2001-03-04 21:21:39 +00:00
|
|
|
/*
|
2018-02-23 09:53:12 +01:00
|
|
|
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
2001-03-04 21:21:39 +00:00
|
|
|
*
|
2016-06-27 14:56:38 +10:00
|
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
2020-09-14 16:20:40 -07:00
|
|
|
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
2018-02-23 09:53:12 +01:00
|
|
|
*
|
|
|
|
|
* See the COPYRIGHT file distributed with this work for additional
|
|
|
|
|
* information regarding copyright ownership.
|
2001-03-04 21:21:39 +00:00
|
|
|
*/
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*! \file */
|
2001-03-04 22:28:32 +00:00
|
|
|
|
2020-02-12 13:59:18 +01:00
|
|
|
#include <bind.keys.h>
|
2018-03-28 14:19:37 +02:00
|
|
|
#include <inttypes.h>
|
2001-03-04 21:21:39 +00:00
|
|
|
#include <stdlib.h>
|
|
|
|
|
|
|
|
|
|
#include <isc/buffer.h>
|
|
|
|
|
#include <isc/log.h>
|
|
|
|
|
#include <isc/mem.h>
|
2006-01-27 02:35:15 +00:00
|
|
|
#include <isc/parseint.h>
|
2001-03-04 21:21:39 +00:00
|
|
|
#include <isc/region.h>
|
|
|
|
|
#include <isc/result.h>
|
|
|
|
|
#include <isc/sockaddr.h>
|
2007-09-13 04:45:18 +00:00
|
|
|
#include <isc/string.h>
|
2001-03-04 21:21:39 +00:00
|
|
|
#include <isc/util.h>
|
|
|
|
|
|
|
|
|
|
#include <dns/fixedname.h>
|
|
|
|
|
#include <dns/name.h>
|
|
|
|
|
#include <dns/rdataclass.h>
|
2002-03-07 13:46:41 +00:00
|
|
|
#include <dns/rdatatype.h>
|
2001-08-03 18:12:08 +00:00
|
|
|
#include <dns/tsig.h>
|
2001-03-04 21:21:39 +00:00
|
|
|
#include <dns/zone.h>
|
|
|
|
|
|
2020-03-09 16:17:26 +01:00
|
|
|
#include <dst/dst.h>
|
|
|
|
|
|
2020-02-12 13:59:18 +01:00
|
|
|
#include <isccfg/grammar.h>
|
|
|
|
|
#include <isccfg/namedconf.h>
|
2009-06-10 00:27:22 +00:00
|
|
|
|
2001-03-04 21:21:39 +00:00
|
|
|
#include <named/config.h>
|
|
|
|
|
#include <named/globals.h>
|
2009-03-04 02:42:31 +00:00
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*% default configuration */
|
2001-03-05 13:43:14 +00:00
|
|
|
static char defaultconf[] = "\
|
|
|
|
|
options {\n\
|
2018-03-19 18:09:05 +05:30
|
|
|
answer-cookie true;\n\
|
2014-02-07 17:16:37 +11:00
|
|
|
automatic-interface-scan yes;\n\
|
2017-09-08 13:39:09 -07:00
|
|
|
bindkeys-file \"" NAMED_SYSCONFDIR "/bind.keys\";\n\
|
2004-04-19 23:09:51 +00:00
|
|
|
# blackhole {none;};\n"
|
2020-02-12 13:59:18 +01:00
|
|
|
" cookie-algorithm siphash24;\n"
|
|
|
|
|
" coresize default;\n\
|
2017-09-06 09:58:29 +10:00
|
|
|
datasize default;\n"
|
2020-02-12 13:59:18 +01:00
|
|
|
"\
|
2001-03-05 13:43:14 +00:00
|
|
|
# directory <none>\n\
|
2019-11-05 17:22:35 +01:00
|
|
|
dnssec-policy \"none\";\n\
|
2001-03-05 13:43:14 +00:00
|
|
|
dump-file \"named_dump.db\";\n\
|
2020-09-23 14:47:26 +02:00
|
|
|
edns-udp-size 1232;\n\
|
2021-05-20 15:53:50 +02:00
|
|
|
files unlimited;\n"
|
|
|
|
|
#if defined(HAVE_GEOIP2)
|
2020-02-12 13:59:18 +01:00
|
|
|
" geoip-directory \"" MAXMINDDB_PREFIX "/share/"
|
|
|
|
|
"GeoIP\";"
|
|
|
|
|
"\n"
|
2019-07-02 16:27:42 -07:00
|
|
|
#elif defined(HAVE_GEOIP2)
|
2020-02-12 13:59:18 +01:00
|
|
|
" geoip-directory \".\";\n"
|
2021-05-20 15:53:50 +02:00
|
|
|
#endif /* if defined(HAVE_GEOIP2) */
|
2020-02-12 13:59:18 +01:00
|
|
|
"\
|
2001-06-04 21:51:27 +00:00
|
|
|
heartbeat-interval 60;\n\
|
|
|
|
|
interface-interval 60;\n\
|
2015-01-20 16:10:30 -08:00
|
|
|
# keep-response-order {none;};\n\
|
2001-03-05 13:43:14 +00:00
|
|
|
listen-on {any;};\n\
|
2013-03-21 10:16:12 +11:00
|
|
|
listen-on-v6 {any;};\n\
|
2017-09-08 13:39:09 -07:00
