From 6d3496c045bbf35514b4697ff20741975083e125 Mon Sep 17 00:00:00 2001 From: Michael Graff Date: Mon, 31 Jul 2000 21:07:07 +0000 Subject: [PATCH] Implement additional-from-{glue,auth} [ yes | no ] ; with yes being the default. These control searching in the cache and other zones we are authorative for. This is mostly for gdib, but may be useful elsewhere. The config changes are renaming from glue-from-* to additional-from-*, since this also prevents DNAME, CNAME, NS, MX, etc. additional data from being followed. --- bin/named/include/named/query.h | 3 ++- bin/named/query.c | 44 ++++++++++++++++++++++++++----- bin/named/server.c | 25 +++++++++++++++++- lib/dns/config/confctx.c | 26 +++++++++--------- lib/dns/config/confparser.y.dirty | 38 +++++++++++++------------- lib/dns/config/confview.c | 26 +++++++++--------- lib/dns/include/dns/confctx.h | 26 +++++++++--------- lib/dns/include/dns/confview.h | 26 +++++++++--------- lib/dns/include/dns/view.h | 4 ++- lib/dns/view.c | 4 ++- 10 files changed, 140 insertions(+), 82 deletions(-) diff --git a/bin/named/include/named/query.h b/bin/named/include/named/query.h index fea88a889f..467436c4af 100644 --- a/bin/named/include/named/query.h +++ b/bin/named/include/named/query.h @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: query.h,v 1.19 2000/07/27 09:37:23 tale Exp $ */ +/* $Id: query.h,v 1.20 2000/07/31 21:06:58 explorer Exp $ */ #ifndef NAMED_QUERY_H #define NAMED_QUERY_H 1 @@ -44,6 +44,7 @@ struct ns_query { unsigned int dboptions; unsigned int fetchoptions; dns_db_t * gluedb; + dns_db_t * authdb; dns_fetch_t * fetch; dns_a6context_t a6ctx; isc_bufferlist_t namebufs; diff --git a/bin/named/query.c b/bin/named/query.c index 4b4c49bb97..80f53e7ba1 100644 --- a/bin/named/query.c +++ b/bin/named/query.c @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: query.c,v 1.118 2000/07/27 09:37:06 tale Exp $ */ +/* $Id: query.c,v 1.119 2000/07/31 21:06:55 explorer Exp $ */ #include @@ -131,6 +131,9 @@ query_reset(ns_client_t *client, isc_boolean_t everything) { } ISC_LIST_INIT(client->query.activeversions); + if (client->query.authdb != NULL) + dns_db_detach(&client->query.authdb); + /* * Clean up free versions. */ @@ -171,6 +174,7 @@ query_reset(ns_client_t *client, isc_boolean_t everything) { client->query.dboptions = 0; client->query.fetchoptions = 0; client->query.gluedb = NULL; + client->query.authdb = NULL; } static void @@ -395,6 +399,7 @@ ns_query_init(ns_client_t *client) { client->query.restarts = 0; client->query.qname = NULL; client->query.fetch = NULL; + client->query.authdb = NULL; query_reset(client, ISC_FALSE); result = query_newdbversion(client, 3); if (result != ISC_R_SUCCESS) @@ -420,7 +425,8 @@ query_findversion(ns_client_t *client, dns_db_t *db, dbversion = ISC_LIST_NEXT(dbversion, link)) { if (dbversion->db == db) break; - } + } + if (dbversion == NULL) { /* * This is a new zone for this query. Add it to @@ -465,6 +471,31 @@ query_getzonedb(ns_client_t *client, dns_name_t *name, unsigned int options, if (result != ISC_R_SUCCESS) return (result); + /* + * If this is the first time we are called (that