Commit deefb84c authored by chenzhengzhang's avatar chenzhengzhang
Browse files

Merge branch 'master' into trac1113

Conflicts:
	src/lib/dns/Makefile.am
	src/lib/util/python/gen_wiredata.py.in
parents 83f8d6de 485e0ba7
279. [func] jerry
libdns++: Implement the AFSDB rrtype according to RFC1183.
(Trac #1114, git ce052cd92cd128ea3db5a8f154bd151956c2920c)
278. [doc] jelte
Add logging configuration documentation to the guide.
(Trac #1011, git 2cc500af0929c1f268aeb6f8480bc428af70f4c4)
277. [func] jerry
Implement the SRV rrtype according to RFC2782.
libdns++: Implement the SRV rrtype according to RFC2782.
(Trac #1128, git 5fd94aa027828c50e63ae1073d9d6708e0a9c223)
276. [func] stephen
......
......@@ -8,10 +8,10 @@ for serving, maintaining, and developing DNS.
BIND10-devel is new development leading up to the production
BIND 10 release. It contains prototype code and experimental
interfaces. Nevertheless it is ready to use now for testing the
new BIND 10 infrastructure ideas. The Year 2 milestones of the
five year plan are described here:
new BIND 10 infrastructure ideas. The Year 3 goals of the five
year plan are described here:
https://bind10.isc.org/wiki/Year2Milestones
http://bind10.isc.org/wiki/Year3Goals
This release includes the bind10 master process, b10-msgq message
bus, b10-auth authoritative DNS server (with SQLite3 and in-memory
......@@ -67,8 +67,8 @@ e.g.,
Operating-System specific tips:
- FreeBSD
You may need to install a python binding for sqlite3 by hand. A
sample procedure is as follows:
You may need to install a python binding for sqlite3 by hand.
A sample procedure is as follows:
- add the following to /etc/make.conf
PYTHON_VERSION=3.1
- build and install the python binding from ports, assuming the top
......
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
......@@ -122,6 +122,24 @@
}
]
}
],
"statistics": [
{
"item_name": "queries.tcp",
"item_type": "integer",
"item_optional": false,
"item_default": 0,
"item_title": "Queries TCP ",
"item_description": "A number of total query counts which all auth servers receive over TCP since they started initially"
},
{
"item_name": "queries.udp",
"item_type": "integer",
"item_optional": false,
"item_default": 0,
"item_title": "Queries UDP",
"item_description": "A number of total query counts which all auth servers receive over UDP since they started initially"
}
]
}
}
......@@ -2,12 +2,12 @@
.\" Title: b10-auth
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
.\" Date: March 8, 2011
.\" Date: August 11, 2011
.\" Manual: BIND10
.\" Source: BIND10
.\" Language: English
.\"
.TH "B10\-AUTH" "8" "March 8, 2011" "BIND10" "BIND10"
.TH "B10\-AUTH" "8" "August 11, 2011" "BIND10" "BIND10"
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
......@@ -70,18 +70,6 @@ defines the path to the SQLite3 zone file when using the sqlite datasource\&. Th
/usr/local/var/bind10\-devel/zone\&.sqlite3\&.
.PP
\fIlisten_on\fR
is a list of addresses and ports for
\fBb10\-auth\fR
to listen on\&. The list items are the
\fIaddress\fR
string and
\fIport\fR
number\&. By default,
\fBb10\-auth\fR
listens on port 53 on the IPv6 (::) and IPv4 (0\&.0\&.0\&.0) wildcard addresses\&.
.PP
\fIdatasources\fR
configures data sources\&. The list items include:
\fItype\fR
......@@ -114,6 +102,18 @@ In this development version, currently this is only used for the memory data sou
.RE
.PP
\fIlisten_on\fR
is a list of addresses and ports for
\fBb10\-auth\fR
to listen on\&. The list items are the
\fIaddress\fR
string and
\fIport\fR
number\&. By default,
\fBb10\-auth\fR
listens on port 53 on the IPv6 (::) and IPv4 (0\&.0\&.0\&.0) wildcard addresses\&.
