localzone and localdata configuration setup.

git-svn-id: file:///svn/unbound/trunk@771 be551aaa-1e26-0410-a405-d3ace91eadb9

checkconf/unbound-checkconf.c

@@ -92,7 +92,7 @@ morechecks(struct config_file* cfg)
 	int i;
 	struct sockaddr_storage a;
 	socklen_t alen;
-	struct config_acl* acl;
+	struct config_str2list* acl;
 	for(i=0; i<cfg->num_ifs; i++) {
 		if(!ipstrtoaddr(cfg->ifs[i], UNBOUND_DNS_PORT, &a, &alen)) {
 			fatal_exit("cannot parse interface specified as '%s'",
@@ -107,10 +107,10 @@ morechecks(struct config_file* cfg)
 		}
 	}
 	for(acl=cfg->acls; acl; acl = acl->next) {
-		if(!netblockstrtoaddr(acl->address, UNBOUND_DNS_PORT, 
+		if(!netblockstrtoaddr(acl->str, UNBOUND_DNS_PORT, &a, &alen, 
-			&a, &alen, &i)) {
+			&i)) {
 			fatal_exit("cannot parse access control address %s %s",
-				acl->address, acl->control);
+				acl->str, acl->str2);
 		}
 	}
 

daemon/acl_list.c

@@ -144,10 +144,10 @@ acl_list_str_cfg(struct acl_list* acl, const char* str, const char* s2,
 static int 
 read_acl_list(struct acl_list* acl, struct config_file* cfg)
 {
-	struct config_acl* p;
+	struct config_str2list* p;
 	for(p = cfg->acls; p; p = p->next) {
-		log_assert(p->address && p->control);
+		log_assert(p->str && p->str2);
-		if(!acl_list_str_cfg(acl, p->address, p->control, 1))
+		if(!acl_list_str_cfg(acl, p->str, p->str2, 1))
 			return 0;
 	}
 	return 1;

doc/Changelog

@@ -1,3 +1,7 @@
+20 November 2007: Wouter
+	- 0.8 - str2list config support for double string config options.
+	- local-zone and local-data options, config storage and documentation.
+
 19 November 2007: Wouter
 	- do not downcase NSEC and RRSIG for verification. Follows 
 	  draft-ietf-dnsext-dnssec-bis-updates-06.txt.

doc/example.conf

@@ -255,6 +255,35 @@ server:
 	# more slabs reduce lock contention, but fragment memory usage.
 	# key-cache-slabs: 4
 
+	# a number of locally served zones can be configured.
+	# 	local-zone: <zone> <type>
+	# 	local-data: "<resource record string>"
+	# o deny serves local data (if any), else, drops queries. 
+	# o refuse serves local data (if any), else, replies with error.
+	# o static serves local data, else, nxdomain or nodata answer.
+	# o transparent serves local data, else, resolves normally .
+	# o redirect serves the zone data for any subdomain in the zone.
+	# o nodefault can be used to normally resolve AS112 zones.
+	#
+	# defaults are localhost address, reverse for 127.0.0.1 and ::1
+	# and nxdomain for AS112 zones. If you configure one of these zones
+	# the default content is omitted, or you can omit it with 'nodefault'.
+	# 
+	# If you configure local-data without specifying local-zone, by
+	# default a transparent local-zone is created for the data.
+	#
+	# You can add locally served data with
+	# local-zone: "local." static
+	# local-data: "mycomputer.local. IN A 192.0.2.51"
+	#
+	# You can override certain queries with
+	# local-data: "adserver.example.com A 127.0.0.1"
+	#
+	# You can redirect a domain to a fixed address with
+	# (this makes example.com, www.example.com, etc, all go to 192.0.2.3)
+	# local-zone: "example.com" redirect
+	# local-data: "example.com A 192.0.2.3"
+
 
