zone.h revision 1.5
1/* $NetBSD: zone.h,v 1.5 2020/05/24 19:46:23 christos Exp $ */ 2 3/* 4 * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 5 * 6 * This Source Code Form is subject to the terms of the Mozilla Public 7 * License, v. 2.0. If a copy of the MPL was not distributed with this 8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. 9 * 10 * See the COPYRIGHT file distributed with this work for additional 11 * information regarding copyright ownership. 12 */ 13 14#ifndef DNS_ZONE_H 15#define DNS_ZONE_H 1 16 17/*! \file dns/zone.h */ 18 19/*** 20 *** Imports 21 ***/ 22 23#include <inttypes.h> 24#include <stdbool.h> 25#include <stdio.h> 26 27#include <isc/formatcheck.h> 28#include <isc/lang.h> 29#include <isc/rwlock.h> 30 31#include <dns/catz.h> 32#include <dns/master.h> 33#include <dns/masterdump.h> 34#include <dns/rdatastruct.h> 35#include <dns/rpz.h> 36#include <dns/types.h> 37#include <dns/zt.h> 38 39typedef enum { 40 dns_zone_none, 41 dns_zone_master, 42 dns_zone_slave, 43 dns_zone_mirror, 44 dns_zone_stub, 45 dns_zone_staticstub, 46 dns_zone_key, 47 dns_zone_dlz, 48 dns_zone_redirect 49} dns_zonetype_t; 50 51typedef enum { 52 dns_zonestat_none = 0, 53 dns_zonestat_terse, 54 dns_zonestat_full 55} dns_zonestat_level_t; 56 57typedef enum { 58 DNS_ZONEOPT_MANYERRORS = 1 << 0, /*%< return many errors on load */ 59 DNS_ZONEOPT_IXFRFROMDIFFS = 1 << 1, /*%< calculate differences */ 60 DNS_ZONEOPT_NOMERGE = 1 << 2, /*%< don't merge journal */ 61 DNS_ZONEOPT_CHECKNS = 1 << 3, /*%< check if NS's are addresses */ 62 DNS_ZONEOPT_FATALNS = 1 << 4, /*%< DNS_ZONEOPT_CHECKNS is fatal */ 63 DNS_ZONEOPT_MULTIMASTER = 1 << 5, /*%< this zone has multiple masters */ 64 DNS_ZONEOPT_USEALTXFRSRC = 1 << 6, /*%< use alternate transfer sources 65 */ 66 DNS_ZONEOPT_CHECKNAMES = 1 << 7, /*%< check-names */ 67 DNS_ZONEOPT_CHECKNAMESFAIL = 1 << 8, /*%< fatal check-name failures */ 68 DNS_ZONEOPT_CHECKWILDCARD = 1 << 9, /*%< check for internal wildcards */ 69 DNS_ZONEOPT_CHECKMX = 1 << 10, /*%< check-mx */ 70 DNS_ZONEOPT_CHECKMXFAIL = 1 << 11, /*%< fatal check-mx failures */ 71 DNS_ZONEOPT_CHECKINTEGRITY = 1 << 12, /*%< perform integrity checks */ 72 DNS_ZONEOPT_CHECKSIBLING = 1 << 13, /*%< perform sibling glue checks */ 73 DNS_ZONEOPT_NOCHECKNS = 1 << 14, /*%< disable IN NS address checks */ 74 DNS_ZONEOPT_WARNMXCNAME = 1 << 15, /*%< warn on MX CNAME check */ 75 DNS_ZONEOPT_IGNOREMXCNAME = 1 << 16, /*%< ignore MX CNAME check */ 76 DNS_ZONEOPT_WARNSRVCNAME = 1 << 17, /*%< warn on SRV CNAME check */ 77 DNS_ZONEOPT_IGNORESRVCNAME = 1 << 18, /*%< ignore SRV CNAME check */ 78 DNS_ZONEOPT_UPDATECHECKKSK = 1 << 19, /*%< check dnskey KSK flag */ 79 DNS_ZONEOPT_TRYTCPREFRESH = 1 << 20, /*%< try tcp refresh on udp failure 80 */ 81 DNS_ZONEOPT_NOTIFYTOSOA = 1 << 21, /*%< Notify the SOA MNAME */ 82 DNS_ZONEOPT_NSEC3TESTZONE = 1 << 22, /*%< nsec3-test-zone */ 83 DNS_ZONEOPT_SECURETOINSECURE = 1 << 23, /*%< dnssec-secure-to-insecure 84 */ 85 DNS_ZONEOPT_DNSKEYKSKONLY = 1 << 24, /*%< dnssec-dnskey-kskonly */ 86 DNS_ZONEOPT_CHECKDUPRR = 1 << 25, /*%< check-dup-records */ 87 DNS_ZONEOPT_CHECKDUPRRFAIL = 1 << 26, /*%< fatal check-dup-records 88 * failures */ 89 DNS_ZONEOPT_CHECKSPF = 1 << 27, /*%< check SPF records */ 90 DNS_ZONEOPT_CHECKTTL = 1 << 28, /*%< check max-zone-ttl */ 91 DNS_ZONEOPT_AUTOEMPTY = 1 << 29, /*%< automatic empty zone */ 92 DNS_ZONEOPT___MAX = UINT64_MAX, /* trick to make the ENUM 64-bit wide */ 93} dns_zoneopt_t; 94 95/* 96 * Zone key maintenance options 97 */ 98typedef enum { 99 DNS_ZONEKEY_ALLOW = 0x00000001U, /*%< fetch keys on command */ 100 DNS_ZONEKEY_MAINTAIN = 0x00000002U, /*%< publish/sign on schedule */ 101 DNS_ZONEKEY_CREATE = 0x00000004U, /*%< make keys when needed */ 102 DNS_ZONEKEY_FULLSIGN = 0x00000008U, /*%< roll to new keys immediately */ 103 DNS_ZONEKEY_NORESIGN = 0x00000010U, /*%< no automatic resigning */ 104 DNS_ZONEKEY___MAX = UINT64_MAX, /* trick to make the ENUM 64-bit wide */ 105} dns_zonekey_t; 106 107#ifndef DNS_ZONE_MINREFRESH 108#define DNS_ZONE_MINREFRESH 300 /*%< 5 minutes */ 109#endif /* ifndef DNS_ZONE_MINREFRESH */ 110#ifndef DNS_ZONE_MAXREFRESH 111#define DNS_ZONE_MAXREFRESH 2419200 /*%< 4 weeks */ 112#endif /* ifndef DNS_ZONE_MAXREFRESH */ 113#ifndef DNS_ZONE_DEFAULTREFRESH 114#define DNS_ZONE_DEFAULTREFRESH 3600 /*%< 1 hour */ 115#endif /* ifndef DNS_ZONE_DEFAULTREFRESH */ 116#ifndef DNS_ZONE_MINRETRY 117#define DNS_ZONE_MINRETRY 300 /*%< 5 minutes */ 118#endif /* ifndef DNS_ZONE_MINRETRY */ 119#ifndef DNS_ZONE_MAXRETRY 120#define DNS_ZONE_MAXRETRY 1209600 /*%< 2 weeks */ 121#endif /* ifndef DNS_ZONE_MAXRETRY */ 122#ifndef DNS_ZONE_DEFAULTRETRY 123#define DNS_ZONE_DEFAULTRETRY \ 124 60 /*%< 1 minute, subject to \ 125 * exponential backoff */ 126#endif /* ifndef DNS_ZONE_DEFAULTRETRY */ 127 128#define DNS_ZONESTATE_XFERRUNNING 1 129#define DNS_ZONESTATE_XFERDEFERRED 2 130#define DNS_ZONESTATE_SOAQUERY 3 131#define DNS_ZONESTATE_ANY 4 132#define DNS_ZONESTATE_AUTOMATIC 5 133 134ISC_LANG_BEGINDECLS 135 136/*** 137 *** Functions 138 ***/ 139 140isc_result_t 141dns_zone_create(dns_zone_t **zonep, isc_mem_t *mctx); 142/*%< 143 * Creates a new empty zone and attach '*zonep' to it. 144 * 145 * Requires: 146 *\li 'zonep' to point to a NULL pointer. 147 *\li 'mctx' to be a valid memory context. 148 * 149 * Ensures: 150 *\li '*zonep' refers to a valid zone. 151 * 152 * Returns: 153 *\li #ISC_R_SUCCESS 154 *\li #ISC_R_NOMEMORY 155 *\li #ISC_R_UNEXPECTED 156 */ 157 158void 159dns_zone_setclass(dns_zone_t *zone, dns_rdataclass_t rdclass); 160/*%< 161 * Sets the class of a zone. This operation can only be performed 162 * once on a zone. 163 * 164 * Require: 165 *\li 'zone' to be a valid zone. 166 *\li dns_zone_setclass() not to have been called since the zone was 167 * created. 168 *\li 'rdclass' != dns_rdataclass_none. 169 */ 170 171dns_rdataclass_t 172dns_zone_getclass(dns_zone_t *zone); 173/*%< 174 * Returns the current zone class. 175 * 176 * Requires: 177 *\li 'zone' to be a valid zone. 178 */ 179 180isc_result_t 181dns_zone_getserial(dns_zone_t *zone, uint32_t *serialp); 182/*%< 183 * Returns the current serial number of the zone. On success, the SOA 184 * serial of the zone will be copied into '*serialp'. 185 * 186 * Requires: 187 *\li 'zone' to be a valid zone. 188 *\li 'serialp' to be non NULL 189 * 190 * Returns: 191 *\li #ISC_R_SUCCESS 192 *\li #DNS_R_NOTLOADED zone DB is not loaded 193 */ 194 195void 196dns_zone_settype(dns_zone_t *zone, dns_zonetype_t type); 197/*%< 198 * Sets the zone type. This operation can only be performed once on 199 * a zone. 200 * 201 * Requires: 202 *\li 'zone' to be a valid zone. 203 *\li dns_zone_settype() not to have been called since the zone was 204 * created. 205 *\li 'type' != dns_zone_none 206 */ 207 208void 209dns_zone_setview(dns_zone_t *zone, dns_view_t *view); 210/*%< 211 * Associate the zone with a view. 212 * 213 * Require: 214 *\li 'zone' to be a valid zone. 215 */ 216 217dns_view_t * 218dns_zone_getview(dns_zone_t *zone); 219/*%< 220 * Returns the zone's associated view. 221 * 222 * Requires: 223 *\li 'zone' to be a valid zone. 224 */ 225 226void 227dns_zone_setviewcommit(dns_zone_t *zone); 228/*%< 229 * Commit the previous view saved internally via dns_zone_setview(). 230 * 231 * Require: 232 *\li 'zone' to be a valid zone. 233 */ 234 235void 236dns_zone_setviewrevert(dns_zone_t *zone); 237/*%< 238 * Revert the most recent dns_zone_setview() on this zone, 239 * restoring the previous view. 240 * 241 * Require: 242 *\li 'zone' to be a valid zone. 243 */ 244 245isc_result_t 246dns_zone_setorigin(dns_zone_t *zone, const dns_name_t *origin); 247/*%< 248 * Sets the zones origin to 'origin'. 249 * 250 * Require: 251 *\li 'zone' to be a valid zone. 252 *\li 'origin' to be non NULL. 253 * 254 * Returns: 255 *\li #ISC_R_SUCCESS 256 *\li #ISC_R_NOMEMORY 257 */ 258 259dns_name_t * 260dns_zone_getorigin(dns_zone_t *zone); 261/*%< 262 * Returns the value of the origin. 263 * 264 * Require: 265 *\li 'zone' to be a valid zone. 266 */ 267 268isc_result_t 269dns_zone_setfile(dns_zone_t *zone, const char *file, dns_masterformat_t format, 270 const dns_master_style_t *style); 271/*%< 272 * Sets the name of the master file in the format of 'format' from which 273 * the zone loads its database to 'file'. 274 * 275 * For zones that have no associated master file, 'file' will be NULL. 276 * 277 * For zones with persistent databases, the file name 278 * setting is ignored. 