is, looking up + * the actual name in the query section) remember this database. + * + * If authdb is non-NULL, we have been here before, and the + * found database is always returned. + * + * This limits our searching to the zone where the first name + * (the query target) is found. This prevents following CNAMES + * or DNAMES into other zones and prevents returning additional + * data from other zones. + */ + if (!client->view->additionalfromauth) { + if (client->query.authdb != NULL) { + if (*dbp != client->query.authdb) { + dns_zone_detach(zonep); + dns_db_detach(dbp); + return (DNS_R_REFUSED); + } + dns_db_attach(client->query.authdb, dbp); + } else { + dns_db_attach(*dbp, &client->query.authdb); + } + } + /* * If the zone has an ACL, we'll check it, otherwise * we use the view's "allow-query" ACL. Each ACL is only checked @@ -533,7 +564,7 @@ query_getzonedb(ns_client_t *client, dns_name_t *name, unsigned int options, * the NS_QUERYATTR_QUERYOK attribute is now valid. */ client->query.attributes |= NS_QUERYATTR_QUERYOKVALID; - } + } } else result = ISC_R_SUCCESS; @@ -543,12 +574,10 @@ query_getzonedb(ns_client_t *client, dns_name_t *name, unsigned int options, */ if (result == ISC_R_SUCCESS) dbversion->queryok = ISC_TRUE; - + return (result); } - - static inline isc_result_t query_getcachedb(ns_client_t *client, dns_db_t **dbp, unsigned int options) { @@ -2859,7 +2888,8 @@ ns_query_start(ns_client_t *client) { */ client->next = query_next; - if (client->view->cachedb == NULL) { + if ((client->view->cachedb == NULL) + || (!client->view->additionalfromcache)) { /* * We don't have a cache. Turn off cache support and * recursion. diff --git a/bin/named/server.c b/bin/named/server.c index 7de164bbab..a444070412 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: server.c,v 1.205 2000/07/27 09:37:07 tale Exp $ */ +/* $Id: server.c,v 1.206 2000/07/31 21:06:56 explorer Exp $ */ #include @@ -616,6 +616,29 @@ configure_view(dns_view_t *view, dns_c_ctx_t *cctx, dns_c_view_t *cview, if (result != ISC_R_SUCCESS) view->transfer_format = dns_many_answers; + /* + * Set sources where additional data, CNAMEs, and DNAMEs may be found. + */ + result = ISC_R_NOTFOUND; + if (cview != NULL) + result = dns_c_view_getadditionalfromauth(cview, + &view->additionalfromauth); + if (result != ISC_R_SUCCESS) + result = dns_c_ctx_getadditionalfromauth(cctx, + &view->additionalfromauth); + if (result != ISC_R_SUCCESS) + view->additionalfromauth = ISC_TRUE; + + result = ISC_R_NOTFOUND; + if (cview != NULL) + result = dns_c_view_getadditionalfromcache(cview, + &view->additionalfromcache); + if (result != ISC_R_SUCCESS) + result = dns_c_ctx_getadditionalfromcache(cctx, + &view->additionalfromcache); + if (result != ISC_R_SUCCESS) + view->additionalfromcache = ISC_TRUE; + CHECK(configure_view_acl(cview, cctx, actx, ns_g_mctx, dns_c_view_getallowquery, dns_c_ctx_getallowquery, diff --git a/lib/dns/config/confctx.c b/lib/dns/config/confctx.c index a628c23aed..694f72a1b9 100644 --- a/lib/dns/config/confctx.c +++ b/lib/dns/config/confctx.c @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: confctx.c,v 