1 /*
2 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
3 *
4 * This Source Code Form is subject to the terms of the Mozilla Public
5 * License, v. 2.0. If a copy of the MPL was not distributed with this
6 * file, you can obtain one at https://mozilla.org/MPL/2.0/.
7 *
8 * See the COPYRIGHT file distributed with this work for additional
9 * information regarding copyright ownership.
10 */
11
12
13 /*! \file */
14
15 #include <config.h>
16
17 #include <stdbool.h>
18
19 #include <isc/buffer.h>
20 #include <isc/string.h> /* Required for HP/UX (and others?) */
21 #include <isc/util.h>
22
23 #include <dns/callbacks.h>
24 #include <dns/db.h>
25 #include <dns/dbiterator.h>
26 #include <dns/fixedname.h>
27 #include <dns/log.h>
28 #include <dns/master.h>
29 #include <dns/rdata.h>
30 #include <dns/rdata.h>
31 #include <dns/rdataset.h>
32 #include <dns/rdatasetiter.h>
33 #include <dns/rdatastruct.h>
34 #include <dns/rdatatype.h>
35 #include <dns/result.h>
36 #include <dns/rootns.h>
37 #include <dns/view.h>
38
39 static char root_ns[] =
40 ";\n"
41 "; Internet Root Nameservers\n"
42 ";\n"
43 "$TTL 518400\n"
44 ". 518400 IN NS A.ROOT-SERVERS.NET.\n"
45 ". 518400 IN NS B.ROOT-SERVERS.NET.\n"
46 ". 518400 IN NS C.ROOT-SERVERS.NET.\n"
47 ". 518400 IN NS D.ROOT-SERVERS.NET.\n"
48 ". 518400 IN NS E.ROOT-SERVERS.NET.\n"
49 ". 518400 IN NS F.ROOT-SERVERS.NET.\n"
50 ". 518400 IN NS G.ROOT-SERVERS.NET.\n"
51 ". 518400 IN NS H.ROOT-SERVERS.NET.\n"
52 ". 518400 IN NS I.ROOT-SERVERS.NET.\n"
53 ". 518400 IN NS J.ROOT-SERVERS.NET.\n"
54 ". 518400 IN NS K.ROOT-SERVERS.NET.\n"
55 ". 518400 IN NS L.ROOT-SERVERS.NET.\n"
56 ". 518400 IN NS M.ROOT-SERVERS.NET.\n"
57 "A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4\n"
58 "A.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:BA3E::2:30\n"
59 "B.ROOT-SERVERS.NET. 3600000 IN A 199.9.14.201\n"
60 "B.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:200::b\n"
61 "C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12\n"
62 "C.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:2::c\n"
63 "D.ROOT-SERVERS.NET. 3600000 IN A 199.7.91.13\n"
64 "D.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:2d::d\n"
65 "E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10\n"
66 "E.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:a8::e\n"
67 "F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241\n"
68 "F.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:2F::F\n"
69 "G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4\n"
70 "G.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:12::d0d\n"
71 "H.ROOT-SERVERS.NET. 3600000 IN A 198.97.190.53\n"
72 "H.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:1::53\n"
73 "I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17\n"
74 "I.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:7fe::53\n"
75 "J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30\n"
76 "J.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:C27::2:30\n"
77 "K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129\n"
78 "K.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:7FD::1\n"
79 "L.ROOT-SERVERS.NET. 3600000 IN A 199.7.83.42\n"
80 "L.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:9f::42\n"
81 "M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33\n"
82 "M.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:DC3::35\n";
83
84 static isc_result_t
in_rootns(dns_rdataset_t * rootns,dns_name_t * name)85 in_rootns(dns_rdataset_t *rootns, dns_name_t *name) {
86 isc_result_t result;
87 dns_rdata_t rdata = DNS_RDATA_INIT;
88 dns_rdata_ns_t ns;
89
90 if (!dns_rdataset_isassociated(rootns))
91 return (ISC_R_NOTFOUND);
92
93 result = dns_rdataset_first(rootns);
94 while (result == ISC_R_SUCCESS) {
95 dns_rdataset_current(rootns, &rdata);
96 result = dns_rdata_tostruct(&rdata, &ns, NULL);
