BIND 10 trac1774, updated. 83d31781cfeb717a84e916b1a08522664dd7b590 Merge branch 'master' into trac1774
BIND 10 source code commits
bind10-changes at lists.isc.org
Thu Jun 28 03:28:45 UTC 2012
The branch, trac1774 has been updated
via 83d31781cfeb717a84e916b1a08522664dd7b590 (commit)
via 2498f05b7afa17431e9f3f4d6109e995fbec6514 (commit)
via b4b7d4a332fb63aa73b5be24be59ff9866c46ed6 (commit)
via 483f1075942965f0340291e7ff7dae7806df22af (commit)
via d1e088cf6ecc8d99c293d195a05433d9d3742ba4 (commit)
via e4743cb6128e5a2a346fcbcbef7a8c9796934e01 (commit)
via d8a478581147fe220b6b4e5425e2570021a7d2b5 (commit)
via 35b4c61aa77ffef14b5060709c03bc196ce19646 (commit)
via 9b410a87bfebfb3329e30f5949070a81bb22235a (commit)
via dc2f6aabc9b1f28136e4513f46eb43c235bf505e (commit)
via cd2f58725f050e19cca4acc69d3388a1e4fda2f3 (commit)
via d6c5f0605f3d7ad837905a13d1d46fe41f3cf7f7 (commit)
via 05b81acbc6b6504b9d5f869465266b8cfa45ace1 (commit)
via 3dea78e6159c63d47ec887fa70c056753f84c41d (commit)
via 84d243249151b4f949eb88ae16ded1e46f1f2943 (commit)
via 5c8c3e67e2c564ce3c2c1392fc665edb8a982df1 (commit)
via bd3cc66c7c3ea7877dc83dc9685c9c45bf16cf12 (commit)
via 61fdb18f0f253800c86e4a952b7194f26b3d4aee (commit)
via 1daf03e96d531f64f88dde217b28594cd788ca7a (commit)
via 864995c3389e8eb670e32dd2f659be105012608c (commit)
via a1b7836d0accceff101d44219adf2a3d289d1eaf (commit)
via c2aec2257ed1b9104cf6dcb0656e39d0374e3a87 (commit)
via 4089f1e72ac389b05f536eabd8cf4aa57bccbf3a (commit)
via df58f3d2bf08d1213073cf555dea1993f19cf6f6 (commit)
via 0cd3e789df96be0f94030fffbdfa5675a76ea6a2 (commit)
via 1b235c7827500aace4402a601b5110638214e028 (commit)
via 8e376a021e24671fb9818dd58ff5c1157286b990 (commit)
via 2f691c28713f4c9be59012ed55353c2f10de967c (commit)
via 73d710471643958ac39c8825e1df3d6c0d61a68b (commit)
via d249e34178e27afde1858b28ee7d0e42d847525c (commit)
via ca4a4409f4e7af3bc11eec3d6d40c6a682f17678 (commit)
via 930e5b9931e061578f77ac3acc9d796459c13633 (commit)
via f3e904c386e2a0d93cba0c7df8698c5ba1b441ce (commit)
via ed608bae6873c4597f2136804758d68da84754c2 (commit)
via ef571c297aabab0808ac3eecf3c457fdce55a73d (commit)
from 3dab9ab4947300e8d5b9cf8d4544d9491c65038c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 83d31781cfeb717a84e916b1a08522664dd7b590
Merge: 3dab9ab 2498f05
Author: Mukund Sivaraman <muks at isc.org>
Date: Thu Jun 28 08:40:31 2012 +0530
Merge branch 'master' into trac1774
commit 2498f05b7afa17431e9f3f4d6109e995fbec6514
Merge: e4743cb b4b7d4a
Author: Mukund Sivaraman <muks at isc.org>
Date: Thu Jun 28 07:24:40 2012 +0530
Merge branch 'master' into trac2025_2
commit b4b7d4a332fb63aa73b5be24be59ff9866c46ed6
Author: JINMEI Tatuya <jinmei at isc.org>
Date: Wed Jun 27 15:12:54 2012 -0700
[master] changelog for #1771
commit 483f1075942965f0340291e7ff7dae7806df22af
Merge: 35b4c61 d1e088c
Author: JINMEI Tatuya <jinmei at isc.org>
Date: Wed Jun 27 14:41:16 2012 -0700
[master] Merge branch 'trac1771-2'
commit d1e088cf6ecc8d99c293d195a05433d9d3742ba4
Author: JINMEI Tatuya <jinmei at isc.org>
Date: Wed Jun 27 14:29:51 2012 -0700
[1771-2] cleanup: minimized the scope of some local variables.
commit 35b4c61aa77ffef14b5060709c03bc196ce19646
Author: Mukund Sivaraman <muks at isc.org>
Date: Tue Jun 26 21:52:43 2012 +0530
[master] Add a comment to the SSHFP lettuce test
commit dc2f6aabc9b1f28136e4513f46eb43c235bf505e
Merge: cd2f587 5c8c3e6
Author: Jeremy C. Reed <jreed at ISC.org>
Date: Mon Jun 25 14:28:22 2012 -0500
[master]Merge branch 'master' of ssh://git.bind10.isc.org/var/bind10/git/bind10
commit cd2f58725f050e19cca4acc69d3388a1e4fda2f3
Author: Jeremy C. Reed <jreed at ISC.org>
Date: Mon Jun 25 14:27:07 2012 -0500
[master] remove mention of network use of msgq
msgq change from network to unix domain sockets over two years ago.
commit 3dea78e6159c63d47ec887fa70c056753f84c41d
Author: Jeremy C. Reed <jreed at ISC.org>
Date: Mon Jun 25 13:33:26 2012 -0500
[master] various edits in the boss startup chapter
clarify about sockcreator
merge some paragraphs and slight rewording
various grammar fixes (added missing words)
add or change some docbook formatting tags
clarify about process and special components
remove redundant note about same component started multiple times;
and clarify about it.
fix typo
some of this was discussed in jabber, but most was trivial and not
reviewed.
commit 930e5b9931e061578f77ac3acc9d796459c13633
Author: JINMEI Tatuya <jinmei at isc.org>
Date: Fri Jun 15 18:08:03 2012 -0700
[1771-2] clarified the semantics of FIND_GLUE_OK more.
that it's irrelevant to query type or whether the name is pointed by NS.
commit f3e904c386e2a0d93cba0c7df8698c5ba1b441ce
Author: JINMEI Tatuya <jinmei at isc.org>
Date: Fri Jun 15 17:52:17 2012 -0700
[1771-2] cleanup: DS RR doesn't have to be considered separately in getRRsets.
commit ed608bae6873c4597f2136804758d68da84754c2
Author: JINMEI Tatuya <jinmei at isc.org>
Date: Fri Jun 15 17:49:01 2012 -0700
[1771-2] cleanup: check_ns param for getRRsets is not needed now and removed.
commit ef571c297aabab0808ac3eecf3c457fdce55a73d
Author: JINMEI Tatuya <jinmei at isc.org>
Date: Fri Jun 15 17:22:07 2012 -0700
[1771-2] remove seen_ns&other check in getRRsets.
on a closer look, it just doesn't seem to be necessary if we are okay
with just "hiding" records under a delegation NS for normal (ie. non
GLUE_OK) lookups, instead of throwing an exception.
Essentially only one existing test case (which expects an exception
in that setup) should be updated (and the "brokenns2" case just seems
to be redundant and so was removed), and the disabled tests
in zone_finder_context_unittest now pass.