|
|
|
# lock-file \"" NAMED_LOCALSTATEDIR "/run/named/named.lock\";\n\
|
2001-03-26 21:33:07 +00:00
|
|
|
match-mapped-addresses no;\n\
|
2020-02-21 10:53:08 -08:00
|
|
|
max-ixfr-ratio 100%;\n\
|
2012-06-14 15:44:20 +10:00
|
|
|
max-rsa-exponent-size 0; /* no limit */\n\
|
2020-09-23 14:47:26 +02:00
|
|
|
max-udp-size 1232;\n\
|
2001-03-05 13:43:14 +00:00
|
|
|
memstatistics-file \"named.memstats\";\n\
|
2020-12-01 18:53:26 +01:00
|
|
|
nocookie-udp-size 4096;\n\
|
2017-09-06 09:58:29 +10:00
|
|
|
notify-rate 20;\n\
|
2014-06-18 16:47:22 -07:00
|
|
|
nta-lifetime 3600;\n\
|
|
|
|
|
nta-recheck 300;\n\
|
2017-09-08 13:39:09 -07:00
|
|
|
# pid-file \"" NAMED_LOCALSTATEDIR "/run/named/named.pid\"; \n\
|
2001-03-05 13:43:14 +00:00
|
|
|
port 53;\n\
|
2021-04-21 13:52:15 +02:00
|
|
|
tls-port 853;\n"
|
|
|
|
|
#if HAVE_LIBNGHTTP2
|
|
|
|
|
"http-port 80;\n"
|
|
|
|
|
"https-port 443;\n"
|
Add (http-)listener-clients option (DoH quota mechanism)
This commit adds support for http-listener-clients global options as
well as ability to override the default in an HTTP server description,
like:
http local-http-server {
...
listener-clients 100;
...
};
This way we have ability to specify per-listener active connections
quota globally and then override it when required. This is exactly
what AT&T requested us: they wanted a functionality to specify quota
globally and then override it for specific IPs. This change
functionality makes such a configuration possible.
It makes sense: for example, one could have different quotas for
internal and external clients. Or, for example, one could use BIND's
internal ability to serve encrypted DoH with some sane quota value for
internal clients, while having un-encrypted DoH listener without quota
to put BIND behind a load balancer doing TLS offloading for external
clients.
Moreover, the code no more shares the quota with TCP, which makes
little sense anyway (see tcp-clients option), because of the nature of
interaction of DoH clients: they tend to keep idle opened connections
for longer periods of time, preventing the TCP and TLS client from
being served. Thus, the need to have a separate, generally larger,
quota for them.
Also, the change makes any option within "http <name> { ... };"
statement optional, making it easier to override only required default
options.
By default, the DoH connections are limited to 300 per listener. I
hope that it is a good initial guesstimate.
2021-05-14 14:18:57 +03:00
|
|
|
"http-listener-clients 300;\n"
|
2021-05-18 12:03:58 +03:00
|
|
|
"http-streams-per-connection 100;\n"
|
2021-04-21 13:52:15 +02:00
|
|
|
#endif
|
|
|
|
|
"\
|
2018-04-22 14:56:28 +02:00
|
|
|
prefetch 2 9;\n\
|
|
|
|
|
recursing-file \"named.recursing\";\n\
|
2001-03-05 13:43:14 +00:00
|
|
|
recursive-clients 1000;\n\
|
2017-09-06 09:58:29 +10:00
|
|
|
request-nsid false;\n\
|
|
|
|
|
reserved-sockets 512;\n\
|
2012-06-08 12:34:33 +10:00
|
|
|
resolver-query-timeout 10;\n\
|
2018-06-15 13:34:27 +10:00
|
|
|
rrset-order { order random; };\n\
|
2017-09-06 09:58:29 +10:00
|
|
|
secroots-file \"named.secroots\";\n\
|
|
|
|
|
send-cookie true;\n\
|
2001-03-19 22:34:14 +00:00
|
|
|
serial-query-rate 20;\n\
|
2003-01-20 05:46:11 +00:00
|
|
|
server-id none;\n\
|
2017-09-06 09:58:29 +10:00
|
|
|
session-keyalg hmac-sha256;\n\
|
2017-09-08 13:39:09 -07:00
|
|
|
# session-keyfile \"" NAMED_LOCALSTATEDIR "/run/named/session.key\";\n\
|
2021-05-20 15:53:50 +02:00
|
|
|
session-keyname local-ddns;\n\