.PP
\fIstatistics\-interval\fR
is the timer interval in seconds for
\fBb10\-auth\fR
......@@ -164,6 +164,25 @@ immediately\&.
\fBshutdown\fR
exits
\fBb10\-auth\fR\&. (Note that the BIND 10 boss process will restart this service\&.)
.SH "STATISTICS DATA"
.PP
The statistics data collected by the
\fBb10\-stats\fR
daemon include:
.PP
auth\&.queries\&.tcp
.RS 4
Total count of queries received by the
\fBb10\-auth\fR
server over TCP since startup\&.
.RE
.PP
auth\&.queries\&.udp
.RS 4
Total count of queries received by the
\fBb10\-auth\fR
server over UDP since startup\&.
.RE
.SH "FILES"
.PP
......
......@@ -20,7 +20,7 @@
<refentry>
<refentryinfo>
<date>March 8, 2011</date>
<date>August 11, 2011</date>
</refentryinfo>
<refmeta>
......@@ -131,15 +131,6 @@
<filename>/usr/local/var/bind10-devel/zone.sqlite3</filename>.
</para>
<para>
<varname>listen_on</varname> is a list of addresses and ports for
<command>b10-auth</command> to listen on.
The list items are the <varname>address</varname> string
and <varname>port</varname> number.
By default, <command>b10-auth</command> listens on port 53
on the IPv6 (::) and IPv4 (0.0.0.0) wildcard addresses.
</para>
<para>
<varname>datasources</varname> configures data sources.
The list items include:
......@@ -164,6 +155,15 @@
</simpara></note>
</para>
<para>
<varname>listen_on</varname> is a list of addresses and ports for
<command>b10-auth</command> to listen on.
The list items are the <varname>address</varname> string
and <varname>port</varname> number.
By default, <command>b10-auth</command> listens on port 53
on the IPv6 (::) and IPv4 (0.0.0.0) wildcard addresses.
</para>
<para>
<varname>statistics-interval</varname> is the timer interval
in seconds for <command>b10-auth</command> to share its
......@@ -208,6 +208,34 @@
</refsect1>
<refsect1>
<title>STATISTICS DATA</title>
<para>
The statistics data collected by the <command>b10-stats</command>
daemon include:
</para>
<variablelist>
<varlistentry>
<term>auth.queries.tcp</term>
<listitem><simpara>Total count of queries received by the
<command>b10-auth</command> server over TCP since startup.
</simpara></listitem>
</varlistentry>
<varlistentry>
<term>auth.queries.udp</term>
<listitem><simpara>Total count of queries received by the
<command>b10-auth</command> server over UDP since startup.
</simpara></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>FILES</title>
<para>
......
......@@ -31,7 +31,7 @@ namespace isc {
namespace auth {
void
Query::getAdditional(const ZoneFinder& zone, const RRset& rrset) const {
Query::getAdditional(ZoneFinder& zone, const RRset& rrset) const {
RdataIteratorPtr rdata_iterator(rrset.getRdataIterator());
for (; !rdata_iterator->isLast(); rdata_iterator->next()) {
const Rdata& rdata(rdata_iterator->getCurrent());
......@@ -47,7 +47,7 @@ Query::getAdditional(const ZoneFinder& zone, const RRset& rrset) const {
}
void
Query::findAddrs(const ZoneFinder& zone, const Name& qname,
Query::findAddrs(ZoneFinder& zone, const Name& qname,
const ZoneFinder::FindOptions options) const
{
// Out of zone name
......@@ -86,7 +86,7 @@ Query::findAddrs(const ZoneFinder& zone, const Name& qname,
}
void
Query::putSOA(const ZoneFinder& zone) const {
Query::putSOA(ZoneFinder& zone) const {
ZoneFinder::FindResult soa_result(zone.find(zone.getOrigin(),
RRType::SOA()));
if (soa_result.code != ZoneFinder::SUCCESS) {
......@@ -104,7 +104,7 @@ Query::putSOA(const ZoneFinder& zone) const {
}
void
Query::getAuthAdditional(const ZoneFinder& zone) const {
Query::getAuthAdditional(ZoneFinder& zone) const {
// Fill in authority and addtional sections.
