Commit 47638696 authored by Mark Andrews's avatar Mark Andrews

1446. [func] Implemented undocumented alternate transfer sources

                        from BIND 8.  See use-alt-transfer-source,
                        alt-transfer-source-v4 and alt-transfer-source-v6.

                        SECURITY: use-alt-transfer-source is ENABLED unless
                        you are using views.  This may caues a security risk
                        resulting in accidental disclosure of wrong zone
                        content if the master supplying different source
                        content based on IP address.  If you are not certian
                        ISC recommends setting use-alt-transfer-source no;
developer: marka
reviewer: explorer
parent 53cf6718
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: config.c,v 1.39 2003/02/26 06:04:02 marka Exp $ */
/* $Id: config.c,v 1.40 2003/02/26 23:28:58 marka Exp $ */
#include <config.h>
......@@ -136,6 +136,8 @@ options {\n\
# max-ixfr-log-size <obsolete>\n\
transfer-source *;\n\
transfer-source-v6 *;\n\
alt-transfer-source-v4 *;\n\
alt-transfer-source-v6 *;\n\
max-transfer-time-in 120;\n\
max-transfer-time-out 120;\n\
max-transfer-idle-in 60;\n\
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: zoneconf.c,v 1.104 2003/02/04 06:10:08 marka Exp $ */
/* $Id: zoneconf.c,v 1.105 2003/02/26 23:28:58 marka Exp $ */
#include <config.h>
......@@ -32,6 +32,7 @@
#include <dns/name.h>
#include <dns/rdatatype.h>
#include <dns/ssu.h>
#include <dns/view.h>
#include <dns/zone.h>
#include <named/config.h>
......@@ -317,6 +318,8 @@ ns_zone_configure(cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_t *zconfig,
int i;
isc_int32_t journal_size;
isc_boolean_t multi;
isc_boolean_t alt;
dns_view_t *view;
i = 0;
if (zconfig != NULL) {
......@@ -628,6 +631,32 @@ ns_zone_configure(cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_t *zconfig,
INSIST(result == ISC_R_SUCCESS);
RETERR(dns_zone_setxfrsource6(zone, cfg_obj_assockaddr(obj)));
obj = NULL;
result = ns_config_get(maps, "alt-transfer-source-v4", &obj);
INSIST(result == ISC_R_SUCCESS);
RETERR(dns_zone_setaltxfrsource4(zone, cfg_obj_assockaddr(obj)));
obj = NULL;
result = ns_config_get(maps, "alt-transfer-source-v6", &obj);
INSIST(result == ISC_R_SUCCESS);
RETERR(dns_zone_setaltxfrsource6(zone, cfg_obj_assockaddr(obj)));
obj = NULL;
(void)ns_config_get(maps, "use-alt-transfer-source", &obj);
if (obj == NULL) {
/*
* Default off when views are in use otherwise
* on for BIND 8 compatability.
*/
view = dns_zone_getview(zone);
if (view != NULL && strcmp(view->name, "_default") == 0)
alt = ISC_TRUE;
else
alt = ISC_FALSE;
} else
alt = cfg_obj_asboolean(obj);
dns_zone_setoption(zone, DNS_ZONEOPT_USEALTXFRSRC, alt);
break;
default:
......
