d1/d98/zone__checker_8cc_source.html

// Copyright (C) 2012-2015 Internet Systems Consortium, Inc. ("ISC")

//

// This Source Code Form is subject to the terms of the Mozilla Public

// License, v. 2.0. If a copy of the MPL was not distributed with this

// file, You can obtain one at http://mozilla.org/MPL/2.0/.


#include <config.h>


#include <dns/zone_checker.h>


#include <dns/name.h>

#include <dns/rdataclass.h>

#include <dns/rrclass.h>

#include <dns/rrtype.h>

#include <dns/rrset.h>

#include <dns/rrset_collection_base.h>


#include <boost/bind.hpp>

#include <boost/lexical_cast.hpp>


#include <string>


using boost::lexical_cast;

using std::string;


namespace isc {

namespace dns {


namespace {

std::string

zoneText(const Name& zone_name, const RRClass& zone_class) {

    return (zone_name.toText(true) + "/" + zone_class.toText());

}


void

checkSOA(const Name& zone_name, const RRClass& zone_class,

         const RRsetCollectionBase& zone_rrsets,

         ZoneCheckerCallbacks& callback) {

    ConstRRsetPtr rrset =

        zone_rrsets.find(zone_name, zone_class, RRType::SOA());

    size_t count = 0;

    if (rrset) {

        for (RdataIteratorPtr rit = rrset->getRdataIterator();

             !rit->isLast();

             rit->next(), ++count) {

            if (dynamic_cast<const rdata::generic::SOA*>(&rit->getCurrent()) ==

                NULL) {

                isc_throw(Unexpected, "Zone checker found bad RDATA in SOA");

            }

        }

        if (count == 0) {

            // this should be an implementation bug, not an operational error.

            isc_throw(Unexpected, "Zone checker found an empty SOA RRset");

        }

    }

    if (count != 1) {

        callback.error("zone " + zoneText(zone_name, zone_class) + ": has " +

                       lexical_cast<string>(count) + " SOA records");

    }

}


// Check if a target name is beyond zone cut, either due to delegation or

// DNAME.  Note that DNAME works on the origin but not on the name itself,

// while delegation works on the name itself (but the NS at the origin is not

// delegation).

ConstRRsetPtr

findZoneCut(const Name& zone_name, const RRClass& zone_class,

            const RRsetCollectionBase& zone_rrsets, const Name& target_name) {

    const unsigned int origin_count = zone_name.getLabelCount();

    const unsigned int target_count = target_name.getLabelCount();

    assert(origin_count <= target_count);


    for (unsigned int l = origin_count; l <= target_count; ++l) {

        const Name& mid_name = (l == target_count) ? target_name :

            target_name.split(target_count - l);


        ConstRRsetPtr found;

        if (l != origin_count &&

            (found = zone_rrsets.find(mid_name, zone_class, RRType::NS())) !=

            NULL) {

            return (found);

        }

        if (l != target_count &&

            (found = zone_rrsets.find(mid_name, zone_class, RRType::DNAME()))

            != NULL) {

            return (found);

        }

    }

    return (ConstRRsetPtr());

}


// Check if each "in-zone" NS name has an address record, identifying some

// error cases.

void

checkNSNames(const Name& zone_name, const RRClass& zone_class,

             const RRsetCollectionBase& zone_rrsets,

             ConstRRsetPtr ns_rrset, ZoneCheckerCallbacks& callbacks) {

    if (ns_rrset->getRdataCount() == 0) {

        // this should be an implementation bug, not an operational error.

        isc_throw(Unexpected, "Zone checker found an empty NS RRset");

    }


    for (RdataIteratorPtr rit = ns_rrset->getRdataIterator();

         !rit->isLast();

         rit->next()) {

        const rdata::generic::NS* ns_data =

            dynamic_cast<const rdata::generic::NS*>(&rit->getCurrent());

        if (ns_data == NULL) {

            isc_throw(Unexpected, "Zone checker found bad RDATA in NS");

        }

        const Name& ns_name = ns_data->getNSName();

        const NameComparisonResult::NameRelation reln =

            ns_name.compare(zone_name).getRelation();

        if (reln != NameComparisonResult::EQUAL &&

            reln != NameComparisonResult::SUBDOMAIN) {

            continue;           // not in the zone.  we can ignore it.

        }


        // Check if there's a zone cut between the origin and the NS name.

        ConstRRsetPtr cut_rrset = findZoneCut(zone_name, zone_class,

                                              zone_rrsets, ns_name);

        if (cut_rrset) {

            if  (cut_rrset->getType() == RRType::NS()) {

                continue; // delegation; making the NS name "out of zone".

