diff options
| -rw-r--r-- | usr.sbin/nsd/Makefile.in | 2 | ||||
| -rw-r--r-- | usr.sbin/nsd/axfr.c | 11 | ||||
| -rw-r--r-- | usr.sbin/nsd/config.h.in | 10 | ||||
| -rw-r--r-- | usr.sbin/nsd/configparser.y | 14 | ||||
| -rw-r--r-- | usr.sbin/nsd/configure | 77 | ||||
| -rw-r--r-- | usr.sbin/nsd/configure.ac | 45 | ||||
| -rw-r--r-- | usr.sbin/nsd/dname.c | 2 | ||||
| -rw-r--r-- | usr.sbin/nsd/dns.c | 9 | ||||
| -rw-r--r-- | usr.sbin/nsd/dns.h | 1 | ||||
| -rw-r--r-- | usr.sbin/nsd/nsd-checkconf.8.in | 2 | ||||
| -rw-r--r-- | usr.sbin/nsd/nsd-checkconf.c | 15 | ||||
| -rw-r--r-- | usr.sbin/nsd/nsd-notify.8.in | 2 | ||||
| -rw-r--r-- | usr.sbin/nsd/nsd-patch.8.in | 4 | ||||
| -rw-r--r-- | usr.sbin/nsd/nsd-xfer.8.in | 2 | ||||
| -rw-r--r-- | usr.sbin/nsd/nsd.8.in | 4 | ||||
| -rw-r--r-- | usr.sbin/nsd/nsd.c | 86 | ||||
| -rw-r--r-- | usr.sbin/nsd/nsd.conf.5.in | 7 | ||||
| -rw-r--r-- | usr.sbin/nsd/nsdc.8.in | 4 | ||||
| -rw-r--r-- | usr.sbin/nsd/query.c | 21 | ||||
| -rw-r--r-- | usr.sbin/nsd/rdata.c | 25 | ||||
| -rw-r--r-- | usr.sbin/nsd/region-allocator.c | 2 | ||||
| -rw-r--r-- | usr.sbin/nsd/server.c | 110 | ||||
| -rw-r--r-- | usr.sbin/nsd/util.c | 2 | ||||
| -rw-r--r-- | usr.sbin/nsd/util.h | 22 | ||||
| -rw-r--r-- | usr.sbin/nsd/xfrd-tcp.c | 2 | ||||
| -rw-r--r-- | usr.sbin/nsd/zonec.8.in | 4 | ||||
| -rw-r--r-- | usr.sbin/nsd/zparser.y | 15 |
27 files changed, 398 insertions, 102 deletions
diff --git a/usr.sbin/nsd/Makefile.in b/usr.sbin/nsd/Makefile.in index acda1be92da..d66bc40439d 100644 --- a/usr.sbin/nsd/Makefile.in +++ b/usr.sbin/nsd/Makefile.in @@ -21,6 +21,7 @@ piddir = @piddir@ dbdir = @dbdir@ pidfile = @pidfile@ logfile = @logfile@ +zonestatsfile = @zonestatsfile@ dbfile = @dbfile@ difffile = @difffile@ xfrdfile = @xfrdfile@ @@ -53,6 +54,7 @@ EDIT = sed \ -e 's,@zonesdir\@,$(zonesdir),g' \ -e 's,@pidfile\@,$(pidfile),g' \ -e 's,@logfile\@,$(logfile),g' \ + -e 's,@zonestatsfile\@,$(zonestatsfile),g' \ -e 's,@dbfile\@,$(dbfile),g' \ -e 's,@difffile\@,$(difffile),g' \ -e 's,@xfrdfile\@,$(xfrdfile),g' \ diff --git a/usr.sbin/nsd/axfr.c b/usr.sbin/nsd/axfr.c index 62205dd0163..8202af42004 100644 --- a/usr.sbin/nsd/axfr.c +++ b/usr.sbin/nsd/axfr.c @@ -7,7 +7,7 @@ * */ -#include <config.h> +#include "config.h" #include "axfr.h" #include "dns.h" @@ -56,7 +56,7 @@ query_axfr(struct nsd *nsd, struct query *query) || query->axfr_zone->apex != query->domain) { /* No SOA no transfer */ - RCODE_SET(query->packet, RCODE_REFUSE); + RCODE_SET(query->packet, RCODE_NOTAUTH); return QUERY_PROCESSED; } @@ -136,6 +136,7 @@ query_axfr(struct nsd *nsd, struct query *query) } return_answer: + AA_SET(query->packet); ANCOUNT_SET(query->packet, total_added); NSCOUNT_SET(query->packet, 0); ARCOUNT_SET(query->packet, 0); @@ -178,7 +179,11 @@ answer_axfr_ixfr(struct nsd *nsd, struct query *q) } DEBUG(DEBUG_XFRD,1, (LOG_INFO, "axfr refused, %s", acl?"blocked":"no acl matches")); - RCODE_SET(q->packet, RCODE_REFUSE); + if (!zone_opt) { + RCODE_SET(q->packet, RCODE_NOTAUTH); + } else { + RCODE_SET(q->packet, RCODE_REFUSE); + } return QUERY_PROCESSED; } DEBUG(DEBUG_XFRD,1, (LOG_INFO, "axfr admitted acl %s %s", diff --git a/usr.sbin/nsd/config.h.in b/usr.sbin/nsd/config.h.in index 6fd9a2dd2b4..8d75e5e9ed8 100644 --- a/usr.sbin/nsd/config.h.in +++ b/usr.sbin/nsd/config.h.in @@ -399,6 +399,9 @@ #endif +/* Define this to enable zone statistics. */ +#undef USE_ZONE_STATS + /* Define to the NSD version to answer version.server query. */ #undef VERSION @@ -412,6 +415,9 @@ /* NSD default location for zone files. Empty string or NULL to disable. */ #undef ZONESDIR +/* Pathname to the NSD statistics file */ +#undef ZONESTATSFILE + /* Number of bits in a file offset, on hosts where this is settable. */ #undef _FILE_OFFSET_BITS @@ -655,9 +661,7 @@ char *strptime(const char *s, const char *format, struct tm *tm); #ifdef MEMCMP_IS_BROKEN -# ifdef memcmp -# undef memcmp -# endif +#include "compat/memcmp.h" #define memcmp memcmp_nsd int memcmp(const void *x, const void *y, size_t n); #endif diff --git a/usr.sbin/nsd/configparser.y b/usr.sbin/nsd/configparser.y index 181f308f540..a5c3cd3270e 100644 --- a/usr.sbin/nsd/configparser.y +++ b/usr.sbin/nsd/configparser.y @@ -8,7 +8,7 @@ */ %{ -#include <config.h> +#include "config.h" #include <stdarg.h> #include <stdio.h> @@ -46,7 +46,8 @@ static int server_settings_seen = 0; %token VAR_SERVER VAR_NAME VAR_IP_ADDRESS VAR_DEBUG_MODE %token VAR_IP4_ONLY VAR_IP6_ONLY VAR_DATABASE VAR_IDENTITY VAR_NSID VAR_LOGFILE %token VAR_SERVER_COUNT VAR_TCP_COUNT VAR_PIDFILE VAR_PORT VAR_STATISTICS -%token VAR_CHROOT VAR_USERNAME VAR_ZONESDIR VAR_XFRDFILE VAR_DIFFFILE +%token VAR_ZONESTATSFILE VAR_CHROOT VAR_USERNAME VAR_ZONESDIR +%token VAR_XFRDFILE VAR_DIFFFILE %token VAR_XFRD_RELOAD_TIMEOUT VAR_TCP_QUERY_COUNT VAR_TCP_TIMEOUT %token VAR_IPV4_EDNS_SIZE VAR_IPV6_EDNS_SIZE %token VAR_ZONEFILE @@ -76,7 +77,8 @@ contents_server: contents_server content_server | ; content_server: server_ip_address | server_debug_mode | server_ip4_only | server_ip6_only | server_database | server_identity | server_nsid | server_logfile | server_server_count | server_tcp_count | server_pidfile | server_port | - server_statistics | server_chroot | server_username | server_zonesdir | + server_statistics | server_zonestatsfile | server_chroot | + server_username | server_zonesdir | server_difffile | server_xfrdfile | server_xfrd_reload_timeout | server_tcp_query_count | server_tcp_timeout | server_ipv4_edns_size | server_ipv6_edns_size | server_verbosity | server_hide_version; @@ -216,6 +218,12 @@ server_statistics: VAR_STATISTICS STRING else cfg_parser->opt->statistics = atoi($2); } ; +server_zonestatsfile: VAR_ZONESTATSFILE STRING + { + OUTYY(("P(server_zonestatsfile:%s)\n", $2)); + cfg_parser->opt->zonestatsfile = region_strdup(cfg_parser->opt->region, $2); + } + ; server_chroot: VAR_CHROOT STRING { OUTYY(("P(server_chroot:%s)\n", $2)); diff --git a/usr.sbin/nsd/configure b/usr.sbin/nsd/configure index fc6a8672d5c..a7afb0dcd76 100644 --- a/usr.sbin/nsd/configure +++ b/usr.sbin/nsd/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for NSD 3.2.10. +# Generated by GNU Autoconf 2.68 for NSD 3.2.11. # # Report bugs to <nsd-bugs@nlnetlabs.nl>. # @@ -560,8 +560,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='NSD' PACKAGE_TARNAME='nsd' -PACKAGE_VERSION='3.2.10' -PACKAGE_STRING='NSD 3.2.10' +PACKAGE_VERSION='3.2.11' +PACKAGE_STRING='NSD 3.2.11' PACKAGE_BUGREPORT='nsd-bugs@nlnetlabs.nl' PACKAGE_URL='' @@ -602,6 +602,7 @@ ac_includes_default="\ #endif" ac_subst_vars='LTLIBOBJS +zonestatsfile HAVE_SSL LIBOBJS YFLAGS @@ -702,6 +703,7 @@ enable_nsec3 enable_full_prehash enable_minimal_responses enable_mmap +enable_zone_stats ' ac_precious_vars='build_alias host_alias @@ -1256,7 +1258,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures NSD 3.2.10 to adapt to many kinds of systems. +\`configure' configures NSD 3.2.11 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1317,7 +1319,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of NSD 3.2.10:";; + short | recursive ) echo "Configuration of NSD 3.2.11:";; esac cat <<\_ACEOF @@ -1335,6 +1337,8 @@ Optional Features: --disable-minimal-responses Disable response minimization. More truncation. --enable-mmap Use mmap instead of malloc. Experimental. + --enable-zone-stats Maintain statistics per zone, instead of global + statistics. Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] @@ -1443,7 +1447,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -NSD configure 3.2.10 +NSD configure 3.2.11 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -1923,7 +1927,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by NSD $as_me 3.2.10, which was +It was created by NSD $as_me 3.2.11, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -7562,6 +7566,33 @@ _ACEOF ;; esac +# +# Default zonestatsfile +# +zonestatsfile=${localstatedir}/log/nsd.stats + + +cat >>confdefs.h <<_ACEOF +#define ZONESTATSFILE "`eval echo $zonestatsfile`" +_ACEOF + +# Check whether --enable-zone_stats was given. +if test "${enable_zone_stats+set}" = set; then : + enableval=$enable_zone_stats; +fi + +case "$enable_zone_stats" in + yes) + +cat >>confdefs.h <<_ACEOF +#define USE_ZONE_STATS /**/ +_ACEOF + + ;; + no|*) + ;; +esac + @@ -7589,14 +7620,26 @@ fi # big fat warning if test "$enable_checking" = "yes"; then - echo "************************************************" - echo "* You have activated \"--enable-checking\" *" - echo "* *" - echo "* This will instruct NSD to be stricter *" - echo "* when validating its input. This could lead *" - echo "* to a reduced service level. *" - echo "* *" - echo "************************************************" + echo "*************************************************" + echo "* You have activated \"--enable-checking\" *" + echo "* *" + echo "* This will instruct NSD to be stricter *" + echo "* when validating its input. This could lead *" + echo "* to a reduced service level. *" + echo "* *" + echo "*************************************************" +fi + +if test "$enable_zone_stats" = "yes"; then + echo "*************************************************" + echo "* You have activated \"--enable-zone-stats\" *" + echo "* *" + echo "* This will make NSD maintain statistics *" + echo "* on a per zone basis. This could lead to *" + echo "* a reduced service level and an *" + echo "* a larger memory footprint. *" + echo "* *" + echo "*************************************************" fi ac_config_files="$ac_config_files Makefile" @@ -8119,7 +8162,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by NSD $as_me 3.2.10, which was +This file was extended by NSD $as_me 3.2.11, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -8181,7 +8224,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -NSD config.status 3.2.10 +NSD config.status 3.2.11 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\" diff --git a/usr.sbin/nsd/configure.ac