diff --git a/CHANGES b/CHANGES index 369bc0db4f..a31e863b97 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,7 @@ +4786. [func] The "filter-aaaa-on-v4" and "filter-aaaa-on-v6" + options are no longer conditionally compiled. + [RT #46340] + 4785. [func] The hmac-md5 algorithm is no longer recommended for use with RNDC keys. For compatibility reasons, it it is still the default algorithm in rndc-confgen, diff --git a/bin/named/config.c b/bin/named/config.c index 6a0075bd7e..a9be410a9f 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -156,12 +156,10 @@ options {\n\ # fetch-glue ;\n\ fetch-quota-params 100 0.1 0.3 0.7;\n\ fetches-per-server 0;\n\ - fetches-per-zone 0;\n" -#ifdef ALLOW_FILTER_AAAA -" filter-aaaa-on-v4 no;\n\ + fetches-per-zone 0;\n\ + filter-aaaa-on-v4 no;\n\ filter-aaaa-on-v6 no;\n\ filter-aaaa { any; };\n" -#endif #ifdef HAVE_GEOIP " geoip-use-ecs yes;\n" #endif diff --git a/bin/named/server.c b/bin/named/server.c index 969c6e494d..70ffcfa1b0 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -4874,7 +4874,6 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, dns_quotatype_zone, r); } -#ifdef ALLOW_FILTER_AAAA obj = NULL; result = named_config_get(maps, "filter-aaaa-on-v4", &obj); INSIST(result == ISC_R_SUCCESS); @@ -4909,7 +4908,7 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, CHECK(configure_view_acl(vconfig, config, "filter-aaaa", NULL, actx, named_g_mctx, &view->aaaa_acl)); -#endif + obj = NULL; result = named_config_get(maps, "prefetch", &obj); if (result == ISC_R_SUCCESS) { diff --git a/bin/tests/system/feature-test.c b/bin/tests/system/feature-test.c index 2b831972b0..155ea7615e 100644 --- a/bin/tests/system/feature-test.c +++ b/bin/tests/system/feature-test.c @@ -36,7 +36,6 @@ usage() { fprintf(stderr, "args:\n"); fprintf(stderr, " --edns-version\n"); fprintf(stderr, " --enable-dnsrps\n"); - fprintf(stderr, " --enable-filter-aaaa\n"); fprintf(stderr, " --gethostname\n"); fprintf(stderr, " --gssapi\n"); fprintf(stderr, " --have-dlopen\n"); @@ -63,14 +62,6 @@ main(int argc, char **argv) { #endif } - if (strcmp(argv[1], "--enable-filter-aaaa") == 0) { -#ifdef ALLOW_FILTER_AAAA - return (0); -#else - return (1); -#endif - } - if (strcmp(argv[1], "--edns-version") == 0) { #ifdef DNS_EDNS_VERSION printf("%d\n", DNS_EDNS_VERSION); diff --git a/bin/tests/system/filter-aaaa/prereq.sh b/bin/tests/system/filter-aaaa/prereq.sh deleted file mode 100644 index 31f9ac6a46..0000000000 --- a/bin/tests/system/filter-aaaa/prereq.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh -# -# Copyright (C) 2010, 2012, 2014, 2016 Internet Systems Consortium, Inc. ("ISC") -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -SYSTEMTESTTOP=.. -. $SYSTEMTESTTOP/conf.sh - -$FEATURETEST --enable-filter-aaaa || { - echo "I:This test requires --enable-filter-aaaa at compile time." >&2 - exit 255 -} -exit 0 diff --git a/config.h.in b/config.h.in index 24a1780e8d..078428626c 100644 --- a/config.h.in +++ b/config.h.in @@ -141,10 +141,6 @@ int sigwait(const unsigned int *set, int *sig); /* Use AES for Client Cookie generation */ #undef AES_CC -/* Define to enable the "filter-aaaa-on-v4" and "filter-aaaa-on-v6" options. - */ -#undef ALLOW_FILTER_AAAA - /* define if ATF unit tests are to be built. */ #undef ATF_TEST diff --git a/config.h.win32 b/config.h.win32 index b2050557ef..28901e2940 100644 --- a/config.h.win32 +++ b/config.h.win32 @@ -306,10 +306,6 @@ typedef __int64 off_t; /* Define to the sockaddr length type used by getnameinfo(3). */ #define IRS_GETNAMEINFO_SOCKLEN_T socklen_t -/* Define to enable the "filter-aaaa-on-v4" and "filter-aaaa-on-v6" options. - */ -@ALLOW_FILTER_AAAA@ - /* Define to enable "rrset-order fixed" syntax. */ @DNS_RDATASET_FIXED@ diff --git a/configure b/configure index f3716b4f31..827281a0bb 100755 --- a/configure +++ b/configure @@ -940,6 +940,7 @@ infodir docdir oldincludedir includedir +runstatedir localstatedir sharedstatedir sysconfdir @@ -1033,7 +1034,6 @@ enable_dnsrps_dl with_dnsrps_libname with_dnsrps_dir enable_dnsrps -enable_filter_aaaa enable_dnstap with_protobuf_c with_libfstrm @@ -1103,6 +1103,7 @@ datadir='${datarootdir}' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' +runstatedir='${localstatedir}/run' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' @@ -1355,6 +1356,15 @@ do | -silent | --silent | --silen | --sile | --sil) silent=yes ;; + -runstatedir | --runstatedir | --runstatedi | --runstated \ + | --runstate | --runstat | --runsta | --runst | --runs \ + | --run | --ru | --r) + ac_prev=runstatedir ;; + -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ + | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ + | --run=* | --ru=* | --r=*) + runstatedir=$ac_optarg ;; + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ @@ -1492,7 +1502,7 @@ fi for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ - libdir localedir mandir + libdir localedir mandir runstatedir do eval ac_val=\$$ac_var # Remove trailing slashes. @@ -1645,6 +1655,7 @@ Fine tuning of the installation directories: --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] @@ -1719,7 +1730,6 @@ Optional Features: --disable-rpz-nsdname disable rpz nsdname rules [default=enabled] --enable-dnsrps-dl DNS Response Policy Service delayed link [default=$librpz_dl] --enable-dnsrps enable DNS Response Policy Service API - --enable-filter-aaaa enable filtering of AAAA records [default=no] --enable-dnstap enable dnstap support (requires fstrm, protobuf-c) --enable-querytrace enable very verbose query trace logging [default=no] --enable-full-report report values of all configure options @@ -11470,7 +11480,6 @@ yes) test "${enable_fixed_rrset+set}" = set || enable_fixed_rrset=yes test "${enable_querytrace+set}" = set || enable_querytrace=yes test "${with_atf+set}" = set || with_atf=yes - test "${enable_filter_aaaa+set}" = set || enable_filter_aaaa=yes test "${with_dlz_filesystem+set}" = set || with_dlz_filesystem=yes test "${enable_symtable+set}" = set || enable_symtable=all test "${enable_warn_error+set}" = set || enable_warn_error=yes @@ -20944,28 +20953,6 @@ $as_echo "#define USE_DNSRPS 1" >>confdefs.h fi -# -# Activate "filter-aaaa-on-v4/v6" or not? -# -# Check whether --enable-filter-aaaa was given. -if test "${enable_filter_aaaa+set}" = set; then : - enableval=$enable_filter_aaaa; enable_filter="$enableval" -else - enable_filter="no" -fi - -case "$enable_filter" in - yes) - -$as_echo "#define ALLOW_FILTER_AAAA 1" >>confdefs.h - - ;; - no) - ;; - *) - ;; -esac - # # Activate dnstap? # @@ -26238,8 +26225,6 @@ report() { echo " DNS Response Policy Service interface (--enable-dnsrps)" test "yes" = "$enable_fixed" && \ echo " Allow 'fixed' rrset-order (--enable-fixed-rrset)" - test "yes" = "$enable_filter" && \ - echo " AAAA filtering (--enable-filter-aaaa)" test "yes" = "$enable_seccomp" && \ echo " Use libseccomp system call filtering (--enable-seccomp)" test "yes" = "$want_backtrace" && \ diff --git a/configure.in b/configure.in index 11545190db..89024c242a 100644 --- a/configure.in +++ b/configure.in @@ -66,7 +66,6 @@ yes) test "${enable_fixed_rrset+set}" = set || enable_fixed_rrset=yes test "${enable_querytrace+set}" = set || enable_querytrace=yes test "${with_atf+set}" = set || with_atf=yes - test "${enable_filter_aaaa+set}" = set || enable_filter_aaaa=yes test "${with_dlz_filesystem+set}" = set || with_dlz_filesystem=yes test "${enable_symtable+set}" = set || enable_symtable=all test "${enable_warn_error+set}" = set || enable_warn_error=yes @@ -4413,24 +4412,6 @@ if test "x$enable_dnsrps" != "xno"; then AC_DEFINE([USE_DNSRPS], [1], [Enable DNS Response Policy Service API]) fi -# -# Activate "filter-aaaa-on-v4/v6" or not? -# -AC_ARG_ENABLE(filter-aaaa, - [ --enable-filter-aaaa enable filtering of AAAA records [[default=no]]], - enable_filter="$enableval", - enable_filter="no") -case "$enable_filter" in - yes) - AC_DEFINE(ALLOW_FILTER_AAAA, 1, - [Define to enable the "filter-aaaa-on-v4" and "filter-aaaa-on-v6" options.]) - ;; - no) - ;; - *) - ;; -esac - # # Activate dnstap? # @@ -5481,8 +5462,6 @@ report() { echo " DNS Response Policy Service interface (--enable-dnsrps)" test "yes" = "$enable_fixed" && \ echo " Allow 'fixed' rrset-order (--enable-fixed-rrset)" - test "yes" = "$enable_filter" && \ - echo " AAAA filtering (--enable-filter-aaaa)" test "yes" = "$enable_seccomp" && \ echo " Use libseccomp system call filtering (--enable-seccomp)" test "yes" = "$want_backtrace" && \ diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml index 42e9478876..60e103077d 100644 --- a/doc/arm/Bv9ARM-book.xml +++ b/doc/arm/Bv9ARM-book.xml @@ -6714,10 +6714,7 @@ options { filter-aaaa-on-v4 - This option is only available when - BIND 9 is compiled with the - --enable-filter-aaaa option on the - "configure" command line. It is intended to help the + This option is intended to help the transition from IPv4 to IPv6 by not giving IPv6 addresses to DNS clients unless they have connections to the IPv6 Internet. This is not recommended unless absolutely diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml index a213ade042..5f08662a2f 100644 --- a/doc/arm/notes.xml +++ b/doc/arm/notes.xml @@ -693,6 +693,13 @@ catagory. + + + The filter-aaaa-on-v4 and + filter-aaaa-on-v6 options are no longer + conditionally compiled in named. [RT #46340] + + diff --git a/lib/dns/include/dns/message.h b/lib/dns/include/dns/message.h index 2ca4d22dfc..5961b5d637 100644 --- a/lib/dns/include/dns/message.h +++ b/lib/dns/include/dns/message.h @@ -176,9 +176,7 @@ typedef int