279 * 280 * Require: 281 *\li 'zone' to be a valid zone. 282 * 283 * Returns: 284 *\li #ISC_R_NOMEMORY 285 *\li #ISC_R_SUCCESS 286 */ 287 288const char * 289dns_zone_getfile(dns_zone_t *zone); 290/*%< 291 * Gets the name of the zone's master file, if any. 292 * 293 * Requires: 294 *\li 'zone' to be valid initialised zone. 295 * 296 * Returns: 297 *\li Pointer to null-terminated file name, or NULL. 298 */ 299 300void 301dns_zone_setmaxrecords(dns_zone_t *zone, uint32_t records); 302/*%< 303 * Sets the maximum number of records permitted in a zone. 304 * 0 implies unlimited. 305 * 306 * Requires: 307 *\li 'zone' to be valid initialised zone. 308 * 309 * Returns: 310 *\li void 311 */ 312 313uint32_t 314dns_zone_getmaxrecords(dns_zone_t *zone); 315/*%< 316 * Gets the maximum number of records permitted in a zone. 317 * 0 implies unlimited. 318 * 319 * Requires: 320 *\li 'zone' to be valid initialised zone. 321 * 322 * Returns: 323 *\li uint32_t maxrecords. 324 */ 325 326void 327dns_zone_setmaxttl(dns_zone_t *zone, uint32_t maxttl); 328/*%< 329 * Sets the max ttl of the zone. 330 * 331 * Requires: 332 *\li 'zone' to be valid initialised zone. 333 * 334 * Returns: 335 *\li void 336 */ 337 338dns_ttl_t 339dns_zone_getmaxttl(dns_zone_t *zone); 340/*%< 341 * Gets the max ttl of the zone. 342 * 343 * Requires: 344 *\li 'zone' to be valid initialised zone. 345 * 346 * Returns: 347 *\li dns_ttl_t maxttl. 348 */ 349 350isc_result_t 351dns_zone_load(dns_zone_t *zone, bool newonly); 352 353isc_result_t 354dns_zone_loadandthaw(dns_zone_t *zone); 355 356/*%< 357 * Cause the database to be loaded from its backing store. 358 * Confirm that the minimum requirements for the zone type are 359 * met, otherwise DNS_R_BADZONE is returned. 360 * 361 * If newonly is set dns_zone_load() only loads new zones. 362 * dns_zone_loadandthaw() is similar to dns_zone_load() but will 363 * also re-enable DNS UPDATEs when the load completes. 364 * 365 * Require: 366 *\li 'zone' to be a valid zone. 367 * 368 * Returns: 369 *\li #ISC_R_UNEXPECTED 370 *\li #ISC_R_SUCCESS 371 *\li DNS_R_CONTINUE Incremental load has been queued. 372 *\li DNS_R_UPTODATE The zone has already been loaded based on 373 * file system timestamps. 374 *\li DNS_R_BADZONE 375 *\li Any result value from dns_db_load(). 376 */ 377 378isc_result_t 379dns_zone_asyncload(dns_zone_t *zone, bool newonly, dns_zt_zoneloaded_t done, 380 void *arg); 381/*%< 382 * Cause the database to be loaded from its backing store asynchronously. 383 * Other zone maintenance functions are suspended until this is complete. 384 * When finished, 'done' is called to inform the caller, with 'arg' as 385 * its first argument and 'zone' as its second. (Normally, 'arg' is 386 * expected to point to the zone table but is left undefined for testing 387 * purposes.) 388 * 389 * Require: 390 *\li 'zone' to be a valid zone. 391 * 392 * Returns: 393 *\li #ISC_R_ALREADYRUNNING 394 *\li #ISC_R_SUCCESS 395 *\li #ISC_R_FAILURE 396 *\li #ISC_R_NOMEMORY 397 */ 398 399bool 400dns__zone_loadpending(dns_zone_t *zone); 401/*%< 402 * Indicates whether the zone is waiting to be loaded asynchronously. 403 * (Not currently intended for use outside of this module and associated 404 * tests.) 405 */ 406 407void 408dns_zone_attach(dns_zone_t *source, dns_zone_t **target); 409/*%< 410 * Attach '*target' to 'source' incrementing its external 411 * reference count. 412 * 413 * Require: 414 *\li 'zone' to be a valid zone. 415 *\li 'target' to be non NULL and '*target' to be NULL. 416 */ 417 418void 419dns_zone_detach(dns_zone_t **zonep); 420/*%< 421 * Detach from a zone decrementing its external reference count. 422 * If this was the last external reference to the zone it will be 423 * shut down and eventually freed. 424 * 425 * Require: 426 *\li 'zonep' to point to a valid zone. 427 */ 428 429void 430dns_zone_iattach(dns_zone_t *source, dns_zone_t **target); 431/*%< 432 * Attach '*target' to 'source' incrementing its internal 433 * reference count. This is intended for use by operations 434 * such as zone transfers that need to prevent the zone 435 * object from being freed but not from shutting down. 436 * 437 * Require: 438 *\li The caller is running in the context of the zone's task. 439 *\li 'zone' to be a valid zone. 440 *\li 'target' to be non NULL and '*target' to be NULL. 441 */ 442 443void 444dns_zone_idetach(dns_zone_t **zonep); 445/*%< 446 * Detach from a zone decrementing its internal reference count. 447 * If there are no more internal or external references to the 448 * zone, it will be freed. 449 * 450 * Require: 451 *\li The caller is running in the context of the zone's task. 452 *\li 'zonep' to point to a valid zone. 453 */ 454 455void 456dns_zone_setflag(dns_zone_t *zone, unsigned int flags, bool value); 457/*%< 458 * Sets ('value' == 'true') / clears ('value' == 'IS_FALSE') 459 * zone flags. Valid flag bits are DNS_ZONE_F_*. 460 * 461 * Requires 462 *\li 'zone' to be a valid zone. 463 */ 464 465isc_result_t 466dns_zone_getdb(dns_zone_t *zone, dns_db_t **dbp); 467/*%< 468 * Attach '*dbp' to the database to if it exists otherwise 469 * return DNS_R_NOTLOADED. 470 * 471 * Require: 472 *\li 'zone' to be a valid zone. 473 *\li 'dbp' to be != NULL && '*dbp' == NULL. 474 * 475 * Returns: 476 *\li #ISC_R_SUCCESS 477 *\li DNS_R_NOTLOADED 478 */ 479 480void 481dns_zone_setdb(dns_zone_t *zone, dns_db_t *db); 482/*%< 483 * Sets the zone database to 'db'. 484 * 485 * This function is expected to be used to configure a zone with a 486 * database which is not loaded from a file or zone transfer. 487 * It can be used for a general purpose zone, but right now its use 488 * is limited to static-stub zones to avoid possible undiscovered 489 * problems in the general cases. 490 * 491 * Require: 492 *\li 'zone' to be a valid zone of static-stub. 493 *\li zone doesn't have a database. 494 */ 495 496void 497dns_zone_setdbtype(dns_zone_t *zone, unsigned int dbargc, 498 const char *const *dbargv); 499/*%< 500 * Sets the database type to dbargv[0] and database arguments 501 * to subsequent dbargv elements. 502 * 'db_type' is not checked to see if it is a valid database type. 503 * 504 * Require: 505 *\li 'zone' to be a valid zone. 506 *\li 'database' to be non NULL. 507 *\li 'dbargc' to be >= 1 508 *\li 'dbargv' to point to dbargc NULL-terminated strings 509 */ 510 511isc_result_t 512dns_zone_getdbtype(dns_zone_t *zone, char ***argv, isc_mem_t *mctx); 513/*%< 514 * Returns the current dbtype. isc_mem_free() should be used 515 * to free 'argv' after use. 516 * 517 * Require: 518 *\li 'zone' to be a valid zone. 519 *\li 'argv' to be non NULL and *argv to be NULL. 520 *\li 'mctx' to be valid. 521 * 522 * Returns: 523 *\li #ISC_R_NOMEMORY 524 *\li #ISC_R_SUCCESS 525 */ 526 527void 528dns_zone_markdirty(dns_zone_t *zone); 529/*%< 530 * Mark a zone as 'dirty'. 531 * 532 * Require: 533 *\li 'zone' to be a valid zone. 534 */ 535 536void 537dns_zone_expire(dns_zone_t *zone); 538/*%< 539 * Mark the zone as expired. If the zone requires dumping cause it to 540 * be initiated. Set the refresh and retry intervals to there default 541 * values and unload the zone. 542 * 543 * Require 544 *\li 'zone' to be a valid zone. 545 */ 546 547void 548dns_zone_refresh(dns_zone_t *zone); 549/*%< 550 * Initiate zone up to date checks. The zone must already be being 551 * managed. 552 * 553 * Require 554 *\li 'zone' to be a valid zone. 555 */ 556 557isc_result_t 558dns_zone_flush(dns_zone_t *zone); 559/*%< 560 * Write the zone to database if there are uncommitted changes. 561 * 562 * Require: 563 *\li 'zone' to be a valid zone. 564 */ 565 566isc_result_t 567dns_zone_dump(dns_zone_t *zone); 568/*%< 569 * Write the zone to database. 570 * 571 * Require: 572 *\li 'zone' to be a valid zone. 573 */ 574 575isc_result_t 576dns_zone_dumptostream(dns_zone_t *zone, FILE *fd, dns_masterformat_t format, 577 const dns_master_style_t *style, 578 const uint32_t rawversion); 579/*%< 580 * Write the zone to stream 'fd' in the specified 'format'. 581 * If the 'format' is dns_masterformat_text (RFC1035), 'style' also 582 * specifies the file style (e.g., &dns_master_style_default). 583 * 584 * dns_zone_dumptostream() is a backward-compatible form of 585 * dns_zone_dumptostream2(), which always uses the dns_masterformat_text 586 * format and the dns_master_style_default style. 587 * 588 * dns_zone_dumptostream2() is a backward-compatible form of 589 * dns_zone_dumptostream3(), which always uses the current 590 * default raw file format version. 591 * 592 * Note that dns_zone_dumptostream3() is the most flexible form. It 593 * can also provide the functionality of dns_zone_fulldumptostream(). 594 * 595 * Require: 596 *\li 'zone' to be a valid zone. 597 *\li 'fd' to be a stream open for writing. 