|
|
|
|
|
stacksize default;\n\
|
|
|
|
|
startup-notify-rate 20;\n\
|
2001-03-05 13:43:14 +00:00
|
|
|
statistics-file \"named.stats\";\n\
|
2017-01-04 09:16:30 -08:00
|
|
|
tcp-advertised-timeout 300;\n\
|
2015-01-20 16:10:30 -08:00
|
|
|
tcp-clients 150;\n\
|
2017-01-04 09:16:30 -08:00
|
|
|
tcp-idle-timeout 300;\n\
|
|
|
|
|
tcp-initial-timeout 300;\n\
|
|
|
|
|
tcp-keepalive-timeout 300;\n\
|
2013-06-03 14:00:03 -05:00
|
|
|
tcp-listen-queue 10;\n\
|
2020-12-02 20:51:38 +01:00
|
|
|
tcp-receive-buffer 0;\n\
|
|
|
|
|
tcp-send-buffer 0;\n\
|
2001-03-05 13:43:14 +00:00
|
|
|
# tkey-dhkey <none>\n\
|
|
|
|
|
# tkey-domain <none>\n\
|
2017-09-06 09:58:29 +10:00
|
|
|
# tkey-gssapi-credential <none>\n\
|
2015-12-15 13:22:15 +05:30
|
|
|
transfer-message-size 20480;\n\
|
2001-03-05 13:43:14 +00:00
|
|
|
transfers-in 10;\n\
|
|
|
|
|
transfers-out 10;\n\
|
2017-09-06 09:58:29 +10:00
|
|
|
transfers-per-ns 2;\n\
|
2016-07-22 20:02:17 +10:00
|
|
|
trust-anchor-telemetry yes;\n\
|
2020-12-02 20:51:38 +01:00
|
|
|
udp-receive-buffer 0;\n\
|
|
|
|
|
udp-send-buffer 0;\n\
|
2001-03-05 13:43:14 +00:00
|
|
|
\n\
|
|
|
|
|
/* view */\n\
|
2017-08-31 07:57:50 +10:00
|
|
|
allow-new-zones no;\n\
|
2001-03-05 13:43:14 +00:00
|
|
|
allow-notify {none;};\n\
|
2006-03-09 03:30:18 +00:00
|
|
|
allow-query-cache { localnets; localhost; };\n\
|
2007-03-29 06:36:31 +00:00
|
|
|
allow-query-cache-on { any; };\n\
|
2006-03-09 03:30:18 +00:00
|
|
|
allow-recursion { localnets; localhost; };\n\
|
2007-03-29 06:36:31 +00:00
|
|
|
allow-recursion-on { any; };\n\
|
2017-08-31 07:57:50 +10:00
|
|
|
allow-update-forwarding {none;};\n\
|
2001-03-05 13:43:14 +00:00
|
|
|
auth-nxdomain false;\n\
|
2009-12-04 21:09:34 +00:00
|
|
|
check-dup-records warn;\n\
|
2005-05-19 04:59:05 +00:00
|
|
|
check-mx warn;\n\
|
2021-08-25 22:58:05 -07:00
|
|
|
check-names primary fail;\n\
|
2017-08-31 07:57:50 +10:00
|
|
|
check-names response ignore;\n\
|
2021-08-25 22:58:05 -07:00
|
|
|
check-names secondary warn;\n\
|
2013-04-30 13:49:41 +10:00
|
|
|
check-spf warn;\n\
|
2017-08-31 07:57:50 +10:00
|
|
|
clients-per-query 10;\n\
|
|
|
|
|
dnssec-accept-expired no;\n\
|
2018-05-16 11:58:15 -07:00
|
|
|
dnssec-validation " VALIDATION_DEFAULT "; \n"
|
2017-09-06 09:58:29 +10:00
|
|
|
#ifdef HAVE_DNSTAP
|
2020-02-12 13:59:18 +01:00
|
|
|
" dnstap-identity hostname;\n"
|
2020-02-13 21:48:23 +01:00
|
|
|
#endif /* ifdef HAVE_DNSTAP */
|
2020-02-12 13:59:18 +01:00
|
|
|
"\
|
2015-07-08 22:53:39 -07:00
|
|
|
fetch-quota-params 100 0.1 0.3 0.7;\n\
|
2017-08-31 07:57:50 +10:00
|
|
|
fetches-per-server 0;\n\
|
2019-06-12 16:50:03 +10:00
|
|
|
fetches-per-zone 0;\n\
|
|
|
|
|
glue-cache yes;\n\
|
2017-09-06 09:58:29 +10:00
|
|
|
lame-ttl 600;\n"
|
2017-07-28 16:02:52 +10:00
|
|
|
#ifdef HAVE_LMDB
|
2020-02-12 13:59:18 +01:00
|
|
|
" lmdb-mapsize 32M;\n"
|
2020-02-13 21:48:23 +01:00
|
|
|
#endif /* ifdef HAVE_LMDB */
|
2020-02-12 13:59:18 +01:00
|
|
|
" max-cache-size 90%;\n\
|
2017-08-31 07:57:50 +10:00
|
|
|
max-cache-ttl 604800; /* 1 week */\n\
|
|
|
|
|
max-clients-per-query 100;\n\
|
|
|
|
|
max-ncache-ttl 10800; /* 3 hours */\n\
|
|
|
|
|
max-recursion-depth 7;\n\
|
2020-11-26 15:59:14 +11:00
|
|
|
max-recursion-queries 100;\n\
|
2020-12-08 15:58:45 +01:00
|
|
|
max-stale-ttl 86400; /* 1 day */\n\
|
2017-08-31 07:57:50 +10:00
|
|
|
message-compression yes;\n\
|
2018-10-24 15:17:18 +02:00
|
|
|
min-ncache-ttl 0; /* 0 hours */\n\
|
|
|
|
|
min-cache-ttl 0; /* 0 seconds */\n\