 # Stub zones.
 # Create entries like below, to make all queries for 'example.com' and 

doc/unbound.conf.5

@@ -321,6 +321,100 @@ Number of bytes size of the key cache. Default is 4 megabytes.
 Number of slabs in the key cache. Slabs reduce lock contention by threads.
 Must be set to a power of 2. Setting (close) to the number of cpus is a 
 reasonable guess.
+.It \fBlocal-zone:\fR <zone> <type>
+Configure a local zone. The type determines the answer to give if there is
+no match from local-data. The types are deny, refuse, static, transparent, 
+redirect, nodefault, and are explained below. After that the default settings
+are listed. Use local-data: to enter data into the local zone. Answers for
+local zones are authoritative DNS answers.
+.Bl -tag -width indent
+.It \fIdeny\fR 
+Do not send an answer, drop the query.
+If there is a match from local data, the query is answered.
+.It \fIrefuse\fR 
+Send an error message reply, with rcode REFUSED.
+If there is a match from local data, the query is answered.
+.It \fIstatic\fR 
+If there is a match from local data, the query is answered.
+Otherwise, the query is answered with nodata or nxdomain.
+For a negative answer a SOA is included in the answer if present
+as local-data for the zone apex domain.
+.It \fItransparent\fR 
+If there is a match from local data, the query is answered.
+Otherwise, the query is resolved normally.
+If no local-zone is given local-data causes a transparent zone
+to be created by default.
+.It \fIredirect\fR 
+The query is answered from the local data for the zone name. 
+There may be no local data beneath the zone name.
+This answers queries for the zone, and all subdomains of the zone
+with the local data for the zone.
+It can be used to redirect a domain to a different address, with 
+local-zone: "example.com." redirect and 
+local-data: "example.com. A 127.0.0.1"
+queries for www.example.com and www.foo.example.com are redirected.
+.It \fInodefault\fR 
+Used to turn off default contents for AS112 zones. The other types
+also turn off default contents for the zone. The 'nodefault' option 
+has no other effect than turning off default contents for the 
+given zone.
+.El
+The default zones are localhost, reverse 127.0.0.1 and ::1, and the AS112
+zones. The AS112 zones are reverse DNS zones for private use and reserved
+IP addresses for which the servers on the internet cannot provide correct
+answers. They are configured by default to give nxdomain (no reverse 
+information) answers. The defaults can be turned off by specifying your
+own local-zone of that name, or using the 'nodefault' type. Below is a 
+list of the default zone contents.
+.Bl -tag -width indent
+.It \fIlocalhost\fR 
+The IP4 and IP6 localhost information is given. NS and SOA records are provided
+for completeness and to satisfy some DNS update tools. Default content:
+.nf
+local-zone: "localhost." static
+local-data: "localhost. 10800 IN NS localhost."
+local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
+local-data: "localhost. 10800 IN A 127.0.0.1"
+local-data: "localhost. 10800 IN AAAA ::1"
+.fi
+.It \fIreverse IPv4 loopback\fR 
+Default content:
+.nf
+local-zone: "127.in-addr.arpa." static
+local-data: "127.in-addr.arpa. 10800 IN NS localhost."
+local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
+local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."
+.fi
+.It \fIreverse IPv6 loopback\fR 
+Default content:
+.nf
+local-zone: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." static
+local-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN NS localhost."
+local-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
+local-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN PTR localhost."
+.fi
+.It \fIreverse RFC1918 local use zones\fR 
+Reverse data for zones 10.IN-ADDR.ARPA, 16.172.IN-ADDR.ARPA to 
+31.172.IN-ADDR.ARPA, 168.192.IN-ADDR.ARPA.
+The \fBlocal-zone:\fR is set static and as \fBlocal-data:\fR SOA and NS 
+records are provided.
+.It \fIreverse RFC3330 IP4 this, link-local, testnet and broadcast\fR 
+Reverse data for zones 0.IN-ADDR.ARPA, 254.169.IN-ADDR.ARPA, 
+2.0.192.IN-ADDR.ARPA, 255.255.255.255.IN-ADDR.ARPA.
+.It \fIreverse RFC4291 IP6 unspecified\fR
+Reverse data for zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA.
+.It \fIreverse RFC4193 IPv6 Locally Assigned Local Addresses\fR
+Reverse data for zone D.F.IP6.ARPA.
+.It \fIreverse RFC4291 IPv6 Link Local Addresses\fR
+Reverse data for zones 8.E.F.IP6.ARPA to B.E.F.IP6.ARPA.
+.El
+.\" End of local-zone listing.
+.It \fBlocal-data:\fR "<resource record string>"
+Configure local data, which is served in reply to queries for it.
+The query has to match exactly unless you configure the local-zone as 
+redirect. If not matched exactly, the local-zone type determines
+further processing. If local-data is configured that is not a subdomain of
+a local-zone, a transparent local-zone is configured. 
 .El
 .Ss Stub Zone Options
 There may be multiple

util/config_file.c

@@ -127,6 +127,9 @@ config_create()
 	cfg->val_permissive_mode = 0;
 	cfg->key_cache_size = 4 * 1024 * 1024;
 	cfg->key_cache_slabs = 4;
+	cfg->local_zones = NULL;
+	cfg->local_zones_nodefault = NULL;
+	cfg->local_data = NULL;
 	if(!(cfg->module_conf = strdup("validator iterator"))) goto error_exit;
 	if(!(cfg->val_nsec3_key_iterations = 
 		strdup("1024 150 2048 500 4096 2500"))) goto error_exit;
@@ -172,8 +175,7 @@ config_read(struct config_file* cfg, char* filename)
 	return 1;
 }
 
