rootns.c revision 1.1.1.2
1 /* $NetBSD: rootns.c,v 1.1.1.2 2019/01/09 16:48:21 christos Exp $ */ 2 3 /* 4 * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 5 * 6 * This Source Code Form is subject to the terms of the Mozilla Public 7 * License, v. 2.0. If a copy of the MPL was not distributed with this 8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. 9 * 10 * See the COPYRIGHT file distributed with this work for additional 11 * information regarding copyright ownership. 12 */ 13 14 15 /*! \file */ 16 17 #include <config.h> 18 19 #include <stdbool.h> 20 21 #include <isc/buffer.h> 22 #include <isc/string.h> /* Required for HP/UX (and others?) */ 23 #include <isc/util.h> 24 25 #include <dns/callbacks.h> 26 #include <dns/db.h> 27 #include <dns/dbiterator.h> 28 #include <dns/fixedname.h> 29 #include <dns/log.h> 30 #include <dns/master.h> 31 #include <dns/rdata.h> 32 #include <dns/rdata.h> 33 #include <dns/rdataset.h> 34 #include <dns/rdatasetiter.h> 35 #include <dns/rdatastruct.h> 36 #include <dns/rdatatype.h> 37 #include <dns/result.h> 38 #include <dns/rootns.h> 39 #include <dns/view.h> 40 41 static char root_ns[] = 42 ";\n" 43 "; Internet Root Nameservers\n" 44 ";\n" 45 "$TTL 518400\n" 46 ". 518400 IN NS A.ROOT-SERVERS.NET.\n" 47 ". 518400 IN NS B.ROOT-SERVERS.NET.\n" 48 ". 518400 IN NS C.ROOT-SERVERS.NET.\n" 49 ". 518400 IN NS D.ROOT-SERVERS.NET.\n" 50 ". 518400 IN NS E.ROOT-SERVERS.NET.\n" 51 ". 518400 IN NS F.ROOT-SERVERS.NET.\n" 52 ". 518400 IN NS G.ROOT-SERVERS.NET.\n" 53 ". 518400 IN NS H.ROOT-SERVERS.NET.\n" 54 ". 518400 IN NS I.ROOT-SERVERS.NET.\n" 55 ". 518400 IN NS J.ROOT-SERVERS.NET.\n" 56 ". 518400 IN NS K.ROOT-SERVERS.NET.\n" 57 ". 518400 IN NS L.ROOT-SERVERS.NET.\n" 58 ". 518400 IN NS M.ROOT-SERVERS.NET.\n" 59 "A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4\n" 60 "A.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:BA3E::2:30\n" 61 "B.ROOT-SERVERS.NET. 3600000 IN A 199.9.14.201\n" 62 "B.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:200::b\n" 63 "C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12\n" 64 "C.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:2::c\n" 65 "D.ROOT-SERVERS.NET. 3600000 IN A 199.7.91.13\n" 66 "D.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:2d::d\n" 67 "E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10\n" 68 "E.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:a8::e\n" 69 "F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241\n" 70 "F.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:2F::F\n" 71 "G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4\n" 72 "G.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:12::d0d\n" 73 "H.ROOT-SERVERS.NET. 3600000 IN A 198.97.190.53\n" 74 "H.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:1::53\n" 75 "I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17\n" 76 "I.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:7fe::53\n" 77 "J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30\n" 78 "J.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:C27::2:30\n" 79 "K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129\n" 80 "K.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:7FD::1\n" 81 "L.ROOT-SERVERS.NET. 3600000 IN A 199.7.83.42\n" 82 "L.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:9f::42\n" 83 "M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33\n" 84 "M.