3252. [bug] When master zones using inline-signing were

			updated while the server was offline, the source
			zone could fall out of sync with the signed
			copy. They can now resynchronize. [RT #26676]

CHANGES

+3252.	[bug]		When master zones using inline-signing were
+			updated while the server was offline, the source
+			zone could fall out of sync with the signed
+			copy. They can now resynchronize. [RT #26676]
+
 3251.	[bug]		Enforce a upper bound (65535 bytes) on the amount of
 			memory dns_sdlz_putrr() can allocate per record to
 			prevent run away memory consumption on ISC_R_NOSPACE.

bin/check/check-tool.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: check-tool.c,v 1.43 2011/12/09 23:47:02 tbox Exp $ */
+/* $Id: check-tool.c,v 1.44 2011/12/22 07:32:39 each Exp $ */
 
 /*! \file */
 
@@ -661,7 +661,6 @@ dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
 
 	result = dns_zone_dumptostream3(zone, output, fileformat, style,
 					rawversion);
-
 	if (output != stdout)
 		(void)isc_stdio_close(output);
 

bin/check/named-checkzone.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named-checkzone.c,v 1.63 2011/12/09 23:47:02 tbox Exp $ */
+/* $Id: named-checkzone.c,v 1.64 2011/12/22 07:32:39 each Exp $ */
 
 /*! \file */
 
@@ -39,6 +39,7 @@
 #include <dns/db.h>
 #include <dns/fixedname.h>
 #include <dns/log.h>
+#include <dns/master.h>
 #include <dns/masterdump.h>
 #include <dns/name.h>
 #include <dns/rdataclass.h>
@@ -112,8 +113,11 @@ main(int argc, char **argv) {
 	const char *outputformatstr = NULL;
 	dns_masterformat_t inputformat = dns_masterformat_text;
 	dns_masterformat_t outputformat = dns_masterformat_text;
-	isc_uint32_t rawversion = 1;
+	dns_masterrawheader_t header;
+	isc_uint32_t rawversion = 1, serialnum = 0;
+	isc_boolean_t snset = ISC_FALSE;
 	FILE *errout = stdout;
+	char *endp;
 
 	outputstyle = &dns_master_style_full;
 
@@ -157,7 +161,7 @@ main(int argc, char **argv) {
 	isc_commandline_errprint = ISC_FALSE;
 
 	while ((c = isc_commandline_parse(argc, argv,
-				       "c:df:hi:jk:m:n:qr:s:t:o:vw:DF:M:S:W:"))
+			       "c:df:hi:jk:L:m:n:qr:s:t:o:vw:DF:M:S:W:"))
 	       != EOF) {
 		switch (c) {
 		case 'c':
@@ -235,6 +239,17 @@ main(int argc, char **argv) {
 			}
 			break;
 
+		case 'L':
+			snset = ISC_TRUE;
+			endp = NULL;
+			serialnum = strtol(isc_commandline_argument, &endp, 0);
+			if (*endp != '\0') {
+				fprintf(stderr, "source serial number "
+						"must be numeric");
+				exit(1);
+			}
+			break;
+
 		case 'n':
 			if (ARGCMP("ignore")) {
 				zone_options &= ~(DNS_ZONEOPT_CHECKNS|
@@ -477,6 +492,13 @@ main(int argc, char **argv) {
 	result = load_zone(mctx, origin, filename, inputformat, classname,
 			   &zone);
 
+	if (snset) {
+		dns_master_initrawheader(&header);
+		header.flags = DNS_MASTERRAW_SOURCESERIALSET;
+		header.sourceserial = serialnum;
+		dns_zone_setrawdata(zone, &header);
+	}
+
 	if (result == ISC_R_SUCCESS && dumpzone) {
 		if (!quiet && progmode == progmode_compile) {
 			fprintf(errout, "dump zone to %s...", output_filename);