b/usr.sbin/nsd/configure.ac index d0bc1711f13..8e6c80de54e 100644 --- a/usr.sbin/nsd/configure.ac +++ b/usr.sbin/nsd/configure.ac @@ -4,7 +4,7 @@ dnl sinclude(acx_nlnetlabs.m4) -AC_INIT(NSD,3.2.10,nsd-bugs@nlnetlabs.nl) +AC_INIT(NSD,3.2.11,nsd-bugs@nlnetlabs.nl) AC_CONFIG_HEADER([config.h]) AC_AIX @@ -640,6 +640,21 @@ case "$enable_mmap" in ;; esac +# +# Default zonestatsfile +# +zonestatsfile=${localstatedir}/log/nsd.stats +AC_SUBST(zonestatsfile) +AC_DEFINE_UNQUOTED(ZONESTATSFILE, ["`eval echo $zonestatsfile`"], [Pathname to the NSD statistics file]) +AC_ARG_ENABLE(zone_stats, AC_HELP_STRING([--enable-zone-stats], [Maintain statistics per zone, instead of global statistics.])) +case "$enable_zone_stats" in + yes) + AC_DEFINE_UNQUOTED([USE_ZONE_STATS], [], [Define this to enable zone statistics.]) + ;; + no|*) + ;; +esac + AH_BOTTOM([ /* define before includes as it specifies what standard to use. */ #if (defined(HAVE_PSELECT) && !defined (HAVE_PSELECT_PROTO)) \ @@ -812,14 +827,26 @@ AH_BOTTOM([ # big fat warning if test "$enable_checking" = "yes"; then - echo "************************************************" - echo "* You have activated \"--enable-checking\" *" - echo "* *" - echo "* This will instruct NSD to be stricter *" - echo "* when validating its input. This could lead *" - echo "* to a reduced service level. *" - echo "* *" - echo "************************************************" + echo "*************************************************" + echo "* You have activated \"--enable-checking\" *" + echo "* *" + echo "* This will instruct NSD to be stricter *" + echo "* when validating its input. This could lead *" + echo "* to a reduced service level. *" + echo "* *" + echo "*************************************************" +fi + +if test "$enable_zone_stats" = "yes"; then + echo "*************************************************" + echo "* You have activated \"--enable-zone-stats\" *" + echo "* *" + echo "* This will make NSD maintain statistics *" + echo "* on a per zone basis. This could lead to *" + echo "* a reduced service level and an *" + echo "* a larger memory footprint. *" + echo "* *" + echo "*************************************************" fi AC_CONFIG_FILES([Makefile]) diff --git a/usr.sbin/nsd/dname.c b/usr.sbin/nsd/dname.c index 03d3c624cfd..4e29782faff 100644 --- a/usr.sbin/nsd/dname.c +++ b/usr.sbin/nsd/dname.c @@ -8,7 +8,7 @@ */ -#include <config.h> +#include "config.h" #include <sys/types.h> diff --git a/usr.sbin/nsd/dns.c b/usr.sbin/nsd/dns.c index f68424d1f11..f0f05823309 100644 --- a/usr.sbin/nsd/dns.c +++ b/usr.sbin/nsd/dns.c @@ -7,7 +7,7 @@ * */ -#include <config.h> +#include "config.h" #include <sys/types.h> #include <sys/socket.h> @@ -270,7 +270,12 @@ static rrtype_descriptor_type rrtype_descriptors[(RRTYPE_DESCRIPTORS_LENGTH+1)] RDATA_WF_BINARYWITHLENGTH /* salt */ }, { RDATA_ZF_BYTE, RDATA_ZF_BYTE, RDATA_ZF_SHORT, RDATA_ZF_HEX_LEN } }, /* 52 */ - { 52, NULL, T_UTYPE, 1, 1, { RDATA_WF_BINARY }, { RDATA_ZF_UNKNOWN } }, + { TYPE_TLSA, "TLSA", T_TLSA, 4, 4, + { RDATA_WF_BYTE, /* usage */ + RDATA_WF_BYTE, /* selector */ + RDATA_WF_BYTE, /* matching type */ + RDATA_WF_BINARY }, /* certificate association data */ + { RDATA_ZF_BYTE, RDATA_ZF_BYTE, RDATA_ZF_BYTE, RDATA_ZF_HEX } }, /* 53 */ { 53, NULL, T_UTYPE, 1, 1, { RDATA_WF_BINARY }, { RDATA_ZF_UNKNOWN } }, /* 54 */ diff --git a/usr.sbin/nsd/dns.h b/usr.sbin/nsd/dns.h index ce1d019531d..72982e0e7ae 100644 --- a/usr.sbin/nsd/dns.h +++ b/usr.sbin/nsd/dns.h @@ -135,6 +135,7 @@ typedef enum nsd_rc nsd_rc_type; #define TYPE_DHCID 49 /* RFC4701 DHCP information */ #define TYPE_NSEC3 50 /* NSEC3, secure denial, prevents zonewalking */ #define TYPE_NSEC3PARAM 51 /* NSEC3PARAM at zone apex nsec3 parameters */ +#define TYPE_TLSA 52 /* draft-ietf-dane-protocol */ #define TYPE_SPF 99 /* RFC 4408 */ diff --git a/usr.sbin/nsd/nsd-checkconf.8.in b/usr.sbin/nsd/nsd-checkconf.8.in index e939b69bd14..6b38c926a60 100644 --- a/usr.sbin/nsd/nsd-checkconf.8.in +++ b/usr.sbin/nsd/nsd-checkconf.8.in @@ -1,4 +1,4 @@ -.TH "nsd\-checkconf" "8" "Feb 15, 2012" "NLnet Labs" "nsd 3.2.10" +.TH "nsd\-checkconf" "8" "Jul 9, 2012" "NLnet Labs" "nsd 3.2.11" .\" Copyright (c) 2001\-2011, NLnet Labs. All rights reserved. .\" See LICENSE for the license. .SH "NAME" diff --git a/usr.sbin/nsd/nsd-checkconf.c b/usr.sbin/nsd/nsd-checkconf.c index 2b086aed4e5..cf5a7cde9bf 100644 --- a/usr.sbin/nsd/nsd-checkconf.c +++ b/usr.sbin/nsd/nsd-checkconf.c @@ -274,6 +274,9 @@ config_print_zone(nsd_options_t* opt, const char* k, int s, const char *o, const SERV_GET_STR(difffile, o); SERV_GET_STR(xfrdfile, o); SERV_GET_STR(port, o); +#if defined(BIND8_STATS) && defined(USE_ZONE_STATS) + SERV_GET_STR(zonestatsfile, o); +#endif /* int */ SERV_GET_INT(server_count, o); SERV_GET_INT(tcp_count, o); @@ -321,6 +324,9 @@ config_test_print_server(nsd_options_t* opt) print_string_var("pidfile:", opt->pidfile); print_string_var("port:", opt->port); printf("\tstatistics: %d\n", opt->statistics); +#if defined(BIND8_STATS) && defined(USE_ZONE_STATS) + printf("\tzone-stats-file: %s\n", opt->zonestatsfile); +#endif print_string_var("chroot:", opt->chroot); print_string_var("username:", opt->username); print_string_var("zonesdir:", opt->zonesdir); @@ -418,7 +424,16 @@ additional_checks(nsd_options_t* opt, const char* filename) filename, opt->statistics); errors ++; } +# ifndef USE_ZONE_STATS + if(opt->zonestatsfile) + { + fprintf(stderr, "%s: 'zone-stats-file: %s' but per zone BIND 8 statistics feature not enabled.