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:DC3::35\n"; 85 86 static isc_result_t 87 in_rootns(dns_rdataset_t *rootns, dns_name_t *name) { 88 isc_result_t result; 89 dns_rdata_t rdata = DNS_RDATA_INIT; 90 dns_rdata_ns_t ns; 91 92 if (!dns_rdataset_isassociated(rootns)) 93 return (ISC_R_NOTFOUND); 94 95 result = dns_rdataset_first(rootns); 96 while (result == ISC_R_SUCCESS) { 97 dns_rdataset_current(rootns, &rdata); 98 result = dns_rdata_tostruct(&rdata, &ns, NULL); 99 if (result != ISC_R_SUCCESS) 100 return (result); 101 if (dns_name_compare(name, &ns.name) == 0) 102 return (ISC_R_SUCCESS); 103 result = dns_rdataset_next(rootns); 104 dns_rdata_reset(&rdata); 105 } 106 if (result == ISC_R_NOMORE) 107 result = ISC_R_NOTFOUND; 108 return (result); 109 } 110 111 static isc_result_t 112 check_node(dns_rdataset_t *rootns, dns_name_t *name, 113 dns_rdatasetiter_t *rdsiter) { 114 isc_result_t result; 115 dns_rdataset_t rdataset; 116 117 dns_rdataset_init(&rdataset); 118 result = dns_rdatasetiter_first(rdsiter); 119 while (result == ISC_R_SUCCESS) { 120 dns_rdatasetiter_current(rdsiter, &rdataset); 121 switch (rdataset.type) { 122 case dns_rdatatype_a: 123 case dns_rdatatype_aaaa: 124 result = in_rootns(rootns, name); 125 if (result != ISC_R_SUCCESS) 126 goto cleanup; 127 break; 128 case dns_rdatatype_ns: 129 if (dns_name_compare(name, dns_rootname) == 0) 130 break; 131 /* FALLTHROUGH */ 132 default: 133 result = ISC_R_FAILURE; 134 goto cleanup; 135 } 136 dns_rdataset_disassociate(&rdataset); 137 result = dns_rdatasetiter_next(rdsiter); 138 } 139 if (result == ISC_R_NOMORE) 140 result = ISC_R_SUCCESS; 141 cleanup: 142 if (dns_rdataset_isassociated(&rdataset)) 143 dns_rdataset_disassociate(&rdataset); 144 return (result); 145 } 146 147 static isc_result_t 148 check_hints(dns_db_t *db) { 149 isc_result_t result; 150 dns_rdataset_t rootns; 151 dns_dbiterator_t *dbiter = NULL; 152 dns_dbnode_t *node = NULL; 153 isc_stdtime_t now; 154 dns_fixedname_t fixname; 155 dns_name_t *name; 156 dns_rdatasetiter_t *rdsiter = NULL; 157 158 isc_stdtime_get(&now); 159 160 name = dns_fixedname_initname(&fixname); 161 162 dns_rdataset_init(&rootns); 163 (void)dns_db_find(db, dns_rootname, NULL, dns_rdatatype_ns, 0, 164 now, NULL, name, &rootns, NULL); 165 result = dns_db_createiterator(db, 0, &dbiter); 166 if (result != ISC_R_SUCCESS) 167 goto cleanup; 168 result = dns_dbiterator_first(dbiter); 169 while (result == ISC_R_SUCCESS) { 170 result = dns_dbiterator_current(dbiter, &node, name); 171 if (result != ISC_R_SUCCESS) 172 goto cleanup; 173 result = dns_db_allrdatasets(db, node, NULL, now, &rdsiter); 174 if (result != ISC_R_SUCCESS) 175 goto cleanup; 176 result = check_node(&rootns, name, rdsiter); 177 if (result != ISC_R_SUCCESS) 178 goto cleanup; 179 dns_rdatasetiter_destroy(&rdsiter); 180 dns_db_detachnode(db, &node); 181 result = dns_dbiterator_next(dbiter); 182 } 183 if (result == ISC_R_NOMORE) 184 result = ISC_R_SUCCESS; 185 186 cleanup: 187 if (dns_rdataset_isassociated(&rootns)) 188 dns_rdataset_disassociate(&rootns); 189 if (rdsiter != NULL) 190 dns_rdatasetiter_destroy(&rdsiter); 191 if (node != NULL) 192 dns_db_detachnode(db, &node); 193 if (dbiter != NULL) 194 dns_dbiterator_destroy(&dbiter); 195 return (result); 196 } 197 198 isc_result_t 199 dns_rootns_create(isc_mem_t *mctx, dns_rdataclass_t rdclass, 200 const char *filename, dns_db_t **target) 201 { 202 isc_result_t result, eresult; 203 isc_buffer_t source; 204 unsigned int len; 205 dns_rdatacallbacks_t callbacks; 206 dns_db_t *db = NULL; 207 208 REQUIRE(target != NULL && *target == NULL); 209 210 result = dns_db_create(mctx, "rbt", dns_rootname, dns_dbtype_zone, 211 rdclass, 0, NULL, &db); 212 if (result != ISC_R_SUCCESS) 213 goto failure; 214 215 len = strlen(root_ns); 216 isc_buffer_init(&source, root_ns, len); 217 isc_buffer_add(&source, len); 218 219 dns_rdatacallbacks_init(&callbacks); 220 result = dns_db_beginload(db, &callbacks); 221 if (result != ISC_R_SUCCESS) 222 goto failure; 223 if (filename != NULL) { 224 /* 225 * Load the hints from the specified filename. 