......@@ -2,7 +2,7 @@
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
"http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd">
<!-- File: $Id: Bv9ARM-book.xml,v 1.217 2003/02/26 06:04:03 marka Exp $ -->
<!-- File: $Id: Bv9ARM-book.xml,v 1.218 2003/02/26 23:28:58 marka Exp $ -->
<book>
<title>BIND 9 Administrator Reference Manual</title>
......@@ -2764,6 +2764,9 @@ statement in the <filename>named.conf</filename> file:</para>
<optional> transfers-per-ns <replaceable>number</replaceable>; </optional>
<optional> transfer-source (<replaceable>ip4_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
<optional> transfer-source-v6 (<replaceable>ip6_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
<optional> alt-transfer-source-v4 (<replaceable>ip4_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
<optional> alt-transfer-source-v6 (<replaceable>ip6_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
<optional> use-alt-transfer-source <replaceable>yes_or_no</replaceable>; </optional>
<optional> notify-source (<replaceable>ip4_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
<optional> notify-source-v6 (<replaceable>ip6_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
<optional> also-notify { <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> ; <optional> <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> ; ... </optional> }; </optional>
......@@ -3620,6 +3623,24 @@ in the configuration file.</para>
except zone transfers are performed using IPv6.</para>
</listitem></varlistentry>
<varlistentry><term><command>alt-transfer-source-v4</command></term>
<listitem><para>An alternate transfer source if the one listed in
<command>transfer-source</command> fails and
<command>use-alt-transfer-source</command> is set.</para>
</listitem></varlistentry>
<varlistentry><term><command>alt-transfer-source-v6</command></term>
<listitem><para>An alternate transfer source if the one listed in
<command>transfer-source-v6</command> fails and
<command>use-alt-transfer-source</command> is set.</para>
</listitem></varlistentry>
<varlistentry><term><command>use-alt-transfer-source</command></term>
<listitem><para>Use the alternate transfer sources or not. If views are
specified this defaults to <command>no</command> otherwise it defaults to
<command>yes</command> (for BIND 8 compatibility).</para>
</listitem></varlistentry>
<varlistentry><term><command>notify-source</command></term>
<listitem><para><command>notify-source</command> determines
which local source address, and optionally UDP port, will be used to
......@@ -4433,6 +4454,9 @@ Statement Grammar</title>
<optional> pubkey <replaceable>number</replaceable> <replaceable>number</replaceable> <replaceable>number</replaceable> <replaceable>string</replaceable> ; </optional>
<optional> transfer-source (<replaceable>ip4_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
<optional> transfer-source-v6 (<replaceable>ip6_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
<optional> alt-transfer-source-v4 (<replaceable>ip4_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
<optional> alt-transfer-source-v6 (<replaceable>ip6_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
<optional> use-alt-transfer-source <replaceable>yes_or_no</replaceable>; </optional>
<optional> notify-source (<replaceable>ip4_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