97 if (result != ISC_R_SUCCESS)
98 return (result);
99 if (dns_name_compare(name, &ns.name) == 0)
100 return (ISC_R_SUCCESS);
101 result = dns_rdataset_next(rootns);
102 dns_rdata_reset(&rdata);
103 }
104 if (result == ISC_R_NOMORE)
105 result = ISC_R_NOTFOUND;
106 return (result);
107 }
108
109 static isc_result_t
check_node(dns_rdataset_t * rootns,dns_name_t * name,dns_rdatasetiter_t * rdsiter)110 check_node(dns_rdataset_t *rootns, dns_name_t *name,
111 dns_rdatasetiter_t *rdsiter) {
112 isc_result_t result;
113 dns_rdataset_t rdataset;
114
115 dns_rdataset_init(&rdataset);
116 result = dns_rdatasetiter_first(rdsiter);
117 while (result == ISC_R_SUCCESS) {
118 dns_rdatasetiter_current(rdsiter, &rdataset);
119 switch (rdataset.type) {
120 case dns_rdatatype_a:
121 case dns_rdatatype_aaaa:
122 result = in_rootns(rootns, name);
123 if (result != ISC_R_SUCCESS)
124 goto cleanup;
125 break;
126 case dns_rdatatype_ns:
127 if (dns_name_compare(name, dns_rootname) == 0)
128 break;
129 /* FALLTHROUGH */
130 default:
131 result = ISC_R_FAILURE;
132 goto cleanup;
133 }
134 dns_rdataset_disassociate(&rdataset);
135 result = dns_rdatasetiter_next(rdsiter);
136 }
137 if (result == ISC_R_NOMORE)
138 result = ISC_R_SUCCESS;
139 cleanup:
140 if (dns_rdataset_isassociated(&rdataset))
141 dns_rdataset_disassociate(&rdataset);
142 return (result);
143 }
144
145 static isc_result_t
check_hints(dns_db_t * db)146 check_hints(dns_db_t *db) {
147 isc_result_t result;
148 dns_rdataset_t rootns;
149 dns_dbiterator_t *dbiter = NULL;
150 dns_dbnode_t *node = NULL;
151 isc_stdtime_t now;
152 dns_fixedname_t fixname;
153 dns_name_t *name;
154 dns_rdatasetiter_t *rdsiter = NULL;
155
156 isc_stdtime_get(&now);
157
158 name = dns_fixedname_initname(&fixname);
159
160 dns_rdataset_init(&rootns);
161 (void)dns_db_find(db, dns_rootname, NULL, dns_rdatatype_ns, 0,
162 now, NULL, name, &rootns, NULL);
163 result = dns_db_createiterator(db, 0, &dbiter);
164 if (result != ISC_R_SUCCESS)
165 goto cleanup;
166 result = dns_dbiterator_first(dbiter);
167 while (result == ISC_R_SUCCESS) {
168 result = dns_dbiterator_current(dbiter, &node, name);
169 if (result != ISC_R_SUCCESS)
170 goto cleanup;
171 result = dns_db_allrdatasets(db, node, NULL, now, &rdsiter);
172 if (result != ISC_R_SUCCESS)
173 goto cleanup;
174 result = check_node(&rootns, name, rdsiter);
175 if (result != ISC_R_SUCCESS)
176 goto cleanup;
177 dns_rdatasetiter_destroy(&rdsiter);
178 dns_db_detachnode(db, &node);
179 result = dns_dbiterator_next(dbiter);
180 }
181 if (result == ISC_R_NOMORE)
182 result = ISC_R_SUCCESS;
183
184 cleanup:
185 if (dns_rdataset_isassociated(&rootns))
186 dns_rdataset_disassociate(&rootns);
187 if (rdsiter != NULL)
188 dns_rdatasetiter_destroy(&rdsiter);
189 if (node != NULL)
190 dns_db_detachnode(db, &node);
191 if (dbiter != NULL)
192 dns_dbiterator_destroy(&dbiter);
193 return (result);
194 }
195
196 isc_result_t
dns_rootns_create(isc_mem_t * mctx,dns_rdataclass_t rdclass,const char * filename,dns_db_t ** target)197 dns_rootns_create(isc_mem_t *mctx, dns_rdataclass_t rdclass,
198 const char *filename, dns_db_t **target)
199 {
200 isc_result_t result, eresult;
201 isc_buffer_t source;
202 unsigned int len;
203 dns_rdatacallbacks_t callbacks;
204 dns_db_t *db = NULL;
205
206 REQUIRE(target != NULL && *target == NULL);
207
208 result = dns_db_create(mctx, "rbt", dns_rootname, dns_dbtype_zone,
209 rdclass, 0, NULL, &db);
210 if (result != ISC_R_SUCCESS)
211 goto failure;
212
213 len = strlen(root_ns);
214 isc_buffer_init(&source, root_ns, len);
215 isc_buffer_add(&source, len);
216
217 dns_rdatacallbacks_init(&callbacks);
218 result = dns_db_beginload(db, &callbacks);
219 if (result != ISC_R_SUCCESS)
220 goto failure;
221 if (filename != NULL) {
222 /*
223 * Load the hints from the specified filename.