226 */ 227 result = dns_master_loadfile(filename, &db->origin, 228 &db->origin, db->rdclass, 229 DNS_MASTER_HINT, 0, &callbacks, 230 NULL, NULL, db->mctx, 231 dns_masterformat_text, 0); 232 } else if (rdclass == dns_rdataclass_in) { 233 /* 234 * Default to using the Internet root servers. 235 */ 236 result = dns_master_loadbuffer(&source, &db->origin, 237 &db->origin, db->rdclass, 238 DNS_MASTER_HINT, 239 &callbacks, db->mctx); 240 } else 241 result = ISC_R_NOTFOUND; 242 eresult = dns_db_endload(db, &callbacks); 243 if (result == ISC_R_SUCCESS || result == DNS_R_SEENINCLUDE) 244 result = eresult; 245 if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE) 246 goto failure; 247 if (check_hints(db) != ISC_R_SUCCESS) 248 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, 249 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING, 250 "extra data in root hints '%s'", 251 (filename != NULL) ? filename : "<BUILT-IN>"); 252 *target = db; 253 return (ISC_R_SUCCESS); 254 255 failure: 256 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_HINTS, 257 ISC_LOG_ERROR, "could not configure root hints from " 258 "'%s': %s", (filename != NULL) ? filename : "<BUILT-IN>", 259 isc_result_totext(result)); 260 261 if (db != NULL) 262 dns_db_detach(&db); 263 264 return (result); 265 } 266 267 static void 268 report(dns_view_t *view, dns_name_t *name, bool missing, 269 dns_rdata_t *rdata) 270 { 271 const char *viewname = "", *sep = ""; 272 char namebuf[DNS_NAME_FORMATSIZE]; 273 char typebuf[DNS_RDATATYPE_FORMATSIZE]; 274 char databuf[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:123.123.123.123")]; 275 isc_buffer_t buffer; 276 isc_result_t result; 277 278 if (strcmp(view->name, "_bind") != 0 && 279 strcmp(view->name, "_default") != 0) { 280 viewname = view->name; 281 sep = ": view "; 282 } 283 284 dns_name_format(name, namebuf, sizeof(namebuf)); 285 dns_rdatatype_format(rdata->type, typebuf, sizeof(typebuf)); 286 isc_buffer_init(&buffer, databuf, sizeof(databuf) - 1); 287 result = dns_rdata_totext(rdata, NULL, &buffer); 288 RUNTIME_CHECK(result == ISC_R_SUCCESS); 289 databuf[isc_buffer_usedlength(&buffer)] = '\0'; 290 291 if (missing) 292 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, 293 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING, 294 "checkhints%s%s: %s/%s (%s) missing from hints", 295 sep, viewname, namebuf, typebuf, databuf); 296 else 297 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, 298 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING, 299 "checkhints%s%s: %s/%s (%s) extra record " 300 "in hints", sep, viewname, namebuf, typebuf, 301 databuf); 302 } 303 304 static bool 305 inrrset(dns_rdataset_t *rrset, dns_rdata_t *rdata) { 306 isc_result_t result; 307 dns_rdata_t current = DNS_RDATA_INIT; 308 309 result = dns_rdataset_first(rrset); 310 while (result == ISC_R_SUCCESS) { 311 dns_rdataset_current(rrset, ¤t); 312 if (dns_rdata_compare(rdata, ¤t) == 0) 313 return (true); 314 dns_rdata_reset(¤t); 315 result = dns_rdataset_next(rrset); 316 } 317 return (false); 318 } 319 320 /* 321 * Check that the address RRsets match. 