bin/check/named-checkzone.docbook

@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: named-checkzone.docbook,v 1.43 2011/12/09 23:47:02 tbox Exp $ -->
+<!-- $Id: named-checkzone.docbook,v 1.44 2011/12/22 07:32:39 each Exp $ -->
 <refentry id="man.named-checkzone">
   <refentryinfo>
     <date>June 13, 2000</date>
@@ -71,6 +71,7 @@
       <arg><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
       <arg><option>-M <replaceable class="parameter">mode</replaceable></option></arg>
       <arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
+      <arg><option>-L <replaceable class="parameter">serial</replaceable></option></arg>
       <arg><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
       <arg><option>-r <replaceable class="parameter">mode</replaceable></option></arg>
       <arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
@@ -96,6 +97,7 @@
       <arg><option>-k <replaceable class="parameter">mode</replaceable></option></arg>
       <arg><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
       <arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
+      <arg><option>-L <replaceable class="parameter">serial</replaceable></option></arg>
       <arg><option>-r <replaceable class="parameter">mode</replaceable></option></arg>
       <arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
       <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
@@ -280,6 +282,17 @@
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term>-L <replaceable class="parameter">serial</replaceable></term>
+        <listitem>
+          <para>
+            When compiling a zone to 'raw' format, set the "source serial" 
+            value in the header to the specified serial number.  (This is
+            expected to be used primarily for testing purposes.)
+          </para>
+        </listitem>
+      </varlistentry>
+
       <varlistentry>
         <term>-m <replaceable class="parameter">mode</replaceable></term>
         <listitem>

bin/dnssec/dnssec-signzone.c

@@ -29,7 +29,7 @@
  * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssec-signzone.c,v 1.284 2011/12/08 23:45:02 marka Exp $ */
+/* $Id: dnssec-signzone.c,v 1.285 2011/12/22 07:32:39 each Exp $ */
 
 /*! \file */
 
@@ -139,7 +139,8 @@ static char *tempfile = NULL;
 static const dns_master_style_t *masterstyle;
 static dns_masterformat_t inputformat = dns_masterformat_text;
 static dns_masterformat_t outputformat = dns_masterformat_text;
-static unsigned int rawversion = 1;
+static isc_uint32_t rawversion = 1, serialnum = 0;
+static isc_boolean_t snset = ISC_FALSE;
 static unsigned int nsigned = 0, nretained = 0, ndropped = 0;
 static unsigned int nverified = 0, nverifyfailed = 0;
 static const char *directory = NULL, *dsdir = NULL;
@@ -3470,7 +3471,7 @@ main(int argc, char *argv[]) {
 	isc_boolean_t set_iter = ISC_FALSE;
 
 #define CMDLINE_FLAGS \
-	"3:AaCc:Dd:E:e:f:FghH:i:I:j:K:k:l:m:n:N:o:O:PpRr:s:ST:tuUv:X:xz"
+	"3:AaCc:Dd:E:e:f:FghH:i:I:j:K:k:L:l:m:n:N:o:O:PpRr:s:ST:tuUv:X:xz"
 
 	/*
 	 * Process memory debugging argument first.
@@ -3620,6 +3621,17 @@ main(int argc, char *argv[]) {
 			dskeyfile[ndskeys++] = isc_commandline_argument;
 			break;
 
+		case 'L':
+			snset = ISC_TRUE;
+			endp = NULL;
+			serialnum = strtol(isc_commandline_argument, &endp, 0);
+			if (*endp != '\0') {
+				fprintf(stderr, "source serial number "
+						"must be numeric");
+				exit(1);
+			}
+			break;
+
 		case 'l':
 			len = strlen(isc_commandline_argument);
 			isc_buffer_init(&b, isc_commandline_argument, len);
@@ -4077,6 +4089,10 @@ main(int argc, char *argv[]) {
 		dns_master_initrawheader(&header);
 		if (rawversion == 0U)
 			header.flags = DNS_MASTERRAW_COMPAT;
+		else if (snset) {
+			header.flags = DNS_MASTERRAW_SOURCESERIALSET;
+			header.sourceserial = serialnum;
+		}
 		result = dns_master_dumptostream3(mctx, gdb, gversion,
 						  masterstyle, outputformat,
 						  &header, fp);

