Merge branch '251-documentation-of-rpz-min-update-interval-is-inconsistent-with-implementation' into 'master'

Resolve "Documentation of RPZ min-update-interval is inconsistent with implementation"

Closes #251

See merge request isc-projects/bind9!277

bin/named/server.c

@@ -2096,8 +2096,10 @@ configure_rpz_name2(dns_view_t *view, const cfg_obj_t *obj, dns_name_t *name,
 
 static isc_result_t
 configure_rpz_zone(dns_view_t *view, const cfg_listelt_t *element,
-		   isc_boolean_t recursive_only_def, dns_ttl_t ttl_def,
-		   isc_uint32_t minupdateint_def, const dns_rpz_zone_t *old,
+		   isc_boolean_t recursive_only_default,
+		   dns_ttl_t ttl_default,
+		   isc_uint32_t minupdateinterval_default,
+		   const dns_rpz_zone_t *old,
 		   isc_boolean_t *old_rpz_okp)
 {
 	const cfg_obj_t *rpz_obj, *obj;
@@ -2126,7 +2128,9 @@ configure_rpz_zone(dns_view_t *view, const cfg_listelt_t *element,
 	}
 
 	obj = cfg_tuple_get(rpz_obj, "recursive-only");
-	if (cfg_obj_isvoid(obj) ? recursive_only_def : cfg_obj_asboolean(obj)) {
+	if (cfg_obj_isvoid(obj) ?
+	    recursive_only_default : cfg_obj_asboolean(obj))
+	{
 		view->rpzs->p.no_rd_ok &= ~DNS_RPZ_ZBIT(zone->num);
 	} else {
 		view->rpzs->p.no_rd_ok |= DNS_RPZ_ZBIT(zone->num);
@@ -2143,14 +2147,14 @@ configure_rpz_zone(dns_view_t *view, const cfg_listelt_t *element,
 	if (cfg_obj_isuint32(obj)) {
 		zone->max_policy_ttl = cfg_obj_asuint32(obj);
 	} else {
-		zone->max_policy_ttl = ttl_def;
+		zone->max_policy_ttl = ttl_default;
 	}
 
 	obj = cfg_tuple_get(rpz_obj, "min-update-interval");
 	if (cfg_obj_isuint32(obj)) {
-		zone->min_update_int = cfg_obj_asuint32(obj);
+		zone->min_update_interval = cfg_obj_asuint32(obj);
 	} else {
-		zone->min_update_int = minupdateint_def;
+		zone->min_update_interval = minupdateinterval_default;
 	}
 
 	if (*old_rpz_okp && zone->max_policy_ttl != old->max_policy_ttl)
@@ -2249,11 +2253,11 @@ configure_rpz(dns_view_t *view, const cfg_obj_t **maps,
 	char *rps_cstr;
 	size_t rps_cstr_size;
 	const cfg_obj_t *sub_obj;
-	isc_boolean_t recursive_only_def;
+	isc_boolean_t recursive_only_default;
 	isc_boolean_t nsip_enabled, nsdname_enabled;
 	dns_rpz_zbits_t nsip_on, nsdname_on;
-	dns_ttl_t ttl_def;
-	isc_uint32_t minupdateint_def;
+	dns_ttl_t ttl_default;
+	isc_uint32_t minupdateinterval_default;
 	dns_rpz_zones_t *zones;
 	const dns_rpz_zones_t *old;
 	dns_view_t *pview;
@@ -2344,9 +2348,9 @@ configure_rpz(dns_view_t *view, const cfg_obj_t **maps,
 	sub_obj = cfg_tuple_get(rpz_obj, "recursive-only");
 	if (!cfg_obj_isvoid(sub_obj) &&
 	    !cfg_obj_asboolean(sub_obj))
-		recursive_only_def = ISC_FALSE;
+		recursive_only_default = ISC_FALSE;
 	else
-		recursive_only_def = ISC_TRUE;
+		recursive_only_default = ISC_TRUE;
 
 	sub_obj = cfg_tuple_get(rpz_obj, "break-dnssec");
 	if (!cfg_obj_isvoid(sub_obj) &&
@@ -2357,15 +2361,15 @@ configure_rpz(dns_view_t *view, const cfg_obj_t **maps,
 
 	sub_obj = cfg_tuple_get(rpz_obj, "max-policy-ttl");
 	if (cfg_obj_isuint32(sub_obj))
-		ttl_def = cfg_obj_asuint32(sub_obj);
+		ttl_default = cfg_obj_asuint32(sub_obj);
 	else
-		ttl_def = DNS_RPZ_MAX_TTL_DEFAULT;
+		ttl_default = DNS_RPZ_MAX_TTL_DEFAULT;
 
