3271. [func] New "rndc zonestatus" command prints information

			about the specified zone. [RT #21671]

CHANGES

+3271.	[func]		New "rndc zonestatus" command prints information
+			about the specified zone. [RT #21671]
+
 	--- 9.9.0rc2 released ---
 
 3270.	[bug]		"rndc reload" didn't reuse existing zones correctly

bin/named/control.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: control.c,v 1.47 2011/11/03 23:05:30 each Exp $ */
+/* $Id: control.c,v 1.48 2012/01/31 03:35:39 each Exp $ */
 
 /*! \file */
 
@@ -207,6 +207,8 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
 		result = ns_server_del_zone(ns_g_server, command);
 	} else if (command_compare(command, NS_COMMAND_SIGNING)) {
 		result = ns_server_signing(ns_g_server, command, text);
+	} else if (command_compare(command, NS_COMMAND_ZONESTATUS)) {
+		result = ns_server_zonestatus(ns_g_server, command, text);
 	} else {
 		isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
 			      NS_LOGMODULE_CONTROL, ISC_LOG_WARNING,

bin/named/include/named/control.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: control.h,v 1.36 2011/10/28 06:20:04 each Exp $ */
+/* $Id: control.h,v 1.37 2012/01/31 03:35:39 each Exp $ */
 
 #ifndef NAMED_CONTROL_H
 #define NAMED_CONTROL_H 1
@@ -65,6 +65,7 @@
 #define NS_COMMAND_DELZONE	"delzone"
 #define NS_COMMAND_SYNC		"sync"
 #define NS_COMMAND_SIGNING	"signing"
+#define NS_COMMAND_ZONESTATUS	"zonestatus"
 
 isc_result_t
 ns_controls_create(ns_server_t *server, ns_controls_t **ctrlsp);

bin/named/include/named/server.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: server.h,v 1.116 2011/11/03 23:05:30 each Exp $ */
+/* $Id: server.h,v 1.117 2012/01/31 03:35:39 each Exp $ */
 
 #ifndef NAMED_SERVER_H
 #define NAMED_SERVER_H 1
@@ -348,4 +348,11 @@ ns_server_del_zone(ns_server_t *server, char *args);
  */
 isc_result_t
 ns_server_signing(ns_server_t *server, char *args, isc_buffer_t *text);
+
+/*%
+ * Lists status information for a given zone (e.g., name, type, files,
+ * load time, expiry, etc).
+ */
+isc_result_t
+ns_server_zonestatus(ns_server_t *server, char *args, isc_buffer_t *text);
 #endif /* NAMED_SERVER_H */

bin/named/server.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: server.c,v 1.639 2012/01/31 01:13:09 each Exp $ */
+/* $Id: server.c,v 1.640 2012/01/31 03:35:39 each Exp $ */
 
 /*! \file */
 
@@ -8026,3 +8026,251 @@ ns_server_signing(ns_server_t *server, char *args, isc_buffer_t *text) {
 