bin/dnssec/dnssec-signzone.docbook

@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: dnssec-signzone.docbook,v 1.51 2011/12/08 16:07:20 each Exp $ -->
+<!-- $Id: dnssec-signzone.docbook,v 1.52 2011/12/22 07:32:40 each Exp $ -->
 <refentry id="man.dnssec-signzone">
   <refentryinfo>
     <date>June 05, 2009</date>
@@ -69,6 +69,7 @@
       <arg><option>-h</option></arg>
       <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
       <arg><option>-k <replaceable class="parameter">key</replaceable></option></arg>
+      <arg><option>-L <replaceable class="parameter">serial</replaceable></option></arg>
       <arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
       <arg><option>-i <replaceable class="parameter">interval</replaceable></option></arg>
       <arg><option>-I <replaceable class="parameter">input-format</replaceable></option></arg>
@@ -371,6 +372,17 @@
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term>-L <replaceable class="parameter">serial</replaceable></term>
+        <listitem>
+          <para>
+            When writing a signed zone to 'raw' format, set the "source serial" 
+            value in the header to the specified serial number.  (This is
+            expected to be used primarily for testing purposes.)
+          </para>
+        </listitem>
+      </varlistentry>
+
       <varlistentry>
         <term>-n <replaceable class="parameter">ncpus</replaceable></term>
         <listitem>

bin/named/update.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: update.c,v 1.198 2011/10/28 06:20:04 each Exp $ */
+/* $Id: update.c,v 1.199 2011/12/22 07:32:40 each Exp $ */
 
 #include <config.h>
 
@@ -3095,7 +3095,7 @@ update_action(isc_task_t *task, isc_event_t *event) {
 
 			journal = NULL;
 			result = dns_journal_open(mctx, journalfile,
-						  ISC_TRUE, &journal);
+						  DNS_JOURNAL_CREATE, &journal);
 			if (result != ISC_R_SUCCESS)
 				FAILS(result, "journal open failed");
 

bin/named/xfrout.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: xfrout.c,v 1.143 2011/12/01 00:53:58 marka Exp $ */
+/* $Id: xfrout.c,v 1.144 2011/12/22 07:32:40 each Exp $ */
 
 #include <config.h>
 
@@ -252,7 +252,7 @@ ixfr_rrstream_create(isc_mem_t *mctx,
 	s->journal = NULL;
 
 	CHECK(dns_journal_open(mctx, journal_filename,
-			       ISC_FALSE, &s->journal));
+			       DNS_JOURNAL_READ, &s->journal));
 	CHECK(dns_journal_iter_init(s->journal, begin_serial, end_serial));
 
 	*sp = (rrstream_t *) s;

bin/tests/system/inline/clean.sh

@@ -12,13 +12,14 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: clean.sh,v 1.7 2011/12/02 02:44:01 marka Exp $
+# $Id: clean.sh,v 1.8 2011/12/22 07:32:40 each Exp $
 
 rm -f */named.memstats
 rm -f */named.run
 rm -f */trusted.conf
 rm -f ns1/K*
 rm -f ns1/dsset-*
+rm -f ns3/dsset-*
 rm -f ns1/root.db
 rm -f ns1/root.db.signed
 rm -f ns2/bits.db
@@ -40,6 +41,10 @@ rm -f ns3/dynamic.db
 rm -f ns3/dynamic.db.jnl
 rm -f ns3/dynamic.db.signed
 rm -f ns3/dynamic.db.signed.jnl
+rm -f ns3/updated.db
+rm -f ns3/updated.db.jnl
+rm -f ns3/updated.db.signed
+rm -f ns3/updated.db.signed.jnl
 rm -f ns4/K*
 rm -f ns4/noixfr.db
 rm -f ns4/noixfr.db.jnl

bin/tests/system/inline/ns1/root.db.in

@@ -12,7 +12,7 @@
 ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 ; PERFORMANCE OF THIS SOFTWARE.
 
-; $Id: root.db.in,v 1.4 2011/10/26 20:56:45 marka Exp $
+; $Id: root.db.in,v 1.5 2011/12/22 07:32:40 each Exp $
 
 $TTL 300
 . 			IN SOA	gson.nominum.com. a.root.servers.nil. (
@@ -38,3 +38,6 @@ ns3.master.		A	10.53.0.3
 
 dynamic.			NS	ns3.dynamic.
 ns3.dynamic.		A	10.53.0.3
+
+updated.			NS	ns3.updated.
+ns3.updated.		A	10.53.0.3

bin/tests/system/inline/ns1/sign.sh

@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: sign.sh,v 1.2 2011/10/25 01:54:20 marka Exp $
+# $Id: sign.sh,v 1.3 2011/12/22 07:32:40 each Exp $
 
