This file contains the functions for an authority zone. More...
#include "util/rbtree.h"
#include "util/locks.h"
#include "services/mesh.h"
#include "services/rpz.h"
Data Structures | |
struct | auth_zones |
Authoritative zones, shared. More... | |
struct | auth_zone |
Auth zone. More... | |
struct | auth_data |
Auth data. More... | |
struct | auth_rrset |
A auth data RRset. More... | |
struct | auth_xfer |
Authoritative zone transfer structure. More... | |
struct | auth_nextprobe |
The next probe task. More... | |
struct | auth_probe |
The probe task. More... | |
struct | auth_transfer |
The transfer task. More... | |
struct | auth_addr |
list of addresses More... | |
struct | auth_master |
auth zone master upstream, and the config settings for it More... | |
struct | auth_chunk |
auth zone master zone transfer data chunk More... | |
Macros | |
#define | ZONEMD_SCHEME_SIMPLE 1 |
ZONEMD scheme definitions. | |
#define | ZONEMD_ALGO_SHA384 1 |
ZONEMD hash algorithm definition for SHA384. | |
#define | ZONEMD_ALGO_SHA512 2 |
ZONEMD hash algorithm definition for SHA512. | |
Functions | |
struct auth_zones * | auth_zones_create (void) |
Create auth zones structure. | |
int | auth_zones_apply_cfg (struct auth_zones *az, struct config_file *cfg, int setup, int *is_rpz, struct module_env *env, struct module_stack *mods) |
Apply configuration to auth zones. More... | |
void | auth_xfer_pickup_initial (struct auth_zones *az, struct module_env *env) |
initial pick up of worker timeouts, ties events to worker event loop More... | |
void | auth_zones_cleanup (struct auth_zones *az) |
Cleanup auth zones. More... | |
void | auth_zones_delete (struct auth_zones *az) |
Delete auth zones structure. | |
int | auth_zone_write_file (struct auth_zone *z, const char *fname) |
Write auth zone data to file, in zonefile format. | |
int | auth_zones_lookup (struct auth_zones *az, struct query_info *qinfo, struct regional *region, struct dns_msg **msg, int *fallback, uint8_t *dp_nm, size_t dp_nmlen) |
Use auth zones to lookup the answer to a query. More... | |
int | auth_zones_answer (struct auth_zones *az, struct module_env *env, struct query_info *qinfo, struct edns_data *edns, struct comm_reply *repinfo, struct sldns_buffer *buf, struct regional *temp) |
Answer query from auth zone. More... | |
struct auth_zone * | auth_zones_find_zone (struct auth_zones *az, uint8_t *name, size_t name_len, uint16_t dclass) |
Find the auth zone that is above the given qname. More... | |
struct auth_zone * | auth_zone_find (struct auth_zones *az, uint8_t *nm, size_t nmlen, uint16_t dclass) |
find an auth zone by name (exact match by name or NULL returned) | |
struct auth_xfer * | auth_xfer_find (struct auth_zones *az, uint8_t *nm, size_t nmlen, uint16_t dclass) |
find an xfer zone by name (exact match by name or NULL returned) | |
struct auth_zone * | auth_zone_create (struct auth_zones *az, uint8_t *nm, size_t nmlen, uint16_t dclass) |
create an auth zone. More... | |
int | auth_zone_set_zonefile (struct auth_zone *z, char *zonefile) |
set auth zone zonefile string. More... | |
int | auth_zone_set_fallback (struct auth_zone *z, char *fallbackstr) |
set auth zone fallback. More... | |
int | auth_zones_can_fallback (struct auth_zones *az, uint8_t *nm, size_t nmlen, uint16_t dclass) |
see if the auth zone for the name can fallback More... | |
int | auth_zones_notify (struct auth_zones *az, struct module_env *env, uint8_t *nm, size_t nmlen, uint16_t dclass, struct sockaddr_storage *addr, socklen_t addrlen, int has_serial, uint32_t serial, int *refused) |
process notify for auth zones. More... | |
int | auth_zone_parse_notify_serial (struct sldns_buffer *pkt, uint32_t *serial) |
process notify packet and read serial number from SOA. More... | |
int | auth_zones_startprobesequence (struct auth_zones *az, struct module_env *env, uint8_t *nm, size_t nmlen, uint16_t dclass) |
for the zone and if not already going, starts the probe sequence. More... | |
int | auth_zone_read_zonefile (struct auth_zone *z, struct config_file *cfg) |
