upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-11 13:50:00 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

1510. [func] New view option "root-delegation-only". Apply

Browse source 
delegation-only check to all TLDs and root.
                        Note there are some TLDs that are NOT delegation
                        only (e.g. DE and MUSEUM) these can be excluded
                        from the checks buy using exclude.

                        root-delegation-only exclude { "DE"; "MUSEUM"; };
This commit is contained in:
Mark Andrews 2003-09-19 12:39:49 +00:00
parent da34d92aee
commit 0b1da8124c
7 changed files with 200 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
CHANGES
View file

@ -1,3 +1,11 @@
1510. [func] New view option "root-delegation-only". Apply
delegation-only check to all TLDs and root.
Note there are some TLDs that are NOT delegation
only (e.g. DE and MUSEUM) these can be excluded
from the checks buy using exclude.
root-delegation-only exclude { "DE"; "MUSEUM"; };
1509. [bug] Hint zones should accept delegation-only. Forward
zone should not accept delegation-only.

31
bin/named/server.c
View file

@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: server.c,v 1.402 2003/09/19 05:53:26 marka Exp $ */
/* $Id: server.c,v 1.403 2003/09/19 12:39:47 marka Exp $ */
#include <config.h>
@ -1002,6 +1002,35 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
} else
view->preferred_glue = 0;
obj = NULL;
result = ns_config_get(maps, "root-delegation-only", &obj);
if (result == ISC_R_SUCCESS) {
dns_view_setrootdelonly(view, ISC_TRUE);
if (!cfg_obj_isvoid(obj)) {
dns_fixedname_t fixed;
dns_name_t *name;
isc_buffer_t b;
char *str;
cfg_obj_t *exclude;
dns_fixedname_init(&fixed);
name = dns_fixedname_name(&fixed);
for (element = cfg_list_first(obj);
element != NULL;
element = cfg_list_next(element)) {
exclude = cfg_listelt_value(element);
str = cfg_obj_asstring(exclude);
isc_buffer_init(&b, str, strlen(str));
isc_buffer_add(&b, strlen(str));
CHECK(dns_name_fromtext(name, &b, dns_rootname,
ISC_FALSE, NULL));
CHECK(dns_view_excludedelegationonly(view,
name));
}
}
} else
dns_view_setrootdelonly(view, ISC_FALSE);
result = ISC_R_SUCCESS;
cleanup:

17
doc/arm/Bv9ARM-book.xml
View file

@ -2,7 +2,7 @@
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
"http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd">
<!-- File: $Id: Bv9ARM-book.xml,v 1.224 2003/09/19 05:53:26 marka Exp $ -->
<!-- File: $Id: Bv9ARM-book.xml,v 1.225 2003/09/19 12:39:47 marka Exp $ -->
<book>
<title>BIND 9 Administrator Reference Manual</title>
@ -2811,6 +2811,7 @@ statement in the <filename>named.conf</filename> file:</para>
<optional> match-mapped-addresses <replaceable>yes_or_no</replaceable>; </optional>
<optional> preferred-glue ( <replaceable>A</replaceable> | <replaceable>AAAA</replaceable> | <replaceable>NONE</replaceable> ); </optional>
<optional> edns-udp-size <replaceable>number</replaceable>; </optional>
<optional> root-delegation-only <optional> exclude { <replaceable>namelist</replaceable> } </optional> ; </optional>
};
</programlisting>
</sect2>
@ -2935,6 +2936,20 @@ The default is not to preference any type (NONE).
</para>
</listitem></varlistentry>
<varlistentry><term><command>root-delegation-only</command></term>
<listitem><para>
Turn on enforcment of delegation-only in TLDs and root zones with an optional
exclude list.
</para>
<para>
Note some TLDs are NOT delegation only (e.g. "DE" and "MUSEUM").
</para>
<programlisting>
options {
root-delegation-only exclude { "de"; "museum"; };
};
</programlisting>
</listitem></varlistentry>
</variablelist>