 SYSTEMTESTTOP=../..
 . $SYSTEMTESTTOP/conf.sh
@@ -26,7 +26,7 @@ rm -f K.+*+*.key
 rm -f K.+*+*.private
 keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
 keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
-$SIGNER -S -x -T 1200 -o ${zone} root.db
+$SIGNER -S -x -T 1200 -o ${zone} root.db > /dev/null 2>&1
 
 cat ${keyname}.key | grep -v '^; ' | $PERL -n -e '
 local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;

bin/tests/system/inline/ns3/named.conf

@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named.conf,v 1.4 2011/10/26 20:56:45 marka Exp $ */
+/* $Id: named.conf,v 1.5 2011/12/22 07:32:40 each Exp $ */
 
 // NS3
 
@@ -70,3 +70,11 @@ zone "dynamic" {
 	allow-update { any; };
 	file "dynamic.db";
 };
+
+zone "updated" {
+	type master;
+	inline-signing yes;
+	auto-dnssec maintain;
+	allow-update { none; };
+	file "updated.db";
+};

bin/tests/system/inline/ns3/sign.sh

@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: sign.sh,v 1.4 2011/10/26 20:56:45 marka Exp $
+# $Id: sign.sh,v 1.5 2011/12/22 07:32:40 each Exp $
 
 SYSTEMTESTTOP=../..
 . $SYSTEMTESTTOP/conf.sh
@@ -48,3 +48,12 @@ rm -f K${zone}.+*+*.private
 keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
 keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
 $DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
+
+zone=updated
+rm -f K${zone}.+*+*.key
+rm -f K${zone}.+*+*.private
+keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
+keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
+$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
+$SIGNER -S -O raw -L 2000042407 -o ${zone} ${zone}.db > /dev/null 2>&1
+cp master2.db.in updated.db

bin/tests/system/inline/setup.sh

@@ -12,7 +12,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: setup.sh,v 1.7 2011/12/09 22:09:25 marka Exp $
+# $Id: setup.sh,v 1.8 2011/12/22 07:32:40 each Exp $
 
 sh clean.sh
 
@@ -45,6 +45,7 @@ rm -f ns3/dynamic.db.signed.jnl
 
 cp ns3/master.db.in ns3/master.db
 cp ns3/master.db.in ns3/dynamic.db
+cp ns3/master.db.in ns3/updated.db
 
 touch ns4/trusted.conf
 cp ns4/noixfr.db.in ns4/noixfr.db

bin/tests/system/inline/tests.sh

@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: tests.sh,v 1.10 2011/12/19 23:46:13 marka Exp $
+# $Id: tests.sh,v 1.11 2011/12/22 07:32:40 each Exp $
 
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
@@ -353,6 +353,27 @@ do
 done
 if [ $ret != 0 ]; then echo "I:failed"; fi
 
+n=`expr $n + 1`
+echo "I:checking master zone that was updated while offline is correct ($n)"
+ret=0
+serial=`$DIG $DIGOPTS +short @10.53.0.3 -p 5300 updated SOA | awk '{print $3}'`
+# serial should have changed
+[ "$serial" = "2000042407" ] && ret=1
+# e.updated should exist and should be signed
+$DIG $DIGOPTS @10.53.0.3 -p 5300 e.updated A > dig.out.ns3.test$n
+grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
+grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1
+# updated.db.signed.jnl should exist, should have the source serial
+# of master2.db, and should show a minimal diff: no more than 8 added
+# records (SOA/RRSIG, 2 x NSEC/RRSIG, A/RRSIG), and 4 removed records
+# (SOA/RRSIG, NSEC/RRSIG).
+serial=`$JOURNALPRINT ns3/updated.db.signed.jnl | head -1 | awk '{print $4}'`
+[ "$serial" = "2000042408" ] || ret=1
+diffsize=`$JOURNALPRINT ns3/updated.db.signed.jnl | wc -l`
+[ "$diffsize" -le 13 ] || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 n=`expr $n + 1`
 echo "I:checking adding of record to unsigned master using UPDATE ($n)"
 ret=0