322 * 323 * Note we don't complain about missing glue records. 324 */ 325 326 static void 327 check_address_records(dns_view_t *view, dns_db_t *hints, dns_db_t *db, 328 dns_name_t *name, isc_stdtime_t now) 329 { 330 isc_result_t hresult, rresult, result; 331 dns_rdataset_t hintrrset, rootrrset; 332 dns_rdata_t rdata = DNS_RDATA_INIT; 333 dns_name_t *foundname; 334 dns_fixedname_t fixed; 335 336 dns_rdataset_init(&hintrrset); 337 dns_rdataset_init(&rootrrset); 338 foundname = dns_fixedname_initname(&fixed); 339 340 hresult = dns_db_find(hints, name, NULL, dns_rdatatype_a, 0, 341 now, NULL, foundname, &hintrrset, NULL); 342 rresult = dns_db_find(db, name, NULL, dns_rdatatype_a, 343 DNS_DBFIND_GLUEOK, now, NULL, foundname, 344 &rootrrset, NULL); 345 if (hresult == ISC_R_SUCCESS && 346 (rresult == ISC_R_SUCCESS || rresult == DNS_R_GLUE)) { 347 result = dns_rdataset_first(&rootrrset); 348 while (result == ISC_R_SUCCESS) { 349 dns_rdata_reset(&rdata); 350 dns_rdataset_current(&rootrrset, &rdata); 351 if (!inrrset(&hintrrset, &rdata)) 352 report(view, name, true, &rdata); 353 result = dns_rdataset_next(&rootrrset); 354 } 355 result = dns_rdataset_first(&hintrrset); 356 while (result == ISC_R_SUCCESS) { 357 dns_rdata_reset(&rdata); 358 dns_rdataset_current(&hintrrset, &rdata); 359 if (!inrrset(&rootrrset, &rdata)) 360 report(view, name, false, &rdata); 361 result = dns_rdataset_next(&hintrrset); 362 } 363 } 364 if (hresult == ISC_R_NOTFOUND && 365 (rresult == ISC_R_SUCCESS || rresult == DNS_R_GLUE)) { 366 result = dns_rdataset_first(&rootrrset); 367 while (result == ISC_R_SUCCESS) { 368 dns_rdata_reset(&rdata); 369 dns_rdataset_current(&rootrrset, &rdata); 370 report(view, name, true, &rdata); 371 result = dns_rdataset_next(&rootrrset); 372 } 373 } 374 if (dns_rdataset_isassociated(&rootrrset)) 375 dns_rdataset_disassociate(&rootrrset); 376 if (dns_rdataset_isassociated(&hintrrset)) 377 dns_rdataset_disassociate(&hintrrset); 378 379 /* 380 * Check AAAA records. 381 */ 382 hresult = dns_db_find(hints, name, NULL, dns_rdatatype_aaaa, 0, 383 now, NULL, foundname, &hintrrset, NULL); 384 rresult = dns_db_find(db, name, NULL, dns_rdatatype_aaaa, 385 DNS_DBFIND_GLUEOK, now, NULL, foundname, 386 &rootrrset, NULL); 387 if (hresult == ISC_R_SUCCESS && 388 (rresult == ISC_R_SUCCESS || rresult == DNS_R_GLUE)) { 389 result = dns_rdataset_first(&rootrrset); 390 while (result == ISC_R_SUCCESS) { 391 dns_rdata_reset(&rdata); 392 dns_rdataset_current(&rootrrset, &rdata); 393 if (!inrrset(&hintrrset, &rdata)) 394 report(view, name, true, &rdata); 395 dns_rdata_reset(&rdata); 396 result = dns_rdataset_next(&rootrrset); 397 } 398 result = dns_rdataset_first(&hintrrset); 399 while (result == ISC_R_SUCCESS) { 400 dns_rdata_reset(&rdata); 401 dns_rdataset_current(&hintrrset, &rdata); 402 if (!inrrset(&rootrrset, &rdata)) 403 report(view, name, false, &rdata); 404 dns_rdata_reset(&rdata); 405 result = dns_rdataset_next(&hintrrset); 406 } 407 } 408 if (hresult == ISC_R_NOTFOUND && 409 (rresult == ISC_R_SUCCESS || rresult == DNS_R_GLUE)) { 410 result = dns_rdataset_first(&rootrrset); 411 while (result == ISC_R_SUCCESS) { 412 dns_rdata_reset(&rdata); 413 dns_rdataset_current(&rootrrset, &rdata); 414 report(view, name, true, &rdata); 415 dns_rdata_reset(&rdata); 416 result = dns_rdataset_next(&rootrrset); 417 } 418 } 419 if (dns_rdataset_isassociated(&rootrrset)) 420 dns_rdataset_disassociate(&rootrrset); 421 if (dns_rdataset_isassociated(&hintrrset)) 