From a1bc94109313bf4ebb6e6ff655d71d45582d2e43 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Thu, 5 Jan 2006 02:19:02 +0000 Subject: [PATCH] 1959. [func] Control the zeroing of the negative response TTL to a soa query. Defaults "zero-no-soa-ttl yes;" and "zero-no-soa-ttl-cache no;". [RT #15460] --- CHANGES | 4 ++++ bin/named/config.c | 4 +++- bin/named/named.conf.docbook | 7 ++++++- bin/named/query.c | 5 +++-- bin/named/server.c | 7 ++++++- bin/named/zoneconf.c | 7 ++++++- doc/arm/Bv9ARM-book.xml | 36 +++++++++++++++++++++++++++++++++- lib/dns/include/dns/resolver.h | 9 ++++++++- lib/dns/include/dns/zone.h | 20 ++++++++++++++++++- lib/dns/resolver.c | 21 ++++++++++++++++++-- lib/dns/win32/libdns.def | 4 ++++ lib/dns/zone.c | 18 ++++++++++++++++- lib/isccfg/namedconf.c | 4 +++- 13 files changed, 133 insertions(+), 13 deletions(-) diff --git a/CHANGES b/CHANGES index 34b4156fc6..202d47507b 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,7 @@ +1959. [func] Control the zeroing of the negative response TTL to + a soa query. Defaults "zero-no-soa-ttl yes;" and + "zero-no-soa-ttl-cache no;". [RT #15460] + 1958. [bug] Named failed to update the zone's secure state until the zone was reloaded. [RT #15412] diff --git a/bin/named/config.c b/bin/named/config.c index 23fac15fab..e06cff7f67 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: config.c,v 1.65 2006/01/05 00:01:46 marka Exp $ */ +/* $Id: config.c,v 1.66 2006/01/05 02:19:01 marka Exp $ */ /*! \file */ @@ -137,6 +137,7 @@ options {\n\ dnssec-accept-expired no;\n\ clients-per-query 10;\n\ max-clients-per-query 100;\n\ + zero-no-soa-ttl-cache no;\n\ " " /* zone */\n\ @@ -170,6 +171,7 @@ options {\n\ check-wildcard yes;\n\ check-sibling yes;\n\ check-integrity yes;\n\ + zero-no-soa-ttl yes;\n\ };\n\ " diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook index 26006a2504..ff5b71de8d 100644 --- a/bin/named/named.conf.docbook +++ b/bin/named/named.conf.docbook @@ -17,7 +17,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> - + Aug 13, 2004 @@ -317,6 +317,8 @@ options { zone-statistics boolean; key-directory quoted_string; + zero-no-soa-ttl boolean; + zero-no-soa-ttl-cache boolean; allow-v6-synthesis { address_match_element; ... }; // obsolete deallocate-on-exit boolean; // obsolete @@ -459,6 +461,8 @@ view string optional_class zone-statistics boolean; key-directory quoted_string; + zero-no-soa-ttl boolean; + zero-no-soa-ttl-cache boolean; allow-v6-synthesis { address_match_element; ... }; // obsolete fetch-glue boolean; // obsolete @@ -490,6 +494,7 @@ zone string optional_class dialup dialuptype; ixfr-from-differences boolean; journal quoted_string; + zero-no-soa-ttl boolean; allow-query { address_match_element; ... }; allow-transfer { address_match_element; ... }; diff --git a/bin/named/query.c b/bin/named/query.c index 4e90280575..09ebaf2723 100644 --- a/bin/named/query.c +++ b/bin/named/query.