1959. [func] Control the zeroing of the negative response TTL to

a soa query. Defaults "zero-no-soa-ttl yes;" and "zero-no-soa-ttl-cache no;". [RT #15460]
2026-05-28 04:34:54 -04:00 · 2006-01-05 02:19:02 +00:00 · 2006-01-05 02:19:02 +00:00 · a1bc941093
commit a1bc941093
parent 1bc63715b7
13 changed files with 133 additions and 13 deletions
--- a/4
+++ b/4
@ -1,3 +1,7 @@
+1959.	[func]		Control the zeroing of the negative response TTL to
+			a soa query.  Defaults "zero-no-soa-ttl yes;" and
+			"zero-no-soa-ttl-cache no;". [RT #15460]
+
 1958.	[bug]		Named failed to update the zone's secure state
 			until the zone was reloaded. [RT #15412]

--- a/bin/named/config.c
+++ b/bin/named/config.c
@ -15,7 +15,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: config.c,v 1.65 2006/01/05 00:01:46 marka Exp $ */
+/* $Id: config.c,v 1.66 2006/01/05 02:19:01 marka Exp $ */

 /*! \file */

@ -137,6 +137,7 @@ options {\n\
 	dnssec-accept-expired no;\n\
 	clients-per-query 10;\n\
 	max-clients-per-query 100;\n\
+	zero-no-soa-ttl-cache no;\n\
 "

 "	/* zone */\n\
@ -170,6 +171,7 @@ options {\n\
 	check-wildcard yes;\n\
 	check-sibling yes;\n\
 	check-integrity yes;\n\
+	zero-no-soa-ttl yes;\n\
 };\n\
 "

--- a/bin/named/named.conf.docbook
+++ b/bin/named/named.conf.docbook
@ -17,7 +17,7 @@
 - PERFORMANCE OF THIS SOFTWARE.
 -->

-<!-- $Id: named.conf.docbook,v 1.17 2006/01/05 00:01:46 marka Exp $ -->
+<!-- $Id: named.conf.docbook,v 1.18 2006/01/05 02:19:01 marka Exp $ -->
 <refentry>
  <refentryinfo>
    <date>Aug 13, 2004</date>
@ -317,6 +317,8 @@ options {

 	zone-statistics <replaceable>boolean</replaceable>;
 	key-directory <replaceable>quoted_string</replaceable>;
+	zero-no-soa-ttl <replaceable>boolean</replaceable>;
+	zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;

 	allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete
 	deallocate-on-exit <replaceable>boolean</replaceable>; // obsolete
@ -459,6 +461,8 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>

 	zone-statistics <replaceable>boolean</replaceable>;
 	key-directory <replaceable>quoted_string</replaceable>;
+	zero-no-soa-ttl <replaceable>boolean</replaceable>;
+	zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;

 	allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete
 	fetch-glue <replaceable>boolean</replaceable>; // obsolete
@ -490,6 +494,7 @@ zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
 	dialup <replaceable>dialuptype</replaceable>;
 	ixfr-from-differences <replaceable>boolean</replaceable>;
 	journal <replaceable>quoted_string</replaceable>;
+	zero-no-soa-ttl <replaceable>boolean</replaceable>;

 	allow-query { <replaceable>address_match_element</replaceable>; ... };
 	allow-transfer { <replaceable>address_match_element</replaceable>; ... };
--- a/bin/named/query.c
+++ b/bin/named/query.c
@ -15,7 +15,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: query.c,v 1.278 2006/01/04 23:50:24 marka Exp $ */
+/* $Id: query.c,v 1.279 2006/01/05 02:19:01 marka Exp $ */

 /*! \file */

@ -3874,7 +3874,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
 		 * the containing zone of an arbitrary name with a stub
 		 * resolver and not have it cached.
 		 */
-		if (qtype == dns_rdatatype_soa)
+		if (qtype == dns_rdatatype_soa &&
+		    dns_zone_getzeronosoattl(zone))
 			result = query_addsoa(client, db, version, ISC_TRUE);
 		else
 			result = query_addsoa(client, db, version, ISC_FALSE);
--- a/bin/named/server.c
+++ b/bin/named/server.c
@ -15,7 +15,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: server.c,v 1.454 2006/01/05 00:01:46 marka Exp $ */
+/* $Id: server.c,v 1.455 2006/01/05 02:19:02 marka Exp $ */

