Struct trust_dns_server::store::sqlite::authority::SqliteAuthority
source · pub struct SqliteAuthority { /* private fields */ }
sqlite
only.Expand description
SqliteAuthority is responsible for storing the resource records for a particular zone.
Authorities default to DNSClass IN. The ZoneType specifies if this should be treated as the start of authority for the zone, is a Secondary, or a cached zone.
Implementations§
source§impl SqliteAuthority
impl SqliteAuthority
sourcepub fn new(
in_memory: InMemoryAuthority,
allow_update: bool,
is_dnssec_enabled: bool
) -> Self
pub fn new( in_memory: InMemoryAuthority, allow_update: bool, is_dnssec_enabled: bool ) -> Self
Creates a new Authority.
Arguments
in_memory
- InMemoryAuthority for all records.allow_update
- If true, then this zone accepts dynamic updates.is_dnssec_enabled
- If true, then the zone will sign the zone with all registered keys, (seeadd_zone_signing_key()
)
Return value
The new Authority
.
sourcepub async fn try_from_config(
origin: Name,
zone_type: ZoneType,
allow_axfr: bool,
enable_dnssec: bool,
root_dir: Option<&Path>,
config: &SqliteConfig
) -> Result<Self, String>
pub async fn try_from_config( origin: Name, zone_type: ZoneType, allow_axfr: bool, enable_dnssec: bool, root_dir: Option<&Path>, config: &SqliteConfig ) -> Result<Self, String>
load the authority from the configuration
sourcepub async fn recover_with_journal(
&mut self,
journal: &Journal
) -> PersistenceResult<()>
pub async fn recover_with_journal( &mut self, journal: &Journal ) -> PersistenceResult<()>
Recovers the zone from a Journal, returns an error on failure to recover the zone.
Arguments
journal
- the journal from which to load the persisted zone.
sourcepub async fn persist_to_journal(&self) -> PersistenceResult<()>
pub async fn persist_to_journal(&self) -> PersistenceResult<()>
Persist the state of the current zone to the journal, does nothing if there is no associated Journal.
Returns an error if there was an issue writing to the persistence layer.
sourcepub async fn set_journal(&mut self, journal: Journal)
pub async fn set_journal(&mut self, journal: Journal)
Associate a backing Journal with this Authority for Updatable zones
sourcepub async fn journal(&self) -> impl Deref<Target = Option<Journal>> + '_
Available on crate feature testing
only.
pub async fn journal(&self) -> impl Deref<Target = Option<Journal>> + '_
testing
only.Returns the associated Journal
sourcepub fn set_allow_update(&mut self, allow_update: bool)
pub fn set_allow_update(&mut self, allow_update: bool)
Enables the zone for dynamic DNS updates
sourcepub async fn verify_prerequisites(
&self,
pre_requisites: &[Record]
) -> UpdateResult<()>
pub async fn verify_prerequisites( &self, pre_requisites: &[Record] ) -> UpdateResult<()>
RFC 2136, DNS Update, April 1997
3.2 - Process Prerequisite Section
Next, the Prerequisite Section is checked to see that all
prerequisites are satisfied by the current state of the zone. Using
the definitions expressed in Section 1.2, if any RR's NAME is not
within the zone specified in the Zone Section, signal NOTZONE to the
requestor.
3.2.1. For RRs in this section whose CLASS is ANY, test to see that
TTL and RDLENGTH are both zero (0), else signal FORMERR to the
requestor. If TYPE is ANY, test to see that there is at least one RR
in the zone whose NAME is the same as that of the Prerequisite RR,
else signal NXDOMAIN to the requestor. If TYPE is not ANY, test to
see that there is at least one RR in the zone whose NAME and TYPE are
the same as that of the Prerequisite RR, else signal NXRRSET to the
requestor.
3.2.2. For RRs in this section whose CLASS is NONE, test to see that
the TTL and RDLENGTH are both zero (0), else signal FORMERR to the
requestor. If the TYPE is ANY, test to see that there are no RRs in
the zone whose NAME is the same as that of the Prerequisite RR, else
signal YXDOMAIN to the requestor. If the TYPE is not ANY, test to
see that there are no RRs in the zone whose NAME and TYPE are the
same as that of the Prerequisite RR, else signal YXRRSET to the
requestor.