|
2017-08-31 07:57:50 +10:00
|
|
|
minimal-any false;\n\
|
2017-09-19 19:49:02 +05:30
|
|
|
minimal-responses no-auth-recursive;\n\
|
2017-08-31 07:57:50 +10:00
|
|
|
notify-source *;\n\
|
|
|
|
|
notify-source-v6 *;\n\
|
|
|
|
|
nsec3-test-zone no;\n\
|
2021-05-14 11:33:51 +02:00
|
|
|
parental-source *;\n\
|
|
|
|
|
parental-source-v6 *;\n\
|
2017-08-31 07:57:50 +10:00
|
|
|
provide-ixfr true;\n\
|
2018-05-29 10:22:34 +02:00
|
|
|
qname-minimization relaxed;\n\
|
2017-08-31 07:57:50 +10:00
|
|
|
query-source address *;\n\
|
|
|
|
|
query-source-v6 address *;\n\
|
|
|
|
|
recursion true;\n\
|
|
|
|
|
request-expire true;\n\
|
|
|
|
|
request-ixfr true;\n\
|
2015-08-13 08:26:23 +10:00
|
|
|
require-server-cookie no;\n\
|
2017-09-06 09:58:29 +10:00
|
|
|
resolver-nonbackoff-tries 3;\n\
|
|
|
|
|
resolver-retry-interval 800; /* in milliseconds */\n\
|
2018-03-13 15:17:22 +11:00
|
|
|
root-key-sentinel yes;\n\
|
2017-08-31 07:57:50 +10:00
|
|
|
servfail-ttl 1;\n\
|
|
|
|
|
# sortlist <none>\n\
|
2021-04-02 14:33:54 +02:00
|
|
|
stale-answer-client-timeout off;\n\
|
2021-04-26 09:19:25 +02:00
|
|
|
stale-answer-enable false;\n\
|
2020-12-08 15:58:45 +01:00
|
|
|
stale-answer-ttl 30; /* 30 seconds */\n\
|
2020-07-21 10:38:55 +02:00
|
|
|
stale-cache-enable false;\n\
|
Add stale-answer-client-timeout option
The general logic behind the addition of this new feature works as
folows:
When a client query arrives, the basic path (query.c / ns_query_recurse)
was to create a fetch, waiting for completion in fetch_callback.
With the introduction of stale-answer-client-timeout, a new event of
type DNS_EVENT_TRYSTALE may invoke fetch_callback, whenever stale
answers are enabled and the fetch took longer than
stale-answer-client-timeout to complete.
When an event of type DNS_EVENT_TRYSTALE triggers fetch_callback, we
must ensure that the folowing happens:
1. Setup a new query context with the sole purpose of looking up for
stale RRset only data, for that matters a new flag was added
'DNS_DBFIND_STALEONLY' used in database lookups.
. If a stale RRset is found, mark the original client query as
answered (with a new query attribute named NS_QUERYATTR_ANSWERED),
so when the fetch completion event is received later, we avoid
answering the client twice.
. If a stale RRset is not found, cleanup and wait for the normal
fetch completion event.
2. In ns_query_done, we must change this part:
/*
* If we're recursing then just return; the query will
* resume when recursion ends.
*/
if (RECURSING(qctx->client)) {
return (qctx->result);
}
To this:
if (RECURSING(qctx->client) && !QUERY_STALEONLY(qctx->client)) {
return (qctx->result);
}
Otherwise we would not proceed to answer the client if it happened
that a stale answer was found when looking up for stale only data.
When an event of type DNS_EVENT_FETCHDONE triggers fetch_callback, we
proceed as before, resuming query, updating stats, etc, but a few
exceptions had to be added, most important of which are two:
1. Before answering the client (ns_client_send), check if the query
wasn't already answered before.
2. Before detaching a client, e.g.
isc_nmhandle_detach(&client->reqhandle), ensure that this is the
fetch completion event, and not the one triggered due to
stale-answer-client-timeout, so a correct call would be:
if (!QUERY_STALEONLY(client)) {
isc_nmhandle_detach(&client->reqhandle);
}
Other than these notes, comments were added in code in attempt to make
these updates easier to follow.