\n", + filename, opt->zonestatsfile); + errors ++; + } +# endif #endif + #ifndef HAVE_CHROOT if(opt->chroot != 0) { diff --git a/usr.sbin/nsd/nsd-notify.8.in b/usr.sbin/nsd/nsd-notify.8.in index 7b331013045..1d6a2541089 100644 --- a/usr.sbin/nsd/nsd-notify.8.in +++ b/usr.sbin/nsd/nsd-notify.8.in @@ -1,4 +1,4 @@ -.TH "nsd\-notify" "8" "Feb 15, 2012" "NLnet Labs" "nsd 3.2.10" +.TH "nsd\-notify" "8" "Jul 9, 2012" "NLnet Labs" "nsd 3.2.11" .\" Copyright (c) 2001\-2011, NLnet Labs. All rights reserved. .\" See LICENSE for the license. .SH "NAME" diff --git a/usr.sbin/nsd/nsd-patch.8.in b/usr.sbin/nsd/nsd-patch.8.in index 1e05e01f3aa..094801f2726 100644 --- a/usr.sbin/nsd/nsd-patch.8.in +++ b/usr.sbin/nsd/nsd-patch.8.in @@ -1,10 +1,10 @@ -.TH "nsd\-patch" "8" "Feb 15, 2012" "NLnet Labs" "nsd 3.2.10" +.TH "nsd\-patch" "8" "Jul 9, 2012" "NLnet Labs" "nsd 3.2.11" .\" Copyright (c) 2001\-2011, NLnet Labs. All rights reserved. .\" See LICENSE for the license. .SH "NAME" .LP .B nsd\-patch -\- NSD zone patcher version 3.2.10. +\- NSD zone patcher version 3.2.11. .SH "SYNOPSIS" .B nsd\-patch .RB [ \-c diff --git a/usr.sbin/nsd/nsd-xfer.8.in b/usr.sbin/nsd/nsd-xfer.8.in index f87a1ea8ae0..c0cf2c4ee57 100644 --- a/usr.sbin/nsd/nsd-xfer.8.in +++ b/usr.sbin/nsd/nsd-xfer.8.in @@ -1,4 +1,4 @@ -.TH "nsd\-xfer" "8" "Feb 15, 2012" "NLnet Labs" "nsd 3.2.10" +.TH "nsd\-xfer" "8" "Jul 9, 2012" "NLnet Labs" "nsd 3.2.11" .\" Copyright (c) 2001\-2011, NLnet Labs. All rights reserved. .\" See LICENSE for the license. .SH "NAME" diff --git a/usr.sbin/nsd/nsd.8.in b/usr.sbin/nsd/nsd.8.in index c84118aa2b5..3a985fba609 100644 --- a/usr.sbin/nsd/nsd.8.in +++ b/usr.sbin/nsd/nsd.8.in @@ -1,10 +1,10 @@ -.TH "NSD" "8" "Feb 15, 2012" "NLnet Labs" "NSD 3.2.10" +.TH "NSD" "8" "Jul 9, 2012" "NLnet Labs" "NSD 3.2.11" .\" Copyright (c) 2001\-2011, NLnet Labs. All rights reserved. .\" See LICENSE for the license. .SH "NAME" .LP .B nsd -\- Name Server Daemon (NSD) version 3.2.10. +\- Name Server Daemon (NSD) version 3.2.11. .SH "SYNOPSIS" .LP .B nsd diff --git a/usr.sbin/nsd/nsd.c b/usr.sbin/nsd/nsd.c index 333f897e4ad..df82978b885 100644 --- a/usr.sbin/nsd/nsd.c +++ b/usr.sbin/nsd/nsd.c @@ -7,7 +7,7 @@ * */ -#include <config.h> +#include "config.h" #include <sys/types.h> #include <sys/param.h> @@ -41,6 +41,7 @@ #include <unistd.h> #include "nsd.h" +#include "namedb.h" #include "options.h" #include "tsig.h" @@ -318,9 +319,67 @@ sig_handler(int sig) * */ #ifdef BIND8_STATS + +#ifdef USE_ZONE_STATS +static void +fprintf_zone_stats(FILE* fd, zone_type* zone, time_t now) +{ + int i; + + /* NSTATS */ + fprintf(fd, "NSTATS %s %lu", + dname_to_string(domain_dname(zone->apex),0), + (unsigned long) now); + + for (i = 0; i <= 255; i++) { + if (zone->st.qtype[i] != 0) { + fprintf(fd, " %s=%lu", rrtype_to_string(i), + zone->st.qtype[i]); + } + } + fprintf(fd, "\n"); + + /* XSTATS */ + fprintf(fd, "XSTATS %s %lu" + " RR=%lu RNXD=%lu RFwdR=%lu RDupR=%lu RFail=%lu RFErr=%lu RErr=%lu RAXFR=%lu" + " RLame=%lu ROpts=%lu SSysQ=%lu SAns=%lu SFwdQ=%lu SDupQ=%lu SErr=%lu RQ=%lu" + " RIQ=%lu RFwdQ=%lu RDupQ=%lu RTCP=%lu SFwdR=%lu SFail=%lu SFErr=%lu SNaAns=%lu" + " SNXD=%lu RUQ=%lu RURQ=%lu RUXFR=%lu RUUpd=%lu\n", + dname_to_string(domain_dname(zone->apex),0), + (unsigned long) now, + zone->st.dropped, + (unsigned long)0, (unsigned long)0, + (unsigned long)0, (unsigned long)0, + (unsigned long)0, (unsigned long)0, + zone->st.raxfr, + (unsigned long)0, (unsigned long)0, + (unsigned long)0, + zone->st.qudp + zone->st.qudp6 - zone->st.dropped, + (unsigned long)0, (unsigned long)0, + zone->st.txerr, + zone->st.opcode[OPCODE_QUERY], + zone->st.opcode[OPCODE_IQUERY], + zone->st.wrongzone, + (unsigned long)0, + zone->st.ctcp + zone->st.ctcp6, + (unsigned long)0, + zone->st.rcode[RCODE_SERVFAIL], + zone->st.rcode[RCODE_FORMAT], + zone->st.nona, + zone->st.rcode[RCODE_NXDOMAIN], + (unsigned long)0, (unsigned long)0, + (unsigned long)0, + zone->st.opcode[OPCODE_UPDATE]); +} +#endif + void bind8_stats (struct nsd *nsd) { +#ifdef USE_ZONE_STATS + FILE* fd; + zone_type* zone; +#endif char buf[MAXSYSLOGMSGLEN]; char *msg, *t; int i, len; @@ -373,6 +432,23 @@ bind8_stats (struct nsd *nsd) (unsigned long)0, (unsigned long)0, (unsigned long)0, nsd->st.opcode[OPCODE_UPDATE]); } +#ifdef USE_ZONE_STATS + /* ZSTATS */ + log_msg(LOG_INFO, "ZSTATS %s", nsd->zonestatsfile); + if ((fd = fopen(nsd->zonestatsfile, "a")) == NULL ) { + log_msg(LOG_ERR, "cannot