598 */ 599 600void 601dns_zone_maintenance(dns_zone_t *zone); 602/*%< 603 * Perform regular maintenance on the zone. This is called as a 604 * result of a zone being managed. 605 * 606 * Require 607 *\li 'zone' to be a valid zone. 608 */ 609 610isc_result_t 611dns_zone_setmasters(dns_zone_t *zone, const isc_sockaddr_t *masters, 612 uint32_t count); 613isc_result_t 614dns_zone_setmasterswithkeys(dns_zone_t *zone, const isc_sockaddr_t *masters, 615 dns_name_t **keynames, uint32_t count); 616/*%< 617 * Set the list of master servers for the zone. 618 * 619 * Require: 620 *\li 'zone' to be a valid zone. 621 *\li 'masters' array of isc_sockaddr_t with port set or NULL. 622 *\li 'count' the number of masters. 623 *\li 'keynames' array of dns_name_t's for tsig keys or NULL. 624 * 625 * \li dns_zone_setmasters() is just a wrapper to setmasterswithkeys(), 626 * passing NULL in the keynames field. 627 * 628 * \li If 'masters' is NULL then 'count' must be zero. 629 * 630 * Returns: 631 *\li #ISC_R_SUCCESS 632 *\li #ISC_R_NOMEMORY 633 *\li Any result dns_name_dup() can return, if keynames!=NULL 634 */ 635 636isc_result_t 637dns_zone_setalsonotify(dns_zone_t *zone, const isc_sockaddr_t *notify, 638 uint32_t count); 639isc_result_t 640dns_zone_setalsonotifywithkeys(dns_zone_t *zone, const isc_sockaddr_t *notify, 641 dns_name_t **keynames, uint32_t count); 642isc_result_t 643dns_zone_setalsonotifydscpkeys(dns_zone_t *zone, const isc_sockaddr_t *notify, 644 const isc_dscp_t *dscps, dns_name_t **keynames, 645 uint32_t count); 646/*%< 647 * Set the list of additional servers to be notified when 648 * a zone changes. To clear the list use 'count = 0'. 649 * 650 * dns_zone_alsonotifywithkeys() allows each notify address to 651 * be associated with a TSIG key. 652 * 653 * Require: 654 *\li 'zone' to be a valid zone. 655 *\li 'notify' to be non-NULL if count != 0. 656 *\li 'count' to be the number of notifiees. 657 * 658 * Returns: 659 *\li #ISC_R_SUCCESS 660 *\li #ISC_R_NOMEMORY 661 */ 662 663void 664dns_zone_unload(dns_zone_t *zone); 665/*%< 666 * detach the database from the zone structure. 667 * 668 * Require: 669 *\li 'zone' to be a valid zone. 670 */ 671 672dns_kasp_t * 673dns_zone_getkasp(dns_zone_t *zone); 674/*%< 675 * Returns the current kasp. 676 * 677 * Require: 678 *\li 'zone' to be a valid zone. 679 */ 680 681void 682dns_zone_setkasp(dns_zone_t *zone, dns_kasp_t *kasp); 683/*%< 684 * Set kasp for zone. If a kasp is already set, it will be detached. 685 * 686 * Requires: 687 *\li 'zone' to be a valid zone. 688 */ 689 690void 691dns_zone_setoption(dns_zone_t *zone, dns_zoneopt_t option, bool value); 692/*%< 693 * Set the given options on ('value' == true) or off 694 * ('value' == #false). 695 * 696 * Require: 697 *\li 'zone' to be a valid zone. 698 */ 699 700dns_zoneopt_t 701dns_zone_getoptions(dns_zone_t *zone); 702/*%< 703 * Returns the current zone options. 704 * 705 * Require: 706 *\li 'zone' to be a valid zone. 707 */ 708 709void 710dns_zone_setkeyopt(dns_zone_t *zone, unsigned int option, bool value); 711/*%< 712 * Set key options on ('value' == true) or off ('value' == 713 * #false). 714 * 715 * Require: 716 *\li 'zone' to be a valid zone. 717 */ 718 719unsigned int 720dns_zone_getkeyopts(dns_zone_t *zone); 721/*%< 722 * Returns the current zone key options. 723 * 724 * Require: 725 *\li 'zone' to be a valid zone. 726 */ 727 728void 729dns_zone_setminrefreshtime(dns_zone_t *zone, uint32_t val); 730/*%< 731 * Set the minimum refresh time. 732 * 733 * Requires: 734 *\li 'zone' is valid. 735 *\li val > 0. 736 */ 737 738void 739dns_zone_setmaxrefreshtime(dns_zone_t *zone, uint32_t val); 740/*%< 741 * Set the maximum refresh time. 742 * 743 * Requires: 744 *\li 'zone' is valid. 745 *\li val > 0. 746 */ 747 748void 749dns_zone_setminretrytime(dns_zone_t *zone, uint32_t val); 750/*%< 751 * Set the minimum retry time. 752 * 753 * Requires: 754 *\li 'zone' is valid. 755 *\li val > 0. 756 */ 757 758void 759dns_zone_setmaxretrytime(dns_zone_t *zone, uint32_t val); 760/*%< 761 * Set the maximum retry time. 762 * 763 * Requires: 764 *\li 'zone' is valid. 765 * val > 0. 766 */ 767 768isc_result_t 769dns_zone_setxfrsource4(dns_zone_t *zone, const isc_sockaddr_t *xfrsource); 770isc_result_t 771dns_zone_setaltxfrsource4(dns_zone_t *zone, const isc_sockaddr_t *xfrsource); 772/*%< 773 * Set the source address to be used in IPv4 zone transfers. 774 * 775 * Require: 776 *\li 'zone' to be a valid zone. 777 *\li 'xfrsource' to contain the address. 778 * 779 * Returns: 780 *\li #ISC_R_SUCCESS 781 */ 782 783isc_sockaddr_t * 784dns_zone_getxfrsource4(dns_zone_t *zone); 785isc_sockaddr_t * 786dns_zone_getaltxfrsource4(dns_zone_t *zone); 787/*%< 788 * Returns the source address set by a previous dns_zone_setxfrsource4 789 * call, or the default of inaddr_any, port 0. 790 * 791 * Require: 792 *\li 'zone' to be a valid zone. 793 */ 794 795isc_result_t 796dns_zone_setxfrsource4dscp(dns_zone_t *zone, isc_dscp_t dscp); 797isc_result_t 798dns_zone_setaltxfrsource4dscp(dns_zone_t *zone, isc_dscp_t dscp); 799/*%< 800 * Set the DSCP value associated with the transfer/alt-transfer source. 801 * 802 * Require: 803 *\li 'zone' to be a valid zone. 804 * 805 * Returns: 806 *\li #ISC_R_SUCCESS 807 */ 808 809isc_dscp_t 810dns_zone_getxfrsource4dscp(dns_zone_t *zone); 811isc_dscp_t 812dns_zone_getaltxfrsource4dscp(dns_zone_t *zone); 813/*%/ 814 * Get the DSCP value associated with the transfer/alt-transfer source. 815 * 816 * Require: 817 *\li 'zone' to be a valid zone. 818 */ 819 820isc_result_t 821dns_zone_setxfrsource6(dns_zone_t *zone, const isc_sockaddr_t *xfrsource); 822isc_result_t 823dns_zone_setaltxfrsource6(dns_zone_t *zone, const isc_sockaddr_t *xfrsource); 824/*%< 825 * Set the source address to be used in IPv6 zone transfers. 826 * 827 * Require: 828 *\li 'zone' to be a valid zone. 829 *\li 'xfrsource' to contain the address. 830 * 831 * Returns: 832 *\li #ISC_R_SUCCESS 833 */ 834 835isc_sockaddr_t * 836dns_zone_getxfrsource6(dns_zone_t *zone); 837isc_sockaddr_t * 838dns_zone_getaltxfrsource6(dns_zone_t *zone); 839/*%< 840 * Returns the source address set by a previous dns_zone_setxfrsource6 841 * call, or the default of in6addr_any, port 0. 842 * 843 * Require: 844 *\li 'zone' to be a valid zone. 845 */ 846 847isc_dscp_t 848dns_zone_getxfrsource6dscp(dns_zone_t *zone); 849isc_dscp_t 850dns_zone_getaltxfrsource6dscp(dns_zone_t *zone); 851/*%/ 852 * Get the DSCP value associated with the transfer/alt-transfer source. 853 * 854 * Require: 855 *\li 'zone' to be a valid zone. 856 */ 857 858isc_result_t 859dns_zone_setxfrsource6dscp(dns_zone_t *zone, isc_dscp_t dscp); 860isc_result_t 861dns_zone_setaltxfrsource6dscp(dns_zone_t *zone, isc_dscp_t dscp); 862/*%< 863 * Set the DSCP value associated with the transfer/alt-transfer source. 864 * 865 * Require: 866 *\li 'zone' to be a valid zone. 867 * 868 * Returns: 869 *\li #ISC_R_SUCCESS 870 */ 871 872isc_result_t 873dns_zone_setnotifysrc4(dns_zone_t *zone, const isc_sockaddr_t *notifysrc); 874/*%< 875 * Set the source address to be used with IPv4 NOTIFY messages. 876 * 877 * Require: 878 *\li 'zone' to be a valid zone. 879 *\li 'notifysrc' to contain the address. 880 * 881 * Returns: 882 *\li #ISC_R_SUCCESS 883 */ 884 885isc_sockaddr_t * 886dns_zone_getnotifysrc4(dns_zone_t *zone); 887/*%< 888 * Returns the source address set by a previous dns_zone_setnotifysrc4 889 * call, or the default of inaddr_any, port 0. 890 * 891 * Require: 892 *\li 'zone' to be a valid zone. 893 */ 894 895isc_dscp_t 896dns_zone_getnotifysrc4dscp(dns_zone_t *zone); 897/*%/ 898 * Get the DSCP value associated with the IPv4 notify source. 899 * 900 * Require: 901 *\li 'zone' to be a valid zone. 902 */ 903 904isc_result_t 905dns_zone_setnotifysrc4dscp(dns_zone_t *zone, isc_dscp_t dscp); 906/*%< 907 * Set the DSCP value associated with the IPv4 notify source. 908 * 909 * Require: 910 *\li 'zone' to be a valid zone. 911 * 912 * Returns: 913 *\li #ISC_R_SUCCESS 914 */ 915 916isc_result_t 917dns_zone_setnotifysrc6(dns_zone_t *zone, const isc_sockaddr_t *notifysrc); 918/*%< 919 * Set the source address to be used with IPv6 NOTIFY messages. 920 * 921 * Require: 922 *\li 'zone' to be a valid zone. 923 *\li 'notifysrc' to contain the address. 924 * 925 * Returns: 926 *\li #ISC_R_SUCCESS 927 */ 928 929isc_sockaddr_t * 930dns_zone_getnotifysrc6(dns_zone_t *zone); 931/*%< 932 * Returns the source address set by a previous dns_zone_setnotifysrc6 933 * call, or the default of in6addr_any, port 0. 934 * 935 * Require: 936 *\li 'zone' to be a valid zone. 937 */ 938 939isc_dscp_t 940dns_zone_getnotifysrc6dscp(dns_zone_t *zone); 941/*%/ 942 * Get the DSCP value associated with the IPv6 notify source. 