2020-12-11 14:10:31 -03:00
|
|
|
stale-refresh-time 30; /* 30 seconds */\n\
|
2019-10-28 15:04:38 -05:00
|
|
|
synth-from-dnssec no;\n\
|
2017-08-31 07:57:50 +10:00
|
|
|
# topology <none>\n\
|
|
|
|
|
transfer-format many-answers;\n\
|
2015-09-28 18:57:19 +10:00
|
|
|
v6-bias 50;\n\
|
2017-08-31 07:57:50 +10:00
|
|
|
zero-no-soa-ttl-cache no;\n\
|
2017-09-06 09:58:29 +10:00
|
|
|
\n\
|
|
|
|
|
/* zone */\n\
|
2001-03-05 13:43:14 +00:00
|
|
|
allow-query {any;};\n\
|
2007-03-29 06:36:31 +00:00
|
|
|
allow-query-on {any;};\n\
|
2001-03-05 13:43:14 +00:00
|
|
|
allow-transfer {any;};\n\
|
|
|
|
|
# also-notify <none>\n\
|
2017-09-06 09:58:29 +10:00
|
|
|
alt-transfer-source *;\n\
|
|
|
|
|
alt-transfer-source-v6 *;\n\
|
|
|
|
|
check-integrity yes;\n\
|
|
|
|
|
check-mx-cname warn;\n\
|
|
|
|
|
check-sibling yes;\n\
|
|
|
|
|
check-srv-cname warn;\n\
|
|
|
|
|
check-wildcard yes;\n\
|
2001-03-05 13:43:14 +00:00
|
|
|
dialup no;\n\
|
2021-10-06 16:05:12 +02:00
|
|
|
dnssec-dnskey-kskonly yes;\n\
|
2017-09-06 09:58:29 +10:00
|
|
|
dnssec-loadkeys-interval 60;\n\
|
|
|
|
|
dnssec-secure-to-insecure no;\n\
|
|
|
|
|
dnssec-update-mode maintain;\n\
|
2001-03-05 13:43:14 +00:00
|
|
|
# forward <none>\n\
|
|
|
|
|
# forwarders <none>\n\
|
2021-02-26 10:00:09 +11:00
|
|
|
# inline-signing no;\n\
|
2017-09-06 09:58:29 +10:00
|
|
|
ixfr-from-differences false;\n\
|
|
|
|
|
max-journal-size default;\n\
|
2016-11-02 17:31:27 +11:00
|
|
|
max-records 0;\n\
|
2001-03-05 13:43:14 +00:00
|
|
|
max-refresh-time 2419200; /* 4 weeks */\n\
|
2017-09-06 09:58:29 +10:00
|
|
|
max-retry-time 1209600; /* 2 weeks */\n\
|
|
|
|
|
max-transfer-idle-in 60;\n\
|
|
|
|
|
max-transfer-idle-out 60;\n\
|
|
|
|
|
max-transfer-time-in 120;\n\
|
|
|
|
|
max-transfer-time-out 120;\n\
|
2001-03-05 13:43:14 +00:00
|
|
|
min-refresh-time 300;\n\
|
2017-09-06 09:58:29 +10:00
|
|
|
min-retry-time 500;\n\
|
2002-08-01 03:23:36 +00:00
|
|
|
multi-master no;\n\
|
2017-09-06 09:58:29 +10:00
|
|
|
notify yes;\n\
|
|
|
|
|
notify-delay 5;\n\
|
|
|
|
|
notify-to-soa no;\n\
|
|
|
|
|
serial-update-method increment;\n\
|
2008-04-02 02:37:42 +00:00
|
|
|
sig-signing-nodes 100;\n\
|
|
|
|
|
sig-signing-signatures 10;\n\
|
2009-03-16 23:41:21 +00:00
|
|
|
sig-signing-type 65534;\n\
|
2017-09-06 09:58:29 +10:00
|
|
|
sig-validity-interval 30; /* days */\n\
|
2018-03-12 22:14:26 -07:00
|
|
|
dnskey-sig-validity 0; /* default: sig-validity-interval */\n\
|
2017-09-06 09:58:29 +10:00
|
|
|
transfer-source *;\n\
|
|
|
|
|
transfer-source-v6 *;\n\
|
2006-06-04 23:17:07 +00:00
|
|
|
try-tcp-refresh yes; /* BIND 8 compat */\n\
|
2017-09-06 09:58:29 +10:00
|
|
|
update-check-ksk yes;\n\
|
|
|
|
|
zero-no-soa-ttl yes;\n\
|
|
|
|
|
zone-statistics terse;\n\
|
