diff options
| author | Erwin Lansing <erwin@FreeBSD.org> | 2014-12-15 12:14:41 +0000 |
|---|---|---|
| committer | Erwin Lansing <erwin@FreeBSD.org> | 2014-12-15 12:14:41 +0000 |
| commit | 4c9547cd12b5bb569f10b368eb6bb04d897d596f (patch) | |
| tree | 025b1191fa4f9c03bf5345071dd2658f5d240b69 /bin/named | |
| parent | 989b3b2d6068ce5b525479b7754977baf6364a7d (diff) | |
Notes
Diffstat (limited to 'bin/named')
| -rw-r--r-- | bin/named/bind9.ver3.xsl | 7 | ||||
| -rw-r--r-- | bin/named/bind9.ver3.xsl.h | 7 | ||||
| -rw-r--r-- | bin/named/client.c | 24 | ||||
| -rw-r--r-- | bin/named/config.c | 4 | ||||
| -rw-r--r-- | bin/named/control.c | 4 | ||||
| -rw-r--r-- | bin/named/controlconf.c | 8 | ||||
| -rw-r--r-- | bin/named/include/named/query.h | 4 | ||||
| -rw-r--r-- | bin/named/include/named/server.h | 4 | ||||
| -rw-r--r-- | bin/named/lwresd.8 | 8 | ||||
| -rw-r--r-- | bin/named/lwresd.docbook | 6 | ||||
| -rw-r--r-- | bin/named/lwresd.html | 14 | ||||
| -rw-r--r-- | bin/named/main.c | 32 | ||||
| -rw-r--r-- | bin/named/named.8 | 12 | ||||
| -rw-r--r-- | bin/named/named.conf.5 | 4 | ||||
| -rw-r--r-- | bin/named/named.conf.docbook | 3 | ||||
| -rw-r--r-- | bin/named/named.conf.html | 32 | ||||
| -rw-r--r-- | bin/named/named.docbook | 16 | ||||
| -rw-r--r-- | bin/named/named.html | 26 | ||||
| -rw-r--r-- | bin/named/query.c | 73 | ||||
| -rw-r--r-- | bin/named/server.c | 164 | ||||
| -rw-r--r-- | bin/named/unix/dlz_dlopen_driver.c | 8 | ||||
| -rw-r--r-- | bin/named/unix/os.c | 6 | ||||
| -rw-r--r-- | bin/named/update.c | 23 | ||||
| -rw-r--r-- | bin/named/zoneconf.c | 7 |
24 files changed, 329 insertions, 167 deletions
diff --git a/bin/named/bind9.ver3.xsl b/bin/named/bind9.ver3.xsl index 699bcb4830a56..6720154d0b5ba 100644 --- a/bin/named/bind9.ver3.xsl +++ b/bin/named/bind9.ver3.xsl @@ -267,6 +267,13 @@ <div class="header"> <h1>ISC Bind 9 Configuration and Statistics</h1> </div> + <p>Alternate statistics views: <a href="/">All</a>, + <a href="/xml/v3/status">Status</a>, + <a href="/xml/v3/server">Server</a>, + <a href="/xml/v3/zones">Zones</a>, + <a href="/xml/v3/net">Network</a>, + <a href="/xml/v3/tasks">Tasks</a> and + <a href="/xml/v3/mem">Memory</a></p> <hr/> <h2>Server Times</h2> <table class="info"> diff --git a/bin/named/bind9.ver3.xsl.h b/bin/named/bind9.ver3.xsl.h index 371e69c7a171d..b90ae594ed5ba 100644 --- a/bin/named/bind9.ver3.xsl.h +++ b/bin/named/bind9.ver3.xsl.h @@ -272,6 +272,13 @@ static char xslmsg[] = " <div class=\"header\">\n" " <h1>ISC Bind 9 Configuration and Statistics</h1>\n" " </div>\n" + " <p>Alternate statistics views: <a href=\"/\">All</a>,\n" + " <a href=\"/xml/v3/status\">Status</a>,\n" + " <a href=\"/xml/v3/server\">Server</a>,\n" + " <a href=\"/xml/v3/zones\">Zones</a>,\n" + " <a href=\"/xml/v3/net\">Network</a>,\n" + " <a href=\"/xml/v3/tasks\">Tasks</a> and\n" + " <a href=\"/xml/v3/mem\">Memory</a></p>\n" " <hr/>\n" " <h2>Server Times</h2>\n" " <table class=\"info\">\n" diff --git a/bin/named/client.c b/bin/named/client.c index e68f96defa2c3..aed3b178133c5 100644 --- a/bin/named/client.c +++ b/bin/named/client.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -233,6 +233,8 @@ static void client_request(isc_task_t *task, isc_event_t *event); static void ns_client_dumpmessage(ns_client_t *client, const char *reason); static isc_result_t get_client(ns_clientmgr_t *manager, ns_interface_t *ifp, dns_dispatch_t *disp, isc_boolean_t tcp); +static inline isc_boolean_t +allowed(isc_netaddr_t *addr, dns_name_t *signer, dns_acl_t *acl); void ns_client_recursing(ns_client_t *client) { @@ -973,7 +975,19 @@ ns_client_send(ns_client_t *client) { result = dns_compress_init(&cctx, -1, client->mctx); if (result != ISC_R_SUCCESS) goto done; - dns_compress_setsensitive(&cctx, ISC_TRUE); + if (client->peeraddr_valid && client->view != NULL) { + isc_netaddr_t netaddr; + dns_name_t *name = NULL; + + isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr); + if (client->message->tsigkey != NULL) + name = &client->message->tsigkey->name; + if (client->view->nocasecompress == NULL || + !allowed(&netaddr, name, client->view->nocasecompress)) + { + dns_compress_setsensitive(&cctx, ISC_TRUE); + } + } cleanup_cctx = ISC_TRUE; result = dns_message_renderbegin(client->message, &cctx, &buffer); @@ -1249,7 +1263,7 @@ client_addopt(ns_client_t *client) { dns_view_t *view; dns_resolver_t *resolver; isc_uint16_t udpsize; - dns_ednsopt_t ednsopts[2]; + dns_ednsopt_t ednsopts[DNS_EDNSOPTIONS]; int count = 0; unsigned int flags; @@ -1278,6 +1292,7 @@ client_addopt(ns_client_t *client) { } else nsidp = ns_g_server->server_id; + INSIST(count < DNS_EDNSOPTIONS); ednsopts[count].code = DNS_OPT_NSID; ednsopts[count].length = strlen(nsidp); ednsopts[count].value = (unsigned char *)nsidp; @@ -2820,6 +2835,9 @@ ns_client_dumpmessage(ns_client_t *client, const char *reason) { int len = 1024; isc_result_t result; + if (!isc_log_wouldlog(ns_g_lctx, ISC_LOG_DEBUG(1))) + return; + /* * Note that these are multiline debug messages. We want a newline * to appear in the log after each message. diff --git a/bin/named/config.c b/bin/named/config.c index 278272082ae26..ebc48cfc464ec 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -15,8 +15,6 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: config.c,v 1.123 2012/01/06 23:46:41 tbox Exp $ */ - /*! \file */ #include <config.h> @@ -160,6 +158,8 @@ options {\n\ dnssec-accept-expired no;\n\ clients-per-query 10;\n\ max-clients-per-query 100;\n\ + max-recursion-depth 7;\n\ + max-recursion-queries 50;\n\ zero-no-soa-ttl-cache no;\n\ nsec3-test-zone no;\n\ allow-new-zones no;\n\ diff --git a/bin/named/control.c b/bin/named/control.c index 35312fee59f37..306bca0b27946 100644 --- a/bin/named/control.c +++ b/bin/named/control.