<optional> notify-source-v6 (<replaceable>ip6_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
<optional> zone-statistics <replaceable>yes_or_no</replaceable> ; </optional>
......@@ -4720,6 +4744,25 @@ information for this zone, which can be dumped to the
</para>
</listitem></varlistentry>
<varlistentry><term><command>alt-transfer-source-v4</command></term>
<listitem><para>See the description of
<command>alt-transfer-source-v4</command> in <xref linkend="zone_transfers"/>
</para>
</listitem></varlistentry>
<varlistentry><term><command>alt-transfer-source-v6</command></term>
<listitem><para>See the description of
<command>alt-transfer-source-v6</command> in <xref linkend="zone_transfers"/>
</para>
</listitem></varlistentry>
<varlistentry><term><command>use-alt-transfer-source</command></term>
<listitem><para>See the description of
<command>use-alt-transfer-source</command> in <xref linkend="zone_transfers"/>
</para>
</listitem></varlistentry>
<varlistentry><term><command>notify-source</command></term>
<listitem><para>See the description of
<command>notify-source</command> in <xref linkend="zone_transfers"/>
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: xfrin.h,v 1.18 2001/02/09 06:04:55 marka Exp $ */
/* $Id: xfrin.h,v 1.19 2003/02/26 23:28:59 marka Exp $ */
#ifndef DNS_XFRIN_H
#define DNS_XFRIN_H 1
......@@ -57,6 +57,14 @@ dns_xfrin_create(dns_zone_t *zone, dns_rdatatype_t xfrtype,
isc_mem_t *mctx, isc_timermgr_t *timermgr,
isc_socketmgr_t *socketmgr, isc_task_t *task,
dns_xfrindone_t done, dns_xfrin_ctx_t **xfrp);
isc_result_t
dns_xfrin_create2(dns_zone_t *zone, dns_rdatatype_t xfrtype,
isc_sockaddr_t *masteraddr, isc_sockaddr_t *sourceaddr,
dns_tsigkey_t *tsigkey, isc_mem_t *mctx,
isc_timermgr_t *timermgr, isc_socketmgr_t *socketmgr,
isc_task_t *task, dns_xfrindone_t done,
dns_xfrin_ctx_t **xfrp);
/*
* Attempt to start an incoming zone transfer of 'zone'
* from 'masteraddr', creating a dns_xfrin_ctx_t object to
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: zone.h,v 1.122 2003/02/26 03:45:59 marka Exp $ */
/* $Id: zone.h,v 1.123 2003/02/26 23:28:59 marka Exp $ */
#ifndef DNS_ZONE_H
#define DNS_ZONE_H 1
......@@ -49,6 +49,7 @@ typedef enum {
#define DNS_ZONEOPT_CHECKNS 0x00000080U /* check if NS's are addresses */
#define DNS_ZONEOPT_FATALNS 0x00000100U /* DNS_ZONEOPT_CHECKNS is fatal */
#define DNS_ZONEOPT_MULTIMASTER 0x00000200U /* this zone has multiple masters */
#define DNS_ZONEOPT_USEALTXFRSRC 0x00000400U /* use alternate transfer sources */
#ifndef NOMINUM_PUBLIC
/*
......@@ -512,6 +513,8 @@ dns_zone_setmaxretrytime(dns_zone_t *zone, isc_uint32_t val);
isc_result_t
dns_zone_setxfrsource4(dns_zone_t *zone, isc_sockaddr_t *xfrsource);
isc_result_t
dns_zone_setaltxfrsource4(dns_zone_t *zone, isc_sockaddr_t *xfrsource);
/*
* Set the source address to be used in IPv4 zone transfers.
*
......@@ -525,6 +528,8 @@ dns_zone_setxfrsource4(dns_zone_t *zone, isc_sockaddr_t *xfrsource);
isc_sockaddr_t *
dns_zone_getxfrsource4(dns_zone_t *zone);
isc_sockaddr_t *
dns_zone_getaltxfrsource4(dns_zone_t *zone);
/*
* Returns the source address set by a previous dns_zone_setxfrsource4
* call, or the default of inaddr_any, port 0.
......@@ -535,6 +540,8 @@ dns_zone_getxfrsource4(dns_zone_t *zone);
isc_result_t
dns_zone_setxfrsource6(dns_zone_t *zone, isc_sockaddr_t *xfrsource);
isc_result_t
dns_zone_setaltxfrsource6(dns_zone_t *zone, isc_sockaddr_t *xfrsource);
/*