 	sub_obj = cfg_tuple_get(rpz_obj, "min-update-interval");
 	if (cfg_obj_isuint32(sub_obj))
-		minupdateint_def = cfg_obj_asuint32(sub_obj);
+		minupdateinterval_default = cfg_obj_asuint32(sub_obj);
 	else
-		minupdateint_def = DNS_RPZ_MINUPDATEINT_DEF;
+		minupdateinterval_default = DNS_RPZ_MINUPDATEINTERVAL_DEFAULT;
 
 	sub_obj = cfg_tuple_get(rpz_obj, "min-ns-dots");
 	if (cfg_obj_isuint32(sub_obj))
@@ -2409,9 +2413,10 @@ configure_rpz(dns_view_t *view, const cfg_obj_t **maps,
 			old_zone = NULL;
 		}
 		result = configure_rpz_zone(view, zone_element,
-					    recursive_only_def, ttl_def,
-					    minupdateint_def, old_zone,
-					    old_rpz_okp);
+					    recursive_only_default,
+					    ttl_default,
+					    minupdateinterval_default,
+					    old_zone, old_rpz_okp);
 		if (result != ISC_R_SUCCESS) {
 			if (pview != NULL)
 				dns_view_detach(&pview);

doc/arm/Bv9ARM-book.xml

@@ -10277,7 +10277,7 @@ example.com                 CNAME   rpz-tcp-only.
 	    If an update to a RPZ zone (for example, via IXFR) happens less
 	    than <option>min-update-interval</option> seconds after the most
 	    recent update, then the changes will not be carried out until this
-	    interval has elapsed.  The default is <literal>5</literal> seconds.
+	    interval has elapsed.  The default is <literal>60</literal> seconds.
 	    For convenience, TTL-style time unit suffixes may be
 	    used to specify the value.
 	  </para>

lib/dns/include/dns/rpz.h

@@ -137,7 +137,7 @@ struct dns_rpz_zone {
 	dns_ttl_t	 max_policy_ttl;
 	dns_rpz_policy_t policy;	/* DNS_RPZ_POLICY_GIVEN or override */
 
-	isc_uint32_t	 min_update_int;/* minimal interval between updates */
+	isc_uint32_t	 min_update_interval;/* minimal interval between updates */
 	isc_ht_t	 *nodes;	/* entries in zone */
 	dns_rpz_zones_t	 *rpzs;		/* owner */
 	isc_time_t	 lastupdated;	/* last time the zone was processed */
@@ -347,9 +347,9 @@ typedef struct {
 	dns_fixedname_t		_fnamef;
 } dns_rpz_st_t;
 
-#define DNS_RPZ_TTL_DEFAULT		5
-#define DNS_RPZ_MAX_TTL_DEFAULT		DNS_RPZ_TTL_DEFAULT
-#define DNS_RPZ_MINUPDATEINT_DEF	60
+#define DNS_RPZ_TTL_DEFAULT			5
+#define DNS_RPZ_MAX_TTL_DEFAULT			DNS_RPZ_TTL_DEFAULT
+#define DNS_RPZ_MINUPDATEINTERVAL_DEFAULT	60
 
 /*
  * So various response policy zone messages can be turned up or down.

lib/dns/rpz.c

@@ -1610,8 +1610,8 @@ dns_rpz_dbupdate_callback(dns_db_t *db, void *fn_arg) {
 		zone->updatepending = ISC_TRUE;
 		isc_time_now(&now);
 		tdiff = isc_time_microdiff(&now, &zone->lastupdated) / 1000000;
-		if (tdiff < zone->min_update_int) {
-			isc_uint64_t defer = zone->min_update_int - tdiff;
+		if (tdiff < zone->min_update_interval) {
+			isc_uint64_t defer = zone->min_update_interval - tdiff;
 			isc_interval_t interval;
 			dns_name_format(&zone->origin, dname,
 					DNS_NAME_FORMATSIZE);
@@ -1801,7 +1801,7 @@ finish_update(dns_rpz_zone_t *rpz) {
 	 * If there's an update pending schedule it
 	 */
 	if (rpz->updatepending == ISC_TRUE) {
-		isc_uint64_t defer = rpz->min_update_int;
+		isc_uint64_t defer = rpz->min_update_interval;
 		isc_interval_t interval;
 		dns_name_format(&rpz->origin, dname,
 				DNS_NAME_FORMATSIZE);