[Freeipa-devel] [PATCH 0063] Notify DNS slaves if zone serial number modification was detected.
Petr Spacek
pspacek at redhat.com
Mon Sep 24 16:00:08 UTC 2012
On 09/24/2012 03:41 PM, Adam Tkac wrote:
> On Mon, Sep 24, 2012 at 03:21:23PM +0200, Petr Spacek wrote:
>> On 09/24/2012 03:09 PM, Adam Tkac wrote:
>>> On Mon, Sep 17, 2012 at 02:55:06PM +0200, Petr Spacek wrote:
>>>> Hello,
>>>>
>>>> this patch adds missing notification to DNS slaves if zone serial
>>>> number modification was detected.
>>>
>>> Hi,
>>>
>>> please check my comment below.
>>>
>>>> From eb8d7fc0c02e03b9c7c90e497225536c449fab1c Mon Sep 17 00:00:00 2001
>>>> From: Petr Spacek <pspacek at redhat.com>
>>>> Date: Mon, 17 Sep 2012 14:29:45 +0200
>>>> Subject: [PATCH] Notify DNS slaves if zone serial number modification was
>>>> detected.
>>>>
>>>> Signed-off-by: Petr Spacek <pspacek at redhat.com>
>>>> ---
>>>> src/ldap_helper.c | 22 ++++++++++++++--------
>>>> 1 file changed, 14 insertions(+), 8 deletions(-)
>>>>
>>>> diff --git a/src/ldap_helper.c b/src/ldap_helper.c
>>>> index 658b960f50b461fa602edf51e955f3bdd4769e1d..d22e8714df57edaad4cf45e6cc26ec0dbbd59108 100644
>>>> --- a/src/ldap_helper.c
>>>> +++ b/src/ldap_helper.c
>>>> @@ -1035,9 +1035,10 @@ ldap_parse_zoneentry(ldap_entry_t *entry, ldap_instance_t *inst)
>>>> isc_task_t *task = inst->task;
>>>> isc_uint32_t ldap_serial;
>>>> isc_uint32_t zr_serial; /* SOA serial value from in-memory zone register */
>>>> - unsigned char ldap_digest[RDLIST_DIGESTLENGTH];
>>>> + unsigned char ldap_digest[RDLIST_DIGESTLENGTH] = {0};
>>>> unsigned char *zr_digest = NULL;
>>>> ldapdb_rdatalist_t rdatalist;
>>>> + isc_boolean_t zone_dynamic = ISC_FALSE;
>>>>
>>>> REQUIRE(entry != NULL);
>>>> REQUIRE(inst != NULL);
>>>> @@ -1131,13 +1132,13 @@ ldap_parse_zoneentry(ldap_entry_t *entry, ldap_instance_t *inst)
>>>> && result != DNS_R_DYNAMIC && result != DNS_R_CONTINUE)
>>>> goto cleanup;
>>>>
>>>> + zone_dynamic = (result == DNS_R_DYNAMIC);
>>>> result = ISC_R_SUCCESS;
>>>>
>>>> /* initialize serial in zone register and always increment serial
>>>> * for a new zone (typically after BIND start)
>>>> * - the zone was possibly changed in meanwhile */
>>>> if (publish) {
>>>> - memset(ldap_digest, 0, RDLIST_DIGESTLENGTH);
>>>> CHECK(ldap_get_zone_serial(inst, &name, &ldap_serial));
>>>> CHECK(zr_set_zone_serial_digest(inst->zone_register, &name, ldap_serial,
>>>> ldap_digest));
>>>> @@ -1154,23 +1155,28 @@ ldap_parse_zoneentry(ldap_entry_t *entry, ldap_instance_t *inst)
>>>> * 3c) The old and new serials are same: autoincrement only if something
>>>> * else was changed.
>>>> */
>>>> + CHECK(ldap_get_zone_serial(inst, &name, &ldap_serial));
>>>> + CHECK(zr_get_zone_serial_digest(inst->zone_register, &name, &zr_serial,
>>>> + &zr_digest));
>>>> if (inst->serial_autoincrement) {
>>>> - CHECK(ldap_get_zone_serial(inst, &name, &ldap_serial));
>>>> CHECK(ldapdb_rdatalist_get(inst->mctx, inst, &name,
>>>> &name, &rdatalist));
>>>> CHECK(rdatalist_digest(inst->mctx, &rdatalist, ldap_digest));
>>>>
>>>> - CHECK(zr_get_zone_serial_digest(inst->zone_register, &name, &zr_serial,
>>>> - &zr_digest));
>>>> if (ldap_serial == zr_serial) {
>>>> /* serials are same - increment only if something was changed */
>>>> if (memcmp(zr_digest, ldap_digest, RDLIST_DIGESTLENGTH) != 0)
>>>> CHECK(soa_serial_increment(inst->mctx, inst, &name));
>>>> - } else { /* serial in LDAP was changed - update zone register */
>>>> - CHECK(zr_set_zone_serial_digest(inst->zone_register, &name,
>>>> - ldap_serial, ldap_digest));
>>>> }
>>>> }
>>>> + if (ldap_serial != zr_serial) {
>>>> + /* serial in LDAP was changed - update zone register */
>>>> + CHECK(zr_set_zone_serial_digest(inst->zone_register, &name,
>>>> + ldap_serial, ldap_digest));
>>>> +
>>>> + if (zone_dynamic)
>>>> + dns_zone_notify(zone);
>>>
>>> This if() doesn't seem fully correct to me. Although in most FreeIPA scenarios
>>> it will work, consider situation when someone disables DDNS updates for zone and
>>> modifies records in LDAP. In this case zone_dynamic is FALSE but SOA serial
>>> changes.
>>>
>>> I would recommend to simpy send notify every time when serial changes.
>>
>> Two lines above start of the patch is following code:
>>
>> result = dns_zone_load(zone);
>> if (result != ISC_R_SUCCESS && result != DNS_R_UPTODATE
>> && result != DNS_R_DYNAMIC && result != DNS_R_CONTINUE)
>> goto cleanup;
>>
>> zone_dynamic = (result == DNS_R_DYNAMIC);
>>
>> For non-dynamic zones "dns_zone_load()" sends notifies. Zone_dynamic
>> condition only prevents doubled dns_zone_notify() calls for
>> non-dynamic zones. I can remove this condition if doubled calls are
>> not problem.
>
> Ah, good point. Then ack for the original version.
Pushed to master:
c7c18b2e565ddf45d3f20cbab9e4cc2828ec9d5f
Petr^2 Spacek
More information about the Freeipa-devel
mailing list