods_log_error("[%s] unable to prepare signing keys for zone %s: "
453  "error creating libhsm context", zone_str, zone->name);
454  return ODS_STATUS_HSM_ERR;
455  }
456  /* prepare keys */
457  for (i=0; i < zone->signconf->keys->count; i++) {
458  if(zone->signconf->dnskey_signature != NULL && zone->signconf->keys->keys[i].ksk)
459  continue;
460  /* get dnskey */
461  status = lhsm_get_key(ctx, zone->apex, &zone->signconf->keys->keys[i]);
462  if (status != ODS_STATUS_OK) {
463  ods_log_error("[%s] unable to prepare signing keys for zone %s: "
464  "error getting dnskey", zone_str, zone->name);
465  break;
466  }
467  ods_log_assert(zone->signconf->keys->keys[i].dnskey);
468  ods_log_assert(zone->signconf->keys->keys[i].params);
469  }
470  /* done */
471  hsm_destroy_context(ctx);
472  return status;
473 }
474 
475 
480 ods_status
482 {
483  ods_status status = ODS_STATUS_OK;
484  rrset_type* rrset = NULL;
485  rr_type* soa = NULL;
486  ldns_rr* rr = NULL;
487  ldns_rdf* soa_rdata = NULL;
488 
489  ods_log_assert(zone);
490  ods_log_assert(zone->apex);
491  ods_log_assert(zone->name);
492  ods_log_assert(zone->db);
493  ods_log_assert(zone->signconf);
494 
495  if (zone->db->serial_updated) {
496  /* already done, unmark and return ok */
497  ods_log_debug("[%s] zone %s soa serial already up to date",
498  zone_str, zone->name);
499  zone->db->serial_updated = 0;
500  return ODS_STATUS_OK;
501  }
502  rrset = zone_lookup_rrset(zone, zone->apex, LDNS_RR_TYPE_SOA);
503  if (!rrset || !rrset->rrs || !rrset->rrs[0].rr) {
504  ods_log_error("[%s] unable to update zone %s soa serial: failed to "
505  "find soa rrset", zone_str, zone->name);
506  return ODS_STATUS_ERR;
507  }
508  ods_log_assert(rrset);
509  ods_log_assert(rrset->rrs);
510  ods_log_assert(rrset->rrs[0].rr);
511  rr = ldns_rr_clone(rrset->rrs[0].rr);
512  if (!rr) {
513  ods_log_error("[%s] unable to update zone %s soa serial: failed to "
514  "clone soa rr", zone_str, zone->name);
515  return ODS_STATUS_ERR;
516  }
517  status = namedb_update_serial(zone->db, zone->name,
518  zone->signconf->soa_serial, zone->db->inbserial);
519  if (status != ODS_STATUS_OK) {
520  ods_log_error("[%s] unable to update zone %s soa serial: %s",
521  zone_str, zone->name, ods_status2str(status));
522  if (status == ODS_STATUS_CONFLICT_ERR) {
523  ods_log_error("[%s] If this is the result of a key rollover, "
524  "please increment the serial in the unsigned zone %s",
525  zone_str, zone->name);
526  }
527  ldns_rr_free(rr);
528  return status;
529  }
530  ods_log_verbose("[%s] zone %s set soa serial to %u", zone_str,
531  zone->name, zone->db->intserial);
532  soa_rdata = ldns_rr_set_rdf(rr,
533  ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32,
534  zone->db->intserial), SE_SOA_RDATA_SERIAL);
535  if (soa_rdata) {
536  ldns_rdf_deep_free(soa_rdata);
537  soa_rdata = NULL;
538  } else {
539  ods_log_error("[%s] unable to update zone %s soa serial: failed to "
540  "replace soa serial rdata", zone_str, zone->name);
541  ldns_rr_free(rr);
542  return ODS_STATUS_ERR;
543  }
544  soa = rrset_add_rr(rrset, rr);
545  ods_log_assert(soa);
546  rrset_diff(rrset, 0, 0);
547  zone->db->serial_updated = 0;
548  return ODS_STATUS_OK;
549 }
550 
551 
556 rrset_type*
557 zone_lookup_rrset(zone_type* zone, ldns_rdf* owner, ldns_rr_type type)
558 {
559  domain_type* domain = NULL;
560  if (!zone || !owner || !type) {
561  return NULL;
562  }
563  domain = namedb_lookup_domain(zone->db, owner);
564  if (!domain) {
565  return NULL;
566  }
567  return domain_lookup_rrset(domain, type);
568 }
569 
570 
575 ods_status
576 zone_add_rr(zone_type* zone, ldns_rr* rr, int do_stats)