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007, 2009-2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -203,7 +203,7 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) { command_compare(command, NS_COMMAND_LOADKEYS)) { result = ns_server_rekey(ns_g_server, command, text); } else if (command_compare(command, NS_COMMAND_ADDZONE)) { - result = ns_server_add_zone(ns_g_server, command); + result = ns_server_add_zone(ns_g_server, command, text); } else if (command_compare(command, NS_COMMAND_DELZONE)) { result = ns_server_del_zone(ns_g_server, command, text); } else if (command_compare(command, NS_COMMAND_SIGNING)) { diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c index 509a113b35976..a9d498401d496 100644 --- a/bin/named/controlconf.c +++ b/bin/named/controlconf.c @@ -24,6 +24,7 @@ #include <isc/base64.h> #include <isc/buffer.h> #include <isc/event.h> +#include <isc/file.h> #include <isc/mem.h> #include <isc/net.h> #include <isc/netaddr.h> @@ -811,6 +812,13 @@ get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) { char secret[1024]; isc_buffer_t b; + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_CONTROL, ISC_LOG_INFO, + "configuring command channel from '%s'", + ns_g_keyfile); + if (! isc_file_exists(ns_g_keyfile)) + return (ISC_R_FILENOTFOUND); + CHECK(cfg_parser_create(mctx, ns_g_lctx, &pctx)); CHECK(cfg_parse_file(pctx, ns_g_keyfile, &cfg_type_rndckey, &config)); CHECK(cfg_map_get(config, "key", &key)); diff --git a/bin/named/include/named/query.h b/bin/named/include/named/query.h index 3beabb82b2f65..444729a98f775 100644 --- a/bin/named/include/named/query.h +++ b/bin/named/include/named/query.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2010, 2011, 2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2010, 2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,8 +15,6 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: query.h,v 1.45 2011/01/13 04:59:24 tbox Exp $ */ - #ifndef NAMED_QUERY_H #define NAMED_QUERY_H 1 diff --git a/bin/named/include/named/server.h b/bin/named/include/named/server.h index 52ba94d295386..1680776cd991a 100644 --- a/bin/named/include/named/server.h +++ b/bin/named/include/named/server.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -345,7 +345,7 @@ ns_server_validation(ns_server_t *server, char *args); * Add a zone to a running process */ isc_result_t -ns_server_add_zone(ns_server_t *server, char *args); +ns_server_add_zone(ns_server_t *server, char *args, isc_buffer_t *text); /*% * Deletes a zone from a running process diff --git a/bin/named/lwresd.8 b/bin/named/lwresd.8 index 47a6b782b68ad..400e8a7e531b2 100644 --- a/bin/named/lwresd.8 +++ b/bin/named/lwresd.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007-2009, 2014 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and/or distribute this software for any @@ -20,11 +20,11 @@ .\" Title: lwresd .\" Author: .\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> -.\" Date: June 30, 2000 +.\" Date: January 20, 2009 .\" Manual: BIND9 .\" Source: BIND9 .\" -.TH "LWRESD" "8" "June 30, 2000" "BIND9" "BIND9" +.TH "LWRESD" "8" "January 20, 2009" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -217,7 +217,7 @@ The default process\-id file. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004, 2005, 2007\-2009 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007\-2009, 2014 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000, 2001 Internet Software Consortium. .br diff --git a/bin/named/lwresd.docbook b/bin/named/lwresd.docbook index dddfe5e517848..307131ad84754 100644 --- a/bin/named/lwresd.docbook +++ b/bin/named/lwresd.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007-2009, 2014 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -18,10 +18,9 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: lwresd.docbook,v 1.20 2009/01/20 23:47:56 tbox Exp $ --> <refentry> <refentryinfo> - <date>June 30, 2000</date> + <date>January 20, 2009</date> </refentryinfo> <refmeta> @@ -42,6 +41,7 @@ <year>2007</year> <year>2008</year> <year>2009</year> + <year>2014</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> diff --git a/bin/named/lwresd.html b/bin/named/lwresd.html index 5dc01be1dfb7d..4bef3e262593f 100644 --- a/bin/named/lwresd.html +++ b/bin/named/lwresd.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007-2009, 2014 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -22,7 +22,7 @@ <meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2476274"></a><div class="titlepage"></div> +<a name="id2476282"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><span class="application">lwresd</span> — lightweight resolver daemon</p> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">lwresd</code> [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-C <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-i <em class="replaceable"><code>pid-file</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-P <em class="replaceable"><code>port</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-4</code>] [<code class="option">-6</code>]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543469"></a><h2>DESCRIPTION</h2> +<a name="id2543479"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">lwresd</strong></span> is the daemon providing name lookup services to clients that use the BIND 9 lightweight resolver @@ -67,7 +67,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543516"></a><h2>OPTIONS</h2> +<a name="id2543526"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-4</span></dt> <dd><p> @@ -197,7 +197,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543933"></a><h2>FILES</h2> +<a name="id2543943"></a><h2>FILES</h2> <div class="variablelist"><dl> <dt><span class="term"><code class="filename">/etc/resolv.conf</code></span></dt> <dd><p> @@ -210,14 +210,14 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543973"></a><h2>SEE ALSO</h2> +<a name="id2543982"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">lwres</span>(3)</span>, <span class="citerefentry"><span class="refentrytitle">resolver</span>(5)</span>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2544007"></a><h2>AUTHOR</h2> +<a name="id2544017"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/named/main.c b/bin/named/main.c index 1d844e03e3d18..599c142fd4980 100644 --- a/bin/named/main.c +++ b/bin/named/main.