943 * 944 * Require: 945 *\li 'zone' to be a valid zone. 946 */ 947 948isc_result_t 949dns_zone_setnotifysrc6dscp(dns_zone_t *zone, isc_dscp_t dscp); 950/*%< 951 * Set the DSCP value associated with the IPv6 notify source. 952 * 953 * Require: 954 *\li 'zone' to be a valid zone. 955 * 956 * Returns: 957 *\li #ISC_R_SUCCESS 958 */ 959 960void 961dns_zone_setnotifyacl(dns_zone_t *zone, dns_acl_t *acl); 962/*%< 963 * Sets the notify acl list for the zone. 964 * 965 * Require: 966 *\li 'zone' to be a valid zone. 967 *\li 'acl' to be a valid acl. 968 */ 969 970void 971dns_zone_setqueryacl(dns_zone_t *zone, dns_acl_t *acl); 972/*%< 973 * Sets the query acl list for the zone. 974 * 975 * Require: 976 *\li 'zone' to be a valid zone. 977 *\li 'acl' to be a valid acl. 978 */ 979 980void 981dns_zone_setqueryonacl(dns_zone_t *zone, dns_acl_t *acl); 982/*%< 983 * Sets the query-on acl list for the zone. 984 * 985 * Require: 986 *\li 'zone' to be a valid zone. 987 *\li 'acl' to be a valid acl. 988 */ 989 990void 991dns_zone_setupdateacl(dns_zone_t *zone, dns_acl_t *acl); 992/*%< 993 * Sets the update acl list for the zone. 994 * 995 * Require: 996 *\li 'zone' to be a valid zone. 997 *\li 'acl' to be valid acl. 998 */ 999 1000void 1001dns_zone_setforwardacl(dns_zone_t *zone, dns_acl_t *acl); 1002/*%< 1003 * Sets the forward unsigned updates acl list for the zone. 1004 * 1005 * Require: 1006 *\li 'zone' to be a valid zone. 1007 *\li 'acl' to be valid acl. 1008 */ 1009 1010void 1011dns_zone_setxfracl(dns_zone_t *zone, dns_acl_t *acl); 1012/*%< 1013 * Sets the transfer acl list for the zone. 1014 * 1015 * Require: 1016 *\li 'zone' to be a valid zone. 1017 *\li 'acl' to be valid acl. 1018 */ 1019 1020dns_acl_t * 1021dns_zone_getnotifyacl(dns_zone_t *zone); 1022/*%< 1023 * Returns the current notify acl or NULL. 1024 * 1025 * Require: 1026 *\li 'zone' to be a valid zone. 1027 * 1028 * Returns: 1029 *\li acl a pointer to the acl. 1030 *\li NULL 1031 */ 1032 1033dns_acl_t * 1034dns_zone_getqueryacl(dns_zone_t *zone); 1035/*%< 1036 * Returns the current query acl or NULL. 1037 * 1038 * Require: 1039 *\li 'zone' to be a valid zone. 1040 * 1041 * Returns: 1042 *\li acl a pointer to the acl. 1043 *\li NULL 1044 */ 1045 1046dns_acl_t * 1047dns_zone_getqueryonacl(dns_zone_t *zone); 1048/*%< 1049 * Returns the current query-on acl or NULL. 1050 * 1051 * Require: 1052 *\li 'zone' to be a valid zone. 1053 * 1054 * Returns: 1055 *\li acl a pointer to the acl. 1056 *\li NULL 1057 */ 1058 1059dns_acl_t * 1060dns_zone_getupdateacl(dns_zone_t *zone); 1061/*%< 1062 * Returns the current update acl or NULL. 1063 * 1064 * Require: 1065 *\li 'zone' to be a valid zone. 1066 * 1067 * Returns: 1068 *\li acl a pointer to the acl. 1069 *\li NULL 1070 */ 1071 1072dns_acl_t * 1073dns_zone_getforwardacl(dns_zone_t *zone); 1074/*%< 1075 * Returns the current forward unsigned updates acl or NULL. 1076 * 1077 * Require: 1078 *\li 'zone' to be a valid zone. 1079 * 1080 * Returns: 1081 *\li acl a pointer to the acl. 1082 *\li NULL 1083 */ 1084 1085dns_acl_t * 1086dns_zone_getxfracl(dns_zone_t *zone); 1087/*%< 1088 * Returns the current transfer acl or NULL. 1089 * 1090 * Require: 1091 *\li 'zone' to be a valid zone. 1092 * 1093 * Returns: 1094 *\li acl a pointer to the acl. 1095 *\li NULL 1096 */ 1097 1098void 1099dns_zone_clearupdateacl(dns_zone_t *zone); 1100/*%< 1101 * Clear the current update acl. 1102 * 1103 * Require: 1104 *\li 'zone' to be a valid zone. 1105 */ 1106 1107void 1108dns_zone_clearforwardacl(dns_zone_t *zone); 1109/*%< 1110 * Clear the current forward unsigned updates acl. 1111 * 1112 * Require: 1113 *\li 'zone' to be a valid zone. 1114 */ 1115 1116void 1117dns_zone_clearnotifyacl(dns_zone_t *zone); 1118/*%< 1119 * Clear the current notify acl. 1120 * 1121 * Require: 1122 *\li 'zone' to be a valid zone. 1123 */ 1124 1125void 1126dns_zone_clearqueryacl(dns_zone_t *zone); 1127/*%< 1128 * Clear the current query acl. 1129 * 1130 * Require: 1131 *\li 'zone' to be a valid zone. 1132 */ 1133 1134void 1135dns_zone_clearqueryonacl(dns_zone_t *zone); 1136/*%< 1137 * Clear the current query-on acl. 1138 * 1139 * Require: 1140 *\li 'zone' to be a valid zone. 1141 */ 1142 1143void 1144dns_zone_clearxfracl(dns_zone_t *zone); 1145/*%< 1146 * Clear the current transfer acl. 1147 * 1148 * Require: 1149 *\li 'zone' to be a valid zone. 1150 */ 1151 1152bool 1153dns_zone_getupdatedisabled(dns_zone_t *zone); 1154/*%< 1155 * Return update disabled. 1156 * Transient unless called when running in isc_task_exclusive() mode. 1157 */ 1158 1159void 1160dns_zone_setupdatedisabled(dns_zone_t *zone, bool state); 1161/*%< 1162 * Set update disabled. 1163 * Should only be called only when running in isc_task_exclusive() mode. 1164 * Failure to do so may result in updates being committed after the 1165 * call has been made. 1166 */ 1167 1168bool 1169dns_zone_getzeronosoattl(dns_zone_t *zone); 1170/*%< 1171 * Return zero-no-soa-ttl status. 1172 */ 1173 1174void 1175dns_zone_setzeronosoattl(dns_zone_t *zone, bool state); 1176/*%< 1177 * Set zero-no-soa-ttl status. 1178 */ 1179 1180void 1181dns_zone_setchecknames(dns_zone_t *zone, dns_severity_t severity); 1182/*%< 1183 * Set the severity of name checking when loading a zone. 1184 * 1185 * Require: 1186 * \li 'zone' to be a valid zone. 1187 */ 1188 1189dns_severity_t 1190dns_zone_getchecknames(dns_zone_t *zone); 1191/*%< 1192 * Return the current severity of name checking. 1193 * 1194 * Require: 1195 *\li 'zone' to be a valid zone. 1196 */ 1197 1198void 1199dns_zone_setjournalsize(dns_zone_t *zone, int32_t size); 1200/*%< 1201 * Sets the journal size for the zone. 1202 * 1203 * Requires: 1204 *\li 'zone' to be a valid zone. 1205 */ 1206 1207int32_t 1208dns_zone_getjournalsize(dns_zone_t *zone); 1209/*%< 1210 * Return the journal size as set with a previous call to 1211 * dns_zone_setjournalsize(). 1212 * 1213 * Requires: 1214 *\li 'zone' to be a valid zone. 1215 */ 1216 1217isc_result_t 1218dns_zone_notifyreceive(dns_zone_t *zone, isc_sockaddr_t *from, 1219 isc_sockaddr_t *to, dns_message_t *msg); 1220/*%< 1221 * Tell the zone that it has received a NOTIFY message from another 1222 * server. This may cause some zone maintenance activity to occur. 1223 * 1224 * Requires: 1225 *\li 'zone' to be a valid zone. 1226 *\li '*from' to contain the address of the server from which 'msg' 1227 * was received. 1228 *\li 'msg' a message with opcode NOTIFY and qr clear. 1229 * 1230 * Returns: 1231 *\li DNS_R_REFUSED 1232 *\li DNS_R_NOTIMP 1233 *\li DNS_R_FORMERR 1234 *\li DNS_R_SUCCESS 1235 */ 1236 1237void 1238dns_zone_setmaxxfrin(dns_zone_t *zone, uint32_t maxxfrin); 1239/*%< 1240 * Set the maximum time (in seconds) that a zone transfer in (AXFR/IXFR) 1241 * of this zone will use before being aborted. 1242 * 1243 * Requires: 1244 * \li 'zone' to be valid initialised zone. 1245 */ 1246 1247uint32_t 1248dns_zone_getmaxxfrin(dns_zone_t *zone); 1249/*%< 1250 * Returns the maximum transfer time for this zone. This will be 1251 * either the value set by the last call to dns_zone_setmaxxfrin() or 1252 * the default value of 1 hour. 1253 * 1254 * Requires: 1255 *\li 'zone' to be valid initialised zone. 1256 */ 1257 1258void 1259dns_zone_setmaxxfrout(dns_zone_t *zone, uint32_t maxxfrout); 1260/*%< 1261 * Set the maximum time (in seconds) that a zone transfer out (AXFR/IXFR) 1262 * of this zone will use before being aborted. 1263 * 1264 * Requires: 1265 * \li 'zone' to be valid initialised zone. 1266 */ 1267 1268uint32_t 1269dns_zone_getmaxxfrout(dns_zone_t *zone); 1270/*%< 1271 * Returns the maximum transfer time for this zone. This will be 1272 * either the value set by the last call to dns_zone_setmaxxfrout() or 1273 * the default value of 1 hour. 1274 * 1275 * Requires: 1276 *\li 'zone' to be valid initialised zone. 1277 */ 1278 1279isc_result_t 1280dns_zone_setjournal(dns_zone_t *zone, const char *myjournal); 1281/*%< 1282 * Sets the filename used for journaling updates / IXFR transfers. 1283 * The default journal name is set by dns_zone_setfile() to be 1284 * "file.jnl". If 'myjournal' is NULL, the zone will have no 1285 * journal name. 1286 * 1287 * Requires: 1288 *\li 'zone' to be a valid zone. 1289 * 1290 * Returns: 1291 *\li #ISC_R_SUCCESS 1292 *\li #ISC_R_NOMEMORY 1293 */ 1294 1295char * 1296dns_zone_getjournal(dns_zone_t *zone); 1297/*%< 1298 * Returns the journal name associated with this zone. 1299 * If no journal has been set this will be NULL. 1300 * 1301 * Requires: 1302 *\li 'zone' to be valid initialised zone. 1303 */ 1304 1305dns_zonetype_t 1306dns_zone_gettype(dns_zone_t *zone); 1307/*%< 1308 * Returns the type of the zone (master/slave/etc.) 1309 * 1310 * Requires: 1311 *\li 'zone' to be valid initialised zone. 1312 */ 1313 1314dns_zonetype_t 1315dns_zone_getredirecttype(dns_zone_t *zone); 1316/*%< 1317 * Returns whether the redirect zone is configured as a master or a 1318 * slave zone. 1319 * 1320 * Requires: 1321 *\li 'zone' to be valid initialised zone. 1322 *\li 'zone' to be a redirect zone. 1323 * 1324 * Returns: 1325 *\li 'dns_zone_master' 1326 *\li 'dns_zone_slave' 1327 */ 1328 1329void 1330dns_zone_settask(dns_zone_t *zone, isc_task_t *task); 1331/*%< 1332 * Give a zone a task to work with. Any current task will be detached. 