diff --git a/daemon/remote.c b/daemon/remote.c index 5dc05c5fa..268c46771 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -1663,6 +1663,38 @@ do_stub_remove(SSL* ssl, struct worker* worker, char* args) send_ok(ssl); } +/** do the insecure_add command */ +static void +do_insecure_add(SSL* ssl, struct worker* worker, char* arg) +{ + size_t nmlen; + int nmlabs; + uint8_t* nm = NULL; + if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs)) + return; + if(!anchors_add_insecure(worker->env.anchors, LDNS_RR_CLASS_IN, nm)) { + (void)ssl_printf(ssl, "error out of memory\n"); + free(nm); + return; + } + free(nm); + send_ok(ssl); +} + +/** do the insecure_remove command */ +static void +do_insecure_remove(SSL* ssl, struct worker* worker, char* arg) +{ + size_t nmlen; + int nmlabs; + uint8_t* nm = NULL; + if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs)) + return; + anchors_delete_insecure(worker->env.anchors, LDNS_RR_CLASS_IN, nm); + free(nm); + send_ok(ssl); +} + /** do the status command */ static void do_status(SSL* ssl, struct worker* worker) @@ -2050,6 +2082,16 @@ execute_cmd(struct daemon_remote* rc, SSL* ssl, char* cmd, if(rc) distribute_cmd(rc, ssl, cmd); do_forward_remove(ssl, worker, skipwhite(p+14)); return; + } else if(cmdcmp(p, "insecure_add", 12)) { + /* must always distribute this cmd */ + if(rc) distribute_cmd(rc, ssl, cmd); + do_insecure_add(ssl, worker, skipwhite(p+12)); + return; + } else if(cmdcmp(p, "insecure_remove", 15)) { + /* must always distribute this cmd */ + if(rc) distribute_cmd(rc, ssl, cmd); + do_insecure_remove(ssl, worker, skipwhite(p+15)); + return; } else if(cmdcmp(p, "forward", 7)) { /* must always distribute this cmd */ if(rc) distribute_cmd(rc, ssl, cmd); diff --git a/doc/Changelog b/doc/Changelog index d2e1728bc..2b0b80aa0 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,7 @@ +26 April 2013: Wouter + - add unbound-control insecure_add and insecure_remove for the + administration of negative trust anchors. + 25 April 2013: Wouter - Implement max-udp-size config option, default 4096 (thanks Daisuke Higashi). diff --git a/doc/unbound-control.8.in b/doc/unbound-control.8.in index 299e0d4fd..3a9abfc22 100644 --- a/doc/unbound-control.8.in +++ b/doc/unbound-control.8.in @@ -196,6 +196,14 @@ List the local zones in use. These are printed one per line with zone type. .B list_local_data List the local data RRs in use. The resource records are printed. .TP +.B insecure_add \fIzone +Add a \fBdomain\-insecure\fR for the given zone, like the statement in unbound.conf. +Adds to the running unbound without affecting the cache contents (which may +still be bogus, use \fBflush_zone\fR to remove it), does not affect the config file. +.TP +.B insecure_remove \fIzone +Removes domain\-insecure for the given zone. +.TP .B forward_add \fR[\fI+i\fR] \fIzone addr ... Add a new forward zone to running unbound. With +i option also adds a \fIdomain\-insecure\fR for the zone (so it can resolve insecurely if you have diff --git a/smallapp/unbound-control.c b/smallapp/unbound-control.c index cc48866c5..43a52fd49 100644 --- a/smallapp/unbound-control.c +++ b/smallapp/unbound-control.c @@ -106,6 +106,8 @@ usage() printf(" list_forwards list forward-zones in use\n"); printf(" list_local_zones list local-zones in use\n"); printf(" list_local_data list local-data RRs in use\n"); + printf(" insecure_add zone add domain-insecure zone\n"); + printf(" insecure_remove zone remove domain-insecure zone\n"); printf(" forward_add [+i] zone addr.. add forward-zone with servers\n"); printf(" forward_remove [+i] zone remove forward zone\n"); printf(" stub_add [+ip] zone addr.. add stub-zone with servers\n");