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,8 +15,6 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id$ */ - /*! \file */ #include <config.h> @@ -410,16 +408,16 @@ static void parse_command_line(int argc, char *argv[]) { int ch; int port; + const char *p; isc_boolean_t disable6 = ISC_FALSE; isc_boolean_t disable4 = ISC_FALSE; save_command_line(argc, argv); /* PLEASE keep options synchronized when main is hooked! */ +#define CMDLINE_FLAGS "46c:C:d:E:fFgi:lm:n:N:p:P:sS:t:T:U:u:vVx:" isc_commandline_errprint = ISC_FALSE; - while ((ch = isc_commandline_parse(argc, argv, - "46c:C:d:E:fFgi:lm:n:N:p:P:" - "sS:t:T:U:u:vVx:")) != -1) { + while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) { switch (ch) { case '4': if (disable4) @@ -585,8 +583,14 @@ parse_command_line(int argc, char *argv[]) { usage(); if (isc_commandline_option == '?') exit(0); - ns_main_earlyfatal("unknown option '-%c'", - isc_commandline_option); + p = strchr(CMDLINE_FLAGS, isc_commandline_option); + if (p == NULL || *++p != ':') + ns_main_earlyfatal("unknown option '-%c'", + isc_commandline_option); + else + ns_main_earlyfatal("option '-%c' requires " + "an argument", + isc_commandline_option); /* FALLTHROUGH */ default: ns_main_earlyfatal("parsing options returned %d", ch); @@ -621,8 +625,14 @@ create_managers(void) { #ifdef WIN32 ns_g_udpdisp = 1; #else - if (ns_g_udpdisp == 0) - ns_g_udpdisp = ns_g_cpus_detected; + if (ns_g_udpdisp == 0) { + if (ns_g_cpus_detected == 1) + ns_g_udpdisp = 1; + else if (ns_g_cpus_detected < 4) + ns_g_udpdisp = 2; + else + ns_g_udpdisp = ns_g_cpus_detected / 2; + } if (ns_g_udpdisp > ns_g_cpus) ns_g_udpdisp = ns_g_cpus; #endif @@ -704,7 +714,7 @@ destroy_managers(void) { } static void -dump_symboltable() { +dump_symboltable(void) { int i; isc_result_t result; const char *fname; diff --git a/bin/named/named.8 b/bin/named/named.8 index b27be31859970..fe6bb4207e373 100644 --- a/bin/named/named.8 +++ b/bin/named/named.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004-2009, 2011, 2013 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2009, 2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and/or distribute this software for any @@ -20,11 +20,11 @@ .\" Title: named .\" Author: .\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> -.\" Date: May 21, 2009 +.\" Date: February 20, 2014 .\" Manual: BIND9 .\" Source: BIND9 .\" -.TH "NAMED" "8" "May 21, 2009" "BIND9" "BIND9" +.TH "NAMED" "8" "February 20, 2014" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -174,9 +174,9 @@ Use \fI#listeners\fR worker threads to listen for incoming UDP packets on each address. If not specified, \fBnamed\fR -will use the number of detected CPUs. If +will calculate a default value based on the number of detected CPUs: 1 for 1 CPU, 2 for 2\-4 CPUs, and the number of detected CPUs divided by 2 for values higher than 4. If \fB\-n\fR -has been set to a higher value than the number of CPUs, then +has been set to a higher value than the number of detected CPUs, then \fB\-U\fR may be increased as high as that value, but no higher. .RE @@ -280,7 +280,7 @@ BIND 9 Administrator Reference Manual. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004\-2009, 2011, 2013 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2009, 2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000, 2001, 2003 Internet Software Consortium. .br diff --git a/bin/named/named.conf.5 b/bin/named/named.conf.5 index 0f5662c3ae8ce..c4d75437da2eb 100644 --- a/bin/named/named.conf.5 +++ b/bin/named/named.conf.5 @@ -19,11 +19,11 @@ .\" Title: \fInamed.conf\fR .\" Author: .\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> -.\" Date: Aug 13, 2004 +.\" Date: January 08, 2014 .\" Manual: BIND9 .\" Source: BIND9 .\" -.TH "\fINAMED.CONF\fR" "5" "Aug 13, 2004" "BIND9" "BIND9" +.TH "\fINAMED.CONF\fR" "5" "January 08, 2014" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook index b4d0c38e5e623..85d13db95d399 100644 --- a/bin/named/named.conf.docbook +++ b/bin/named/named.conf.docbook @@ -17,10 +17,9 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named.conf.docbook,v 1.55 2011/11/07 00:25:53 each Exp $ --> <refentry> <refentryinfo> - <date>Aug 13, 2004</date> + <date>January 08, 2014</date> </refentryinfo> <refmeta> diff --git a/bin/named/named.conf.html b/bin/named/named.conf.html index 5847466785a45..0e1d2eb60da34 100644 --- a/bin/named/named.conf.html +++ b/bin/named/named.conf.html @@ -21,7 +21,7 @@ <meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2476274"></a><div class="titlepage"></div> +<a name="id2476282"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><code class="filename">named.conf</code> — configuration file for named</p> @@ -31,7 +31,7 @@ <div class="cmdsynopsis"><p><code class="command">named.conf</code> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543361"></a><h2>DESCRIPTION</h2> +<a name="id2543367"></a><h2>DESCRIPTION</h2> <p><code class="filename">named.conf</code> is the configuration file for <span><strong class="command">named</strong></span>. Statements are enclosed @@ -50,14 +50,14 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543388"></a><h2>ACL</h2> +<a name="id2543395"></a><h2>ACL</h2> <div class="literallayout"><p><br> acl <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> <br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543404"></a><h2>KEY</h2> +<a name="id2543411"></a><h2>KEY</h2> <div class="literallayout"><p><br> key <em class="replaceable"><code>domain_name</code></em> {<br> algorithm <em class="replaceable"><code>string</code></em>;<br> @@ -66,7 +66,7 @@ key <em class="replaceable"><code>domain_name</code></em> {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543424"></a><h2>MASTERS</h2> +<a name="id2543430"></a><h2>MASTERS</h2> <div class="literallayout"><p><br> masters <em class="replaceable"><code>string</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br> ( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br> @@ -75,7 +75,7 @@ masters <em class="replaceable"><code>string</code></em> [<span class="optional" </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543469"></a><h2>SERVER</h2> +<a name="id2543476"></a><h2>SERVER</h2> <div class="literallayout"><p><br> server ( <em class="replaceable"><code>ipv4_address[<span class="optional">/prefixlen</span>]</code></em> | <em class="replaceable"><code>ipv6_address[<span class="optional">/prefixlen</span>]</code></em> ) {<br> bogus <em class="replaceable"><code>boolean</code></em>;<br> @@ -97,7 +97,7 @@ server ( <em class="replaceable"><code>ipv4_address[<span class="optional">/pref </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543538"></a><h2>TRUSTED-KEYS</h2> +<a name="id2543544"></a><h2>TRUSTED-KEYS</h2> <div class="literallayout"><p><br> trusted-keys {<br> <em class="replaceable"><code>domain_name</code></em> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ... <br> @@ -105,7 +105,7 @@ trusted-keys {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543563"></a><h2>MANAGED-KEYS</h2> +<a name="id2543570"></a><h2>MANAGED-KEYS</h2> <div class="literallayout"><p><br> managed-keys {<br> <em class="replaceable"><code>domain_name</code></em> <code class="constant">initial-key</code> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ... <br> @@ -113,7 +113,7 @@ managed-keys {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543592"></a><h2>CONTROLS</h2> +<a name="id2543598"></a><h2>CONTROLS</h2> <div class="literallayout"><p><br> controls {<br> inet ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> | * )<br> @@ -125,7 +125,7 @@ controls {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543627"></a><h2>LOGGING</h2> +<a name="id2543634"></a><h2>LOGGING</h2> <div class="literallayout"><p><br> logging {<br> channel <em class="replaceable"><code>string</code></em> {<br> @@ -143,7 +143,7 @@ logging {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543666"></a><h2>LWRES</h2> +<a name="id2543672"></a><h2>LWRES</h2> <div class="literallayout"><p><br> lwres {<br> listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br> @@ -156,7 +156,7 @@ lwres {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543707"></a><h2>OPTIONS</h2> +<a name="id2543714"></a><h2>OPTIONS</h2> <div class="literallayout"><p><br> options {<br> avoid-v4-udp-ports { <em class="replaceable"><code>port</code></em>; ... };<br> @@ -361,7 +361,7 @@ options {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2544586"></a><h2>VIEW</h2> +<a name="id2544593"></a><h2>VIEW</h2> <div class="literallayout"><p><br> view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br> match-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> @@ -525,7 +525,7 @@ view <em class="replaceable"><code>string</code></em> <em class="replaceable"><c </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2545302"></a><h2>ZONE</h2> +<a name="id2545308"></a><h2>ZONE</h2> <div class="literallayout"><p><br> zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br> type ( master | slave | stub | hint | redirect |<br> @@ -622,12 +622,12 @@ zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><c </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2545691"></a><h2>FILES</h2> +<a name="id2545698"></a><h2>FILES</h2> <p><code class="filename">/etc/named.conf</code> </p> </div> <div class="refsect1" lang="en"> -<a name="id2545703"></a><h2>SEE ALSO</h2> +<a name="id2545709"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>, diff --git a/bin/named/named.docbook b/bin/named/named.docbook index 1f08e196e040f..7ca3d2bf6a7a9 100644 --- a/bin/named/named.docbook +++ b/bin/named/named.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004-2009, 2011, 2013 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2009, 2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001, 2003 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -18,10 +18,9 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named.docbook,v 1.28 2011/11/09 23:46:23 tbox Exp $ --> <refentry id="man.named"> <refentryinfo> - <date>May 21, 2009</date> + <date>February 20, 2014</date> </refentryinfo> <refmeta> @@ -45,6 +44,7 @@ <year>2009</year> <year>2011</year> <year>2013</year> + <year>2014</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -291,10 +291,12 @@ Use <replaceable class="parameter">#listeners</replaceable> worker threads to listen for incoming UDP packets on each address. If not specified, <command>named</command> will - use the number of detected CPUs. If <option>-n</option> - has been set to a higher value than the number of CPUs, - then <option>-U</option> may be increased as high as that - value, but no higher. + calculate a default value based on the number of detected + CPUs: 1 for 1 CPU, 2 for 2-4 CPUs, and the number of + detected CPUs divided by 2 for values higher than 4. + If <option>-n</option> has been set to a higher value than + the number of detected CPUs, then <option>-U</option> may + be increased as high as that value, but no higher. </para> </listitem> </varlistentry> diff --git a/bin/named/named.html b/bin/named/named.html index fc8de5147ad8c..218639991fa63 100644 --- a/bin/named/named.html +++ b/bin/named/named.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004-2009, 2011, 2013 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2009, 2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001, 2003 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine-name</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-U <em class="replaceable"><code>#listeners</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543497"></a><h2>DESCRIPTION</h2> +<a name="id2543507"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">named</strong></span> is a Domain Name System (DNS) server, part of the BIND 9 distribution from ISC. For more @@ -47,7 +47,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543522"></a><h2>OPTIONS</h2> +<a name="id2543531"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-4</span></dt> <dd><p> @@ -183,10 +183,12 @@ Use <em class="replaceable"><code>#listeners</code></em> worker threads to listen for incoming UDP packets on each address. If not specified, <span><strong class="command">named</strong></span> will - use the number of detected CPUs. If <code class="option">-n</code> - has been set to a higher value than the number of CPUs, - then <code class="option">-U</code> may be increased as high as that - value, but no higher. + calculate a default value based on the number of detected + CPUs: 1 for 1 CPU, 2 for 2-4 CPUs, and the number of + detected CPUs divided by 2 for values higher than 4. + If <code class="option">-n</code> has