            } else if (cut_rrset->getType() == RRType::DNAME()) {

                callbacks.error("zone " + zoneText(zone_name, zone_class) +

                                ": NS '" + ns_name.toText(true) + "' is " +

                                "below a DNAME '" +

                                cut_rrset->getName().toText(true) +

                                "' (illegal per RFC6672)");

                continue;

            } else {

                assert(false);

            }

        }

        if (zone_rrsets.find(ns_name, zone_class, RRType::CNAME()) != NULL) {

            callbacks.error("zone " + zoneText(zone_name, zone_class) +

                            ": NS '" + ns_name.toText(true) + "' is a CNAME " +

                            "(illegal per RFC2181)");

            continue;

        }

        if (zone_rrsets.find(ns_name, zone_class, RRType::A()) == NULL &&

            zone_rrsets.find(ns_name, zone_class, RRType::AAAA()) == NULL) {

            callbacks.warn("zone " + zoneText(zone_name, zone_class) +

                           ": NS has no address records (A or AAAA)");

        }

    }

}


void

checkNS(const Name& zone_name, const RRClass& zone_class,

        const RRsetCollectionBase& zone_rrsets,

        ZoneCheckerCallbacks& callbacks) {

    ConstRRsetPtr rrset =

        zone_rrsets.find(zone_name, zone_class, RRType::NS());

    if (rrset == NULL) {

        callbacks.error("zone " + zoneText(zone_name, zone_class) +

                        ": has no NS records");

        return;

    }

    checkNSNames(zone_name, zone_class, zone_rrsets, rrset, callbacks);

}


// The following is a simple wrapper of checker callback so checkZone()

// can also remember any critical errors.

void

errorWrapper(const string& reason, const ZoneCheckerCallbacks* callbacks,

             bool* had_error) {

    *had_error = true;

    callbacks->error(reason);

}

}


bool

checkZone(const Name& zone_name, const RRClass& zone_class,

          const RRsetCollectionBase& zone_rrsets,

          const ZoneCheckerCallbacks& callbacks) {

    bool had_error = false;

    ZoneCheckerCallbacks my_callbacks(

        boost::bind(errorWrapper, _1, &callbacks, &had_error),

        boost::bind(&ZoneCheckerCallbacks::warn, &callbacks, _1));


    checkSOA(zone_name, zone_class, zone_rrsets, my_callbacks);

    checkNS(zone_name, zone_class, zone_rrsets, my_callbacks);


    return (!had_error);

}


} // end namespace dns

} // end namespace isc

isc::dns::NameComparisonResult::NameRelation
NameRelation
The relation of two names under comparison.
Definition: name.h:142

isc::dns::NameComparisonResult::SUBDOMAIN
@ SUBDOMAIN
Definition: name.h:144

isc::dns::NameComparisonResult::EQUAL
@ EQUAL
Definition: name.h:145

isc::dns::Name
The Name class encapsulates DNS names.
Definition: name.h:223

isc::dns::RRClass
The RRClass class encapsulates DNS resource record classes.
Definition: rrclass.h:98

isc::dns::RRType::CNAME
static const RRType & CNAME()
Definition: rrtype.h:665

isc::dns::RRType::NS
static const RRType & NS()
Definition: rrtype.h:497

isc::dns::RRType::DNAME
static const RRType & DNAME()
Definition: rrtype.h:689

isc::dns::RRType::AAAA
static const RRType & AAAA()
Definition: rrtype.h:467

isc::dns::RRType::SOA
static const RRType & SOA()
Definition: rrtype.h:485

isc::dns::RRType::A
static const RRType & A()
Definition: rrtype.h:677

isc::dns::RRsetCollectionBase
Generic class to represent a set of RRsets.
Definition: rrset_collection_base.h:44

isc::dns::ZoneCheckerCallbacks
Set of callbacks used in zone checks.
Definition: zone_checker.h:22

isc::dns::ZoneCheckerCallbacks::warn
void warn(const std::string &reason) const
Call the callback for a non critical issue.
Definition: zone_checker.h:66

isc_throw
#define isc_throw(type, stream)
A shortcut macro to insert known values into exception arguments.
Definition: exceptions/exceptions.h:192

name.h

isc::dns::RdataIteratorPtr
boost::shared_ptr< RdataIterator > RdataIteratorPtr
A pointer-like type point to an RdataIterator object.
Definition: rrset.h:63

isc::dns::checkZone
bool checkZone(const Name &zone_name, const RRClass &zone_class, const RRsetCollectionBase &zone_rrsets, const ZoneCheckerCallbacks &callbacks)
Perform basic integrity checks on zone RRsets.
Definition: zone_checker.cc:175

isc::dns::ConstRRsetPtr
boost::shared_ptr< const AbstractRRset > ConstRRsetPtr
A pointer-like type pointing to an (immutable) RRset object.
Definition: rrset.h:60

isc
Defines the logger used by the top-level component of kea-dhcp-ddns.
Definition: agent_parser.cc:144

rdataclass.h

rrclass.h

rrset.h

rrset_collection_base.h

rrtype.h

zone_checker.h