Struct SqliteZoneHandler 

pub struct SqliteZoneHandler<P = TokioRuntimeProvider> { /* private fields */ }

Available on crate feature sqlite only.

SqliteZoneHandler is responsible for storing the resource records for a particular zone.

Zone handlers default to DNSClass IN. The ZoneType specifies if this should be treated as the start of authority for the zone, is a Secondary, or a cached zone.

Implementations

impl<P: RuntimeProvider + Send + Sync> SqliteZoneHandler<P>

pub fn new( in_memory: InMemoryZoneHandler<P>, axfr_policy: AxfrPolicy, allow_update: bool, is_dnssec_enabled: bool, ) -> Self

Creates a new ZoneHandler.

Arguments

• in_memory - InMemoryZoneHandler for all records.
• axfr_policy - A policy for determining if AXFR requests are allowed.
• allow_update - If true, then this zone accepts dynamic updates.
• is_dnssec_enabled - If true, then the zone will sign the zone with all registered keys, (see add_zone_signing_key())

Return value

The new ZoneHandler.

pub async fn try_from_config( origin: Name, zone_type: ZoneType, axfr_policy: AxfrPolicy, enable_dnssec: bool, root_dir: Option<&Path>, config: &SqliteConfig, nx_proof_kind: Option<NxProofKind>, ) -> Result<Self, String>

load the zone handler from the configuration

pub async fn recover_with_journal( &mut self, journal: &Journal, ) -> Result<(), PersistenceError>

Recovers the zone from a Journal, returns an error on failure to recover the zone.

Arguments

• journal - the journal from which to load the persisted zone.

pub async fn persist_to_journal(&self) -> Result<(), PersistenceError>

Persist the state of the current zone to the journal, does nothing if there is no associated Journal.

Returns an error if there was an issue writing to the persistence layer.

pub async fn set_journal(&mut self, journal: Journal)

Associate a backing Journal with this ZoneHandler for Updatable zones

pub async fn journal(&self) -> impl Deref<Target = Option<Journal>> + '_

Available on crate features testing only.

Returns the associated Journal

pub fn set_allow_update(&mut self, allow_update: bool)

Enables the zone for dynamic DNS updates

pub fn set_tsig_signers(&mut self, signers: Vec<TSigner>)

Available on (crate features testing) and crate feature __dnssec only.

Set the TSIG signers allowed to authenticate updates when allow_update is true

pub fn set_axfr_policy(&mut self, policy: AxfrPolicy)

Available on crate feature testing only.

Set the AXFR policy for testing purposes

pub async fn serial(&self) -> u32

Available on crate features testing only.

Get serial

pub async fn verify_prerequisites( &self, pre_requisites: &[Record], ) -> Result<(), ResponseCode>

RFC 2136, DNS Update, April 1997

3.2 - Process Prerequisite Section

  Next, the Prerequisite Section is checked to see that all
  prerequisites are satisfied by the current state of the zone.  Using
  the definitions expressed in Section 1.2, if any RR's NAME is not
  within the zone specified in the Zone Section, signal NOTZONE to the
  requestor.

3.2.1. For RRs in this section whose CLASS is ANY, test to see that
  TTL and RDLENGTH are both zero (0), else signal FORMERR to the
  requestor.  If TYPE is ANY, test to see that there is at least one RR
  in the zone whose NAME is the same as that of the Prerequisite RR,
  else signal NXDOMAIN to the requestor.  If TYPE is not ANY, test to
  see that there is at least one RR in the zone whose NAME and TYPE are
  the same as that of the Prerequisite RR, else signal NXRRSET to the
  requestor.

3.2.2. For RRs in this section whose CLASS is NONE, test to see that
  the TTL and RDLENGTH are both zero (0), else signal FORMERR to the
  requestor.  If the TYPE is ANY, test to see that there are no RRs in
  the zone whose NAME is the same as that of the Prerequisite RR, else
  signal YXDOMAIN to the requestor.  If the TYPE is not ANY, test to
  see that there are no RRs in the zone whose NAME and TYPE are the
  same as that of the Prerequisite RR, else signal YXRRSET to the
  requestor.