577 {
578  domain_type* domain = NULL;
579  rrset_type* rrset = NULL;
580  rr_type* record = NULL;
581  ods_status status = ODS_STATUS_OK;
582  char* str = NULL;
583  int i;
584 
585  ods_log_assert(rr);
586  ods_log_assert(zone);
587  ods_log_assert(zone->name);
588  ods_log_assert(zone->db);
589  ods_log_assert(zone->signconf);
590  /* If we already have this RR, return ODS_STATUS_UNCHANGED */
591  domain = namedb_lookup_domain(zone->db, ldns_rr_owner(rr));
592  if (!domain) {
593  domain = namedb_add_domain(zone->db, ldns_rr_owner(rr));
594  if (!domain) {
595  ods_log_error("[%s] unable to add RR to zone %s: "
596  "failed to add domain", zone_str, zone->name);
597  return ODS_STATUS_ERR;
598  }
599  if (ldns_dname_compare(domain->dname, zone->apex) == 0) {
600  domain->is_apex = 1;
601  } else {
602  status = namedb_domain_entize(zone->db, domain, zone->apex);
603  if (status != ODS_STATUS_OK) {
604  ods_log_error("[%s] unable to add RR to zone %s: "
605  "failed to entize domain", zone_str, zone->name);
606  return ODS_STATUS_ERR;
607  }
608  }
609  }
610  rrset = domain_lookup_rrset(domain, ldns_rr_get_type(rr));
611  if (!rrset) {
612  rrset = rrset_create(domain->zone, ldns_rr_get_type(rr));
613  if (!rrset) {
614  ods_log_error("[%s] unable to add RR to zone %s: "
615  "failed to add RRset", zone_str, zone->name);
616  return ODS_STATUS_ERR;
617  }
618  domain_add_rrset(domain, rrset);
619  }
620  record = rrset_lookup_rr(rrset, rr);
621 
622  if (record && ldns_rr_ttl(rr) != ldns_rr_ttl(record->rr))
623  record = NULL;
624 
625  if (record) {
626  record->is_added = 1; /* already exists, just mark added */
627  record->is_removed = 0; /* unset is_removed */
628  return ODS_STATUS_UNCHANGED;
629  } else {
630  record = rrset_add_rr(rrset, rr);
631  ods_log_assert(record);
632  ods_log_assert(record->rr);
633  ods_log_assert(record->is_added);
634  if (ldns_rr_ttl(rr) != ldns_rr_ttl(rrset->rrs[0].rr)) {
635  str = ldns_rr2str(rr);
636  str[(strlen(str)) - 1] = '\0';
637  for (i = 0; i < strlen(str); i++) {
638  if (str[i] == '\t') {
639  str[i] = ' ';
640  }
641  }
642  ods_log_error("In zone file %s: TTL for the record '%s' set to %d", zone->name, str, ldns_rr_ttl(rrset->rrs[0].rr));
643  LDNS_FREE(str);
644  }
645  }
646  /* update stats */
647  if (do_stats && zone->stats) {
648  zone->stats->sort_count += 1;
649  }
650  return ODS_STATUS_OK;
651 }
652 
653 
658 ods_status
659 zone_del_rr(zone_type* zone, ldns_rr* rr, int do_stats)
660 {
661  domain_type* domain = NULL;
662  rrset_type* rrset = NULL;
663  rr_type* record = NULL;
664  ods_log_assert(rr);
665  ods_log_assert(zone);
666  ods_log_assert(zone->name);
667  ods_log_assert(zone->db);
668  ods_log_assert(zone->signconf);
669  domain = namedb_lookup_domain(zone->db, ldns_rr_owner(rr));
670  if (!domain) {
671  ods_log_warning("[%s] unable to delete RR from zone %s: "
672  "domain not found", zone_str, zone->name);
673  return ODS_STATUS_UNCHANGED;
674  }
675  rrset = domain_lookup_rrset(domain, ldns_rr_get_type(rr));
676  if (!rrset) {
677  ods_log_warning("[%s] unable to delete RR from zone %s: "
678  "RRset not found", zone_str, zone->name);
679  return ODS_STATUS_UNCHANGED;
680  }
681  record = rrset_lookup_rr(rrset, rr);
682  if (!record) {
683  ods_log_error("[%s] unable to delete RR from zone %s: "
684  "RR not found", zone_str, zone->name);
685  return ODS_STATUS_UNCHANGED;
686  }
687 
688  record->is_removed = 1;
689  record->is_added = 0; /* unset is_added */
690  /* update stats */
691  if (do_stats && zone->stats) {
692  zone->stats->sort_count -= 1;
693  }
694  return ODS_STATUS_OK;
695 }
696 
702 ods_status
704 {