 /*! \file */

@ -1146,6 +1146,11 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
 	if (lame_ttl > 1800)
 		lame_ttl = 1800;
 	dns_resolver_setlamettl(view->resolver, lame_ttl);
+
+	obj = NULL;
+	result = ns_config_get(maps, "zero-no-soa-ttl-cache", &obj);
+	INSIST(result == ISC_R_SUCCESS);
+	dns_resolver_setzeronosoattl(view->resolver, cfg_obj_asboolean(obj));
 	
 	/*
 	 * Set the resolver's EDNS UDP size.
--- a/bin/named/zoneconf.c
+++ b/bin/named/zoneconf.c
@ -15,7 +15,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: zoneconf.c,v 1.125 2005/11/30 03:33:48 marka Exp $ */
+/* $Id: zoneconf.c,v 1.126 2006/01/05 02:19:02 marka Exp $ */

 /*% */

@ -605,6 +605,11 @@ ns_zone_configure(cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_t *zconfig,
 		INSIST(result == ISC_R_SUCCESS);
 		dns_zone_setoption(zone, DNS_ZONEOPT_CHECKSIBLING, 
 				   cfg_obj_asboolean(obj));
+
+		obj = NULL;
+		result = ns_config_get(maps, "zero-no-soa-ttl", &obj);
+		INSIST(result == ISC_R_SUCCESS);
+		dns_zone_setzeronosoattl(zone, cfg_obj_asboolean(obj));
 	}

 	/*
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@ -18,7 +18,7 @@
 - PERFORMANCE OF THIS SOFTWARE.
 -->

-<!-- File: $Id: Bv9ARM-book.xml,v 1.287 2006/01/05 00:01:46 marka Exp $ -->
+<!-- File: $Id: Bv9ARM-book.xml,v 1.288 2006/01/05 02:19:02 marka Exp $ -->
 <book xmlns:xi="http://www.w3.org/2001/XInclude">
  <title>BIND 9 Administrator Reference Manual</title>

@ -4493,6 +4493,8 @@ category notify { null; };
    <optional> empty-contact <replaceable>name</replaceable> ; </optional>
    <optional> empty-zones-enable <replaceable>yes_or_no</replaceable> ; </optional>
    <optional> disable-empty-zone <replaceable>zone_name</replaceable> ; </optional>
+    <optional> zero-no-soa-ttl <replaceable>yes_or_no</replaceable> ; </optional>
+    <optional> zero-no-soa-ttl-cache <replaceable>yes_or_no</replaceable> ; </optional>
 };
 </programlisting>

@ -5587,6 +5589,27 @@ options {
 		</para>
 	      </listitem>
 	    </varlistentry>
+
+	    <varlistentry>
+	      <term><command>zero-no-soa-ttl</command><term>
+	      <listitem>
+	        <para>
+		  When returning authoritative negative responses to
+		  SOA queries set the TTL of the SOA recored returned in
+		  the authority section to zero.  Default yes.
+	        </para>
+	      </listitem>
+	    </varlistentry>
+
+	    <varlistentry>
+	      <term><command>zero-no-soa-ttl-cache</command><term>
+	      <listitem>
+	        <para>
+		  When caching a negative response to a SOA query
+		  set the TTL to zero.  Default no.
+	        </para>
+	      </listitem>
+	    </varlistentry>
          </variablelist>

        </sect3>
@ -7932,6 +7955,7 @@ view "external" {
    <optional> max-retry-time <replaceable>number</replaceable> ; </optional>
    <optional> multi-master <replaceable>yes_or_no</replaceable> ; </optional>
    <optional> key-directory <replaceable>path_name</replaceable>; </optional>
+    <optional> zero-no-soa-ttl <replaceable>yes_or_no</replaceable> ; </optional>

 }</optional>;
 </programlisting>
@ -8327,6 +8351,16 @@ view "external" {
                </listitem>
              </varlistentry>

+              <varlistentry>
+                <term><command>zero-no-soa-ttl</command></term>
+                <listitem>
+                  <para>
+                    See the description of
+                    <command>zero-no-soa-ttl</command> in <xref linkend="boolean_options"/>.
+                  </para>
+                </listitem>
+              </varlistentry>
+
              <varlistentry>
                <term><command>database</command></term>
                <listitem>
--- a/lib/dns/include/dns/resolver.h
+++ b/lib/dns/include/dns/resolver.h
@ -15,7 +15,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: resolver.h,v 1.49 2006/01/05 00:01:46 marka Exp $ */
+/* $Id: resolver.h,v 1.50 2006/01/05 02:19:02 marka Exp $ */