read auth zone from zonefile. More... | |
struct auth_rrset * | auth_zone_get_soa_rrset (struct auth_zone *z) |
find the apex SOA RRset, if it exists. More... | |
int | auth_zone_get_serial (struct auth_zone *z, uint32_t *serial) |
find serial number of zone or false if none (no SOA record) More... | |
int | xfr_find_soa (struct auth_zone *z, struct auth_xfer *xfr) |
Find auth_zone SOA and populate the values in xfr(soa values). | |
int | auth_zone_cmp (const void *z1, const void *z2) |
compare auth_zones for sorted rbtree | |
int | auth_data_cmp (const void *z1, const void *z2) |
compare auth_data for sorted rbtree | |
int | auth_xfer_cmp (const void *z1, const void *z2) |
compare auth_xfer for sorted rbtree | |
struct auth_xfer * | auth_xfer_create (struct auth_zones *az, struct auth_zone *z) |
Create auth_xfer structure. More... | |
int | xfer_set_masters (struct auth_master **list, struct config_auth *c, int with_http) |
Set masters in auth xfer structure from config. More... | |
void | auth_xfer_timer (void *arg) |
xfer nextprobe timeout callback, this is part of task_nextprobe | |
int | auth_xfer_probe_udp_callback (struct comm_point *c, void *arg, int err, struct comm_reply *repinfo) |
callback for commpoint udp replies to task_probe More... | |
int | auth_xfer_transfer_tcp_callback (struct comm_point *c, void *arg, int err, struct comm_reply *repinfo) |
callback for task_transfer tcp connections | |
int | auth_xfer_transfer_http_callback (struct comm_point *c, void *arg, int err, struct comm_reply *repinfo) |
callback for task_transfer http connections | |
void | auth_xfer_probe_timer_callback (void *arg) |
xfer probe timeout callback, part of task_probe More... | |
void | auth_xfer_transfer_timer_callback (void *arg) |
xfer transfer timeout callback, part of task_transfer More... | |
void | auth_xfer_probe_lookup_callback (void *arg, int rcode, struct sldns_buffer *buf, enum sec_status sec, char *why_bogus, int was_ratelimited) |
mesh callback for task_probe on lookup of host names | |
void | auth_xfer_transfer_lookup_callback (void *arg, int rcode, struct sldns_buffer *buf, enum sec_status sec, char *why_bogus, int was_ratelimited) |
mesh callback for task_transfer on lookup of host names | |
int | compare_serial (uint32_t a, uint32_t b) |
int | auth_zone_generate_zonemd_hash (struct auth_zone *z, int scheme, int hashalgo, uint8_t *hash, size_t buflen, size_t *resultlen, struct regional *region, struct sldns_buffer *buf, char **reason) |
Generate ZONEMD digest for the auth zone. More... | |
int | zonemd_hashalgo_supported (int hashalgo) |
returns true if a zonemd hash algo is supported | |
int | zonemd_scheme_supported (int scheme) |
returns true if a zonemd scheme is supported | |
int | auth_zone_generate_zonemd_check (struct auth_zone *z, int scheme, int hashalgo, uint8_t *hash, size_t hashlen, struct regional *region, struct sldns_buffer *buf, char **reason) |
Check ZONEMD digest for the auth zone. More... | |
void | auth_zone_verify_zonemd (struct auth_zone *z, struct module_env *env, struct module_stack *mods, char **result, int offline, int only_online) |
Perform ZONEMD checks and verification for the auth zone. More... | |
void | auth_zonemd_dnskey_lookup_callback (void *arg, int rcode, struct sldns_buffer *buf, enum sec_status sec, char *why_bogus, int was_ratelimited) |
mesh callback for zonemd on lookup of dnskey | |
void | auth_zones_pickup_zonemd_verify (struct auth_zones *az, struct module_env *env) |
Check the ZONEMD records that need online DNSSEC chain lookups, for them spawn the lookup process to get it checked out. More... | |
This file contains the functions for an authority zone.
This zone is queried by the iterator, just like a stub or forward zone, but then the data is locally held.
int auth_zones_apply_cfg | ( | struct auth_zones * | az, |
struct config_file * | cfg, | ||
int | setup, | ||
int * | is_rpz, | ||
struct module_env * | env, | ||
struct module_stack * | mods | ||
) |
Apply configuration to auth zones.