dns_messagetextflag_t; additional section. */ #define DNS_MESSAGERENDER_PREFER_AAAA 0x0010 /*%< prefer AAAA records in additional section. */ -#ifdef ALLOW_FILTER_AAAA #define DNS_MESSAGERENDER_FILTER_AAAA 0x0020 /*%< filter AAAA records */ -#endif typedef struct dns_msgblock dns_msgblock_t; diff --git a/lib/dns/message.c b/lib/dns/message.c index 79d1d05eb5..081952385d 100644 --- a/lib/dns/message.c +++ b/lib/dns/message.c @@ -1897,7 +1897,6 @@ wrong_priority(dns_rdataset_t *rds, int pass, dns_rdatatype_t preferred_glue) { return (ISC_TRUE); } -#ifdef ALLOW_FILTER_AAAA /* * Decide whether to not answer with an AAAA record and its RRSIG */ @@ -1939,7 +1938,6 @@ norender_rdataset(const dns_rdataset_t *rdataset, unsigned int options, return (ISC_TRUE); } -#endif static isc_result_t renderset(dns_rdataset_t *rdataset, const dns_name_t *owner_name, @@ -2100,13 +2098,14 @@ dns_message_rendersection(dns_message_t *msg, dns_section_t sectionid, preferred_glue)) goto next; -#ifdef ALLOW_FILTER_AAAA /* * Suppress AAAAs if asked and we are * not doing DNSSEC or are breaking DNSSEC. * Say so in the AD bit if we break DNSSEC. */ - if (norender_rdataset(rdataset, options, sectionid)) { + if (norender_rdataset(rdataset, options, + sectionid)) + { if (sectionid == DNS_SECTION_ANSWER || sectionid == DNS_SECTION_AUTHORITY) msg->flags &= ~DNS_MESSAGEFLAG_AD; @@ -2115,7 +2114,6 @@ dns_message_rendersection(dns_message_t *msg, dns_section_t sectionid, goto next; } -#endif st = *(msg->buffer); count = 0; diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c index 849859c1c6..e84ea17bb9 100644 --- a/lib/isccfg/namedconf.c +++ b/lib/isccfg/namedconf.c @@ -1895,18 +1895,9 @@ view_clauses[] = { { "fetch-quota-params", &cfg_type_fetchquota, 0 }, { "fetches-per-server", &cfg_type_fetchesper, 0 }, { "fetches-per-zone", &cfg_type_fetchesper, 0 }, -#ifdef ALLOW_FILTER_AAAA { "filter-aaaa", &cfg_type_bracketed_aml, 0 }, { "filter-aaaa-on-v4", &cfg_type_filter_aaaa, 0 }, { "filter-aaaa-on-v6", &cfg_type_filter_aaaa, 0 }, -#else - { "filter-aaaa", &cfg_type_bracketed_aml, - CFG_CLAUSEFLAG_NOTCONFIGURED }, - { "filter-aaaa-on-v4", &cfg_type_filter_aaaa, - CFG_CLAUSEFLAG_NOTCONFIGURED }, - { "filter-aaaa-on-v6", &cfg_type_filter_aaaa, - CFG_CLAUSEFLAG_NOTCONFIGURED }, -#endif { "glue-cache", &cfg_type_boolean, 0 }, { "ixfr-from-differences", &cfg_type_ixfrdifftype, 0 }, { "lame-ttl", &cfg_type_ttlval, 0 }, diff --git a/lib/ns/client.c b/lib/ns/client.c index dd316387a5..54db1d93ed 100644 --- a/lib/ns/client.c +++ b/lib/ns/client.c @@ -1096,7 +1096,6 @@ client_send(ns_client_t *client) { preferred_glue = DNS_MESSAGERENDER_PREFER_AAAA; } -#ifdef ALLOW_FILTER_AAAA /* * filter-aaaa-on-v4 yes or break-dnssec option to suppress * AAAA records. @@ -1113,7 +1112,6 @@ client_send(ns_client_t *client) { if (preferred_glue == DNS_MESSAGERENDER_PREFER_AAAA) preferred_glue = DNS_MESSAGERENDER_PREFER_A; } -#endif /* * Create an OPT for our reply. @@ -3033,9 +3031,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) { client->interface = NULL; client->peeraddr_valid = ISC_FALSE; dns_ecs_init(&client->ecs); -#ifdef ALLOW_FILTER_AAAA client->filter_aaaa = dns_aaaa_ok; -#endif