Commit 2855e277 authored by Evan Hunt's avatar Evan Hunt
Browse files

3271. [func] New "rndc zonestatus" command prints information

			about the specified zone. [RT #21671]
parent 477327ab
3271. [func] New "rndc zonestatus" command prints information
about the specified zone. [RT #21671]
--- 9.9.0rc2 released ---
3270. [bug] "rndc reload" didn't reuse existing zones correctly
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: control.c,v 1.47 2011/11/03 23:05:30 each Exp $ */
/* $Id: control.c,v 1.48 2012/01/31 03:35:39 each Exp $ */
/*! \file */
......@@ -207,6 +207,8 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
result = ns_server_del_zone(ns_g_server, command);
} else if (command_compare(command, NS_COMMAND_SIGNING)) {
result = ns_server_signing(ns_g_server, command, text);
} else if (command_compare(command, NS_COMMAND_ZONESTATUS)) {
result = ns_server_zonestatus(ns_g_server, command, text);
} else {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_CONTROL, ISC_LOG_WARNING,
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: control.h,v 1.36 2011/10/28 06:20:04 each Exp $ */
/* $Id: control.h,v 1.37 2012/01/31 03:35:39 each Exp $ */
#ifndef NAMED_CONTROL_H
#define NAMED_CONTROL_H 1
......@@ -65,6 +65,7 @@
#define NS_COMMAND_DELZONE "delzone"
#define NS_COMMAND_SYNC "sync"
#define NS_COMMAND_SIGNING "signing"
#define NS_COMMAND_ZONESTATUS "zonestatus"
isc_result_t
ns_controls_create(ns_server_t *server, ns_controls_t **ctrlsp);
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: server.h,v 1.116 2011/11/03 23:05:30 each Exp $ */
/* $Id: server.h,v 1.117 2012/01/31 03:35:39 each Exp $ */
#ifndef NAMED_SERVER_H
#define NAMED_SERVER_H 1
......@@ -348,4 +348,11 @@ ns_server_del_zone(ns_server_t *server, char *args);
*/
isc_result_t
ns_server_signing(ns_server_t *server, char *args, isc_buffer_t *text);
/*%
* Lists status information for a given zone (e.g., name, type, files,
* load time, expiry, etc).
*/
isc_result_t
ns_server_zonestatus(ns_server_t *server, char *args, isc_buffer_t *text);
#endif /* NAMED_SERVER_H */
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: server.c,v 1.639 2012/01/31 01:13:09 each Exp $ */
/* $Id: server.c,v 1.640 2012/01/31 03:35:39 each Exp $ */
/*! \file */
......@@ -8026,3 +8026,251 @@ ns_server_signing(ns_server_t *server, char *args, isc_buffer_t *text) {
return (result);
}
isc_result_t
ns_server_zonestatus(ns_server_t *server, char *args, isc_buffer_t *text) {
isc_result_t result = ISC_R_SUCCESS;
dns_zone_t *zone = NULL, *raw = NULL;
const char *type, *file, *zonename = NULL;
isc_uint32_t serial, signed_serial, nodes;
char serbuf[16], sserbuf[16], nodebuf[16], resignbuf[512];
char lbuf[80], xbuf[80], rbuf[80], kbuf[80], rtbuf[80];
isc_time_t loadtime, expiretime, refreshtime;
isc_time_t refreshkeytime, resigntime;
dns_zonetype_t zonetype;
isc_boolean_t dynamic = ISC_FALSE, frozen = ISC_FALSE;
isc_boolean_t hasraw = ISC_FALSE;
isc_boolean_t secure, maintain, allow;
dns_db_t *db = NULL, *rawdb = NULL;
char **incfiles = NULL;
int nfiles = 0;
isc_time_settoepoch(&loadtime);
isc_time_settoepoch(&refreshtime);
isc_time_settoepoch(&expiretime);
isc_time_settoepoch(&refreshkeytime);
isc_time_settoepoch(&resigntime);
CHECK(zone_from_args(server, args, &zone, &zonename, ISC_TRUE));
if (result != ISC_R_SUCCESS)
return (result);
if (zone == NULL) {
result = ISC_R_UNEXPECTEDEND;
goto cleanup;
}
zonetype = dns_zone_gettype(zone);
switch (zonetype) {
case dns_zone_master:
type = "master";
break;
case dns_zone_slave:
type = "slave";
break;
case dns_zone_stub:
type = "stub";
break;
case dns_zone_staticstub:
type = "staticstub";
break;