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 8 +
doc/guide/bind10-guide.xml | 353 +++++++++++---------
src/bin/auth/auth_messages.mes | 3 +
src/bin/auth/auth_srv.cc | 3 +
src/bin/msgq/msgq.xml | 8 +-
src/bin/xfrin/xfrin.py.in | 4 +
src/bin/xfrout/xfrout.py.in | 3 +
src/bin/xfrout/xfrout.spec.pre.in | 27 ++
src/lib/datasrc/database.cc | 57 ++--
src/lib/datasrc/database.h | 15 +-
src/lib/datasrc/tests/database_unittest.cc | 37 +-
.../datasrc/tests/zone_finder_context_unittest.cc | 13 -
src/lib/datasrc/zone.h | 10 +
src/lib/python/isc/notify/notify_out.py | 6 +
.../configurations/DO_NOT_USE_127.0.0.1:47807 | 6 +
tests/lettuce/configurations/NOTES | 4 -
.../lettuce/configurations/xfrin/inmem_slave.conf | 4 +-
.../configurations/xfrin/retransfer_master.conf | 8 +-
.../configurations/xfrin/retransfer_slave.conf | 4 +-
...fer_slave.conf => retransfer_slave_notify.conf} | 19 +-
tests/lettuce/data/.gitignore | 1 +
tests/lettuce/data/example.org | 1 +
...frin.sqlite3.orig => xfrin-notify.sqlite3.orig} | Bin 13312 -> 13312 bytes
.../lettuce/features/inmemory_over_sqlite3.feature | 8 +-
tests/lettuce/features/queries.feature | 25 ++
tests/lettuce/features/terrain/bind10_control.py | 4 +-
tests/lettuce/features/terrain/terrain.py | 2 +
tests/lettuce/features/terrain/transfer.py | 4 +-
tests/lettuce/features/xfrin_bind10.feature | 4 +-
.../lettuce/features/xfrin_notify_handling.feature | 29 ++
30 files changed, 405 insertions(+), 265 deletions(-)
create mode 100644 tests/lettuce/configurations/DO_NOT_USE_127.0.0.1:47807
delete mode 100644 tests/lettuce/configurations/NOTES
copy tests/lettuce/configurations/xfrin/{retransfer_slave.conf => retransfer_slave_notify.conf} (58%)
copy tests/lettuce/data/{inmem-xfrin.sqlite3.orig => xfrin-notify.sqlite3.orig} (71%)
create mode 100644 tests/lettuce/features/xfrin_notify_handling.feature
-----------------------------------------------------------------------
diff --git a/ChangeLog b/ChangeLog
index 8fb267f..8af8299 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+451. [bug] muks, jinmei
+ libdatasrc: the database-based data source now correctly returns
+ glue records on (not under) a zone cut, such as in the case where
+ the NS name of an NS record is identical to its owner name. (Note:
+ libdatasrc itself doesn't judge what kind of record type can be a
+ "glue"; it's the caller's responsibility.)
+ (Trac #1771, git 483f1075942965f0340291e7ff7dae7806df22af)
+
450. [func]* tomek
b10-dhcp4: DHCPv4 server component is now integrated into
BIND10 framework. It can be started from BIND10 (using bindctl)
diff --git a/doc/guide/bind10-guide.xml b/doc/guide/bind10-guide.xml
index 1bdc005..5689b9a 100644
--- a/doc/guide/bind10-guide.xml
+++ b/doc/guide/bind10-guide.xml
@@ -36,8 +36,8 @@
<abstract>
<para>BIND 10 is a framework that features Domain Name System
(DNS) suite and Dynamic Host Configuration Protocol (DHCP)
- servers managed by Internet Systems Consortium (ISC). It
- includes DNS libraries, modular components for controlling
+ servers with development managed by Internet Systems Consortium (ISC).
+ It includes DNS libraries, modular components for controlling
authoritative and recursive DNS servers, and experimental DHCPv4
and DHCPv6 servers.
</para>
@@ -59,6 +59,8 @@
<section id="acknowledgements">
<title>Acknowledgements</title>
+<!-- TODO: acknowledge all sponsors and CNNIC and CZNIC too -->
+
<para>ISC would like to acknowledge generous support for
BIND 10 development of DHCPv4 and DHCPv6 components provided
by <ulink url="http://www.comcast.com/">Comcast</ulink>.</para>
@@ -72,11 +74,13 @@
<para>
BIND is the popular implementation of a DNS server, developer
interfaces, and DNS tools.
- BIND 10 is a rewrite of BIND 9. BIND 10 is written in C++ and Python
- and provides a modular environment for serving and maintaining DNS.
+ BIND 10 is a rewrite of BIND 9 and ISC DHCP.
+ BIND 10 is written in C++ and Python and provides a modular
+ environment for serving, maintaining, and developing DNS and DHCP.
BIND 10 provides a EDNS0- and DNSSEC-capable authoritative
DNS server and a caching recursive name server which also
provides forwarding.
+ It also provides experimental DHCPv4 and DHCPv6 servers.
</para>
<para>
@@ -105,7 +109,7 @@
<para>
BIND 10 requires at least Python 3.1
(<ulink url="http://www.python.org/"/>).
- It has also been tested with Python 3.2.
+ It also works with Python 3.2.
</para>
<para>
@@ -118,6 +122,7 @@
BIND 10 uses the log4cplus C++ logging library
(<ulink url="http://log4cplus.sourceforge.net/"/>).
It requires at least log4cplus version 1.0.3.
+<!-- TODO: It is recommended to use at least version .... -->
</para>
<para>
@@ -132,9 +137,7 @@
<command>b10-xfrout</command>, and <command>b10-zonemgr</command>
components require the libpython3 library and the Python
_sqlite3.so module (which is included with Python).
- The <command>b10-stats-httpd</command> component uses the
- Python pyexpat.so module.
- The Python modules need to be built for the corresponding Python 3.
+ Python modules need to be built for the corresponding Python 3.
</para>
<!-- TODO: this will change ... -->
@@ -220,8 +223,8 @@
<simpara>
<command>b10-resolver</command> —
Recursive name server.
- This process handles incoming queries.
-<!-- TODO: -->
+ This process handles incoming DNS queries and provides
+ answers from its cache or by recursively doing remote lookups.
</simpara>
</listitem>
@@ -264,15 +267,14 @@
<command>b10-xfrout</command> —
Outgoing zone transfer service.
This process is used to handle transfer requests to
- send a local zone to a remote secondary server,
- when acting as a master server.
+ send a local zone to a remote secondary server.
</simpara>
</listitem>
<listitem>
<simpara>
<command>b10-zonemgr</command> —
- Secondary manager.
+ Secondary zone manager.
This process keeps track of timers and other
necessary information for BIND 10 to act as a slave server.
</simpara>
@@ -282,8 +284,8 @@
</para>
<para>
- These are ran automatically by <command>bind10</command>
- and do not need to be run manually.
+ These are ran by <command>bind10</command>
+ and do not need to be manually started independently.
</para>
</section>
@@ -298,7 +300,7 @@
<listitem>
<simpara>
<command>bindctl</command> —
- interactive administration interface.
+ Interactive administration interface.
This is a low-level command-line tool which allows
a developer or an experienced administrator to control
BIND 10.
@@ -307,7 +309,7 @@
<listitem>
<simpara>
<command>b10-loadzone</command> —
- zone file loader.
+ Zone file loader.
This tool will load standard masterfile-format zone files into
BIND 10.
</simpara>
@@ -315,7 +317,7 @@
<listitem>
<simpara>
<command>b10-cmdctl-usermgr</command> —
- user access control.
+ User access control.
This tool allows an administrator to authorize additional users
to manage BIND 10.
</simpara>
@@ -358,6 +360,7 @@ var/
for C++ and Python for the message bus, configuration backend,
and, of course, DNS. These include detailed developer
documentation and code examples.
+<!-- TODO: DHCP also but no Python yet. -->
<!-- TODO point to this -->
</para>
@@ -366,12 +369,100 @@ var/
<chapter id="installation">
<title>Installation</title>
+ <section id="packages">
+ <title>Packages</title>
+
+ <para>
+ Some operating systems or softare package vendors may
+ provide ready-to-use, pre-built software packages for
+ the BIND 10 suite.
+ Installing a pre-built package means you do not need to
+ install build-only prerequisites and do not need to
+ <emphasis>make</emphasis> the software.
+ </para>
+
+ <para>
+ FreeBSD ports, NetBSD pkgsrc, and Debian
+ <emphasis>testing</emphasis> package collections provide
+ all the prerequisite packages.
+ </para>
+ </section>
+
+ <section id="install-hierarchy">
+ <title>Install Hierarchy</title>
+ <para>
+ The following is the standard, common layout of the
+ complete BIND 10 installation:
+ <itemizedlist>
+ <listitem>
+ <simpara>
+ <filename>bin/</filename> —
+ general tools and diagnostic clients.
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ <filename>etc/bind10-devel/</filename> —
+ configuration files.
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ <filename>lib/</filename> —
+ libraries and python modules.
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ <filename>libexec/bind10-devel/</filename> —
+ executables that a user wouldn't normally run directly and
+ are not run independently.
+ These are the BIND 10 modules which are daemons started by
+ the <command>bind10</command> tool.