705  domain_type* domain = NULL;
706  rrset_type* rrset = NULL;
707  int i;
708 
709  ods_log_assert(zone);
710  ods_log_assert(zone->name);
711  ods_log_assert(zone->db);
712 
713  domain = namedb_lookup_domain(zone->db, zone->apex);
714  if (!domain) {
715  ods_log_verbose("[%s] unable to delete RR from zone %s: "
716  "domain not found", zone_str, zone->name);
717  return ODS_STATUS_UNCHANGED;
718  }
719 
720  rrset = domain_lookup_rrset(domain, LDNS_RR_TYPE_NSEC3PARAMS);
721  if (!rrset) {
722  ods_log_verbose("[%s] NSEC3PARAM in zone %s not found: "
723  "skipping delete", zone_str, zone->name);
724  return ODS_STATUS_UNCHANGED;
725  }
726 
727  /* We don't actually delete the record as we still need the
728  * information in the IXFR. Just set it as removed. The code
729  * inserting the new record may flip this flag when the record
730  * hasn't changed. */
731  for (i=0; i < rrset->rr_count; i++) {
732  rrset->rrs[i].is_removed = 1;
733  }
734  return ODS_STATUS_OK;
735 }
736 
741 void
743 {
744  const char* str;
745  adapter_type* adtmp = NULL;
746 
747  if (!z1 || !z2) {
748  return;
749  }
750  /* policy name */
751  if (ods_strcmp(z2->policy_name, z1->policy_name) != 0) {
752  if (z2->policy_name) {
753  str = strdup(z2->policy_name);
754  if (!str) {
755  ods_log_error("[%s] failed to merge policy %s name to zone "
756  "%s", zone_str, z2->policy_name, z1->name);
757  } else {
758  free((void*)z1->policy_name);
759  z1->policy_name = str;
761  }
762  } else {
763  free((void*)z1->policy_name);
764  z1->policy_name = NULL;
766  }
767  }
768  /* signconf filename */
769  if (ods_strcmp(z2->signconf_filename, z1->signconf_filename) != 0) {
770  if (z2->signconf_filename) {
771  str = strdup(z2->signconf_filename);
772  if (!str) {
773  ods_log_error("[%s] failed to merge signconf filename %s to "
774  "zone %s", zone_str, z2->policy_name, z1->name);
775  } else {
776  free((void*)z1->signconf_filename);
777  z1->signconf_filename = str;
779  }
780  } else {
781  free((void*)z1->signconf_filename);
782  z1->signconf_filename = NULL;
784  }
785  }
786  /* adapters */
787  if (adapter_compare(z2->adinbound, z1->adinbound) != 0) {
788  adtmp = z2->adinbound;
789  z2->adinbound = z1->adinbound;
790  z1->adinbound = adtmp;
791  adtmp = NULL;
792  }
793  if (adapter_compare(z2->adoutbound, z1->adoutbound) != 0) {
794  adtmp = z2->adoutbound;
795  z2->adoutbound = z1->adoutbound;
796  z1->adoutbound = adtmp;
797  adtmp = NULL;
798  }
799 }
800 
801 
806 void
808 {
809  if (!zone) {
810  return;
811  }
812  ldns_rdf_deep_free(zone->apex);
813  adapter_cleanup(zone->adinbound);
815  namedb_cleanup(zone->db);
816  ixfr_cleanup(zone->ixfr);
817  xfrd_cleanup(zone->xfrd, 1);
818  notify_cleanup(zone->notify);
819  signconf_cleanup(zone->signconf);
820  stats_cleanup(zone->stats);
821  free(zone->notify_command);
822  free(zone->notify_args);
823  free((void*)zone->policy_name);
824  free((void*)zone->signconf_filename);
825  free((void*)zone->name);
826  collection_class_destroy(&zone->rrstore);
827  lock_basic_destroy(&zone->xfr_lock);
828  lock_basic_destroy(&zone->zone_lock);
829  free(zone);
830 }
831 
832 
837 ods_status
839 {
840  char* filename = NULL;
841  FILE* fd = NULL;
842  const char* token = NULL;
843  time_t when = 0;
844  task_type* task = NULL;
845  ods_status status = ODS_STATUS_OK;
846  /* zone part */
847  int klass = 0;
848  uint32_t inbound = 0, internal = 0, outbound = 0;
849  /* signconf part */
850  time_t lastmod = 0;
851  /* nsec3params part */
852  const char* salt = NULL;
853 
854  ods_log_assert(zone);
855  ods_log_assert(zone->name);
856  ods_log_assert(zone->signconf);
