1/* 2 * Copyright (C) 2004, 2005, 2007, 2008, 2010, 2012, 2013 Internet Systems Consortium, Inc. ("ISC") 3 * Copyright (C) 1999-2002 Internet Software Consortium. 4 * 5 * Permission to use, copy, modify, and/or distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 10 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 11 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 12 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 13 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 14 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 15 * PERFORMANCE OF THIS SOFTWARE. 16 */ 17 18/* $Id: rootns.c,v 1.40 2010/06/18 05:36:24 marka Exp $ */ 19 20/*! \file */ 21 22#include <config.h> 23 24#include <isc/buffer.h> 25#include <isc/string.h> /* Required for HP/UX (and others?) */ 26#include <isc/util.h> 27 28#include <dns/callbacks.h> 29#include <dns/db.h> 30#include <dns/dbiterator.h> 31#include <dns/fixedname.h> 32#include <dns/log.h> 33#include <dns/master.h> 34#include <dns/rdata.h> 35#include <dns/rdata.h> 36#include <dns/rdataset.h> 37#include <dns/rdatasetiter.h> 38#include <dns/rdatastruct.h> 39#include <dns/rdatatype.h> 40#include <dns/result.h> 41#include <dns/rootns.h> 42#include <dns/view.h> 43 44static char root_ns[] = 45";\n" 46"; Internet Root Nameservers\n" 47";\n" 48"$TTL 518400\n" 49". 518400 IN NS A.ROOT-SERVERS.NET.\n" 50". 518400 IN NS B.ROOT-SERVERS.NET.\n" 51". 518400 IN NS C.ROOT-SERVERS.NET.\n" 52". 518400 IN NS D.ROOT-SERVERS.NET.\n" 53". 518400 IN NS E.ROOT-SERVERS.NET.\n" 54". 518400 IN NS F.ROOT-SERVERS.NET.\n" 55". 518400 IN NS G.ROOT-SERVERS.NET.\n" 56". 518400 IN NS H.ROOT-SERVERS.NET.\n" 57". 518400 IN NS I.ROOT-SERVERS.NET.\n" 58". 518400 IN NS J.ROOT-SERVERS.NET.\n" 59". 518400 IN NS K.ROOT-SERVERS.NET.\n" 60". 518400 IN NS L.ROOT-SERVERS.NET.\n" 61". 518400 IN NS M.ROOT-SERVERS.NET.\n" 62"A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4\n" 63"A.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:BA3E::2:30\n" 64"B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201\n" 65"C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12\n" 66"D.ROOT-SERVERS.NET. 3600000 IN A 199.7.91.13\n" 67"D.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:2d::d\n" 68"E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10\n" 69"F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241\n" 70"F.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:2F::F\n" 71"G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4\n" 72"H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53\n" 73"H.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:1::803F:235\n" 74"I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17\n" 75"I.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:7fe::53\n" 76"J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30\n" 77"J.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:C27::2:30\n" 78"K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129\n" 79"K.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:7FD::1\n" 80"L.ROOT-SERVERS.NET. 3600000 IN A 199.7.83.42\n" 81"L.ROOT-SERVERS.NET. 604800 IN AAAA 2001:500:3::42\n" 82"M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33\n" 83"M.