Commit 3071211d authored by Stephen Morris's avatar Stephen Morris
Browse files

[1604b] Merge branch 'master' into trac1604b

Conflicts:
	src/lib/datasrc/memory_datasrc.cc
parents b9aed5e8 6cba1c12
373. [bug] jinmei
libdatasrc: the in-memory data source incorrectly rejected loading
a zone containing a CNAME RR with RRSIG and/or NSEC.
(Trac #1551, git 76f823d42af55ce3f30a0d741fc9297c211d8b38)
372. [func] vorner
When the allocation of a socket fails for a different reason than the
socket not being provided by the OS, the b10-auth and b10-resolver abort,
as the system might be in inconsistent state after such error.
socket not being provided by the OS, the b10-auth and b10-resolver
abort, as the system might be in inconsistent state after such error.
(Trac #1543, git 49ac4659f15c443e483922bf9c4f2de982bae25d)
371. [bug] jelte
......
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>BIND 10 Guide</title><link rel="stylesheet" href="./bind10-guide.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><meta name="description" content="BIND 10 is a framework that features Domain Name System (DNS) suite and Dynamic Host Configuration Protocol (DHCP) servers managed by Internet Systems Consortium (ISC). It includes DNS libraries, modular components for controlling authoritative and recursive DNS servers, and experimental DHCPv4 and DHCPv6 servers. This is the reference guide for BIND 10 version 20111129. The most up-to-date version of this document (in PDF, HTML, and plain text formats), along with other documents for BIND 10, can be found at ."></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="book" title="BIND 10 Guide"><div class="titlepage"><div><div><h1 class="title"><a name="id1168229451102"></a>BIND 10 Guide</h1></div><div><h2 class="subtitle">Administrator Reference for BIND 10</h2></div><div><p class="releaseinfo">This is the reference guide for BIND 10 version
20111129.</p></div><div><p class="copyright">Copyright © 2010-2011 Internet Systems Consortium, Inc.</p></div><div><div class="abstract" title="Abstract"><p class="title"><b>Abstract</b></p><p>BIND 10 is a framework that features Domain Name System
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>BIND 10 Guide</title><link rel="stylesheet" href="./bind10-guide.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><meta name="description" content="BIND 10 is a framework that features Domain Name System (DNS) suite and Dynamic Host Configuration Protocol (DHCP) servers managed by Internet Systems Consortium (ISC). It includes DNS libraries, modular components for controlling authoritative and recursive DNS servers, and experimental DHCPv4 and DHCPv6 servers. This is the reference guide for BIND 10 version 20120127. The most up-to-date version of this document (in PDF, HTML, and plain text formats), along with other documents for BIND 10, can be found at ."></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="book" title="BIND 10 Guide"><div class="titlepage"><div><div><h1 class="title"><a name="id1168229451102"></a>BIND 10 Guide</h1></div><div><h2 class="subtitle">Administrator Reference for BIND 10</h2></div><div><p class="releaseinfo">This is the reference guide for BIND 10 version
20120127.</p></div><div><p class="copyright">Copyright © 2010-2012 Internet Systems Consortium, Inc.</p></div><div><div class="abstract" title="Abstract"><p class="title"><b>Abstract</b></p><p>BIND 10 is a framework that features Domain Name System
(DNS) suite and Dynamic Host Configuration Protocol (DHCP)
servers managed by Internet Systems Consortium (ISC). It
includes DNS libraries, modular components for controlling
authoritative and recursive DNS servers, and experimental DHCPv4
and DHCPv6 servers.
</p><p>
This is the reference guide for BIND 10 version 20111129.
This is the reference guide for BIND 10 version 20120127.
The most up-to-date version of this document (in PDF, HTML,
and plain text formats), along with other documents for
BIND 10, can be found at <a class="ulink" href="http://bind10.isc.org/docs" target="_top">http://bind10.isc.org/docs</a>.
......@@ -22,7 +22,7 @@
provides forwarding.
</p><p>
This guide covers the experimental prototype of
BIND 10 version 20111129.
BIND 10 version 20120127.
</p><div class="section" title="1.1. Supported Platforms"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id1168229451269"></a>1.1. Supported Platforms</h2></div></div></div><p>
BIND 10 builds have been tested on Debian GNU/Linux 5 and unstable,
Ubuntu 9.10, NetBSD 5, Solaris 10, FreeBSD 7 and 8, CentOS
......@@ -238,10 +238,10 @@
The leading development is done in the <span class="quote">&#8220;<span class="quote">master</span>&#8221;</span>.