open zone statsfile %s: %s", + nsd->zonestatsfile, strerror(errno)); + return; + } + /* Write stats per zone */ + zone = nsd->db->zones; + while (zone) { + fprintf_zone_stats(fd, zone, now); + zone = zone->next; + } + fclose(fd); +#endif + } #endif /* BIND8_STATS */ @@ -411,6 +487,9 @@ main(int argc, char *argv[]) nsd.dbfile = 0; nsd.pidfile = 0; nsd.server_kind = NSD_SERVER_MAIN; +#ifdef USE_ZONE_STATS + nsd.zonestatsfile = 0; +#endif for (i = 0; i < MAX_INTERFACES; i++) { memset(&hints[i], 0, sizeof(hints[i])); @@ -667,6 +746,11 @@ main(int argc, char *argv[]) if(nsd.st.period == 0) { nsd.st.period = nsd.options->statistics; } +#ifdef USE_ZONE_STATS + if (nsd.zonestatsfile == 0) { + nsd.zonestatsfile = nsd.options->zonestatsfile; + } +#endif /* USE_ZONE_STATS */ #endif /* BIND8_STATS */ #ifdef HAVE_CHROOT if(nsd.chrootdir == 0) nsd.chrootdir = nsd.options->chroot; diff --git a/usr.sbin/nsd/nsd.conf.5.in b/usr.sbin/nsd/nsd.conf.5.in index 7bce9976ce3..802c1386758 100644 --- a/usr.sbin/nsd/nsd.conf.5.in +++ b/usr.sbin/nsd/nsd.conf.5.in @@ -1,4 +1,4 @@ -.TH "nsd.conf" "5" "Feb 15, 2012" "NLnet Labs" "nsd 3.2.10" +.TH "nsd.conf" "5" "Jul 9, 2012" "NLnet Labs" "nsd 3.2.11" .\" Copyright (c) 2001\-2011, NLnet Labs. All rights reserved. .\" See LICENSE for the license. .SH "NAME" @@ -92,7 +92,7 @@ Files can be included using the directive. It can appear anywhere, and takes a single filename as an argument. Processing continues as if the text from the included file was copied into the config file at that point. -.S "Server Options" +.SS "Server Options" .LP The global options (if not overridden from the NSD commandline) are taken from the @@ -185,6 +185,9 @@ If not present no statistics are dumped. Statistics are produced every number seconds. Same as commandline option .BR \-s . .TP +.B zone-stats-file:\fR <filename> +If per zone statistics is enabled, file to dump the statistics. +.TP .B chroot:\fR <directory> NSD will chroot on startup to the specified directory. Same as commandline option diff --git a/usr.sbin/nsd/nsdc.8.in b/usr.sbin/nsd/nsdc.8.in index 7845d27ab7d..0efa307ace0 100644 --- a/usr.sbin/nsd/nsdc.8.in +++ b/usr.sbin/nsd/nsdc.8.in @@ -1,4 +1,4 @@ -.TH "NSDC" "8" "Feb 15, 2012" "NLnet Labs" "NSDC 3.2.10" +.TH "NSDC" "8" "Jul 9, 2012" "NLnet Labs" "NSDC 3.2.11" .\" Copyright (c) 2001\-2011, NLnet Labs. All rights reserved. .\" See LICENSE for the license. .SH "NAME" @@ -71,7 +71,7 @@ Rebuild the nsd(8) database by invoking nsd\-zonec(8) with appropriate arguments. .TP .I restart -Restart nsdc(8). This equals to nsdc stop && nsdc start. +Restart nsd(8). This equals to nsdc stop && nsdc start. .TP .I running Check whether nsd(8) is running. Returns error message and error diff --git a/usr.sbin/nsd/query.c b/usr.sbin/nsd/query.c index 738bae23bf7..e833455ad80 100644 --- a/usr.sbin/nsd/query.c +++ b/usr.sbin/nsd/query.c @@ -7,7 +7,7 @@ * */ -#include <config.h> +#include "config.h" #include <sys/types.h> #include <sys/socket.h> @@ -305,6 +305,7 @@ static nsd_rc_type process_edns(nsd_type* nsd, struct query *q) { if (q->edns.status == EDNS_ERROR) { + /* The only error is VERSION not implemented */ return NSD_RC_FORMAT; } @@ -1208,14 +1209,13 @@ answer_query(struct nsd *nsd, struct query *q) answer_lookup_zone(nsd, q, &answer, 0, exact, closest_match, closest_encloser, q->qname); - encode_answer(q, &answer); - if (ANCOUNT(q->packet) + NSCOUNT(q->packet) + ARCOUNT(q->packet) == 0) - { - /* no answers, no need for compression */ - return; - } + ZTATUP2(q->zone, opcode, q->opcode); + ZTATUP2(q->zone, qtype, q->qtype); + ZTATUP2(q->zone, opcode, q->qclass); + offset = dname_label_offsets(q->qname)[domain_dname(closest_encloser)->label_count - 1] + QHEADERSZ; query_add_compression_domain(q, closest_encloser, offset); + encode_answer(q, &answer); query_clear_compression_tables(q); } @@ -1267,7 +1267,7 @@ query_process(query_type *q, nsd_type *nsd) return QUERY_DISCARDED; } - if(!process_query_section(q)) { + if (RCODE(q->packet) != RCODE_OK || !process_query_section(q)) { return query_formerr(q); } @@ -1285,10 +1285,11 @@ query_process(query_type *q, nsd_type *nsd) } /* Dont bother to answer more than one question at once... */ - if (QDCOUNT(q->packet) != 1 || TC(q->packet)) { + if (QDCOUNT(q->packet) != 1) { FLAGS_SET(q->packet, 0); return query_formerr(q); } + /* Ignore settings of flags */ /* Dont allow any records in the answer or authority section... except for IXFR queries. */ @@ -1399,6 +1400,7 @@ query_add_optional(query_type *q, nsd_type *nsd) } ARCOUNT_SET(q->packet, ARCOUNT(q->packet) + 1); STATUP(nsd, edns); + ZTATUP(q->zone, edns); break; case EDNS_ERROR: if (q->edns.dnssec_ok) edns->error[7] = 0x80; @@ -1407,6 +1409,7 @@ query_add_optional(query_type *q, nsd_type *nsd) buffer_write(q->packet, edns->rdata_none, OPT_RDATA); ARCOUNT_SET(q->packet, ARCOUNT(q->packet) + 1); STATUP(nsd, ednserr); + ZTATUP(q->zone, ednserr); break; } diff --git a/usr.sbin/nsd/rdata.c b/usr.sbin/nsd/rdata.c