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:DC3::35\n"; 84 85static isc_result_t 86in_rootns(dns_rdataset_t *rootns, dns_name_t *name) { 87 isc_result_t result; 88 dns_rdata_t rdata = DNS_RDATA_INIT; 89 dns_rdata_ns_t ns; 90 91 if (!dns_rdataset_isassociated(rootns)) 92 return (ISC_R_NOTFOUND); 93 94 result = dns_rdataset_first(rootns); 95 while (result == ISC_R_SUCCESS) { 96 dns_rdataset_current(rootns, &rdata); 97 result = dns_rdata_tostruct(&rdata, &ns, NULL); 98 if (result != ISC_R_SUCCESS) 99 return (result); 100 if (dns_name_compare(name, &ns.name) == 0) 101 return (ISC_R_SUCCESS); 102 result = dns_rdataset_next(rootns); 103 dns_rdata_reset(&rdata); 104 } 105 if (result == ISC_R_NOMORE) 106 result = ISC_R_NOTFOUND; 107 return (result); 108} 109 110static isc_result_t 111check_node(dns_rdataset_t *rootns, dns_name_t *name, 112 dns_rdatasetiter_t *rdsiter) { 113 isc_result_t result; 114 dns_rdataset_t rdataset; 115 116 dns_rdataset_init(&rdataset); 117 result = dns_rdatasetiter_first(rdsiter); 118 while (result == ISC_R_SUCCESS) { 119 dns_rdatasetiter_current(rdsiter, &rdataset); 120 switch (rdataset.type) { 121 case dns_rdatatype_a: 122 case dns_rdatatype_aaaa: 123 result = in_rootns(rootns, name); 124 if (result != ISC_R_SUCCESS) 125 goto cleanup; 126 break; 127 case dns_rdatatype_ns: 128 if (dns_name_compare(name, dns_rootname) == 0) 129 break; 130 /*FALLTHROUGH*/ 131 default: 132 result = ISC_R_FAILURE; 133 goto cleanup; 134 } 135 dns_rdataset_disassociate(&rdataset); 136 result = dns_rdatasetiter_next(rdsiter); 137 } 138 if (result == ISC_R_NOMORE) 139 result = ISC_R_SUCCESS; 140 cleanup: 141 if (dns_rdataset_isassociated(&rdataset)) 142 dns_rdataset_disassociate(&rdataset); 143 return (result); 144} 145 146static isc_result_t 147check_hints(dns_db_t *db) { 148 isc_result_t result; 149 dns_rdataset_t rootns; 150 dns_dbiterator_t *dbiter = NULL; 151 dns_dbnode_t *node = NULL; 152 isc_stdtime_t now; 153 dns_fixedname_t fixname; 154 dns_name_t *name; 155 dns_rdatasetiter_t *rdsiter = NULL; 156 157 isc_stdtime_get(&now); 158 159 dns_fixedname_init(&fixname); 160 name = dns_fixedname_name(&fixname); 161 162 dns_rdataset_init(&rootns); 163 (void)dns_db_find(db, dns_rootname, NULL, dns_rdatatype_ns, 0, 164 now, NULL, name, &rootns, NULL); 165 result = dns_db_createiterator(db, 0, &dbiter); 166 if (result != ISC_R_SUCCESS) 167 goto cleanup; 168 result = dns_dbiterator_first(dbiter); 169 while (result == ISC_R_SUCCESS) { 170 result = dns_dbiterator_current(dbiter, &node, name); 171 if (result != ISC_R_SUCCESS) 172 goto cleanup; 173 result = dns_db_allrdatasets(db, node, NULL, now, &rdsiter); 174 if (result != ISC_R_SUCCESS) 175 goto cleanup; 176 result = check_node(&rootns, name, rdsiter); 177 if (result != ISC_R_SUCCESS) 178 goto cleanup; 179 dns_rdatasetiter_destroy(&rdsiter); 180 dns_db_detachnode(db, &node); 181 result = dns_dbiterator_next(dbiter); 182 } 183 if (result == ISC_R_NOMORE) 184 result = ISC_R_SUCCESS; 185 186 cleanup: 187 if (dns_rdataset_isassociated(&rootns)) 188 dns_rdataset_disassociate(&rootns); 189 if (rdsiter != NULL) 190 dns_rdatasetiter_destroy(&rdsiter); 191 if (node != NULL) 192 dns_db_detachnode(db, &node); 193 if (dbiter != NULL) 194 dns_dbiterator_destroy(&dbiter); 195 return (result); 196} 197 198isc_result_t 199dns_rootns_create(isc_mem_t *mctx, dns_rdataclass_t rdclass, 200 const char *filename, dns_db_t **target) 201{ 202 isc_result_t result, eresult; 203 isc_buffer_t source; 204 unsigned int len; 205 dns_rdatacallbacks_t callbacks; 206 dns_db_t *db = NULL; 207 208 REQUIRE(target != NULL && *target == NULL); 209 210 result = dns_db_create(mctx, "rbt", dns_rootname, dns_dbtype_zone, 211 rdclass, 0, NULL, &db); 212 if (result != ISC_R_SUCCESS) 213 return (result); 214 215 dns_rdatacallbacks_init(&callbacks); 216 217 len = strlen(root_ns); 218 isc_buffer_init(&source, root_ns, len); 219 isc_buffer_add(&source, len); 220 221 result = dns_db_beginload(db, &callbacks.add, 222 &callbacks.add_private); 223 if (result != ISC_R_SUCCESS) 224 return (result); 225 if (filename != NULL) { 226 /* 227 * Load the hints from the specified filename. 