1333 * 1334 * Requires: 1335 *\li 'zone' to be valid. 1336 *\li 'task' to be valid. 1337 */ 1338 1339void 1340dns_zone_gettask(dns_zone_t *zone, isc_task_t **target); 1341/*%< 1342 * Attach '*target' to the zone's task. 1343 * 1344 * Requires: 1345 *\li 'zone' to be valid initialised zone. 1346 *\li 'zone' to have a task. 1347 *\li 'target' to be != NULL && '*target' == NULL. 1348 */ 1349 1350void 1351dns_zone_notify(dns_zone_t *zone); 1352/*%< 1353 * Generate notify events for this zone. 1354 * 1355 * Requires: 1356 *\li 'zone' to be a valid zone. 1357 */ 1358 1359isc_result_t 1360dns_zone_replacedb(dns_zone_t *zone, dns_db_t *db, bool dump); 1361/*%< 1362 * Replace the database of "zone" with a new database "db". 1363 * 1364 * If "dump" is true, then the new zone contents are dumped 1365 * into to the zone's master file for persistence. When replacing 1366 * a zone database by one just loaded from a master file, set 1367 * "dump" to false to avoid a redundant redump of the data just 1368 * loaded. Otherwise, it should be set to true. 1369 * 1370 * If the "diff-on-reload" option is enabled in the configuration file, 1371 * the differences between the old and the new database are added to the 1372 * journal file, and the master file dump is postponed. 1373 * 1374 * Requires: 1375 * \li 'zone' to be a valid zone. 1376 * 1377 * Returns: 1378 * \li DNS_R_SUCCESS 1379 * \li DNS_R_BADZONE zone failed basic consistency checks: 1380 * * a single SOA must exist 1381 * * some NS records must exist. 1382 * Others 1383 */ 1384 1385uint32_t 1386dns_zone_getidlein(dns_zone_t *zone); 1387/*%< 1388 * Requires: 1389 * \li 'zone' to be a valid zone. 1390 * 1391 * Returns: 1392 * \li number of seconds of idle time before we abort the transfer in. 1393 */ 1394 1395void 1396dns_zone_setidlein(dns_zone_t *zone, uint32_t idlein); 1397/*%< 1398 * \li Set the idle timeout for transfer the. 1399 * \li Zero set the default value, 1 hour. 1400 * 1401 * Requires: 1402 * \li 'zone' to be a valid zone. 1403 */ 1404 1405uint32_t 1406dns_zone_getidleout(dns_zone_t *zone); 1407/*%< 1408 * 1409 * Requires: 1410 * \li 'zone' to be a valid zone. 1411 * 1412 * Returns: 1413 * \li number of seconds of idle time before we abort a transfer out. 1414 */ 1415 1416void 1417dns_zone_setidleout(dns_zone_t *zone, uint32_t idleout); 1418/*%< 1419 * \li Set the idle timeout for transfers out. 1420 * \li Zero set the default value, 1 hour. 1421 * 1422 * Requires: 1423 * \li 'zone' to be a valid zone. 1424 */ 1425 1426void 1427dns_zone_getssutable(dns_zone_t *zone, dns_ssutable_t **table); 1428/*%< 1429 * Get the simple-secure-update policy table. 1430 * 1431 * Requires: 1432 * \li 'zone' to be a valid zone. 1433 */ 1434 1435void 1436dns_zone_setssutable(dns_zone_t *zone, dns_ssutable_t *table); 1437/*%< 1438 * Set / clear the simple-secure-update policy table. 1439 * 1440 * Requires: 1441 * \li 'zone' to be a valid zone. 1442 */ 1443 1444isc_mem_t * 1445dns_zone_getmctx(dns_zone_t *zone); 1446/*%< 1447 * Get the memory context of a zone. 1448 * 1449 * Requires: 1450 * \li 'zone' to be a valid zone. 1451 */ 1452 1453dns_zonemgr_t * 1454dns_zone_getmgr(dns_zone_t *zone); 1455/*%< 1456 * If 'zone' is managed return the zone manager otherwise NULL. 1457 * 1458 * Requires: 1459 * \li 'zone' to be a valid zone. 1460 */ 1461 1462void 1463dns_zone_setsigvalidityinterval(dns_zone_t *zone, uint32_t interval); 1464/*%< 1465 * Set the zone's general signature validity interval. This is the length 1466 * of time for which DNSSEC signatures created as a result of dynamic 1467 * updates to secure zones will remain valid, in seconds. 1468 * 1469 * Requires: 1470 * \li 'zone' to be a valid zone. 1471 */ 1472 1473uint32_t 1474dns_zone_getsigvalidityinterval(dns_zone_t *zone); 1475/*%< 1476 * Get the zone's general signature validity interval. 1477 * 1478 * Requires: 1479 * \li 'zone' to be a valid zone. 1480 */ 1481 1482void 1483dns_zone_setkeyvalidityinterval(dns_zone_t *zone, uint32_t interval); 1484/*%< 1485 * Set the zone's DNSKEY signature validity interval. This is the length 1486 * of time for which DNSSEC signatures created for DNSKEY records 1487 * will remain valid, in seconds. 1488 * 1489 * If this value is set to zero, then the regular signature validity 1490 * interval (see dns_zone_setsigvalidityinterval(), above) is used 1491 * for all RRSIGs. However, if this value is nonzero, then it is used 1492 * as the validity interval for RRSIGs covering DNSKEY and CDNSKEY 1493 * RRsets. 1494 * 1495 * Requires: 1496 * \li 'zone' to be a valid zone. 1497 */ 1498 1499uint32_t 1500dns_zone_getkeyvalidityinterval(dns_zone_t *zone); 1501/*%< 1502 * Get the zone's DNSKEY signature validity interval. 1503 * 1504 * Requires: 1505 * \li 'zone' to be a valid zone. 1506 */ 1507 1508void 1509dns_zone_setsigresigninginterval(dns_zone_t *zone, uint32_t interval); 1510/*%< 1511 * Set the zone's RRSIG re-signing interval. A dynamic zone's RRSIG's 1512 * will be re-signed 'interval' amount of time before they expire. 1513 * 1514 * Requires: 1515 * \li 'zone' to be a valid zone. 1516 */ 1517 1518uint32_t 1519dns_zone_getsigresigninginterval(dns_zone_t *zone); 1520/*%< 1521 * Get the zone's RRSIG re-signing interval. 1522 * 1523 * Requires: 1524 * \li 'zone' to be a valid zone. 1525 */ 1526 1527void 1528dns_zone_setnotifytype(dns_zone_t *zone, dns_notifytype_t notifytype); 1529/*%< 1530 * Sets zone notify method to "notifytype" 1531 */ 1532 1533isc_result_t 1534dns_zone_forwardupdate(dns_zone_t *zone, dns_message_t *msg, 1535 dns_updatecallback_t callback, void *callback_arg); 1536/*%< 1537 * Forward 'msg' to each master in turn until we get an answer or we 1538 * have exhausted the list of masters. 'callback' will be called with 1539 * ISC_R_SUCCESS if we get an answer and the returned message will be 1540 * passed as 'answer_message', otherwise a non ISC_R_SUCCESS result code 1541 * will be passed and answer_message will be NULL. The callback function 1542 * is responsible for destroying 'answer_message'. 1543 * (callback)(callback_arg, result, answer_message); 1544 * 1545 * Require: 1546 *\li 'zone' to be valid 1547 *\li 'msg' to be valid. 1548 *\li 'callback' to be non NULL. 1549 * Returns: 1550 *\li #ISC_R_SUCCESS if the message has been forwarded, 1551 *\li #ISC_R_NOMEMORY 1552 *\li Others 1553 */ 1554 1555isc_result_t 1556dns_zone_next(dns_zone_t *zone, dns_zone_t **next); 1557/*%< 1558 * Find the next zone in the list of managed zones. 1559 * 1560 * Requires: 1561 *\li 'zone' to be valid 1562 *\li The zone manager for the indicated zone MUST be locked 1563 * by the caller. This is not checked. 1564 *\li 'next' be non-NULL, and '*next' be NULL. 1565 * 1566 * Ensures: 1567 *\li 'next' points to a valid zone (result ISC_R_SUCCESS) or to NULL 1568 * (result ISC_R_NOMORE). 1569 */ 1570 1571isc_result_t 1572dns_zone_first(dns_zonemgr_t *zmgr, dns_zone_t **first); 1573/*%< 1574 * Find the first zone in the list of managed zones. 1575 * 1576 * Requires: 1577 *\li 'zonemgr' to be valid 1578 *\li The zone manager for the indicated zone MUST be locked 1579 * by the caller. This is not checked. 1580 *\li 'first' be non-NULL, and '*first' be NULL 1581 * 1582 * Ensures: 1583 *\li 'first' points to a valid zone (result ISC_R_SUCCESS) or to NULL 1584 * (result ISC_R_NOMORE). 1585 */ 1586 1587isc_result_t 1588dns_zone_setkeydirectory(dns_zone_t *zone, const char *directory); 1589/*%< 1590 * Sets the name of the directory where private keys used for 1591 * online signing of dynamic zones are found. 1592 * 1593 * Require: 1594 *\li 'zone' to be a valid zone. 1595 * 1596 * Returns: 1597 *\li #ISC_R_NOMEMORY 1598 *\li #ISC_R_SUCCESS 1599 */ 1600 1601const char * 1602dns_zone_getkeydirectory(dns_zone_t *zone); 1603/*%< 1604 * Gets the name of the directory where private keys used for 1605 * online signing of dynamic zones are found. 