From d659c5dac16706161a99f656d1b6a3a1548cb625 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Tue, 18 Feb 2014 10:09:07 +1100 Subject: [PATCH] 3743. [bug] delegation-only flag wasn't working in forward zone declarations despite being documented. This is needed to support turning off forwarding and turning on delegation only at the same name. [RT #35392] (cherry picked from commit 38eabfcee7a9f206c268834ab9cb6d3408a31380) --- CHANGES | 5 +++++ bin/named/server.c | 12 ++++++++++-- doc/arm/Bv9ARM-book.xml | 22 ++++++++++++---------- lib/bind9/check.c | 3 ++- 4 files changed, 29 insertions(+), 13 deletions(-) diff --git a/CHANGES b/CHANGES index fc2bcae4d1..ebc8f591d9 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,8 @@ +3743. [bug] delegation-only flag wasn't working in forward zone + declarations despite being documented. This is + needed to support turning off forwarding and turning + on delegation only at the same name. [RT #35392] + 3742. [port] linux: libcap support: declare curval at start of block. [RT #35387] diff --git a/bin/named/server.c b/bin/named/server.c index 3c792dadf5..a79db8d3d4 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -3878,8 +3878,16 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig, (void)cfg_map_get(zoptions, "forward", &forwardtype); (void)cfg_map_get(zoptions, "forwarders", &forwarders); - result = configure_forward(config, view, origin, forwarders, - forwardtype); + CHECK(configure_forward(config, view, origin, forwarders, + forwardtype)); + + /* + * Forward zones may also set delegation only. + */ + only = NULL; + tresult = cfg_map_get(zoptions, "delegation-only", &only); + if (tresult == ISC_R_SUCCESS && cfg_obj_asboolean(only)) + CHECK(dns_view_adddelegationonly(view, origin)); goto cleanup; } diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml index 51d687a247..63a001e3c6 100644 --- a/doc/arm/Bv9ARM-book.xml +++ b/doc/arm/Bv9ARM-book.xml @@ -4240,8 +4240,8 @@ category notify { null; }; Delegation only. Logs queries that have been forced to NXDOMAIN as the result of a delegation-only zone or a - delegation-only in a hint - or stub zone declaration. + delegation-only in a + forward, hint or stub zone declaration. @@ -10524,6 +10524,7 @@ zone zone_name class forward (only|first) ; forwarders { ip_addr port ip_port ; ... }; + delegation-only yes_or_no ; }; zone "." class { @@ -11141,14 +11142,15 @@ zone zone_name class - - delegation-only - - - The flag only applies to hint and stub zones. If set - to yes, then the zone will also be - treated as if it is also a delegation-only type zone. - + + delegation-only + + + The flag only applies to forward, hint and stub + zones. If set to yes, + then the zone will also be treated as if it is + also a delegation-only type zone. + See caveats in . diff --git a/lib/bind9/check.c b/lib/bind9/check.c index af1b87ae23..d185a2b04c 100644 --- a/lib/bind9/check.c +++ b/lib/bind9/check.c @@ -1323,7 +1323,8 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions, { "notify", MASTERZONE | SLAVEZONE }, { "also-notify", MASTERZONE | SLAVEZONE }, { "dialup", MASTERZONE | SLAVEZONE | STUBZONE | STREDIRECTZONE }, - { "delegation-only", HINTZONE | STUBZONE | DELEGATIONZONE }, + { "delegation-only", HINTZONE | STUBZONE | FORWARDZONE | + DELEGATIONZONE }, { "forward", MASTERZONE | SLAVEZONE | STUBZONE | STATICSTUBZONE | FORWARDZONE }, { "forwarders", MASTERZONE | SLAVEZONE | STUBZONE |