228 */ 229 result = dns_master_loadfile(filename, &db->origin, 230 &db->origin, db->rdclass, 231 DNS_MASTER_HINT, 232 &callbacks, db->mctx); 233 } else if (rdclass == dns_rdataclass_in) { 234 /* 235 * Default to using the Internet root servers. 236 */ 237 result = dns_master_loadbuffer(&source, &db->origin, 238 &db->origin, db->rdclass, 239 DNS_MASTER_HINT, 240 &callbacks, db->mctx); 241 } else 242 result = ISC_R_NOTFOUND; 243 eresult = dns_db_endload(db, &callbacks.add_private); 244 if (result == ISC_R_SUCCESS || result == DNS_R_SEENINCLUDE) 245 result = eresult; 246 if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE) 247 goto db_detach; 248 if (check_hints(db) != ISC_R_SUCCESS) 249 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, 250 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING, 251 "extra data in root hints '%s'", 252 (filename != NULL) ? filename : "<BUILT-IN>"); 253 *target = db; 254 return (ISC_R_SUCCESS); 255 256 db_detach: 257 dns_db_detach(&db); 258 259 return (result); 260} 261 262static void 263report(dns_view_t *view, dns_name_t *name, isc_boolean_t missing, 264 dns_rdata_t *rdata) 265{ 266 const char *viewname = "", *sep = ""; 267 char namebuf[DNS_NAME_FORMATSIZE]; 268 char typebuf[DNS_RDATATYPE_FORMATSIZE]; 269 char databuf[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:123.123.123.123")]; 270 isc_buffer_t buffer; 271 isc_result_t result; 272 273 if (strcmp(view->name, "_bind") != 0 && 274 strcmp(view->name, "_default") != 0) { 275 viewname = view->name; 276 sep = ": view "; 277 } 278 279 dns_name_format(name, namebuf, sizeof(namebuf)); 280 dns_rdatatype_format(rdata->type, typebuf, sizeof(typebuf)); 281 isc_buffer_init(&buffer, databuf, sizeof(databuf) - 1); 282 result = dns_rdata_totext(rdata, NULL, &buffer); 283 RUNTIME_CHECK(result == ISC_R_SUCCESS); 284 databuf[isc_buffer_usedlength(&buffer)] = '\0'; 285 286 if (missing) 287 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, 288 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING, 289 "checkhints%s%s: %s/%s (%s) missing from hints", 290 sep, viewname, namebuf, typebuf, databuf); 291 else 292 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, 293 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING, 294 "checkhints%s%s: %s/%s (%s) extra record " 295 "in hints", sep, viewname, namebuf, typebuf, 296 databuf); 297} 298 299static isc_boolean_t 300inrrset(dns_rdataset_t *rrset, dns_rdata_t *rdata) { 301 isc_result_t result; 302 dns_rdata_t current = DNS_RDATA_INIT; 303 304 result = dns_rdataset_first(rrset); 305 while (result == ISC_R_SUCCESS) { 306 dns_rdataset_current(rrset, ¤t); 307 if (dns_rdata_compare(rdata, ¤t) == 0) 308 return (ISC_TRUE); 309 dns_rdata_reset(¤t); 310 result = dns_rdataset_next(rrset); 311 } 312 return (ISC_FALSE); 313} 314 315/* 316 * Check that the address RRsets match. 317 * 318 * Note we don't complain about missing glue records. 