35
lib/bind9/check.c
View file

@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: check.c,v 1.39 2003/09/19 05:53:27 marka Exp $ */
/* $Id: check.c,v 1.40 2003/09/19 12:39:48 marka Exp $ */
#include <config.h>
@ -279,6 +279,39 @@ check_options(cfg_obj_t *options, isc_log_t *logctx) {
"preferred-glue unexpected value '%s'",
str);
}
obj = NULL;
(void)cfg_map_get(options, "root-delegation-only", &obj);
if (obj != NULL) {
if (!cfg_obj_isvoid(obj)) {
cfg_listelt_t *element;
cfg_obj_t *exclude;
char *str;
dns_fixedname_t fixed;
dns_name_t *name;
isc_buffer_t b;
isc_result_t tresult;
dns_fixedname_init(&fixed);
name = dns_fixedname_name(&fixed);
for (element = cfg_list_first(obj);
element != NULL;
element = cfg_list_next(element)) {
exclude = cfg_listelt_value(element);
str = cfg_obj_asstring(exclude);
isc_buffer_init(&b, str, strlen(str));
isc_buffer_add(&b, strlen(str));
tresult = dns_name_fromtext(name, &b,
dns_rootname,
ISC_FALSE, NULL);
if (tresult != ISC_R_SUCCESS) {
cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
"bad domain name '%s'",
str);
result = tresult;
}
}
}
}
return (result);
}

40
lib/dns/include/dns/view.h
View file

@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: view.h,v 1.83 2003/09/17 05:24:43 marka Exp $ */
/* $Id: view.h,v 1.84 2003/09/19 12:39:48 marka Exp $ */
#ifndef DNS_VIEW_H
#define DNS_VIEW_H 1
@ -120,6 +120,8 @@ struct dns_view {
dns_rdatatype_t preferred_glue;
isc_boolean_t flush;
dns_namelist_t * delonly;
isc_boolean_t rootdelonly;
dns_namelist_t * rootexlude;;
/*
* Configurable data for server use only,
@ -720,6 +722,22 @@ isc_result_t
dns_view_adddelegationonly(dns_view_t *view, dns_name_t *name);
/*
* Add the given name to the delegation only table.
*
*
* Requires:
* 'view' is valid.
* 'name' is valid.
*
* Returns:
* ISC_R_SUCCESS
* ISC_R_NOMEMORY
*/
isc_result_t
dns_view_excludedelegationonly(dns_view_t *view, dns_name_t *name);
/*
* Add the given name to be excluded from the root-delegation-only.
*
*
* Requires:
* 'view' is valid.
@ -733,7 +751,8 @@ dns_view_adddelegationonly(dns_view_t *view, dns_name_t *name);
isc_boolean_t
dns_view_isdelegationonly(dns_view_t *view, dns_name_t *name);
/*
* Check if 'name' is in the delegation only table.
* Check if 'name' is in the delegation only table or if
* rootdelonly is set that name is not being excluded.
*
* Requires:
* 'view' is valid.
@ -744,7 +763,22 @@ dns_view_isdelegationonly(dns_view_t *view, dns_name_t *name);
* ISC_FALSE othewise.
*/
void
dns_view_setrootdelonly(dns_view_t *view, isc_boolean_t value);
/*
* Set the root delegation only flag.
*
* Requires:
* 'view' is valid.
*/
ISC_LANG_ENDDECLS
isc_boolean_t
dns_view_getrootdelonly(dns_view_t *view);
/*
* Get the root delegation only flag.
*
* Requires:
* 'view' is valid.
*/
#endif /* DNS_VIEW_H */