ZoneFinder::FindResult ns_result = zone.find(zone.getOrigin(),
RRType::NS());
......
......@@ -69,7 +69,7 @@ private:
/// Adds a SOA of the zone into the authority zone of response_.
/// Can throw NoSOA.
///
void putSOA(const isc::datasrc::ZoneFinder& zone) const;
void putSOA(isc::datasrc::ZoneFinder& zone) const;
/// \brief Look up additional data (i.e., address records for the names
/// included in NS or MX records).
......@@ -85,7 +85,7 @@ private:
/// query is to be found.
/// \param rrset The RRset (i.e., NS or MX rrset) which require additional
/// processing.
void getAdditional(const isc::datasrc::ZoneFinder& zone,
void getAdditional(isc::datasrc::ZoneFinder& zone,
const isc::dns::RRset& rrset) const;
/// \brief Find address records for a specified name.
......@@ -104,7 +104,7 @@ private:
/// be found.
/// \param qname The name in rrset RDATA.
/// \param options The search options.
void findAddrs(const isc::datasrc::ZoneFinder& zone,
void findAddrs(isc::datasrc::ZoneFinder& zone,
const isc::dns::Name& qname,
const isc::datasrc::ZoneFinder::FindOptions options
= isc::datasrc::ZoneFinder::FIND_DEFAULT) const;
......@@ -127,7 +127,7 @@ private:
///
/// \param zone The \c ZoneFinder through which the NS and additional data
/// for the query are to be found.
void getAuthAdditional(const isc::datasrc::ZoneFinder& zone) const;
void getAuthAdditional(isc::datasrc::ZoneFinder& zone) const;
public:
/// Constructor from query parameters.
......
......@@ -122,12 +122,12 @@ public:
masterLoad(zone_stream, origin_, rrclass_,
boost::bind(&MockZoneFinder::loadRRset, this, _1));
}
virtual const isc::dns::Name& getOrigin() const { return (origin_); }
virtual const isc::dns::RRClass& getClass() const { return (rrclass_); }
virtual isc::dns::Name getOrigin() const { return (origin_); }
virtual isc::dns::RRClass getClass() const { return (rrclass_); }
virtual FindResult find(const isc::dns::Name& name,
const isc::dns::RRType& type,
RRsetList* target = NULL,
const FindOptions options = FIND_DEFAULT) const;
const FindOptions options = FIND_DEFAULT);
// If false is passed, it makes the zone broken as if it didn't have the
// SOA.
......@@ -165,7 +165,7 @@ private:
ZoneFinder::FindResult
MockZoneFinder::find(const Name& name, const RRType& type,
RRsetList* target, const FindOptions options) const
RRsetList* target, const FindOptions options)
{
// Emulating a broken zone: mandatory apex RRs are missing if specifically
// configured so (which are rare cases).
......
......@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2010-2011 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
......@@ -20,7 +20,7 @@
<refentry>
<refentryinfo>
<date>March 31, 2011</date>
<date>August 11, 2011</date>
</refentryinfo>
<refmeta>
......@@ -217,6 +217,30 @@ The default is the basename of ARG 0.
<!--
TODO: configuration section
-->
<refsect1>
<title>STATISTICS DATA</title>
<para>
The statistics data collected by the <command>b10-stats</command>
daemon include:
</para>
<variablelist>
<varlistentry>
<term>bind10.boot_time</term>
<listitem><para>
The date and time that the <command>bind10</command>
process started.
This is represented in ISO 8601 format.
</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<!--
<refsect1>
<title>FILES</title>
......
......@@ -37,6 +37,17 @@
"command_description": "List the running BIND 10 processes",
"command_args": []
}
],
"statistics": [
{
"item_name": "boot_time",
"item_type": "string",
"item_optional": false,
"item_default": "1970-01-01T00:00:00Z",
"item_title": "Boot time",
"item_description": "A date time when bind10 process starts initially",
"item_format": "date-time"
}
]
}
}
......