index c0f6a0b23e8..15c03cb7ade 100644 --- a/usr.sbin/nsd/rdata.c +++ b/usr.sbin/nsd/rdata.c @@ -7,7 +7,7 @@ * */ -#include <config.h> +#include "config.h" #include <sys/types.h> #include <sys/socket.h> @@ -46,11 +46,18 @@ lookup_table_type dns_certificate_types[] = { /* Taken from RFC 2535, section 7. */ lookup_table_type dns_algorithms[] = { - { 1, "RSAMD5" }, /* RFC 2537 */ - { 2, "DH" }, /* RFC 2539 */ - { 3, "DSA" }, /* RFC 2536 */ + { 1, "RSAMD5" }, /* RFC 2537 */ + { 2, "DH" }, /* RFC 2539 */ + { 3, "DSA" }, /* RFC 2536 */ { 4, "ECC" }, - { 5, "RSASHA1" }, /* RFC 3110 */ + { 5, "RSASHA1" }, /* RFC 3110 */ + { 6, "DSA-NSEC3-SHA1" }, /* RFC 5155 */ + { 7, "RSASHA1-NSEC3-SHA1" }, /* RFC 5155 */ + { 8, "RSASHA256" }, /* RFC 5702 */ + { 10, "RSASHA512" }, /* RFC 5702 */ + { 12, "ECC-GOST" }, /* RFC 5933 */ + { 13, "ECDSAP256SHA256" }, /* RFC 6605 */ + { 14, "ECDSAP384SHA384" }, /* RFC 6605 */ { 252, "INDIRECT" }, { 253, "PRIVATEDNS" }, { 254, "PRIVATEOID" }, @@ -228,13 +235,7 @@ rdata_algorithm_to_string(buffer_type *output, rdata_atom_type rdata, rr_type* ATTR_UNUSED(rr)) { uint8_t id = *rdata_atom_data(rdata); - lookup_table_type *alg - = lookup_by_id(dns_algorithms, id); - if (alg) { - buffer_printf(output, "%s", alg->name); - } else { - buffer_printf(output, "%u", (unsigned) id); - } + buffer_printf(output, "%u", (unsigned) id); return 1; } diff --git a/usr.sbin/nsd/region-allocator.c b/usr.sbin/nsd/region-allocator.c index 3deed554f82..698d5137ada 100644 --- a/usr.sbin/nsd/region-allocator.c +++ b/usr.sbin/nsd/region-allocator.c @@ -7,7 +7,7 @@ * */ -#include <config.h> +#include "config.h" #include <assert.h> #include <stdlib.h> diff --git a/usr.sbin/nsd/server.c b/usr.sbin/nsd/server.c index ed81863ddb1..0ac4db99658 100644 --- a/usr.sbin/nsd/server.c +++ b/usr.sbin/nsd/server.c @@ -7,7 +7,7 @@ * */ -#include <config.h> +#include "config.h" #include <sys/types.h> #include <sys/param.h> @@ -63,6 +63,9 @@ struct tcp_accept_handler_data { netio_handler_type *tcp_accept_handlers; }; +int slowaccept; +struct timespec slowaccept_timeout; + /* * Data for the TCP connection handlers. * @@ -202,7 +205,7 @@ delete_child_pid(struct nsd *nsd, pid_t pid) if (nsd->children[i].pid == pid) { nsd->children[i].pid = 0; if(!nsd->children[i].need_to_exit) { - if(nsd->children[i].child_fd > 0) + if(nsd->children[i].child_fd != -1) close(nsd->children[i].child_fd); nsd->children[i].child_fd = -1; if(nsd->children[i].handler) @@ -228,7 +231,7 @@ restart_child_servers(struct nsd *nsd, region_type* region, netio_type* netio, /* Fork the child processes... */ for (i = 0; i < nsd->child_count; ++i) { if (nsd->children[i].pid <= 0) { - if (nsd->children[i].child_fd > 0) + if (nsd->children[i].child_fd != -1) close(nsd->children[i].child_fd); if (socketpair(AF_UNIX, SOCK_STREAM, 0, sv) == -1) { log_msg(LOG_ERR, "socketpair: %s", @@ -595,7 +598,7 @@ server_shutdown(struct nsd *nsd) close_all_sockets(nsd->udp, nsd->ifs); close_all_sockets(nsd->tcp, nsd->ifs); /* CHILD: close command channel to parent */ - if(nsd->this_child && nsd->this_child->parent_fd > 0) + if(nsd->this_child && nsd->this_child->parent_fd != -1) { close(nsd->this_child->parent_fd); nsd->this_child->parent_fd = -1; @@ -604,7 +607,7 @@ server_shutdown(struct nsd *nsd) if(!nsd->this_child) { for(i=0; i < nsd->child_count; ++i) - if(nsd->children[i].child_fd > 0) + if(nsd->children[i].child_fd != -1) { close(nsd->children[i].child_fd); nsd->children[i].child_fd = -1; @@ -686,7 +689,7 @@ block_read(struct nsd* nsd, int s, void* p, ssize_t sz, int timeout) /* blocking read */ continue; if(errno == EINTR) { - if(nsd->signal_hint_quit || nsd->signal_hint_shutdown) + if(nsd && (nsd->signal_hint_quit || nsd->signal_hint_shutdown)) return -1; /* other signals can be handled later */ continue; @@ -704,7 +707,7 @@ block_read(struct nsd* nsd, int s, void* p, ssize_t sz, int timeout) /* blocking read */ continue; if(errno == EINTR) { - if(nsd->signal_hint_quit || nsd->signal_hint_shutdown) + if(nsd && (nsd->signal_hint_quit || nsd->signal_hint_shutdown)) return -1; /* other signals can be handled later */ continue; @@ -1111,7 +1114,7 @@ server_main(struct nsd *nsd) break; case NSD_QUIT_SYNC: /* synchronisation of xfrd, parent and reload */ - if(!nsd->quit_sync_done && reload_listener.fd > 0) { + if(!nsd->quit_sync_done && reload_listener.fd != -1) { sig_atomic_t cmd = NSD_RELOAD; /* stop xfrd ipc writes in progress */ DEBUG(DEBUG_IPC,1, (LOG_INFO, @@ -1128,7 +1131,7 @@ server_main(struct nsd *nsd) break; case NSD_QUIT: /* silent shutdown during reload */ - if(reload_listener.fd > 0) { + if(reload_listener.fd != -1) { /* acknowledge the quit, to sync reload that we will really quit now */ sig_atomic_t cmd = NSD_RELOAD; DEBUG(DEBUG_IPC,1, (LOG_INFO, "main: ipc ack reload")); @@ -1177,7 +1180,7 @@ server_main(struct nsd *nsd) /* Unlink it if possible... */ unlinkpid(nsd->pidfile); - if(reload_listener.fd > 0) { + if(reload_listener.fd != -1) { sig_atomic_t