client->needshutdown = ISC_TF((client->sctx->options & NS_SERVER_CLIENTTEST) != 0); diff --git a/lib/ns/include/ns/client.h b/lib/ns/include/ns/client.h index e5ec70dacf..9034910b1e 100644 --- a/lib/ns/include/ns/client.h +++ b/lib/ns/include/ns/client.h @@ -141,9 +141,7 @@ struct ns_client { struct in6_pktinfo pktinfo; isc_dscp_t dscp; isc_event_t ctlevent; -#ifdef ALLOW_FILTER_AAAA dns_aaaa_t filter_aaaa; -#endif /*% * Information about recent FORMERR response(s), for * FORMERR loop avoidance. This is separate for each @@ -180,10 +178,8 @@ typedef ISC_LIST(ns_client_t) client_list_t; #define NS_CLIENTATTR_MULTICAST 0x00008 /*%< recv'd from multicast */ #define NS_CLIENTATTR_WANTDNSSEC 0x00010 /*%< include dnssec records */ #define NS_CLIENTATTR_WANTNSID 0x00020 /*%< include nameserver ID */ -#ifdef ALLOW_FILTER_AAAA #define NS_CLIENTATTR_FILTER_AAAA 0x00040 /*%< suppress AAAAs */ #define NS_CLIENTATTR_FILTER_AAAA_RC 0x00080 /*%< recursing for A against AAAA */ -#endif #define NS_CLIENTATTR_WANTAD 0x00100 /*%< want AD in response if possible */ #define NS_CLIENTATTR_WANTCOOKIE 0x00200 /*%< return a COOKIE */ #define NS_CLIENTATTR_HAVECOOKIE 0x00400 /*%< has a valid COOKIE */ diff --git a/lib/ns/query.c b/lib/ns/query.c index d492698741..b9596716bb 100644 --- a/lib/ns/query.c +++ b/lib/ns/query.c @@ -1832,9 +1832,7 @@ query_addadditional(void *arg, const dns_name_t *name, dns_rdatatype_t qtype) { } if (qtype == dns_rdatatype_a) { -#ifdef ALLOW_FILTER_AAAA isc_boolean_t have_a = ISC_FALSE; -#endif /* * We now go looking for A and AAAA records, along with @@ -1873,9 +1871,7 @@ query_addadditional(void *arg, const dns_name_t *name, dns_rdatatype_t qtype) { dns_rdataset_disassociate(sigrdataset); } else if (result == ISC_R_SUCCESS) { mname = NULL; -#ifdef ALLOW_FILTER_AAAA have_a = ISC_TRUE; -#endif if (additionaltype == dns_rdatasetadditional_fromcache && (DNS_TRUST_PENDING(rdataset->trust) || DNS_TRUST_GLUE(rdataset->trust)) && @@ -1935,14 +1931,12 @@ query_addadditional(void *arg, const dns_name_t *name, dns_rdatatype_t qtype) { /* * There's an A; check whether we're filtering AAAA */ -#ifdef ALLOW_FILTER_AAAA if (have_a && (client->filter_aaaa == dns_aaaa_break_dnssec || (client->filter_aaaa == dns_aaaa_filter && (!WANTDNSSEC(client) || sigrdataset == NULL || !dns_rdataset_isassociated(sigrdataset))))) goto addname; -#endif if (additionaltype == dns_rdatasetadditional_fromcache && (DNS_TRUST_PENDING(rdataset->trust) || DNS_TRUST_GLUE(rdataset->trust)) && @@ -2071,13 +2065,11 @@ query_addrdataset(ns_client_t *client, dns_section_t section, if (dbversion == NULL) goto regular; -#ifdef ALLOW_FILTER_AAAA if (client->filter_aaaa == dns_aaaa_filter || client->filter_aaaa == dns_aaaa_break_dnssec) { options |= DNS_RDATASETADDGLUE_FILTERAAAA; } -#endif result = dns_rdataset_addglue(rdataset, dbversion->version, options, client->message); @@ -4553,7 +4545,6 @@ query_findclosestnsec3(dns_name_t *qname, dns_db_t *db, return; } -#ifdef ALLOW_FILTER_AAAA static isc_boolean_t is_v4_client(ns_client_t *client) { if (isc_sockaddr_pf(&client->peeraddr) == AF_INET) @@ -4571,7 +4562,6 @@ is_v6_client(ns_client_t *client) { return (ISC_TRUE); return (ISC_FALSE); } -#endif static isc_uint32_t dns64_ttl(dns_db_t *db, dns_dbversion_t *version) { @@ -6522,7 +6512,6 @@ query_respond_any(query_ctx_t *qctx) { dns_rdatasetiter_t *rdsiter = NULL; isc_result_t result; dns_rdatatype_t onetype = 0; /* type to use for minimal-any */ -#ifdef ALLOW_FILTER_AAAA isc_boolean_t have_aaaa, have_a, have_sig; /* @@ -6533,7 +6522,6 @@ query_respond_any(query_ctx_t *qctx) { have_aaaa = ISC_FALSE; have_a = !qctx->authoritative; have_sig = ISC_FALSE; -#endif result = dns_db_allrdatasets(qctx->db, qctx->node, qctx->version, 0, &rdsiter); @@ -6561,7 +6549,6 @@ query_respond_any(query_ctx_t *qctx) { result = dns_rdatasetiter_first(rdsiter); while (result == ISC_R_SUCCESS) { dns_rdatasetiter_current(rdsiter, qctx->rdataset); -#ifdef ALLOW_FILTER_AAAA /* * Notice the presence of A and AAAAs so * that AAAAs can be hidden from IPv4 clients. @@ -6572,7 +6559,7 @@ query_respond_any(query_ctx_t *qctx) { else if (qctx->rdataset->type == dns_rdatatype_a) have_a = ISC_TRUE; } -#endif + /* * We found an NS RRset; no need to add one later. */ @@ -6619,10 +6606,8 @@ query_respond_any(query_ctx_t *qctx) { qctx->rdataset->type == qctx->qtype) && qctx->rdataset->type != 0) { -#ifdef ALLOW_FILTER_AAAA if (dns_rdatatype_isdnssec(qctx->rdataset->type)) have_sig = ISC_TRUE; -#endif if (NOQNAME(qctx->rdataset) && WANTDNSSEC(qctx->client)) { @@ -6689,7 +6674,6 @@ query_respond_any(query_ctx_t *qctx) { result = dns_rdatasetiter_next(rdsiter); } -#ifdef ALLOW_FILTER_AAAA /* * Filter AAAAs if there is an A and there is no signature * or we are supposed to break DNSSEC. @@ -6700,7 +6684,7 @@ query_respond_any(query_ctx_t *qctx) { have_aaaa && have_a && (!have_sig || !WANTDNSSEC(qctx->client))) qctx->client->attributes |= NS_CLIENTATTR_FILTER_AAAA; -#endif + if (qctx->fname != NULL) dns_message_puttempname(qctx->client->message, &qctx->fname); @@ -6813,7 +6797,6 @@ query_getexpire(query_ctx_t *qctx) { } } -#ifdef ALLOW_FILTER_AAAA /* * Optionally hide AAAAs from IPv4 clients if there is an A. * @@ -6908,7 +6891,6 @@ query_filter_aaaa(query_ctx_t *qctx) { return (ISC_R_COMPLETE); } -#endif /*% * Build a repsonse for a "normal" query, for a type other than ANY, @@ -6947,11 +6929,9 @@ query_respond(query_ctx_t *qctx) { return (query_done(qctx)); } -#ifdef ALLOW_FILTER_AAAA result = query_filter_aaaa(qctx); if (result != ISC_R_COMPLETE) return (result); -#endif /* * Check to see if the AAAA RRset has non-excluded addresses * in it. If not look for a A RRset. @@ -8853,14 +8833,12 @@ query_coveringnsec(query_ctx_t *qctx) { if (qctx->type == dns_rdatatype_any) { /* XXX not yet */ goto cleanup; } -#ifdef ALLOW_FILTER_AAAA if (qctx->client->filter_aaaa != dns_aaaa_ok && (qctx->type == dns_rdatatype_a || qctx->type == dns_rdatatype_aaaa)) /* XXX not yet */ { goto cleanup; } -#endif if (!ISC_LIST_EMPTY(qctx->client->view->dns64) && (qctx->type == dns_rdatatype_a || qctx->type == dns_rdatatype_aaaa)) /* XXX not yet */ @@ -8925,14 +8903,12 @@ query_coveringnsec(query_ctx_t *qctx) { if (qctx->type == dns_rdatatype_any) { /* XXX not yet */ goto cleanup; } -#ifdef ALLOW_FILTER_AAAA if (qctx->client->filter_aaaa != dns_aaaa_ok && (qctx->type == dns_rdatatype_a || qctx->type == dns_rdatatype_aaaa)) /* XXX not yet */ { goto cleanup; } -#endif if (!ISC_LIST_EMPTY(qctx->client->view->dns64) && (qctx->type == dns_rdatatype_a || qctx->type == dns_rdatatype_aaaa)) /* XXX not yet */ @@ -9471,7 +9447,6 @@ query_prepresponse(query_ctx_t *qctx) { qctx->need_wildcardproof = ISC_TRUE; } -#ifdef ALLOW_FILTER_AAAA /* * The filter-aaaa-on-v4 option should suppress AAAAs for IPv4 * clients if there is an A; filter-aaaa-on-v6 option does the same @@ -9495,7 +9470,6 @@ query_prepresponse(query_ctx_t *qctx) { qctx->client->filter_aaaa = qctx->client->view->v6_aaaa; } -#endif if (qctx->type == dns_rdatatype_any) { return (query_respond_any(qctx)); diff --git a/win32utils/Configure b/win32utils/Configure index 5e52df2588..0f91fb3bf0 100644 --- a/win32utils/Configure +++ b/win32utils/Configure @@ -219,7 +219,6 @@ my @projectlist = ("..\\bin\\check\\win32\\checkconf.vcxproj", my %configdefh; my @substdefh = ("AES_CC", - "ALLOW_FILTER_AAAA", "CONFIGARGS", "DNS_RDATASET_FIXED", "ENABLE_RPZ_NSDNAME", @@ -451,7 +450,6 @@ my @help = ( " enable-crypto-rand use crypto provider for random [default=yes]\n", " enable-openssl-hash use OpenSSL for hash functions [default=yes]\n", " enable-isc-spnego use SPNEGO from lib/dns [default=yes]\n", -" enable-filter-aaaa enable filtering of AAAA records [default=yes]\n", " enable-fixed-rrset enable fixed rrset ordering [default=no]\n", " enable-developer enable developer build settings [default=no]\n", " enable-querytrace enable very verbose query trace [default=no]\n", @@ -496,7 +494,6 @@ my $cryptolib = ""; my $enable_native_pkcs11 = "no"; my $enable_crypto_rand = "yes"; my $enable_openssl_hash = "auto"; -my $enable_filter_aaaa = "yes"; my $enable_isc_spnego = "yes"; my $enable_fixed_rrset = "no"; my $enable_developer = "no"; @@ -717,10 +714,6 @@ sub myenable { if ($val =~ /^no$/i) { $enable_isc_spnego = "no"; } - } elsif ($key =~ /^filter-aaaa$/i) { - if ($val =~ /^no$/i) { - $enable_filter_aaaa = "no"; - } } elsif ($key =~ /^fixed-rrset$/i) { if ($val =~ /^yes$/i) { $enable_fixed_rrset = "yes"; @@ -755,7 +748,6 @@ sub myenable { if ($enable_developer eq "yes") { $configdefh{"ISC_LIST_CHECKINIT"} = 1; - $enable_filter_aaaa = "yes"; $enable_querytrace = "yes"; # no atf on WIN32 $enable_fixed_rrset = "yes"; @@ -1005,11 +997,6 @@ if ($verbose) { } else { print "isc-spnego: disabled\n"; } - if ($enable_filter_aaaa eq "yes") { - print "filter-aaaa: enabled\n"; - } else { - print "filter-aaaa: disabled\n"; - } if ($enable_fixed_rrset eq "yes") { print "fixed-rrset: enabled\n"; } else { @@ -1409,11 +1396,6 @@ if ($enable_native_pkcs11 eq "yes") { } } -# enable-filter-aaaa -if ($enable_filter_aaaa eq "yes") { - $configdefh{"ALLOW_FILTER_AAAA"} = 1; -} - # enable-fixed-rrset if ($enable_fixed_rrset eq "yes") { $configdefh{"DNS_RDATASET_FIXED"} = 1; @@ -3413,7 +3395,6 @@ exit 0; # --enable-querytrace supported # --disable-rpz-nsip supported # --disable-rpz-nsdname supported -# --enable-filter-aaaa supported # --enable-full-report supported by verbose # --enable-dnstap not supported (requires libfstrm support on WIN32) # --enable-seccomp not supported (Linux specific)