64
lib/dns/view.c
View file

@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: view.c,v 1.118 2003/09/17 15:01:26 marka Exp $ */
/* $Id: view.c,v 1.119 2003/09/19 12:39:48 marka Exp $ */
#include <config.h>
@ -1224,6 +1224,41 @@ dns_view_adddelegationonly(dns_view_t *view, dns_name_t *name) {
return (result);
}
isc_result_t
dns_view_excludedelegationonly(dns_view_t *view, dns_name_t *name) {
isc_result_t result;
dns_name_t *new;
isc_uint32_t hash;
REQUIRE(DNS_VIEW_VALID(view));
if (view->rootexlude == NULL) {
view->rootexlude = isc_mem_get(view->mctx,
sizeof(dns_namelist_t) *
DNS_VIEW_DELONLYHASH);
if (view->rootexlude == NULL)
return (ISC_R_NOMEMORY);
for (hash = 0; hash < DNS_VIEW_DELONLYHASH; hash++)
ISC_LIST_INIT(view->delonly[hash]);
}
hash = dns_name_hash(name, ISC_FALSE) % DNS_VIEW_DELONLYHASH;
new = ISC_LIST_HEAD(view->rootexlude[hash]);
while (new != NULL && !dns_name_equal(new, name))
new = ISC_LIST_NEXT(new, link);
if (new != NULL)
return (ISC_R_SUCCESS);
new = isc_mem_get(view->mctx, sizeof(*new));
if (new == NULL)
return (ISC_R_NOMEMORY);
dns_name_init(new, NULL);
result = dns_name_dup(name, view->mctx, new);
if (result == ISC_R_SUCCESS)
ISC_LIST_APPEND(view->rootexlude[hash], new, link);
else
isc_mem_put(view->mctx, new, sizeof(*new));
return (result);
}
isc_boolean_t
dns_view_isdelegationonly(dns_view_t *view, dns_name_t *name) {
dns_name_t *new;
@ -1231,10 +1266,23 @@ dns_view_isdelegationonly(dns_view_t *view, dns_name_t *name) {
REQUIRE(DNS_VIEW_VALID(view));
if (view->delonly == NULL)
if (!view->rootdelonly && view->delonly == NULL)
return (ISC_FALSE);
hash = dns_name_hash(name, ISC_FALSE) % DNS_VIEW_DELONLYHASH;
if (view->rootdelonly && dns_name_countlabels(name) <= 2) {
if (view->rootexlude == NULL)
return (ISC_TRUE);
new = ISC_LIST_HEAD(view->rootexlude[hash]);
while (new != NULL && !dns_name_equal(new, name))
new = ISC_LIST_NEXT(new, link);
if (new == NULL)
return (ISC_TRUE);
}
if (view->delonly == NULL)
return (ISC_FALSE);
new = ISC_LIST_HEAD(view->delonly[hash]);
while (new != NULL && !dns_name_equal(new, name))
new = ISC_LIST_NEXT(new, link);
@ -1242,3 +1290,15 @@ dns_view_isdelegationonly(dns_view_t *view, dns_name_t *name) {
return (ISC_FALSE);
return (ISC_TRUE);
}
void
dns_view_setrootdelonly(dns_view_t *view, isc_boolean_t value) {
REQUIRE(DNS_VIEW_VALID(view));
view->rootdelonly = value;
}
isc_boolean_t
dns_view_getrootdelonly(dns_view_t *view) {
REQUIRE(DNS_VIEW_VALID(view));
return (view->rootdelonly);
}

14
lib/isccfg/namedconf.c
View file

@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: namedconf.c,v 1.22 2003/09/17 05:24:43 marka Exp $ */
/* $Id: namedconf.c,v 1.23 2003/09/19 12:39:49 marka Exp $ */
#include <config.h>
@ -607,6 +607,17 @@ options_clauses[] = {
{ NULL, NULL, 0 }
};
static cfg_type_t cfg_type_namelist = {
"namelist", cfg_parse_bracketed_list, cfg_print_bracketed_list,
cfg_doc_bracketed_list, &cfg_rep_list, &cfg_type_qstring };
static keyword_type_t exclude_kw = { "exclude", &cfg_type_namelist };
static cfg_type_t cfg_type_optional_exclude = {
"optional_exclude", parse_optional_keyvalue, print_keyvalue,
doc_optional_keyvalue, &cfg_rep_list, &exclude_kw };
/*
* Clauses that can be found within the 'view' statement,
* with defaults in the 'options' statement.
@ -649,6 +660,7 @@ view_clauses[] = {
{ "preferred-glue", &cfg_type_astring, 0 },
{ "dual-stack-servers", &cfg_type_nameportiplist, 0 },
{ "edns-udp-size", &cfg_type_uint32, 0 },
{ "root-delegation-only", &cfg_type_optional_exclude, 0 },
{ NULL, NULL, 0 }
};