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: query.c,v 1.278 2006/01/04 23:50:24 marka Exp $ */ +/* $Id: query.c,v 1.279 2006/01/05 02:19:01 marka Exp $ */ /*! \file */ @@ -3874,7 +3874,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) * the containing zone of an arbitrary name with a stub * resolver and not have it cached. */ - if (qtype == dns_rdatatype_soa) + if (qtype == dns_rdatatype_soa && + dns_zone_getzeronosoattl(zone)) result = query_addsoa(client, db, version, ISC_TRUE); else result = query_addsoa(client, db, version, ISC_FALSE); diff --git a/bin/named/server.c b/bin/named/server.c index 87248cb1cb..1ecb19a95b 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: server.c,v 1.454 2006/01/05 00:01:46 marka Exp $ */ +/* $Id: server.c,v 1.455 2006/01/05 02:19:02 marka Exp $ */ /*! \file */ @@ -1146,6 +1146,11 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, if (lame_ttl > 1800) lame_ttl = 1800; dns_resolver_setlamettl(view->resolver, lame_ttl); + + obj = NULL; + result = ns_config_get(maps, "zero-no-soa-ttl-cache", &obj); + INSIST(result == ISC_R_SUCCESS); + dns_resolver_setzeronosoattl(view->resolver, cfg_obj_asboolean(obj)); /* * Set the resolver's EDNS UDP size. diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c index 2ff5a9dc87..f6ffc2d8ac 100644 --- a/bin/named/zoneconf.c +++ b/bin/named/zoneconf.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zoneconf.c,v 1.125 2005/11/30 03:33:48 marka Exp $ */ +/* $Id: zoneconf.c,v 1.126 2006/01/05 02:19:02 marka Exp $ */ /*% */ @@ -605,6 +605,11 @@ ns_zone_configure(cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_t *zconfig, INSIST(result == ISC_R_SUCCESS); dns_zone_setoption(zone, DNS_ZONEOPT_CHECKSIBLING, cfg_obj_asboolean(obj)); + + obj = NULL; + result = ns_config_get(maps, "zero-no-soa-ttl", &obj); + INSIST(result == ISC_R_SUCCESS); + dns_zone_setzeronosoattl(zone, cfg_obj_asboolean(obj)); } /* diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml index 340b7de043..3f226e7969 100644 --- a/doc/arm/Bv9ARM-book.xml +++ b/doc/arm/Bv9ARM-book.xml @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> - + BIND 9 Administrator Reference Manual @@ -4493,6 +4493,8 @@ category notify { null; }; empty-contact name ; empty-zones-enable yes_or_no ; disable-empty-zone zone_name ; + zero-no-soa-ttl yes_or_no ; + zero-no-soa-ttl-cache yes_or_no ; }; @@ -5587,6 +5589,27 @@ options { + + + zero-no-soa-ttl + + + When returning authoritative negative responses to + SOA queries set the TTL of the SOA recored returned in + the authority section to zero. Default yes. + + + + + + zero-no-soa-ttl-cache + + + When caching a negative response to a SOA query + set the TTL to zero. Default no. + + + @@ -7932,6 +7955,7 @@ view "external" { max-retry-time number ; multi-master yes_or_no ; key-directory path_name; + zero-no-soa-ttl yes_or_no ; }; @@ -8327,6 +8351,16 @@ view "external" { + + zero-no-soa-ttl + + + See the description of + zero-no-soa-ttl in . + + + + database diff --git a/lib/dns/include/dns/resolver.h b/lib/dns/include/dns/resolver.h index 7e46e99eb9..d3bbbc7757 100644 --- a/lib/dns/include/dns/resolver.h +++ b/lib/dns/include/dns/resolver.