bin/tests/system/masterformat/clean.sh

@@ -14,11 +14,12 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: clean.sh,v 1.9 2011/12/08 16:07:20 each Exp $
+# $Id: clean.sh,v 1.10 2011/12/22 07:32:40 each Exp $
 
 rm -f named-compilezone
 rm -f ns1/example.db.raw*
 rm -f ns1/example.db.compat
+rm -f ns1/example.db.serial.raw
 rm -f ns2/example.db
 rm -f dig.out.*
 rm -f */named.memstats

bin/tests/system/masterformat/ns1/compile.sh

@@ -12,7 +12,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: compile.sh,v 1.8 2011/12/09 23:47:03 tbox Exp $
+# $Id: compile.sh,v 1.9 2011/12/22 07:32:40 each Exp $
 
 ../named-compilezone -D -F raw -o example.db.raw example \
         example.db > /dev/null 2>&1
@@ -20,3 +20,5 @@
         example.db > /dev/null 2>&1
 ../named-compilezone -D -F raw=0 -o example.db.compat example-compat \
         example.db > /dev/null 2>&1
+../named-compilezone -D -F raw -L 3333 -o example.db.serial.raw example \
+        example.db > /dev/null 2>&1

bin/tests/system/masterformat/tests.sh

@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: tests.sh,v 1.8 2011/12/08 16:07:20 each Exp $
+# $Id: tests.sh,v 1.9 2011/12/22 07:32:40 each Exp $
 
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
@@ -28,11 +28,24 @@ israw () {
 
 rawversion () {
     perl -e '$input = <STDIN>;
-             if (length($input) < 2) { print "not raw\n"; exit 0; };
+             if (length($input) < 8) { print "not raw\n"; exit 0; };
              ($style, $version) = unpack("NN", $input);
              print ($style == 2 ? "$version\n" : "not raw\n");' < $1
 }
 
+sourceserial () {
+    perl -e '$input = <STDIN>;
+             if (length($input) < 20) { print "UNSET\n"; exit; };
+             ($format, $version, $dumptime, $flags, $sourceserial) = 
+                     unpack("NNNNN", $input);
+             if ($format != 2 || $version <  1) { print "UNSET\n"; exit; };
+             if ($flags & 02) {
+                     print $sourceserial . "\n";
+             } else {
+                     print "UNSET\n";
+             }' < $1
+}
+
 DIGOPTS="+tcp +noauth +noadd +nosea +nostat +noquest +nocomm +nocmd"
 
 status=0
@@ -62,6 +75,13 @@ israw ns1/example.db.compat || ret=1
 [ $ret -eq 0 ] || echo "I:failed"
 status=`expr $status + $ret`
 
+echo "I:checking source serial numbers"
+ret=0
+[ "`sourceserial ns1/example.db.raw`" = "UNSET" ] || ret=1
+[ "`sourceserial ns1/example.db.serial.raw`" = "3333" ] || ret=1
+[ $ret -eq 0 ] || echo "I:failed"
+status=`expr $status + $ret`
+
 echo "I:waiting for transfers to complete"
 sleep 1
 

lib/dns/include/dns/journal.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: journal.h,v 1.42 2011/12/05 23:46:35 tbox Exp $ */
+/* $Id: journal.h,v 1.43 2011/12/22 07:32:41 each Exp $ */
 
 #ifndef DNS_JOURNAL_H
 #define DNS_JOURNAL_H 1
@@ -106,7 +106,7 @@ dns_journal_open(isc_mem_t *mctx, const char *filename, unsigned int mode,
  *
  * DNS_JOURNAL_CREATE open the journal for reading and writing and create
  * the journal if it does not exist.
- * DNS_JOURNAL_WRITE open the journal for readinge and writing.
+ * DNS_JOURNAL_WRITE open the journal for reading and writing.
  * DNS_JOURNAL_READ open the journal for reading only.
  */
 
@@ -293,12 +293,15 @@ dns_journal_compact(isc_mem_t *mctx, char *filename, isc_uint32_t serial,
  * exists and is non-empty 'serial' must exist in the journal.
  */
 