</p><p>
The code can be checked out from
<code class="filename">git://bind10.isc.org/bind10</code>;
<code class="filename">git://git.bind10.isc.org/bind10</code>;
for example:
</p><pre class="screen">$ <strong class="userinput"><code>git clone git://bind10.isc.org/bind10</code></strong></pre><p>
</p><pre class="screen">$ <strong class="userinput"><code>git clone git://git.bind10.isc.org/bind10</code></strong></pre><p>
</p><p>
When checking out the code from
the code version control system, it doesn't include the
......@@ -1183,6 +1183,10 @@ eth0 fe80::21e:8cff:fe9b:7349
&gt; <strong class="userinput"><code>Stats show</code></strong>
{
"Auth": {
"opcode.iquery": 0,
"opcode.notify": 10,
"opcode.query": 869617,
...
"queries.tcp": 1749,
"queries.udp": 867868
},
......
......@@ -2,9 +2,9 @@
Administrator Reference for BIND 10
This is the reference guide for BIND 10 version 20111129.
This is the reference guide for BIND 10 version 20120127.
Copyright (c) 2010-2011 Internet Systems Consortium, Inc.
Copyright (c) 2010-2012 Internet Systems Consortium, Inc.
Abstract
......@@ -14,7 +14,7 @@ Administrator Reference for BIND 10
for controlling authoritative and recursive DNS servers, and experimental
DHCPv4 and DHCPv6 servers.
This is the reference guide for BIND 10 version 20111129. The most
This is the reference guide for BIND 10 version 20120127. The most
up-to-date version of this document (in PDF, HTML, and plain text
formats), along with other documents for BIND 10, can be found at
http://bind10.isc.org/docs.
......@@ -172,7 +172,7 @@ Chapter 1. Introduction
DNS. BIND 10 provides a EDNS0- and DNSSEC-capable authoritative DNS server
and a caching recursive name server which also provides forwarding.
This guide covers the experimental prototype of BIND 10 version 20111129.
This guide covers the experimental prototype of BIND 10 version 20120127.
1.1. Supported Platforms
......@@ -389,9 +389,10 @@ Chapter 2. Installation
system. This is powered by Git and all the BIND 10 development is public.
The leading development is done in the "master".
The code can be checked out from git://bind10.isc.org/bind10; for example:
The code can be checked out from git://git.bind10.isc.org/bind10; for
example:
$ git clone git://bind10.isc.org/bind10
$ git clone git://git.bind10.isc.org/bind10
When checking out the code from the code version control system, it
doesn't include the generated configure script, Makefile.in files, nor the
......@@ -1376,6 +1377,10 @@ Chapter 15. Statistics
> Stats show
{
"Auth": {
"opcode.iquery": 0,
"opcode.notify": 10,
"opcode.query": 869617,
...
"queries.tcp": 1749,
"queries.udp": 867868
},
......
......@@ -526,10 +526,10 @@ as a dependency earlier -->
</para>
<para>
The code can be checked out from
<filename>git://bind10.isc.org/bind10</filename>;
<filename>git://git.bind10.isc.org/bind10</filename>;
for example:
<screen>$ <userinput>git clone git://bind10.isc.org/bind10</userinput></screen>
<screen>$ <userinput>git clone git://git.bind10.isc.org/bind10</userinput></screen>
</para>
<para>
......
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>BIND 10 Messages Manual</title><link rel="stylesheet" href="./bind10-guide.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><meta name="description" content="BIND 10 is a Domain Name System (DNS) suite managed by Internet Systems Consortium (ISC). It includes DNS libraries and modular components for controlling authoritative and recursive DNS servers. This is the messages manual for BIND 10 version 20111129. The most up-to-date version of this document, along with other documents for BIND 10, can be found at ."></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="book" title="BIND 10 Messages Manual"><div class="titlepage"><div><div><h1 class="title"><a name="id1168229451102"></a>BIND 10 Messages Manual</h1></div><div><p class="releaseinfo">This is the messages manual for BIND 10 version
20111129.</p></div><div><p class="copyright">Copyright © 2011 Internet Systems Consortium, Inc.</p></div><div><div class="abstract" title="Abstract"><p class="title"><b>Abstract</b></p><p>BIND 10 is a Domain Name System (DNS) suite managed by
20111129.</p></div><div><p class="copyright">Copyright © 2011-2012 Internet Systems Consortium, Inc.</p></div><div><div class="abstract" title="Abstract"><p class="title"><b>Abstract</b></p><p>BIND 10 is a Domain Name System (DNS) suite managed by
Internet Systems Consortium (ISC). It includes DNS libraries
and modular components for controlling authoritative and
recursive DNS servers.
......
......@@ -18,7 +18,7 @@
<title>BIND 10 Messages Manual</title>
<copyright>
<year>2011</year><holder>Internet Systems Consortium, Inc.</holder>
<year>2011-2012</year><holder>Internet Systems Consortium, Inc.</holder>
</copyright>
<abstract>
......
......@@ -16,6 +16,13 @@ $NAMESPACE isc::datasrc
# \brief Messages for the data source library
% DATASRC_BAD_NSEC3_NAME NSEC3 record has a bad owner name '%1'
The software refuses to load NSEC3 records into a wildcard domain or
the owner name has two or more labels below the zone origin.