Reads zonefiles.
az | auth zones structure |
cfg | config to apply. |
setup | if true, also sets up values in the auth zones structure |
is_rpz | set to 1 if at least one RPZ zone is configured. |
env | environment for offline verification. |
mods | modules in environment. |
References auth_zones_cfg(), auth_zones_read_zones(), auth_zones_setup_zones(), config_file::auths, az_delete_deleted_zones(), az_setall_deleted(), config_auth::isrpz, log_err(), log_warn(), config_auth::name, and config_auth::next.
Referenced by check_auth(), and context_finalize().
void auth_xfer_pickup_initial | ( | struct auth_zones * | az, |
struct module_env * | env | ||
) |
initial pick up of worker timeouts, ties events to worker event loop
az | auth zones structure |
env | worker env, of first worker that receives the events (if any) in its eventloop. |
References auth_xfer::have_zone, auth_xfer::lease_time, auth_zones::lock, auth_xfer::lock, module_env::now, RBTREE_FOR, auth_xfer::task_nextprobe, xfr_set_timeout(), and auth_zones::xtree.
void auth_zones_cleanup | ( | struct auth_zones * | az | ) |
Cleanup auth zones.
This removes all events from event bases. Stops the xfr tasks. But leaves zone data.
az | auth zones structure. |
References auth_chunks_delete(), auth_zones::lock, auth_xfer::lock, RBTREE_FOR, auth_xfer::task_nextprobe, auth_xfer::task_probe, auth_xfer::task_transfer, xfr_nextprobe_disown(), xfr_probe_disown(), xfr_transfer_disown(), and auth_zones::xtree.
Referenced by daemon_cleanup().
int auth_zones_lookup | ( | struct auth_zones * | az, |
struct query_info * | qinfo, | ||
struct regional * | region, | ||
struct dns_msg ** | msg, | ||
int * | fallback, | ||
uint8_t * | dp_nm, | ||
size_t | dp_nmlen | ||
) |
Use auth zones to lookup the answer to a query.
The query is from the iterator. And the auth zones attempts to provide the answer instead of going to the internet.
az | auth zones structure. |
qinfo | query info to lookup. |
region | region to use to allocate the reply in. |
msg | reply is stored here (if one). |
fallback | if true, fallback to making a query to the internet. |
dp_nm | name of delegation point to look for. This zone is used to answer the query. If the dp_nm is not found, fallback is set to true and false returned. |
dp_nmlen | length of dp_nm. |
References auth_zone_find(), auth_zone_generate_answer(), auth_zone::fallback_enabled, auth_zone::for_upstream, auth_zones::lock, auth_zone::lock, query_info::qclass, and auth_zone::zone_expired.
Referenced by q_ans_query().
int auth_zones_answer | ( | struct auth_zones * | az, |
struct module_env * | env, | ||
struct query_info * | qinfo, | ||
struct edns_data * | edns, | ||
struct comm_reply * | repinfo, | ||
struct sldns_buffer * | buf, | ||
struct regional * | temp | ||
) |
Answer query from auth zone.
Create authoritative answer.
az | auth zones structure. |
env | the module environment. |
qinfo | query info (parsed). |
edns | edns info (parsed). |
buf | buffer with query ID and flags, also for reply. |
repinfo | reply information for a communication point. |
temp | temporary storage region. |
References auth_error_encode(), auth_zones_find_zone(), dname_remove_label(), auth_zone::fallback_enabled, auth_zone::for_downstream, auth_zones::have_downstream, LDNS_RR_TYPE_DS, auth_zones::lock, auth_zone::lock, auth_zones::num_query_down, query_info::qclass, query_info::qname, query_info::qname_len, query_info::qtype, and auth_zone::zone_expired.
Referenced by handle_newq().
struct auth_zone* auth_zones_find_zone | ( | struct auth_zones * | az, |
uint8_t * | name, | ||
size_t | name_len, | ||
uint16_t | dclass | ||
) |
Find the auth zone that is above the given qname.
Return NULL when there is no auth_zone above the give name, otherwise returns the closest auth_zone above the qname that pertains to it.
az | auth zones structure. |
name | query to look up for. |
name_len | length of name. |
dclass | class of zone to find. |
Find the auth zone that is above the given qname.
References auth_zone_find(), auth_zone_find_less_equal(), auth_zone::dclass, dname_count_size_labels(), dname_get_shared_topdomain(), dname_is_root(), dname_remove_label(), and auth_zone::name.
