bindy/bind9/records/
ns.rs

1// Copyright (c) 2025 Erick Bourgeois, firestoned
2// SPDX-License-Identifier: MIT
3
4//! NS record management.
5
6use super::super::types::RndcKeyData;
7use super::should_update_record;
8use anyhow::Result;
9use hickory_client::client::{Client, SyncClient};
10use hickory_client::op::ResponseCode;
11use hickory_client::rr::{rdata, DNSClass, Name, RData, Record};
12use hickory_client::udp::UdpClientConnection;
13use std::str::FromStr;
14use tracing::info;
15
16use crate::bind9::rndc::create_tsig_signer;
17use crate::constants::DEFAULT_DNS_RECORD_TTL_SECS;
18
19/// Add an NS record using dynamic DNS update (RFC 2136).
20///
21/// # Errors
22///
23/// Returns an error if the DNS update fails or the server rejects it.
24#[allow(clippy::too_many_arguments)]
25pub async fn add_ns_record(
26    zone_name: &str,
27    name: &str,
28    nameserver: &str,
29    ttl: Option<i32>,
30    server: &str,
31    key_data: &RndcKeyData,
32) -> Result<()> {
33    use hickory_client::rr::RecordType;
34
35    // Check if update is needed using declarative reconciliation pattern
36    let nameserver_for_comparison = nameserver.to_string();
37    let should_update = should_update_record(
38        zone_name,
39        name,
40        RecordType::NS,
41        "NS",
42        server,
43        |existing_records| {
44            // Compare: should return true if records match desired state
45            if existing_records.len() == 1 {
46                if let Some(RData::NS(existing_ns)) = existing_records[0].data() {
47                    return existing_ns.0.to_string() == nameserver_for_comparison;
48                }
49            }
50            false
51        },
52    )
53    .await?;
54
55    if !should_update {
56        return Ok(());
57    }
58
59    let zone_name_str = zone_name.to_string();
60    let name_str = name.to_string();
61    let nameserver_str = nameserver.to_string();
62    let server_str = server.to_string();
63    let ttl_value = u32::try_from(ttl.unwrap_or(DEFAULT_DNS_RECORD_TTL_SECS))
64        .unwrap_or(u32::try_from(DEFAULT_DNS_RECORD_TTL_SECS).unwrap_or(300));
65    let key_data = key_data.clone();
66
67    tokio::task::spawn_blocking(move || {
68        let server_addr = server_str.parse::<std::net::SocketAddr>()?;
69        let conn = UdpClientConnection::new(server_addr)?;
70        let signer = create_tsig_signer(&key_data)?;
71        let client = SyncClient::with_tsigner(conn, signer);
72
73        let zone = Name::from_str(&zone_name_str)?;
74        let fqdn = if name_str == "@" || name_str.is_empty() {
75            zone.clone()
76        } else {
77            Name::from_str(&format!("{name_str}.{zone_name_str}"))?
78        };
79
80        let ns_name = Name::from_str(&nameserver_str)?;
81        let mut record = Record::from_rdata(fqdn.clone(), ttl_value, RData::NS(rdata::NS(ns_name)));
82        record.set_dns_class(DNSClass::IN);
83
84        // Use append for idempotent operation (must_exist=false for no prerequisites)
85        info!(
86            "Adding NS record: {} -> {} (TTL: {})",
87            fqdn, nameserver_str, ttl_value
88        );
89        let response = client.append(record, zone, false)?;
90
91        match response.response_code() {
92            ResponseCode::NoError => {
93                info!(
94                    "Successfully added NS record: {} -> {}",
95                    name_str, nameserver_str
96                );
97                Ok(())
98            }
99            code => Err(anyhow::anyhow!(
100                "DNS update failed with response code: {code:?}"
101            )),
102        }
103    })
104    .await?
105}
106
107#[cfg(test)]
108#[path = "ns_tests.rs"]
109mod ns_tests;
bindy/bind9/records/ns.rs

bindy/bind9/records/
ns.rs