224 */
225 result = dns_master_loadfile(filename, &db->origin,
226 &db->origin, db->rdclass,
227 DNS_MASTER_HINT,
228 &callbacks, db->mctx);
229 } else if (rdclass == dns_rdataclass_in) {
230 /*
231 * Default to using the Internet root servers.
232 */
233 result = dns_master_loadbuffer(&source, &db->origin,
234 &db->origin, db->rdclass,
235 DNS_MASTER_HINT,
236 &callbacks, db->mctx);
237 } else
238 result = ISC_R_NOTFOUND;
239 eresult = dns_db_endload(db, &callbacks);
240 if (result == ISC_R_SUCCESS || result == DNS_R_SEENINCLUDE)
241 result = eresult;
242 if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE)
243 goto failure;
244 if (check_hints(db) != ISC_R_SUCCESS)
245 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
246 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING,
247 "extra data in root hints '%s'",
248 (filename != NULL) ? filename : "<BUILT-IN>");
249 *target = db;
250 return (ISC_R_SUCCESS);
251
252 failure:
253 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_HINTS,
254 ISC_LOG_ERROR, "could not configure root hints from "
255 "'%s': %s", (filename != NULL) ? filename : "<BUILT-IN>",
256 isc_result_totext(result));
257
258 if (db != NULL)
259 dns_db_detach(&db);
260
261 return (result);
262 }
263
264 static void
report(dns_view_t * view,dns_name_t * name,bool missing,dns_rdata_t * rdata)265 report(dns_view_t *view, dns_name_t *name, bool missing,
266 dns_rdata_t *rdata)
267 {
268 const char *viewname = "", *sep = "";
269 char namebuf[DNS_NAME_FORMATSIZE];
270 char typebuf[DNS_RDATATYPE_FORMATSIZE];
271 char databuf[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:123.123.123.123")];
272 isc_buffer_t buffer;
273 isc_result_t result;
274
275 if (strcmp(view->name, "_bind") != 0 &&
276 strcmp(view->name, "_default") != 0) {
277 viewname = view->name;
278 sep = ": view ";
279 }
280
281 dns_name_format(name, namebuf, sizeof(namebuf));
282 dns_rdatatype_format(rdata->type, typebuf, sizeof(typebuf));
283 isc_buffer_init(&buffer, databuf, sizeof(databuf) - 1);
284 result = dns_rdata_totext(rdata, NULL, &buffer);
285 RUNTIME_CHECK(result == ISC_R_SUCCESS);
286 databuf[isc_buffer_usedlength(&buffer)] = '\0';
287
288 if (missing)
289 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
290 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING,
291 "checkhints%s%s: %s/%s (%s) missing from hints",
292 sep, viewname, namebuf, typebuf, databuf);
293 else
294 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
295 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING,
296 "checkhints%s%s: %s/%s (%s) extra record "
297 "in hints", sep, viewname, namebuf, typebuf,
298 databuf);
299 }
300
301 static bool
inrrset(dns_rdataset_t * rrset,dns_rdata_t * rdata)302 inrrset(dns_rdataset_t *rrset, dns_rdata_t *rdata) {
303 isc_result_t result;
304 dns_rdata_t current = DNS_RDATA_INIT;
305
306 result = dns_rdataset_first(rrset);
307 while (result == ISC_R_SUCCESS) {
308 dns_rdataset_current(rrset, ¤t);
309 if (dns_rdata_compare(rdata, ¤t) == 0)
310 return (true);
311 dns_rdata_reset(¤t);
312 result = dns_rdataset_next(rrset);
313 }
314 return (false);
315 }
316
317 /*
318 * Check that the address RRsets match.
319 *
320 * Note we don't complain about missing glue records.
321 */
322
323 static void
check_address_records(dns_view_t * view,dns_db_t * hints,dns_db_t * db,dns_name_t * name,isc_stdtime_t now)324 check_address_records(dns_view_t *view, dns_db_t *hints, dns_db_t *db,
325 dns_name_t *name, isc_stdtime_t now)
326 {
327 isc_result_t hresult, rresult, result;
328 dns_rdataset_t hintrrset, rootrrset;
329 dns_rdata_t rdata = DNS_RDATA_INIT;
330 dns_name_t *foundname;
331 dns_fixedname_t fixed;
332
333 dns_rdataset_init(&hintrrset);
334 dns_rdataset_init(&rootrrset);
335 foundname = dns_fixedname_initname(&fixed);
336
337 hresult = dns_db_find(hints, name, NULL, dns_rdatatype_a, 0,
338 now, NULL, foundname, &hintrrset, NULL);
339 rresult = dns_db_find(db, name, NULL, dns_rdatatype_a,
340 DNS_DBFIND_GLUEOK, now, NULL, foundname,
341 &rootrrset, NULL);
342 if (hresult == ISC_R_SUCCESS &&
343 (rresult == ISC_R_SUCCESS || rresult == DNS_R_GLUE)) {
344 result = dns_rdataset_first(&rootrrset);
345 while (result == ISC_R_SUCCESS) {
346 dns_rdata_reset(&rdata);
347 dns_rdataset_current(&rootrrset, &rdata);
348 if (!inrrset(&hintrrset, &rdata))
349 report(view, name, true, &rdata);
350 result = dns_rdataset_next(&rootrrset);
351 }
352 result = dns_rdataset_first(&hintrrset);
353 while (result == ISC_R_SUCCESS) {
354 dns_rdata_reset(&rdata);
355 dns_rdataset_current(&hintrrset, &rdata);
356 if (!inrrset(&rootrrset, &rdata))
357 report(view, name, false, &rdata);
358 result = dns_rdataset_next(&hintrrset);
359 }
360 }
361 if (hresult == ISC_R_NOTFOUND &&
362 (rresult == ISC_R_SUCCESS || rresult == DNS_R_GLUE)) {
363 result = dns_rdataset_first(&rootrrset);
364 while (result == ISC_R_SUCCESS) {
365 dns_rdata_reset(&rdata);
366 dns_rdataset_current(&rootrrset, &rdata);
367 report(view, name, true, &rdata);
368 result = dns_rdataset_next(&rootrrset);
369 }
370 }
371 if (dns_rdataset_isassociated(&rootrrset))
372 dns_rdataset_disassociate(&rootrrset);
373 if (dns_rdataset_isassociated(&hintrrset))
374 dns_rdataset_disassociate(&hintrrset);
375
376 /*
377 * Check AAAA records.
378 */
379 hresult = dns_db_find(hints, name, NULL, dns_rdatatype_aaaa, 0,
380 now, NULL, foundname, &hintrrset, NULL);
381 rresult = dns_db_find(db, name, NULL, dns_rdatatype_aaaa,
382 DNS_DBFIND_GLUEOK, now, NULL, foundname,
383 &rootrrset, NULL);
384 if (hresult == ISC_R_SUCCESS &&
385 (rresult == ISC_R_SUCCESS || rresult == DNS_R_GLUE)) {
386 result = dns_rdataset_first(&rootrrset);
387 while (result == ISC_R_SUCCESS) {
388 dns_rdata_reset(&rdata);
389 dns_rdataset_current(&rootrrset, &rdata);
390 if (!inrrset(&hintrrset, &rdata))
391 report(view, name, true, &rdata);
392 dns_rdata_reset(&rdata);
393 result = dns_rdataset_next(&rootrrset);
394 }
395 result = dns_rdataset_first(&hintrrset);
396 while (result == ISC_R_SUCCESS) {
397 dns_rdata_reset(&rdata);
398 dns_rdataset_current(&hintrrset, &rdata);
399 if (!inrrset(&rootrrset, &rdata))
400 report(view, name, false, &rdata);
401 dns_rdata_reset(&rdata);
402 result = dns_rdataset_next(&hintrrset);
403 }
404 }
405 if (hresult == ISC_R_NOTFOUND &&
406 (rresult == ISC_R_SUCCESS || rresult == DNS_R_GLUE)) {
407 result = dns_rdataset_first(&rootrrset);
408 while (result == ISC_R_SUCCESS) {
409 dns_rdata_reset(&rdata);
410 dns_rdataset_current(&rootrrset, &rdata);
411 report(view, name, true, &rdata);
412 dns_rdata_reset(&rdata);
413 result = dns_rdataset_next(&rootrrset);
414 }
415 }
416 if (dns_rdataset_isassociated(&rootrrset))
417 dns_rdataset_disassociate(&rootrrset);
418 if (dns_rdataset_isassociated(&hintrrset))