been set to a higher value than + the number of detected CPUs, then <code class="option">-U</code> may + be increased as high as that value, but no higher. </p></dd> <dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt> <dd> @@ -238,7 +240,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2544012"></a><h2>SIGNALS</h2> +<a name="id2544021"></a><h2>SIGNALS</h2> <p> In routine operation, signals should not be used to control the nameserver; <span><strong class="command">rndc</strong></span> should be used @@ -259,7 +261,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544060"></a><h2>CONFIGURATION</h2> +<a name="id2544205"></a><h2>CONFIGURATION</h2> <p> The <span><strong class="command">named</strong></span> configuration file is too complex to describe in detail here. A complete description is provided @@ -276,7 +278,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544233"></a><h2>FILES</h2> +<a name="id2544310"></a><h2>FILES</h2> <div class="variablelist"><dl> <dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt> <dd><p> @@ -289,7 +291,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2544273"></a><h2>SEE ALSO</h2> +<a name="id2544349"></a><h2>SEE ALSO</h2> <p><em class="citetitle">RFC 1033</em>, <em class="citetitle">RFC 1034</em>, <em class="citetitle">RFC 1035</em>, @@ -302,7 +304,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544343"></a><h2>AUTHOR</h2> +<a name="id2544420"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/named/query.c b/bin/named/query.c index c357f83ee4274..af8e5da8204d3 100644 --- a/bin/named/query.c +++ b/bin/named/query.c @@ -2278,7 +2278,7 @@ query_dns64(ns_client_t *client, dns_name_t **namep, dns_rdataset_t *rdataset, dns64 != NULL; dns64 = dns_dns64_next(dns64)) { dns_rdataset_current(rdataset, &rdata); - isc__buffer_availableregion(buffer, &r); + isc_buffer_availableregion(buffer, &r); INSIST(r.length >= 16); result = dns_dns64_aaaafroma(dns64, &netaddr, client->signer, @@ -2518,11 +2518,12 @@ query_addrrset(ns_client_t *client, dns_name_t **namep, if (result == ISC_R_SUCCESS) { /* * We've already got an RRset of the given name and type. - * There's nothing else to do; */ CTRACE("query_addrrset: dns_message_findname succeeded: done"); if (dbuf != NULL) query_releasename(client, namep); + if ((rdataset->attributes & DNS_RDATASETATTR_REQUIRED) != 0) + mrdataset->attributes |= DNS_RDATASETATTR_REQUIRED; return; } else if (result == DNS_R_NXDOMAIN) { /* @@ -2562,7 +2563,8 @@ query_addrrset(ns_client_t *client, dns_name_t **namep, static inline isc_result_t query_addsoa(ns_client_t *client, dns_db_t *db, dns_dbversion_t *version, - unsigned int override_ttl, isc_boolean_t isassociated) + unsigned int override_ttl, isc_boolean_t isassociated, + dns_section_t section) { dns_name_t *name; dns_dbnode_t *node; @@ -2669,8 +2671,11 @@ query_addsoa(ns_client_t *client, dns_db_t *db, dns_dbversion_t *version, sigrdatasetp = &sigrdataset; else sigrdatasetp = NULL; + + if (section == DNS_SECTION_ADDITIONAL) + rdataset->attributes |= DNS_RDATASETATTR_REQUIRED; query_addrrset(client, &name, &rdataset, sigrdatasetp, NULL, - DNS_SECTION_AUTHORITY); + section); } cleanup: @@ -3872,12 +3877,11 @@ query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname, peeraddr = &client->peeraddr; else peeraddr = NULL; - result = dns_resolver_createfetch2(client->view->resolver, + result = dns_resolver_createfetch3(client->view->resolver, qname, qtype, qdomain, nameservers, NULL, peeraddr, client->message->id, - client->query.fetchoptions, - client->task, - query_resume, client, + client->query.fetchoptions, 0, NULL, + client->task, query_resume, client, rdataset, sigrdataset, &client->query.fetch); @@ -4946,7 +4950,7 @@ rpz_add_cname(ns_client_t *client, dns_rpz_st_t *st, * response policy zone cannot verify. */ client->attributes &= ~(NS_CLIENTATTR_WANTDNSSEC | - DNS_MESSAGEFLAG_AD); + NS_CLIENTATTR_WANTAD); return (ISC_R_SUCCESS); } @@ -5138,7 +5142,7 @@ answer_in_glue(ns_client_t *client, dns_rdatatype_t qtype) { ISC_LIST_PREPEND(msg->sections[section], name, link); ISC_LIST_UNLINK(name->list, rdataset, link); ISC_LIST_PREPEND(name->list, rdataset, link); - rdataset->attributes |= DNS_RDATASETATTR_REQUIREDGLUE; + rdataset->attributes |= DNS_RDATASETATTR_REQUIRED; } } @@ -5594,8 +5598,12 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) isc_boolean_t resuming; int line = -1; isc_boolean_t dns64_exclude, dns64; + isc_boolean_t nxrewrite = ISC_FALSE; dns_clientinfomethods_t cm; dns_clientinfo_t ci; + isc_boolean_t associated; + dns_section_t section; + dns_ttl_t ttl; CTRACE("query_find"); @@ -5964,8 +5972,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) * with other truncated responses in RespTruncated. */ if (wouldlog) { - ns_client_log(client, - NS_LOGCATEGORY_QUERY_EERRORS, + ns_client_log(client, DNS_LOGCATEGORY_RRL, NS_LOGMODULE_QUERY, DNS_RRL_LOG_DROP, "%s", log_buf); @@ -6069,9 +6076,11 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) switch (rpz_st->m.policy) { case DNS_RPZ_POLICY_NXDOMAIN: result = DNS_R_NXDOMAIN; + nxrewrite = ISC_TRUE; break; case DNS_RPZ_POLICY_NODATA: result = DNS_R_NXRRSET; + nxrewrite = ISC_TRUE; break; case DNS_RPZ_POLICY_RECORD: result = rpz_st->m.result; @@ -6130,7 +6139,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) * response policy zone cannot verify. */ client->attributes &= ~(NS_CLIENTATTR_WANTDNSSEC | - DNS_MESSAGEFLAG_AD); + NS_CLIENTATTR_WANTAD); + client->message->flags &= ~DNS_MESSAGEFLAG_AD; query_putrdataset(client, &sigrdataset); rpz_st->q.is_zone = is_zone; is_zone = ISC_TRUE; @@ -6615,15 +6625,22 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) */ query_releasename(client, &fname); } + /* - * Add SOA. + * Add SOA to the additional section if generated by a RPZ + * rewrite. */ + associated = dns_rdataset_isassociated(rdataset); + section = nxrewrite ? DNS_SECTION_ADDITIONAL : + DNS_SECTION_AUTHORITY; + result = query_addsoa(client, db, version, ISC_UINT32_MAX, - dns_rdataset_isassociated(rdataset)); + associated, section); if (result != ISC_R_SUCCESS) { QUERY_ERROR(result); goto cleanup; } + /* * Add NSEC record if we found one. */ @@ -6662,20 +6679,23 