Struct trust_dns_server::store::sqlite::authority::SqliteAuthority

pub struct SqliteAuthority { /* private fields */ }

Available on crate feature sqlite only.

SqliteAuthority is responsible for storing the resource records for a particular zone.

Authorities default to DNSClass IN. The ZoneType specifies if this should be treated as the start of authority for the zone, is a Secondary, or a cached zone.

Implementations

impl SqliteAuthority

pub fn new( in_memory: InMemoryAuthority, allow_update: bool, is_dnssec_enabled: bool ) -> Self

Creates a new Authority.

Arguments

• in_memory - InMemoryAuthority for all records.
• allow_update - If true, then this zone accepts dynamic updates.
• is_dnssec_enabled - If true, then the zone will sign the zone with all registered keys, (see add_zone_signing_key())

Return value

The new Authority.

pub async fn try_from_config( origin: Name, zone_type: ZoneType, allow_axfr: bool, enable_dnssec: bool, root_dir: Option<&Path>, config: &SqliteConfig ) -> Result<Self, String>

load the authority from the configuration

pub async fn recover_with_journal( &mut self, journal: &Journal ) -> PersistenceResult<()>

Recovers the zone from a Journal, returns an error on failure to recover the zone.

Arguments

• journal - the journal from which to load the persisted zone.

pub async fn persist_to_journal(&self) -> PersistenceResult<()>

Persist the state of the current zone to the journal, does nothing if there is no associated Journal.

Returns an error if there was an issue writing to the persistence layer.

pub async fn set_journal(&mut self, journal: Journal)

Associate a backing Journal with this Authority for Updatable zones

pub async fn journal(&self) -> impl Deref<Target = Option<Journal>> + '_

Available on crate feature testing only.

Returns the associated Journal

pub fn set_allow_update(&mut self, allow_update: bool)

Enables the zone for dynamic DNS updates

pub async fn serial(&self) -> u32

Available on crate feature testing only.

Get serial

pub async fn verify_prerequisites( &self, pre_requisites: &[Record] ) -> UpdateResult<()>

RFC 2136, DNS Update, April 1997

3.2 - Process Prerequisite Section

  Next, the Prerequisite Section is checked to see that all
  prerequisites are satisfied by the current state of the zone.  Using
  the definitions expressed in Section 1.2, if any RR's NAME is not
  within the zone specified in the Zone Section, signal NOTZONE to the
  requestor.

3.2.1. For RRs in this section whose CLASS is ANY, test to see that
  TTL and RDLENGTH are both zero (0), else signal FORMERR to the
  requestor.  If TYPE is ANY, test to see that there is at least one RR
  in the zone whose NAME is the same as that of the Prerequisite RR,
  else signal NXDOMAIN to the requestor.  If TYPE is not ANY, test to
  see that there is at least one RR in the zone whose NAME and TYPE are
  the same as that of the Prerequisite RR, else signal NXRRSET to the
  requestor.

3.2.2. For RRs in this section whose CLASS is NONE, test to see that
  the TTL and RDLENGTH are both zero (0), else signal FORMERR to the
  requestor.  If the TYPE is ANY, test to see that there are no RRs in
  the zone whose NAME is the same as that of the Prerequisite RR, else
  signal YXDOMAIN to the requestor.  If the TYPE is not ANY, test to
  see that there are no RRs in the zone whose NAME and TYPE are the
  same as that of the Prerequisite RR, else signal YXRRSET to the
  requestor.

3.2.3. For RRs in this section whose CLASS is the same as the ZCLASS,
  test to see that the TTL is zero (0), else signal FORMERR to the
  requestor.  Then, build an RRset for each unique <NAME,TYPE> and
  compare each resulting RRset for set equality (same members, no more,
  no less) with RRsets in the zone.  If any Prerequisite RRset is not
  entirely and exactly matched by a zone RRset, signal NXRRSET to the
  requestor.  If any RR in this section has a CLASS other than ZCLASS
  or NONE or ANY, signal FORMERR to the requestor.

3.2.4 - Table Of Metavalues Used In Prerequisite Section

  CLASS    TYPE     RDATA    Meaning
  ------------------------------------------------------------
  ANY      ANY      empty    Name is in use
  ANY      rrset    empty    RRset exists (value independent)
  NONE     ANY      empty    Name is not in use
  NONE     rrset    empty    RRset does not exist
  zone     rrset    rr       RRset exists (value dependent)

pub async fn authorize( &self, update_message: &MessageRequest ) -> UpdateResult<()>

Available on crate feature dnssec only.

RFC 2136, DNS Update, April 1997

3.3 - Check Requestor's Permissions

3.3.1. Next, the requestor's permission to update the RRs named in
  the Update Section may be tested in an implementation dependent
  fashion or using mechanisms specified in a subsequent Secure DNS
  Update protocol.  If the requestor does not have permission to
  perform these updates, the server may write a warning message in its
  operations log, and may either signal REFUSED to the requestor, or
  ignore the permission problem and proceed with the update.