857  ods_log_assert(zone->db);
858 
859  filename = ods_build_path(zone->name, ".backup2", 0, 1);
860  if (!filename) {
861  return ODS_STATUS_MALLOC_ERR;
862  }
863  fd = ods_fopen(filename, NULL, "r");
864  if (fd) {
865  /* start recovery */
866  if (!backup_read_check_str(fd, ODS_SE_FILE_MAGIC_V3)) {
867  ods_log_error("[%s] corrupted backup file zone %s: read magic "
868  "error", zone_str, zone->name);
869  goto recover_error2;
870  }
871  if (!backup_read_check_str(fd, ";;Time:") |
872  !backup_read_time_t(fd, &when)) {
873  ods_log_error("[%s] corrupted backup file zone %s: read time "
874  "error", zone_str, zone->name);
875  goto recover_error2;
876  }
877  /* zone stuff */
878  if (!backup_read_check_str(fd, ";;Zone:") |
879  !backup_read_check_str(fd, "name") |
880  !backup_read_check_str(fd, zone->name)) {
881  ods_log_error("[%s] corrupted backup file zone %s: read name "
882  "error", zone_str, zone->name);
883  goto recover_error2;
884  }
885  if (!backup_read_check_str(fd, "class") |
886  !backup_read_int(fd, &klass)) {
887  ods_log_error("[%s] corrupted backup file zone %s: read class "
888  "error", zone_str, zone->name);
889  goto recover_error2;
890  }
891  if (!backup_read_check_str(fd, "inbound") |
892  !backup_read_uint32_t(fd, &inbound) |
893  !backup_read_check_str(fd, "internal") |
894  !backup_read_uint32_t(fd, &internal) |
895  !backup_read_check_str(fd, "outbound") |
896  !backup_read_uint32_t(fd, &outbound)) {
897  ods_log_error("[%s] corrupted backup file zone %s: read serial "
898  "error", zone_str, zone->name);
899  goto recover_error2;
900  }
901  zone->klass = (ldns_rr_class) klass;
902  zone->db->inbserial = inbound;
903  zone->db->intserial = internal;
904  zone->db->outserial = outbound;
905  /* signconf part */
906  if (!backup_read_check_str(fd, ";;Signconf:") |
907  !backup_read_check_str(fd, "lastmod") |
908  !backup_read_time_t(fd, &lastmod) |
909  !backup_read_check_str(fd, "maxzonettl") |
910  !backup_read_check_str(fd, "0") |
911  !backup_read_check_str(fd, "resign") |
913  !backup_read_check_str(fd, "refresh") |
915  !backup_read_check_str(fd, "valid") |
917  !backup_read_check_str(fd, "denial") |
919  !backup_read_check_str(fd, "keyset") |
921  !backup_read_check_str(fd, "jitter") |
923  !backup_read_check_str(fd, "offset") |
925  !backup_read_check_str(fd, "nsec") |
926  !backup_read_rr_type(fd, &zone->signconf->nsec_type) |
927  !backup_read_check_str(fd, "dnskeyttl") |
929  !backup_read_check_str(fd, "soattl") |
930  !backup_read_duration(fd, &zone->signconf->soa_ttl) |
931  !backup_read_check_str(fd, "soamin") |
932  !backup_read_duration(fd, &zone->signconf->soa_min) |
933  !backup_read_check_str(fd, "serial") |
934  !backup_read_str(fd, &zone->signconf->soa_serial)) {
935  ods_log_error("[%s] corrupted backup file zone %s: read signconf "
936  "error", zone_str, zone->name);
937  goto recover_error2;
938  }
939  /* nsec3params part */
940  if (zone->signconf->nsec_type == LDNS_RR_TYPE_NSEC3) {
941  if (!backup_read_check_str(fd, ";;Nsec3parameters:") |
942  !backup_read_check_str(fd, "salt") |
943  !backup_read_str(fd, &salt) |
944  !backup_read_check_str(fd, "algorithm") |
946  !backup_read_check_str(fd, "optout") |
947  !backup_read_int(fd, &zone->signconf->nsec3_optout) |
948  !backup_read_check_str(fd, "iterations") |
950  ods_log_error("[%s] corrupted backup file zone %s: read "
951  "nsec3parameters error", zone_str, zone->name);
952  goto recover_error2;
953  }
954  zone->signconf->nsec3_salt = strdup(salt);
955  free((void*) salt);
956  salt = NULL;
958  (void*) zone->signconf,
959  (uint8_t) zone->signconf->nsec3_algo,
960  (uint8_t) zone->signconf->nsec3_optout,