case dns_zone_redirect:
type = "redirect";
break;
case dns_zone_key:
type = "key";
break;
case dns_zone_dlz:
type = "dlz";
break;
default:
type = "unknown";
}
/* Inline signing? */
CHECK(dns_zone_getdb(zone, &db));
dns_zone_getraw(zone, &raw);
hasraw = ISC_TF(raw != NULL);
if (hasraw)
CHECK(dns_zone_getdb(raw, &rawdb));
/* Serial number */
serial = dns_zone_getserial(hasraw ? raw : zone);
snprintf(serbuf, sizeof(serbuf), "%d", serial);
if (hasraw) {
signed_serial = dns_zone_getserial(zone);
snprintf(sserbuf, sizeof(sserbuf), "%d", signed_serial);
}
/* Database node count */
nodes = dns_db_nodecount(hasraw ? rawdb : db);
snprintf(nodebuf, sizeof(nodebuf), "%d", nodes);
/* Security */
secure = dns_db_issecure(db);
allow = ISC_TF((dns_zone_getkeyopts(zone) & DNS_ZONEKEY_ALLOW) != 0);
maintain = ISC_TF((dns_zone_getkeyopts(zone) &
DNS_ZONEKEY_MAINTAIN) != 0);
/* Master files */
file = dns_zone_getfile(hasraw ? raw : zone);
nfiles = dns_zone_getincludes(hasraw ? raw : zone, &incfiles);
/* Load time */
dns_zone_getloadtime(zone, &loadtime);
isc_time_formathttptimestamp(&loadtime, lbuf, sizeof(lbuf));
/* Refresh/expire times */
if (zonetype == dns_zone_slave ||
zonetype == dns_zone_stub ||
zonetype == dns_zone_redirect)
{
dns_zone_getexpiretime(zone, &expiretime);
isc_time_formathttptimestamp(&expiretime, xbuf, sizeof(xbuf));
dns_zone_getrefreshtime(zone, &refreshtime);
isc_time_formathttptimestamp(&refreshtime, rbuf, sizeof(rbuf));
}
/* Key refresh time */
if (zonetype == dns_zone_master ||
(zonetype == dns_zone_slave && hasraw))
{
dns_zone_getrefreshkeytime(zone, &refreshkeytime);
isc_time_formathttptimestamp(&refreshkeytime, kbuf,
sizeof(kbuf));
}
/* Dynamic? */
if (zonetype == dns_zone_master) {
dynamic = dns_zone_isdynamic(hasraw ? raw : zone, ISC_TRUE);
frozen = dynamic && !dns_zone_isdynamic(hasraw ? raw : zone,
ISC_FALSE);
}
/* Next resign event */
if (secure && (zonetype == dns_zone_master ||
(zonetype == dns_zone_slave && hasraw)) &&
((dns_zone_getkeyopts(zone) & DNS_ZONEKEY_NORESIGN) == 0))
{
dns_name_t *name;
dns_fixedname_t fixed;
dns_rdataset_t next;
dns_db_t *signingdb;
dns_rdataset_init(&next);
dns_fixedname_init(&fixed);
name = dns_fixedname_name(&fixed);
signingdb = hasraw ? rawdb : db;
result = dns_db_getsigningtime(signingdb, &next, name);
if (result == ISC_R_SUCCESS) {
isc_stdtime_t timenow;
char namebuf[DNS_NAME_FORMATSIZE];
char typebuf[DNS_RDATATYPE_FORMATSIZE];
isc_stdtime_get(&timenow);
dns_name_format(name, namebuf, sizeof(namebuf));
dns_rdatatype_format(next.covers,
typebuf, sizeof(typebuf));
snprintf(resignbuf, sizeof(resignbuf),
"%s/%s", namebuf, typebuf);
isc_time_set(&resigntime, next.resign, 0);
isc_time_formathttptimestamp(&resigntime, rtbuf,
sizeof(rtbuf));
dns_rdataset_disassociate(&next);
}
}
/* Create text */
isc_buffer_putstr(text, "name: ");
isc_buffer_putstr(text, zonename);
isc_buffer_putstr(text, "\ntype: ");
isc_buffer_putstr(text, type);
if (file != NULL) {
int i;
isc_buffer_putstr(text, "\nfiles: ");
isc_buffer_putstr(text, dns_zone_getfile(zone));
for (i = 0; i < nfiles; i++) {
isc_buffer_putstr(text, ", ");
isc_buffer_putstr(text, incfiles[i]);
}
}
isc_buffer_putstr(text, "\nserial: ");
isc_buffer_putstr(text, serbuf);
if (hasraw) {
isc_buffer_putstr(text, "\nsigned serial: ");
isc_buffer_putstr(text, sserbuf);
}
isc_buffer_putstr(text, "\nnodes: ");
isc_buffer_putstr(text, nodebuf);
if (! isc_time_isepoch(&loadtime)) {
isc_buffer_putstr(text, "\nlast loaded: ");
isc_buffer_putstr(text, lbuf);
}
if (! isc_time_isepoch(&refreshtime)) {
isc_buffer_putstr(text, "\nnext refresh: ");
isc_buffer_putstr(text, rbuf);
}
if (! isc_time_isepoch(&expiretime)) {