It isn't explicitly forbidden, but no sane zone wouldn have such names
for NSEC3. BIND 9 also refuses NSEC3 at wildcard, so this behavior is
compatible with BIND 9.
% DATASRC_CACHE_CREATE creating the hotspot cache
This is a debug message issued during startup when the hotspot cache
is created.
......@@ -143,6 +150,34 @@ were found to be different. This isn't allowed on the wire and is considered
an error, so we set it to the lowest value we found (but we don't modify the
database). The data in database should be checked and fixed.
% DATASRC_DATABASE_JOURNALREADER_END %1/%2 on %3 from %4 to %5
This is a debug message indicating that the program (successfully)
reaches the end of sequences of a zone's differences. The zone's name
and class, database name, and the start and end serials are shown in
the message.
% DATASRC_DATABASE_JOURNALREADER_NEXT %1/%2 in %3/%4 on %5
This is a debug message indicating that the program retrieves one
difference in difference sequences of a zone and successfully converts
it to an RRset. The zone's name and class, database name, and the
name and RR type of the retrieved diff are shown in the message.
% DATASRC_DATABASE_JOURNALREADER_START %1/%2 on %3 from %4 to %5
This is a debug message indicating that the program starts reading
a zone's difference sequences from a database-based data source. The
zone's name and class, database name, and the start and end serials
are shown in the message.
% DATASRC_DATABASE_JOURNALREADR_BADDATA failed to convert a diff to RRset in %1/%2 on %3 between %4 and %5: %6
This is an error message indicating that a zone's diff is broken and
the data source library failed to convert it to a valid RRset. The
most likely cause of this is that someone has manually modified the
zone's diff in the database and inserted invalid data as a result.
The zone's name and class, database name, and the start and end
serials, and an additional detail of the error are shown in the
message. The administrator should examine the diff in the database
to find any invalid data and fix it.
% DATASRC_DATABASE_NO_MATCH not match for %2/%3/%4 in %1
No match (not even a wildcard) was found in the named data source for the given
name/type/class in the data source.
......@@ -307,6 +342,14 @@ Debug information. The content of master file is being loaded into the memory.
% DATASRC_MEM_NOT_FOUND requested domain '%1' not found
Debug information. The requested domain does not exist.
% DATASRC_MEM_NO_NSEC3PARAM NSEC3PARAM is missing for NSEC3-signed zone %1/%2
The in-memory data source has loaded a zone signed with NSEC3 RRs,
but it doesn't have a NSEC3PARAM RR at the zone origin. It's likely that
the zone is somehow broken, but this RR is not necessarily needed for
handling lookups with NSEC3 in this data source, so it accepts the given
content of the zone. Nevertheless the administrator should look into
the integrity of the zone data.
% DATASRC_MEM_NS_ENCOUNTERED encountered a NS
Debug information. While searching for the requested domain, a NS was
encountered on the way (a delegation). This may lead to stop of the search.
......@@ -333,10 +376,12 @@ Some resource types are singletons -- only one is allowed in a domain
% DATASRC_MEM_SUCCESS query for '%1/%2' successful
Debug information. The requested record was found.
% DATASRC_MEM_SUPER_STOP stopped at superdomain '%1', domain '%2' is empty
Debug information. The search stopped at a superdomain of the requested
domain. The domain is an empty nonterminal, therefore it is treated as NXRRSET
case (eg. the domain exists, but it doesn't have the requested record type).
% DATASRC_MEM_SUPER_STOP stopped as '%1' is superdomain of a zone node, meaning it's empty
Debug information. The search stopped because the requested domain was
detected to be a superdomain of some existing node of zone (while there
was no exact match). This means that the domain is an empty nonterminal,
therefore it is treated as NXRRSET case (eg. the domain exists, but it
doesn't have the requested record type).
% DATASRC_MEM_SWAP swapping contents of two zone representations ('%1' and '%2')
Debug information. The contents of two in-memory zones are being exchanged.
......@@ -671,66 +716,3 @@ data source.
% DATASRC_UNEXPECTED_QUERY_STATE unexpected query state
This indicates a programming error. An internal task of unknown type was
generated.
% DATASRC_DATABASE_UPDATER_CREATED zone updater created for '%1/%2' on %3
Debug information. A zone updater object is created to make updates to
the shown zone on the shown backend database.
% DATASRC_DATABASE_UPDATER_DESTROYED zone updater destroyed for '%1/%2' on %3
Debug information. A zone updater object is destroyed, either successfully
or after failure of, making updates to the shown zone on the shown backend
database.
%DATASRC_DATABASE_UPDATER_ROLLBACK zone updates roll-backed for '%1/%2' on %3
A zone updater is being destroyed without committing the changes.