2001-11-20 18:46:43 +00:00
|
|
|
};\n\
|
2004-03-16 05:52:24 +00:00
|
|
|
"
|
|
|
|
|
|
2020-02-12 13:59:18 +01:00
|
|
|
"#\n\
|
2007-06-17 23:52:28 +00:00
|
|
|
# Zones in the \"_bind\" view are NOT counted in the count of zones.\n\
|
2003-04-17 12:11:39 +00:00
|
|
|
#\n\
|
2001-11-20 18:46:43 +00:00
|
|
|
view \"_bind\" chaos {\n\
|
|
|
|
|
recursion no;\n\
|
2004-08-28 05:42:12 +00:00
|
|
|
notify no;\n\
|
2010-08-11 18:14:20 +00:00
|
|
|
allow-new-zones no;\n\
|
2021-06-22 15:28:31 +02:00
|
|
|
max-cache-size 2M;\n\
|
2013-02-25 10:49:30 -08:00
|
|
|
\n\
|
|
|
|
|
# Prevent use of this zone in DNS amplified reflection DoS attacks\n\
|
|
|
|
|
rate-limit {\n\
|
|
|
|
|
responses-per-second 3;\n\
|
|
|
|
|
slip 0;\n\
|
|
|
|
|
min-table-size 10;\n\
|
|
|
|
|
};\n\
|
2001-11-20 18:46:43 +00:00
|
|
|
\n\
|
|
|
|
|
zone \"version.bind\" chaos {\n\
|
2021-08-25 22:58:05 -07:00
|
|
|
type primary;\n\
|
2001-11-20 18:46:43 +00:00
|
|
|
database \"_builtin version\";\n\
|
|
|
|
|
};\n\
|
|
|
|
|
\n\
|
|
|
|
|
zone \"hostname.bind\" chaos {\n\
|
2021-08-25 22:58:05 -07:00
|
|
|
type primary;\n\
|
2001-11-20 18:46:43 +00:00
|
|
|
database \"_builtin hostname\";\n\
|
|
|
|
|
};\n\
|
|
|
|
|
\n\
|
|
|
|
|
zone \"authors.bind\" chaos {\n\
|
2021-08-25 22:58:05 -07:00
|
|
|
type primary;\n\
|
2001-11-20 18:46:43 +00:00
|
|
|
database \"_builtin authors\";\n\
|
|
|
|
|
};\n\
|
2009-06-30 02:53:46 +00:00
|
|
|
\n\
|
2003-01-20 05:46:11 +00:00
|
|
|
zone \"id.server\" chaos {\n\
|
2021-08-25 22:58:05 -07:00
|
|
|
type primary;\n\
|
2003-01-20 05:46:11 +00:00
|
|
|
database \"_builtin id\";\n\
|
|
|
|
|
};\n\
|
2001-11-20 18:46:43 +00:00
|
|
|
};\n\
|
2009-03-04 02:42:31 +00:00
|
|
|
"
|
2020-02-12 13:59:18 +01:00
|
|
|
"#\n\
|
2017-10-03 00:28:31 -07:00
|
|
|
# Default trusted key(s), used if \n\
|
|
|
|
|
# \"dnssec-validation auto;\" is set and\n\
|
2009-03-04 02:42:31 +00:00
|
|
|
# sysconfdir/bind.keys doesn't exist).\n\
|
|
|
|
|
#\n\
|
2018-10-05 12:00:42 -07:00
|
|
|
# BEGIN DNSSEC KEYS\n"
|
2009-03-04 02:42:31 +00:00
|
|
|
|
2020-02-12 13:59:18 +01:00
|
|
|
/* Imported from bind.keys.h: */
|
|
|
|
|
TRUST_ANCHORS
|
2009-03-04 02:42:31 +00:00
|
|
|
|
2020-02-12 13:59:18 +01:00
|
|
|
"# END MANAGED KEYS\n\
|
2018-10-09 10:54:51 +02:00
|
|
|
\n\
|
2020-06-17 02:02:27 -07:00
|
|
|
primaries " DEFAULT_IANA_ROOT_ZONE_PRIMARIES " {\n\
|
2021-09-03 14:48:49 +00:00
|
|
|
2001:500:200::b; # b.root-servers.net\n\
|
|
|
|
|
2001:500:2::c; # c.root-servers.net\n\
|
2018-10-09 10:54:51 +02:00
|
|
|
2001:500:2f::f; # f.root-servers.net\n\
|
2021-09-03 14:48:49 +00:00
|
|
|
2001:500:12::d0d; # g.root-servers.net\n\
|
2018-10-09 10:54:51 +02:00
|
|
|
2001:7fd::1; # k.root-servers.net\n\
|
|
|
|
|
2620:0:2830:202::132; # xfr.cjr.dns.icann.org\n\