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ <filename>sbin/</filename> —
+ commands used by the system administrator.
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ <filename>share/bind10-devel/</filename> —
+ configuration specifications.
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ <filename>share/doc/bind10-devel/</filename> —
+ this guide and other supplementary documentation.
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ <filename>share/man/</filename> —
+ manual pages (online documentation).
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ <filename>var/bind10-devel/</filename> —
+ data source and configuration databases.
+ </simpara>
+ </listitem>
+ </itemizedlist>
+ </para>
+ </section>
+
<section id="build-requirements">
<title>Building Requirements</title>
<para>
- In addition to the run-time requirements, building BIND 10
- from source code requires various development include headers.
+ In addition to the run-time requirements (listed in
+ <xref linkend="required-software"/>), building BIND 10
+ from source code requires various development include headers and
+ program development tools.
</para>
<note>
@@ -415,7 +506,7 @@ as a dependency earlier -->
</para>
<para>
- Visit the wiki at <ulink
+ Visit the user-contributed wiki at <ulink
url="http://bind10.isc.org/wiki/SystemSpecificNotes" />
for system-specific installation tips.
</para>
@@ -484,7 +575,7 @@ as a dependency earlier -->
</listitem>
<listitem>
-
+<!-- TODO: this is wrong; b10-auth is not started by default any more -->
<para>Test it; for example:
<screen>$ <userinput>dig @127.0.0.1 -c CH -t TXT authors.bind</userinput></screen>
</para>
@@ -510,10 +601,10 @@ as a dependency earlier -->
<title>Installation from source</title>
<para>
BIND 10 is open source software written in C++ and Python.
- It is freely available in source code form from ISC via
- the Git code revision control system or as a downloadable
- tar file. It may also be available in pre-compiled ready-to-use
- packages from operating system vendors.
+ It is freely available in source code form from ISC as a
+ downloadable tar file or via BIND 10's Git code revision control
+ service. (It may also be available in pre-compiled ready-to-use
+ packages from operating system vendors.)
</para>
<section>
@@ -541,7 +632,7 @@ as a dependency earlier -->
<note>
<para>
- When using source code retrieved via Git additional
+ When using source code retrieved via Git, additional
software will be required: automake (v1.11 or newer),
libtoolize, and autoconf (2.59 or newer).
These may need to be installed.
@@ -549,11 +640,12 @@ as a dependency earlier -->
</note>
<para>
- The latest development code, including temporary experiments
- and un-reviewed code, is available via the BIND 10 code revision
+ The latest development code (and temporary experiments
+ and un-reviewed code) is available via the BIND 10 code revision
control system. This is powered by Git and all the BIND 10
development is public.
- The leading development is done in the <quote>master</quote>.
+ The leading development is done in the <quote>master</quote>
+ branch.
</para>
<para>
The code can be checked out from
@@ -566,8 +658,8 @@ as a dependency earlier -->
<para>
When checking out the code from
the code version control system, it doesn't include the
- generated configure script, Makefile.in files, nor the
- related configure files.
+ generated configure script, Makefile.in files, nor their
+ related build files.
They can be created by running <command>autoreconf</command>
with the <option>--install</option> switch.
This will run <command>autoconf</command>,
@@ -591,7 +683,7 @@ as a dependency earlier -->
</para>
<para>
Run <command>./configure</command> with the <option>--help</option>
- switch to view the different options. The commonly-used options are:
+ switch to view the different options. Some commonly-used options are:
<variablelist>
@@ -679,65 +771,6 @@ as a dependency earlier -->
<!-- TODO: tests -->
- <section>
- <title>Install Hierarchy</title>
- <para>
- The following is the layout of the complete BIND 10 installation:
- <itemizedlist>
- <listitem>
- <simpara>
- <filename>bin/</filename> —
- general tools and diagnostic clients.
- </simpara>
- </listitem>
- <listitem>
- <simpara>
- <filename>etc/bind10-devel/</filename> —
- configuration files.
- </simpara>
- </listitem>
- <listitem>
- <simpara>
- <filename>lib/</filename> —
- libraries and python modules.
- </simpara>
- </listitem>
- <listitem>
- <simpara>
- <filename>libexec/bind10-devel/</filename> —
- executables that a user wouldn't normally run directly and
- are not run independently.
- These are the BIND 10 modules which are daemons started by
- the <command>bind10</command> tool.
- </simpara>
- </listitem>
- <listitem>
- <simpara>
- <filename>sbin/</filename> —
- commands used by the system administrator.
- </simpara>
- </listitem>
- <listitem>
- <simpara>
- <filename>share/bind10-devel/</filename> —
- configuration specifications.
- </simpara>
- </listitem>
- <listitem>
- <simpara>
- <filename>share/man/</filename> —
- manual pages (online documentation).
- </simpara>
- </listitem>
- <listitem>
- <simpara>
- <filename>var/bind10-devel/</filename> —
- data source and configuration databases.
- </simpara>
- </listitem>
- </itemizedlist>
- </para>
- </section>
</section>
<!--
@@ -775,8 +808,9 @@ as a dependency earlier -->
The <command>b10-cfgmgr</command> daemon is always needed by every
module, if only to send information about themselves somewhere,
but more importantly to ask about their own settings, and
- about other modules. The <command>b10-sockcreator</command> will
- allocate sockets for the rest of the system.
+ about other modules. The <command>b10-sockcreator</command> daemon
+ helps allocate Internet addresses and ports as needed for BIND 10
+ network services.
</para>
<para>
@@ -807,23 +841,22 @@ as a dependency earlier -->
</section>
<section id="bind10.config">
- <title>Configuration of started processes</title>
- <para>
- The processes to be started can be configured, with the exception
- of the <command>b10-sockcreator</command>, <command>b10-msgq</command>
- and <command>b10-cfgmgr</command>.
- </para>
+ <title>Configuration to start processes</title>
<para>
- The configuration is in the Boss/components section. Each element
- represents one component, which is an abstraction of a process
- (currently there's also one component which doesn't represent
- a process).
+ The processes to be used can be configured for
+ <command>bind10</command> to start, with the exception
+ of the required <command>b10-sockcreator</command>,
+ <command>b10-msgq</command> and <command>b10-cfgmgr</command>
+ components.
+ The configuration is in the <varname>Boss/components</varname>
+ section. Each element represents one component, which is
+ an abstraction of a process.
</para>
<para>
- To add a process to the set, let's say the resolver (which not started
- by default), you would do this:
+ To add a process to the set, let's say the resolver (which
+ is not started by default), you would do this:
<screen>> <userinput>config add Boss/components b10-resolver</userinput>
> <userinput>config set Boss/components/b10-resolver/special resolver</userinput>
> <userinput>config set Boss/components/b10-resolver/kind needed</userinput>
@@ -831,27 +864,32 @@ as a dependency earlier -->
> <userinput>config commit</userinput></screen></para>
<para>
- Now, what it means. We add an entry called b10-resolver. It is both a
- name used to reference this component in the configuration and the
- name of the process to start. Then we set some parameters on how to
- start it.
+ Now, what it means. We add an entry called
+ <quote>b10-resolver</quote>. It is both a name used to
+ reference this component in the configuration and the name
+ of the process to start. Then we set some parameters on
+ how to start it.