This would typically mean the update attempt was aborted due to some
error, but may also be a bug of the application that forgets committing
the changes. The intermediate changes made through the updater won't
be applied to the underlying database. The zone name, its class, and
the underlying database name are shown in the log message.
%DATASRC_DATABASE_UPDATER_ROLLBACKFAIL failed to roll back zone updates for '%1/%2' on %3: %4
A zone updater is being destroyed without committing the changes to
the database, and attempts to rollback incomplete updates, but it
unexpectedly fails. The higher level implementation does not expect
it to fail, so this means either a serious operational error in the
underlying data source (such as a system failure of a database) or
software bug in the underlying data source implementation. In either
case if this message is logged the administrator should carefully
examine the underlying data source to see what exactly happens and
whether the data is still valid. The zone name, its class, and the
underlying database name as well as the error message thrown from the
database module are shown in the log message.
% DATASRC_DATABASE_UPDATER_COMMIT updates committed for '%1/%2' on %3
Debug information. A set of updates to a zone has been successfully
committed to the corresponding database backend. The zone name,
its class and the database name are printed.
% DATASRC_DATABASE_JOURNALREADER_START %1/%2 on %3 from %4 to %5
This is a debug message indicating that the program starts reading
a zone's difference sequences from a database-based data source. The
zone's name and class, database name, and the start and end serials
are shown in the message.
% DATASRC_DATABASE_JOURNALREADER_NEXT %1/%2 in %3/%4 on %5
This is a debug message indicating that the program retrieves one
difference in difference sequences of a zone and successfully converts
it to an RRset. The zone's name and class, database name, and the
name and RR type of the retrieved diff are shown in the message.
% DATASRC_DATABASE_JOURNALREADER_END %1/%2 on %3 from %4 to %5
This is a debug message indicating that the program (successfully)
reaches the end of sequences of a zone's differences. The zone's name
and class, database name, and the start and end serials are shown in
the message.
% DATASRC_DATABASE_JOURNALREADR_BADDATA failed to convert a diff to RRset in %1/%2 on %3 between %4 and %5: %6
This is an error message indicating that a zone's diff is broken and
the data source library failed to convert it to a valid RRset. The
most likely cause of this is that someone has manually modified the
zone's diff in the database and inserted invalid data as a result.
The zone's name and class, database name, and the start and end
serials, and an additional detail of the error are shown in the
message. The administrator should examine the diff in the database
to find any invalid data and fix it.
This diff is collapsed.
......@@ -89,6 +89,16 @@ public:
virtual FindNSEC3Result
findNSEC3(const isc::dns::Name& name, bool recursive);
// A temporary fake version of findNSEC3 for tests
//
// This method intentionally has the same interface as findNSEC3 but
// uses internally hardcoded hash values and offers a limited set
// of functionality for the convenience of tests. This is a temporary
// workaround until #1577 is completed. At that point this method
// should be removed.
FindNSEC3Result
findNSEC3Tmp(const isc::dns::Name& name, bool recursive);
/// \brief Imelementation of the ZoneFinder::findPreviousName method
///
/// This one throws NotImplemented exception, as InMemory doesn't
......
......@@ -110,6 +110,8 @@ endif
EXTRA_DIST = testdata/brokendb.sqlite3
EXTRA_DIST += testdata/example.com.signed
EXTRA_DIST += testdata/example.org
EXTRA_DIST += testdata/example.org.nsec3-signed
EXTRA_DIST += testdata/example.org.nsec3-signed-noparam
EXTRA_DIST += testdata/example.org.sqlite3
EXTRA_DIST += testdata/example2.com
EXTRA_DIST += testdata/example2.com.sqlite3
......
example.org. 86400 IN SOA ns.example.org. ns.example.org. 2012013000 7200 3600 2592000 1200
example.org. 86400 IN RRSIG SOA 7 2 86400 20120301040838 20120131040838 19562 example.org. Jt9wCRLS5TQxZH0IBqrM9uMGD453rIoxYopfM9AjjRZfEx+HGlBpOZeR pGN7yLcN+URnicOD0ydLHiakaBODiZyNoYCKYG5d2ZOhL+026REnDKNM 0m5T3X3sczP+l55An/GITheTdrKt3Y1Ouc2yKI8ro8JjOxV/a4nGDWjK x9A=
example.org. 86400 IN NS ns.example.org.