|
|
|
|
|
2620:0:2d0:202::132; # xfr.lax.dns.icann.org\n\
|
2021-09-03 14:48:49 +00:00
|
|
|
199.9.14.201; # b.root-servers.net\n\
|
2018-10-09 10:54:51 +02:00
|
|
|
192.33.4.12; # c.root-servers.net\n\
|
|
|
|
|
192.5.5.241; # f.root-servers.net\n\
|
|
|
|
|
192.112.36.4; # g.root-servers.net\n\
|
|
|
|
|
193.0.14.129; # k.root-servers.net\n\
|
|
|
|
|
192.0.47.132; # xfr.cjr.dns.icann.org\n\
|
|
|
|
|
192.0.32.132; # xfr.lax.dns.icann.org\n\
|
|
|
|
|
};\n\
|
2001-11-20 01:18:15 +00:00
|
|
|
";
|
2001-03-04 21:21:39 +00:00
|
|
|
|
|
|
|
|
isc_result_t
|
2020-02-13 14:44:37 -08:00
|
|
|
named_config_parsedefaults(cfg_parser_t *parser, cfg_obj_t **conf) {
|
2001-03-04 21:21:39 +00:00
|
|
|
isc_buffer_t b;
|
|
|
|
|
|
|
|
|
|
isc_buffer_init(&b, defaultconf, sizeof(defaultconf) - 1);
|
|
|
|
|
isc_buffer_add(&b, sizeof(defaultconf) - 1);
|
2020-02-12 13:59:18 +01:00
|
|
|
return (cfg_parse_buffer(parser, &b, __FILE__, 0, &cfg_type_namedconf,
|
2019-01-21 20:03:45 -08:00
|
|
|
CFG_PCTX_NODEPRECATED, conf));
|
2001-03-04 21:21:39 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
isc_result_t
|
2020-02-12 13:59:18 +01:00
|
|
|
named_config_get(cfg_obj_t const *const *maps, const char *name,
|
2020-02-13 14:44:37 -08:00
|
|
|
const cfg_obj_t **obj) {
|
2001-03-04 21:21:39 +00:00
|
|
|
int i;
|
|
|
|
|
|
2021-09-19 09:11:15 +10:00
|
|
|
for (i = 0; maps[i] != NULL; i++) {
|
2020-02-13 21:48:23 +01:00
|
|
|
if (cfg_map_get(maps[i], name, obj) == ISC_R_SUCCESS) {
|
2001-03-04 21:21:39 +00:00
|
|
|
return (ISC_R_SUCCESS);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2001-03-04 21:21:39 +00:00
|
|
|
}
|
2021-09-19 09:11:15 +10:00
|
|
|
return (ISC_R_NOTFOUND);
|
2001-03-04 21:21:39 +00:00
|
|
|
}
|
|
|
|
|
|
2004-04-20 14:11:47 +00:00
|
|
|
isc_result_t
|
2021-09-19 09:11:15 +10:00
|
|
|
named_checknames_get(const cfg_obj_t **maps, const char *const names[],
|
2020-02-13 14:44:37 -08:00
|
|
|
const cfg_obj_t **obj) {
|
2006-02-28 02:39:52 +00:00
|
|
|
const cfg_listelt_t *element;
|
2020-02-13 14:44:37 -08:00
|
|
|
const cfg_obj_t *checknames;
|
|
|
|
|
const cfg_obj_t *type;
|
|
|
|
|
const cfg_obj_t *value;
|
|
|
|
|
int i;
|
2004-04-20 14:11:47 +00:00
|
|
|
|
2020-05-20 11:56:37 +10:00
|
|
|
REQUIRE(maps != NULL);
|
2021-09-19 09:11:15 +10:00
|
|
|
REQUIRE(names != NULL);
|
2020-05-20 11:56:37 +10:00
|
|
|
REQUIRE(obj != NULL && *obj == NULL);
|
|
|
|
|
|
2021-09-19 09:11:15 +10:00
|
|
|
for (i = 0; maps[i] != NULL; i++) {
|
2004-04-20 14:11:47 +00:00
|
|
|
checknames = NULL;
|
2020-02-12 13:59:18 +01:00
|
|
|
if (cfg_map_get(maps[i], "check-names", &checknames) ==
|
|
|
|
|
ISC_R_SUCCESS) {
|
2004-04-20 14:11:47 +00:00
|
|
|
/*
|
|
|
|
|
* Zone map entry is not a list.
