upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Add more checks about respip in unbound-checkconf.

Browse source 
Also fixes #310: unbound-checkconf not reporting RPZ configuration
  error.
This commit is contained in:
Yorgos Thessalonikefs 2025-05-20 16:21:02 +02:00
parent 71ac59e6f4
commit 342a0f48e3
2 changed files with 12 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
doc/Changelog
View file

@ -1,10 +1,13 @@
20 May 2025: Yorgos 20 May 2025: Yorgos
- Merge #1285: RST man pages. It introduces restructuredText man pages - Merge #1285: RST man pages. It introduces restructuredText man pages
to sync the online and source code man page documentation. to sync the online and source code man page documentation.
The templated man pages (*.in) are still part of the repo but The templated man pages (*.in) are still part of the repo but
generated with docutils from their .rst counterpart. generated with docutils from their .rst counterpart.
Documentation on how to generate those (mainly for core developers) Documentation on how to generate those (mainly for core developers)
is in README.man. is in README.man.
- Add more checks about respip in unbound-checkconf.
Also fixes #310: unbound-checkconf not reporting RPZ configuration
error.
19 May 2025: Wouter 19 May 2025: Wouter
- Fix for cname chain length with qtype ANY and qname minimisation. - Fix for cname chain length with qtype ANY and qname minimisation.

10
smallapp/unbound-checkconf.c
View file

@ -294,7 +294,8 @@ view_and_respipchecks(struct config_file* cfg)
{ {
struct views* views = NULL; struct views* views = NULL;
struct respip_set* respip = NULL; struct respip_set* respip = NULL;
int ignored = 0; int have_view_respip_cfg = 0;
int use_response_ip = 0;
if(!(views = views_create())) if(!(views = views_create()))
fatal_exit("Could not create views: out of memory"); fatal_exit("Could not create views: out of memory");
if(!(respip = respip_set_create())) if(!(respip = respip_set_create()))
@ -303,8 +304,11 @@ view_and_respipchecks(struct config_file* cfg)
fatal_exit("Could not set up views"); fatal_exit("Could not set up views");
if(!respip_global_apply_cfg(respip, cfg)) if(!respip_global_apply_cfg(respip, cfg))
fatal_exit("Could not setup respip set"); fatal_exit("Could not setup respip set");
if(!respip_views_apply_cfg(views, cfg, &ignored)) if(!respip_views_apply_cfg(views, cfg, &have_view_respip_cfg))
fatal_exit("Could not setup per-view respip sets"); fatal_exit("Could not setup per-view respip sets");
use_response_ip = !respip_set_is_empty(respip) || have_view_respip_cfg;
if(use_response_ip && !strstr(cfg->module_conf, "respip"))
fatal_exit("response-ip options require respip module");
acl_view_tag_checks(cfg, views); acl_view_tag_checks(cfg, views);
views_delete(views); views_delete(views);
respip_set_delete(respip); respip_set_delete(respip);
@ -968,6 +972,8 @@ check_auth(struct config_file* cfg)
if(!az || !auth_zones_apply_cfg(az, cfg, 0, &is_rpz, NULL, NULL)) { if(!az || !auth_zones_apply_cfg(az, cfg, 0, &is_rpz, NULL, NULL)) {
fatal_exit("Could not setup authority zones"); fatal_exit("Could not setup authority zones");
} }
if(is_rpz && !strstr(cfg->module_conf, "respip"))
fatal_exit("RPZ requires the respip module");
auth_zones_delete(az); auth_zones_delete(az);
} }