example.org. 86400 IN RRSIG NS 7 2 86400 20120301040838 20120131040838 19562 example.org. gYXL3xK4IFdJU6TtiVuzqDBb2MeA8xB3AKtHlJGFTfTRNHyuej0ZGovx TeUYsLYmoiGYaJG66iD1tYYFq0qdj0xWq+LEa53ACtKvYf9IIwK4ijJs k0g6xCNavc6/qPppymDhN7MvoFVkW59uJa0HPWlsIIuRlEAr7xyt85vq yoA=
example.org. 86400 IN DNSKEY 256 3 7 AwEAAbrBkKf2gmGtG4aogZY4svIZCrOLLZlQzVHwz7WxJdTR8iEnvz/x Q/jReDroS5CBZWvzwLlhPIpsJAojx0oj0RvfJNsz3+6LN8q7x9u6+86B 85CYjTk3dcFOebgkF4fXr7/kkOX+ZY94Zk0Z1+pUC3eY4gkKcyME/Uxm O18PBTeB
example.org. 86400 IN RRSIG DNSKEY 7 2 86400 20120301040838 20120131040838 19562 example.org. d0eLF8JqNHaGuBSX0ashU5c1O/wyWU43UUsKGrMQIoBDiJ588MWQOnas rwvW6vdkLNqRqCsP/B4epV/EtLL0tBsk5SHkTYbNo80gGrBufQ6YrWRr Ile8Z+h+MR4y9DybbjmuNKqaO4uQMg/X6+4HqRAKx1lmZMTcrcVeOwDM ZA4=
example.org. 0 IN NSEC3PARAM 1 0 10 AABBCCDD
example.org. 0 IN RRSIG NSEC3PARAM 7 2 0 20120301040838 20120131040838 19562 example.org. Ggs5MiQDlXXt22Fz9DNg3Ujc0T6MBfumlRkd8/enBbJwLmqw2QXAzDEk pjUeGstCEHKzxJDJstavGoCpTDJgoV4Fd9szooMx69rzPrq9tdoM46jG xZHqw+Pv2fkRGC6aP7ZX1r3Qnpwpk47AQgATftbO4G6KcMcO8JoKE47x XLM=
ns.example.org. 86400 IN A 192.0.2.1
ns.example.org. 86400 IN RRSIG A 7 3 86400 20120301040838 20120131040838 19562 example.org. dOH+Dxib8VcGnjLrKILsqDhS1wki6BWk1dZwpOGUGHyLWcLNW8ygWY2o r29jPhHtaFCNWpn46JebgnXDPRiQjaY3dQqL8rcf2QX1e3+Cicw1OSrs S0sUDE5DmMNEac+ZCUQ0quCStZTCldl05hlspV2RS92TpApnoOK0nXMp Uak=
09GM5T42SMIMT7R8DF6RTG80SFMS1NLU.example.org. 1200 IN NSEC3 1 0 10 AABBCCDD RKOF8QMFRB5F2V9EJHFBVB2JPVSA0DJD A RRSIG
09GM5T42SMIMT7R8DF6RTG80SFMS1NLU.example.org. 1200 IN RRSIG NSEC3 7 3 1200 20120301040838 20120131040838 19562 example.org. EdwMeepLf//lV+KpCAN+213Scv1rrZyj4i2OwoCP4XxxS3CWGSuvYuKO yfZc8wKRcrD/4YG6nZVXE0s5O8NahjBJmDIyVt4WkfZ6QthxGg8ggLVv cD3dFksPyiKHf/WrTOZPSsxvN5m/i1Ey6+YWS01Gf3WDCMWDauC7Nmh3 CTM=
RKOF8QMFRB5F2V9EJHFBVB2JPVSA0DJD.example.org. 1200 IN NSEC3 1 0 10 AABBCCDD 09GM5T42SMIMT7R8DF6RTG80SFMS1NLU NS SOA RRSIG DNSKEY NSEC3PARAM
RKOF8QMFRB5F2V9EJHFBVB2JPVSA0DJD.example.org. 1200 IN RRSIG NSEC3 7 3 1200 20120301040838 20120131040838 19562 example.org. j7d8GL4YqX035FBcPPsEcSWHjWcKdlQMHLL4TB67xVNFnl4SEFQCp4OO AtPap5tkKakwgWxoQVN9XjnqrBz+oQhofDkB3aTatAjIIkcwcnrm3AYQ rTI3E03ySiRwuCPKVmHOLUV2cG6O4xzcmP+MYZcvPTS8V3F5LlaU22i7 A3E=
;; This file intentionally removes NSEC3PARAM from example.org.nsec3-signed
example.org. 86400 IN SOA ns.example.org. ns.example.org. 2012013000 7200 3600 2592000 1200
example.org. 86400 IN RRSIG SOA 7 2 86400 20120301040838 20120131040838 19562 example.org. Jt9wCRLS5TQxZH0IBqrM9uMGD453rIoxYopfM9AjjRZfEx+HGlBpOZeR pGN7yLcN+URnicOD0ydLHiakaBODiZyNoYCKYG5d2ZOhL+026REnDKNM 0m5T3X3sczP+l55An/GITheTdrKt3Y1Ouc2yKI8ro8JjOxV/a4nGDWjK x9A=
example.org. 86400 IN NS ns.example.org.