3.2.3. For RRs in this section whose CLASS is the same as the ZCLASS,
  test to see that the TTL is zero (0), else signal FORMERR to the
  requestor.  Then, build an RRset for each unique <NAME,TYPE> and
  compare each resulting RRset for set equality (same members, no more,
  no less) with RRsets in the zone.  If any Prerequisite RRset is not
  entirely and exactly matched by a zone RRset, signal NXRRSET to the
  requestor.  If any RR in this section has a CLASS other than ZCLASS
  or NONE or ANY, signal FORMERR to the requestor.

3.2.4 - Table Of Metavalues Used In Prerequisite Section

  CLASS    TYPE     RDATA    Meaning
  ------------------------------------------------------------
  ANY      ANY      empty    Name is in use
  ANY      rrset    empty    RRset exists (value independent)
  NONE     ANY      empty    Name is not in use
  NONE     rrset    empty    RRset does not exist
  zone     rrset    rr       RRset exists (value dependent)

pub async fn authorize_update( &self, request: &Request, now: u64, ) -> (Result<(), ResponseCode>, Option<TSigResponseContext>)

Available on crate feature __dnssec only.

RFC 2136, DNS Update, April 1997

3.3 - Check Requestor's Permissions

3.3.1. Next, the requestor's permission to update the RRs named in
  the Update Section may be tested in an implementation dependent
  fashion or using mechanisms specified in a subsequent Secure DNS
  Update protocol.  If the requestor does not have permission to
  perform these updates, the server may write a warning message in its
  operations log, and may either signal REFUSED to the requestor, or
  ignore the permission problem and proceed with the update.

3.3.2. While the exact processing is implementation defined, if these
  verification activities are to be performed, this is the point in the
  server's processing where such performance should take place, since
  if a REFUSED condition is encountered after an update has been
  partially applied, it will be necessary to undo the partial update
  and restore the zone to its original state before answering the
  requestor.

pub async fn pre_scan(&self, records: &[Record]) -> Result<(), ResponseCode>

RFC 2136, DNS Update, April 1997

3.4 - Process Update Section

  Next, the Update Section is processed as follows.

3.4.1 - Prescan

  The Update Section is parsed into RRs and each RR's CLASS is checked
  to see if it is ANY, NONE, or the same as the Zone Class, else signal
  a FORMERR to the requestor.  Using the definitions in Section 1.2,
  each RR's NAME must be in the zone specified by the Zone Section,
  else signal NOTZONE to the requestor.

3.4.1.2. For RRs whose CLASS is not ANY, check the TYPE and if it is
  ANY, AXFR, MAILA, MAILB, or any other QUERY metatype, or any
  unrecognized type, then signal FORMERR to the requestor.  For RRs
  whose CLASS is ANY or NONE, check the TTL to see that it is zero (0),
  else signal a FORMERR to the requestor.  For any RR whose CLASS is
  ANY, check the RDLENGTH to make sure that it is zero (0) (that is,
  the RDATA field is empty), and that the TYPE is not AXFR, MAILA,
  MAILB, or any other QUERY metatype besides ANY, or any unrecognized
  type, else signal FORMERR to the requestor.

pub async fn update_records( &self, records: &[Record], auto_signing_and_increment: bool, ) -> Result<bool, ResponseCode>

Updates the specified records according to the update section.

RFC 2136, DNS Update, April 1997

3.4.2.6 - Table Of Metavalues Used In Update Section

  CLASS    TYPE     RDATA    Meaning
  ---------------------------------------------------------
  ANY      ANY      empty    Delete all RRsets from a name
  ANY      rrset    empty    Delete an RRset
  NONE     rrset    rr       Delete an RR from an RRset
  zone     rrset    rr       Add to an RRset

Arguments

• records - set of record instructions for update following above rules
• auto_signing_and_increment - if true, the zone will sign and increment the SOA, this should be disabled during recovery.