3.3.2. While the exact processing is implementation defined, if these
  verification activities are to be performed, this is the point in the
  server's processing where such performance should take place, since
  if a REFUSED condition is encountered after an update has been
  partially applied, it will be necessary to undo the partial update
  and restore the zone to its original state before answering the
  requestor.

pub async fn pre_scan(&self, records: &[Record]) -> UpdateResult<()>

RFC 2136, DNS Update, April 1997

3.4 - Process Update Section

  Next, the Update Section is processed as follows.

3.4.1 - Prescan

  The Update Section is parsed into RRs and each RR's CLASS is checked
  to see if it is ANY, NONE, or the same as the Zone Class, else signal
  a FORMERR to the requestor.  Using the definitions in Section 1.2,
  each RR's NAME must be in the zone specified by the Zone Section,
  else signal NOTZONE to the requestor.

3.4.1.2. For RRs whose CLASS is not ANY, check the TYPE and if it is
  ANY, AXFR, MAILA, MAILB, or any other QUERY metatype, or any
  unrecognized type, then signal FORMERR to the requestor.  For RRs
  whose CLASS is ANY or NONE, check the TTL to see that it is zero (0),
  else signal a FORMERR to the requestor.  For any RR whose CLASS is
  ANY, check the RDLENGTH to make sure that it is zero (0) (that is,
  the RDATA field is empty), and that the TYPE is not AXFR, MAILA,
  MAILB, or any other QUERY metatype besides ANY, or any unrecognized
  type, else signal FORMERR to the requestor.

pub async fn update_records( &self, records: &[Record], auto_signing_and_increment: bool ) -> UpdateResult<bool>

Updates the specified records according to the update section.

RFC 2136, DNS Update, April 1997

3.4.2.6 - Table Of Metavalues Used In Update Section

  CLASS    TYPE     RDATA    Meaning
  ---------------------------------------------------------
  ANY      ANY      empty    Delete all RRsets from a name
  ANY      rrset    empty    Delete an RRset
  NONE     rrset    rr       Delete an RR from an RRset
  zone     rrset    rr       Add to an RRset

Arguments

• records - set of record instructions for update following above rules
• auto_signing_and_increment - if true, the zone will sign and increment the SOA, this should be disabled during recovery.

Methods from Deref<Target = InMemoryAuthority>

pub fn class(&self) -> DNSClass

The DNSClass of this zone

pub fn set_allow_axfr(&mut self, allow_axfr: bool)

Available on crate feature testing only.

Allow AXFR’s (zone transfers)

pub fn clear(&mut self)

Clears all records (including SOA, etc)

pub async fn secure_keys(&self) -> impl Deref<Target = [SigSigner]> + '_

Retrieve the Signer, which contains the private keys, for this zone

pub async fn records(&self) -> BTreeMap<RrKey, Arc<RecordSet>>

Get all the records

pub async fn records_mut( &self ) -> impl DerefMut<Target = BTreeMap<RrKey, Arc<RecordSet>>> + '_

Get a mutable reference to the records

pub fn records_get_mut(&mut self) -> &mut BTreeMap<RrKey, Arc<RecordSet>>

Get a mutable reference to the records

pub async fn minimum_ttl(&self) -> u32

Returns the minimum ttl (as used in the SOA record)

pub async fn serial(&self) -> u32

get the current serial number for the zone.

pub async fn upsert(&self, record: Record, serial: u32) -> bool

Inserts or updates a Record depending on it’s existence in the authority.

Guarantees that SOA, CNAME only has one record, will implicitly update if they already exist.

Arguments

• record - The Record to be inserted or updated.
• serial - Current serial number to be recorded against updates.

Return value

true if the value was inserted, false otherwise

pub fn upsert_mut(&mut self, record: Record, serial: u32) -> bool

Non-async version of upsert when behind a mutable reference.

pub fn add_update_auth_key_mut( &mut self, name: Name, key: KEY ) -> DnsSecResult<()>

Available on crate feature dnssec only.

Non-async method of add_update_auth_key when behind a mutable reference

pub fn add_zone_signing_key_mut( &mut self, signer: SigSigner ) -> DnsSecResult<()>

Available on crate feature dnssec only.

Non-async method of add_zone_signing_key when behind a mutable reference

pub fn secure_zone_mut(&mut self) -> DnsSecResult<()>

Available on crate feature dnssec only.

(Re)generates the nsec records, increments the serial number and signs the zone

Trait Implementations

impl Authority for SqliteAuthority

fn zone_type(&self) -> ZoneType

What type is this zone

fn is_axfr_allowed(&self) -> bool

Return true if AXFR is allowed

fn update<'life0, 'life1, 'async_trait>( &'life0 self, update: &'life1 MessageRequest ) -> Pin<Box<dyn Future<Output = UpdateResult<bool>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Takes the UpdateMessage, extracts the Records, and applies the changes to the record set.

RFC 2136, DNS Update, April 1997

3.4 - Process Update Section

  Next, the Update Section is processed as follows.

3.4.2 - Update

  The Update Section is parsed into RRs and these RRs are processed in
  order.