* Set the source address to be used in IPv6 zone transfers.
*
......@@ -548,6 +555,8 @@ dns_zone_setxfrsource6(dns_zone_t *zone, isc_sockaddr_t *xfrsource);
isc_sockaddr_t *
dns_zone_getxfrsource6(dns_zone_t *zone);
isc_sockaddr_t *
dns_zone_getaltxfrsource6(dns_zone_t *zone);
/*
* Returns the source address set by a previous dns_zone_setxfrsource6
* call, or the default of in6addr_any, port 0.
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: xfrin.c,v 1.131 2002/11/12 20:16:30 marka Exp $ */
/* $Id: xfrin.c,v 1.132 2003/02/26 23:28:59 marka Exp $ */
#include <config.h>
......@@ -183,6 +183,7 @@ xfrin_create(isc_mem_t *mctx,
dns_rdataclass_t rdclass,
dns_rdatatype_t reqtype,
isc_sockaddr_t *masteraddr,
isc_sockaddr_t *sourceaddr,
dns_tsigkey_t *tsigkey,
dns_xfrin_ctx_t **xfrp);
......@@ -548,6 +549,31 @@ dns_xfrin_create(dns_zone_t *zone, dns_rdatatype_t xfrtype,
isc_mem_t *mctx, isc_timermgr_t *timermgr,
isc_socketmgr_t *socketmgr, isc_task_t *task,
dns_xfrindone_t done, dns_xfrin_ctx_t **xfrp)
{
isc_sockaddr_t sourceaddr;
switch (isc_sockaddr_pf(masteraddr)) {
case PF_INET:
sourceaddr = *dns_zone_getxfrsource4(zone);
break;
case PF_INET6:
sourceaddr = *dns_zone_getxfrsource6(zone);
break;
default:
INSIST(0);
}
return(dns_xfrin_create2(zone, xfrtype, masteraddr, &sourceaddr,
tsigkey, mctx, timermgr, socketmgr,
task, done, xfrp));
}
isc_result_t
dns_xfrin_create2(dns_zone_t *zone, dns_rdatatype_t xfrtype,
isc_sockaddr_t *masteraddr, isc_sockaddr_t *sourceaddr,
dns_tsigkey_t *tsigkey, isc_mem_t *mctx,
isc_timermgr_t *timermgr, isc_socketmgr_t *socketmgr,
isc_task_t *task, dns_xfrindone_t done, dns_xfrin_ctx_t **xfrp)
{
dns_name_t *zonename = dns_zone_getorigin(zone);
dns_xfrin_ctx_t *xfr;
......@@ -560,7 +586,7 @@ dns_xfrin_create(dns_zone_t *zone, dns_rdatatype_t xfrtype,
CHECK(xfrin_create(mctx, zone, db, task, timermgr, socketmgr, zonename,
dns_zone_getclass(zone), xfrtype, masteraddr,
tsigkey, &xfr));
sourceaddr, tsigkey, &xfr));
CHECK(xfrin_start(xfr));
......@@ -676,6 +702,7 @@ xfrin_create(isc_mem_t *mctx,
dns_rdataclass_t rdclass,
dns_rdatatype_t reqtype,
isc_sockaddr_t *masteraddr,
isc_sockaddr_t *sourceaddr,
dns_tsigkey_t *tsigkey,
dns_xfrin_ctx_t **xfrp)
{
......@@ -753,16 +780,8 @@ xfrin_create(isc_mem_t *mctx,
xfr->masteraddr = *masteraddr;
switch (isc_sockaddr_pf(masteraddr)) {
case PF_INET:
xfr->sourceaddr = *dns_zone_getxfrsource4(zone);
break;
case PF_INET6:
xfr->sourceaddr = *dns_zone_getxfrsource6(zone);
break;
default:
INSIST(0);
}
INSIST(isc_sockaddr_pf(masteraddr) == isc_sockaddr_pf(sourceaddr));
xfr->sourceaddr = *sourceaddr;
isc_sockaddr_setport(&xfr->sourceaddr, 0);
isc_buffer_init(&xfr->qbuffer, xfr->qbuffer_data,
......@@ -826,6 +845,8 @@ xfrin_connect_done(isc_task_t *task, isc_event_t *event) {
dns_xfrin_ctx_t *xfr = (dns_xfrin_ctx_t *) event->ev_arg;
isc_result_t evresult = cev->result;
isc_result_t result;
char sourcetext[ISC_SOCKADDR_FORMATSIZE];
isc_sockaddr_t sockaddr;
REQUIRE(VALID_XFRIN(xfr));
......@@ -841,7 +862,12 @@ xfrin_connect_done(isc_task_t *task, isc_event_t *event) {
}
CHECK(evresult);
xfrin_log(xfr, ISC_LOG_DEBUG(3), "connected");
result = isc_socket_getsockname(xfr->socket, &sockaddr);
if (result == ISC_R_SUCCESS) {
isc_sockaddr_format(&sockaddr, sourcetext, sizeof(sourcetext));
} else
strcpy(sourcetext, "<UNKNOWN>");
xfrin_log(xfr, ISC_LOG_INFO, "connected using %s", sourcetext);
dns_tcpmsg_init(xfr->mctx, xfr->socket, &xfr->tcpmsg);