</para>
<para>
- The special one is for components that need some kind of special care
- during startup or shutdown. Unless specified, the component is started
- in usual way. This is the list of components that need to be started
- in a special way, with the value of special used for them:
+ The <varname>special</varname> setting is for components
+ that need some kind of special care during startup or
+ shutdown. Unless specified, the component is started in a
+ usual way. This is the list of components that need to be
+ started in a special way, with the value of special used
+ for them:
+<!-- TODO: this still doesn't explain why they are special -->
<table>
+ <title>Special startup components</title>
<tgroup cols='3' align='left'>
<colspec colname='component'/>
<colspec colname='special'/>
<colspec colname='description'/>
<thead><row><entry>Component</entry><entry>Special</entry><entry>Description</entry></row></thead>
<tbody>
- <row><entry>b10-auth</entry><entry>auth</entry><entry>Authoritative server</entry></row>
- <row><entry>b10-resolver</entry><entry>resolver</entry><entry>The resolver</entry></row>
- <row><entry>b10-cmdctl</entry><entry>cmdctl</entry><entry>The command control (remote control interface)</entry></row>
+ <row><entry>b10-auth</entry><entry>auth</entry><entry>Authoritative DNS server</entry></row>
+ <row><entry>b10-resolver</entry><entry>resolver</entry><entry>DNS resolver</entry></row>
+ <row><entry>b10-cmdctl</entry><entry>cmdctl</entry><entry>Command control (remote control interface)</entry></row>
<!-- TODO Either add xfrin and xfrout as well or clean up the workarounds in boss before the release -->
</tbody>
</tgroup>
@@ -859,32 +897,34 @@ as a dependency earlier -->
</para>
<para>
- The kind specifies how a failure of the component should
- be handled. If it is set to <quote>dispensable</quote>
- (the default unless you set something else), it will get
- started again if it fails. If it is set to <quote>needed</quote>
- and it fails at startup, the whole <command>bind10</command>
- shuts down and exits with error exit code. But if it fails
- some time later, it is just started again. If you set it
- to <quote>core</quote>, you indicate that the system is
- not usable without the component and if such component
- fails, the system shuts down no matter when the failure
- happened. This is the behaviour of the core components
- (the ones you can't turn off), but you can declare any
- other components as core as well if you wish (but you can
- turn these off, they just can't fail).
+ The <varname>kind</varname> specifies how a failure of the
+ component should be handled. If it is set to
+ <quote>dispensable</quote> (the default unless you set
+ something else), it will get started again if it fails. If
+ it is set to <quote>needed</quote> and it fails at startup,
+ the whole <command>bind10</command> shuts down and exits
+ with an error exit code. But if it fails some time later, it
+ is just started again. If you set it to <quote>core</quote>,
+ you indicate that the system is not usable without the
+ component and if such component fails, the system shuts
+ down no matter when the failure happened. This is the
+ behaviour of the core components (the ones you can't turn
+ off), but you can declare any other components as core as
+ well if you wish (but you can turn these off, they just
+ can't fail).
</para>
<para>
- The priority defines order in which the components should start.
- The ones with higher number are started sooner than the ones with
- lower ones. If you don't set it, 0 (zero) is used as the priority.
- Usually, leaving it at the default is enough.
+ The <varname>priority</varname> defines order in which the
+ components should start. The ones with higher numbers are
+ started sooner than the ones with lower ones. If you don't
+ set it, 0 (zero) is used as the priority. Usually, leaving
+ it at the default is enough.
</para>
<para>
There are other parameters we didn't use in our example.
- One of them is <quote>address</quote>. It is the address
+ One of them is <varname>address</varname>. It is the address
used by the component on the <command>b10-msgq</command>
message bus. The special components already know their
address, but the usual ones don't. The address is by
@@ -900,25 +940,17 @@ address, but the usual ones don't." mean? -->
<!-- TODO: document params when is enabled -->
<para>
- The last one is process. It is the name of the process to be started.
- It defaults to the name of the component if not set, but you can use
- this to override it.
+ The last one is <varname>process</varname>. It is the name
+ of the process to be started. It defaults to the name of
+ the component if not set, but you can use this to override
+ it. (The special components also already know their
+ executable name.)
</para>
<!-- TODO Add parameters when they work, not implemented yet-->
<note>
<para>
- This system allows you to start the same component multiple times
- (by including it in the configuration with different names, but the
- same process setting). However, the rest of the system doesn't expect
- such a situation, so it would probably not do what you want. Such
- support is yet to be implemented.
- </para>
- </note>
-
- <note>
- <para>
The configuration is quite powerful, but that includes
a lot of space for mistakes. You could turn off the
<command>b10-cmdctl</command>, but then you couldn't
@@ -938,7 +970,7 @@ address, but the usual ones don't." mean? -->
</note>
<para>
It is possible to start some components multiple times (currently
- <command>b10-auth</command> and <command>b10-resolzer</command>).
+ <command>b10-auth</command> and <command>b10-resolver</command>).
You might want to do that to gain more performance (each one uses only
single core). Just put multiple entries under different names, like
this, with the same config:
@@ -953,6 +985,9 @@ address, but the usual ones don't." mean? -->
server will keep its own copy of in-memory data and there could be
problems with locking the sqlite database, if used. The configuration
might be changed to something more convenient in future.
+ Other components don't expect such a situation, so it would
+ probably not do what you want. Such support is yet to be
+ implemented.
</para>
</section>
@@ -977,23 +1012,11 @@ address, but the usual ones don't." mean? -->
<para>
Administrators do not communicate directly with the
<command>b10-msgq</command> daemon.
- By default, BIND 10 uses port 9912 for the
- <command>b10-msgq</command> service.
- It listens on 127.0.0.1.
+ By default, BIND 10 uses a UNIX domain socket file named
+ <filename>/usr/local/var/bind10-devel/msg_socket</filename>
+ for this interprocess communication.
</para>
-<!-- TODO: this is broken, see Trac #111
- <para>
- To select an alternate port for the <command>b10-msgq</command> to
- use, run <command>bind10</command> specifying the option:
- <screen> $ <userinput>bind10 -TODO-msgq-port 9912</userinput></screen>
- </para>
--->
-
-<!-- TODO: upcoming plans:
-Unix domain sockets
--->
-
</chapter>
<chapter id="cfgmgr">
diff --git a/src/bin/auth/auth_messages.mes b/src/bin/auth/auth_messages.mes
index 9ac2c49..61de3ee 100644
--- a/src/bin/auth/auth_messages.mes
+++ b/src/bin/auth/auth_messages.mes
@@ -110,6 +110,9 @@ look into the cause and address the issue. The log message includes
the client's address (and port), and the error message sent from the
lower layer that detects the failure.
+% AUTH_RECEIVED_NOTIFY received incoming NOTIFY for zone name %1, zone class %2
+This is a debug message reporting that an incoming NOTIFY was received.
+
% AUTH_NOTIFY_QUESTIONS invalid number of questions (%1) in incoming NOTIFY
This debug message is logged by the authoritative server when it receives
a NOTIFY packet that contains zero or more than one question. (A valid
diff --git a/src/bin/auth/auth_srv.cc b/src/bin/auth/auth_srv.cc
index 2a47c38..7b8e963 100644
--- a/src/bin/auth/auth_srv.cc
+++ b/src/bin/auth/auth_srv.cc
@@ -828,6 +828,9 @@ AuthSrvImpl::processNotify(const IOMessage& io_message, Message& message,
return (false);
}
+ LOG_DEBUG(auth_logger, DBG_AUTH_DETAIL, AUTH_RECEIVED_NOTIFY)
+ .arg(question->getName()).arg(question->getClass());
+
const string remote_ip_address =
io_message.getRemoteEndpoint().getAddress().toText();
static const string command_template_start =
diff --git a/src/bin/msgq/msgq.xml b/src/bin/msgq/msgq.xml
index fd9518d..fed4c27 100644
--- a/src/bin/msgq/msgq.xml
+++ b/src/bin/msgq/msgq.xml
@@ -20,7 +20,7 @@
<refentry>
<refentryinfo>
- <date>August 4, 2010</date>
+ <date>June 25, 2012</date>
</refentryinfo>
<refmeta>
@@ -92,10 +92,6 @@
</para>
<para>
- It listens on 127.0.0.1.
- </para>
-
- <para>
The <command>b10-msgq</command> daemon may be cleanly stopped by
sending the SIGTERM signal to the process.
This shutdown does not notify the subscribers.