 	return (result);
 }
+
+isc_result_t
+ns_server_zonestatus(ns_server_t *server, char *args, isc_buffer_t *text) {
+	isc_result_t result = ISC_R_SUCCESS;
+	dns_zone_t *zone = NULL, *raw = NULL;
+	const char *type, *file, *zonename = NULL;
+	isc_uint32_t serial, signed_serial, nodes;
+	char serbuf[16], sserbuf[16], nodebuf[16], resignbuf[512];
+	char lbuf[80], xbuf[80], rbuf[80], kbuf[80], rtbuf[80];
+	isc_time_t loadtime, expiretime, refreshtime;
+	isc_time_t refreshkeytime, resigntime;
+	dns_zonetype_t zonetype;
+	isc_boolean_t dynamic = ISC_FALSE, frozen = ISC_FALSE;
+	isc_boolean_t hasraw = ISC_FALSE;
+	isc_boolean_t secure, maintain, allow;
+	dns_db_t *db = NULL, *rawdb = NULL;
+	char **incfiles = NULL;
+	int nfiles = 0;
+
+	isc_time_settoepoch(&loadtime);
+	isc_time_settoepoch(&refreshtime);
+	isc_time_settoepoch(&expiretime);
+	isc_time_settoepoch(&refreshkeytime);
+	isc_time_settoepoch(&resigntime);
+
+	CHECK(zone_from_args(server, args, &zone, &zonename, ISC_TRUE));
+	if (result != ISC_R_SUCCESS)
+		return (result);
+	if (zone == NULL) {
+		result = ISC_R_UNEXPECTEDEND;
+		goto cleanup;
+	}
+
+	zonetype = dns_zone_gettype(zone);
+	switch (zonetype) {
+	case dns_zone_master:
+		type = "master";
+		break;
+	case dns_zone_slave:
+		type = "slave";
+		break;
+	case dns_zone_stub:
+		type = "stub";
+		break;
+	case dns_zone_staticstub:
+		type = "staticstub";
+		break;
+	case dns_zone_redirect:
+		type = "redirect";
+		break;
+	case dns_zone_key:
+		type = "key";
+		break;
+	case dns_zone_dlz:
+		type = "dlz";
+		break;
+	default:
+		type = "unknown";
+	}
+
+	/* Inline signing? */
+	CHECK(dns_zone_getdb(zone, &db));
+	dns_zone_getraw(zone, &raw);
+	hasraw = ISC_TF(raw != NULL);
+	if (hasraw)
+		CHECK(dns_zone_getdb(raw, &rawdb));
+ 
+	/* Serial number */
+	serial = dns_zone_getserial(hasraw ? raw : zone);
+	snprintf(serbuf, sizeof(serbuf), "%d", serial);
+	if (hasraw) {
+		signed_serial = dns_zone_getserial(zone);
+		snprintf(sserbuf, sizeof(sserbuf), "%d", signed_serial);
+	}
+
+	/* Database node count */
+	nodes = dns_db_nodecount(hasraw ? rawdb : db);
+	snprintf(nodebuf, sizeof(nodebuf), "%d", nodes);
+
+	/* Security */
+	secure = dns_db_issecure(db);
+	allow = ISC_TF((dns_zone_getkeyopts(zone) & DNS_ZONEKEY_ALLOW) != 0);
+	maintain = ISC_TF((dns_zone_getkeyopts(zone) &
+			   DNS_ZONEKEY_MAINTAIN) != 0);
+
+	/* Master files */
+	file = dns_zone_getfile(hasraw ? raw : zone);
+	nfiles = dns_zone_getincludes(hasraw ? raw : zone, &incfiles);
+
+	/* Load time */
+	dns_zone_getloadtime(zone, &loadtime);
+	isc_time_formathttptimestamp(&loadtime, lbuf, sizeof(lbuf));
+
+	/* Refresh/expire times */
+	if (zonetype == dns_zone_slave ||
+	    zonetype == dns_zone_stub ||
+	    zonetype == dns_zone_redirect)
+	{
+		dns_zone_getexpiretime(zone, &expiretime);
+		isc_time_formathttptimestamp(&expiretime, xbuf, sizeof(xbuf));
+		dns_zone_getrefreshtime(zone, &refreshtime);
+		isc_time_formathttptimestamp(&refreshtime, rbuf, sizeof(rbuf));
+	}
+
+	/* Key refresh time */
+	if (zonetype == dns_zone_master ||
+	    (zonetype == dns_zone_slave && hasraw))
+	{
+		dns_zone_getrefreshkeytime(zone, &refreshkeytime);
+		isc_time_formathttptimestamp(&refreshkeytime, kbuf,
+					     sizeof(kbuf));
+	}
+
+	/* Dynamic? */
+	if (zonetype == dns_zone_master) {
+		dynamic = dns_zone_isdynamic(hasraw ? raw : zone, ISC_TRUE);
+		frozen = dynamic && !dns_zone_isdynamic(hasraw ? raw : zone,
+							ISC_FALSE);
+	}
+
+	/* Next resign event */