3.4.2.1. If any system failure (such as an out of memory condition,
  or a hardware error in persistent storage) occurs during the
  processing of this section, signal SERVFAIL to the requestor and undo
  all updates applied to the zone during this transaction.

3.4.2.2. Any Update RR whose CLASS is the same as ZCLASS is added to
  the zone.  In case of duplicate RDATAs (which for SOA RRs is always
  the case, and for WKS RRs is the case if the ADDRESS and PROTOCOL
  fields both match), the Zone RR is replaced by Update RR.  If the
  TYPE is SOA and there is no Zone SOA RR, or the new SOA.SERIAL is
  lower (according to [RFC1982]) than or equal to the current Zone SOA
  RR's SOA.SERIAL, the Update RR is ignored.  In the case of a CNAME
  Update RR and a non-CNAME Zone RRset or vice versa, ignore the CNAME
  Update RR, otherwise replace the CNAME Zone RR with the CNAME Update
  RR.

3.4.2.3. For any Update RR whose CLASS is ANY and whose TYPE is ANY,
  all Zone RRs with the same NAME are deleted, unless the NAME is the
  same as ZNAME in which case only those RRs whose TYPE is other than
  SOA or NS are deleted.  For any Update RR whose CLASS is ANY and
  whose TYPE is not ANY all Zone RRs with the same NAME and TYPE are
  deleted, unless the NAME is the same as ZNAME in which case neither
  SOA or NS RRs will be deleted.

3.4.2.4. For any Update RR whose class is NONE, any Zone RR whose
  NAME, TYPE, RDATA and RDLENGTH are equal to the Update RR is deleted,
  unless the NAME is the same as ZNAME and either the TYPE is SOA or
  the TYPE is NS and the matching Zone RR is the only NS remaining in
  the RRset, in which case this Update RR is ignored.

3.4.2.5. Signal NOERROR to the requestor.

Arguments

• update - The UpdateMessage records will be extracted and used to perform the update actions as specified in the above RFC.

Return value

true if any of additions, updates or deletes were made to the zone, false otherwise. Err is returned in the case of bad data, etc.

fn origin(&self) -> &LowerName

Get the origin of this zone, i.e. example.com is the origin for www.example.com

fn lookup<'life0, 'life1, 'async_trait>( &'life0 self, name: &'life1 LowerName, rtype: RecordType, lookup_options: LookupOptions ) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Looks up all Resource Records matching the giving Name and RecordType.

Arguments

• name - The Name, label, to lookup.
• rtype - The RecordType, to lookup. RecordType::ANY will return all records matching name. RecordType::AXFR will return all record types except RecordType::SOA due to the requirements that on zone transfers the RecordType::SOA must both precede and follow all other records.
• is_secure - If the DO bit is set on the EDNS OPT record, then return RRSIGs as well.

Return value

None if there are no matching records, otherwise a Vec containing the found records.

fn get_nsec_records<'life0, 'life1, 'async_trait>( &'life0 self, name: &'life1 LowerName, lookup_options: LookupOptions ) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Return the NSEC records based on the given name

Arguments

• name - given this name (i.e. the lookup name), return the NSEC record that is less than this
• is_secure - if true then it will return RRSIG records as well

type Lookup = <InMemoryAuthority as Authority>::Lookup

Result of a lookup

fn search<'life0, 'life1, 'async_trait>( &'life0 self, request_info: RequestInfo<'life1>, lookup_options: LookupOptions ) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Using the specified query, perform a lookup against this zone.

fn ns<'life0, 'async_trait>( &'life0 self, lookup_options: LookupOptions ) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait,

Get the NS, NameServer, record for the zone

fn soa<'life0, 'async_trait>( &'life0 self ) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait,

Returns the SOA of the authority.

fn soa_secure<'life0, 'async_trait>( &'life0 self, lookup_options: LookupOptions ) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait,

Returns the SOA record for the zone

impl Deref for SqliteAuthority

type Target = InMemoryAuthority

The resulting type after dereferencing.

fn deref(&self) -> &Self::Target

Dereferences the value.

impl DerefMut for SqliteAuthority

fn deref_mut(&mut self) -> &mut Self::Target

Mutably dereferences the value.

impl DnssecAuthority for SqliteAuthority

Available on crate feature dnssec only.

fn add_zone_signing_key<'life0, 'async_trait>( &'life0 self, signer: SigSigner ) -> Pin<Box<dyn Future<Output = DnsSecResult<()>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait,

By adding a secure key, this will implicitly enable dnssec for the zone.

Arguments

• signer - Signer with associated private key

fn secure_zone<'life0, 'async_trait>( &'life0 self ) -> Pin<Box<dyn Future<Output = DnsSecResult<()>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait,

(Re)generates the nsec records, increments the serial number and signs the zone

fn add_update_auth_key<'life0, 'async_trait>( &'life0 self, name: Name, key: KEY ) -> Pin<Box<dyn Future<Output = DnsSecResult<()>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait,

Add a (Sig0) key that is authorized to perform updates against this authority