1.77 2000/07/27 09:47:01 tale Exp $ */ +/* $Id: confctx.c,v 1.78 2000/07/31 21:07:00 explorer Exp $ */ #include @@ -982,8 +982,8 @@ dns_c_ctx_optionsprint(FILE *fp, int indent, dns_c_options_t *options) PRINT_AS_BOOLEAN(request_ixfr, "request-ixfr"); PRINT_AS_BOOLEAN(provide_ixfr, "provide-ixfr"); PRINT_AS_BOOLEAN(treat_cr_as_space, "treat-cr-as-space"); - PRINT_AS_BOOLEAN(glue_from_auth, "glue-from-auth"); - PRINT_AS_BOOLEAN(glue_from_cache, "glue-from-cache"); + PRINT_AS_BOOLEAN(additional_from_auth, "additional-from-auth"); + PRINT_AS_BOOLEAN(additional_from_cache, "additional-from-cache"); if (options->transfer_format != NULL) { dns_c_printtabs(fp, indent + 1); @@ -1499,8 +1499,8 @@ dns_c_ctx_optionsnew(isc_mem_t *mem, dns_c_options_t **options) opts->request_ixfr = NULL; opts->provide_ixfr = NULL; opts->treat_cr_as_space = NULL; - opts->glue_from_auth = NULL; - opts->glue_from_cache = NULL; + opts->additional_from_auth = NULL; + opts->additional_from_cache = NULL; opts->transfer_source = NULL; opts->transfer_source_v6 = NULL; @@ -1607,8 +1607,8 @@ dns_c_ctx_optionsdelete(dns_c_options_t **opts) FREEFIELD(request_ixfr); FREEFIELD(provide_ixfr); FREEFIELD(treat_cr_as_space); - FREEFIELD(glue_from_cache); - FREEFIELD(glue_from_auth); + FREEFIELD(additional_from_cache); + FREEFIELD(additional_from_auth); FREEFIELD(port); @@ -1975,14 +1975,14 @@ SETBOOL(treatcrasspace, treat_cr_as_space) UNSETBOOL(treatcrasspace, treat_cr_as_space) -GETBOOL(gluefromauth, glue_from_auth) -SETBOOL(gluefromauth, glue_from_auth) -UNSETBOOL(gluefromauth, glue_from_auth) +GETBOOL(additionalfromauth, additional_from_auth) +SETBOOL(additionalfromauth, additional_from_auth) +UNSETBOOL(additionalfromauth, additional_from_auth) -GETBOOL(gluefromcache, glue_from_cache) -SETBOOL(gluefromcache, glue_from_cache) -UNSETBOOL(gluefromcache, glue_from_cache) +GETBOOL(additionalfromcache, additional_from_cache) +SETBOOL(additionalfromcache, additional_from_cache) +UNSETBOOL(additionalfromcache, additional_from_cache) GETSOCKADDR(transfersource, transfer_source) diff --git a/lib/dns/config/confparser.y.dirty b/lib/dns/config/confparser.y.dirty index a5265a8568..8048b4e304 100644 --- a/lib/dns/config/confparser.y.dirty +++ b/lib/dns/config/confparser.y.dirty @@ -16,7 +16,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: confparser.y.dirty,v 1.4 2000/07/31 19:35:31 explorer Exp $ */ +/* $Id: confparser.y.dirty,v 1.5 2000/07/31 21:07:02 explorer Exp $ */ #include @@ -283,8 +283,8 @@ static isc_boolean_t int_too_big(isc_uint32_t base, isc_uint32_t mult); %token L_FIRST %token L_FORWARD %token L_FORWARDERS -%token L_GLUE_FROM_AUTH -%token L_GLUE_FROM_CACHE +%token L_ADDITIONAL_FROM_AUTH +%token L_ADDITIONAL_FROM_CACHE %token L_GRANT %token L_GROUP %token L_HAS_OLD_CLIENTS @@ -890,21 +890,21 @@ option: /* Empty */ YYABORT; } } - | L_GLUE_FROM_CACHE yea_or_nay + | L_ADDITIONAL_FROM_CACHE yea_or_nay { - tmpres = dns_c_ctx_setgluefromcache(currcfg, $2); + tmpres = dns_c_ctx_setadditionalfromcache(currcfg, $2); if (tmpres == ISC_R_EXISTS) { parser_error(ISC_FALSE, - "cannot redefine glue-from-cache"); + "cannot