xfr->tcpmsg_valid = ISC_TRUE;
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: zone.c,v 1.384 2003/02/26 03:45:59 marka Exp $ */
/* $Id: zone.c,v 1.385 2003/02/26 23:28:59 marka Exp $ */
#include <config.h>
......@@ -178,6 +178,9 @@ struct dns_zone {
isc_sockaddr_t notifysrc6;
isc_sockaddr_t xfrsource4;
isc_sockaddr_t xfrsource6;
isc_sockaddr_t altxfrsource4;
isc_sockaddr_t altxfrsource6;
isc_sockaddr_t sourceaddr;
dns_xfrin_ctx_t *xfr; /* task locked */
dns_tsigkey_t *tsigkey; /* key used for xfr */
/* Access Control Lists */
......@@ -258,6 +261,7 @@ struct dns_zone {
#define DNS_ZONEFLAG_NOIXFR 0x00100000U /* IXFR failed, force AXFR */
#define DNS_ZONEFLG_FLUSH 0x00200000U
#define DNS_ZONEFLG_NOEDNS 0x00400000U
#define DNS_ZONEFLG_USEALTXFRSRC 0x00800000U
#define DNS_ZONE_OPTION(z,o) (((z)->options & (o)) != 0)
......@@ -557,6 +561,8 @@ dns_zone_create(dns_zone_t **zonep, isc_mem_t *mctx) {
isc_sockaddr_any6(&zone->notifysrc6);
isc_sockaddr_any(&zone->xfrsource4);
isc_sockaddr_any6(&zone->xfrsource6);
isc_sockaddr_any(&zone->altxfrsource4);
isc_sockaddr_any6(&zone->altxfrsource6);
zone->xfr = NULL;
zone->tsigkey = NULL;
zone->maxxfrin = MAX_XFER_TIME;
......@@ -1801,6 +1807,40 @@ dns_zone_getxfrsource6(dns_zone_t *zone) {
return (&zone->xfrsource6);
}
isc_result_t
dns_zone_setaltxfrsource4(dns_zone_t *zone, isc_sockaddr_t *altxfrsource) {
REQUIRE(DNS_ZONE_VALID(zone));
LOCK_ZONE(zone);
zone->altxfrsource4 = *altxfrsource;
UNLOCK_ZONE(zone);
return (ISC_R_SUCCESS);
}
isc_sockaddr_t *
dns_zone_getaltxfrsource4(dns_zone_t *zone) {
REQUIRE(DNS_ZONE_VALID(zone));
return (&zone->altxfrsource4);
}
isc_result_t
dns_zone_setaltxfrsource6(dns_zone_t *zone, isc_sockaddr_t *altxfrsource) {
REQUIRE(DNS_ZONE_VALID(zone));
LOCK_ZONE(zone);
zone->altxfrsource6 = *altxfrsource;
UNLOCK_ZONE(zone);
return (ISC_R_SUCCESS);
}
isc_sockaddr_t *
dns_zone_getaltxfrsource6(dns_zone_t *zone) {
REQUIRE(DNS_ZONE_VALID(zone));
return (&zone->altxfrsource6);
}
isc_result_t
dns_zone_setnotifysrc4(dns_zone_t *zone, isc_sockaddr_t *notifysrc) {
REQUIRE(DNS_ZONE_VALID(zone));
......@@ -2184,6 +2224,7 @@ dns_zone_refresh(dns_zone_t *zone) {
}
DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_REFRESH);
DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_NOEDNS);
DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_USEALTXFRSRC);
if ((oldflags & (DNS_ZONEFLG_REFRESH|DNS_ZONEFLG_LOADING)) != 0)
goto unlock;
......@@ -3097,6 +3138,7 @@ stub_callback(isc_task_t *task, isc_event_t *event) {
dns_message_t *msg = NULL;
dns_zone_t *zone = NULL;
char master[ISC_SOCKADDR_FORMATSIZE];
char source[ISC_SOCKADDR_FORMATSIZE];
isc_uint32_t nscnt, cnamecnt;
isc_result_t result;
isc_time_t now;
......@@ -3121,6 +3163,7 @@ stub_callback(isc_task_t *task, isc_event_t *event) {
}
isc_sockaddr_format(&zone->masteraddr, master, sizeof(master));
isc_sockaddr_format(&zone->sourceaddr, source, sizeof(source));
if (revent->result != ISC_R_SUCCESS) {
if (revent->result == ISC_R_TIMEDOUT &&
......@@ -3130,12 +3173,14 @@ stub_callback(isc_task_t *task, isc_event_t *event) {
UNLOCK_ZONE(zone);
dns_zone_log(zone, ISC_LOG_DEBUG(1),
"refreshing stub: timeout retrying "
" without EDNS master %s", master);
" without EDNS master %s (source %s)",
master, source);
goto same_master;
}
dns_zone_log(zone, ISC_LOG_INFO,
"could not refresh stub from master %s: %s",
master, dns_result_totext(revent->result));