961  (uint16_t) zone->signconf->nsec3_iterations,
962  zone->signconf->nsec3_salt);
963  if (!zone->signconf->nsec3params) {
964  ods_log_error("[%s] corrupted backup file zone %s: unable to "
965  "create nsec3param", zone_str, zone->name);
966  goto recover_error2;
967  }
968  }
969  zone->signconf->last_modified = lastmod;
970  zone->default_ttl = (uint32_t) duration2time(zone->signconf->soa_min);
971  /* keys part */
972  zone->signconf->keys = keylist_create((void*) zone->signconf);
973  while (backup_read_str(fd, &token)) {
974  if (ods_strcmp(token, ";;Key:") == 0) {
975  if (!key_recover2(fd, zone->signconf->keys)) {
976  ods_log_error("[%s] corrupted backup file zone %s: read "
977  "key error", zone_str, zone->name);
978  goto recover_error2;
979  }
980  } else if (ods_strcmp(token, ";;") == 0) {
981  /* keylist done */
982  free((void*) token);
983  token = NULL;
984  break;
985  } else {
986  /* keylist corrupted */
987  goto recover_error2;
988  }
989  free((void*) token);
990  token = NULL;
991  }
992  /* publish dnskeys */
993  status = zone_publish_dnskeys(zone);
994  if (status != ODS_STATUS_OK) {
995  ods_log_error("[%s] corrupted backup file zone %s: unable to "
996  "publish dnskeys (%s)", zone_str, zone->name,
997  ods_status2str(status));
998  goto recover_error2;
999  }
1000  /* publish nsec3param */
1001  if (!zone->signconf->passthrough)
1002  status = zone_publish_nsec3param(zone);
1003  if (status != ODS_STATUS_OK) {
1004  ods_log_error("[%s] corrupted backup file zone %s: unable to "
1005  "publish nsec3param (%s)", zone_str, zone->name,
1006  ods_status2str(status));
1007  goto recover_error2;
1008  }
1009  /* publish other records */
1010  status = backup_read_namedb(fd, zone);
1011  if (status != ODS_STATUS_OK) {
1012  ods_log_error("[%s] corrupted backup file zone %s: unable to "
1013  "read resource records (%s)", zone_str, zone->name,
1014  ods_status2str(status));
1015  goto recover_error2;
1016  }
1017  /* task */
1018  task = task_create(TASK_SIGN, when, (void*) zone);
1019  if (!task) {
1020  ods_log_error("[%s] failed to restore zone %s: unable to "
1021  "create task", zone_str, zone->name);
1022  goto recover_error2;
1023  }
1024  zone->task = (void*) task;
1025  free((void*)filename);
1026  ods_fclose(fd);
1027  zone->db->is_initialized = 1;
1028  zone->db->have_serial = 1;
1029  /* journal */
1030  filename = ods_build_path(zone->name, ".ixfr", 0, 1);
1031  if (filename) {
1032  fd = ods_fopen(filename, NULL, "r");
1033  }
1034  if (fd) {
1035  status = backup_read_ixfr(fd, zone);
1036  if (status != ODS_STATUS_OK) {
1037  ods_log_warning("[%s] corrupted journal file zone %s, "
1038  "skipping (%s)", zone_str, zone->name,
1039  ods_status2str(status));
1040  (void)unlink(filename);
1041  ixfr_cleanup(zone->ixfr);
1042  zone->ixfr = ixfr_create((void*)zone);
1043  }
1044  }
1045  lock_basic_lock(&zone->ixfr->ixfr_lock);
1046  ixfr_purge(zone->ixfr);
1047  lock_basic_unlock(&zone->ixfr->ixfr_lock);
1048 
1049  /* all ok */
1050  free((void*)filename);
1051  if (fd) {
1052  ods_fclose(fd);
1053  }
1054  if (zone->stats) {
1055  lock_basic_lock(&zone->stats->stats_lock);
1056  stats_clear(zone->stats);
1057  lock_basic_unlock(&zone->stats->stats_lock);
1058  }
1059  return ODS_STATUS_OK;
1060  }
1061  free(filename);
1062  return ODS_STATUS_UNCHANGED;
1063 
1064 recover_error2:
1065  free((void*)filename);
1066  ods_fclose(fd);
1067  /* signconf cleanup */
1068  free((void*)salt);
1069  salt = NULL;
1070  signconf_cleanup(zone->signconf);
1071  zone->signconf = signconf_create();
1072  ods_log_assert(zone->signconf);
1073  /* namedb cleanup */
1074  namedb_cleanup(zone->db);