+	if (secure && (zonetype == dns_zone_master || 
+	     (zonetype == dns_zone_slave && hasraw)) &&
+	    ((dns_zone_getkeyopts(zone) & DNS_ZONEKEY_NORESIGN) == 0))
+	{
+		dns_name_t *name;
+		dns_fixedname_t fixed;
+		dns_rdataset_t next;
+		dns_db_t *signingdb;
+
+		dns_rdataset_init(&next);
+		dns_fixedname_init(&fixed);
+		name = dns_fixedname_name(&fixed);
+
+		signingdb = hasraw ? rawdb : db;
+
+		result = dns_db_getsigningtime(signingdb, &next, name);
+		if (result == ISC_R_SUCCESS) {
+			isc_stdtime_t timenow;
+			char namebuf[DNS_NAME_FORMATSIZE];
+			char typebuf[DNS_RDATATYPE_FORMATSIZE];
+
+			isc_stdtime_get(&timenow);
+			dns_name_format(name, namebuf, sizeof(namebuf));
+			dns_rdatatype_format(next.covers,
+					     typebuf, sizeof(typebuf));
+			snprintf(resignbuf, sizeof(resignbuf),
+				     "%s/%s", namebuf, typebuf);
+			isc_time_set(&resigntime, next.resign, 0);
+			isc_time_formathttptimestamp(&resigntime, rtbuf,
+						     sizeof(rtbuf));
+			dns_rdataset_disassociate(&next);
+		}
+	}
+
+	/* Create text */
+	isc_buffer_putstr(text, "name: ");
+	isc_buffer_putstr(text, zonename);
+
+	isc_buffer_putstr(text, "\ntype: ");
+	isc_buffer_putstr(text, type);
+
+	if (file != NULL) {
+		int i;
+		isc_buffer_putstr(text, "\nfiles: ");
+		isc_buffer_putstr(text, dns_zone_getfile(zone));
+		for (i = 0; i < nfiles; i++) {
+			isc_buffer_putstr(text, ", ");
+			isc_buffer_putstr(text, incfiles[i]);
+		}
+	}
+
+	isc_buffer_putstr(text, "\nserial: ");
+	isc_buffer_putstr(text, serbuf);
+	if (hasraw) {
+		isc_buffer_putstr(text, "\nsigned serial: ");
+		isc_buffer_putstr(text, sserbuf);
+	}
+
+	isc_buffer_putstr(text, "\nnodes: ");
+	isc_buffer_putstr(text, nodebuf);
+
+	if (! isc_time_isepoch(&loadtime)) {
+		isc_buffer_putstr(text, "\nlast loaded: ");
+		isc_buffer_putstr(text, lbuf);
+	}
+
+	if (! isc_time_isepoch(&refreshtime)) {
+		isc_buffer_putstr(text, "\nnext refresh: ");
+		isc_buffer_putstr(text, rbuf);
+	}
+
+	if (! isc_time_isepoch(&expiretime)) {
+		isc_buffer_putstr(text, "\nexpires: ");
+		isc_buffer_putstr(text, lbuf);
+	}
+
+	if (secure) {
+		isc_buffer_putstr(text, "\nsecure: yes");
+		if (hasraw)
+			isc_buffer_putstr(text, "\ninline signing: yes");
+		else
+			isc_buffer_putstr(text, "\ninline signing: no");
+	} else
+		isc_buffer_putstr(text, "\nsecure: no");
+
+	if (maintain) {
+		isc_buffer_putstr(text, "\nkey maintenance: automatic");
+		if (! isc_time_isepoch(&refreshkeytime)) {
+			isc_buffer_putstr(text, "\nnext key event: ");
+			isc_buffer_putstr(text, kbuf);
+		}
+	} else if (allow)
+		isc_buffer_putstr(text, "\nkey maintenance: on command");
+	else if (secure || hasraw)
+		isc_buffer_putstr(text, "\nkey maintenance: none");
+
+	if (!isc_time_isepoch(&resigntime)) {
+		isc_buffer_putstr(text, "\nnext resign node: ");
+		isc_buffer_putstr(text, resignbuf);
+		isc_buffer_putstr(text, "\nnext resign time: ");
+		isc_buffer_putstr(text, rtbuf);
+	}
+
+	if (dynamic) {
+		isc_buffer_putstr(text, "\ndynamic: yes");
+		if (frozen)
+			isc_buffer_putstr(text, "\nfrozen: yes");
+		else
+			isc_buffer_putstr(text, "\nfrozen: no");
+	} else
+		isc_buffer_putstr(text, "\ndynamic: no");
+
+	isc_buffer_putuint8(text, 0);
+
+ cleanup:
+	if (db != NULL)
+		dns_db_detach(&db);
+	if (hasraw) {
+		dns_db_detach(&rawdb);
+		dns_zone_detach(&raw);
+	}
+	if (incfiles != NULL)
+		isc_mem_free(server->mctx, incfiles);
+	if (zone != NULL)
+		dns_zone_detach(&zone);
+	return (result);
+}