1606 * 1607 * Requires: 1608 *\li 'zone' to be valid initialised zone. 1609 * 1610 * Returns: 1611 * Pointer to null-terminated file name, or NULL. 1612 */ 1613 1614isc_result_t 1615dns_zonemgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr, 1616 isc_timermgr_t *timermgr, isc_socketmgr_t *socketmgr, 1617 dns_zonemgr_t **zmgrp); 1618/*%< 1619 * Create a zone manager. Note: the zone manager will not be able to 1620 * manage any zones until dns_zonemgr_setsize() has been run. 1621 * 1622 * Requires: 1623 *\li 'mctx' to be a valid memory context. 1624 *\li 'taskmgr' to be a valid task manager. 1625 *\li 'timermgr' to be a valid timer manager. 1626 *\li 'zmgrp' to point to a NULL pointer. 1627 */ 1628 1629isc_result_t 1630dns_zonemgr_setsize(dns_zonemgr_t *zmgr, int num_zones); 1631/*%< 1632 * Set the size of the zone manager task pool. This must be run 1633 * before zmgr can be used for managing zones. Currently, it can only 1634 * be run once; the task pool cannot be resized. 1635 * 1636 * Requires: 1637 *\li zmgr is a valid zone manager. 1638 *\li zmgr->zonetasks has been initialized. 1639 */ 1640 1641isc_result_t 1642dns_zonemgr_createzone(dns_zonemgr_t *zmgr, dns_zone_t **zonep); 1643/*%< 1644 * Allocate a new zone using a memory context from the 1645 * zone manager's memory context pool. 1646 * 1647 * Require: 1648 *\li 'zmgr' to be a valid zone manager. 1649 *\li 'zonep' != NULL and '*zonep' == NULL. 1650 */ 1651 1652isc_result_t 1653dns_zonemgr_managezone(dns_zonemgr_t *zmgr, dns_zone_t *zone); 1654/*%< 1655 * Bring the zone under control of a zone manager. 1656 * 1657 * Require: 1658 *\li 'zmgr' to be a valid zone manager. 1659 *\li 'zone' to be a valid zone. 1660 */ 1661 1662isc_result_t 1663dns_zonemgr_forcemaint(dns_zonemgr_t *zmgr); 1664/*%< 1665 * Force zone maintenance of all loaded zones managed by 'zmgr' 1666 * to take place at the system's earliest convenience. 1667 */ 1668 1669void 1670dns__zonemgr_run(isc_task_t *task, isc_event_t *event); 1671/*%< 1672 * Event handler to call dns_zonemgr_forcemaint(); used to start 1673 * zone operations from a unit test. Not intended for use outside 1674 * libdns or related tests. 1675 */ 1676 1677void 1678dns_zonemgr_resumexfrs(dns_zonemgr_t *zmgr); 1679/*%< 1680 * Attempt to start any stalled zone transfers. 1681 */ 1682 1683void 1684dns_zonemgr_shutdown(dns_zonemgr_t *zmgr); 1685/*%< 1686 * Shut down the zone manager. 1687 * 1688 * Requires: 1689 *\li 'zmgr' to be a valid zone manager. 1690 */ 1691 1692void 1693dns_zonemgr_attach(dns_zonemgr_t *source, dns_zonemgr_t **target); 1694/*%< 1695 * Attach '*target' to 'source' incrementing its external 1696 * reference count. 1697 * 1698 * Require: 1699 *\li 'zone' to be a valid zone. 1700 *\li 'target' to be non NULL and '*target' to be NULL. 1701 */ 1702 1703void 1704dns_zonemgr_detach(dns_zonemgr_t **zmgrp); 1705/*%< 1706 * Detach from a zone manager. 1707 * 1708 * Requires: 1709 *\li '*zmgrp' is a valid, non-NULL zone manager pointer. 1710 * 1711 * Ensures: 1712 *\li '*zmgrp' is NULL. 1713 */ 1714 1715void 1716dns_zonemgr_releasezone(dns_zonemgr_t *zmgr, dns_zone_t *zone); 1717/*%< 1718 * Release 'zone' from the managed by 'zmgr'. 'zmgr' is implicitly 1719 * detached from 'zone'. 1720 * 1721 * Requires: 1722 *\li 'zmgr' to be a valid zone manager. 1723 *\li 'zone' to be a valid zone. 1724 *\li 'zmgr' == 'zone->zmgr' 1725 * 1726 * Ensures: 1727 *\li 'zone->zmgr' == NULL; 1728 */ 1729 1730void 1731dns_zonemgr_settransfersin(dns_zonemgr_t *zmgr, uint32_t value); 1732/*%< 1733 * Set the maximum number of simultaneous transfers in allowed by 1734 * the zone manager. 1735 * 1736 * Requires: 1737 *\li 'zmgr' to be a valid zone manager. 1738 */ 1739 1740uint32_t 1741dns_zonemgr_getttransfersin(dns_zonemgr_t *zmgr); 1742/*%< 1743 * Return the maximum number of simultaneous transfers in allowed. 1744 * 1745 * Requires: 1746 *\li 'zmgr' to be a valid zone manager. 1747 */ 1748 1749void 1750dns_zonemgr_settransfersperns(dns_zonemgr_t *zmgr, uint32_t value); 1751/*%< 1752 * Set the number of zone transfers allowed per nameserver. 1753 * 1754 * Requires: 1755 *\li 'zmgr' to be a valid zone manager 1756 */ 1757 1758uint32_t 1759dns_zonemgr_getttransfersperns(dns_zonemgr_t *zmgr); 1760/*%< 1761 * Return the number of transfers allowed per nameserver. 1762 * 1763 * Requires: 1764 *\li 'zmgr' to be a valid zone manager. 1765 */ 1766 1767void 1768dns_zonemgr_setiolimit(dns_zonemgr_t *zmgr, uint32_t iolimit); 1769/*%< 1770 * Set the number of simultaneous file descriptors available for 1771 * reading and writing masterfiles. 1772 * 1773 * Requires: 1774 *\li 'zmgr' to be a valid zone manager. 1775 *\li 'iolimit' to be positive. 1776 */ 1777 1778uint32_t 1779dns_zonemgr_getiolimit(dns_zonemgr_t *zmgr); 1780/*%< 1781 * Get the number of simultaneous file descriptors available for 1782 * reading and writing masterfiles. 1783 * 1784 * Requires: 1785 *\li 'zmgr' to be a valid zone manager. 1786 */ 1787 1788void 1789dns_zonemgr_setnotifyrate(dns_zonemgr_t *zmgr, unsigned int value); 1790/*%< 1791 * Set the number of NOTIFY requests sent per second. 1792 * 1793 * Requires: 1794 *\li 'zmgr' to be a valid zone manager 1795 */ 1796 1797void 1798dns_zonemgr_setstartupnotifyrate(dns_zonemgr_t *zmgr, unsigned int value); 1799/*%< 1800 * Set the number of startup NOTIFY requests sent per second. 1801 * 1802 * Requires: 1803 *\li 'zmgr' to be a valid zone manager 1804 */ 1805 1806void 1807dns_zonemgr_setserialqueryrate(dns_zonemgr_t *zmgr, unsigned int value); 1808/*%< 1809 * Set the number of SOA queries sent per second. 1810 * 1811 * Requires: 1812 *\li 'zmgr' to be a valid zone manager 1813 */ 1814 1815unsigned int 1816dns_zonemgr_getnotifyrate(dns_zonemgr_t *zmgr); 1817/*%< 1818 * Return the number of NOTIFY requests sent per second. 1819 * 1820 * Requires: 1821 *\li 'zmgr' to be a valid zone manager. 1822 */ 1823 1824unsigned int 1825dns_zonemgr_getstartupnotifyrate(dns_zonemgr_t *zmgr); 1826/*%< 1827 * Return the number of startup NOTIFY requests sent per second. 1828 * 1829 * Requires: 1830 *\li 'zmgr' to be a valid zone manager. 1831 */ 1832 1833unsigned int 1834dns_zonemgr_getserialqueryrate(dns_zonemgr_t *zmgr); 1835/*%< 1836 * Return the number of SOA queries sent per second. 1837 * 1838 * Requires: 1839 *\li 'zmgr' to be a valid zone manager. 1840 */ 1841 1842unsigned int 1843dns_zonemgr_getcount(dns_zonemgr_t *zmgr, int state); 1844/*%< 1845 * Returns the number of zones in the specified state. 1846 * 1847 * Requires: 1848 *\li 'zmgr' to be a valid zone manager. 1849 *\li 'state' to be a valid DNS_ZONESTATE_ constant. 1850 */ 1851 1852void 1853dns_zonemgr_unreachableadd(dns_zonemgr_t *zmgr, isc_sockaddr_t *remote, 1854 isc_sockaddr_t *local, isc_time_t *now); 1855/*%< 1856 * Add the pair of addresses to the unreachable cache. 1857 * 1858 * Requires: 1859 *\li 'zmgr' to be a valid zone manager. 1860 *\li 'remote' to be a valid sockaddr. 1861 *\li 'local' to be a valid sockaddr. 1862 */ 1863 1864bool 1865dns_zonemgr_unreachable(dns_zonemgr_t *zmgr, isc_sockaddr_t *remote, 1866 isc_sockaddr_t *local, isc_time_t *now); 1867/*%< 1868 * Returns true if the given local/remote address pair 1869 * is found in the zone maanger's unreachable cache. 1870 * 1871 * Requires: 1872 *\li 'zmgr' to be a valid zone manager. 1873 *\li 'remote' to be a valid sockaddr. 1874 *\li 'local' to be a valid sockaddr. 1875 *\li 'now' != NULL 1876 */ 1877 1878void 1879dns_zonemgr_unreachabledel(dns_zonemgr_t *zmgr, isc_sockaddr_t *remote, 1880 isc_sockaddr_t *local); 1881/*%< 1882 * Remove the pair of addresses from the unreachable cache. 1883 * 1884 * Requires: 1885 *\li 'zmgr' to be a valid zone manager. 1886 *\li 'remote' to be a valid sockaddr. 1887 *\li 'local' to be a valid sockaddr. 1888 */ 1889 1890void 1891dns_zone_forcereload(dns_zone_t *zone); 1892/*%< 1893 * Force a reload of specified zone. 1894 * 1895 * Requires: 1896 *\li 'zone' to be a valid zone. 1897 */ 1898 1899bool 1900dns_zone_isforced(dns_zone_t *zone); 1901/*%< 1902 * Check if the zone is waiting a forced reload. 1903 * 1904 * Requires: 1905 * \li 'zone' to be a valid zone. 1906 */ 1907 1908isc_result_t 1909dns_zone_setstatistics(dns_zone_t *zone, bool on); 1910/*%< 1911 * This function is obsoleted by dns_zone_setrequeststats(). 1912 */ 1913 1914uint64_t * 1915dns_zone_getstatscounters(dns_zone_t *zone); 1916/*%< 1917 * This function is obsoleted by dns_zone_getrequeststats(). 1918 */ 1919 1920void 1921dns_zone_setstats(dns_zone_t *zone, isc_stats_t *stats); 1922/*%< 1923 * Set a general zone-maintenance statistics set 'stats' for 'zone'. This 1924 * function is expected to be called only on zone creation (when necessary). 1925 * Once installed, it cannot be removed or replaced. Also, there is no 1926 * interface to get the installed stats from the zone; the caller must keep the 1927 * stats to reference (e.g. dump) it later. 