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: resolver.h,v 1.49 2006/01/05 00:01:46 marka Exp $ */ +/* $Id: resolver.h,v 1.50 2006/01/05 02:19:02 marka Exp $ */ #ifndef DNS_RESOLVER_H #define DNS_RESOLVER_H 1 @@ -467,6 +467,13 @@ dns_resolver_setclientsperquery(dns_resolver_t *resolver, void dns_resolver_getclientsperquery(dns_resolver_t *resolver, isc_uint32_t *cur, isc_uint32_t *min, isc_uint32_t *max); + +isc_boolean_t +dns_resolver_getzeronosoattl(dns_resolver_t *resolver); + +void +dns_resolver_setzeronosoattl(dns_resolver_t *resolver, isc_boolean_t state); + ISC_LANG_ENDDECLS #endif /* DNS_RESOLVER_H */ diff --git a/lib/dns/include/dns/zone.h b/lib/dns/include/dns/zone.h index 44f0b54b45..9e397351d1 100644 --- a/lib/dns/include/dns/zone.h +++ b/lib/dns/include/dns/zone.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zone.h,v 1.138 2005/10/26 04:35:54 marka Exp $ */ +/* $Id: zone.h,v 1.139 2006/01/05 02:19:02 marka Exp $ */ #ifndef DNS_ZONE_H #define DNS_ZONE_H 1 @@ -817,9 +817,27 @@ dns_zone_clearxfracl(dns_zone_t *zone); isc_boolean_t dns_zone_getupdatedisabled(dns_zone_t *zone); +/*%< + * Return update disabled. + */ void dns_zone_setupdatedisabled(dns_zone_t *zone, isc_boolean_t state); +/*%< + * Set update disabled. + */ + +isc_boolean_t +dns_zone_getzeronosoattl(dns_zone_t *zone); +/*%< + * Return zero-no-soa-ttl status. + */ + +void +dns_zone_setzeronosoattl(dns_zone_t *zone, isc_boolean_t state); +/*%< + * Set zero-no-soa-ttl status. + */ void dns_zone_setchecknames(dns_zone_t *zone, dns_severity_t severity); diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c index 1e73bba01c..9acd154469 100644 --- a/lib/dns/resolver.c +++ b/lib/dns/resolver.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: resolver.c,v 1.325 2006/01/05 00:01:46 marka Exp $ */ +/* $Id: resolver.c,v 1.326 2006/01/05 02:19:02 marka Exp $ */ /*! \file */ @@ -316,6 +316,7 @@ struct dns_resolver { unsigned int spillatmax; unsigned int spillatmin; isc_timer_t * spillattimer; + isc_boolean_t zero_no_soa_ttl; /* Locked by lock. */ unsigned int references; isc_boolean_t exiting; @@ -3300,7 +3301,8 @@ validated(isc_task_t *task, isc_event_t *event) { */ ttl = fctx->res->view->maxncachettl; if (fctx->type == dns_rdatatype_soa && - covers == dns_rdatatype_any) + covers == dns_rdatatype_any && + fctx->res->zero_no_soa_ttl) ttl = 0; result = ncache_adderesult(fctx->rmessage, fctx->cache, node, @@ -5901,6 +5903,7 @@ dns_resolver_create(dns_view_t *view, res->spillatmin = res->spillat = 10; res->spillatmax = 100; res->spillattimer = NULL; + res->zero_no_soa_ttl = ISC_FALSE; res->nbuckets = ntasks; res->activebuckets = ntasks; @@ -6886,3 +6889,17 @@ dns_resolver_setclientsperquery(dns_resolver_t *resolver, isc_uint32_t min, resolver->spillatmax = max; UNLOCK(&resolver->lock); } + +isc_boolean_t +dns_resolver_getzeronosoattl(dns_resolver_t *resolver) { + REQUIRE(VALID_RESOLVER(resolver)); + + return (resolver->zero_no_soa_ttl); +} + +void +dns_resolver_setzeronosoattl(dns_resolver_t *resolver, isc_boolean_t state) { + REQUIRE(VALID_RESOLVER(resolver)); + + resolver->zero_no_soa_ttl = state; +} diff --git a/lib/dns/win32/libdns.def b/lib/dns/win32/libdns.def index 9348ef643e..da8e61758d 100644 --- a/lib/dns/win32/libdns.def +++ b/lib/dns/win32/libdns.def @@ -492,6 +492,7 @@ dns_resolver_dispatchv6 dns_resolver_freeze dns_resolver_getlamettl dns_resolver_getudpsize +dns_resolver_getzeronosoattl dns_resolver_nrunning dns_resolver_prime dns_resolver_reset_algorithms @@ -500,6 +501,7 @@ dns_resolver_setclientsperquery dns_resolver_setlamettl dns_resolver_setmustbesecure dns_resolver_setudpsize +dns_resolver_setzeronosoattl dns_resolver_shutdown dns_resolver_socketmgr dns_resolver_taskmgr @@ -655,6 +657,7 @@ dns_zone_getview dns_zone_getxfracl dns_zone_getxfrsource4 dns_zone_getxfrsource6 +dns_zone_getzeronosoattl dns_zone_iattach dns_zone_idetach dns_zone_isforced @@ -716,6 +719,7 @@ dns_zone_setview dns_zone_setxfracl dns_zone_setxfrsource4 dns_zone_setxfrsource6 +dns_zone_setzeronosoattl dns_zone_unload dns_zonekey_iszonekey dns_zonemgr_attach diff --git a/lib/dns/zone.c b/lib/dns/zone.c index f1e3e821ff..f377cf1f15 100644 --- a/lib/dns/zone.c +++ b/lib/dns/zone.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zone.c,v 1.448 2006/01/04 00:37:24 marka Exp $ */ +/* $Id: zone.c,v 1.449 2006/01/05 02:19:02 marka Exp $ */ /*! \file */ @@ -217,6 +217,7 @@ struct dns_zone { dns_acl_t *query_acl; dns_acl_t *xfr_acl; isc_boolean_t update_disabled; + isc_boolean_t zero_no_soa_ttl; dns_severity_t check_names; ISC_LIST(dns_notify_t) notifies; dns_request_t *request; @@ -591,6 +592,7 @@ dns_zone_create(dns_zone_t **zonep, isc_mem_t *mctx) { zone->query_acl = NULL; zone->xfr_acl = NULL; zone->update_disabled = ISC_FALSE; + zone->zero_no_soa_ttl = ISC_TRUE; zone->check_names = dns_severity_ignore; zone->request = NULL; zone->lctx = NULL; @@ -5686,6 +5688,19 @@ dns_zone_setupdatedisabled(dns_zone_t *zone, isc_boolean_t state) { zone->update_disabled = state; } +isc_boolean_t +dns_zone_getzeronosoattl(dns_zone_t *zone) { + REQUIRE(DNS_ZONE_VALID(zone)); + return (zone->zero_no_soa_ttl); + +} + +void +dns_zone_setzeronosoattl(dns_zone_t *zone, isc_boolean_t state) { + REQUIRE(DNS_ZONE_VALID(zone)); + zone->zero_no_soa_ttl = state; +} + void dns_zone_setchecknames(dns_zone_t *zone, dns_severity_t severity) { @@ -7620,6 +7635,7 @@ dns_zone_getkeydirectory(dns_zone_t *zone) { return (zone->keydirectory); } + unsigned int dns_zonemgr_getcount(dns_zonemgr_t *zmgr, int state) { dns_zone_t *zone; diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c index 468d048beb..7946095bf7 100644 --- a/lib/isccfg/namedconf.c +++ b/lib/isccfg/namedconf.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: namedconf.c,v 1.61 2006/01/05 00:01:46 marka Exp $ */ +/* $Id: namedconf.c,v 1.62 2006/01/05 02:19:02 marka Exp $ */ /*! \file */ @@ -782,6 +782,7 @@ view_clauses[] = { { "empty-contact", &cfg_type_astring, 0 }, { "empty-zones-enable", &cfg_type_boolean, 0 }, { "disable-empty-zone", &cfg_type_astring, CFG_CLAUSEFLAG_MULTI }, + { "zero-no-soa-ttl-cache", &cfg_type_boolean, 0 }, { NULL, NULL, 0 } }; @@ -840,6 +841,7 @@ zone_clauses[] = { { "check-integrity", &cfg_type_boolean, 0 }, { "check-mx", &cfg_type_checkmode, 0 }, { "check-sibling", &cfg_type_boolean, 0 }, + { "zero-no-soa-ttl", &cfg_type_boolean, 0 }, { NULL, NULL, 0 } };