Referenced by auth_zone_delegpt(), and auth_zones_answer().
struct auth_zone* auth_zone_create | ( | struct auth_zones * | az, |
uint8_t * | nm, | ||
size_t | nmlen, | ||
uint16_t | dclass | ||
) |
create an auth zone.
returns wrlocked zone. caller must have wrlock on az. returns NULL on malloc failure
References auth_data_cmp(), auth_zone_delete(), auth_zone::data, auth_zone::dclass, dname_count_labels(), rbnode_type::key, auth_zone::lock, log_warn(), memdup(), auth_zone::name, auth_zone::namelabs, auth_zone::namelen, auth_zone::node, rbtree_init(), rbtree_insert(), auth_zone::rpz_az_next, auth_zone::rpz_az_prev, and auth_zones::ztree.
Referenced by auth_zones_find_or_add_zone().
int auth_zone_set_zonefile | ( | struct auth_zone * | z, |
char * | zonefile | ||
) |
set auth zone zonefile string.
caller must have lock on zone
References log_err(), and auth_zone::zonefile.
Referenced by auth_zones_cfg().
int auth_zone_set_fallback | ( | struct auth_zone * | z, |
char * | fallbackstr | ||
) |
set auth zone fallback.
caller must have lock on zone. fallbackstr is "yes" or "no". false on parse failure.
caller must have lock on zone
References auth_zone::fallback_enabled, and log_err().
int auth_zones_can_fallback | ( | struct auth_zones * | az, |
uint8_t * | nm, | ||
size_t | nmlen, | ||
uint16_t | dclass | ||
) |
see if the auth zone for the name can fallback
az | auth zones |
nm | name of delegation point. |
nmlen | length of nm. |
dclass | class of zone to look for. |
References auth_zone_find(), auth_zone::dclass, auth_zone::fallback_enabled, auth_zone::for_upstream, auth_zones::lock, and auth_zone::lock.
int auth_zones_notify | ( | struct auth_zones * | az, |
struct module_env * | env, | ||
uint8_t * | nm, | ||
size_t | nmlen, | ||
uint16_t | dclass, | ||
struct sockaddr_storage * | addr, | ||
socklen_t | addrlen, | ||
int | has_serial, | ||
uint32_t | serial, | ||
int * | refused | ||
) |
process notify for auth zones.
first checks the access list. Then processes the notify. This starts the probe sequence or it notes the serial number (if any)
az | auth zones structure. |
env | module env of the worker that is handling the notify. it will pick up the task probe (or transfer), unless already in progress by another worker. |
nm | name of the zone. Uncompressed. from query. |
nmlen | length of name. |
dclass | class of zone. |
addr | source address of notify |
addrlen | length of addr. |
has_serial | if true, the notify has a serial attached. |
serial | the serial number, if has_serial is true. |
refused | is set to true on failure to note refused access. |
References auth_xfer_find(), az_xfr_allowed_notify(), auth_zones::lock, auth_xfer::lock, and xfr_process_notify().
int auth_zone_parse_notify_serial | ( | struct sldns_buffer * | pkt, |
uint32_t * | serial | ||
) |
process notify packet and read serial number from SOA.
returns 0 if no soa record in the notify
References query_info_parse(), and sldns_buffer_set_position().
int auth_zones_startprobesequence | ( | struct auth_zones * | az, |
struct module_env * | env, | ||
uint8_t * | nm, | ||
size_t | nmlen, | ||
uint16_t | dclass | ||
) |
for the zone and if not already going, starts the probe sequence.
false if zone cannot be found. This is like a notify arrived and was accepted for that zone.
References auth_xfer_find(), auth_xfer::dclass, auth_zones::lock, auth_xfer::lock, and xfr_process_notify().
Referenced by do_auth_zone_transfer().
int auth_zone_read_zonefile | ( | struct auth_zone * | z, |
struct config_file * | cfg | ||
) |
read auth zone from zonefile.
caller must lock zone. false on failure
References auth_data_cmp(), auth_data_del(), az_parse_file(), config_file::chrootdir, auth_zone::data, sldns_file_parse_state::default_ttl, dname_str(), LDNS_RR_BUF_SIZE, log_err(), auth_zone::name, auth_zone::namelen, sldns_file_parse_state::origin, sldns_file_parse_state::origin_len, rbtree_init(), auth_zone::rpz, rpz_clear(), rpz_finish_config(), sldns_wire2str_dname(), traverse_postorder(), VERB_ALGO, verbose(), verbosity, auth_zone::zone_is_slave, and auth_zone::zonefile.
Referenced by auth_zones_read_zones(), and do_auth_zone_reload().
struct auth_rrset* auth_zone_get_soa_rrset | ( | struct auth_zone * | z | ) |
find the apex SOA RRset, if it exists.