1928 * 1929 * Requires: 1930 * \li 'zone' to be a valid zone and does not have a statistics set already 1931 * installed. 1932 * 1933 *\li stats is a valid statistics supporting zone statistics counters 1934 * (see dns/stats.h). 1935 */ 1936 1937void 1938dns_zone_setrequeststats(dns_zone_t *zone, isc_stats_t *stats); 1939 1940void 1941dns_zone_setrcvquerystats(dns_zone_t *zone, dns_stats_t *stats); 1942 1943void 1944dns_zone_setdnssecsignstats(dns_zone_t *zone, dns_stats_t *stats); 1945/*%< 1946 * Set additional statistics sets to zone. These are attached to the zone 1947 * but are not counted in the zone module; only the caller updates the 1948 * counters. 1949 * 1950 * Requires: 1951 * \li 'zone' to be a valid zone. 1952 * 1953 *\li stats is a valid statistics. 1954 */ 1955 1956isc_stats_t * 1957dns_zone_getrequeststats(dns_zone_t *zone); 1958 1959dns_stats_t * 1960dns_zone_getrcvquerystats(dns_zone_t *zone); 1961 1962dns_stats_t * 1963dns_zone_getdnssecsignstats(dns_zone_t *zone); 1964/*%< 1965 * Get the additional statistics for zone, if one is installed. 1966 * 1967 * Requires: 1968 * \li 'zone' to be a valid zone. 1969 * 1970 * Returns: 1971 * \li when available, a pointer to the statistics set installed in zone; 1972 * otherwise NULL. 1973 */ 1974 1975void 1976dns_zone_dialup(dns_zone_t *zone); 1977/*%< 1978 * Perform dialup-time maintenance on 'zone'. 1979 */ 1980 1981void 1982dns_zone_setdialup(dns_zone_t *zone, dns_dialuptype_t dialup); 1983/*%< 1984 * Set the dialup type of 'zone' to 'dialup'. 1985 * 1986 * Requires: 1987 * \li 'zone' to be valid initialised zone. 1988 *\li 'dialup' to be a valid dialup type. 1989 */ 1990 1991void 1992dns_zone_logv(dns_zone_t *zone, isc_logcategory_t *category, int level, 1993 const char *prefix, const char *msg, va_list ap); 1994/*%< 1995 * Log the message 'msg...' at 'level' using log category 'category', including 1996 * text that identifies the message as applying to 'zone'. If the (optional) 1997 * 'prefix' is not NULL, it will be placed at the start of the entire log line. 1998 */ 1999 2000void 2001dns_zone_log(dns_zone_t *zone, int level, const char *msg, ...) 2002 ISC_FORMAT_PRINTF(3, 4); 2003/*%< 2004 * Log the message 'msg...' at 'level', including text that identifies 2005 * the message as applying to 'zone'. 2006 */ 2007 2008void 2009dns_zone_logc(dns_zone_t *zone, isc_logcategory_t *category, int level, 2010 const char *msg, ...) ISC_FORMAT_PRINTF(4, 5); 2011/*%< 2012 * Log the message 'msg...' at 'level', including text that identifies 2013 * the message as applying to 'zone'. 2014 */ 2015 2016void 2017dns_zone_name(dns_zone_t *zone, char *buf, size_t len); 2018/*%< 2019 * Return the name of the zone with class and view. 2020 * 2021 * Requires: 2022 *\li 'zone' to be valid. 2023 *\li 'buf' to be non NULL. 2024 */ 2025 2026void 2027dns_zone_nameonly(dns_zone_t *zone, char *buf, size_t len); 2028/*%< 2029 * Return the name of the zone only. 2030 * 2031 * Requires: 2032 *\li 'zone' to be valid. 2033 *\li 'buf' to be non NULL. 2034 */ 2035 2036isc_result_t 2037dns_zone_checknames(dns_zone_t *zone, const dns_name_t *name, 2038 dns_rdata_t *rdata); 2039/*%< 2040 * Check if this record meets the check-names policy. 2041 * 2042 * Requires: 2043 * 'zone' to be valid. 2044 * 'name' to be valid. 2045 * 'rdata' to be valid. 2046 * 2047 * Returns: 2048 * DNS_R_SUCCESS passed checks. 2049 * DNS_R_BADOWNERNAME failed ownername checks. 2050 * DNS_R_BADNAME failed rdata checks. 2051 */ 2052 2053void 2054dns_zone_setcheckmx(dns_zone_t *zone, dns_checkmxfunc_t checkmx); 2055/*%< 2056 * Set the post load integrity callback function 'checkmx'. 2057 * 'checkmx' will be called if the MX TARGET is not within the zone. 2058 * 2059 * Require: 2060 * 'zone' to be a valid zone. 2061 */ 2062 2063void 2064dns_zone_setchecksrv(dns_zone_t *zone, dns_checkmxfunc_t checksrv); 2065/*%< 2066 * Set the post load integrity callback function 'checksrv'. 2067 * 'checksrv' will be called if the SRV TARGET is not within the zone. 2068 * 2069 * Require: 2070 * 'zone' to be a valid zone. 2071 */ 2072 2073void 2074dns_zone_setcheckns(dns_zone_t *zone, dns_checknsfunc_t checkns); 2075/*%< 2076 * Set the post load integrity callback function 'checkns'. 2077 * 'checkns' will be called if the NS TARGET is not within the zone. 2078 * 2079 * Require: 2080 * 'zone' to be a valid zone. 2081 */ 2082 2083void 2084dns_zone_setnotifydelay(dns_zone_t *zone, uint32_t delay); 2085/*%< 2086 * Set the minimum delay between sets of notify messages. 2087 * 2088 * Requires: 2089 * 'zone' to be valid. 2090 */ 2091 2092uint32_t 2093dns_zone_getnotifydelay(dns_zone_t *zone); 2094/*%< 2095 * Get the minimum delay between sets of notify messages. 2096 * 2097 * Requires: 2098 * 'zone' to be valid. 2099 */ 2100 2101void 2102dns_zone_setisself(dns_zone_t *zone, dns_isselffunc_t isself, void *arg); 2103/*%< 2104 * Set the isself callback function and argument. 2105 * 2106 * bool 2107 * isself(dns_view_t *myview, dns_tsigkey_t *mykey, 2108 * const isc_netaddr_t *srcaddr, const isc_netaddr_t *destaddr, 2109 * dns_rdataclass_t rdclass, void *arg); 2110 * 2111 * 'isself' returns true if a non-recursive query from 'srcaddr' to 2112 * 'destaddr' with optional key 'mykey' for class 'rdclass' would be 2113 * delivered to 'myview'. 2114 */ 2115 2116void 2117dns_zone_setnodes(dns_zone_t *zone, uint32_t nodes); 2118/*%< 2119 * Set the number of nodes that will be checked per quantum. 2120 */ 2121 2122void 2123dns_zone_setsignatures(dns_zone_t *zone, uint32_t signatures); 2124/*%< 2125 * Set the number of signatures that will be generated per quantum. 2126 */ 2127 2128uint32_t 2129dns_zone_getsignatures(dns_zone_t *zone); 2130/*%< 2131 * Get the number of signatures that will be generated per quantum. 2132 */ 2133 2134isc_result_t 2135dns_zone_signwithkey(dns_zone_t *zone, dns_secalg_t algorithm, uint16_t keyid, 2136 bool deleteit); 2137/*%< 2138 * Initiate/resume signing of the entire zone with the zone DNSKEY(s) 2139 * that match the given algorithm and keyid. 2140 */ 2141 2142isc_result_t 2143dns_zone_addnsec3chain(dns_zone_t *zone, dns_rdata_nsec3param_t *nsec3param); 2144/*%< 2145 * Incrementally add a NSEC3 chain that corresponds to 'nsec3param'. 2146 */ 2147 2148void 2149dns_zone_setprivatetype(dns_zone_t *zone, dns_rdatatype_t type); 2150dns_rdatatype_t 2151dns_zone_getprivatetype(dns_zone_t *zone); 2152/* 2153 * Get/Set the private record type. It is expected that these interfaces 2154 * will not be permanent. 2155 */ 2156 2157void 2158dns_zone_rekey(dns_zone_t *zone, bool fullsign); 2159/*%< 2160 * Update the zone's DNSKEY set from the key repository. 2161 * 2162 * If 'fullsign' is true, trigger an immediate full signing of 2163 * the zone with the new key. Otherwise, if there are no keys or 2164 * if the new keys are for algorithms that have already signed the 2165 * zone, then the zone can be re-signed incrementally. 2166 */ 2167 2168isc_result_t 2169dns_zone_nscheck(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *version, 2170 unsigned int *errors); 2171/*% 2172 * Check if the name servers for the zone are sane (have address, don't 2173 * refer to CNAMEs/DNAMEs. The number of constiancy errors detected in 2174 * returned in '*errors' 2175 * 2176 * Requires: 2177 * \li 'zone' to be valid. 2178 * \li 'db' to be valid. 2179 * \li 'version' to be valid or NULL. 2180 * \li 'errors' to be non NULL. 2181 * 2182 * Returns: 2183 * ISC_R_SUCCESS if there were no errors examining the zone contents. 2184 */ 2185 2186isc_result_t 2187dns_zone_cdscheck(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *version); 2188/*% 2189 * Check if CSD, CDNSKEY and DNSKEY are consistent. 2190 * 2191 * Requires: 2192 * \li 'zone' to be valid. 2193 * \li 'db' to be valid. 2194 * \li 'version' to be valid or NULL. 2195 * 2196 * Returns: 2197 *\li #ISC_R_SUCCESS 2198 *\li #DNS_R_BADCDS 2199 *\li #DNS_R_BADCDNSKEY 2200 * Others 2201 */ 2202 2203void 2204dns_zone_setadded(dns_zone_t *zone, bool added); 2205/*% 2206 * Sets the value of zone->added, which should be true for 2207 * zones that were originally added by "rndc addzone". 2208 * 2209 * Requires: 2210 * \li 'zone' to be valid. 2211 */ 2212 2213bool 2214dns_zone_getadded(dns_zone_t *zone); 2215/*% 2216 * Returns true if the zone was originally added at runtime 2217 * using "rndc addzone". 2218 * 2219 * Requires: 2220 * \li 'zone' to be valid. 2221 */ 2222 2223void 2224dns_zone_setautomatic(dns_zone_t *zone, bool automatic); 2225/*% 2226 * Sets the value of zone->automatic, which should be true for 2227 * zones that were automatically added by named. 