319 */ 320 321static void 322check_address_records(dns_view_t *view, dns_db_t *hints, dns_db_t *db, 323 dns_name_t *name, isc_stdtime_t now) 324{ 325 isc_result_t hresult, rresult, result; 326 dns_rdataset_t hintrrset, rootrrset; 327 dns_rdata_t rdata = DNS_RDATA_INIT; 328 dns_name_t *foundname; 329 dns_fixedname_t fixed; 330 331 dns_rdataset_init(&hintrrset); 332 dns_rdataset_init(&rootrrset); 333 dns_fixedname_init(&fixed); 334 foundname = dns_fixedname_name(&fixed); 335 336 hresult = dns_db_find(hints, name, NULL, dns_rdatatype_a, 0, 337 now, NULL, foundname, &hintrrset, NULL); 338 rresult = dns_db_find(db, name, NULL, dns_rdatatype_a, 339 DNS_DBFIND_GLUEOK, now, NULL, foundname, 340 &rootrrset, NULL); 341 if (hresult == ISC_R_SUCCESS && 342 (rresult == ISC_R_SUCCESS || rresult == DNS_R_GLUE)) { 343 result = dns_rdataset_first(&rootrrset); 344 while (result == ISC_R_SUCCESS) { 345 dns_rdata_reset(&rdata); 346 dns_rdataset_current(&rootrrset, &rdata); 347 if (!inrrset(&hintrrset, &rdata)) 348 report(view, name, ISC_TRUE, &rdata); 349 result = dns_rdataset_next(&rootrrset); 350 } 351 result = dns_rdataset_first(&hintrrset); 352 while (result == ISC_R_SUCCESS) { 353 dns_rdata_reset(&rdata); 354 dns_rdataset_current(&hintrrset, &rdata); 355 if (!inrrset(&rootrrset, &rdata)) 356 report(view, name, ISC_FALSE, &rdata); 357 result = dns_rdataset_next(&hintrrset); 358 } 359 } 360 if (hresult == ISC_R_NOTFOUND && 361 (rresult == ISC_R_SUCCESS || rresult == DNS_R_GLUE)) { 362 result = dns_rdataset_first(&rootrrset); 363 while (result == ISC_R_SUCCESS) { 364 dns_rdata_reset(&rdata); 365 dns_rdataset_current(&rootrrset, &rdata); 366 report(view, name, ISC_TRUE, &rdata); 367 result = dns_rdataset_next(&rootrrset); 368 } 369 } 370 if (dns_rdataset_isassociated(&rootrrset)) 371 dns_rdataset_disassociate(&rootrrset); 372 if (dns_rdataset_isassociated(&hintrrset)) 373 dns_rdataset_disassociate(&hintrrset); 374 375 /* 376 * Check AAAA records. 377 */ 378 hresult = dns_db_find(hints, name, NULL, dns_rdatatype_aaaa, 0, 379 now, NULL, foundname, &hintrrset, NULL); 380 rresult = dns_db_find(db, name, NULL, dns_rdatatype_aaaa, 381 DNS_DBFIND_GLUEOK, now, NULL, foundname, 382 &rootrrset, NULL); 383 if (hresult == ISC_R_SUCCESS && 384 (rresult == ISC_R_SUCCESS || rresult == DNS_R_GLUE)) { 385 result = dns_rdataset_first(&rootrrset); 386 while (result == ISC_R_SUCCESS) { 387 dns_rdata_reset(&rdata); 388 dns_rdataset_current(&rootrrset, &rdata); 389 if (!inrrset(&hintrrset, &rdata)) 390 report(view, name, ISC_TRUE, &rdata); 391 dns_rdata_reset(&rdata); 392 result = dns_rdataset_next(&rootrrset); 393 } 394 result = dns_rdataset_first(&hintrrset); 395 while (result == ISC_R_SUCCESS) { 396 dns_rdata_reset(&rdata); 397 dns_rdataset_current(&hintrrset, &rdata); 398 if (!inrrset(&rootrrset, &rdata)) 399 report(view, name, ISC_FALSE, &rdata); 400 dns_rdata_reset(&rdata); 401 result = dns_rdataset_next(&hintrrset); 402 } 403 } 404 if (hresult == ISC_R_NOTFOUND && 405 (rresult == ISC_R_SUCCESS || rresult == DNS_R_GLUE)) { 406 result = dns_rdataset_first(&rootrrset); 407 while (result == ISC_R_SUCCESS) { 408 dns_rdata_reset(&rdata); 409 dns_rdataset_current(&rootrrset, &rdata); 410 report(view, name, ISC_TRUE, &rdata); 411 dns_rdata_reset(&rdata); 412 result = dns_rdataset_next(&rootrrset); 413 } 414 } 415 if (dns_rdataset_isassociated(&rootrrset)) 416 dns_rdataset_disassociate(&rootrrset); 417 if (dns_rdataset_isassociated(&hintrrset)) 418 dns_rdataset_disassociate(&hintrrset); 419} 420 