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) } /* - * Add SOA. If the query was for a SOA record force the + * Add SOA to the additional section if generated by a + * RPZ rewrite. + * + * If the query was for a SOA record force the * ttl to zero so that it is possible for clients to find * the containing zone of an arbitrary name with a stub * resolver and not have it cached. */ - if (qtype == dns_rdatatype_soa && - zone != NULL && - dns_zone_getzeronosoattl(zone)) - result = query_addsoa(client, db, version, 0, - dns_rdataset_isassociated(rdataset)); - else - result = query_addsoa(client, db, version, - ISC_UINT32_MAX, - dns_rdataset_isassociated(rdataset)); + associated = dns_rdataset_isassociated(rdataset); + section = nxrewrite ? DNS_SECTION_ADDITIONAL : + DNS_SECTION_AUTHORITY; + ttl = ISC_UINT32_MAX; + if (!nxrewrite && qtype == dns_rdatatype_soa && + zone != NULL && dns_zone_getzeronosoattl(zone)) + ttl = 0; + result = query_addsoa(client, db, version, ttl, associated, + section); if (result != ISC_R_SUCCESS) { QUERY_ERROR(result); goto cleanup; @@ -7342,7 +7362,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) * Add a fake SOA record. */ (void)query_addsoa(client, db, version, - 600, ISC_FALSE); + 600, ISC_FALSE, + DNS_SECTION_AUTHORITY); goto cleanup; } #endif diff --git a/bin/named/server.c b/bin/named/server.c index 77a4e44069762..84e3ecf321086 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -130,6 +130,14 @@ if (result != ISC_R_SUCCESS) goto cleanup; \ } while (0) +#define TCHECK(op) \ + do { tresult = (op); \ + if (tresult != ISC_R_SUCCESS) { \ + isc_buffer_clear(text); \ + goto cleanup; \ + } \ + } while (0) + #define CHECKM(op, msg) \ do { result = (op); \ if (result != ISC_R_SUCCESS) { \ @@ -357,12 +365,12 @@ ns_server_reload(isc_task_t *task, isc_event_t *event); static isc_result_t ns_listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config, - cfg_aclconfctx_t *actx, - isc_mem_t *mctx, ns_listenelt_t **target); + cfg_aclconfctx_t *actx, isc_mem_t *mctx, + isc_uint16_t family, ns_listenelt_t **target); static isc_result_t ns_listenlist_fromconfig(const cfg_obj_t *listenlist, const cfg_obj_t *config, - cfg_aclconfctx_t *actx, - isc_mem_t *mctx, ns_listenlist_t **target); + cfg_aclconfctx_t *actx, isc_mem_t *mctx, + isc_uint16_t family, ns_listenlist_t **target); static isc_result_t configure_forward(const cfg_obj_t *config, dns_view_t *view, dns_name_t *origin, @@ -389,6 +397,9 @@ newzone_cfgctx_destroy(void **cfgp); static isc_result_t putstr(isc_buffer_t *b, const char *str); +static isc_result_t +putnull(isc_buffer_t *b); + isc_result_t add_comment(FILE *fp, const char *viewname); @@ -1338,10 +1349,8 @@ check_dbtype(dns_zone_t *zone, unsigned int dbtypec, const char **dbargv, * Check that all the arguments match. */ for (i = 0; i < dbtypec; i++) - if (argv[i] == NULL || strcmp(argv[i], dbargv[i]) != 0) { + if (argv[i] == NULL || strcmp(argv[i], dbargv[i]) != 0) CHECK(ISC_R_FAILURE); - break; - } /* * Check that there are not extra arguments. @@ -2321,9 +2330,9 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, obj = NULL; if (dlz != NULL) { - (void)cfg_map_get(cfg_tuple_get(dlz, "options"), - "database", &obj); + (void)cfg_map_get(dlz, "database", &obj); if (obj != NULL) { + const cfg_obj_t *name; char *s = isc_mem_strdup(mctx, cfg_obj_asstring(obj)); if (s == NULL) { result = ISC_R_NOMEMORY; @@ -2336,8 +2345,8 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, goto cleanup; } - obj = cfg_tuple_get(dlz, "name"); - result = dns_dlzcreate(mctx, cfg_obj_asstring(obj), + name = cfg_map_getname(dlz); + result = dns_dlzcreate(mctx, cfg_obj_asstring(name), dlzargv[0], dlzargc, dlzargv, &view->dlzdatabase); isc_mem_free(mctx, s); @@ -3073,6 +3082,14 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, } /* + * Ignore case when compressing responses to the specified + * clients. This causes case not always to be preserved, + * and is needed by some broken clients. + */ + CHECK(configure_view_acl(vconfig, config, "no-case-compress", NULL, + actx, ns_g_mctx, &view->nocasecompress)); + + /* * Filter setting on addresses in the answer section. */ CHECK(configure_view_acl(vconfig, config, "deny-answer-addresses", @@ -3141,6 +3158,16 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_asuint32(obj), max_clients_per_query); + obj = NULL; + result = ns_config_get(maps, "max-recursion-depth", &obj); + INSIST(result == ISC_R_SUCCESS); + dns_resolver_setmaxdepth(view->resolver, cfg_obj_asuint32(obj)); + + obj = NULL; + result = ns_config_get(maps, "max-recursion-queries", &obj); + INSIST(result == ISC_R_SUCCESS); + dns_resolver_setmaxqueries(view->resolver, cfg_obj_asuint32(obj)); + #ifdef ALLOW_FILTER_AAAA_ON_V4 obj = NULL; result = ns_config_get(maps, "filter-aaaa-on-v4", &obj); @@ -3872,8 +3899,16 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig, (void)cfg_map_get(zoptions, "forward", &forwardtype); (void)cfg_map_get(zoptions, "forwarders", &forwarders); - result = configure_forward(config, view, origin, forwarders, - forwardtype); + CHECK(configure_forward(config, view, origin, forwarders, + forwardtype)); + + /* + * Forward zones may also set delegation only. + */ + only = NULL; + tresult = cfg_map_get(zoptions, "delegation-only", &only); + if (tresult == ISC_R_SUCCESS && cfg_obj_asboolean(only)) + CHECK(dns_view_adddelegationonly(view, origin)); goto cleanup; } @@ -4559,6 +4594,9 @@ removed(dns_zone_t *zone, void *uap) { case dns_zone_stub: type = "stub"; break; + case dns_zone_staticstub: + type = "static-stub"; + break; case dns_zone_redirect: type = "redirect"; break; @@ -4654,8 +4692,8 @@ generate_session_key(const char *filename, const char *keynamestr, (int) isc_buffer_usedlength(&key_txtbuffer), (char*) isc_buffer_base(&key_txtbuffer)); - RUNTIME_CHECK(isc_stdio_flush(fp) == ISC_R_SUCCESS); - RUNTIME_CHECK(isc_stdio_close(fp) == ISC_R_SUCCESS); + CHECK(isc_stdio_flush(fp)); + CHECK(isc_stdio_close(fp)); dst_key_free(&key); @@ -4668,6 +4706,11 @@ generate_session_key(const char *filename, const char *keynamestr, NS_LOGMODULE_SERVER, ISC_LOG_ERROR, "failed to generate session key " "for dynamic DNS: %s", isc_result_totext(result)); + if (fp != NULL) { + if (isc_file_exists(filename)) + (void)isc_file_remove(filename); + (void)isc_stdio_close(fp); + } if (tsigkey != NULL) dns_tsigkey_detach(&tsigkey); if (key != NULL) @@ -5217,7 +5260,8 @@ load_configuration(const char *filename, ns_server_t *server, /* check return code? */ (void)ns_listenlist_fromconfig(clistenon, config, ns_g_aclconfctx, - ns_g_mctx, &listenon); + ns_g_mctx, AF_INET, + &listenon); } else if (!ns_g_lwresdonly) { /* * Not specified, use default. @@ -5244,7 +5288,8 @@ load_configuration(const char *filename, ns_server_t *server, /* check return code? */ (void)ns_listenlist_fromconfig(clistenon, config, ns_g_aclconfctx, - ns_g_mctx, &listenon); + ns_g_mctx, AF_INET6, + &listenon); } else if (!ns_g_lwresdonly) { isc_boolean_t enable; /* @@ -5759,7 +5804,7 @@ load_configuration(const char *filename, ns_server_t *server, } if (bindkeys_parser != NULL) { - if (bindkeys != NULL) + if (bindkeys != NULL) cfg_obj_destroy(bindkeys_parser, &bindkeys); cfg_parser_destroy(&bindkeys_parser); } @@ -6574,6 +6619,10 @@ zone_from_args(ns_server_t *server, char *args, const char *zonetxt, snprintf(problem, sizeof(problem), "no matching zone '%s' in any view", zonetxt); + else if (result == ISC_R_MULTIPLE) + snprintf(problem, sizeof(problem), + "zone '%s' was found in multiple views", + zonetxt); } else { result = dns_viewlist_find(&server->viewlist, viewtxt, rdclass, &view); @@ -6600,9 +6649,8 @@ zone_from_args(ns_server_t *server, char *args, const char *zonetxt, isc_result_t tresult; tresult = putstr(text, problem); - if (tresult == ISC_R_SUCCESS && - isc_buffer_availablelength(text) > 0U) - isc_buffer_putuint8(text, 0); + if (tresult == ISC_R_SUCCESS) + putnull(text); } cleanup: @@ -6805,8 +6853,8 @@ ns_server_togglequerylog(ns_server_t *server, char *args) { static isc_result_t ns_listenlist_fromconfig(const cfg_obj_t *listenlist, const cfg_obj_t *config, - cfg_aclconfctx_t *actx, - isc_mem_t *mctx, ns_listenlist_t **target) + cfg_aclconfctx_t *actx, isc_mem_t *mctx, + isc_uint16_t family, ns_listenlist_t **target) { isc_result_t result; const cfg_listelt_t *element; @@ -6825,7 +6873,7 @@ ns_listenlist_fromconfig(const cfg_obj_t *listenlist, const cfg_obj_t *config, ns_listenelt_t *delt = NULL; const cfg_obj_t *listener = cfg_listelt_value(element); result = ns_listenelt_fromconfig(listener, config, actx, - mctx, &delt); + mctx, family, &delt); if (result != ISC_R_SUCCESS) goto cleanup; ISC_LIST_APPEND(dlist->elts, delt, link); @@ -6844,8 +6892,8 @@ ns_listenlist_fromconfig(const cfg_obj_t *listenlist, const cfg_obj_t *config, */ static isc_result_t ns_listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config, - cfg_aclconfctx_t *actx, - isc_mem_t *mctx, ns_listenelt_t **target) + cfg_aclconfctx_t *actx, isc_mem_t *mctx, + isc_uint16_t family, ns_listenelt_t **target) { isc_result_t result; const cfg_obj_t *portobj; @@ -6876,9 +6924,9 @@ ns_listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config, if (result != ISC_R_SUCCESS) return (result); - result = cfg_acl_fromconfig(cfg_tuple_get(listener, "acl"), - config, ns_g_lctx, actx, mctx, 0, - &delt->acl); + result = cfg_acl_fromconfig2(cfg_tuple_get(listener, "acl"), + config, ns_g_lctx, actx, mctx, 0, + family, &delt->acl); if (result != ISC_R_SUCCESS) { ns_listenelt_destroy(delt); return (result); @@ -8179,8 +8227,8 @@ add_comment(FILE *fp, const char *viewname) { * Act on an "addzone" command from the command channel. */ isc_result_t -ns_server_add_zone(ns_server_t *server, char *args) { - isc_result_t result; +ns_server_add_zone(ns_server_t *server, char *args, isc_buffer_t *text) { + isc_result_t result, tresult; isc_buffer_t argbuf; size_t arglen; cfg_parser_t *parser = NULL; @@ -8195,7 +8243,7 @@ ns_server_add_zone(ns_server_t *server, char *args) { const char *argp; const char *viewname = NULL; dns_rdataclass_t rdclass; - dns_view_t *view = 0; + dns_view_t *view = NULL; isc_buffer_t buf; dns_fixedname_t fname; dns_name_t *dnsname; @@ -8276,7 +8324,14 @@ ns_server_add_zone(ns_server_t *server, char *args) { } /* Open save file for write configuration */ - CHECK(isc_stdio_open(view->new_zone_file, "a", &fp)); + result = isc_stdio_open(view->new_zone_file, "a", &fp); + if (result != ISC_R_SUCCESS) { + TCHECK(putstr(text, "unable to open '")); + TCHECK(putstr(text, view->new_zone_file)); + TCHECK(putstr(text, "': ")); + TCHECK(putstr(text, isc_result_totext(result))); + goto cleanup; + } CHECK(isc_stdio_tell(fp, &offset)); if (offset == 0) CHECK(add_comment(fp, view->name)); @@ -8289,8 +8344,11 @@ ns_server_add_zone(ns_server_t *server, char *args) { server->mctx, view, cfg->actx, ISC_FALSE); dns_view_freeze(view); isc_task_endexclusive(server->task); - if (result != ISC_R_SUCCESS) + if (result != ISC_R_SUCCESS) { + TCHECK(putstr(text, "configure_zone failed: ")); + TCHECK(putstr(text, isc_result_totext(result))); goto cleanup; + } /* Is it there yet? */ CHECK(dns_zt_find(view->zonetable, dnsname, 0, NULL, &zone)); @@ -8303,6 +8361,9 @@ ns_server_add_zone(ns_server_t *server, char *args) { if (result != ISC_R_SUCCESS) { dns_db_t *dbp = NULL; + TCHECK(putstr(text, "dns_zone_loadnew failed: ")); + TCHECK(putstr(text, isc_result_totext(result))); + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_INFO, "addzone failed; reverting."); @@ -8324,7 +8385,7 @@ ns_server_add_zone(ns_server_t *server, char *args) { /* Emit the zone name, quoted and escaped */ isc_buffer_init(&buf, namebuf, sizeof(namebuf)); CHECK(dns_name_totext(dnsname, ISC_TRUE, &buf)); - isc_buffer_putuint8(&buf, 0); + putnull(&buf); CHECK(isc_stdio_write("zone \"", 6, 1, fp, NULL)); CHECK(isc_stdio_write(namebuf, strlen(namebuf), 1, fp, NULL)); CHECK(isc_stdio_write("\" ", 2, 1, fp, NULL)); @@ -8360,6 +8421,8 @@ ns_server_add_zone(ns_server_t *server, char *args) { result = ISC_R_SUCCESS; cleanup: + if (isc_buffer_usedlength(text) > 0) + putnull(text); if (fp != NULL) isc_stdio_close(fp); if (parser != NULL) { @@ -8538,6 +8601,8 @@ ns_server_del_zone(ns_server_t *server, char *args, isc_buffer_t *text) { result = ISC_R_SUCCESS; cleanup: + if (isc_buffer_usedlength(text) > 0) + putnull(text); if (ifp != NULL) isc_stdio_close(ifp); if (ofp != NULL) { @@ -8667,15 +8732,15 @@ ns_server_signing(ns_server_t *server, char *args, isc_buffer_t *text) { if (clear) { CHECK(dns_zone_keydone(zone, keystr)); - isc_buffer_putstr(text, "request queued"); - isc_buffer_putuint8(text, 0); + putstr(text, "request queued"); + putnull(text); } else if (chain) { CHECK(dns_zone_setnsec3param(zone, (isc_uint8_t)hash, (isc_uint8_t)flags, iter, (isc_uint8_t)saltlen, salt, ISC_TRUE)); - isc_buffer_putstr(text, "request queued"); - isc_buffer_putuint8(text, 0); + putstr(text, "request queued"); + putnull(text); } else if (list) { privatetype = dns_zone_getprivatetype(zone); origin = dns_zone_getorigin(zone); @@ -8687,8 +8752,8 @@ ns_server_signing(ns_server_t *server, char *args, isc_buffer_t *text) { dns_rdatatype_none, 0, &privset, NULL); if (result == ISC_R_NOTFOUND) { - isc_buffer_putstr(text, "No signing records found"); - isc_buffer_putuint8(text, 0); + putstr(text, "No signing records found"); + putnull(text); result = ISC_R_SUCCESS; goto cleanup; } @@ -8707,7 +8772,7 @@ ns_server_signing(ns_server_t *server, char *args, isc_buffer_t *text) { CHECK(dns_private_totext(&priv, &buf)); if (!first) - isc_buffer_putstr(text, "\n"); + putstr(text, "\n"); first = ISC_FALSE; n = snprintf((char *)isc_buffer_used(text), @@ -8718,8 +8783,8 @@ ns_server_signing(ns_server_t *server, char *args, isc_buffer_t *text) { isc_buffer_add(text, (unsigned int)n); } - if (!first && isc_buffer_availablelength(text) > 0) - isc_buffer_putuint8(text, 0); + if (!first) + putnull(text); if (result == ISC_R_NOMORE) result = ISC_R_SUCCESS; @@ -8742,7 +8807,7 @@ ns_server_signing(ns_server_t *server, char *args, isc_buffer_t *text) { static isc_result_t putstr(isc_buffer_t *b, const char *str) { - size_t l = strlen(str); + unsigned int l = strlen(str); /* * Use >= to leave space for NUL termination. @@ -8753,3 +8818,12 @@ putstr(isc_buffer_t *b, const char *str) { isc_buffer_putmem(b, (const unsigned char *)str, l); return (ISC_R_SUCCESS); } + +static isc_result_t +putnull(isc_buffer_t *b) { + if (isc_buffer_availablelength(b) == 0) + return (ISC_R_NOSPACE); + + isc_buffer_putuint8(b, 0); + return (ISC_R_SUCCESS); +} diff --git a/bin/named/unix/dlz_dlopen_driver.c b/bin/named/unix/dlz_dlopen_driver.c index 2ba8a028a37af..e41cf00b77cb1 100644 --- a/bin/named/unix/dlz_dlopen_driver.c +++ b/bin/named/unix/dlz_dlopen_driver.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2011-2014 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -243,11 +243,13 @@ dlopen_dlz_create(const char *dlzname, unsigned int argc, char *argv[], cd->dl_path = isc_mem_strdup(cd->mctx, argv[1]); if (cd->dl_path == NULL) { + result = ISC_R_NOMEMORY; goto failed; } cd->dlzname = isc_mem_strdup(cd->mctx, dlzname); if (cd->dlzname == NULL) { + result = ISC_R_NOMEMORY; goto failed; } @@ -277,6 +279,7 @@ dlopen_dlz_create(const char *dlzname, unsigned int argc, char *argv[], dlopen_log(ISC_LOG_ERROR, "dlz_dlopen failed to open library '%s' - %s", cd->dl_path, dlerror()); + result = ISC_R_FAILURE; goto failed; } @@ -295,6 +298,7 @@ dlopen_dlz_create(const char *dlzname, unsigned int argc, char *argv[], cd->dlz_findzonedb == NULL) { /* We're missing a required symbol */ + result = ISC_R_FAILURE; goto failed; } @@ -330,6 +334,7 @@ dlopen_dlz_create(const char *dlzname, unsigned int argc, char *argv[], "dlz_dlopen: incorrect version %d " "should be %d in '%s'", cd->version, DLZ_DLOPEN_VERSION, cd->dl_path); + result = ISC_R_FAILURE; goto failed; } @@ -373,7 +378,6 @@ failed: return (result); } - /* * Called when bind is shutting down */ diff --git a/bin/named/unix/os.c b/bin/named/unix/os.c index d6c82a764ad8b..18e8c39103733 100644 --- a/bin/named/unix/os.c +++ b/bin/named/unix/os.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2011, 2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -197,8 +197,8 @@ linux_setcaps(cap_t caps) { #ifdef HAVE_LIBCAP #define SET_CAP(flag) \ do { \ - capval = (flag); \ cap_flag_value_t curval; \ + capval = (flag); \ err = cap_get_flag(curcaps, capval, CAP_PERMITTED, &curval); \ if (err != -1 && curval) { \ err = cap_set_flag(caps, CAP_EFFECTIVE, 1, &capval, CAP_SET); \ @@ -607,7 +607,7 @@ ns_os_changeuser(void) { } void -ns_os_adjustnofile() { +ns_os_adjustnofile(void) { #ifdef HAVE_LINUXTHREADS isc_result_t result; isc_resourcevalue_t newvalue; diff --git a/bin/named/update.c b/bin/named/update.c index f3ad83878532c..01e3c58de5738 100644 --- a/bin/named/update.c +++ b/bin/named/update.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -2887,10 +2887,18 @@ update_action(isc_task_t *task, isc_event_t *event) { dns_diff_clear(&ctx.del_diff); dns_diff_clear(&ctx.add_diff); } else { - CHECK(do_diff(&ctx.del_diff, db, ver, - &diff)); - CHECK(do_diff(&ctx.add_diff, db, ver, - &diff)); + result = do_diff(&ctx.del_diff, db, ver, + &diff); + if (result == ISC_R_SUCCESS) { + result = do_diff(&ctx.add_diff, + db, ver, + &diff); + } + if (result != ISC_R_SUCCESS) { + dns_diff_clear(&ctx.del_diff); + dns_diff_clear(&ctx.add_diff); + goto failure; + } CHECK(update_one_rr(db, ver, &diff, DNS_DIFFOP_ADD, name, ttl, &rdata)); @@ -3039,10 +3047,9 @@ update_action(isc_task_t *task, isc_event_t *event) { #define ALLOW_SECURE_TO_INSECURE(zone) \ ((dns_zone_getoptions(zone) & DNS_ZONEOPT_SECURETOINSECURE) != 0) + CHECK(rrset_exists(db, oldver, zonename, dns_rdatatype_dnskey, + 0, &had_dnskey)); if (!ALLOW_SECURE_TO_INSECURE(zone)) { - CHECK(rrset_exists(db, oldver, zonename, - dns_rdatatype_dnskey, 0, - &had_dnskey)); if (had_dnskey && !has_dnskey) { update_log(client, zone, LOGLEVEL_PROTOCOL, "update rejected: all DNSKEY " diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c index 3369c42de1f91..b3839762d3362 100644 --- a/bin/named/zoneconf.c +++ b/bin/named/zoneconf.c @@ -1082,7 +1082,12 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, obj = NULL; result = ns_config_get(maps, "also-notify", &obj); - if (result == ISC_R_SUCCESS) { + if (result == ISC_R_SUCCESS && + (notifytype == dns_notifytype_yes || + notifytype == dns_notifytype_explicit || + (notifytype == dns_notifytype_masteronly && + ztype == dns_zone_master))) + { isc_uint32_t addrcount; addrs = NULL; keynames = NULL; |