bin/rndc/rndc.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: rndc.c,v 1.139 2011/11/29 00:49:26 marka Exp $ */
+/* $Id: rndc.c,v 1.140 2012/01/31 03:35:39 each Exp $ */
 
 /*! \file */
 
@@ -126,6 +126,8 @@ command is one of the following:\n\
 		Update zone keys, and sign as needed.\n\
   loadkeys zone [class [view]]\n\
 		Update keys without signing immediately.\n\
+  zonestatus zone [class [view]]\n\
+		Display the current status of a zone.\n\
   stats		Write server statistics to the statistics file.\n\
   querylog newstate\n\
 		Enable / disable query logging.\n\

bin/tests/system/zonechecks/clean.sh

@@ -14,7 +14,10 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: clean.sh,v 1.6 2007/09/26 03:22:44 marka Exp $
+# $Id: clean.sh,v 1.7 2012/01/31 03:35:39 each Exp $
 
 rm -f *.out
 rm -f */named.memstats
+rm -f */*.db */*.db.signed */K*.key */K*.private */*.jnl */dsset-*
+rm -f rndc.out.*
+rm -f random.data

bin/tests/system/zonechecks/ns1/named.conf

+/*
+ * Copyright (C) 2011  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.2 2012/01/31 03:35:40 each Exp $ */
+
+// NS1
+
+controls { /* empty */ };
+
+options {
+	query-source address 10.53.0.1;
+	notify-source 10.53.0.1;
+	transfer-source 10.53.0.1;
+	port 5300;
+	pid-file "named.pid";
+	listen-on { 10.53.0.1; };
+	listen-on-v6 { none; };
+	recursion no;
+	notify yes;
+	dnssec-enable yes;
+	dnssec-validation yes;
+};
+
+key rndc_key {
+        secret "1234abcd8765";
+        algorithm hmac-md5;
+};
+
+controls {
+        inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; };
+};
+
+zone "master.example" {
+	type master;
+	file "master.db";
+        allow-update { any; };
+        allow-transfer { any; };
+        auto-dnssec maintain;
+};
+

bin/tests/system/zonechecks/ns2/named.conf

+/*
+ * Copyright (C) 2011  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.2 2012/01/31 03:35:40 each Exp $ */
+
+// NS2
+
+controls { /* empty */ };
+
+options {
+	query-source address 10.53.0.2;
+	notify-source 10.53.0.2;
+	transfer-source 10.53.0.2;
+	port 5300;
+	pid-file "named.pid";
+	listen-on { 10.53.0.2; };
+	listen-on-v6 { none; };
+	recursion no;
+	notify yes;
+	dnssec-enable yes;
+	dnssec-validation yes;
+};
+
+key rndc_key {
+        secret "1234abcd8765";
+        algorithm hmac-md5;
+};
+
+controls {
+        inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; };
+};
+
+zone "master.example" {
+	type slave;
+        masters { 10.53.0.1; };
+	file "slave.db";
+};
+

bin/tests/system/zonechecks/setup.sh

+#!/bin/sh
+#
+# Copyright (C) 2011  Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: setup.sh,v 1.2 2012/01/31 03:35:39 each Exp $
+
+sh clean.sh
+
+../../../tools/genrandom 400 random.data
+sh ../genzone.sh 1 > ns1/master.db
+cd ns1
+touch master.db.signed
+echo '$INCLUDE "master.db.signed"' >> master.db
+$KEYGEN -r ../random.data -3q master.example > /dev/null 2>&1
+$KEYGEN -r ../random.data -3qfk master.example > /dev/null 2>&1
+$SIGNER -SD -o master.example master.db > /dev/null 2>&1
+

bin/tests/system/zonechecks/tests.sh

@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: tests.sh,v 1.6 2009/12/04 22:06:37 tbox Exp $
+# $Id: tests.sh,v 1.7 2012/01/31 03:35:39 each Exp $
 