421void 422dns_root_checkhints(dns_view_t *view, dns_db_t *hints, dns_db_t *db) { 423 isc_result_t result; 424 dns_rdata_t rdata = DNS_RDATA_INIT; 425 dns_rdata_ns_t ns; 426 dns_rdataset_t hintns, rootns; 427 const char *viewname = "", *sep = ""; 428 isc_stdtime_t now; 429 dns_name_t *name; 430 dns_fixedname_t fixed; 431 432 REQUIRE(hints != NULL); 433 REQUIRE(db != NULL); 434 REQUIRE(view != NULL); 435 436 isc_stdtime_get(&now); 437 438 if (strcmp(view->name, "_bind") != 0 && 439 strcmp(view->name, "_default") != 0) { 440 viewname = view->name; 441 sep = ": view "; 442 } 443 444 dns_rdataset_init(&hintns); 445 dns_rdataset_init(&rootns); 446 dns_fixedname_init(&fixed); 447 name = dns_fixedname_name(&fixed); 448 449 result = dns_db_find(hints, dns_rootname, NULL, dns_rdatatype_ns, 0, 450 now, NULL, name, &hintns, NULL); 451 if (result != ISC_R_SUCCESS) { 452 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, 453 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING, 454 "checkhints%s%s: unable to get root NS rrset " 455 "from hints: %s", sep, viewname, 456 dns_result_totext(result)); 457 goto cleanup; 458 } 459 460 result = dns_db_find(db, dns_rootname, NULL, dns_rdatatype_ns, 0, 461 now, NULL, name, &rootns, NULL); 462 if (result != ISC_R_SUCCESS) { 463 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, 464 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING, 465 "checkhints%s%s: unable to get root NS rrset " 466 "from cache: %s", sep, viewname, 467 dns_result_totext(result)); 468 goto cleanup; 469 } 470 471 /* 472 * Look for missing root NS names. 473 */ 474 result = dns_rdataset_first(&rootns); 475 while (result == ISC_R_SUCCESS) { 476 dns_rdataset_current(&rootns, &rdata); 477 result = dns_rdata_tostruct(&rdata, &ns, NULL); 478 RUNTIME_CHECK(result == ISC_R_SUCCESS); 479 result = in_rootns(&hintns, &ns.name); 480 if (result != ISC_R_SUCCESS) { 481 char namebuf[DNS_NAME_FORMATSIZE]; 482 /* missing from hints */ 483 dns_name_format(&ns.name, namebuf, sizeof(namebuf)); 484 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, 485 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING, 486 "checkhints%s%s: unable to find root " 487 "NS '%s' in hints", sep, viewname, 488 namebuf); 489 } else 490 check_address_records(view, hints, db, &ns.name, now); 491 dns_rdata_reset(&rdata); 492 result = dns_rdataset_next(&rootns); 493 } 494 if (result != ISC_R_NOMORE) { 495 goto cleanup; 496 } 497 498 /* 499 * Look for extra root NS names. 500 */ 501 result = dns_rdataset_first(&hintns); 502 while (result == ISC_R_SUCCESS) { 503 dns_rdataset_current(&hintns, &rdata); 504 result = dns_rdata_tostruct(&rdata, &ns, NULL); 505 RUNTIME_CHECK(result == ISC_R_SUCCESS); 506 result = in_rootns(&rootns, &ns.name); 507 if (result != ISC_R_SUCCESS) { 508 char namebuf[DNS_NAME_FORMATSIZE]; 509 /* extra entry in hints */ 510 dns_name_format(&ns.name, namebuf, sizeof(namebuf)); 511 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, 512 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING, 513 "checkhints%s%s: extra NS '%s' in hints", 514 sep, viewname, namebuf); 515 } 516 dns_rdata_reset(&rdata); 517 result = dns_rdataset_next(&hintns); 518 } 519 if (result != ISC_R_NOMORE) { 520 goto cleanup; 521 } 522 523 cleanup: 524 if (dns_rdataset_isassociated(&rootns)) 525 dns_rdataset_disassociate(&rootns); 526 if (dns_rdataset_isassociated(&hintns)) 527 dns_rdataset_disassociate(&hintns); 528} 529