Socket creator API
==================
This API is between Boss and other modules to allow them requesting of sockets.
For simplicity, we will use the socket creator for all (even non-privileged)
ports for now, but we should have some function where we can abstract it later.
Goals
-----
* Be able to request a socket of any combination IPv4/IPv6 UDP/TCP bound to given
port and address (sockets that are not bound to anything can be created
without privileges, therefore are not requested from the socket creator).
* Allow to provide the same socket to multiple modules (eg. multiple running
auth servers).
* Allow releasing the sockets (in case all modules using it give it up,
terminate or crash).
* Allow restricting of the sharing (don't allow shared socket between auth
and recursive, as the packets would often get to the wrong application,
show error instead).
* Get the socket to the application.
Transport of sockets
--------------------
It seems we are stuck with current msgq for a while and there's a chance the
new replacement will not be able to send sockets inbound. So, we need another
channel.
The boss will create a unix-domain socket and listen on it. When something
requests a socket over the command channel and the socket is created, some kind
of token is returned to the application (which will represent the future
socket). The application then connects to the unix-domain socket, sends the
token over the connection (so Boss will know which socket to send there, in case
multiple applications ask for sockets simultaneously) and Boss sends the socket
in return.
In theory, we could send the requests directly over the unix-domain
socket, but it has two disadvantages:
* The msgq handles serializing/deserializing of structured
information (like the parameters to be used), we would have to do it
manually on the socket.
* We could place some kind of security in front of msgq (in case file
permissions are not enough, for example if they are not honored on
socket files, as indicated in the first paragraph of:
http://lkml.indiana.edu/hypermail/linux/kernel/0505.2/0008.html).
The socket would have to be secured separately. With the tokens,
there's some level of security already - someone not having the
token can't request a priviledged socket.
Caching of sockets
------------------
To allow sending the same socket to multiple application, the Boss process will
hold a cache. Each socket that is created and sent is kept open in Boss and
preserved there as well. A reference count is kept with each of them.
When another application asks for the same socket, it is simply sent from the
cache instead of creating it again by the creator.
When application gives the socket willingly (by sending a message over the
command channel), the reference count can be decreased without problems. But
when the application terminates or crashes, we need to decrease it as well.
There's a problem, since we don't know which command channel connection (eg.
lname) belongs to which PID. Furthermore, the applications don't need to be
started by boss.
There are two possibilities:
* Let the msgq send messages about disconnected clients (eg. group message to
some name). This one is better if we want to migrate to dbus, since dbus
already has this capability as well as sending the sockets inbound (at least it
seems so on unix) and we could get rid of the unix-domain socket completely.
* Keep the unix-domain connections open forever. Boss can remember which socket
was sent to which connection and when the connection closes (because the
application crashed), it can drop all the references on the sockets. This
seems easier to implement.
The commands
------------
* Command to release a socket. This one would have single parameter, the token
used to get the socket. After this, boss would decrease its reference count
and if it drops to zero, close its own copy of the socket. This should be used
when the module stops using the socket (and after closes it). The
library could remember the file-descriptor to token mapping (for
common applications that don't request the same socket multiple
times in parallel).
* Command to request a socket. It would have parameters to specify which socket
(IP address, address family, port) and how to allow sharing. Sharing would be
one of:
- None
- Same kind of application (however, it is not entirely clear what
this means, in case it won't work out intuitively, we'll need to
define it somehow)
- Any kind of application
And a kind of application would be provided, to decide if the sharing is
possible (eg. if auth allows sharing with the same kind and something else
allows sharing with anything, the sharing is not possible, two auths can).
It would return either error (the socket can't be created or sharing is not
possible) or the token. Then there would be some time for the application to
pick up the requested socket.
Examples
--------
We probably would have a library with blocking calls to request the
sockets, so a code could look like:
(socket_fd, token) = request_socket(address, port, 'UDP', SHARE_SAMENAME, 'test-application')
sock = socket.fromfd(socket_fd)
# Some sock.send and sock.recv stuff here
sock.close()
release_socket(socket_fd) # or release_socket(token)
Known limitations
-----------------
Currently the socket creator doesn't support specifying any socket
options. If it turns out there are any options that need to be set
before bind(), we'll need to extend it (and extend the protocol as
well). If we want to support them, we'll have to solve a possible
conflict (what to do when two applications request the same socket and
want to share it, but want different options).