1075  zone->db = namedb_create((void*)zone);
1076  ods_log_assert(zone->db);
1077  /* stats reset */
1078  if (zone->stats) {
1079  lock_basic_lock(&zone->stats->stats_lock);
1080  stats_clear(zone->stats);
1081  lock_basic_unlock(&zone->stats->stats_lock);
1082  }
1083  return ODS_STATUS_ERR;
1084 }
1085 
1086 
1091 ods_status
1093 {
1094  char* filename = NULL;
1095  char* tmpfile = NULL;
1096  FILE* fd = NULL;
1097  task_type* task = NULL;
1098  int ret = 0;
1099  ods_status status = ODS_STATUS_OK;
1100 
1101  ods_log_assert(zone);
1102  ods_log_assert(zone->name);
1103  ods_log_assert(zone->db);
1104  ods_log_assert(zone->signconf);
1105  ods_log_assert(zone->task);
1106 
1107  tmpfile = ods_build_path(zone->name, ".backup2.tmp", 0, 1);
1108  filename = ods_build_path(zone->name, ".backup2", 0, 1);
1109  if (!tmpfile || !filename) {
1110  free(tmpfile);
1111  free(filename);
1112  return ODS_STATUS_MALLOC_ERR;
1113  }
1114  fd = ods_fopen(tmpfile, NULL, "w");
1115  if (fd) {
1116  fprintf(fd, "%s\n", ODS_SE_FILE_MAGIC_V3);
1117  task = zone->task;
1118  fprintf(fd, ";;Time: %u\n", (unsigned) task->when);
1120  fprintf(fd, ";;Zone: name %s class %i inbound %u internal %u "
1121  "outbound %u\n", zone->name, (int) zone->klass,
1122  (unsigned) zone->db->inbserial,
1123  (unsigned) zone->db->intserial,
1124  (unsigned) zone->db->outserial);
1126  signconf_backup(fd, zone->signconf, ODS_SE_FILE_MAGIC_V3);
1128  if (zone->signconf->nsec3params) {
1129  nsec3params_backup(fd,
1130  zone->signconf->nsec3_algo,
1131  zone->signconf->nsec3_optout,
1132  zone->signconf->nsec3_iterations,
1133  zone->signconf->nsec3_salt,
1134  zone->signconf->nsec3params->rr,
1135  ODS_SE_FILE_MAGIC_V3);
1136  }
1138  keylist_backup(fd, zone->signconf->keys, ODS_SE_FILE_MAGIC_V3);
1139  fprintf(fd, ";;\n");
1141  namedb_backup2(fd, zone->db);
1143  fprintf(fd, "%s\n", ODS_SE_FILE_MAGIC_V3);
1144  ods_fclose(fd);
1145  ret = rename(tmpfile, filename);
1146  if (ret != 0) {
1147  ods_log_error("[%s] unable to rename zone %s backup %s to %s: %s",
1148  zone_str, zone->name, tmpfile, filename, strerror(errno));
1149  status = ODS_STATUS_RENAME_ERR;
1150  }
1151  } else {
1152  status = ODS_STATUS_FOPEN_ERR;
1153  }
1154 
1155  free((void*) tmpfile);
1156  free((void*) filename);
1157  return status;
1158 }
signconf_type * signconf_create(void)
Definition: signconf.c:47
ods_status zone_del_nsec3params(zone_type *zone)
Definition: zone.c:703
void ixfr_cleanup(ixfr_type *ixfr)
Definition: ixfr.c:305
rr_type * rrset_lookup_rr(rrset_type *rrset, ldns_rr *rr)
Definition: rrset.c:235
uint32_t default_ttl
Definition: zone.h:61
int backup_read_str(FILE *in, const char **str)
Definition: backup.c:105
uint32_t nsec3_iterations
Definition: signconf.h:58
task_type * task
Definition: zone.h:83
uint32_t intserial
Definition: namedb.h:54
void zone_cleanup(zone_type *zone)
Definition: zone.c:807
duration_type * sig_inception_offset
Definition: signconf.h:52
int publish
Definition: keys.h:57
void signconf_backup(FILE *fd, signconf_type *sc, const char *version)
Definition: signconf.c:214
size_t rr_count
Definition: rrset.h:65
int adapter_compare(adapter_type *a1, adapter_type *a2)
Definition: adapter.c:212
void domain_add_rrset(domain_type *domain, rrset_type *rrset)
Definition: domain.c:160
rrset_type * domain_lookup_rrset(domain_type *domain, ldns_rr_type rrtype)
Definition: domain.c:141
time_t when
Definition: task.h:60
duration_type * soa_min
Definition: signconf.h:67
int backup_read_duration(FILE *in, duration_type **v)
Definition: backup.c:139
void zone_merge(zone_type *z1, zone_type *z2)
Definition: zone.c:742
stats_type * stats_create(void)
