Commit b4ba66ba authored by Evan Hunt's avatar Evan Hunt

[master] "dnssec-signzone -N date"

3827.	[func]		"dnssec-signzone -N date" updates serial number
			to the current date in YYYYMMDDNN format.
			[RT #35800]
parent 3e574306
3827. [func] "dnssec-signzone -N date" updates serial number
to the current date in YYYYMMDDNN format.
[RT #35800]
3826. [bug] Corrected a use-after-free in isc_radix_remove().
(This function is not used in BIND, but could have
caused problems in programs linking to libisc.)
......
......@@ -64,6 +64,7 @@ BIND 9.11.0
- "serial-update-format" can now be set to "date". On update,
the serial number will be set to the current date in YYYYMMDDNN
format.
- "dnssec-signzone -N date" sets the serial number to YYYYMMDDNN.
BIND 9.10.0
......
......@@ -83,6 +83,7 @@
#include <dns/result.h>
#include <dns/soa.h>
#include <dns/time.h>
#include <dns/update.h>
#include <dst/dst.h>
......@@ -118,6 +119,7 @@ static int nsec_datatype = dns_rdatatype_nsec;
#define SOA_SERIAL_KEEP 0
#define SOA_SERIAL_INCREMENT 1
#define SOA_SERIAL_UNIXTIME 2
#define SOA_SERIAL_DATE 3
typedef struct signer_event sevent_t;
struct signer_event {
......@@ -1249,7 +1251,7 @@ get_soa_ttls(void) {
* Increment (or set if nonzero) the SOA serial
*/
static isc_result_t
setsoaserial(isc_uint32_t serial) {
setsoaserial(isc_uint32_t serial, dns_updatemethod_t method) {
isc_result_t result;
dns_dbnode_t *node = NULL;
dns_rdataset_t rdataset;
......@@ -1275,7 +1277,10 @@ setsoaserial(isc_uint32_t serial) {
old_serial = dns_soa_getserial(&rdata);
if (serial) {
if (method == dns_updatemethod_date ||
method == dns_updatemethod_unixtime) {
new_serial = dns_update_soaserial(old_serial, method);
} else if (serial != 0 || method == dns_updatemethod_none) {
/* Set SOA serial to the value provided. */
new_serial = serial;
} else {
......@@ -3524,6 +3529,8 @@ main(int argc, char *argv[]) {
serialformat = SOA_SERIAL_INCREMENT;
else if (strcasecmp(serialformatstr, "unixtime") == 0)
serialformat = SOA_SERIAL_UNIXTIME;
else if (strcasecmp(serialformatstr, "date") == 0)
serialformat = SOA_SERIAL_DATE;
else
fatal("unknown soa serial format: %s",
serialformatstr);
......@@ -3649,10 +3656,13 @@ main(int argc, char *argv[]) {
switch (serialformat) {
case SOA_SERIAL_INCREMENT:
setsoaserial(0);
setsoaserial(0, dns_updatemethod_increment);
break;
case SOA_SERIAL_UNIXTIME:
setsoaserial(now);
setsoaserial(now, dns_updatemethod_unixtime);
break;
case SOA_SERIAL_DATE:
setsoaserial(now, dns_updatemethod_date);
break;
case SOA_SERIAL_KEEP:
default:
......
......@@ -430,8 +430,8 @@
<para>
The SOA serial number format of the signed zone.
Possible formats are <command>"keep"</command> (default),
<command>"increment"</command> and
<command>"unixtime"</command>.
<command>"increment"</command>, <command>"unixtime"</command>,
and <command>"date"</command>.
</para>
<variablelist>
......@@ -457,6 +457,14 @@
since epoch.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>"date"</command></term>
<listitem>
<para>Set the SOA serial number to today's date in
YYYYMMDDNN format.</para>
</listitem>
</varlistentry>
</variablelist>
</listitem>
......
......@@ -1536,6 +1536,18 @@ awk '/^;/ { next; } $2 > 30 { exit 1; }' signer/signer.out.8 || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:checking dnssec-signzone -N date ($n)"
ret=0
(
cd signer
$SIGNER -O full -f signer.out.9 -S -N date -o example example2.db > /dev/null 2>&1
) || ret=1
now=`$PERL -e '@lt=localtime(); printf "%.4d%.2d%2d00\n",$lt[5]+1900,$lt[4]+1,$lt[3];'`
serial=`awk '/^;/ { next; } $4 == "SOA" { print $7 }' signer/signer.out.9`
[ "$now" -eq "$serial" ] || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:checking validated data are not cached longer than originalttl ($n)"
ret=0
$DIG $DIGOPTS +ttl +noauth a.ttlpatch.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
......
......@@ -344,13 +344,16 @@ typedef enum {
/*%
* DNS Serial Number Update Method.
*
* \li _none: Keep the current serial.
* \li _increment: Add one to the current serial, skipping 0.
* \li _unixtime: Set to the seconds since 00:00 Jan 1, 1970,
* if possible.
* \li _date: Set to YYYYMMDDVV: Year, Month, Day, Version
* \li _date: Set to today's date in YYYYMMDDVV format:
* (Year, Month, Day, Version)
*/
typedef enum {
dns_updatemethod_increment = 0,
dns_updatemethod_none = 0,
dns_updatemethod_increment,
dns_updatemethod_unixtime,
dns_updatemethod_date
} dns_updatemethod_t;
......
......@@ -1858,18 +1858,23 @@ epoch_to_yyyymmdd(time_t when) {
isc_uint32_t
dns_update_soaserial(isc_uint32_t serial, dns_updatemethod_t method) {
isc_stdtime_t now;
isc_uint32_t new_serial;
if (method == dns_updatemethod_unixtime) {
switch (method) {
case dns_updatemethod_none:
return (serial);
case dns_updatemethod_unixtime:
isc_stdtime_get(&now);
if (now != 0 && isc_serial_gt(now, serial))
return (now);
} else if (method == dns_updatemethod_date) {
isc_uint32_t new_serial;
break;
case dns_updatemethod_date:
isc_stdtime_get(&now);
new_serial = epoch_to_yyyymmdd((time_t) now) * 100;
if (new_serial != 0 && isc_serial_gt(new_serial, serial))
return (new_serial);
case dns_updatemethod_increment:
break;
}
/* RFC1982 */
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment