1 /*
2 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
3 *
4 * This Source Code Form is subject to the terms of the Mozilla Public
5 * License, v. 2.0. If a copy of the MPL was not distributed with this
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
7 *
8 * See the COPYRIGHT file distributed with this work for additional
9 * information regarding copyright ownership.
10 */
11
12 /*! \file */
13
14 #include <stdbool.h>
15
16 #include <isc/buffer.h>
17 #include <isc/string.h> /* Required for HP/UX (and others?) */
18 #include <isc/util.h>
19
20 #include <dns/callbacks.h>
21 #include <dns/db.h>
22 #include <dns/dbiterator.h>
23 #include <dns/fixedname.h>
24 #include <dns/log.h>
25 #include <dns/master.h>
26 #include <dns/rdata.h>
27 #include <dns/rdataset.h>
28 #include <dns/rdatasetiter.h>
29 #include <dns/rdatastruct.h>
30 #include <dns/rdatatype.h>
31 #include <dns/result.h>
32 #include <dns/rootns.h>
33 #include <dns/view.h>
34
35 static char root_ns[] =
36 ";\n"
37 "; Internet Root Nameservers\n"
38 ";\n"
39 "$TTL 518400\n"
40 ". 518400 IN NS A.ROOT-SERVERS.NET.\n"
41 ". 518400 IN NS B.ROOT-SERVERS.NET.\n"
42 ". 518400 IN NS C.ROOT-SERVERS.NET.\n"
43 ". 518400 IN NS D.ROOT-SERVERS.NET.\n"
44 ". 518400 IN NS E.ROOT-SERVERS.NET.\n"
45 ". 518400 IN NS F.ROOT-SERVERS.NET.\n"
46 ". 518400 IN NS G.ROOT-SERVERS.NET.\n"
47 ". 518400 IN NS H.ROOT-SERVERS.NET.\n"
48 ". 518400 IN NS I.ROOT-SERVERS.NET.\n"
49 ". 518400 IN NS J.ROOT-SERVERS.NET.\n"
50 ". 518400 IN NS K.ROOT-SERVERS.NET.\n"
51 ". 518400 IN NS L.ROOT-SERVERS.NET.\n"
52 ". 518400 IN NS M.ROOT-SERVERS.NET.\n"
53 "A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4\n"
54 "A.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:BA3E::2:30\n"
55 "B.ROOT-SERVERS.NET. 3600000 IN A 199.9.14.201\n"
56 "B.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:200::b\n"
57 "C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12\n"
58 "C.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:2::c\n"
59 "D.ROOT-SERVERS.NET. 3600000 IN A 199.7.91.13\n"
60 "D.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:2d::d\n"
61 "E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10\n"
62 "E.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:a8::e\n"
63 "F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241\n"
64 "F.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:2F::F\n"
65 "G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4\n"
66 "G.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:12::d0d\n"
67 "H.ROOT-SERVERS.NET. 3600000 IN A 198.97.190.53\n"
68 "H.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:1::53\n"
69 "I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17\n"
70 "I.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:7fe::53\n"
71 "J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30\n"
72 "J.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:C27::2:30\n"
73 "K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129\n"
74 "K.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:7FD::1\n"
75 "L.ROOT-SERVERS.NET. 3600000 IN A 199.7.83.42\n"
76 "L.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:9f::42\n"
77 "M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33\n"
78 "M.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:DC3::35\n";
79
80 static isc_result_t
in_rootns(dns_rdataset_t * rootns,dns_name_t * name)81 in_rootns(dns_rdataset_t *rootns, dns_name_t *name) {
82 isc_result_t result;
83 dns_rdata_t rdata = DNS_RDATA_INIT;
84 dns_rdata_ns_t ns;
85
86 if (!dns_rdataset_isassociated(rootns)) {
87 return (ISC_R_NOTFOUND);
88 }
89
90 result = dns_rdataset_first(rootns);
91 while (result == ISC_R_SUCCESS) {
92 dns_rdataset_current(rootns, &rdata);
93 result = dns_rdata_tostruct(&rdata, &ns, NULL);
94 if (result != ISC_R_SUCCESS) {
95 return (result);
96 }
97 if (dns_name_compare(name, &ns.name) == 0) {
98 return (ISC_R_SUCCESS);
99 }
100 result = dns_rdataset_next(rootns);
101 dns_rdata_reset(&rdata);
102 }
103 if (result == ISC_R_NOMORE) {
104 result = ISC_R_NOTFOUND;
105 }
106 return (result);
107 }
108
109 static isc_result_t
check_node(dns_rdataset_t * rootns,dns_name_t * name,dns_rdatasetiter_t * rdsiter)110 check_node(dns_rdataset_t *rootns, dns_name_t *name,
111 dns_rdatasetiter_t *rdsiter) {
112 isc_result_t result;
113 dns_rdataset_t rdataset;
114
115 dns_rdataset_init(&rdataset);
116 result = dns_rdatasetiter_first(rdsiter);
117 while (result == ISC_R_SUCCESS) {
118 dns_rdatasetiter_current(rdsiter, &rdataset);
119 switch (rdataset.type) {
120 case dns_rdatatype_a:
121 case dns_rdatatype_aaaa:
122 result = in_rootns(rootns, name);
123 if (result != ISC_R_SUCCESS) {
124 goto cleanup;
125 }
126 break;
127 case dns_rdatatype_ns:
128 if (dns_name_compare(name, dns_rootname) == 0) {
129 break;
130 }
131 /* FALLTHROUGH */
132 default:
133 result = ISC_R_FAILURE;
134 goto cleanup;
135 }
136 dns_rdataset_disassociate(&rdataset);
137 result = dns_rdatasetiter_next(rdsiter);
138 }
139 if (result == ISC_R_NOMORE) {
140 result = ISC_R_SUCCESS;
141 }
142 cleanup:
143 if (dns_rdataset_isassociated(&rdataset)) {
144 dns_rdataset_disassociate(&rdataset);
145 }
146 return (result);
147 }
148
149 static isc_result_t
check_hints(dns_db_t * db)150 check_hints(dns_db_t *db) {
151 isc_result_t result;
152 dns_rdataset_t rootns;
153 dns_dbiterator_t *dbiter = NULL;
154 dns_dbnode_t *node = NULL;
155 isc_stdtime_t now;
156 dns_fixedname_t fixname;
157 dns_name_t *name;
158 dns_rdatasetiter_t *rdsiter = NULL;
159
160 isc_stdtime_get(&now);
161
162 name = dns_fixedname_initname(&fixname);
163
164 dns_rdataset_init(&rootns);
165 (void)dns_db_find(db, dns_rootname, NULL, dns_rdatatype_ns, 0, now,
166 NULL, name, &rootns, NULL);
167 result = dns_db_createiterator(db, 0, &dbiter);
168 if (result != ISC_R_SUCCESS) {
169 goto cleanup;
170 }
171 result = dns_dbiterator_first(dbiter);
172 while (result == ISC_R_SUCCESS) {
173 result = dns_dbiterator_current(dbiter, &node, name);
174 if (result != ISC_R_SUCCESS) {
175 goto cleanup;
176 }
177 result = dns_db_allrdatasets(db, node, NULL, now, &rdsiter);
178 if (result != ISC_R_SUCCESS) {
179 goto cleanup;
180 }
181 result = check_node(&rootns, name, rdsiter);
182 if (result != ISC_R_SUCCESS) {
183 goto cleanup;
184 }
185 dns_rdatasetiter_destroy(&rdsiter);
186 dns_db_detachnode(db, &node);
187 result = dns_dbiterator_next(dbiter);
188 }
189 if (result == ISC_R_NOMORE) {
190 result = ISC_R_SUCCESS;
191 }
192
193 cleanup:
194 if (dns_rdataset_isassociated(&rootns)) {
195 dns_rdataset_disassociate(&rootns);
196 }
197 if (rdsiter != NULL) {
198 dns_rdatasetiter_destroy(&rdsiter);
199 }
200 if (node != NULL) {
201 dns_db_detachnode(db, &node);
202 }
203 if (dbiter != NULL) {
204 dns_dbiterator_destroy(&dbiter);
205 }
206 return (result);
207 }
208
209 isc_result_t
dns_rootns_create(isc_mem_t * mctx,dns_rdataclass_t rdclass,const char * filename,dns_db_t ** target)210 dns_rootns_create(isc_mem_t *mctx, dns_rdataclass_t rdclass,
211 const char *filename, dns_db_t **target) {
212 isc_result_t result, eresult;
213 isc_buffer_t source;
214 unsigned int len;
215 dns_rdatacallbacks_t callbacks;
216 dns_db_t *db = NULL;
217
218 REQUIRE(target != NULL && *target == NULL);
219
220 result = dns_db_create(mctx, "rbt", dns_rootname, dns_dbtype_zone,
221 rdclass, 0, NULL, &db);
222 if (result != ISC_R_SUCCESS) {
223 goto failure;
224 }
225
226 len = strlen(root_ns);
227 isc_buffer_init(&source, root_ns, len);
228 isc_buffer_add(&source, len);
229
230 dns_rdatacallbacks_init(&callbacks);
231 result = dns_db_beginload(db, &callbacks);
232 if (result != ISC_R_SUCCESS) {
233 goto failure;
234 }
235 if (filename != NULL) {
236 /*
237 * Load the hints from the specified filename.
238 */
239 result = dns_master_loadfile(filename, &db->origin, &db->origin,
240 db->rdclass, DNS_MASTER_HINT, 0,
241 &callbacks, NULL, NULL, db->mctx,
242 dns_masterformat_text, 0);
243 } else if (rdclass == dns_rdataclass_in) {
244 /*
245 * Default to using the Internet root servers.
246 */
247 result = dns_master_loadbuffer(
248 &source, &db->origin, &db->origin, db->rdclass,
249 DNS_MASTER_HINT, &callbacks, db->mctx);
250 } else {
251 result = ISC_R_NOTFOUND;
252 }
253 eresult = dns_db_endload(db, &callbacks);
254 if (result == ISC_R_SUCCESS || result == DNS_R_SEENINCLUDE) {
255 result = eresult;
256 }
257 if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE) {
258 goto failure;
259 }
260 if (check_hints(db) != ISC_R_SUCCESS) {
261 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
262 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING,
263 "extra data in root hints '%s'",
264 (filename != NULL) ? filename : "<BUILT-IN>");
265 }
266 *target = db;
267 return (ISC_R_SUCCESS);
268
269 failure:
270 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_HINTS,
271 ISC_LOG_ERROR,
272 "could not configure root hints from "
273 "'%s': %s",
274 (filename != NULL) ? filename : "<BUILT-IN>",
275 isc_result_totext(result));
276
277 if (db != NULL) {
278 dns_db_detach(&db);
279 }
280
281 return (result);
282 }
283
284 static void
report(dns_view_t * view,dns_name_t * name,bool missing,dns_rdata_t * rdata)285 report(dns_view_t *view, dns_name_t *name, bool missing, dns_rdata_t *rdata) {
286 const char *viewname = "", *sep = "";
287 char namebuf[DNS_NAME_FORMATSIZE];
288 char typebuf[DNS_RDATATYPE_FORMATSIZE];
289 char databuf[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:123.123.123.123")];
290 isc_buffer_t buffer;
291 isc_result_t result;
292
293 if (strcmp(view->name, "_bind") != 0 &&
294 strcmp(view->name, "_default") != 0) {
295 viewname = view->name;
296 sep = ": view ";
297 }
298
299 dns_name_format(name, namebuf, sizeof(namebuf));
300 dns_rdatatype_format(rdata->type, typebuf, sizeof(typebuf));
301 isc_buffer_init(&buffer, databuf, sizeof(databuf) - 1);
302 result = dns_rdata_totext(rdata, NULL, &buffer);
303 RUNTIME_CHECK(result == ISC_R_SUCCESS);
304 databuf[isc_buffer_usedlength(&buffer)] = '\0';
305
306 if (missing) {
307 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
308 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING,
309 "checkhints%s%s: %s/%s (%s) missing from hints",
310 sep, viewname, namebuf, typebuf, databuf);
311 } else {
312 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
313 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING,
314 "checkhints%s%s: %s/%s (%s) extra record "
315 "in hints",
316 sep, viewname, namebuf, typebuf, databuf);
317 }
318 }
319
320 static bool
inrrset(dns_rdataset_t * rrset,dns_rdata_t * rdata)321 inrrset(dns_rdataset_t *rrset, dns_rdata_t *rdata) {
322 isc_result_t result;
323 dns_rdata_t current = DNS_RDATA_INIT;
324
325 result = dns_rdataset_first(rrset);
326 while (result == ISC_R_SUCCESS) {
327 dns_rdataset_current(rrset, ¤t);
328 if (dns_rdata_compare(rdata, ¤t) == 0) {
329 return (true);
330 }
331 dns_rdata_reset(¤t);
332 result = dns_rdataset_next(rrset);
333 }
334 return (false);
335 }
336
337 /*
338 * Check that the address RRsets match.
339 *
340 * Note we don't complain about missing glue records.
341 */
342
343 static void
check_address_records(dns_view_t * view,dns_db_t * hints,dns_db_t * db,dns_name_t * name,isc_stdtime_t now)344 check_address_records(dns_view_t *view, dns_db_t *hints, dns_db_t *db,
345 dns_name_t *name, isc_stdtime_t now) {
346 isc_result_t hresult, rresult, result;
347 dns_rdataset_t hintrrset, rootrrset;
348 dns_rdata_t rdata = DNS_RDATA_INIT;
349 dns_name_t *foundname;
350 dns_fixedname_t fixed;
351
352 dns_rdataset_init(&hintrrset);
353 dns_rdataset_init(&rootrrset);
354 foundname = dns_fixedname_initname(&fixed);
355
356 hresult = dns_db_find(hints, name, NULL, dns_rdatatype_a, 0, now, NULL,
357 foundname, &hintrrset, NULL);
358 rresult = dns_db_find(db, name, NULL, dns_rdatatype_a,
359 DNS_DBFIND_GLUEOK, now, NULL, foundname,
360 &rootrrset, NULL);
361 if (hresult == ISC_R_SUCCESS &&
362 (rresult == ISC_R_SUCCESS || rresult == DNS_R_GLUE))
363 {
364 result = dns_rdataset_first(&rootrrset);
365 while (result == ISC_R_SUCCESS) {
366 dns_rdata_reset(&rdata);
367 dns_rdataset_current(&rootrrset, &rdata);
368 if (!inrrset(&hintrrset, &rdata)) {
369 report(view, name, true, &rdata);
370 }
371 result = dns_rdataset_next(&rootrrset);
372 }
373 result = dns_rdataset_first(&hintrrset);
374 while (result == ISC_R_SUCCESS) {
375 dns_rdata_reset(&rdata);
376 dns_rdataset_current(&hintrrset, &rdata);
377 if (!inrrset(&rootrrset, &rdata)) {
378 report(view, name, false, &rdata);
379 }
380 result = dns_rdataset_next(&hintrrset);
381 }
382 }
383 if (hresult == ISC_R_NOTFOUND &&
384 (rresult == ISC_R_SUCCESS || rresult == DNS_R_GLUE))
385 {
386 result = dns_rdataset_first(&rootrrset);
387 while (result == ISC_R_SUCCESS) {
388 dns_rdata_reset(&rdata);
389 dns_rdataset_current(&rootrrset, &rdata);
390 report(view, name, true, &rdata);
391 result = dns_rdataset_next(&rootrrset);
392 }
393 }
394 if (dns_rdataset_isassociated(&rootrrset)) {
395 dns_rdataset_disassociate(&rootrrset);
396 }
397 if (dns_rdataset_isassociated(&hintrrset)) {
398 dns_rdataset_disassociate(&hintrrset);
399 }
400
401 /*
402 * Check AAAA records.
403 */
404 hresult = dns_db_find(hints, name, NULL, dns_rdatatype_aaaa, 0, now,
405 NULL, foundname, &hintrrset, NULL);
406 rresult = dns_db_find(db, name, NULL, dns_rdatatype_aaaa,
407 DNS_DBFIND_GLUEOK, now, NULL, foundname,
408 &rootrrset, NULL);
409 if (hresult == ISC_R_SUCCESS &&
410 (rresult == ISC_R_SUCCESS || rresult == DNS_R_GLUE))
411 {
412 result = dns_rdataset_first(&rootrrset);
413 while (result == ISC_R_SUCCESS) {
414 dns_rdata_reset(&rdata);
415 dns_rdataset_current(&rootrrset, &rdata);
416 if (!inrrset(&hintrrset, &rdata)) {
417 report(view, name, true, &rdata);
418 }
419 dns_rdata_reset(&rdata);
420 result = dns_rdataset_next(&rootrrset);
421 }
422 result = dns_rdataset_first(&hintrrset);
423 while (result == ISC_R_SUCCESS) {
424 dns_rdata_reset(&rdata);
425 dns_rdataset_current(&hintrrset, &rdata);
426 if (!inrrset(&rootrrset, &rdata)) {
427 report(view, name, false, &rdata);
428 }
429 dns_rdata_reset(&rdata);
430 result = dns_rdataset_next(&hintrrset);
431 }
432 }
433 if (hresult == ISC_R_NOTFOUND &&
434 (rresult == ISC_R_SUCCESS || rresult == DNS_R_GLUE))
435 {
436 result = dns_rdataset_first(&rootrrset);
437 while (result == ISC_R_SUCCESS) {
438 dns_rdata_reset(&rdata);
439 dns_rdataset_current(&rootrrset, &rdata);
440 report(view, name, true, &rdata);
441 dns_rdata_reset(&rdata);
442 result = dns_rdataset_next(&rootrrset);
443 }
444 }
445 if (dns_rdataset_isassociated(&rootrrset)) {
446 dns_rdataset_disassociate(&rootrrset);
447 }
448 if (dns_rdataset_isassociated(&hintrrset)) {
449 dns_rdataset_disassociate(&hintrrset);
450 }
451 }
452
453 void
dns_root_checkhints(dns_view_t * view,dns_db_t * hints,dns_db_t * db)454 dns_root_checkhints(dns_view_t *view, dns_db_t *hints, dns_db_t *db) {
455 isc_result_t result;
456 dns_rdata_t rdata = DNS_RDATA_INIT;
457 dns_rdata_ns_t ns;
458 dns_rdataset_t hintns, rootns;
459 const char *viewname = "", *sep = "";
460 isc_stdtime_t now;
461 dns_name_t *name;
462 dns_fixedname_t fixed;
463
464 REQUIRE(hints != NULL);
465 REQUIRE(db != NULL);
466 REQUIRE(view != NULL);
467
468 isc_stdtime_get(&now);
469
470 if (strcmp(view->name, "_bind") != 0 &&
471 strcmp(view->name, "_default") != 0) {
472 viewname = view->name;
473 sep = ": view ";
474 }
475
476 dns_rdataset_init(&hintns);
477 dns_rdataset_init(&rootns);
478 name = dns_fixedname_initname(&fixed);
479
480 result = dns_db_find(hints, dns_rootname, NULL, dns_rdatatype_ns, 0,
481 now, NULL, name, &hintns, NULL);
482 if (result != ISC_R_SUCCESS) {
483 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
484 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING,
485 "checkhints%s%s: unable to get root NS rrset "
486 "from hints: %s",
487 sep, viewname, dns_result_totext(result));
488 goto cleanup;
489 }
490
491 result = dns_db_find(db, dns_rootname, NULL, dns_rdatatype_ns, 0, now,
492 NULL, name, &rootns, NULL);
493 if (result != ISC_R_SUCCESS) {
494 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
495 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING,
496 "checkhints%s%s: unable to get root NS rrset "
497 "from cache: %s",
498 sep, viewname, dns_result_totext(result));
499 goto cleanup;
500 }
501
502 /*
503 * Look for missing root NS names.
504 */
505 result = dns_rdataset_first(&rootns);
506 while (result == ISC_R_SUCCESS) {
507 dns_rdataset_current(&rootns, &rdata);
508 result = dns_rdata_tostruct(&rdata, &ns, NULL);
509 RUNTIME_CHECK(result == ISC_R_SUCCESS);
510 result = in_rootns(&hintns, &ns.name);
511 if (result != ISC_R_SUCCESS) {
512 char namebuf[DNS_NAME_FORMATSIZE];
513 /* missing from hints */
514 dns_name_format(&ns.name, namebuf, sizeof(namebuf));
515 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
516 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING,
517 "checkhints%s%s: unable to find root "
518 "NS '%s' in hints",
519 sep, viewname, namebuf);
520 } else {
521 check_address_records(view, hints, db, &ns.name, now);
522 }
523 dns_rdata_reset(&rdata);
524 result = dns_rdataset_next(&rootns);
525 }
526 if (result != ISC_R_NOMORE) {
527 goto cleanup;
528 }
529
530 /*
531 * Look for extra root NS names.
532 */
533 result = dns_rdataset_first(&hintns);
534 while (result == ISC_R_SUCCESS) {
535 dns_rdataset_current(&hintns, &rdata);
536 result = dns_rdata_tostruct(&rdata, &ns, NULL);
537 RUNTIME_CHECK(result == ISC_R_SUCCESS);
538 result = in_rootns(&rootns, &ns.name);
539 if (result != ISC_R_SUCCESS) {
540 char namebuf[DNS_NAME_FORMATSIZE];
541 /* extra entry in hints */
542 dns_name_format(&ns.name, namebuf, sizeof(namebuf));
543 isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
544 DNS_LOGMODULE_HINTS, ISC_LOG_WARNING,
545 "checkhints%s%s: extra NS '%s' in hints",
546 sep, viewname, namebuf);
547 }
548 dns_rdata_reset(&rdata);
549 result = dns_rdataset_next(&hintns);
550 }
551 if (result != ISC_R_NOMORE) {
552 goto cleanup;
553 }
554
555 cleanup:
556 if (dns_rdataset_isassociated(&rootns)) {
557 dns_rdataset_disassociate(&rootns);
558 }
559 if (dns_rdataset_isassociated(&hintns)) {
560 dns_rdataset_disassociate(&hintns);
561 }
562 }
563