-/** delete config strlist */
+void
-static void
 config_delstrlist(struct config_strlist* p)
 {
 	struct config_strlist *np;
@@ -185,15 +187,14 @@ config_delstrlist(struct config_strlist* p)
 	}
 }
 
-/** delete config acl list */
+void
-static void
+config_deldblstrlist(struct config_str2list* p)
-config_delacllist(struct config_acl* p)
 {
-	struct config_acl *np;
+	struct config_str2list *np;
 	while(p) {
 		np = p->next;
-		free(p->address);
+		free(p->str);
-		free(p->control);
+		free(p->str2);
 		free(p);
 		p = np;
 	}
@@ -246,8 +247,11 @@ config_delete(struct config_file* cfg)
 	config_delstrlist(cfg->trust_anchor_file_list);
 	config_delstrlist(cfg->trusted_keys_file_list);
 	config_delstrlist(cfg->trust_anchor_list);
-	config_delacllist(cfg->acls);
+	config_deldblstrlist(cfg->acls);
 	free(cfg->val_nsec3_key_iterations);
+	config_deldblstrlist(cfg->local_zones);
+	config_delstrlist(cfg->local_zones_nodefault);
+	config_delstrlist(cfg->local_data);
 	free(cfg);
 }
 
@@ -297,6 +301,22 @@ cfg_strlist_insert(struct config_strlist** head, char* item)
 	return 1;
 }
 
+int 
+cfg_str2list_insert(struct config_str2list** head, char* item, char* i2)
+{
+	struct config_str2list *s;
+	if(!item || !i2 || !head)
+		return 0;
+	s = (struct config_str2list*)calloc(1, sizeof(struct config_str2list));
+	if(!s)
+		return 0;
+	s->str = item;
+	s->str2 = i2;
+	s->next = *head;
+	*head = s;
+	return 1;
+}
+
 uint32_t 
 cfg_convert_timeval(const char* str)
 {

util/config_file.h

@@ -43,7 +43,7 @@
 #define UTIL_CONFIG_FILE_H
 struct config_stub;
 struct config_strlist;
-struct config_acl;
+struct config_str2list;
 
 /**
  * The configuration options.
@@ -122,7 +122,7 @@ struct config_file {
 	/** list of donotquery addresses, linked list */
 	struct config_strlist* donotqueryaddrs;
 	/** list of access control entries, linked list */
-	struct config_acl* acls;
+	struct config_str2list* acls;
 	/** use default localhost donotqueryaddr entries */
 	int donotquery_localhost;
 
@@ -186,6 +186,13 @@ struct config_file {
 	/** slabs in the key cache. */
 	size_t key_cache_slabs;
 
+	/** local zones config */
+	struct config_str2list* local_zones;
+	/** local zones nodefault list */
+	struct config_strlist* local_zones_nodefault;
+	/** local data RRs configged */
+	struct config_strlist* local_data;
+
 	/** daemonize, i.e. fork into the background. */
 	int do_daemonize;
 };
@@ -215,15 +222,15 @@ struct config_strlist {
 };
 
 /**
- * List of access control options
+ * List of two strings for config options
  */
-struct config_acl {
+struct config_str2list {
 	/** next item in list */
-	struct config_acl* next;
+	struct config_str2list* next;
-	/** ip addr string */
+	/** first string */
-	char* address;
+	char* str;
-	/** control string */
+	/** second string */
-	char* control;
+	char* str2;
 };
 
 /**
@@ -260,6 +267,27 @@ void config_apply(struct config_file* config);
  */
 int cfg_strlist_insert(struct config_strlist** head, char* item);
 
+/**
+ * Insert string into str2list.
+ * @param head: pointer to str2list head variable.
+ * @param item: new item. malloced by caller. If NULL the insertion fails.
+ * @param item: 2nd string, malloced by caller. If NULL the insertion fails.
+ * @return: true on success.
+ */
+int cfg_str2list_insert(struct config_str2list** head, char* item, char* i2);
+
+/**
+ * Delete items in config string list.
+ * @param list: list.
+ */
+void config_delstrlist(struct config_strlist* list);
+
+/**
+ * Delete items in config double string list.
+ * @param list: list.
+ */
+void config_deldblstrlist(struct config_str2list* list);
+
 /**
  * Convert 14digit to time value
  * @param str: string of 14 digits

util/configlexer.lex

@@ -161,6 +161,8 @@ key-cache-size{COLON}	{ YDOUT; return VAR_KEY_CACHE_SIZE;}
 key-cache-slabs{COLON}	{ YDOUT; return VAR_KEY_CACHE_SLABS;}
 val-nsec3-keysize-iterations{COLON}	{ YDOUT; return VAR_VAL_NSEC3_KEYSIZE_ITERATIONS;}
 use-syslog{COLON}	{ YDOUT; return VAR_USE_SYSLOG;}
+local-zone{COLON}	{ YDOUT; return VAR_LOCAL_ZONE;}
+local-data{COLON}	{ YDOUT; return VAR_LOCAL_DATA;}
 {NEWLINE}		{ LEXOUT(("NL\n")); cfg_parser->line++;}
 