The current socket creator doesn't know raw sockets, but if they are
needed, it should be easy to add.
......@@ -20,7 +20,7 @@
<refentry>
<refentryinfo>
<date>February 17, 2011</date>
<date>August 16, 2011</date>
</refentryinfo>
<refmeta>
......@@ -99,11 +99,14 @@
</listitem>
</varlistentry>
<!-- TODO: this needs to be fixed as -v on command line
should imply stdout or stderr output also -->
<!-- TODO: can this -v be overidden by configuration or bindctl? -->
<varlistentry>
<term><option>-v</option></term>
<listitem><para>
Enabled verbose mode. This enables diagnostic messages to
STDERR.
Enable verbose mode.
This sets logging to the maximum debugging level.
</para></listitem>
</varlistentry>
......@@ -146,6 +149,22 @@ once that is merged you can for instance do 'config add Resolver/forward_address
<!-- TODO: but defaults are not used, Trac #518 -->
</para>
<para>
<!-- TODO: need more explanation or point to guide. -->
<!-- TODO: what about a netmask or cidr? -->
<!-- TODO: document "key" -->
<!-- TODO: where are the TSIG keys defined? -->
<!-- TODO: key and from are mutually exclusive? what if both defined? -->
<varname>query_acl</varname> is a list of query access control
rules. The list items are the <varname>action</varname> string
and the <varname>from</varname> or <varname>key</varname> strings.
The possible actions are ACCEPT, REJECT and DROP.
The <varname>from</varname> is a remote (source) IPv4 or IPv6
address or special keyword.
The <varname>key</varname> is a TSIG key name.
The default configuration accepts queries from 127.0.0.1 and ::1.
</para>
<para>
<varname>retries</varname> is the number of times to retry
(resend query) after a query timeout
......@@ -234,7 +253,8 @@ once that is merged you can for instance do 'config add Resolver/forward_address
The <command>b10-resolver</command> daemon was first coded in
September 2010. The initial implementation only provided
forwarding. Iteration was introduced in January 2011.
<!-- TODO: document when caching was added -->
Caching was implemented in February 2011.
Access control was introduced in June 2011.
<!-- TODO: document when validation was added -->
</para>
</refsect1>
......
......@@ -20,7 +20,7 @@
<refentry>
<refentryinfo>
<date>Oct 15, 2010</date>
<date>August 11, 2011</date>
</refentryinfo>
<refmeta>
......@@ -67,6 +67,7 @@
it. <command>b10-stats</command> invokes "sendstats" command
for <command>bind10</command> after its initial starting because it's
sure to collect statistics data from <command>bind10</command>.
<!-- TODO: reword that last sentence? -->
</para>
</refsect1>
......@@ -86,6 +87,123 @@
</variablelist>
</refsect1>
<refsect1>
<title>CONFIGURATION AND COMMANDS</title>
<para>
The <command>b10-stats</command> command does not have any
configurable settings.
</para>
<!-- TODO: formating -->
<para>
The configuration commands are:
</para>
<para>
<!-- TODO: remove is removed in trac930 -->
<command>remove</command> removes the named statistics name and data.
</para>
<para>
<!-- TODO: reset is removed in trac930 -->
<command>reset</command> will reset all statistics data to
default values except for constant names.
This may re-add previously removed statistics names.
</para>
<para>
<command>set</command>
<!-- TODO: document this -->
</para>
<para>
<command>show</command> will send the statistics data
in JSON format.
By default, it outputs all the statistics data it has collected.
An optional item name may be specified to receive individual output.
</para>
<!-- TODO: document showschema -->
<para>
<command>shutdown</command> will shutdown the
<command>b10-stats</command> process.
(Note that the <command>bind10</command> parent may restart it.)
</para>
<para>
<command>status</command> simply indicates that the daemon is
running.
</para>