cmd = NSD_QUIT; DEBUG(DEBUG_IPC,1, (LOG_INFO, "main: ipc send quit to reload-process")); @@ -1188,7 +1191,7 @@ server_main(struct nsd *nsd) fsync(reload_listener.fd); close(reload_listener.fd); } - if(xfrd_listener.fd > 0) { + if(xfrd_listener.fd != -1) { /* complete quit, stop xfrd */ sig_atomic_t cmd = NSD_QUIT; DEBUG(DEBUG_IPC,1, (LOG_INFO, @@ -1304,7 +1307,7 @@ server_child(struct nsd *nsd) handler->fd = nsd->tcp[i].s; handler->timeout = NULL; handler->user_data = data; - handler->event_types = NETIO_EVENT_READ; + handler->event_types = NETIO_EVENT_READ | NETIO_EVENT_ACCEPT; handler->event_handler = handle_tcp_accept; netio_add_handler(netio, handler); } @@ -1327,7 +1330,7 @@ server_child(struct nsd *nsd) } else if (mode == NSD_REAP_CHILDREN) { /* got signal, notify parent. parent reaps terminated children. */ - if (nsd->this_child->parent_fd > 0) { + if (nsd->this_child->parent_fd != -1) { sig_atomic_t parent_notify = NSD_REAP_CHILDREN; if (write(nsd->this_child->parent_fd, &parent_notify, @@ -1382,11 +1385,13 @@ handle_udp(netio_type *ATTR_UNUSED(netio), } /* Account... */ +#ifdef BIND8_STATS if (data->socket->addr->ai_family == AF_INET) { STATUP(data->nsd, qudp); } else if (data->socket->addr->ai_family == AF_INET6) { STATUP(data->nsd, qudp6); } +#endif /* Initialize the query... */ query_reset(q, UDP_MAX_MESSAGE_LEN, 0); @@ -1401,6 +1406,7 @@ handle_udp(netio_type *ATTR_UNUSED(netio), if (errno != EAGAIN && errno != EINTR) { log_msg(LOG_ERR, "recvfrom failed: %s", strerror(errno)); STATUP(data->nsd, rxerr); + /* No zone statup */ } } else { buffer_skip(q->packet, received); @@ -1408,10 +1414,21 @@ handle_udp(netio_type *ATTR_UNUSED(netio), /* Process and answer the query... */ if (server_process_query(data->nsd, q) != QUERY_DISCARDED) { +#ifdef BIND8_STATS if (RCODE(q->packet) == RCODE_OK && !AA(q->packet)) { STATUP(data->nsd, nona); + ZTATUP(q->zone, nona); } +# ifdef USE_ZONE_STATS + if (data->socket->addr->ai_family == AF_INET) { + ZTATUP(q->zone, qudp); + } else if (data->socket->addr->ai_family == AF_INET6) { + ZTATUP(q->zone, qudp6); + } +# endif +#endif + /* Add EDNS0 and TSIG info if necessary. */ query_add_optional(q, data->nsd); @@ -1426,18 +1443,29 @@ handle_udp(netio_type *ATTR_UNUSED(netio), if (sent == -1) { log_msg(LOG_ERR, "sendto failed: %s", strerror(errno)); STATUP(data->nsd, txerr); + ZTATUP(q->zone, txerr); } else if ((size_t) sent != buffer_remaining(q->packet)) { log_msg(LOG_ERR, "sent %d in place of %d bytes", sent, (int) buffer_remaining(q->packet)); - } else { #ifdef BIND8_STATS + } else { /* Account the rcode & TC... */ STATUP2(data->nsd, rcode, RCODE(q->packet)); - if (TC(q->packet)) + ZTATUP2(q->zone, rcode, RCODE(q->packet)); + if (TC(q->packet)) { STATUP(data->nsd, truncated); + ZTATUP(q->zone, truncated); + } #endif /* BIND8_STATS */ } +#ifdef BIND8_STATS } else { STATUP(data->nsd, dropped); +# ifdef USE_ZONE_STATS + if (q->zone) { + ZTATUP(q->zone, dropped); + } +# endif +#endif } } } @@ -1450,6 +1478,7 @@ cleanup_tcp_handler(netio_type *netio, netio_handler_type *handler) = (struct tcp_handler_data *) handler->user_data; netio_remove_handler(netio, handler); close(handler->fd); + slowaccept = 0; /* * Enable the TCP accept handlers when the current number of @@ -1600,15 +1629,17 @@ handle_tcp_reading(netio_type *netio, assert(buffer_position(data->query->packet) == data->query->tcplen); /* Account... */ -#ifndef INET6 - STATUP(data->nsd, ctcp); -#else +#ifdef BIND8_STATS +# ifndef INET6 + STATUP(data->nsd, ctcp); +# else if (data->query->addr.ss_family == AF_INET) { STATUP(data->nsd, ctcp); } else if (data->query->addr.ss_family == AF_INET6) { STATUP(data->nsd, ctcp6); } -#endif +# endif +#endif /* BIND8_STATS */ /* We have a complete query, process it. */ @@ -1620,15 +1651,36 @@ handle_tcp_reading(netio_type *netio, if (data->query_state == QUERY_DISCARDED) { /* Drop the packet and the entire connection... */ STATUP(data->nsd, dropped); +#if defined(BIND8_STATS) && defined(USE_ZONE_STATS) + if (data->query->zone) { + ZTATUP(data->query->zone, dropped); + } +#endif cleanup_tcp_handler(netio, handler); return; } +#ifdef BIND8_STATS if (RCODE(data->query->packet) == RCODE_OK && !AA(data->query->packet)) { STATUP(data->nsd, nona); + ZTATUP(data->query->zone, nona); + } + +# ifdef USE_ZONE_STATS +# ifndef INET6 + ZTATUP(data->query->zone, ctcp); +# else + if (data->query->addr.ss_family == AF_INET) { + ZTATUP(data->query->zone, ctcp); + } else if (data->query->addr.ss_family == AF_INET6) { + ZTATUP(data->query->zone, ctcp6); } +# endif +# endif /* USE_ZONE_STATS */ + +#endif /* BIND8_STATS */ query_add_optional(data->query, data->nsd); @@ -1818,9 +1870,21 @@ handle_tcp_accept(netio_type *netio, addrlen = sizeof(addr); s = accept(handler->fd, (struct sockaddr *) &addr, &addrlen); if (s == -1) { - /* EINTR is a signal interrupt. The others are various OS ways - of saying that the client has closed the connection. */ - if ( errno != EINTR + /** + * EMFILE