isc_buffer_putstr(text, "\nexpires: ");
isc_buffer_putstr(text, lbuf);
}
if (secure) {
isc_buffer_putstr(text, "\nsecure: yes");
if (hasraw)
isc_buffer_putstr(text, "\ninline signing: yes");
else
isc_buffer_putstr(text, "\ninline signing: no");
} else
isc_buffer_putstr(text, "\nsecure: no");
if (maintain) {
isc_buffer_putstr(text, "\nkey maintenance: automatic");
if (! isc_time_isepoch(&refreshkeytime)) {
isc_buffer_putstr(text, "\nnext key event: ");
isc_buffer_putstr(text, kbuf);
}
} else if (allow)
isc_buffer_putstr(text, "\nkey maintenance: on command");
else if (secure || hasraw)
isc_buffer_putstr(text, "\nkey maintenance: none");
if (!isc_time_isepoch(&resigntime)) {
isc_buffer_putstr(text, "\nnext resign node: ");
isc_buffer_putstr(text, resignbuf);
isc_buffer_putstr(text, "\nnext resign time: ");
isc_buffer_putstr(text, rtbuf);
}
if (dynamic) {
isc_buffer_putstr(text, "\ndynamic: yes");
if (frozen)
isc_buffer_putstr(text, "\nfrozen: yes");
else
isc_buffer_putstr(text, "\nfrozen: no");
} else
isc_buffer_putstr(text, "\ndynamic: no");
isc_buffer_putuint8(text, 0);
cleanup:
if (db != NULL)
dns_db_detach(&db);
if (hasraw) {
dns_db_detach(&rawdb);
dns_zone_detach(&raw);
}
if (incfiles != NULL)
isc_mem_free(server->mctx, incfiles);
if (zone != NULL)
dns_zone_detach(&zone);
return (result);
}
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: rndc.c,v 1.139 2011/11/29 00:49:26 marka Exp $ */
/* $Id: rndc.c,v 1.140 2012/01/31 03:35:39 each Exp $ */
/*! \file */
......@@ -126,6 +126,8 @@ command is one of the following:\n\
Update zone keys, and sign as needed.\n\
loadkeys zone [class [view]]\n\
Update keys without signing immediately.\n\
zonestatus zone [class [view]]\n\
Display the current status of a zone.\n\
stats Write server statistics to the statistics file.\n\
querylog newstate\n\
Enable / disable query logging.\n\
......
......@@ -14,7 +14,10 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: clean.sh,v 1.6 2007/09/26 03:22:44 marka Exp $
# $Id: clean.sh,v 1.7 2012/01/31 03:35:39 each Exp $
rm -f *.out
rm -f */named.memstats
rm -f */*.db */*.db.signed */K*.key */K*.private */*.jnl */dsset-*
rm -f rndc.out.*
rm -f random.data
/*
* Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named.conf,v 1.2 2012/01/31 03:35:40 each Exp $ */
// NS1
controls { /* empty */ };
options {
query-source address 10.53.0.1;
notify-source 10.53.0.1;
transfer-source 10.53.0.1;
port 5300;
pid-file "named.pid";
listen-on { 10.53.0.1; };
listen-on-v6 { none; };
recursion no;
notify yes;
dnssec-enable yes;
dnssec-validation yes;
};
key rndc_key {
secret "1234abcd8765";
algorithm hmac-md5;
};
controls {
inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; };
};
zone "master.example" {
type master;
file "master.db";
allow-update { any; };
allow-transfer { any; };
auto-dnssec maintain;
};
/*
* Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named.conf,v 1.2 2012/01/31 03:35:40 each Exp $ */
// NS2
controls { /* empty */ };
options {
query-source address 10.53.0.2;
notify-source 10.53.0.2;
transfer-source 10.53.0.2;
port 5300;
pid-file "named.pid";
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
recursion no;
notify yes;
dnssec-enable yes;
dnssec-validation yes;
};
key rndc_key {
secret "1234abcd8765";
algorithm hmac-md5;
};
controls {
inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; };
};
zone "master.example" {
type slave;
masters { 10.53.0.1; };
file "slave.db";
};
#!/bin/sh
#
# Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: setup.sh,v 1.2 2012/01/31 03:35:39 each Exp $
sh clean.sh
../../../tools/genrandom 400 random.data
sh ../genzone.sh 1 > ns1/master.db