@@ -168,5 +164,3 @@
- End:
-->
-
-
diff --git a/src/bin/xfrin/xfrin.py.in b/src/bin/xfrin/xfrin.py.in
index 652f870..1f04bee 100755
--- a/src/bin/xfrin/xfrin.py.in
+++ b/src/bin/xfrin/xfrin.py.in
@@ -889,6 +889,10 @@ class XfrinConnection(asyncore.dispatcher):
req_str = 'IXFR' if request_type == RRType.IXFR() else 'AXFR'
if check_soa:
self._check_soa_serial()
+ self.close()
+ self.init_socket()
+ if not self.connect_to_master():
+ raise XfrinException('Unable to reconnect to master')
logger.info(XFRIN_XFR_TRANSFER_STARTED, req_str, self.zone_str())
self._send_query(self._request_type)
diff --git a/src/bin/xfrout/xfrout.py.in b/src/bin/xfrout/xfrout.py.in
index 46ae687..6576432 100755
--- a/src/bin/xfrout/xfrout.py.in
+++ b/src/bin/xfrout/xfrout.py.in
@@ -952,6 +952,9 @@ class XfroutServer:
def _start_notifier(self):
datasrc = self._unix_socket_server.get_db_file()
self._notifier = notify_out.NotifyOut(datasrc)
+ if 'also_notify' in self._config_data:
+ for slave in self._config_data['also_notify']:
+ self._notifier.add_slave(slave['address'], slave['port'])
self._notifier.dispatcher()
def send_notify(self, zone_name, zone_class):
diff --git a/src/bin/xfrout/xfrout.spec.pre.in b/src/bin/xfrout/xfrout.spec.pre.in
index 30c9d56..dfcc6d9 100644
--- a/src/bin/xfrout/xfrout.spec.pre.in
+++ b/src/bin/xfrout/xfrout.spec.pre.in
@@ -21,6 +21,33 @@
}
},
{
+ "item_name": "also_notify",
+ "item_type": "list",
+ "item_optional": true,
+ "item_default": [],
+ "list_item_spec":
+ {
+ "item_name": "also_notify_element",
+ "item_type": "map",
+ "item_optional": true,
+ "item_default": {},
+ "map_item_spec": [
+ {
+ "item_name": "address",
+ "item_type": "string",
+ "item_optional": false,
+ "item_default": ""
+ },
+ {
+ "item_name": "port",
+ "item_type": "integer",
+ "item_optional": false,
+ "item_default": 0
+ }
+ ]
+ }
+ },
+ {
"item_name": "zone_config",
"item_type": "list",
"item_optional": true,
diff --git a/src/lib/datasrc/database.cc b/src/lib/datasrc/database.cc
index 61dab39..a8ba55e 100644
--- a/src/lib/datasrc/database.cc
+++ b/src/lib/datasrc/database.cc
@@ -179,8 +179,7 @@ private:
DatabaseClient::Finder::FoundRRsets
DatabaseClient::Finder::getRRsets(const string& name, const WantedTypes& types,
- bool check_ns, const string* construct_name,
- bool any,
+ const string* construct_name, bool any,
DatabaseAccessor::IteratorContextPtr context)
{
RRsigStore sig_store;
@@ -204,9 +203,7 @@ DatabaseClient::Finder::getRRsets(const string& name, const WantedTypes& types,
const Name construct_name_object(*construct_name);
bool seen_cname(false);
- bool seen_ds(false);
bool seen_other(false);
- bool seen_ns(false);
while (context->getNext(columns)) {
// The domain is not empty
@@ -249,16 +246,12 @@ DatabaseClient::Finder::getRRsets(const string& name, const WantedTypes& types,
if (cur_type == RRType::CNAME()) {
seen_cname = true;
- } else if (cur_type == RRType::NS()) {
- seen_ns = true;
- } else if (cur_type == RRType::DS()) {
- seen_ds = true;
} else if (cur_type != RRType::RRSIG() &&
cur_type != RRType::NSEC3() &&
cur_type != RRType::NSEC()) {
// NSEC and RRSIG can coexist with anything, otherwise
// we've seen something that can't live together with potential
- // CNAME or NS
+ // CNAME.
//
// NSEC3 lives in separate namespace from everything, therefore
// we just ignore it here for these checks as well.
@@ -278,14 +271,10 @@ DatabaseClient::Finder::getRRsets(const string& name, const WantedTypes& types,
RDATA_COLUMN]);
}
}
- if (seen_cname && (seen_other || seen_ns || seen_ds)) {
+ if (seen_cname && seen_other) {
isc_throw(DataSourceError, "CNAME shares domain " << name <<
" with something else");
}
- if (check_ns && seen_ns && seen_other) {
- isc_throw(DataSourceError, "NS shares domain " << name <<
- " with something else");
- }
// Add signatures to all found RRsets
for (std::map<RRType, RRsetPtr>::iterator i(result.begin());
i != result.end(); ++ i) {
@@ -455,20 +444,20 @@ DatabaseClient::Finder::findDelegationPoint(const isc::dns::Name& name,
for (int i = remove_labels; i > 0; --i) {
const Name superdomain(name.split(i));
- // Note if this is the origin. (We don't count NS records at the origin
- // as a delegation so this controls whether NS RRs are included in
- // the results of some searches.)
- const bool not_origin = (i != remove_labels);
-
// Look if there's NS or DNAME at this point of the tree, but ignore
// the NS RRs at the apex of the zone.
const FoundRRsets found = getRRsets(superdomain.toText(),
- DELEGATION_TYPES(), not_origin);
+ DELEGATION_TYPES());
if (found.first) {
// This node contains either NS or DNAME RRs so it does exist.
const FoundIterator nsi(found.second.find(RRType::NS()));
const FoundIterator dni(found.second.find(RRType::DNAME()));
+ // Note if this is the origin. (We don't count NS records at the
+ // origin as a delegation so this controls whether NS RRs are
+ // included in the results of some searches.)
+ const bool not_origin = (i != remove_labels);
+
// An optimisation. We know that there is an exact match for
// something at this point in the tree so remember it. If we have
// to do a wildcard search, as we search upwards through the tree
@@ -477,7 +466,7 @@ DatabaseClient::Finder::findDelegationPoint(const isc::dns::Name& name,
last_known = superdomain.getLabelCount();
if (glue_ok && !first_ns && not_origin &&
- nsi != found.second.end()) {
+ nsi != found.second.end()) {
// If we are searching for glue ("glue OK" mode), store the
// highest NS record that we find that is not the apex. This
// is another optimisation for later, where we need the
@@ -590,8 +579,9 @@ DatabaseClient::Finder::findWildcardMatch(
// TODO Add a check for DNAME, as DNAME wildcards are discouraged (see
// RFC 4592 section 4.4).
// Search for a match. The types are the same as with original query.
- FoundRRsets found = getRRsets(wildcard, final_types, true,
- &construct_name, type == RRType::ANY());
+ const FoundRRsets found = getRRsets(wildcard, final_types,
+ &construct_name,
+ type == RRType::ANY());
if (found.first) {
// Found something - but what?
@@ -694,7 +684,7 @@ DatabaseClient::Finder::FindDNSSECContext::probe() {
// such cases).
const string origin = finder_.getOrigin().toText();
const FoundRRsets nsec3_found =
- finder_.getRRsets(origin, NSEC3PARAM_TYPES(), false);
+ finder_.getRRsets(origin, NSEC3PARAM_TYPES());
const FoundIterator nfi=
nsec3_found.second.find(RRType::NSEC3PARAM());
is_nsec3_ = (nfi != nsec3_found.second.end());
@@ -705,7 +695,7 @@ DatabaseClient::Finder::FindDNSSECContext::probe() {
// described in Section 10.4 of RFC 5155.
if (!is_nsec3_) {
const FoundRRsets nsec_found =
- finder_.getRRsets(origin, NSEC_TYPES(), false);
+ finder_.getRRsets(origin, NSEC_TYPES());
const FoundIterator nfi =
nsec_found.second.find(RRType::NSEC());
is_nsec_ = (nfi != nsec_found.second.end());
@@ -757,10 +747,8 @@ DatabaseClient::Finder::FindDNSSECContext::getDNSSECRRset(const Name &name,
try {
const Name& nsec_name =
covering ? finder_.findPreviousName(name) : name;
- const bool need_nscheck = (nsec_name != finder_.getOrigin());
const FoundRRsets found = finder_.getRRsets(nsec_name.toText(),
- NSEC_TYPES(),
- need_nscheck);
+ NSEC_TYPES());
const FoundIterator nci = found.second.find(RRType::NSEC());
if (nci != found.second.end()) {
return (nci->second);
@@ -984,16 +972,15 @@ DatabaseClient::Finder::findInternal(const Name& name, const RRType& type,
// - Requested name is a delegation point (NS only but not at the zone
// apex - DNAME is ignored here as it redirects DNS names subordinate to
// the owner name - the owner name itself is not redirected.)
- const bool is_origin = (name == getOrigin());
WantedTypes final_types(FINAL_TYPES());
final_types.insert(type);
const FoundRRsets found = getRRsets(name.toText(), final_types,
- !is_origin, NULL,
- type == RRType::ANY());
+ NULL, type == RRType::ANY());
FindDNSSECContext dnssec_ctx(*this, options);
if (found.first) {
// Something found at the domain name. Look into it further to get
// the final result.