2228 * 2229 * Requires: 2230 * \li 'zone' to be valid. 2231 */ 2232 2233bool 2234dns_zone_getautomatic(dns_zone_t *zone); 2235/*% 2236 * Returns true if the zone was added automatically by named. 2237 * 2238 * Requires: 2239 * \li 'zone' to be valid. 2240 */ 2241 2242isc_result_t 2243dns_zone_dlzpostload(dns_zone_t *zone, dns_db_t *db); 2244/*% 2245 * Load the origin names for a writeable DLZ database. 2246 */ 2247 2248bool 2249dns_zone_isdynamic(dns_zone_t *zone, bool ignore_freeze); 2250/*% 2251 * Return true iff the zone is "dynamic", in the sense that the zone's 2252 * master file (if any) is written by the server, rather than being 2253 * updated manually and read by the server. 2254 * 2255 * This is true for slave zones, stub zones, key zones, and zones that 2256 * allow dynamic updates either by having an update policy ("ssutable") 2257 * or an "allow-update" ACL with a value other than exactly "{ none; }". 2258 * 2259 * If 'ignore_freeze' is true, then the zone which has had updates disabled 2260 * will still report itself to be dynamic. 2261 * 2262 * Requires: 2263 * \li 'zone' to be valid. 2264 */ 2265 2266isc_result_t 2267dns_zone_setrefreshkeyinterval(dns_zone_t *zone, uint32_t interval); 2268/*% 2269 * Sets the frequency, in minutes, with which the key repository will be 2270 * checked to see if the keys for this zone have been updated. Any value 2271 * higher than 1440 minutes (24 hours) will be silently reduced. A 2272 * value of zero will return an out-of-range error. 2273 * 2274 * Requires: 2275 * \li 'zone' to be valid. 2276 */ 2277 2278bool 2279dns_zone_getrequestexpire(dns_zone_t *zone); 2280/*% 2281 * Returns the true/false value of the request-expire option in the zone. 2282 * 2283 * Requires: 2284 * \li 'zone' to be valid. 2285 */ 2286 2287void 2288dns_zone_setrequestexpire(dns_zone_t *zone, bool flag); 2289/*% 2290 * Sets the request-expire option for the zone. Either true or false. The 2291 * default value is determined by the setting of this option in the view. 2292 * 2293 * Requires: 2294 * \li 'zone' to be valid. 2295 */ 2296 2297bool 2298dns_zone_getrequestixfr(dns_zone_t *zone); 2299/*% 2300 * Returns the true/false value of the request-ixfr option in the zone. 2301 * 2302 * Requires: 2303 * \li 'zone' to be valid. 2304 */ 2305 2306void 2307dns_zone_setrequestixfr(dns_zone_t *zone, bool flag); 2308/*% 2309 * Sets the request-ixfr option for the zone. Either true or false. The 2310 * default value is determined by the setting of this option in the view. 2311 * 2312 * Requires: 2313 * \li 'zone' to be valid. 2314 */ 2315 2316void 2317dns_zone_setserialupdatemethod(dns_zone_t *zone, dns_updatemethod_t method); 2318/*% 2319 * Sets the update method to use when incrementing the zone serial number 2320 * due to a DDNS update. Valid options are dns_updatemethod_increment 2321 * and dns_updatemethod_unixtime. 2322 * 2323 * Requires: 2324 * \li 'zone' to be valid. 2325 */ 2326 2327dns_updatemethod_t 2328dns_zone_getserialupdatemethod(dns_zone_t *zone); 2329/*% 2330 * Returns the update method to be used when incrementing the zone serial 2331 * number due to a DDNS update. 2332 * 2333 * Requires: 2334 * \li 'zone' to be valid. 2335 */ 2336 2337isc_result_t 2338dns_zone_link(dns_zone_t *zone, dns_zone_t *raw); 2339 2340void 2341dns_zone_getraw(dns_zone_t *zone, dns_zone_t **raw); 2342 2343isc_result_t 2344dns_zone_keydone(dns_zone_t *zone, const char *data); 2345 2346isc_result_t 2347dns_zone_setnsec3param(dns_zone_t *zone, uint8_t hash, uint8_t flags, 2348 uint16_t iter, uint8_t saltlen, unsigned char *salt, 2349 bool replace); 2350/*% 2351 * Set the NSEC3 parameters for the zone. 2352 * 2353 * If 'replace' is true, then the existing NSEC3 chain, if any, will 2354 * be replaced with the new one. If 'hash' is zero, then the replacement 2355 * chain will be NSEC rather than NSEC3. 2356 * 2357 * Requires: 2358 * \li 'zone' to be valid. 2359 */ 2360 2361void 2362dns_zone_setrawdata(dns_zone_t *zone, dns_masterrawheader_t *header); 2363/*% 2364 * Set the data to be included in the header when the zone is dumped in 2365 * binary format. 2366 */ 2367 2368isc_result_t 2369dns_zone_synckeyzone(dns_zone_t *zone); 2370/*% 2371 * Force the managed key zone to synchronize, and start the key 2372 * maintenance timer. 2373 */ 2374 2375isc_result_t 2376dns_zone_getloadtime(dns_zone_t *zone, isc_time_t *loadtime); 2377/*% 2378 * Return the time when the zone was last loaded. 2379 */ 2380 2381isc_result_t 2382dns_zone_getrefreshtime(dns_zone_t *zone, isc_time_t *refreshtime); 2383/*% 2384 * Return the time when the (slave) zone will need to be refreshed. 2385 */ 2386 2387isc_result_t 2388dns_zone_getexpiretime(dns_zone_t *zone, isc_time_t *expiretime); 2389/*% 2390 * Return the time when the (slave) zone will expire. 2391 */ 2392 2393isc_result_t 2394dns_zone_getrefreshkeytime(dns_zone_t *zone, isc_time_t *refreshkeytime); 2395/*% 2396 * Return the time of the next scheduled DNSSEC key event. 2397 */ 2398 2399unsigned int 2400dns_zone_getincludes(dns_zone_t *zone, char ***includesp); 2401/*% 2402 * Return the number include files that were encountered 2403 * during load. If the number is greater than zero, 'includesp' 2404 * will point to an array containing the filenames. 2405 * 2406 * The array and its contents need to be freed using isc_mem_free. 2407 */ 2408 2409isc_result_t 2410dns_zone_rpz_enable(dns_zone_t *zone, dns_rpz_zones_t *rpzs, 2411 dns_rpz_num_t rpz_num); 2412/*% 2413 * Set the response policy associated with a zone. 2414 */ 2415 2416void 2417dns_zone_rpz_enable_db(dns_zone_t *zone, dns_db_t *db); 2418/*% 2419 * If a zone is a response policy zone, mark its new database. 2420 */ 2421 2422dns_rpz_num_t 2423dns_zone_get_rpz_num(dns_zone_t *zone); 2424 2425void 2426dns_zone_catz_enable(dns_zone_t *zone, dns_catz_zones_t *catzs); 2427/*%< 2428 * Enable zone as catalog zone. 2429 * 2430 * Requires: 2431 * 2432 * \li 'zone' is a valid zone object 2433 * \li 'catzs' is not NULL 2434 * \li prior to calling, zone->catzs is NULL or is equal to 'catzs' 2435 */ 2436 2437void 2438dns_zone_catz_enable_db(dns_zone_t *zone, dns_db_t *db); 2439/*%< 2440 * If 'zone' is a catalog zone, then set up a notify-on-update trigger 2441 * in its database. (If not a catalog zone, this function has no effect.) 2442 * 2443 * Requires: 2444 * 2445 * \li 'zone' is a valid zone object 2446 * \li 'db' is not NULL 2447 */ 2448void 2449dns_zone_set_parentcatz(dns_zone_t *zone, dns_catz_zone_t *catz); 2450/*%< 2451 * Set parent catalog zone for this zone 2452 * 2453 * Requires: 2454 * 2455 * \li 'zone' is a valid zone object 2456 * \li 'catz' is not NULL 2457 */ 2458 2459dns_catz_zone_t * 2460dns_zone_get_parentcatz(const dns_zone_t *zone); 2461/*%< 2462 * Get parent catalog zone for this zone 2463 * 2464 * Requires: 2465 * 2466 * \li 'zone' is a valid zone object 2467 */ 2468 2469void 2470dns_zone_setstatlevel(dns_zone_t *zone, dns_zonestat_level_t level); 2471 2472dns_zonestat_level_t 2473dns_zone_getstatlevel(dns_zone_t *zone); 2474/*% 2475 * Set and get the statistics reporting level for the zone; 2476 * full, terse, or none. 2477 */ 2478 2479isc_result_t 2480dns_zone_setserial(dns_zone_t *zone, uint32_t serial); 2481/*% 2482 * Set the zone's serial to 'serial'. 2483 */ 2484ISC_LANG_ENDDECLS 2485 2486isc_stats_t * 2487dns_zone_getgluecachestats(dns_zone_t *zone); 2488/*%< 2489 * Get the glue cache statistics for zone. 2490 * 2491 * Requires: 2492 * \li 'zone' to be a valid zone. 2493 * 2494 * Returns: 2495 * \li if present, a pointer to the statistics set installed in zone; 2496 * otherwise NULL. 2497 */ 2498 2499bool 2500dns_zone_isloaded(dns_zone_t *zone); 2501/*%< 2502 * Return true if 'zone' was loaded and has not expired yet, return 2503 * false otherwise. 2504 */ 2505 2506isc_result_t 2507dns_zone_verifydb(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver); 2508/*%< 2509 * If 'zone' is a mirror zone, perform DNSSEC validation of version 'ver' of 2510 * its database, 'db'. Ensure that the DNSKEY RRset at zone apex is signed by 2511 * at least one trust anchor specified for the view that 'zone' is assigned to. 2512 * If 'ver' is NULL, use the current version of 'db'. 2513 * 2514 * If 'zone' is not a mirror zone, return ISC_R_SUCCESS immediately. 2515 * 2516 * Returns: 2517 * 2518 * \li #ISC_R_SUCCESS either 'zone' is not a mirror zone or 'zone' is 2519 * a mirror zone and all DNSSEC checks succeeded 2520 * and the DNSKEY RRset at zone apex is signed by 2521 * a trusted key 2522 * 2523 * \li #DNS_R_VERIFYFAILURE any other case 2524 */ 2525 2526#endif /* DNS_ZONE_H */ 2527