419 dns_rdataset_disassociate(&hintrrset);
420 }
421
422 void
dns_root_checkhints(dns_view_t * view,dns_db_t * hints,dns_db_t * db)423 dns_root_checkhints(dns_view_t *view, dns_db_t *hints, dns_db_t *db) {
424 isc_result_t result;
425 dns_rdata_t rdata = DNS_RDATA_INIT;
426 dns_rdata_ns_t ns;
427 dns_rdataset_t hintns, rootns;
428 const char *viewname = "", *sep = "";
429 isc_stdtime_t now;
430 dns_name_t *name;
431 dns_fixedname_t fixed;
432
433 REQUIRE(hints != NULL);
434 REQUIRE(db != NULL);
435 REQUIRE(view != NULL);
436
437 isc_stdtime_get(&now);
438
439 if (strcmp(view->name, "_bind") != 0 &&
440 strcmp(view->name, "_default") != 0) {
441 viewname = view->name;
442 sep = ": view ";
443 }
444
445 dns_rdataset_init(&hintns);
446 dns_rdataset_init(&rootns);
447 name = dns_fixedname_initname(&fixed);
448
449 result = dns_db_find(hints, dns_rootname, NULL, dns_rdatatype_ns, 0,
450 now, NULL, name, &hintns, NULL);
451 if (result != ISC_R_SUCCESS) {
452 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
453 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING,
454 "checkhints%s%s: unable to get root NS rrset "
455 "from hints: %s", sep, viewname,
456 dns_result_totext(result));
457 goto cleanup;
458 }
459
460 result = dns_db_find(db, dns_rootname, NULL, dns_rdatatype_ns, 0,
461 now, NULL, name, &rootns, NULL);
462 if (result != ISC_R_SUCCESS) {
463 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
464 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING,
465 "checkhints%s%s: unable to get root NS rrset "
466 "from cache: %s", sep, viewname,
467 dns_result_totext(result));
468 goto cleanup;
469 }
470
471 /*
472 * Look for missing root NS names.
473 */
474 result = dns_rdataset_first(&rootns);
475 while (result == ISC_R_SUCCESS) {
476 dns_rdataset_current(&rootns, &rdata);
477 result = dns_rdata_tostruct(&rdata, &ns, NULL);
478 RUNTIME_CHECK(result == ISC_R_SUCCESS);
479 result = in_rootns(&hintns, &ns.name);
480 if (result != ISC_R_SUCCESS) {
481 char namebuf[DNS_NAME_FORMATSIZE];
482 /* missing from hints */
483 dns_name_format(&ns.name, namebuf, sizeof(namebuf));
484 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
485 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING,
486 "checkhints%s%s: unable to find root "
487 "NS '%s' in hints", sep, viewname,
488 namebuf);
489 } else
490 check_address_records(view, hints, db, &ns.name, now);
491 dns_rdata_reset(&rdata);
492 result = dns_rdataset_next(&rootns);
493 }
494 if (result != ISC_R_NOMORE) {
495 goto cleanup;
496 }
497
498 /*
499 * Look for extra root NS names.
500 */
501 result = dns_rdataset_first(&hintns);
502 while (result == ISC_R_SUCCESS) {
503 dns_rdataset_current(&hintns, &rdata);
504 result = dns_rdata_tostruct(&rdata, &ns, NULL);
505 RUNTIME_CHECK(result == ISC_R_SUCCESS);
506 result = in_rootns(&rootns, &ns.name);
507 if (result != ISC_R_SUCCESS) {
508 char namebuf[DNS_NAME_FORMATSIZE];
509 /* extra entry in hints */
510 dns_name_format(&ns.name, namebuf, sizeof(namebuf));
511 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
512 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING,
513 "checkhints%s%s: extra NS '%s' in hints",
514 sep, viewname, namebuf);
515 }
516 dns_rdata_reset(&rdata);
517 result = dns_rdataset_next(&hintns);
518 }
519 if (result != ISC_R_NOMORE) {
520 goto cleanup;
521 }
522
523 cleanup:
524 if (dns_rdataset_isassociated(&rootns))
525 dns_rdataset_disassociate(&rootns);
526 if (dns_rdataset_isassociated(&hintns))
527 dns_rdataset_disassociate(&hintns);
528 }
529