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
@@ -25,13 +25,13 @@ status=0
 echo "I: checking that we detect a NS which refers to a CNAME"
 if $CHECKZONE . cname.db > cname.out 2>&1
 then
-	echo "I:failed (status)"; status=1
+	echo "I:failed (status)"; status=`expr $status + 1`
 else
 	if grep "is a CNAME" cname.out > /dev/null
 	then
 		:
 	else
-		echo "I:failed (message)"; status=1
+		echo "I:failed (message)"; status=`expr $status + 1`
 	fi
 fi
 
@@ -39,13 +39,13 @@ fi
 echo "I: checking that we detect a NS which is below a DNAME"
 if $CHECKZONE . dname.db > dname.out 2>&1
 then
-	echo "I:failed (status)"; status=1
+	echo "I:failed (status)"; status=`expr $status + 1`
 else
 	if grep "is below a DNAME" dname.out > /dev/null
 	then
 		:
 	else
-		echo "I:failed (message)"; status=1
+		echo "I:failed (message)"; status=`expr $status + 1`
 	fi
 fi
 
@@ -53,13 +53,13 @@ fi
 echo "I: checking that we detect a NS which has no address records (A/AAAA)"
 if $CHECKZONE . noaddress.db > noaddress.out
 then
-	echo "I:failed (status)"; status=1
+	echo "I:failed (status)"; status=`expr $status + 1`
 else
 	if grep "has no address records" noaddress.out > /dev/null
 	then
 		:
 	else
-		echo "I:failed (message)"; status=1
+		echo "I:failed (message)"; status=`expr $status + 1`
 	fi
 fi
 
@@ -67,13 +67,13 @@ fi
 echo "I: checking that we detect a NS which has no records"
 if $CHECKZONE . nxdomain.db > nxdomain.out
 then
-	echo "I:failed (status)"; status=1
+	echo "I:failed (status)"; status=`expr $status + 1`
 else
 	if grep "has no address records" noaddress.out > /dev/null
 	then
 		:
 	else
-		echo "I:failed (message)"; status=1
+		echo "I:failed (message)"; status=`expr $status + 1`
 	fi
 fi
 
@@ -81,13 +81,13 @@ fi
 echo "I: checking that we detect a NS which looks like a A record (fail)"
 if $CHECKZONE -n fail . a.db > a.out 2>&1
 then
-	echo "I:failed (status)"; status=1
+	echo "I:failed (status)"; status=`expr $status + 1`
 else
 	if grep "appears to be an address" a.out > /dev/null
 	then
 		:
 	else
-		echo "I:failed (message)"; status=1
+		echo "I:failed (message)"; status=`expr $status + 1`
 	fi
 fi
 
@@ -99,10 +99,10 @@ then
 	then
 		:
 	else
-		echo "I:failed (message)"; status=1
+		echo "I:failed (message)"; status=`expr $status + 1`
 	fi
 else
-	echo "I:failed (status)"; status=1
+	echo "I:failed (status)"; status=`expr $status + 1`
 fi
 
 #
@@ -111,25 +111,25 @@ if $CHECKZONE -n ignore . a.db > a.out 2>&1
 then
 	if grep "appears to be an address" a.out > /dev/null
 	then
-		echo "I:failed (message)"; status=1
+		echo "I:failed (message)"; status=`expr $status + 1`
 	else
 		:
 	fi
 else
-	echo "I:failed (status)"; status=1
+	echo "I:failed (status)"; status=`expr $status + 1`
 fi
 
 #
 echo "I: checking that we detect a NS which looks like a AAAA record (fail)"
 if $CHECKZONE -n fail . aaaa.db > aaaa.out 2>&1
 then
-	echo "I:failed (status)"; status=1
+	echo "I:failed (status)"; status=`expr $status + 1`
 else