upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-27 12:13:20 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge branch '3740-rpz-reconfig-v9_18' into 'v9_18'

Browse source 
A couple of RPZ options were not reconfigured as expected

See merge request isc-projects/bind9!7238
This commit is contained in:
Tony Finch 2022-12-16 10:15:31 +00:00
commit 4d8f551195
3 changed files with 25 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
CHANGES
View file

@ -1,3 +1,7 @@
6050. [bug] Changes to the RPZ response-policy min-update-interval
and add-soa options now take effect as expected when
named is reconfigured. [GL #3740]
6048. [bug] Fix a log message error in dns_catz_update_from_db(),
where serials with values of 2^31 or larger were logged
incorrectly as negative numbers. [GL #3742]

11
bin/named/server.c
View file

@ -2311,6 +2311,9 @@ configure_rpz_zone(dns_view_t *view, const cfg_listelt_t *element,
} else {
zone->max_policy_ttl = ttl_default;
}
if (*old_rpz_okp && zone->max_policy_ttl != old->max_policy_ttl) {
*old_rpz_okp = false;
}
obj = cfg_tuple_get(rpz_obj, "min-update-interval");
if (cfg_obj_isduration(obj)) {
@ -2318,8 +2321,9 @@ configure_rpz_zone(dns_view_t *view, const cfg_listelt_t *element,
} else {
zone->min_update_interval = minupdateinterval_default;
}
if (*old_rpz_okp && zone->max_policy_ttl != old->max_policy_ttl) {
if (*old_rpz_okp &&
zone->min_update_interval != old->min_update_interval)
{
*old_rpz_okp = false;
}
@ -2422,6 +2426,9 @@ configure_rpz_zone(dns_view_t *view, const cfg_listelt_t *element,
} else {
zone->addsoa = cfg_obj_asboolean(obj);
}
if (*old_rpz_okp && zone->addsoa != old->addsoa) {
*old_rpz_okp = false;
}
return (ISC_R_SUCCESS);
}

13
bin/tests/system/rpz/tests.sh
View file

@ -920,7 +920,18 @@ EOF
if [ native = "$mode" ]; then
t=`expr $t + 1`
echo_i "checking that "add-soa unset" works (${t})"
echo_i "reconfiguring server with 'add-soa no' (${t})"
cp ns3/named.conf ns3/named.conf.tmp
sed -e "s/add-soa yes/add-soa no/g" < ns3/named.conf.tmp > ns3/named.conf
rndc_reconfig ns3 $ns3
echo_i "checking that 'add-soa no' at response-policy level works (${t})"
$DIG walled.tld2 -p ${PORT} +noall +add @$ns3 > dig.out.${t}
grep "^manual-update-rpz\..*SOA" dig.out.${t} > /dev/null && setret "failed"
fi
if [ native = "$mode" ]; then
t=`expr $t + 1`
echo_i "checking that 'add-soa unset' works (${t})"
$DIG walled.tld2 -p ${PORT} +noall +add @$ns8 > dig.out.${t}
grep "^manual-update-rpz\..*SOA" dig.out.${t} > /dev/null || setret "failed"
fi