Methods from Deref<Target = InMemoryZoneHandler<P>>

pub fn class(&self) -> DNSClass

The DNSClass of this zone

pub fn set_axfr_policy(&mut self, policy: AxfrPolicy)

Available on crate features testing only.

Set the AXFR policy for testing purposes

pub fn clear(&mut self)

Clears all records (including SOA, etc)

pub async fn secure_keys(&self) -> impl Deref<Target = [DnssecSigner]> + '_

Available on crate features __dnssec and testing only.

Retrieve the Signer, which contains the private keys, for this zone

pub async fn records( &self, ) -> impl Deref<Target = BTreeMap<RrKey, Arc<RecordSet>>> + '_

Get all the records

pub async fn records_mut( &self, ) -> impl DerefMut<Target = BTreeMap<RrKey, Arc<RecordSet>>> + '_

Get a mutable reference to the records

pub fn records_get_mut(&mut self) -> &mut BTreeMap<RrKey, Arc<RecordSet>>

Get a mutable reference to the records

pub async fn minimum_ttl(&self) -> u32

Returns the minimum ttl (as used in the SOA record)

pub async fn serial(&self) -> u32

get the current serial number for the zone.

pub async fn upsert(&self, record: Record, serial: u32) -> bool

Inserts or updates a Record depending on its existence in the zone.

Guarantees that SOA, CNAME only has one record, will implicitly update if they already exist.

Arguments

• record - The Record to be inserted or updated.
• serial - Current serial number to be recorded against updates.

Return value

true if the value was inserted, false otherwise

pub fn upsert_mut(&mut self, record: Record, serial: u32) -> bool

Non-async version of upsert when behind a mutable reference.

pub fn add_zone_signing_key_mut( &mut self, signer: DnssecSigner, ) -> DnsSecResult<()>

Available on crate feature __dnssec only.

Non-async method of add_zone_signing_key when behind a mutable reference

pub fn secure_zone_mut(&mut self) -> DnsSecResult<()>

Available on crate feature __dnssec only.

(Re)generates the nsec records, increments the serial number and signs the zone

Trait Implementations

impl<P> Deref for SqliteZoneHandler<P>

type Target = InMemoryZoneHandler<P>

The resulting type after dereferencing.

fn deref(&self) -> &Self::Target

Dereferences the value.

impl<P> DerefMut for SqliteZoneHandler<P>

fn deref_mut(&mut self) -> &mut Self::Target

Mutably dereferences the value.

impl<P: RuntimeProvider + Send + Sync> DnssecZoneHandler for SqliteZoneHandler<P>

fn add_zone_signing_key<'life0, 'async_trait>( &'life0 self, signer: DnssecSigner, ) -> Pin<Box<dyn Future<Output = DnsSecResult<()>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait,

By adding a secure key, this will implicitly enable dnssec for the zone.

Arguments

• signer - Signer with associated private key

fn secure_zone<'life0, 'async_trait>( &'life0 self, ) -> Pin<Box<dyn Future<Output = DnsSecResult<()>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait,

(Re)generates the nsec records, increments the serial number and signs the zone

impl<P: RuntimeProvider + Send + Sync> ZoneHandler for SqliteZoneHandler<P>

fn zone_type(&self) -> ZoneType

What type is this zone

fn axfr_policy(&self) -> AxfrPolicy

Return a policy that can be used to determine how AXFR requests should be handled.

fn update<'life0, 'life1, 'async_trait>( &'life0 self, _request: &'life1 Request, _now: u64, ) -> Pin<Box<dyn Future<Output = (Result<bool, ResponseCode>, Option<TSigResponseContext>)> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Takes the UpdateMessage, extracts the Records, and applies the changes to the record set.

Arguments

• update - The UpdateMessage records will be extracted and used to perform the update actions as specified in the above RFC.