422 dns_rdataset_disassociate(&hintrrset); 423 } 424 425 void 426 dns_root_checkhints(dns_view_t *view, dns_db_t *hints, dns_db_t *db) { 427 isc_result_t result; 428 dns_rdata_t rdata = DNS_RDATA_INIT; 429 dns_rdata_ns_t ns; 430 dns_rdataset_t hintns, rootns; 431 const char *viewname = "", *sep = ""; 432 isc_stdtime_t now; 433 dns_name_t *name; 434 dns_fixedname_t fixed; 435 436 REQUIRE(hints != NULL); 437 REQUIRE(db != NULL); 438 REQUIRE(view != NULL); 439 440 isc_stdtime_get(&now); 441 442 if (strcmp(view->name, "_bind") != 0 && 443 strcmp(view->name, "_default") != 0) { 444 viewname = view->name; 445 sep = ": view "; 446 } 447 448 dns_rdataset_init(&hintns); 449 dns_rdataset_init(&rootns); 450 name = dns_fixedname_initname(&fixed); 451 452 result = dns_db_find(hints, dns_rootname, NULL, dns_rdatatype_ns, 0, 453 now, NULL, name, &hintns, NULL); 454 if (result != ISC_R_SUCCESS) { 455 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, 456 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING, 457 "checkhints%s%s: unable to get root NS rrset " 458 "from hints: %s", sep, viewname, 459 dns_result_totext(result)); 460 goto cleanup; 461 } 462 463 result = dns_db_find(db, dns_rootname, NULL, dns_rdatatype_ns, 0, 464 now, NULL, name, &rootns, NULL); 465 if (result != ISC_R_SUCCESS) { 466 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, 467 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING, 468 "checkhints%s%s: unable to get root NS rrset " 469 "from cache: %s", sep, viewname, 470 dns_result_totext(result)); 471 goto cleanup; 472 } 473 474 /* 475 * Look for missing root NS names. 476 */ 477 result = dns_rdataset_first(&rootns); 478 while (result == ISC_R_SUCCESS) { 479 dns_rdataset_current(&rootns, &rdata); 480 result = dns_rdata_tostruct(&rdata, &ns, NULL); 481 RUNTIME_CHECK(result == ISC_R_SUCCESS); 482 result = in_rootns(&hintns, &ns.name); 483 if (result != ISC_R_SUCCESS) { 484 char namebuf[DNS_NAME_FORMATSIZE]; 485 /* missing from hints */ 486 dns_name_format(&ns.name, namebuf, sizeof(namebuf)); 487 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, 488 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING, 489 "checkhints%s%s: unable to find root " 490 "NS '%s' in hints", sep, viewname, 491 namebuf); 492 } else 493 check_address_records(view, hints, db, &ns.name, now); 494 dns_rdata_reset(&rdata); 495 result = dns_rdataset_next(&rootns); 496 } 497 if (result != ISC_R_NOMORE) { 498 goto cleanup; 499 } 500 501 /* 502 * Look for extra root NS names. 503 */ 504 result = dns_rdataset_first(&hintns); 505 while (result == ISC_R_SUCCESS) { 506 dns_rdataset_current(&hintns, &rdata); 507 result = dns_rdata_tostruct(&rdata, &ns, NULL); 508 RUNTIME_CHECK(result == ISC_R_SUCCESS); 509 result = in_rootns(&rootns, &ns.name); 510 if (result != ISC_R_SUCCESS) { 511 char namebuf[DNS_NAME_FORMATSIZE]; 512 /* extra entry in hints */ 513 dns_name_format(&ns.name, namebuf, sizeof(namebuf)); 514 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, 515 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING, 516 "checkhints%s%s: extra NS '%s' in hints", 517 sep, viewname, namebuf); 518 } 519 dns_rdata_reset(&rdata); 520 result = dns_rdataset_next(&hintns); 521 } 522 if (result != ISC_R_NOMORE) { 523 goto cleanup; 524 } 525 526 cleanup: 527 if (dns_rdataset_isassociated(&rootns)) 528 dns_rdataset_disassociate(&rootns); 529 if (dns_rdataset_isassociated(&hintns)) 530 dns_rdataset_disassociate(&hintns); 531 } 532
Indexes created Mon Mar 02 05:31:46 UTC 2026