cd ns1
touch master.db.signed
echo '$INCLUDE "master.db.signed"' >> master.db
$KEYGEN -r ../random.data -3q master.example > /dev/null 2>&1
$KEYGEN -r ../random.data -3qfk master.example > /dev/null 2>&1
$SIGNER -SD -o master.example master.db > /dev/null 2>&1
......@@ -14,7 +14,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: tests.sh,v 1.6 2009/12/04 22:06:37 tbox Exp $
# $Id: tests.sh,v 1.7 2012/01/31 03:35:39 each Exp $
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
......@@ -25,13 +25,13 @@ status=0
echo "I: checking that we detect a NS which refers to a CNAME"
if $CHECKZONE . cname.db > cname.out 2>&1
then
echo "I:failed (status)"; status=1
echo "I:failed (status)"; status=`expr $status + 1`
else
if grep "is a CNAME" cname.out > /dev/null
then
:
else
echo "I:failed (message)"; status=1
echo "I:failed (message)"; status=`expr $status + 1`
fi
fi
......@@ -39,13 +39,13 @@ fi
echo "I: checking that we detect a NS which is below a DNAME"
if $CHECKZONE . dname.db > dname.out 2>&1
then
echo "I:failed (status)"; status=1
echo "I:failed (status)"; status=`expr $status + 1`
else
if grep "is below a DNAME" dname.out > /dev/null
then
:
else
echo "I:failed (message)"; status=1
echo "I:failed (message)"; status=`expr $status + 1`
fi
fi
......@@ -53,13 +53,13 @@ fi
echo "I: checking that we detect a NS which has no address records (A/AAAA)"
if $CHECKZONE . noaddress.db > noaddress.out
then
echo "I:failed (status)"; status=1
echo "I:failed (status)"; status=`expr $status + 1`
else
if grep "has no address records" noaddress.out > /dev/null
then
:
else
echo "I:failed (message)"; status=1
echo "I:failed (message)"; status=`expr $status + 1`
fi
fi
......@@ -67,13 +67,13 @@ fi
echo "I: checking that we detect a NS which has no records"
if $CHECKZONE . nxdomain.db > nxdomain.out
then
echo "I:failed (status)"; status=1
echo "I:failed (status)"; status=`expr $status + 1`
else
if grep "has no address records" noaddress.out > /dev/null
then
:
else
echo "I:failed (message)"; status=1
echo "I:failed (message)"; status=`expr $status + 1`
fi
fi
......@@ -81,13 +81,13 @@ fi
echo "I: checking that we detect a NS which looks like a A record (fail)"
if $CHECKZONE -n fail . a.db > a.out 2>&1
then
echo "I:failed (status)"; status=1
echo "I:failed (status)"; status=`expr $status + 1`
else
if grep "appears to be an address" a.out > /dev/null
then
:
else
echo "I:failed (message)"; status=1
echo "I:failed (message)"; status=`expr $status + 1`
fi
fi
......@@ -99,10 +99,10 @@ then
then
:
else
echo "I:failed (message)"; status=1
echo "I:failed (message)"; status=`expr $status + 1`
fi
else
echo "I:failed (status)"; status=1
echo "I:failed (status)"; status=`expr $status + 1`
fi
#
......@@ -111,25 +111,25 @@ if $CHECKZONE -n ignore . a.db > a.out 2>&1
then
if grep "appears to be an address" a.out > /dev/null
then
echo "I:failed (message)"; status=1
echo "I:failed (message)"; status=`expr $status + 1`
else
:
fi
else
echo "I:failed (status)"; status=1
echo "I:failed (status)"; status=`expr $status + 1`
fi
#
echo "I: checking that we detect a NS which looks like a AAAA record (fail)"
if $CHECKZONE -n fail . aaaa.db > aaaa.out 2>&1
then
echo "I:failed (status)"; status=1
echo "I:failed (status)"; status=`expr $status + 1`
else
if grep "appears to be an address" aaaa.out > /dev/null
then
:
else
echo "I:failed (message)"; status=1
echo "I:failed (message)"; status=`expr $status + 1`
fi
fi
......@@ -141,10 +141,10 @@ then
then
:
else
echo "I:failed (message)"; status=1
echo "I:failed (message)"; status=`expr $status + 1`
fi
else
echo "I:failed (status)"; status=1
echo "I:failed (status)"; status=`expr $status + 1`
fi