-isc_uint32_t
-dns_journal_get_sourceserial(dns_journal_t *j);
+isc_boolean_t
+dns_journal_get_sourceserial(dns_journal_t *j, isc_uint32_t *sourceserial);
 void
 dns_journal_set_sourceserial(dns_journal_t *j, isc_uint32_t sourceserial);
 /*%<
  * Get and set source serial.
+ *
+ * Returns:
+ *	 ISC_TRUE if sourceserial has previously been set.
  */
 
 ISC_LANG_ENDDECLS

lib/dns/include/dns/zone.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zone.h,v 1.198 2011/12/08 16:07:21 each Exp $ */
+/* $Id: zone.h,v 1.199 2011/12/22 07:32:41 each Exp $ */
 
 #ifndef DNS_ZONE_H
 #define DNS_ZONE_H 1
@@ -32,6 +32,7 @@
 #include <isc/lang.h>
 #include <isc/rwlock.h>
 
+#include <dns/master.h>
 #include <dns/masterdump.h>
 #include <dns/rdatastruct.h>
 #include <dns/types.h>
@@ -2029,6 +2030,13 @@ dns_zone_setnsec3param(dns_zone_t *zone, isc_uint8_t hash, isc_uint8_t flags,
  * Requires:
  * \li	'zone' to be valid.
  */
+
+void
+dns_zone_setrawdata(dns_zone_t *zone, dns_masterrawheader_t *header);
+/*%
+ * Set the data to be included in the header when the zone is dumped in
+ * binary format.
+ */
 ISC_LANG_ENDDECLS
 
 #endif /* DNS_ZONE_H */

lib/dns/journal.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: journal.c,v 1.119 2011/12/05 23:46:35 tbox Exp $ */
+/* $Id: journal.c,v 1.120 2011/12/22 07:32:41 each Exp $ */
 
 #include <config.h>
 
@@ -111,6 +111,8 @@ static isc_boolean_t bind8_compat = ISC_TRUE; /* XXX config */
 		if (result != ISC_R_SUCCESS) goto failure; 	\
 	} while (0)
 
+#define JOURNAL_SERIALSET	0x01U
+
 static isc_result_t index_to_disk(dns_journal_t *);
 
 static inline isc_uint32_t
@@ -215,6 +217,7 @@ typedef union {
 		unsigned char 		index_size[4];
 		/*% Source serial number. */
 		unsigned char           sourceserial[4];
+		unsigned char           flags;
 	} h;
 	/* Pad the header to a fixed size. */
 	unsigned char pad[JOURNAL_HEADER_SIZE];
@@ -255,6 +258,7 @@ typedef struct {
 	journal_pos_t 	end;
 	isc_uint32_t	index_size;
 	isc_uint32_t	sourceserial;
+	isc_boolean_t	serialset;
 } journal_header_t;
 
 /*%
@@ -287,7 +291,7 @@ typedef struct {
  */
 
 static journal_header_t
-initial_journal_header = { ";BIND LOG V9\n", { 0, 0 }, { 0, 0 }, 0, 0 };
+initial_journal_header = { ";BIND LOG V9\n", { 0, 0 }, { 0, 0 }, 0, 0, 0 };
 
 #define JOURNAL_EMPTY(h) ((h)->begin.offset == (h)->end.offset)
 
@@ -358,10 +362,13 @@ journal_header_decode(journal_rawheader_t *raw, journal_header_t *cooked) {
 	journal_pos_decode(&raw->h.end, &cooked->end);
 	cooked->index_size = decode_uint32(raw->h.index_size);
 	cooked->sourceserial = decode_uint32(raw->h.sourceserial);
+	cooked->serialset = ISC_TF(raw->h.flags & JOURNAL_SERIALSET);
 }
 
 static void
 journal_header_encode(journal_header_t *cooked, journal_rawheader_t *raw) {
+	unsigned char flags = 0;
+
 	INSIST(sizeof(cooked->format) == sizeof(raw->h.format));
 	memset(raw->pad, 0, sizeof(raw->pad));
 	memcpy(raw->h.format, cooked->format, sizeof(raw->h.format));
@@ -369,6 +376,9 @@ journal_header_encode(journal_header_t *cooked, journal_rawheader_t *raw) {
 	journal_pos_encode(&raw->h.end, &cooked->end);
 	encode_uint32(cooked->index_size, raw<