redefine additional-from-cache"); YYABORT; } } - | L_GLUE_FROM_AUTH yea_or_nay + | L_ADDITIONAL_FROM_AUTH yea_or_nay { - tmpres = dns_c_ctx_setgluefromauth(currcfg, $2); + tmpres = dns_c_ctx_setadditionalfromauth(currcfg, $2); if (tmpres == ISC_R_EXISTS) { parser_error(ISC_FALSE, - "cannot redefine glue-from-auth"); + "cannot redefine additional-from-auth"); YYABORT; } } @@ -3712,37 +3712,37 @@ view_option: L_FORWARD zone_forward_opt YYABORT; } } - | L_GLUE_FROM_CACHE yea_or_nay + | L_ADDITIONAL_FROM_CACHE yea_or_nay { dns_c_view_t *view = dns_c_ctx_getcurrview(currcfg); INSIST(view != NULL); - tmpres = dns_c_view_setgluefromcache(view, $2); + tmpres = dns_c_view_setadditionalfromcache(view, $2); if (tmpres == ISC_R_EXISTS) { parser_error(ISC_FALSE, - "cannot redefine view glue-from-cache"); + "cannot redefine view additional-from-cache"); YYABORT; } else if (tmpres != ISC_R_SUCCESS) { parser_error(ISC_FALSE, - "failed to set view glue-from-cache"); + "failed to set view additional-from-cache"); YYABORT; } } - | L_GLUE_FROM_AUTH yea_or_nay + | L_ADDITIONAL_FROM_AUTH yea_or_nay { dns_c_view_t *view = dns_c_ctx_getcurrview(currcfg); INSIST(view != NULL); - tmpres = dns_c_view_setgluefromauth(view, $2); + tmpres = dns_c_view_setadditionalfromauth(view, $2); if (tmpres == ISC_R_EXISTS) { parser_error(ISC_FALSE, - "cannot redefine view glue-from-auth"); + "cannot redefine view additional-from-auth"); YYABORT; } else if (tmpres != ISC_R_SUCCESS) { parser_error(ISC_FALSE, - "failed to set view glue-from-auth"); + "failed to set view additional-from-auth"); YYABORT; } } @@ -5309,8 +5309,8 @@ static struct token keyword_tokens [] = { { "first", L_FIRST }, { "forward", L_FORWARD }, { "forwarders", L_FORWARDERS }, - { "glue-from-auth", L_GLUE_FROM_AUTH }, - { "glue-from-cache", L_GLUE_FROM_CACHE }, + { "additional-from-auth", L_ADDITIONAL_FROM_AUTH }, + { "additional-from-cache", L_ADDITIONAL_FROM_CACHE }, { "grant", L_GRANT }, { "group", L_GROUP }, { "has-old-clients", L_HAS_OLD_CLIENTS }, diff --git a/lib/dns/config/confview.c b/lib/dns/config/confview.c index 70dfa40759..a551b5b540 100644 --- a/lib/dns/config/confview.c +++ b/lib/dns/config/confview.c @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: confview.c,v 1.40 2000/07/27 09:47:13 tale Exp $ */ +/* $Id: confview.c,v 1.41 2000/07/31 21:07:03 explorer Exp $ */ #include @@ -474,8 +474,8 @@ dns_c_view_new(isc_mem_t *mem, const char *name, dns_rdataclass_t viewclass, view->fetch_glue = NULL; view->notify = NULL; view->rfc2308_type1 = NULL; - view->glue_from_cache = NULL; - view->glue_from_auth = NULL; + view->additional_from_cache = NULL; + view->additional_from_auth = NULL; view->transfer_source = NULL; view->transfer_source_v6 = NULL; @@ -667,8 +667,8 @@ dns_c_view_print(FILE *fp, int indent, dns_c_view_t *view) { PRINT_AS_BOOLEAN(fetch_glue, "fetch-glue"); PRINT_AS_BOOLEAN(notify, "notify"); PRINT_AS_BOOLEAN(rfc2308_type1, "rfc2308-type1"); - PRINT_AS_BOOLEAN(glue_from_auth, "glue-from-auth"); - PRINT_AS_BOOLEAN(glue_from_cache, "glue-from-cache"); + PRINT_AS_BOOLEAN(additional_from_auth, "additional-from-auth"); + PRINT_AS_BOOLEAN(additional_from_cache, "additional-from-cache"); PRINT_IP(transfer_source, "transfer-source"); @@ -806,8 +806,8 @@ dns_c_view_delete(dns_c_view_t **viewptr) { FREEFIELD(fetch_glue); FREEFIELD(notify); FREEFIELD(rfc2308_type1); - FREEFIELD(glue_from_auth); - FREEFIELD(glue_from_cache); + FREEFIELD(additional_from_auth); + FREEFIELD(additional_from_cache); FREEFIELD(transfer_source); FREEFIELD(transfer_source_v6); @@ -1477,13 +1477,13 @@ SETBOOL(rfc2308type1, rfc2308_type1) GETBOOL(rfc2308type1, rfc2308_type1) UNSETBOOL(rfc2308type1, rfc2308_type1) -SETBOOL(gluefromcache, glue_from_cache) -GETBOOL(gluefromcache, glue_from_cache) -UNSETBOOL(gluefromcache, glue_from_cache) +SETBOOL(additionalfromcache, additional_from_cache) +GETBOOL(additionalfromcache, additional_from_cache) +UNSETBOOL(additionalfromcache, additional_from_cache) -SETBOOL(gluefromauth, glue_from_auth) -GETBOOL(gluefromauth, glue_from_auth) -UNSETBOOL(gluefromauth, glue_from_auth) +SETBOOL(additionalfromauth, additional_from_auth) +GETBOOL(additionalfromauth, additional_from_auth) +UNSETBOOL(additionalfromauth, additional_from_auth) GETSOCKADDR(transfersource, transfer_source) SETSOCKADDR(transfersource, transfer_source) diff --git a/lib/dns/include/dns/confctx.h b/lib/dns/include/dns/confctx.h index 88fbe2ac47..6253af01cf 100644 --- a/lib/dns/include/dns/confctx.h +++ b/lib/dns/include/dns/confctx.h @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: confctx.h,v 1.46 2000/07/27 09:47:34 tale Exp $ */ +/* $Id: confctx.h,v 1.47 2000/07/31 21:07:04 explorer Exp $ */ #ifndef DNS_CONFCTX_H #define DNS_CONFCTX_H 1 @@ -167,8 +167,8 @@ struct dns_c_options { isc_boolean_t *request_ixfr; isc_boolean_t *provide_ixfr; isc_boolean_t *treat_cr_as_space; - isc_boolean_t *glue_from_cache; - isc_boolean_t *glue_from_auth; + isc_boolean_t *additional_from_cache; + isc_boolean_t *additional_from_auth; isc_sockaddr_t *transfer_source; isc_sockaddr_t *transfer_source_v6; @@ -587,18 +587,18 @@ isc_result_t dns_c_ctx_gettreatcrasspace(dns_c_ctx_t *cfg, isc_boolean_t *retval); -isc_result_t dns_c_ctx_getgluefromcache(dns_c_ctx_t *cfg, - isc_boolean_t *retval); -isc_result_t dns_c_ctx_setgluefromcache(dns_c_ctx_t *cfg, - isc_boolean_t newval); -isc_result_t dns_c_ctx_unsetgluefromcache(dns_c_ctx_t *ctx); +isc_result_t dns_c_ctx_getadditionalfromcache(dns_c_ctx_t *cfg, + isc_boolean_t *retval); +isc_result_t dns_c_ctx_setadditionalfromcache(dns_c_ctx_t *cfg, + isc_boolean_t newval); +isc_result_t dns_c_ctx_unsetadditionalfromcache(dns_c_ctx_t *ctx); -isc_result_t dns_c_ctx_getgluefromauth(dns_c_ctx_t *cfg, - isc_boolean_t *retval); -isc_result_t dns_c_ctx_setgluefromauth(dns_c_ctx_t *cfg, - isc_boolean_t newval); -isc_result_t dns_c_ctx_unsetgluefromauth(dns_c_ctx_t *ctx); +isc_result_t dns_c_ctx_getadditionalfromauth(dns_c_ctx_t *cfg, + isc_boolean_t *retval); +isc_result_t dns_c_ctx_setadditionalfromauth(dns_c_ctx_t *cfg, + isc_boolean_t newval); +isc_result_t dns_c_ctx_unsetadditionalfromauth(dns_c_ctx_t *ctx); isc_result_t dns_c_ctx_unsettreatcrasspace(dns_c_ctx_t *cfg); diff --git a/lib/dns/include/dns/confview.h