 	/* Quoted strings. Strip leading and ending quotes */

util/configparser.h

@@ -109,7 +109,9 @@
      VAR_DO_NOT_QUERY_LOCALHOST = 325,
      VAR_CACHE_MAX_TTL = 326,
      VAR_HARDEN_DNNSEC_STRIPPED = 327,
-     VAR_ACCESS_CONTROL = 328
+     VAR_ACCESS_CONTROL = 328,
+     VAR_LOCAL_ZONE = 329,
+     VAR_LOCAL_DATA = 330
    };
 #endif
 /* Tokens.  */
@@ -184,6 +186,8 @@
 #define VAR_CACHE_MAX_TTL 326
 #define VAR_HARDEN_DNNSEC_STRIPPED 327
 #define VAR_ACCESS_CONTROL 328
+#define VAR_LOCAL_ZONE 329
+#define VAR_LOCAL_DATA 330
 
 
 
@@ -195,7 +199,7 @@ typedef union YYSTYPE
 	char*	str;
 }
 /* Line 1489 of yacc.c.  */
-#line 199 "util/configparser.h"
+#line 203 "util/configparser.h"
 	YYSTYPE;
 # define yystype YYSTYPE /* obsolescent; will be withdrawn */
 # define YYSTYPE_IS_DECLARED 1

util/configparser.y

@@ -87,6 +87,7 @@ extern struct config_parser_state* cfg_parser;
 %token VAR_VAL_NSEC3_KEYSIZE_ITERATIONS VAR_USE_SYSLOG 
 %token VAR_OUTGOING_INTERFACE VAR_ROOT_HINTS VAR_DO_NOT_QUERY_LOCALHOST
 %token VAR_CACHE_MAX_TTL VAR_HARDEN_DNNSEC_STRIPPED VAR_ACCESS_CONTROL
+%token VAR_LOCAL_ZONE VAR_LOCAL_DATA
 
 %%
 toplevelvars: /* empty */ | toplevelvars toplevelvar ;
@@ -124,7 +125,8 @@ content_server: server_num_threads | server_verbosity | server_port |
 	server_trusted_keys_file | server_val_nsec3_keysize_iterations |
 	server_use_syslog | server_outgoing_interface | server_root_hints |
 	server_do_not_query_localhost | server_cache_max_ttl |
-	server_harden_dnssec_stripped | server_access_control
+	server_harden_dnssec_stripped | server_access_control |
+	server_local_zone | server_local_data
 	;
 stubstart: VAR_STUB_ZONE
 	{
@@ -582,12 +584,8 @@ server_access_control: VAR_ACCESS_CONTROL STRING STRING
 			yyerror("expected deny, refuse or allow in "
 				"access control action");
 		} else {
-			struct config_acl* n = calloc(1, sizeof(*n));
+			if(!cfg_str2list_insert(&cfg_parser->cfg->acls, $2, $3))
-			if(!n) fatal_exit("out of memory adding acl");
+				fatal_exit("out of memory adding acl");
-			n->address = $2;
-			n->control = $3;
-			n->next = cfg_parser->cfg->acls;
-			cfg_parser->cfg->acls = n;
 		}
 	}
 	;
@@ -683,6 +681,32 @@ server_key_cache_slabs: VAR_KEY_CACHE_SLABS STRING
 		free($2);
 	}
 	;
+server_local_zone: VAR_LOCAL_ZONE STRING STRING
+	{
+		OUTYY(("P(server_local_zone:%s %s)\n", $2, $3));
+		if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
+		   strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
+		   strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0)
+			yyerror("local-zone type: expected static, deny, "
+				"refuse, redirect, transparent or nodefault");
+		else if(strcmp($3, "nodefault")==0) {
+			if(!cfg_strlist_insert(&cfg_parser->cfg->
+				local_zones_nodefault, $2))
+				fatal_exit("out of memory adding local-zone");
+		} else {
+			if(!cfg_str2list_insert(&cfg_parser->cfg->local_zones, 
+				$2, $3))
+				fatal_exit("out of memory adding local-zone");
+		}
+	}
+	;
+server_local_data: VAR_LOCAL_DATA STRING
+	{
+		OUTYY(("P(server_local_data:%s)\n", $2));
+		if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, $2))
+			fatal_exit("out of memory adding local-data");
+	}
+	;
 stub_name: VAR_NAME STRING
 	{
 		OUTYY(("P(name:%s)\n", $2));