NULL if no SOA RRset.
find the apex SOA RRset, if it exists.
References az_domain_rrset(), az_find_name(), LDNS_RR_TYPE_SOA, auth_zone::name, and auth_zone::namelen.
Referenced by rpz_add_soa().
int auth_zone_get_serial | ( | struct auth_zone * | z, |
uint32_t * | serial | ||
) |
find serial number of zone or false if none (no SOA record)
find serial number of zone or false if none (no SOA record)
References az_domain_rrset(), az_find_name(), packed_rrset_data::count, auth_rrset::data, LDNS_RR_TYPE_SOA, auth_zone::name, auth_zone::namelen, and packed_rrset_data::rr_len.
Referenced by auth_zone_zonemd_check_hash(), and do_list_auth_zones().
struct auth_xfer* auth_xfer_create | ( | struct auth_zones * | az, |
struct auth_zone * | z | ||
) |
Create auth_xfer structure.
Caller must have wrlock on az. Returns locked xfer zone.
az | zones structure. |
z | zone with name and class |
This populates the have_zone, soa values, and so on times. and sets the timeout, if a zone transfer is needed a short timeout is set. For that the auth_zone itself must exist (and read in zonefile) returns false on alloc failure.
References auth_xfer_new(), log_err(), auth_xfer::node, rbtree_insert(), and auth_zones::xtree.
Referenced by auth_zones_find_or_add_xfer().
int xfer_set_masters | ( | struct auth_master ** | list, |
struct config_auth * | c, | ||
int | with_http | ||
) |
Set masters in auth xfer structure from config.
list | pointer to start of list. The malloced list is returned here. |
c | the config items to copy over. |
with_http | if true, http urls are also included, before the masters. |
References auth_master::allow_notify, config_auth::allow_notify, auth_master_new(), auth_master::file, auth_master::host, auth_master::http, auth_master::ixfr, log_err(), config_auth::masters, config_strlist::next, parse_url(), auth_master::port, auth_master::ssl, config_strlist::str, and config_auth::urls.
int auth_xfer_probe_udp_callback | ( | struct comm_point * | c, |
void * | arg, | ||
int | err, | ||
struct comm_reply * | repinfo | ||
) |
callback for commpoint udp replies to task_probe
callback for commpoint udp replies to task_probe
References comm_point::buffer, comm_reply::c, check_packet_ok(), comm_point_delete(), comm_timer_disable(), auth_probe::cp, dname_str(), auth_probe::have_new_lease, auth_master::http, LDNS_RR_TYPE_SOA, auth_xfer::lock, log_assert, auth_transfer::masters, auth_xfer::name, NETEVENT_NOERROR, module_env::outnet, auth_xfer::task_probe, auth_xfer::task_transfer, auth_probe::timer, VERB_ALGO, verbose(), verbosity, outside_network::want_to_quit, xfr_probe_current_master(), xfr_probe_disown(), xfr_probe_nextmaster(), xfr_probe_send_or_end(), xfr_serial_means_update(), and xfr_start_transfer().
Referenced by fptr_whitelist_comm_point(), and xfr_probe_send_probe().
void auth_xfer_probe_timer_callback | ( | void * | arg | ) |
xfer probe timeout callback, part of task_probe
xfer probe timeout callback, part of task_probe
References AUTH_PROBE_TIMEOUT_STOP, comm_point_delete(), auth_probe::cp, dname_str(), auth_xfer::lock, log_assert, auth_xfer::name, module_env::outnet, auth_xfer::task_probe, auth_probe::timeout, VERB_ALGO, verbose(), verbosity, outside_network::want_to_quit, xfr_probe_nextmaster(), xfr_probe_send_or_end(), and xfr_probe_send_probe().
Referenced by fptr_whitelist_comm_timer(), and xfr_probe_send_probe().
void auth_xfer_transfer_timer_callback | ( | void * | arg | ) |
xfer transfer timeout callback, part of task_transfer
xfer transfer timeout callback, part of task_transfer
References auth_chunks_delete(), comm_point_delete(), auth_transfer::cp, auth_master::host, auth_transfer::ixfr_fail, auth_transfer::ixfr_possible_timeout_count, auth_xfer::lock, log_assert, auth_transfer::master, NUM_TIMEOUTS_FALLBACK_IXFR, auth_transfer::on_ixfr, module_env::outnet, auth_xfer::task_transfer, VERB_ALGO, verbose(), outside_network::want_to_quit, xfr_transfer_nextmaster(), and xfr_transfer_nexttarget_or_end().
