upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Fix #1344: RFC6761-reserved domains: test. and invalid.

Browse source 
git-svn-id: file:///svn/unbound/trunk@4272 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2017-07-11 13:27:33 +00:00
parent 316f594fa5
commit c8189d1018
4 changed files with 46 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
doc/Changelog
View file

@ -1,3 +1,6 @@
11 July 2017: Wouter
- Fix #1344: RFC6761-reserved domains: test. and invalid.
6 July 2017: Wouter 6 July 2017: Wouter
- Fix tests to use .tdir (from Manu Bretelle) instead of .tpkg. - Fix tests to use .tdir (from Manu Bretelle) instead of .tpkg.
- Fix svn hooks for tdir (selected if testcode/mini_tdir.sh exists).. - Fix svn hooks for tdir (selected if testcode/mini_tdir.sh exists)..

2
doc/example.conf.in
View file

@ -563,6 +563,8 @@ server:
# local-zone: "127.in-addr.arpa." nodefault # local-zone: "127.in-addr.arpa." nodefault
# local-zone: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." nodefault # local-zone: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." nodefault
# local-zone: "onion." nodefault # local-zone: "onion." nodefault
# local-zone: "test." nodefault
# local-zone: "invalid." nodefault
# local-zone: "10.in-addr.arpa." nodefault # local-zone: "10.in-addr.arpa." nodefault
# local-zone: "16.172.in-addr.arpa." nodefault # local-zone: "16.172.in-addr.arpa." nodefault
# local-zone: "17.172.in-addr.arpa." nodefault # local-zone: "17.172.in-addr.arpa." nodefault

32
doc/unbound.conf.5.in
View file

@ -1048,13 +1048,13 @@ has no other effect than turning off default contents for the
given zone. Use \fInodefault\fR if you use exactly that zone, if you want to given zone. Use \fInodefault\fR if you use exactly that zone, if you want to
use a subzone, use \fItransparent\fR. use a subzone, use \fItransparent\fR.
.P .P
The default zones are localhost, reverse 127.0.0.1 and ::1, the onion and The default zones are localhost, reverse 127.0.0.1 and ::1, the onion, test,
the AS112 zones. The AS112 zones are reverse DNS zones for private use and invalid and the AS112 zones. The AS112 zones are reverse DNS zones for
reserved IP addresses for which the servers on the internet cannot provide private use and reserved IP addresses for which the servers on the internet
correct answers. They are configured by default to give nxdomain (no reverse cannot provide correct answers. They are configured by default to give
information) answers. The defaults can be turned off by specifying your nxdomain (no reverse information) answers. The defaults can be turned off
own local\-zone of that name, or using the 'nodefault' type. Below is a by specifying your own local\-zone of that name, or using the 'nodefault'
list of the default zone contents. type. Below is a list of the default zone contents.
.TP 10 .TP 10
\h'5'\fIlocalhost\fR \h'5'\fIlocalhost\fR
The IP4 and IP6 localhost information is given. NS and SOA records are provided The IP4 and IP6 localhost information is given. NS and SOA records are provided
@ -1104,6 +1104,24 @@ local\-data: "onion. 10800 IN
SOA localhost. nobody.invalid. 1 3600 1200 604800 10800" SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
.fi .fi
.TP 10 .TP 10
\h'5'\fItest (RFC 7686)\fR
Default content:
.nf
local\-zone: "test." static
local\-data: "test. 10800 IN NS localhost."
local\-data: "test. 10800 IN
SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
.fi
.TP 10
\h'5'\fIinvalid (RFC 7686)\fR
Default content:
.nf
local\-zone: "invalid." static
local\-data: "invalid. 10800 IN NS localhost."
local\-data: "invalid. 10800 IN
SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
.fi
.TP 10
\h'5'\fIreverse RFC1918 local use zones\fR \h'5'\fIreverse RFC1918 local use zones\fR
Reverse data for zones 10.in\-addr.arpa, 16.172.in\-addr.arpa to Reverse data for zones 10.in\-addr.arpa, 16.172.in\-addr.arpa to
31.172.in\-addr.arpa, 168.192.in\-addr.arpa. 31.172.in\-addr.arpa, 168.192.in\-addr.arpa.

28
services/localzone.c
View file

@ -719,9 +719,9 @@ lz_nodefault(struct config_file* cfg, const char* name)
return 0; return 0;
} }
/** enter AS112 default zone */ /** enter (AS112) empty default zone */
static int static int
add_as112_default(struct local_zones* zones, struct config_file* cfg, add_empty_default(struct local_zones* zones, struct config_file* cfg,
const char* name) const char* name)
{ {
struct local_zone* z; struct local_zone* z;
@ -816,26 +816,24 @@ int local_zone_enter_defaults(struct local_zones* zones, struct config_file* cfg
lock_rw_unlock(&z->lock); lock_rw_unlock(&z->lock);
} }
/* onion. zone (RFC 7686) */ /* onion. zone (RFC 7686) */
if(!lz_exists(zones, "onion.") && if(!add_empty_default(zones, cfg, "onion.")) {
!lz_nodefault(cfg, "onion.")) {
if(!(z=lz_enter_zone(zones, "onion.", "static",
LDNS_RR_CLASS_IN)) ||
!lz_enter_rr_into_zone(z,
"onion. 10800 IN NS localhost.") ||
!lz_enter_rr_into_zone(z,
"onion. 10800 IN SOA localhost. nobody.invalid. "
"1 3600 1200 604800 10800")) {
log_err("out of memory adding default zone"); log_err("out of memory adding default zone");
if(z) { lock_rw_unlock(&z->lock); }
return 0; return 0;
} }
lock_rw_unlock(&z->lock); /* test. zone (RFC 7686) */
if(!add_empty_default(zones, cfg, "test.")) {
log_err("out of memory adding default zone");
return 0;
}
/* invalid. zone (RFC 7686) */
if(!add_empty_default(zones, cfg, "invalid.")) {
log_err("out of memory adding default zone");
return 0;
} }
/* block AS112 zones, unless asked not to */ /* block AS112 zones, unless asked not to */
if(!cfg->unblock_lan_zones) { if(!cfg->unblock_lan_zones) {
for(zstr = as112_zones; *zstr; zstr++) { for(zstr = as112_zones; *zstr; zstr++) {
if(!add_as112_default(zones, cfg, *zstr)) { if(!add_empty_default(zones, cfg, *zstr)) {
log_err("out of memory adding default zone"); log_err("out of memory adding default zone");
return 0; return 0;
} }