example.org. 86400 IN RRSIG NS 7 2 86400 20120301040838 20120131040838 19562 example.org. gYXL3xK4IFdJU6TtiVuzqDBb2MeA8xB3AKtHlJGFTfTRNHyuej0ZGovx TeUYsLYmoiGYaJG66iD1tYYFq0qdj0xWq+LEa53ACtKvYf9IIwK4ijJs k0g6xCNavc6/qPppymDhN7MvoFVkW59uJa0HPWlsIIuRlEAr7xyt85vq yoA=
example.org. 86400 IN DNSKEY 256 3 7 AwEAAbrBkKf2gmGtG4aogZY4svIZCrOLLZlQzVHwz7WxJdTR8iEnvz/x Q/jReDroS5CBZWvzwLlhPIpsJAojx0oj0RvfJNsz3+6LN8q7x9u6+86B 85CYjTk3dcFOebgkF4fXr7/kkOX+ZY94Zk0Z1+pUC3eY4gkKcyME/Uxm O18PBTeB
example.org. 86400 IN RRSIG DNSKEY 7 2 86400 20120301040838 20120131040838 19562 example.org. d0eLF8JqNHaGuBSX0ashU5c1O/wyWU43UUsKGrMQIoBDiJ588MWQOnas rwvW6vdkLNqRqCsP/B4epV/EtLL0tBsk5SHkTYbNo80gGrBufQ6YrWRr Ile8Z+h+MR4y9DybbjmuNKqaO4uQMg/X6+4HqRAKx1lmZMTcrcVeOwDM ZA4=
;; example.org. 0 IN NSEC3PARAM 1 0 10 AABBCCDD
;; example.org. 0 IN RRSIG NSEC3PARAM 7 2 0 20120301040838 20120131040838 19562 example.org. Ggs5MiQDlXXt22Fz9DNg3Ujc0T6MBfumlRkd8/enBbJwLmqw2QXAzDEk pjUeGstCEHKzxJDJstavGoCpTDJgoV4Fd9szooMx69rzPrq9tdoM46jG xZHqw+Pv2fkRGC6aP7ZX1r3Qnpwpk47AQgATftbO4G6KcMcO8JoKE47x XLM=
ns.example.org. 86400 IN A 192.0.2.1
ns.example.org. 86400 IN RRSIG A 7 3 86400 20120301040838 20120131040838 19562 example.org. dOH+Dxib8VcGnjLrKILsqDhS1wki6BWk1dZwpOGUGHyLWcLNW8ygWY2o r29jPhHtaFCNWpn46JebgnXDPRiQjaY3dQqL8rcf2QX1e3+Cicw1OSrs S0sUDE5DmMNEac+ZCUQ0quCStZTCldl05hlspV2RS92TpApnoOK0nXMp Uak=
09GM5T42SMIMT7R8DF6RTG80SFMS1NLU.example.org. 1200 IN NSEC3 1 0 10 AABBCCDD RKOF8QMFRB5F2V9EJHFBVB2JPVSA0DJD A RRSIG
09GM5T42SMIMT7R8DF6RTG80SFMS1NLU.example.org. 1200 IN RRSIG NSEC3 7 3 1200 20120301040838 20120131040838 19562 example.org. EdwMeepLf//lV+KpCAN+213Scv1rrZyj4i2OwoCP4XxxS3CWGSuvYuKO yfZc8wKRcrD/4YG6nZVXE0s5O8NahjBJmDIyVt4WkfZ6QthxGg8ggLVv cD3dFksPyiKHf/WrTOZPSsxvN5m/i1Ey6+YWS01Gf3WDCMWDauC7Nmh3 CTM=
RKOF8QMFRB5F2V9EJHFBVB2JPVSA0DJD.example.org. 1200 IN NSEC3 1 0 10 AABBCCDD 09GM5T42SMIMT7R8DF6RTG80SFMS1NLU NS SOA RRSIG DNSKEY NSEC3PARAM
RKOF8QMFRB5F2V9EJHFBVB2JPVSA0DJD.example.org. 1200 IN RRSIG NSEC3 7 3 1200 20120301040838 20120131040838 19562 example.org. j7d8GL4YqX035FBcPPsEcSWHjWcKdlQMHLL4TB67xVNFnl4SEFQCp4OO AtPap5tkKakwgWxoQVN9XjnqrBz+oQhofDkB3aTatAjIIkcwcnrm3AYQ rTI3E03ySiRwuCPKVmHOLUV2cG6O4xzcmP+MYZcvPTS8V3F5LlaU22i7 A3E=
......@@ -15,6 +15,7 @@
#include <stdint.h>
#include <cassert>
#include <cstring>
#include <string>
#include <vector>
......@@ -55,10 +56,10 @@ private:
static const uint8_t NSEC3_HASH_SHA1 = 1;
public:
NSEC3HashRFC5155(const generic::NSEC3PARAM& param) :
algorithm_(param.getHashalg()),
iterations_(param.getIterations()),
salt_(param.getSalt()), digest_(SHA1_HASHSIZE), obuf_(Name::MAX_WIRE)
NSEC3HashRFC5155(uint8_t algorithm, uint16_t iterations,
const vector<uint8_t>& salt) :
algorithm_(algorithm), iterations_(iterations),
salt_(salt), digest_(SHA1_HASHSIZE), obuf_(Name::MAX_WIRE)
{
if (algorithm_ != NSEC3_HASH_SHA1) {
isc_throw(UnknownNSEC3HashAlgorithm, "Unknown NSEC3 algorithm: " <<
......@@ -69,6 +70,11 @@ public:
virtual std::string calculate(const Name& name) const;
virtual bool match(const generic::NSEC3& nsec3) const;
