From 48dc763949016991adf8cd5886a006176e83042f Mon Sep 17 00:00:00 2001 From: Colin Vidal Date: Tue, 3 Jun 2025 16:12:59 +0200 Subject: [PATCH] initialize queryonacl dns_view_t property A dns_view_t has a queryonacl property, which is supposed to hold the ACL matching the configuration "allow-query-on". However the code parsing this configuration ACL was missing (or removed by mistake?), hence this property was always NULL. The ACL was still built but individually for each zone (which checks if the property exists in the zone definition, view definition, and finally options definition). It now create the ACL instance at the view level, enabling zones to share the same (identical) ACL instead of having their own copies. --- bin/named/server.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/bin/named/server.c b/bin/named/server.c index cccd192405..949059f801 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -4885,6 +4885,10 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config, CHECK(configure_view_acl(vconfig, config, NULL, "allow-query-cache-on", NULL, actx, named_g_mctx, &view->cacheonacl)); + CHECK(configure_view_acl(vconfig, config, named_g_config, + "allow-query-on", NULL, actx, named_g_mctx, + &view->queryonacl)); + CHECK(configure_view_acl(vconfig, config, named_g_config, "allow-proxy", NULL, actx, named_g_mctx, &view->proxyacl));