+ const bool is_origin = (name == getOrigin());
return (findOnNameResult(name, type, options, is_origin, found, NULL,
target, dnssec_ctx));
} else {
@@ -1021,7 +1008,7 @@ DatabaseClient::Finder::findNSEC3(const Name& name, bool recursive) {
// Now, we need to get the NSEC3 params from the apex and create the hash
// creator for it.
const FoundRRsets nsec3param(getRRsets(getOrigin().toText(),
- NSEC3PARAM_TYPES(), false));
+ NSEC3PARAM_TYPES()));
const FoundIterator param(nsec3param.second.find(RRType::NSEC3PARAM()));
if (!nsec3param.first || param == nsec3param.second.end()) {
// No NSEC3 params? :-(
@@ -1061,7 +1048,7 @@ DatabaseClient::Finder::findNSEC3(const Name& name, bool recursive) {
}
const FoundRRsets nsec3(getRRsets(hash + "." + otext, NSEC3_TYPES(),
- false, NULL, false, context));
+ NULL, false, context));
if (nsec3.first) {
// We found an exact match against the current label.
@@ -1086,8 +1073,8 @@ DatabaseClient::Finder::findNSEC3(const Name& name, bool recursive) {
arg(labels).arg(prevHash);
context = accessor_->getNSEC3Records(prevHash, zone_id_);
const FoundRRsets prev_nsec3(getRRsets(prevHash + "." + otext,
- NSEC3_TYPES(), false, NULL,
- false, context));
+ NSEC3_TYPES(), NULL, false,
+ context));
if (!prev_nsec3.first) {
isc_throw(DataSourceError, "Hash " + prevHash + " returned "
diff --git a/src/lib/datasrc/database.h b/src/lib/datasrc/database.h
index 8ad1c5b..65ddfcc 100644
--- a/src/lib/datasrc/database.h
+++ b/src/lib/datasrc/database.h
@@ -963,17 +963,14 @@ public:
///
/// \param name Which domain name should be scanned.
/// \param types List of types the caller is interested in.
- /// \param check_ns If this is set to true, it checks nothing lives
- /// together with NS record (with few little exceptions, like RRSIG
- /// or NSEC). This check is meant for non-apex NS records.
/// \param construct_name If this is NULL, the resulting RRsets have
- /// their name set to name. If it is not NULL, it overrides the name
- /// and uses this one (this can be used for wildcard synthesized
- /// records).
+ /// their name set to name. If it is not NULL, it overrides the
+ /// name and uses this one (this can be used for wildcard
+ /// synthesized records).
/// \param any If this is true, it records all the types, not only the
/// ones requested by types. It also puts a NULL pointer under the
- /// ANY type into the result, if it finds any RRs at all, to easy the
- /// identification of success.
+ /// ANY type into the result, if it finds any RRs at all, to easy
+ /// the identification of success.
/// \param srcContext This can be set to non-NULL value to override the
/// iterator context used for obtaining the data. This can be used,
/// for example, to get data from the NSEC3 namespace.
@@ -986,7 +983,7 @@ public:
/// \throw DataSourceError If there's a low-level error with the
/// database or the database contains bad data.
FoundRRsets getRRsets(const std::string& name,
- const WantedTypes& types, bool check_ns,
+ const WantedTypes& types,
const std::string* construct_name = NULL,
bool any = false,
DatabaseAccessor::IteratorContextPtr srcContext =
diff --git a/src/lib/datasrc/tests/database_unittest.cc b/src/lib/datasrc/tests/database_unittest.cc
index c96a1d2..5f18283 100644
--- a/src/lib/datasrc/tests/database_unittest.cc
+++ b/src/lib/datasrc/tests/database_unittest.cc
@@ -168,13 +168,16 @@ const char* const TEST_RECORDS[][5] = {
{"child.insecdelegation.example.org.", "DS", "3600", "", "DS 5 3 3600 "
"20000101000000 20000201000000 12345 example.org. FAKEFAKEFAKE"},
- // Broken NS
+ // Delegation NS and other ordinary type of RR coexist at the same
+ // name. This is deviant (except for some special cases like the other
+ // RR could be used for addressing the NS name), but as long as the
+ // other records are hidden behind the delegation for normal queries
+ // it's not necessarily harmful. (so "broken" may be too strong, but we
+ // keep the name since it could be in a chain of sorted names for DNSSEC
+ // processing and renaming them may have other bad effects for tests).
{"brokenns1.example.org.", "A", "3600", "", "192.0.2.1"},
{"brokenns1.example.org.", "NS", "3600", "", "ns.example.com."},
- {"brokenns2.example.org.", "NS", "3600", "", "ns.example.com."},
- {"brokenns2.example.org.", "A", "3600", "", "192.0.2.1"},
-
// Now double DNAME, to test failure mode
{"baddname.example.org.", "DNAME", "3600", "", "dname1.example.com."},
{"baddname.example.org.", "DNAME", "3600", "", "dname2.example.com."},
@@ -2202,15 +2205,23 @@ TYPED_TEST(DatabaseClientTest, findDelegation) {
ZoneFinder::FIND_DEFAULT),
DataSourceError);
- // Broken NS - it lives together with something else
- EXPECT_THROW(finder->find(isc::dns::Name("brokenns1.example.org."),
- this->qtype_,
- ZoneFinder::FIND_DEFAULT),
- DataSourceError);
- EXPECT_THROW(finder->find(isc::dns::Name("brokenns2.example.org."),
- this->qtype_,
- ZoneFinder::FIND_DEFAULT),
- DataSourceError);
+ // NS and other type coexist: deviant and not necessarily harmful.
+ // It should normally just result in DELEGATION; if GLUE_OK is specified,
+ // the other RR should be visible.
+ this->expected_rdatas_.clear();
+ this->expected_rdatas_.push_back("ns.example.com");
+ doFindTest(*finder, Name("brokenns1.example.org"), this->qtype_,
+ RRType::NS(), this->rrttl_, ZoneFinder::DELEGATION,
+ this->expected_rdatas_, this->empty_rdatas_,
+ ZoneFinder::RESULT_DEFAULT);
+
+ this->expected_rdatas_.clear();
+ this->expected_rdatas_.push_back("192.0.2.1");
+ doFindTest(*finder, Name("brokenns1.example.org"), this->qtype_,
+ this->qtype_, this->rrttl_, ZoneFinder::SUCCESS,
+ this->expected_rdatas_, this->empty_rdatas_,
+ ZoneFinder::RESULT_DEFAULT, Name("brokenns1.example.org"),
+ ZoneFinder::FIND_GLUE_OK);
}
TYPED_TEST(DatabaseClientTest, findDS) {
diff --git a/src/lib/datasrc/tests/zone_finder_context_unittest.cc b/src/lib/datasrc/tests/zone_finder_context_unittest.cc
index 50d409e..b3c9b2d 100644
--- a/src/lib/datasrc/tests/zone_finder_context_unittest.cc
+++ b/src/lib/datasrc/tests/zone_finder_context_unittest.cc
@@ -208,13 +208,6 @@ TEST_P(ZoneFinderContextTest, getAdditionalDelegation) {
TEST_P(ZoneFinderContextTest, getAdditionalDelegationAtZoneCut) {
// Similar to the previous case, but one of the NS addresses is at the
// zone cut.
-
- // XXX: the current database-based data source incorrectly rejects this
- // setup (see #1771)
- if (GetParam() == createSQLite3Client) {
- return;
- }
-
ZoneFinderContextPtr ctx = finder_->find(Name("www.b.example.org"),
RRType::SOA());
EXPECT_EQ(ZoneFinder::DELEGATION, ctx->code);
@@ -316,12 +309,6 @@ TEST_P(ZoneFinderContextTest, getAdditionalMX) {
}
TEST_P(ZoneFinderContextTest, getAdditionalMXAtZoneCut) {
- // XXX: the current database-based data source incorrectly rejects this
- // setup (see #1771)
- if (GetParam() == createSQLite3Client) {
- return;
- }
-
ZoneFinderContextPtr ctx = finder_->find(Name("mxatcut.example.org."),
RRType::MX());
EXPECT_EQ(ZoneFinder::SUCCESS, ctx->code);
diff --git a/src/lib/datasrc/zone.h b/src/lib/datasrc/zone.h
index bf4b1ea..c41a2c2 100644
--- a/src/lib/datasrc/zone.h
+++ b/src/lib/datasrc/zone.h
@@ -376,6 +376,16 @@ public:
/// RRsets for that name are searched just like the normal case;
/// otherwise, if the search has encountered a zone cut, \c DELEGATION
/// with the information of the highest zone cut will be returned.