b/lib/dns/include/dns/confview.h index 306e66c591..8ee6010755 100644 --- a/lib/dns/include/dns/confview.h +++ b/lib/dns/include/dns/confview.h @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: confview.h,v 1.34 2000/07/27 09:47:44 tale Exp $ */ +/* $Id: confview.h,v 1.35 2000/07/31 21:07:06 explorer Exp $ */ #ifndef DNS_CONFVIEW_H #define DNS_CONFVIEW_H 1 @@ -124,8 +124,8 @@ struct dns_c_view { isc_boolean_t *fetch_glue; isc_boolean_t *notify; isc_boolean_t *rfc2308_type1; - isc_boolean_t *glue_from_auth; - isc_boolean_t *glue_from_cache; + isc_boolean_t *additional_from_auth; + isc_boolean_t *additional_from_cache; isc_sockaddr_t *query_source; isc_sockaddr_t *query_source_v6; @@ -351,18 +351,18 @@ isc_result_t dns_c_view_setrfc2308type1(dns_c_view_t *view, isc_result_t dns_c_view_unsetrfc2308type1(dns_c_view_t *view); -isc_result_t dns_c_view_getgluefromauth(dns_c_view_t *view, - isc_boolean_t *retval); -isc_result_t dns_c_view_setgluefromauth(dns_c_view_t *view, - isc_boolean_t newval); -isc_result_t dns_c_view_unsetgluefromauth(dns_c_view_t *view); +isc_result_t dns_c_view_getadditionalfromauth(dns_c_view_t *view, + isc_boolean_t *retval); +isc_result_t dns_c_view_setadditionalfromauth(dns_c_view_t *view, + isc_boolean_t newval); +isc_result_t dns_c_view_unsetadditionalfromauth(dns_c_view_t *view); -isc_result_t dns_c_view_getgluefromcache(dns_c_view_t *view, - isc_boolean_t *retval); -isc_result_t dns_c_view_setgluefromcache(dns_c_view_t *view, - isc_boolean_t newval); -isc_result_t dns_c_view_unsetgluefromcache(dns_c_view_t *view); +isc_result_t dns_c_view_getadditionalfromcache(dns_c_view_t *view, + isc_boolean_t *retval); +isc_result_t dns_c_view_setadditionalfromcache(dns_c_view_t *view, + isc_boolean_t newval); +isc_result_t dns_c_view_unsetadditionalfromcache(dns_c_view_t *view); diff --git a/lib/dns/include/dns/view.h b/lib/dns/include/dns/view.h index 05daeeaecb..01bfd76cb6 100644 --- a/lib/dns/include/dns/view.h +++ b/lib/dns/include/dns/view.h @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: view.h,v 1.45 2000/07/27 09:48:38 tale Exp $ */ +/* $Id: view.h,v 1.46 2000/07/31 21:07:07 explorer Exp $ */ #ifndef DNS_VIEW_H #define DNS_VIEW_H 1 @@ -100,6 +100,8 @@ struct dns_view { dns_peerlist_t * peers; isc_boolean_t recursion; isc_boolean_t auth_nxdomain; + isc_boolean_t additionalfromcache; + isc_boolean_t additionalfromauth; dns_transfer_format_t transfer_format; dns_acl_t * queryacl; dns_acl_t * recursionacl; diff --git a/lib/dns/view.c b/lib/dns/view.c index ec4f041552..7658208e53 100644 --- a/lib/dns/view.c +++ b/lib/dns/view.c @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: view.c,v 1.72 2000/07/27 09:46:49 tale Exp $ */ +/* $Id: view.c,v 1.73 2000/07/31 21:06:59 explorer Exp $ */ #include @@ -139,6 +139,8 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass, */ view->recursion = ISC_TRUE; view->auth_nxdomain = ISC_FALSE; /* Was true in BIND 8 */ + view->additionalfromcache = ISC_TRUE; + view->additionalfromauth = ISC_TRUE; view->transfer_format = dns_one_answer; view->queryacl = NULL; view->recursionacl = NULL;