3.2.3. For RRs in this section whose CLASS is the same as the ZCLASS,
test to see that the TTL is zero (0), else signal FORMERR to the
requestor. Then, build an RRset for each unique <NAME,TYPE> and
compare each resulting RRset for set equality (same members, no more,
no less) with RRsets in the zone. If any Prerequisite RRset is not
entirely and exactly matched by a zone RRset, signal NXRRSET to the
requestor. If any RR in this section has a CLASS other than ZCLASS
or NONE or ANY, signal FORMERR to the requestor.
3.2.4 - Table Of Metavalues Used In Prerequisite Section
CLASS TYPE RDATA Meaning
------------------------------------------------------------
ANY ANY empty Name is in use
ANY rrset empty RRset exists (value independent)
NONE ANY empty Name is not in use
NONE rrset empty RRset does not exist
zone rrset rr RRset exists (value dependent)
Available on crate feature dnssec
only.
dnssec
only.RFC 2136, DNS Update, April 1997
3.3 - Check Requestor's Permissions
3.3.1. Next, the requestor's permission to update the RRs named in
the Update Section may be tested in an implementation dependent
fashion or using mechanisms specified in a subsequent Secure DNS
Update protocol. If the requestor does not have permission to
perform these updates, the server may write a warning message in its
operations log, and may either signal REFUSED to the requestor, or
ignore the permission problem and proceed with the update.
3.3.2. While the exact processing is implementation defined, if these
verification activities are to be performed, this is the point in the
server's processing where such performance should take place, since
if a REFUSED condition is encountered after an update has been
partially applied, it will be necessary to undo the partial update
and restore the zone to its original state before answering the
requestor.
sourcepub async fn pre_scan(&self, records: &[Record]) -> UpdateResult<()>
pub async fn pre_scan(&self, records: &[Record]) -> UpdateResult<()>
RFC 2136, DNS Update, April 1997
3.4 - Process Update Section
Next, the Update Section is processed as follows.
3.4.1 - Prescan
The Update Section is parsed into RRs and each RR's CLASS is checked
to see if it is ANY, NONE, or the same as the Zone Class, else signal
a FORMERR to the requestor. Using the definitions in Section 1.2,
each RR's NAME must be in the zone specified by the Zone Section,
else signal NOTZONE to the requestor.
3.4.1.2. For RRs whose CLASS is not ANY, check the TYPE and if it is
ANY, AXFR, MAILA, MAILB, or any other QUERY metatype, or any
unrecognized type, then signal FORMERR to the requestor. For RRs
whose CLASS is ANY or NONE, check the TTL to see that it is zero (0),
else signal a FORMERR to the requestor. For any RR whose CLASS is
ANY, check the RDLENGTH to make sure that it is zero (0) (that is,
the RDATA field is empty), and that the TYPE is not AXFR, MAILA,
MAILB, or any other QUERY metatype besides ANY, or any unrecognized
type, else signal FORMERR to the requestor.
sourcepub async fn update_records(
&self,
records: &[Record],
auto_signing_and_increment: bool
) -> UpdateResult<bool>
pub async fn update_records( &self, records: &[Record], auto_signing_and_increment: bool ) -> UpdateResult<bool>
Updates the specified records according to the update section.
RFC 2136, DNS Update, April 1997
3.4.2.6 - Table Of Metavalues Used In Update Section
CLASS TYPE RDATA Meaning
---------------------------------------------------------
ANY ANY empty Delete all RRsets from a name
ANY rrset empty Delete an RRset
NONE rrset rr Delete an RR from an RRset
zone rrset rr Add to an RRset
Arguments
records
- set of record instructions for update following above rulesauto_signing_and_increment
- if true, the zone will sign and increment the SOA, this should be disabled during recovery.
Methods from Deref<Target = InMemoryAuthority>§
sourcepub fn set_allow_axfr(&mut self, allow_axfr: bool)
Available on crate feature testing
only.