Definition: stats.c:40
ldns_rr * dnskey
Definition: keys.h:51
const char * nsec3_salt
Definition: signconf.h:59
ods_status rrset_getliteralrr(ldns_rr **dnskey, const char *resourcerecord, uint32_t ttl, ldns_rdf *apex)
Definition: rrset.c:768
const char * soa_serial
Definition: signconf.h:68
task_id interrupt
Definition: task.h:58
keylist_type * keys
Definition: signconf.h:64
duration_type * soa_ttl
Definition: signconf.h:66
duration_type * sig_validity_default
Definition: signconf.h:48
char * notify_command
Definition: zone.h:63
uint16_t iterations
Definition: nsec3params.h:51
void signconf_cleanup(signconf_type *sc)
Definition: signconf.c:470
void namedb_cleanup(namedb_type *db)
Definition: namedb.c:1130
ixfr_type * ixfr_create(zone_type *zone)
Definition: ixfr.c:93
int backup_read_rr_type(FILE *in, ldns_rr_type *v)
Definition: backup.c:160
duration_type * sig_validity_denial
Definition: signconf.h:49
duration_type * nsec3param_ttl
Definition: signconf.h:54
ods_status zone_recover2(zone_type *zone)
Definition: zone.c:838
ods_status schedule_task(schedule_type *schedule, task_type *task, int log)
Definition: schedule.c:140
int backup_read_time_t(FILE *in, time_t *v)
Definition: backup.c:122
lock_basic_type zone_lock
Definition: zone.h:86
collection_class rrset_store_initialize()
Definition: rrset.c:222
rr_type * rrset_add_rr(rrset_type *rrset, ldns_rr *rr)
Definition: rrset.c:285
uint32_t outserial
Definition: namedb.h:55
ods_status namedb_update_serial(namedb_type *db, const char *zone_name, const char *format, uint32_t inbound_serial)
Definition: namedb.c:194
zone_zl_status zl_status
Definition: zone.h:70
Definition: task.h:43
keylist_type * keylist_create(signconf_type *signconf)
Definition: keys.c:48
int backup_read_int(FILE *in, int *v)
Definition: backup.c:177
zone_type * zone_create(char *name, ldns_rr_class klass)
Definition: zone.c:54
ods_status backup_read_ixfr(FILE *in, void *zone)
Definition: backup.c:501
ldns_rr_type nsec_type
Definition: signconf.h:55
void namedb_backup2(FILE *fd, namedb_type *db)
Definition: namedb.c:1151
void notify_cleanup(notify_type *notify)
Definition: notify.c:572
void nsec3params_backup(FILE *fd, uint8_t algo, uint8_t flags, uint16_t iter, const char *salt, ldns_rr *rr, const char *version)
Definition: nsec3params.c:141
enum task_id_enum task_id
Definition: task.h:46
adapter_type * adoutbound
Definition: zone.h:73
nsec3params_type * nsec3params_create(void *sc, uint8_t algo, uint8_t flags, uint16_t iter, const char *salt)
Definition: nsec3params.c:103
unsigned exists
Definition: rrset.h:54
ods_status backup_read_namedb(FILE *in, void *zone)
Definition: backup.c:306
ods_status zone_publish_nsec3param(zone_type *zone)
Definition: zone.c:343
duration_type * sig_refresh_interval
Definition: signconf.h:47
uint8_t * salt_data
Definition: nsec3params.h:53
namedb_type * db
Definition: zone.h:77
unsigned is_removed
Definition: rrset.h:56
duration_type * sig_validity_keyset
Definition: signconf.h:50
ixfr_type * ixfr
Definition: zone.h:78
uint32_t inbserial
Definition: namedb.h:53
const char * locator
Definition: keys.h:53
time_t halted_when
Definition: task.h:61
ods_status lhsm_get_key(hsm_ctx_t *ctx, ldns_rdf *owner, key_type *key_id)
Definition: hsm.c:81
unsigned serial_updated
Definition: namedb.h:59
key_type * keys
Definition: keys.h:68
const char ** dnskey_signature
Definition: signconf.h:63
ods_status namedb_domain_entize(namedb_type *db, domain_type *domain, ldns_rdf *apex)
Definition: namedb.c:282
signconf_type * signconf
Definition: zone.h:75
ods_status zone_backup2(zone_type *zone)
Definition: zone.c:1092
ods_status zone_update_serial(zone_type *zone)