+ /// Note: the term "glue" in the DNS protocol standard may sometimes
+ /// cause confusion: some people use this term strictly for an address
+ /// record (type AAAA or A) for the name used in the RDATA of an NS RR;
+ /// some others seem to give it broader flexibility. Nevertheless,
+ /// in this API the "GLUE OK" simply means the search by find() can
+ /// continue beyond a zone cut; the derived class implementation does
+ /// not have to, and should not, check whether the type is an address
+ /// record or whether the query name is pointed by some NS RR.
+ /// It's up to the caller with which definition of "glue" the search
+ /// result with this option should be used.
/// - \c FIND_DNSSEC Request that DNSSEC data (like NSEC, RRSIGs) are
/// returned with the answer. It is allowed for the data source to
/// include them even when not requested.
diff --git a/src/lib/python/isc/notify/notify_out.py b/src/lib/python/isc/notify/notify_out.py
index 83ac1d0..34db14c 100644
--- a/src/lib/python/isc/notify/notify_out.py
+++ b/src/lib/python/isc/notify/notify_out.py
@@ -161,6 +161,12 @@ class NotifyOut:
for item in slaves:
self._notify_infos[zone_id].notify_slaves.append((item, 53))
+ def add_slave(self, address, port):
+ for zone_name, zone_class in sqlite3_ds.get_zones_info(self._db_file):
+ zone_id = (zone_name, zone_class)
+ if zone_id in self._notify_infos:
+ self._notify_infos[zone_id].notify_slaves.append((address, port))
+
def send_notify(self, zone_name, zone_class='IN'):
'''Send notify to one zone's slaves, this function is
the only interface for class NotifyOut which can be called
diff --git a/tests/lettuce/configurations/DO_NOT_USE_127.0.0.1:47807 b/tests/lettuce/configurations/DO_NOT_USE_127.0.0.1:47807
new file mode 100644
index 0000000..d8f0b5f
--- /dev/null
+++ b/tests/lettuce/configurations/DO_NOT_USE_127.0.0.1:47807
@@ -0,0 +1,6 @@
+Note well:
+
+In some configuration we intentionally use an IPv6 address (::1) with
+port 47807. DO NOT CHANGE THAT; at least do not change it to
+127.0.0.1:47807. See git e3f4b290d17a68db728166cdffcbe93517966e8b
+for why.
diff --git a/tests/lettuce/configurations/NOTES b/tests/lettuce/configurations/NOTES
deleted file mode 100644
index a9b7976..0000000
--- a/tests/lettuce/configurations/NOTES
+++ /dev/null
@@ -1,4 +0,0 @@
-- In some configuration we intentionally use an IPv6 address (::1) with
- port 47807. DO NOT CHANGE THAT; at least do not change it to
- 127.0.0.1:47807. See git e3f4b290d17a68db728166cdffcbe93517966e8b
- for why.
diff --git a/tests/lettuce/configurations/xfrin/inmem_slave.conf b/tests/lettuce/configurations/xfrin/inmem_slave.conf
index a6d88ee..9b69300 100644
--- a/tests/lettuce/configurations/xfrin/inmem_slave.conf
+++ b/tests/lettuce/configurations/xfrin/inmem_slave.conf
@@ -19,8 +19,8 @@
} ]
} ],
"listen_on": [ {
- "port": 47806,
- "address": "127.0.0.1"
+ "address": "::1",
+ "port": 47806
} ]
},
"Boss": {
diff --git a/tests/lettuce/configurations/xfrin/retransfer_master.conf b/tests/lettuce/configurations/xfrin/retransfer_master.conf
index eae47a6..378cff9 100644
--- a/tests/lettuce/configurations/xfrin/retransfer_master.conf
+++ b/tests/lettuce/configurations/xfrin/retransfer_master.conf
@@ -10,13 +10,17 @@
"Auth": {
"database_file": "data/example.org.sqlite3",
"listen_on": [ {
- "port": 47807,
- "address": "::1"
+ "address": "::1",
+ "port": 47807
} ]
},
"Xfrout": {
"zone_config": [ {
"origin": "example.org"
+ } ],
+ "also_notify": [ {
+ "address": "::1",
+ "port": 47806
} ]
},
"Boss": {
diff --git a/tests/lettuce/configurations/xfrin/retransfer_slave.conf b/tests/lettuce/configurations/xfrin/retransfer_slave.conf
index 2296b8f..260147d 100644
--- a/tests/lettuce/configurations/xfrin/retransfer_slave.conf
+++ b/tests/lettuce/configurations/xfrin/retransfer_slave.conf
@@ -10,8 +10,8 @@
"Auth": {
"database_file": "data/test_nonexistent_db.sqlite3",
"listen_on": [ {
- "port": 47806,
- "address": "127.0.0.1"
+ "address": "::1",
+ "port": 47806
} ]
},
"Boss": {
diff --git a/tests/lettuce/configurations/xfrin/retransfer_slave_notify.conf b/tests/lettuce/configurations/xfrin/retransfer_slave_notify.conf
new file mode 100644
index 0000000..57244a4
--- /dev/null
+++ b/tests/lettuce/configurations/xfrin/retransfer_slave_notify.conf
@@ -0,0 +1,38 @@
+{
+ "version": 2,
+ "Logging": {
+ "loggers": [ {
+ "debuglevel": 99,
+ "severity": "DEBUG",
+ "name": "*"
+ } ]
+ },
+ "Auth": {
+ "database_file": "data/xfrin-notify.sqlite3",
+ "listen_on": [ {
+ "address": "::1",
+ "port": 47806
+ } ]
+ },
+ "Xfrin": {
+ "zones": [ {
+ "name": "example.org",
+ "master_addr": "::1",
+ "master_port": 47807
+ } ]
+ },
+ "Zonemgr": {
+ "secondary_zones": [ {
+ "name": "example.org",
+ "class": "IN"
+ } ]
+ },
+ "Boss": {
+ "components": {
+ "b10-auth": { "kind": "needed", "special": "auth" },
+ "b10-xfrin": { "address": "Xfrin", "kind": "dispensable" },
+ "b10-zonemgr": { "address": "Zonemgr", "kind": "dispensable" },
+ "b10-cmdctl": { "special": "cmdctl", "kind": "needed" }
+ }
+ }
+}
diff --git a/tests/lettuce/data/.gitignore b/tests/lettuce/data/.gitignore
index 8c54200..888175e 100644
--- a/tests/lettuce/data/.gitignore
+++ b/tests/lettuce/data/.gitignore
@@ -1,2 +1,3 @@
/inmem-xfrin.sqlite3
/test_nonexistent_db.sqlite3
+/xfrin-notify.sqlite3
diff --git a/tests/lettuce/data/example.org b/tests/lettuce/data/example.org
index 20a93be..77f8f53 100644
--- a/tests/lettuce/data/example.org
+++ b/tests/lettuce/data/example.org
@@ -10,3 +10,4 @@ dname.example.org. 3600 IN DNAME dname.example.info.
dname2.foo.example.org. 3600 IN DNAME dname2.example.info.