virtual bool match(const generic::NSEC3PARAM& nsec3param) const;
bool match(uint8_t algorithm, uint16_t iterations,
const vector<uint8_t>& salt) const;
private:
const uint8_t algorithm_;
const uint16_t iterations_;
......@@ -115,6 +121,27 @@ NSEC3HashRFC5155::calculate(const Name& name) const {
return (encodeBase32Hex(digest_));
}
bool
NSEC3HashRFC5155::match(uint8_t algorithm, uint16_t iterations,
const vector<uint8_t>& salt) const
{
return (algorithm_ == algorithm && iterations_ == iterations &&
salt_.size() == salt.size() &&
(salt_.empty() || memcmp(&salt_[0], &salt[0], salt_.size()) == 0));
}
bool
NSEC3HashRFC5155::match(const generic::NSEC3& nsec3) const {
return (match(nsec3.getHashalg(), nsec3.getIterations(),
nsec3.getSalt()));
}
bool
NSEC3HashRFC5155::match(const generic::NSEC3PARAM& nsec3param) const {
return (match(nsec3param.getHashalg(), nsec3param.getIterations(),
nsec3param.getSalt()));
}
} // end of unnamed namespace
namespace isc {
......@@ -122,7 +149,14 @@ namespace dns {
NSEC3Hash*
NSEC3Hash::create(const generic::NSEC3PARAM& param) {
return (new NSEC3HashRFC5155(param));
return (new NSEC3HashRFC5155(param.getHashalg(), param.getIterations(),
param.getSalt()));
}
NSEC3Hash*
NSEC3Hash::create(const generic::NSEC3& nsec3) {
return (new NSEC3HashRFC5155(nsec3.getHashalg(), nsec3.getIterations(),
nsec3.getSalt()));
}
} // namespace dns
......
......@@ -25,6 +25,7 @@ class Name;
namespace rdata {
namespace generic {
class NSEC3;
class NSEC3PARAM;
}
}
......@@ -108,6 +109,12 @@ public:
/// \return A pointer to a concrete derived object of \c NSEC3Hash.
static NSEC3Hash* create(const rdata::generic::NSEC3PARAM& param);
/// \brief Factory method of NSECHash from NSEC3 RDATA.
///
/// This is similar to the other version, but extracts the parameters
/// for hash calculation from an NSEC3 RDATA object.
static NSEC3Hash* create(const rdata::generic::NSEC3& nsec3);
/// \brief The destructor.
virtual ~NSEC3Hash() {}
......@@ -123,6 +130,28 @@ public:
/// calculated.
/// \return Base32hex-encoded string of the hash value.
virtual std::string calculate(const Name& name) const = 0;
/// \brief Match given NSEC3 parameters with that of the hash.
///
/// This method compares NSEC3 parameters used for hash calculation
/// in the object with those in the given NSEC3 RDATA, and return
/// true iff they completely match. In the current implementation
/// only the algorithm, iterations and salt are compared; the flags
/// are ignored (as they don't affect hash calculation per RFC5155).
///
/// \throw None
///
/// \param nsec3 An NSEC3 RDATA object whose hash parameters are to be
/// matched
/// \return true If the given parameters match the local ones; false
/// otherwise.
virtual bool match(const rdata::generic::NSEC3& nsec3) const = 0;
/// \brief Match given NSEC3PARAM parameters with that of the hash.
///
/// This is similar to the other version, but extracts the parameters
/// to compare from an NSEC3PARAM RDATA object.
virtual bool match(const rdata::generic::NSEC3PARAM& nsec3param) const = 0;
};
}
......