 #ifndef DNS_RESOLVER_H
 #define DNS_RESOLVER_H 1
@ -467,6 +467,13 @@ dns_resolver_setclientsperquery(dns_resolver_t *resolver,
 void
 dns_resolver_getclientsperquery(dns_resolver_t *resolver, isc_uint32_t *cur,
 				isc_uint32_t *min, isc_uint32_t *max);
+
+isc_boolean_t
+dns_resolver_getzeronosoattl(dns_resolver_t *resolver);
+ 
+void
+dns_resolver_setzeronosoattl(dns_resolver_t *resolver, isc_boolean_t state);
+
 ISC_LANG_ENDDECLS

 #endif /* DNS_RESOLVER_H */
--- a/lib/dns/include/dns/zone.h
+++ b/lib/dns/include/dns/zone.h
@ -15,7 +15,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: zone.h,v 1.138 2005/10/26 04:35:54 marka Exp $ */
+/* $Id: zone.h,v 1.139 2006/01/05 02:19:02 marka Exp $ */

 #ifndef DNS_ZONE_H
 #define DNS_ZONE_H 1
@ -817,9 +817,27 @@ dns_zone_clearxfracl(dns_zone_t *zone);

 isc_boolean_t
 dns_zone_getupdatedisabled(dns_zone_t *zone);
+/*%<
+ * Return update disabled.
+ */

 void
 dns_zone_setupdatedisabled(dns_zone_t *zone, isc_boolean_t state);
+/*%<
+ * Set update disabled.
+ */
+
+isc_boolean_t
+dns_zone_getzeronosoattl(dns_zone_t *zone);
+/*%<
+ * Return zero-no-soa-ttl status.
+ */
+
+void
+dns_zone_setzeronosoattl(dns_zone_t *zone, isc_boolean_t state);
+/*%<
+ * Set zero-no-soa-ttl status.
+ */

 void
 dns_zone_setchecknames(dns_zone_t *zone, dns_severity_t severity);
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@ -15,7 +15,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: resolver.c,v 1.325 2006/01/05 00:01:46 marka Exp $ */
+/* $Id: resolver.c,v 1.326 2006/01/05 02:19:02 marka Exp $ */

 /*! \file */

@ -316,6 +316,7 @@ struct dns_resolver {
 	unsigned int			spillatmax;
 	unsigned int			spillatmin;
 	isc_timer_t *			spillattimer;
+	isc_boolean_t			zero_no_soa_ttl;
 	/* Locked by lock. */
 	unsigned int			references;
 	isc_boolean_t			exiting;
@ -3300,7 +3301,8 @@ validated(isc_task_t *task, isc_event_t *event) {
 		 */
 		ttl = fctx->res->view->maxncachettl;
 		if (fctx->type == dns_rdatatype_soa &&
-		    covers == dns_rdatatype_any)
+		    covers == dns_rdatatype_any &&
+		    fctx->res->zero_no_soa_ttl)
 			ttl = 0;

 		result = ncache_adderesult(fctx->rmessage, fctx->cache, node,
@ -5901,6 +5903,7 @@ dns_resolver_create(dns_view_t *view,
 	res->spillatmin = res->spillat = 10;
 	res->spillatmax = 100;
 	res->spillattimer = NULL;
+	res->zero_no_soa_ttl = ISC_FALSE;