pub fn set_allow_axfr(&mut self, allow_axfr: bool)
testing
only.Allow AXFR’s (zone transfers)
sourcepub async fn secure_keys(&self) -> impl Deref<Target = [SigSigner]> + '_
pub async fn secure_keys(&self) -> impl Deref<Target = [SigSigner]> + '_
Retrieve the Signer, which contains the private keys, for this zone
sourcepub async fn records_mut(
&self
) -> impl DerefMut<Target = BTreeMap<RrKey, Arc<RecordSet>>> + '_
pub async fn records_mut( &self ) -> impl DerefMut<Target = BTreeMap<RrKey, Arc<RecordSet>>> + '_
Get a mutable reference to the records
sourcepub fn records_get_mut(&mut self) -> &mut BTreeMap<RrKey, Arc<RecordSet>>
pub fn records_get_mut(&mut self) -> &mut BTreeMap<RrKey, Arc<RecordSet>>
Get a mutable reference to the records
sourcepub async fn minimum_ttl(&self) -> u32
pub async fn minimum_ttl(&self) -> u32
Returns the minimum ttl (as used in the SOA record)
sourcepub async fn upsert(&self, record: Record, serial: u32) -> bool
pub async fn upsert(&self, record: Record, serial: u32) -> bool
Inserts or updates a Record
depending on it’s existence in the authority.
Guarantees that SOA, CNAME only has one record, will implicitly update if they already exist.
Arguments
record
- TheRecord
to be inserted or updated.serial
- Current serial number to be recorded against updates.
Return value
true if the value was inserted, false otherwise
sourcepub fn upsert_mut(&mut self, record: Record, serial: u32) -> bool
pub fn upsert_mut(&mut self, record: Record, serial: u32) -> bool
Non-async version of upsert when behind a mutable reference.
sourcepub fn add_update_auth_key_mut(
&mut self,
name: Name,
key: KEY
) -> DnsSecResult<()>
Available on crate feature dnssec
only.
pub fn add_update_auth_key_mut( &mut self, name: Name, key: KEY ) -> DnsSecResult<()>
dnssec
only.Non-async method of add_update_auth_key when behind a mutable reference
sourcepub fn add_zone_signing_key_mut(
&mut self,
signer: SigSigner
) -> DnsSecResult<()>
Available on crate feature dnssec
only.
pub fn add_zone_signing_key_mut( &mut self, signer: SigSigner ) -> DnsSecResult<()>
dnssec
only.Non-async method of add_zone_signing_key when behind a mutable reference
sourcepub fn secure_zone_mut(&mut self) -> DnsSecResult<()>
Available on crate feature dnssec
only.
pub fn secure_zone_mut(&mut self) -> DnsSecResult<()>
dnssec
only.(Re)generates the nsec records, increments the serial number and signs the zone
Trait Implementations§
source§impl Authority for SqliteAuthority
impl Authority for SqliteAuthority
source§fn is_axfr_allowed(&self) -> bool
fn is_axfr_allowed(&self) -> bool
Return true if AXFR is allowed
source§fn update<'life0, 'life1, 'async_trait>(
&'life0 self,
update: &'life1 MessageRequest
) -> Pin<Box<dyn Future<Output = UpdateResult<bool>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
fn update<'life0, 'life1, 'async_trait>(
&'life0 self,
update: &'life1 MessageRequest
) -> Pin<Box<dyn Future<Output = UpdateResult<bool>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
Takes the UpdateMessage, extracts the Records, and applies the changes to the record set.
RFC 2136, DNS Update, April 1997
3.4 - Process Update Section
Next, the Update Section is processed as follows.
3.4.2 - Update
The Update Section is parsed into RRs and these RRs are processed in
order.
3.4.2.1. If any system failure (such as an out of memory condition,
or a hardware error in persistent storage) occurs during the
processing of this section, signal SERVFAIL to the requestor and undo
all updates applied to the zone during this transaction.
3.4.2.2. Any Update RR whose CLASS is the same as ZCLASS is added to
the zone. In case of duplicate RDATAs (which for SOA RRs is always
the case, and for WKS RRs is the case if the ADDRESS and PROTOCOL
fields both match), the Zone RR is replaced by Update RR. If the
TYPE is SOA and there is no Zone SOA RR, or the new SOA.SERIAL is
lower (according to [RFC1982]) than or equal to the current Zone SOA
RR's SOA.SERIAL, the Update RR is ignored. In the case of a CNAME
Update RR and a non-CNAME Zone RRset or vice versa, ignore the CNAME
Update RR, otherwise replace the CNAME Zone RR with the CNAME Update
RR.
3.4.2.3. For any Update RR whose CLASS is ANY and whose TYPE is ANY,
all Zone RRs with the same NAME are deleted, unless the NAME is the
same as ZNAME in which case only those RRs whose TYPE is other than
SOA or NS are deleted. For any Update RR whose CLASS is ANY and
whose TYPE is not ANY all Zone RRs with the same NAME and TYPE are
deleted, unless the NAME is the same as ZNAME in which case neither
SOA or NS RRs will be deleted.