ns1.example.org. 3600 IN A 192.0.2.3
ns2.example.org. 3600 IN A 192.0.2.4
+shell.example.org. 3600 IN SSHFP 2 1 123456789abcdef67890123456789abcdef67890
diff --git a/tests/lettuce/data/xfrin-notify.sqlite3.orig b/tests/lettuce/data/xfrin-notify.sqlite3.orig
new file mode 100644
index 0000000..3c38322
Binary files /dev/null and b/tests/lettuce/data/xfrin-notify.sqlite3.orig differ
diff --git a/tests/lettuce/features/inmemory_over_sqlite3.feature b/tests/lettuce/features/inmemory_over_sqlite3.feature
index 2e48689..851caca 100644
--- a/tests/lettuce/features/inmemory_over_sqlite3.feature
+++ b/tests/lettuce/features/inmemory_over_sqlite3.feature
@@ -26,18 +26,18 @@ Feature: In-memory zone using SQLite3 backend
And wait for bind10 stderr message XFRIN_STARTED
And wait for bind10 stderr message ZONEMGR_STARTED
- A query for www.example.org should have rcode NOERROR
+ A query for www.example.org to [::1]:47806 should have rcode NOERROR
"""
www.example.org. 3600 IN A 192.0.2.63
"""
- A query for mail.example.org should have rcode NXDOMAIN
+ A query for mail.example.org to [::1]:47806 should have rcode NXDOMAIN
When I send bind10 the command Xfrin retransfer example.org IN ::1 47807
Then wait for new bind10 stderr message XFRIN_TRANSFER_SUCCESS not XFRIN_XFR_PROCESS_FAILURE
Then wait for new bind10 stderr message AUTH_LOAD_ZONE
- A query for www.example.org should have rcode NOERROR
+ A query for www.example.org to [::1]:47807 should have rcode NOERROR
The answer section of the last query response should be
"""
www.example.org. 3600 IN A 192.0.2.1
"""
- A query for mail.example.org should have rcode NOERROR
+ A query for mail.example.org to [::1]:47806 should have rcode NOERROR
diff --git a/tests/lettuce/features/queries.feature b/tests/lettuce/features/queries.feature
index de6f0fa..7ae2284 100644
--- a/tests/lettuce/features/queries.feature
+++ b/tests/lettuce/features/queries.feature
@@ -103,6 +103,7 @@ Feature: Querying feature
ns2.example.org. 3600 IN A 192.0.2.4
mail.example.org. 3600 IN A 192.0.2.10
"""
+
Scenario: Delegation query for unsigned child zone
Given I have bind10 running with configuration example.org.inmem.config
And wait for bind10 stderr message BIND10_STARTED_CC
@@ -122,3 +123,27 @@ Feature: Querying feature
"""
ns.sub.example.org. 3600 IN A 192.0.2.101
"""
+
+ Scenario: SSHFP query
+ # We are testing one more RR type for a normal successful case
+ Given I have bind10 running with configuration example.org.inmem.config
+ And wait for bind10 stderr message BIND10_STARTED_CC
+ And wait for bind10 stderr message CMDCTL_STARTED
+ And wait for bind10 stderr message AUTH_SERVER_STARTED
+
+ bind10 module Auth should be running
+ And bind10 module Resolver should not be running
+ And bind10 module Xfrout should not be running
+ And bind10 module Zonemgr should not be running
+ And bind10 module Xfrin should not be running
+ And bind10 module Stats should not be running
+ And bind10 module StatsHttpd should not be running
+
+ A query for example.org type SSHFP should have rcode NOERROR
+ The last query response should have ancount 0
+ A query for shell.example.org type SSHFP should have rcode NOERROR
+ The last query response should have ancount 1
+ The answer section of the last query response should be
+ """
+ shell.example.org. 3600 IN SSHFP 2 1 123456789abcdef67890123456789abcdef67890
+ """
diff --git a/tests/lettuce/features/terrain/bind10_control.py b/tests/lettuce/features/terrain/bind10_control.py
index a08a887..248c6ec 100644
--- a/tests/lettuce/features/terrain/bind10_control.py
+++ b/tests/lettuce/features/terrain/bind10_control.py
@@ -306,8 +306,8 @@ def config_remove_command(step, name, value, cmdctl_port):
"quit"]
run_bindctl(commands, cmdctl_port)
- at step('send bind10 the command (.+)(?: with cmdctl port (\d+))?')
-def send_command(step, command, cmdctl_port):
+ at step('send bind10(?: with cmdctl port (\d+))? the command (.+)')
+def send_command(step, cmdctl_port, command):
"""
Run bindctl, send the given command, and exit bindctl.
Parameters:
diff --git a/tests/lettuce/features/terrain/terrain.py b/tests/lettuce/features/terrain/terrain.py
index a35d0de..876e7cf 100644
--- a/tests/lettuce/features/terrain/terrain.py
+++ b/tests/lettuce/features/terrain/terrain.py
@@ -59,6 +59,8 @@ copylist = [
"configurations/ddns/noddns.config"],
["data/inmem-xfrin.sqlite3.orig",
"data/inmem-xfrin.sqlite3"],
+ ["data/xfrin-notify.sqlite3.orig",
+ "data/xfrin-notify.sqlite3"],
["data/ddns/example.org.sqlite3.orig",
"data/ddns/example.org.sqlite3"]
]
diff --git a/tests/lettuce/features/terrain/transfer.py b/tests/lettuce/features/terrain/transfer.py
index 4ba45b8..eb4ddc0 100644
--- a/tests/lettuce/features/terrain/transfer.py
+++ b/tests/lettuce/features/terrain/transfer.py
@@ -67,11 +67,11 @@ def perform_axfr(step, zone_name, address, port):
Step definition:
An AXFR transfer of <zone_name> [from <address>:<port>]
- Address defaults to 127.0.0.1
+ Address defaults to ::1
Port defaults to 47806
"""
if address is None:
- address = "127.0.0.1"
+ address = "::1"
# convert [IPv6_addr] to IPv6_addr:
address = re.sub(r"\[(.+)\]", r"\1", address)
if port is None:
diff --git a/tests/lettuce/features/xfrin_bind10.feature b/tests/lettuce/features/xfrin_bind10.feature
index 27dfb83..7a45ddd 100644
--- a/tests/lettuce/features/xfrin_bind10.feature
+++ b/tests/lettuce/features/xfrin_bind10.feature
@@ -23,11 +23,11 @@ Feature: Xfrin
# Now we use the first step again to see if the file has been created
The file data/test_nonexistent_db.sqlite3 should exist
- A query for www.example.org should have rcode REFUSED
+ A query for www.example.org to [::1]:47806 should have rcode REFUSED
When I send bind10 the command Xfrin retransfer example.org IN ::1 47807
Then wait for new bind10 stderr message XFRIN_TRANSFER_SUCCESS not XFRIN_XFR_PROCESS_FAILURE
Then wait for new bind10 stderr message ZONEMGR_RECEIVE_XFRIN_SUCCESS
- A query for www.example.org should have rcode NOERROR
+ A query for www.example.org to [::1]:47806 should have rcode NOERROR
# The transferred zone should have 11 non-NSEC3 RRs and 1 NSEC3 RR.
# The following check will get these by AXFR, so the total # of RRs
diff --git a/tests/lettuce/features/xfrin_notify_handling.feature b/tests/lettuce/features/xfrin_notify_handling.feature
new file mode 100644
index 0000000..e514b83
--- /dev/null
+++ b/tests/lettuce/features/xfrin_notify_handling.feature
@@ -0,0 +1,29 @@
+Feature: Xfrin incoming notify handling
+ Tests for Xfrin incoming notify handling.
+
+ Scenario: Handle incoming notify
+ Given I have bind10 running with configuration xfrin/retransfer_master.conf with cmdctl port 47804 as master
+ And wait for master stderr message BIND10_STARTED_CC
+ And wait for master stderr message CMDCTL_STARTED
+ And wait for master stderr message AUTH_SERVER_STARTED
+ And wait for master stderr message XFROUT_STARTED
+ And wait for master stderr message ZONEMGR_STARTED
+
+ And I have bind10 running with configuration xfrin/retransfer_slave_notify.conf
+ And wait for bind10 stderr message BIND10_STARTED_CC
+ And wait for bind10 stderr message CMDCTL_STARTED
+ And wait for bind10 stderr message AUTH_SERVER_STARTED
+ And wait for bind10 stderr message XFRIN_STARTED
+ And wait for bind10 stderr message ZONEMGR_STARTED
+
+ A query for www.example.org to [::1]:47806 should have rcode NXDOMAIN
+
+ When I send bind10 with cmdctl port 47804 the command Xfrout notify example.org IN
+ Then wait for new master stderr message XFROUT_NOTIFY_COMMAND
+ Then wait for new bind10 stderr message AUTH_RECEIVED_NOTIFY
+ Then wait for new bind10 stderr message ZONEMGR_RECEIVE_NOTIFY
+ Then wait for new bind10 stderr message XFRIN_XFR_TRANSFER_STARTED
+ Then wait for new bind10 stderr message XFRIN_TRANSFER_SUCCESS not XFRIN_XFR_PROCESS_FAILURE
+ Then wait for new bind10 stderr message ZONEMGR_RECEIVE_XFRIN_SUCCESS
+
+ A query for www.example.org to [::1]:47806 should have rcode NOERROR
More information about the bind10-changes
mailing list