Return value

Always returns Err(NotImp) if DNSSEC is disabled. Returns Ok(true) if any of additions, updates or deletes were made to the zone, false otherwise. Err is returned in the case of bad data, etc.

See RFC 2136 section 3.4 for details.

fn origin(&self) -> &LowerName

Get the origin of this zone, i.e. example.com is the origin for www.example.com

fn lookup<'life0, 'life1, 'life2, 'life3, 'async_trait>( &'life0 self, name: &'life1 LowerName, rtype: RecordType, request_info: Option<&'life2 RequestInfo<'life3>>, lookup_options: LookupOptions, ) -> Pin<Box<dyn Future<Output = LookupControlFlow<AuthLookup>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait, 'life3: 'async_trait,

Looks up all Resource Records matching the given Name and RecordType.

Arguments

• name - The name to look up.
• rtype - The RecordType to look up. RecordType::ANY will return all records matching name. RecordType::AXFR will return all record types except RecordType::SOA due to the requirements that on zone transfers the RecordType::SOA must both precede and follow all other records.
• lookup_options - Query-related lookup options (e.g., DNSSEC DO bit, supported hash algorithms, etc.)

Return value

A LookupControlFlow containing the lookup that should be returned to the client.

fn nsec_records<'life0, 'life1, 'async_trait>( &'life0 self, name: &'life1 LowerName, lookup_options: LookupOptions, ) -> Pin<Box<dyn Future<Output = LookupControlFlow<AuthLookup>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Return the NSEC records based on the given name

Arguments

• name - given this name (i.e. the lookup name), return the NSEC record that is less than this
• lookup_options - Query-related lookup options (e.g., DNSSEC DO bit, supported hash algorithms, etc.)

fn search<'life0, 'life1, 'async_trait>( &'life0 self, request: &'life1 Request, lookup_options: LookupOptions, ) -> Pin<Box<dyn Future<Output = (LookupControlFlow<AuthLookup>, Option<TSigResponseContext>)> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Using the specified query, perform a lookup against this zone.

fn zone_transfer<'life0, 'life1, 'async_trait>( &'life0 self, request: &'life1 Request, lookup_options: LookupOptions, now: u64, ) -> Pin<Box<dyn Future<Output = Option<(Result<ZoneTransfer, LookupError>, Option<TSigResponseContext>)>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Returns all records in the zone.

fn nsec3_records<'life0, 'life1, 'async_trait>( &'life0 self, info: Nsec3QueryInfo<'life1>, lookup_options: LookupOptions, ) -> Pin<Box<dyn Future<Output = LookupControlFlow<AuthLookup>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Available on crate feature __dnssec only.

Return the NSEC3 records based on the information available for a query.

fn nx_proof_kind(&self) -> Option<&NxProofKind>

Available on crate feature __dnssec only.

Returns the kind of non-existence proof used for this zone.

fn metrics_label(&self) -> &'static str

Available on crate feature metrics only.

Returns the zone handler metrics label.

fn can_validate_dnssec(&self) -> bool

Whether the zone handler can perform DNSSEC validation

fn consult<'life0, 'life1, 'life2, 'life3, 'async_trait>( &'life0 self, _name: &'life1 LowerName, _rtype: RecordType, _request_info: Option<&'life2 RequestInfo<'life3>>, _lookup_options: LookupOptions, last_result: LookupControlFlow<AuthLookup>, ) -> Pin<Box<dyn Future<Output = (LookupControlFlow<AuthLookup>, Option<TSigResponseContext>)> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait, 'life3: 'async_trait,

Consulting lookup for all Resource Records matching the given Name and RecordType. This will be called in a chained zone handler configuration after a zone handler in the chain has returned a lookup with a LookupControlFlow::Continue action. Every other zone handler in the chain will be called via this consult method, until one either returns a LookupControlFlow::Break action, or all zone handlers have been consulted. The zone handler that generated the primary lookup (the one returned via ‘lookup’) will not be consulted.