 	res->nbuckets = ntasks;
 	res->activebuckets = ntasks;
@ -6886,3 +6889,17 @@ dns_resolver_setclientsperquery(dns_resolver_t *resolver, isc_uint32_t min,
 	resolver->spillatmax = max;
 	UNLOCK(&resolver->lock);
 }
+
+isc_boolean_t
+dns_resolver_getzeronosoattl(dns_resolver_t *resolver) {
+	REQUIRE(VALID_RESOLVER(resolver));
+
+	return (resolver->zero_no_soa_ttl);
+}
+
+void
+dns_resolver_setzeronosoattl(dns_resolver_t *resolver, isc_boolean_t state) {
+	REQUIRE(VALID_RESOLVER(resolver));
+
+	resolver->zero_no_soa_ttl = state;
+}
--- a/lib/dns/win32/libdns.def
+++ b/lib/dns/win32/libdns.def
@ -492,6 +492,7 @@ dns_resolver_dispatchv6
 dns_resolver_freeze
 dns_resolver_getlamettl
 dns_resolver_getudpsize
+dns_resolver_getzeronosoattl
 dns_resolver_nrunning
 dns_resolver_prime
 dns_resolver_reset_algorithms
@ -500,6 +501,7 @@ dns_resolver_setclientsperquery
 dns_resolver_setlamettl
 dns_resolver_setmustbesecure
 dns_resolver_setudpsize
+dns_resolver_setzeronosoattl
 dns_resolver_shutdown
 dns_resolver_socketmgr
 dns_resolver_taskmgr
@ -655,6 +657,7 @@ dns_zone_getview
 dns_zone_getxfracl
 dns_zone_getxfrsource4
 dns_zone_getxfrsource6
+dns_zone_getzeronosoattl
 dns_zone_iattach
 dns_zone_idetach
 dns_zone_isforced
@ -716,6 +719,7 @@ dns_zone_setview
 dns_zone_setxfracl
 dns_zone_setxfrsource4
 dns_zone_setxfrsource6
+dns_zone_setzeronosoattl
 dns_zone_unload
 dns_zonekey_iszonekey
 dns_zonemgr_attach
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@ -15,7 +15,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: zone.c,v 1.448 2006/01/04 00:37:24 marka Exp $ */
+/* $Id: zone.c,v 1.449 2006/01/05 02:19:02 marka Exp $ */

 /*! \file */

@ -217,6 +217,7 @@ struct dns_zone {
 	dns_acl_t		*query_acl;
 	dns_acl_t		*xfr_acl;
 	isc_boolean_t		update_disabled;
+	isc_boolean_t		zero_no_soa_ttl;
 	dns_severity_t		check_names;
 	ISC_LIST(dns_notify_t)	notifies;
 	dns_request_t		*request;
@ -591,6 +592,7 @@ dns_zone_create(dns_zone_t **zonep, isc_mem_t *mctx) {
 	zone->query_acl = NULL;
 	zone->xfr_acl = NULL;
 	zone->update_disabled = ISC_FALSE;
+	zone->zero_no_soa_ttl = ISC_TRUE;
 	zone->check_names = dns_severity_ignore;
 	zone->request = NULL;
 	zone->lctx = NULL;
@ -5686,6 +5688,19 @@ dns_zone_setupdatedisabled(dns_zone_t *zone, isc_boolean_t state) {
 	zone->update_disabled = state;
 }

+isc_boolean_t
+dns_zone_getzeronosoattl(dns_zone_t *zone) {
+	REQUIRE(DNS_ZONE_VALID(zone));
+	return (zone->zero_no_soa_ttl);
+
+}
+
+void
+dns_zone_setzeronosoattl(dns_zone_t *zone, isc_boolean_t state) {
+	REQUIRE(DNS_ZONE_VALID(zone));
+	zone->zero_no_soa_ttl = state;
+}
+
 void
 dns_zone_setchecknames(dns_zone_t *zone, dns_severity_t severity) {

@ -7620,6 +7635,7 @@ dns_zone_getkeydirectory(dns_zone_t *zone) {

 	return (zone->keydirectory);
 }
+
 unsigned int
 dns_zonemgr_getcount(dns_zonemgr_t *zmgr, int state) {
 	dns_zone_t *zone;
--- a/lib/isccfg/namedconf.c
+++ b/lib/isccfg/namedconf.c
@ -15,7 +15,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: namedconf.c,v 1.61 2006/01/05 00:01:46 marka Exp $ */
+/* $Id: namedconf.c,v 1.62 2006/01/05 02:19:02 marka Exp $ */

 /*! \file */

@ -782,6 +782,7 @@ view_clauses[] = {
 	{ "empty-contact", &cfg_type_astring, 0 },
 	{ "empty-zones-enable", &cfg_type_boolean, 0 },
 	{ "disable-empty-zone", &cfg_type_astring, CFG_CLAUSEFLAG_MULTI },
+	{ "zero-no-soa-ttl-cache", &cfg_type_boolean, 0 },
 	{ NULL, NULL, 0 }
 };

@ -840,6 +841,7 @@ zone_clauses[] = {
 	{ "check-integrity", &cfg_type_boolean, 0 },
 	{ "check-mx", &cfg_type_checkmode, 0 },
 	{ "check-sibling", &cfg_type_boolean, 0 },
+	{ "zero-no-soa-ttl", &cfg_type_boolean, 0 },
 	{ NULL, NULL, 0 }
 };