Definition: zone.c:481
adapter_type * adinbound
Definition: zone.h:72
task_id halted
Definition: task.h:59
ods_status zone_add_rr(zone_type *zone, ldns_rr *rr, int do_stats)
Definition: zone.c:576
void xfrd_cleanup(xfrd_type *xfrd, int backup)
Definition: xfrd.c:2159
domain_type * namedb_lookup_domain(namedb_type *db, ldns_rdf *dname)
Definition: namedb.c:339
unsigned is_apex
Definition: domain.h:59
char ** notify_args
Definition: zone.h:65
void stats_cleanup(stats_type *stats)
Definition: stats.c:106
task_type * unschedule_task(schedule_type *schedule, task_type *task)
Definition: schedule.c:185
const char * resourcerecord
Definition: keys.h:54
const char * signconf_filename
Definition: zone.h:69
void zone_rollback_dnskeys(zone_type *zone)
Definition: zone.c:315
ods_status zone_publish_dnskeys(zone_type *zone)
Definition: zone.c:230
ods_status zone_reschedule_task(zone_type *zone, schedule_type *taskq, task_id what)
Definition: zone.c:186
namedb_type * namedb_create(void *zone)
Definition: namedb.c:121
const char * notify_ns
Definition: zone.h:64
zone_type * zone
Definition: domain.h:53
ods_status zone_del_rr(zone_type *zone, ldns_rr *rr, int do_stats)
Definition: zone.c:659
void zone_rollback_nsec3param(zone_type *zone)
Definition: zone.c:415
ldns_rr * rr
Definition: rrset.h:52
time_t last_modified
Definition: signconf.h:72
ldns_rr_class klass
Definition: zone.h:60
collection_class rrstore
Definition: zone.h:89
rrset_type * zone_lookup_rrset(zone_type *zone, ldns_rdf *owner, ldns_rr_type type)
Definition: zone.c:557
uint32_t nsec3_algo
Definition: signconf.h:57
nsec3params_type * nsec3params
Definition: signconf.h:60
task_id what
Definition: task.h:57
size_t count
Definition: keys.h:69
uint32_t sort_count
Definition: stats.h:51
domain_type * namedb_add_domain(namedb_type *db, ldns_rdf *dname)
Definition: namedb.c:353
duration_type * dnskey_ttl
Definition: signconf.h:62
const char * name
Definition: zone.h:67
int ksk
Definition: keys.h:58
ods_status zone_prepare_keys(zone_type *zone)
Definition: zone.c:439
int backup_read_check_str(FILE *in, const char *str)
Definition: backup.c:77
duration_type * sig_jitter
Definition: signconf.h:51
hsm_sign_params_t * params
Definition: keys.h:52
duration_type * sig_resign_interval
Definition: signconf.h:46
void ixfr_purge(ixfr_type *ixfr)
Definition: ixfr.c:262
lock_basic_type schedule_lock
Definition: schedule.h:62
void rrset_diff(rrset_type *rrset, unsigned is_ixfr, unsigned more_coming)
Definition: rrset.c:352
notify_type * notify
Definition: zone.h:81
const char * policy_name
Definition: zone.h:68
ods_status zone_load_signconf(zone_type *zone, signconf_type **new_signconf)
Definition: zone.c:132
rrset_type * rrset_create(zone_type *zone, ldns_rr_type type)
Definition: rrset.c:198
void adapter_cleanup(adapter_type *adapter)
Definition: adapter.c:234
xfrd_type * xfrd
Definition: zone.h:80
unsigned is_added
Definition: rrset.h:55
key_type * key_recover2(FILE *fd, keylist_type *kl)
Definition: keys.c:220
void keylist_backup(FILE *fd, keylist_type *kl, const char *version)
Definition: keys.c:265
ldns_rdf * apex
Definition: zone.h:59
task_type * task_create(task_id what, time_t when, void *zone)
Definition: task.c:48
ods_status signconf_update(signconf_type **signconf, const char *scfile, time_t last_modified)
Definition: signconf.c:154
ldns_rdf * dname
Definition: domain.h:55
stats_type * stats
Definition: zone.h:85
int backup_read_uint32_t(FILE *in, uint32_t *v)
Definition: backup.c:211
rr_type * rrs
Definition: rrset.h:64
void stats_clear(stats_type *stats)
Definition: stats.c:54
int nsec3_optout
Definition: signconf.h:56
lock_basic_type xfr_lock
Definition: zone.h:87