"could not refresh stub from master %s"
" (source %s): %s", master, source,
dns_result_totext(revent->result));
goto next_master;
}
......@@ -3163,8 +3208,8 @@ stub_callback(isc_task_t *task, isc_event_t *event) {
msg->rcode == dns_rcode_formerr)) {
dns_zone_log(zone, ISC_LOG_DEBUG(1),
"refreshing stub: rcode (%.*s) retrying "
"without EDNS master %s",
(int)rb.used, rcode, master);
"without EDNS master %s (source %s)",
(int)rb.used, rcode, master, source);
LOCK_ZONE(zone);
DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NOEDNS);
UNLOCK_ZONE(zone);
......@@ -3173,8 +3218,8 @@ stub_callback(isc_task_t *task, isc_event_t *event) {
dns_zone_log(zone, ISC_LOG_INFO,
"refreshing stub: "
"unexpected rcode (%.*s) from %s",
(int)rb.used, rcode, master);
"unexpected rcode (%.*s) from %s (source %s)",
(int)rb.used, rcode, master, source);
goto next_master;
}
......@@ -3184,9 +3229,9 @@ stub_callback(isc_task_t *task, isc_event_t *event) {
if ((msg->flags & DNS_MESSAGEFLAG_TC) != 0) {
if (dns_request_usedtcp(revent->request)) {
dns_zone_log(zone, ISC_LOG_INFO,
"refreshing stub: "
"truncated TCP response from master %s",
master);
"refreshing stub: truncated TCP "
"response from master %s (source %s)",
master, source);
goto next_master;
}
LOCK_ZONE(zone);
......@@ -3200,8 +3245,8 @@ stub_callback(isc_task_t *task, isc_event_t *event) {
*/
if ((msg->flags & DNS_MESSAGEFLAG_AA) == 0) {
dns_zone_log(zone, ISC_LOG_INFO, "refreshing stub: "
"non-authoritative answer from master %s",
master);
"non-authoritative answer from "
"master %s (source %s)", master, source);
goto next_master;
}
......@@ -3214,14 +3259,14 @@ stub_callback(isc_task_t *task, isc_event_t *event) {
if (cnamecnt != 0) {
dns_zone_log(zone, ISC_LOG_INFO,
"refreshing stub: unexpected CNAME response "
"from master %s", master);
"from master %s (source %s)", master, source);
goto next_master;
}
if (nscnt == 0) {
dns_zone_log(zone, ISC_LOG_INFO,
"refreshing stub: no NS records in response "
"from master %s", master);
"from master %s (source %s)", master, source);
goto next_master;
}
......@@ -3232,7 +3277,7 @@ stub_callback(isc_task_t *task, isc_event_t *event) {
if (result != ISC_R_SUCCESS) {
dns_zone_log(zone, ISC_LOG_INFO,
"refreshing stub: unable to save NS records "
"from master %s", master);
"from master %s (source %s)", master, source);
goto next_master;
}
......@@ -3276,11 +3321,18 @@ stub_callback(isc_task_t *task, isc_event_t *event) {
zone->curmaster++;
DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_NOEDNS);
if (exiting || zone->curmaster >= zone->masterscnt) {
DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_REFRESH);
if (!exiting &&
DNS_ZONE_OPTION(zone, DNS_ZONEOPT_USEALTXFRSRC) &&
!DNS_ZONE_FLAG(zone, DNS_ZONEFLG_USEALTXFRSRC)) {
zone->curmaster = 0;
DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_USEALTXFRSRC);
} else {
DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_REFRESH);
zone_settimer(zone, &now);
UNLOCK_ZONE(zone);
goto free_stub;
zone_settimer(zone, &now);
UNLOCK_ZONE(zone);
goto free_stub;
}
}
queue_soa_query(zone);
UNLOCK_ZONE(zone);
......@@ -3320,6 +3372,7 @@ refresh_callback(isc_task_t *task, isc_event_t *event) {
isc_uint32_t soacnt, cnamecnt, soacount, nscount;
isc_time_t now;
char master[ISC_SOCKADDR_FORMATSIZE];
char source[ISC_SOCKADDR_FORMATSIZE];
dns_rdataset_t *rdataset;
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_rdata_soa_t soa;