Referenced by fptr_whitelist_comm_timer(), and xfr_transfer_init_fetch().
int auth_zone_generate_zonemd_hash | ( | struct auth_zone * | z, |
int | scheme, | ||
int | hashalgo, | ||
uint8_t * | hash, | ||
size_t | buflen, | ||
size_t * | resultlen, | ||
struct regional * | region, | ||
struct sldns_buffer * | buf, | ||
char ** | reason | ||
) |
Generate ZONEMD digest for the auth zone.
z | the auth zone to digest. omits zonemd at apex and its RRSIG from the digest. |
scheme | the collation scheme to use. Numbers as defined for ZONEMD. |
hashalgo | the hash algo, from the registry defined for ZONEMD type. |
hash | the result buffer. |
buflen | size of the result buffer, must be large enough. or the routine fails. |
resultlen | size of the hash in the result buffer of the result. |
region | temp region for allocs during canonicalisation. |
buf | temp buffer during canonicalisation. |
reason | failure reason, returns a string, NULL on success. |
References secalgo_hash_delete(), zonemd_digest_finish(), zonemd_digest_init(), ZONEMD_SCHEME_SIMPLE, and zonemd_simple_collate().
Referenced by auth_zone_generate_zonemd_check(), and zonemd_generate_test().
int auth_zone_generate_zonemd_check | ( | struct auth_zone * | z, |
int | scheme, | ||
int | hashalgo, | ||
uint8_t * | hash, | ||
size_t | hashlen, | ||
struct regional * | region, | ||
struct sldns_buffer * | buf, | ||
char ** | reason | ||
) |
Check ZONEMD digest for the auth zone.
z | auth zone to digest. |
scheme | zonemd scheme. |
hashalgo | zonemd hash algorithm. |
hash | the hash to check. |
hashlen | length of hash buffer. |
region | temp region for allocs during canonicalisation. |
buf | temp buffer during canonicalisation. |
reason | string returned with failure reason. If the hash cannot be checked, but it is allowed, for unknown algorithms, the routine returns success, and the reason is nonNULL, with the allowance reason. |
References auth_zone_generate_zonemd_hash(), log_hex(), VERB_ALGO, verbose(), verbosity, zonemd_hashalgo_supported(), and zonemd_scheme_supported().
void auth_zone_verify_zonemd | ( | struct auth_zone * | z, |
struct module_env * | env, | ||
struct module_stack * | mods, | ||
char ** | result, | ||
int | offline, | ||
int | only_online | ||
) |
Perform ZONEMD checks and verification for the auth zone.
This includes DNSSEC verification if applicable.
z | auth zone to check. Caller holds lock. wrlock. |
env | with temp region, buffer and config. |
mods | module stack for validator env. |
result | if not NULL, result string strdupped in here. |
offline | if true, there is no spawned lookup when online is needed. Those zones are skipped for ZONEMD checking. |
only_online | if true, only for ZONEMD that need online lookup of DNSKEY chain of trust are processed. |
References module_env::anchors, anchors_lookup(), auth_zone_verify_zonemd_with_key(), auth_zone_zonemd_fail(), rbtree_type::count, auth_zone::data, auth_zone::dclass, trust_anchor::lock, auth_zone::name, trust_anchor::name, auth_zone::namelen, trust_anchor::numDNSKEY, trust_anchor::numDS, query_dname_compare(), regional_free_all(), module_env::scratch, auth_zone::zonemd_check, zonemd_get_dnskey_from_anchor(), and zonemd_lookup_dnskey().
Referenced by auth_zones_pickup_zonemd_verify(), do_auth_zone_reload(), xfr_process_chunk_list(), and zonemd_offline_verify().
void auth_zones_pickup_zonemd_verify | ( | struct auth_zones * | az, |
struct module_env * | env | ||
) |
Check the ZONEMD records that need online DNSSEC chain lookups, for them spawn the lookup process to get it checked out.
Attaches the lookup process to the worker event base and mesh state.
az | auth zones, every zones is checked. |
env | env of the worker where the task is attached. |
References auth_zone_verify_zonemd(), auth_zone::dclass, rbnode_type::key, auth_zones::lock, auth_zone::lock, log_err(), module_env::mesh, mesh_area::mods, auth_zone::name, auth_zone::namelabs, auth_zone::namelen, auth_zone::node, RBTREE_FOR, rbtree_search(), auth_zone::zonemd_check, and auth_zones::ztree.