and ENFILE is a signal that the limit of open + * file descriptors has been reached. Pause accept(). + * EINTR is a signal interrupt. The others are various OS ways + * of saying that the client has closed the connection. + */ + if (errno == EMFILE || errno == ENFILE) { + if (!slowaccept) { + slowaccept_timeout.tv_sec = NETIO_SLOW_ACCEPT_TIMEOUT; + slowaccept_timeout.tv_nsec = 0L; + timespec_add(&slowaccept_timeout, netio_current_time(netio)); + slowaccept = 1; + /* We don't want to spam the logs here */ + } + } else if (errno != EINTR && errno != EWOULDBLOCK #ifdef ECONNABORTED && errno != ECONNABORTED @@ -1896,7 +1960,7 @@ send_children_quit(struct nsd* nsd) size_t i; assert(nsd->server_kind == NSD_SERVER_MAIN && nsd->this_child == 0); for (i = 0; i < nsd->child_count; ++i) { - if (nsd->children[i].pid > 0 && nsd->children[i].child_fd > 0) { + if (nsd->children[i].pid > 0 && nsd->children[i].child_fd != -1) { if (write(nsd->children[i].child_fd, &command, sizeof(command)) == -1) diff --git a/usr.sbin/nsd/util.c b/usr.sbin/nsd/util.c index 6161294c029..e15bd4c899b 100644 --- a/usr.sbin/nsd/util.c +++ b/usr.sbin/nsd/util.c @@ -7,7 +7,7 @@ * */ -#include <config.h> +#include "config.h" #include <assert.h> #include <ctype.h> diff --git a/usr.sbin/nsd/util.h b/usr.sbin/nsd/util.h index ff079677f7f..a84f7ac4c72 100644 --- a/usr.sbin/nsd/util.h +++ b/usr.sbin/nsd/util.h @@ -10,7 +10,7 @@ #ifndef _UTIL_H_ #define _UTIL_H_ -#include <config.h> +#include "config.h" #include <sys/time.h> #include <stdarg.h> #include <stdio.h> @@ -31,6 +31,26 @@ struct rr; #define PADDING(n, alignment) \ (ALIGN_UP((n), (alignment)) - (n)) +/* Counter for statistics */ +typedef unsigned long stc_t; + +/** + * Statistics. + * + */ +struct nsdst { + time_t boot; + int period; /* Produce statistics dump every st_period seconds */ + stc_t qtype[257]; /* Counters per qtype */ + stc_t qclass[4]; /* Class IN or Class CH or other */ + stc_t qudp, qudp6; /* Number of queries udp and udp6 */ + stc_t ctcp, ctcp6; /* Number of tcp and tcp6 connections */ + stc_t rcode[17], opcode[6]; /* Rcodes & opcodes */ + /* Dropped, truncated, queries for nonconfigured zone, tx errors */ + stc_t dropped, truncated, wrongzone, txerr, rxerr; + stc_t edns, ednserr, raxfr, nona; +}; + /* * Initialize the logging system. All messages are logged to stderr * until log_open and log_set_log_function are called. diff --git a/usr.sbin/nsd/xfrd-tcp.c b/usr.sbin/nsd/xfrd-tcp.c index 9f479e8f4f1..0f09e447368 100644 --- a/usr.sbin/nsd/xfrd-tcp.c +++ b/usr.sbin/nsd/xfrd-tcp.c @@ -7,7 +7,7 @@ * */ -#include <config.h> +#include "config.h" #include <assert.h> #include <errno.h> #include <fcntl.h> diff --git a/usr.sbin/nsd/zonec.8.in b/usr.sbin/nsd/zonec.8.in index 9c38be395c5..c2abc956f2b 100644 --- a/usr.sbin/nsd/zonec.8.in +++ b/usr.sbin/nsd/zonec.8.in @@ -1,10 +1,10 @@ -.TH "nsd\-zonec" "8" "Feb 15, 2012" "NLnet Labs" "nsd 3.2.10" +.TH "nsd\-zonec" "8" "Feb 15, 2012" "NLnet Labs" "nsd 3.2.11" .\" Copyright (c) 2001\-2011, NLnet Labs. All rights reserved. .\" See LICENSE for the license. .SH "NAME" .LP .B nsd\-zonec -\- NSD zone compiler version 3.2.10. +\- NSD zone compiler version 3.2.11. .SH "SYNOPSIS" .LP .B nsd\-zonec diff --git a/usr.sbin/nsd/zparser.y b/usr.sbin/nsd/zparser.y index 6fe70056bbc..21c7f6854ae 100644 --- a/usr.sbin/nsd/zparser.y +++ b/usr.sbin/nsd/zparser.y @@ -8,7 +8,7 @@ * */ -#include <config.h> +#include "config.h" #include <stdarg.h> #include <stdio.h> @@ -66,7 +66,7 @@ nsec3_add_params(const char* hash_algo_str, const char* flag_str, %token <type> T_GPOS T_EID T_NIMLOC T_ATMA T_NAPTR T_KX T_A6 T_DNAME T_SINK %token <type> T_OPT T_APL T_UINFO T_UID T_GID T_UNSPEC T_TKEY T_TSIG T_IXFR %token <type> T_AXFR T_MAILB T_MAILA T_DS T_DLV T_SSHFP T_RRSIG T_NSEC T_DNSKEY -%token <type> T_SPF T_NSEC3 T_IPSECKEY T_DHCID T_NSEC3PARAM +%token <type> T_SPF T_NSEC3 T_IPSECKEY T_DHCID T_NSEC3PARAM T_TLSA /* other tokens */ %token DOLLAR_TTL DOLLAR_ORIGIN NL SP @@ -592,6 +592,8 @@ type_and_rdata: | T_NSEC3PARAM sp rdata_unknown { $$ = $1; parse_unknown_rdata($1, $3); } | T_DNSKEY sp rdata_dnskey | T_DNSKEY sp rdata_unknown { $$ = $1; parse_unknown_rdata($1, $3); } + | T_TLSA sp rdata_tlsa + | T_TLSA sp rdata_unknown { $$ = $1; parse_unknown_rdata($1, $3); } | T_UTYPE sp rdata_unknown { $$ = $1; parse_unknown_rdata($1, $3); } | STR error NL { @@ -885,6 +887,15 @@ rdata_nsec3_param: STR sp STR sp STR sp STR trail } ; +rdata_tlsa: STR sp STR sp STR sp str_sp_seq trail + { + zadd_rdata_wireformat(zparser_conv_byte(parser->region, $1.str)); /* usage */ + zadd_rdata_wireformat(zparser_conv_byte(parser->region, $3.str)); /* selector */ + zadd_rdata_wireformat(zparser_conv_byte(parser->region, $5.str)); /* matching type */ + zadd_rdata_wireformat(zparser_conv_hex(parser->region, $7.str, $7.len)); /* ca data */ + } + ; + rdata_dnskey: STR sp STR sp STR sp str_sp_seq trail { zadd_rdata_wireformat(zparser_conv_short(parser->region, $1.str)); /* flags */ |