3.4.2.4. For any Update RR whose class is NONE, any Zone RR whose
NAME, TYPE, RDATA and RDLENGTH are equal to the Update RR is deleted,
unless the NAME is the same as ZNAME and either the TYPE is SOA or
the TYPE is NS and the matching Zone RR is the only NS remaining in
the RRset, in which case this Update RR is ignored.
3.4.2.5. Signal NOERROR to the requestor.
Arguments
update
- TheUpdateMessage
records will be extracted and used to perform the update actions as specified in the above RFC.
Return value
true if any of additions, updates or deletes were made to the zone, false otherwise. Err is returned in the case of bad data, etc.
source§fn origin(&self) -> &LowerName
fn origin(&self) -> &LowerName
Get the origin of this zone, i.e. example.com is the origin for www.example.com
source§fn lookup<'life0, 'life1, 'async_trait>(
&'life0 self,
name: &'life1 LowerName,
rtype: RecordType,
lookup_options: LookupOptions
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
fn lookup<'life0, 'life1, 'async_trait>(
&'life0 self,
name: &'life1 LowerName,
rtype: RecordType,
lookup_options: LookupOptions
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
Looks up all Resource Records matching the giving Name
and RecordType
.
Arguments
name
- TheName
, label, to lookup.rtype
- TheRecordType
, to lookup.RecordType::ANY
will return all records matchingname
.RecordType::AXFR
will return all record types exceptRecordType::SOA
due to the requirements that on zone transfers theRecordType::SOA
must both precede and follow all other records.is_secure
- If the DO bit is set on the EDNS OPT record, then return RRSIGs as well.
Return value
None if there are no matching records, otherwise a Vec
containing the found records.
source§fn get_nsec_records<'life0, 'life1, 'async_trait>(
&'life0 self,
name: &'life1 LowerName,
lookup_options: LookupOptions
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
fn get_nsec_records<'life0, 'life1, 'async_trait>(
&'life0 self,
name: &'life1 LowerName,
lookup_options: LookupOptions
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
Return the NSEC records based on the given name
Arguments
name
- given this name (i.e. the lookup name), return the NSEC record that is less than thisis_secure
- if true then it will return RRSIG records as well
§type Lookup = <InMemoryAuthority as Authority>::Lookup
type Lookup = <InMemoryAuthority as Authority>::Lookup
source§fn search<'life0, 'life1, 'async_trait>(
&'life0 self,
request_info: RequestInfo<'life1>,
lookup_options: LookupOptions
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
fn search<'life0, 'life1, 'async_trait>(
&'life0 self,
request_info: RequestInfo<'life1>,
lookup_options: LookupOptions
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
source§fn ns<'life0, 'async_trait>(
&'life0 self,
lookup_options: LookupOptions
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
fn ns<'life0, 'async_trait>(
&'life0 self,
lookup_options: LookupOptions
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
source§fn soa<'life0, 'async_trait>(
&'life0 self
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
fn soa<'life0, 'async_trait>(
&'life0 self
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
source§fn soa_secure<'life0, 'async_trait>(
&'life0 self,
lookup_options: LookupOptions
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
fn soa_secure<'life0, 'async_trait>(
&'life0 self,
lookup_options: LookupOptions
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
source§impl Deref for SqliteAuthority
impl Deref for SqliteAuthority
source§impl DerefMut for SqliteAuthority
impl DerefMut for SqliteAuthority
source§impl DnssecAuthority for SqliteAuthority
Available on crate feature dnssec
only.
impl DnssecAuthority for SqliteAuthority
dnssec
only.source§fn add_zone_signing_key<'life0, 'async_trait>(
&'life0 self,
signer: SigSigner
) -> Pin<Box<dyn Future<Output = DnsSecResult<()>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
fn add_zone_signing_key<'life0, 'async_trait>(
&'life0 self,
signer: SigSigner
) -> Pin<Box<dyn Future<Output = DnsSecResult<()>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
By adding a secure key, this will implicitly enable dnssec for the zone.
Arguments
signer
- Signer with associated private key
source§fn secure_zone<'life0, 'async_trait>(
&'life0 self
) -> Pin<Box<dyn Future<Output = DnsSecResult<()>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
fn secure_zone<'life0, 'async_trait>(
&'life0 self
) -> Pin<Box<dyn Future<Output = DnsSecResult<()>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
(Re)generates the nsec records, increments the serial number and signs the zone