......@@ -3338,6 +3391,7 @@ refresh_callback(isc_task_t *task, isc_event_t *event) {
*/
isc_sockaddr_format(&zone->masteraddr, master, sizeof(master));
isc_sockaddr_format(&zone->sourceaddr, source, sizeof(source));
TIME_NOW(&now);
......@@ -3349,19 +3403,20 @@ refresh_callback(isc_task_t *task, isc_event_t *event) {
UNLOCK_ZONE(zone);
dns_zone_log(zone, ISC_LOG_DEBUG(1),
"refresh: timeout retrying without EDNS "
"master %s", master);
"master %s (source %s)", master, source);
goto same_master;
}
if (revent->result == ISC_R_TIMEDOUT &&
!dns_request_usedtcp(revent->request)) {
dns_zone_log(zone, ISC_LOG_INFO,
"refresh: retry limit for "
"master %s exceeded",
master);
"master %s exceeded (source %s)",
master, source);
} else
dns_zone_log(zone, ISC_LOG_INFO,
"refresh: failure trying master %s: %s",
master, dns_result_totext(revent->result));
"refresh: failure trying master "
"%s (source %s): %s", master, source,
dns_result_totext(revent->result));
goto next_master;
}
......@@ -3371,8 +3426,9 @@ refresh_callback(isc_task_t *task, isc_event_t *event) {
result = dns_request_getresponse(revent->request, msg, 0);
if (result != ISC_R_SUCCESS) {
dns_zone_log(zone, ISC_LOG_INFO,
"refresh: failure trying master %s: %s",
master, dns_result_totext(result));
"refresh: failure trying master "
"%s (source %s): %s", master, source,
dns_result_totext(result));
goto next_master;
}
......@@ -3392,16 +3448,17 @@ refresh_callback(isc_task_t *task, isc_event_t *event) {
msg->rcode == dns_rcode_formerr)) {
dns_zone_log(zone, ISC_LOG_DEBUG(1),
"refresh: rcode (%.*s) retrying without "
"EDNS master %s", (int)rb.used, rcode,
master);
"EDNS master %s (source %s)",
(int)rb.used, rcode, master, source);
LOCK_ZONE(zone);
DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NOEDNS);
UNLOCK_ZONE(zone);
goto same_master;
}
dns_zone_log(zone, ISC_LOG_INFO,
"refresh: unexpected rcode (%.*s) from master %s",
(int)rb.used, rcode, master);
"refresh: unexpected rcode (%.*s) from "
"master %s (source %s)", (int)rb.used, rcode,
master, source);
goto next_master;
}
......@@ -3413,16 +3470,16 @@ refresh_callback(isc_task_t *task, isc_event_t *event) {
dns_zone_log(zone, ISC_LOG_INFO,
"refresh: truncated UDP answer, "
"initiating TCP zone xfer "
"for master %s",
master);
"for master %s (source %s)",
master, source);
goto tcp_transfer;
} else {
INSIST(zone->type == dns_zone_stub);
if (dns_request_usedtcp(revent->request)) {
dns_zone_log(zone, ISC_LOG_INFO,
"refresh: truncated TCP response "
"from master %s",
master);
"from master %s (source %s)",
master, source);
goto next_master;
}
LOCK_ZONE(zone);
......@@ -3438,7 +3495,7 @@ refresh_callback(isc_task_t *task, isc_event_t *event) {
if ((msg->flags & DNS_MESSAGEFLAG_AA) == 0) {
dns_zone_log(zone, ISC_LOG_INFO,
"refresh: non-authoritative answer from "
"master %s", master);
"master %s (source %s)", master, source);
goto next_master;
}
......@@ -3454,7 +3511,7 @@ refresh_callback(isc_task_t *task, isc_event_t *event) {
if (cnamecnt != 0) {
dns_zone_log(zone, ISC_LOG_INFO,
"refresh: CNAME at top of zone "
"in master %s", master);
"in master %s (source %s)", master, source);
goto next_master;
}
......@@ -3464,7 +3521,7 @@ refresh_callback(isc_task_t *task, isc_event_t *event) {
if (soacnt == 0 && soacount == 0 && nscount != 0) {
dns_zone_log(zone, ISC_LOG_INFO,
"refresh: referral response "
"from master %s", master);
"from master %s (source %s)", master, source);