......@@ -55,13 +55,24 @@ NSEC3Hash_init(PyObject* po_self, PyObject* args, PyObject*) {
if (PyArg_ParseTuple(args, "O", &po_rdata)) {
if (!PyRdata_Check(po_rdata)) {
PyErr_Format(PyExc_TypeError,
"param must be an Rdata of type NSEC3HASH, "
"not %.200s", po_rdata->ob_type->tp_name);
"param must be an Rdata of type NSEC3/NSEC3PARAM,"
" not %.200s", po_rdata->ob_type->tp_name);
return (-1);
}
const Rdata& rdata = PyRdata_ToRdata(po_rdata);
const generic::NSEC3PARAM* nsec3param =
dynamic_cast<const generic::NSEC3PARAM*>(&rdata);
const generic::NSEC3* nsec3 =
dynamic_cast<const generic::NSEC3*>(&rdata);
if (nsec3param != NULL) {
self->cppobj = NSEC3Hash::create(*nsec3param);
} else if (nsec3 != NULL) {
self->cppobj = NSEC3Hash::create(*nsec3);
} else {
PyErr_Format(PyExc_TypeError,
"param must be an Rdata of type NSEC3/NSEC3HASH");
return (-1);
}
self->cppobj = NSEC3Hash::create(
dynamic_cast<const generic::NSEC3PARAM&>(
PyRdata_ToRdata(po_rdata)));
return (0);
}
} catch (const UnknownNSEC3HashAlgorithm& ex) {
......@@ -118,6 +129,51 @@ NSEC3Hash_calculate(PyObject* po_self, PyObject* args) {
return (NULL);
}
PyObject*
NSEC3Hash_match(PyObject* po_self, PyObject* args) {
s_NSEC3Hash* const self = static_cast<s_NSEC3Hash*>(po_self);
try {
PyObject* po_rdata;
if (PyArg_ParseTuple(args, "O", &po_rdata)) {
if (!PyRdata_Check(po_rdata)) {
PyErr_Format(PyExc_TypeError,
"param must be an Rdata of type NSEC3/NSEC3PARAM,"
" not %.200s", po_rdata->ob_type->tp_name);
return (NULL);
}
const Rdata& rdata = PyRdata_ToRdata(po_rdata);
const generic::NSEC3PARAM* nsec3param =
dynamic_cast<const generic::NSEC3PARAM*>(&rdata);
const generic::NSEC3* nsec3 =
dynamic_cast<const generic::NSEC3*>(&rdata);
bool matched;
if (nsec3param != NULL) {
matched = self->cppobj->match(*nsec3param);
} else if (nsec3 != NULL) {
matched = self->cppobj->match(*nsec3);
} else {
PyErr_Format(PyExc_TypeError,
"param must be an Rdata of type NSEC3/NSEC3HASH");
return (NULL);
}
PyObject* ret = matched ? Py_True : Py_False;
Py_INCREF(ret);
return (ret);
}
} catch (const exception& ex) {
const string ex_what = "Unexpected failure in NSEC3Hash.match: " +
string(ex.what());
PyErr_SetString(po_IscException, ex_what.c_str());
return (NULL);
} catch (...) {
PyErr_SetString(PyExc_SystemError, "Unexpected C++ exception");
return (NULL);
}
return (NULL);
}
// This list contains the actual set of functions we have in
// python. Each entry has
// 1. Python method name
......@@ -126,6 +182,7 @@ NSEC3Hash_calculate(PyObject* po_self, PyObject* args) {
// 4. Documentation
PyMethodDef NSEC3Hash_methods[] = {
{ "calculate", NSEC3Hash_calculate, METH_VARARGS, NSEC3Hash_calculate_doc },
{ "match", NSEC3Hash_match, METH_VARARGS, NSEC3Hash_match_doc },
{ NULL, NULL, 0, NULL }
};
} // end of unnamed namespace
......
......@@ -10,7 +10,7 @@ NSEC3 hash values as defined in RFC5155.\n\
\n\
NSEC3Hash(param)\n\
\n\
Constructor from NSEC3PARAM RDATA.\n\
Constructor.\n\
\n\
The hash algorithm given via param must be known to the\n\
implementation. Otherwise UnknownNSEC3HashAlgorithm exception will\n\
......@@ -21,12 +21,13 @@ NSEC3Hash(param)\n\
unknown.\n\
\n\
Parameters:\n\
param NSEC3 parameters used for subsequent calculation.\n\
param NSEC3PARAM or NSEC3 Rdata object whose parameters are\n\
to be used for subsequent calculation.\n\
\n\
";
const char* const NSEC3Hash_calculate_doc = "\
calculate(Name) -> string\n\
calculate(name) -> string\n\
\n\
Calculate the NSEC3 hash.\n\
\n\
......@@ -42,4 +43,26 @@ Parameters:\n\
\n\
Return Value(s): Base32hex-encoded string of the hash value.\n\
";
const char* const NSEC3Hash_match_doc = "\
match(rdata) -> bool\n \
\n\
Match given NSEC3 or NSEC3PARAM parameters with that of the hash.\n\
\n\
This method compares NSEC3 parameters used for hash calculation in the\n\
object with those in the given RDATA, and return true iff they\n\
completely match. In the current implementation only the algorithm,\n\
iterations and salt are compared; the flags are ignored (as they don't\n\