|
|
|
|
|
*/
|
|
|
|
|
if (checknames != NULL && !cfg_obj_islist(checknames)) {
|
|
|
|
|
*obj = checknames;
|
|
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
}
|
|
|
|
|
for (element = cfg_list_first(checknames);
|
2020-02-13 14:44:37 -08:00
|
|
|
element != NULL; element = cfg_list_next(element))
|
|
|
|
|
{
|
2004-04-20 14:11:47 +00:00
|
|
|
value = cfg_listelt_value(element);
|
|
|
|
|
type = cfg_tuple_get(value, "type");
|
2021-09-19 09:11:15 +10:00
|
|
|
|
|
|
|
|
for (size_t j = 0; names[j] != NULL; j++) {
|
|
|
|
|
if (strcasecmp(cfg_obj_asstring(type),
|
|
|
|
|
names[j]) == 0) {
|
|
|
|
|
*obj = cfg_tuple_get(value,
|
|
|
|
|
"mode");
|
|
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
}
|
2004-04-20 14:11:47 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2021-09-19 09:11:15 +10:00
|
|
|
return (ISC_R_NOTFOUND);
|
2004-04-20 14:11:47 +00:00
|
|
|
}
|
|
|
|
|
|
2001-03-04 21:21:39 +00:00
|
|
|
int
|
2020-02-13 14:44:37 -08:00
|
|
|
named_config_listcount(const cfg_obj_t *list) {
|
2006-02-28 02:39:52 +00:00
|
|
|
const cfg_listelt_t *e;
|
2020-02-13 14:44:37 -08:00
|
|
|
int i = 0;
|
2001-03-04 21:21:39 +00:00
|
|
|
|
2020-02-13 21:48:23 +01:00
|
|
|
for (e = cfg_list_first(list); e != NULL; e = cfg_list_next(e)) {
|
2001-03-04 21:21:39 +00:00
|
|
|
i++;
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2001-03-04 21:21:39 +00:00
|
|
|
|
|
|
|
|
return (i);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
isc_result_t
|
2017-09-08 13:39:09 -07:00
|
|
|
named_config_getclass(const cfg_obj_t *classobj, dns_rdataclass_t defclass,
|
2020-02-13 14:44:37 -08:00
|
|
|
dns_rdataclass_t *classp) {
|
2001-03-04 21:21:39 +00:00
|
|
|
isc_textregion_t r;
|
2020-02-13 14:44:37 -08:00
|
|
|
isc_result_t result;
|
2001-03-04 21:21:39 +00:00
|
|
|
|
|
|
|
|
if (!cfg_obj_isstring(classobj)) {
|
2001-08-07 01:58:59 +00:00
|
|
|
*classp = defclass;
|
2001-03-04 21:21:39 +00:00
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
}
|
2005-08-23 02:36:11 +00:00
|
|
|
DE_CONST(cfg_obj_asstring(classobj), r.base);
|
|
|
|
|
r.length = strlen(r.base);
|
2001-09-17 00:33:52 +00:00
|
|
|
result = dns_rdataclass_fromtext(classp, &r);
|
2020-02-13 21:48:23 +01:00
|
|
|
if (result != ISC_R_SUCCESS) {
|
2017-09-08 13:39:09 -07:00
|
|
|
cfg_obj_log(classobj, named_g_lctx, ISC_LOG_ERROR,
|
2005-08-23 02:36:11 +00:00
|
|
|
"unknown class '%s'", r.base);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2001-09-17 00:33:52 +00:00
|
|
|
return (result);
|
2001-03-04 21:21:39 +00:00
|
|
|
}
|
|
|
|
|
|
2002-03-07 13:46:41 +00:00
|
|
|
isc_result_t
|
2017-09-08 13:39:09 -07:00
|
|
|
named_config_gettype(const cfg_obj_t *typeobj, dns_rdatatype_t deftype,
|
2020-02-13 14:44:37 -08:00
|
|
|
dns_rdatatype_t *typep) {
|
2002-03-07 13:46:41 +00:00
|
|
|
isc_textregion_t r;
|
2020-02-13 14:44:37 -08:00
|
|
|
isc_result_t result;
|
2002-03-07 13:46:41 +00:00
|
|
|
|
|
|
|
|
if (!cfg_obj_isstring(typeobj)) {
|
|
|
|
|
*typep = deftype;
|
|
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
}
|
2005-08-23 02:36:11 +00:00
|
|
|
DE_CONST(cfg_obj_asstring(typeobj), r.base);
|
|
|
|
|
r.length = strlen(r.base);
|
2002-03-07 13:46:41 +00:00
|
|
|
result = dns_rdatatype_fromtext(typep, &r);
|
2020-02-13 21:48:23 +01:00
|
|
|
if (result != ISC_R_SUCCESS) {
|
2017-09-08 13:39:09 -07:00
|
|
|
cfg_obj_log(typeobj, named_g_lctx, ISC_LOG_ERROR,
|
2005-08-23 02:36:11 +00:00
|
|
|
"unknown type '%s'", r.base);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2002-03-07 13:46:41 +00:00
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
|
2001-03-05 13:43:14 +00:00
|
|
|
dns_zonetype_t
|
2020-02-13 14:44:37 -08:00
|
|
|
named_config_getzonetype(const cfg_obj_t *zonetypeobj) {
|
2001-03-05 11:49:15 +00:00
|
|
|
dns_zonetype_t ztype = dns_zone_none;
|
2020-02-13 14:44:37 -08:00
|
|
|
const char *str;
|
2001-03-04 21:21:39 +00:00
|
|
|
|
|
|
|
|
str = cfg_obj_asstring(zonetypeobj);
|
2020-02-12 13:59:18 +01:00
|
|
|
if (strcasecmp(str, "primary") == 0 || strcasecmp(str, "master") == 0) {
|
2021-08-25 22:29:25 -07:00
|
|
|
ztype = dns_zone_primary;
|
2017-12-15 01:47:05 -08:00
|
|
|
} else if (strcasecmp(str, "secondary") == 0 ||
|
2020-02-12 13:59:18 +01:00
|
|
|
strcasecmp(str, "slave") == 0) {
|
2021-08-25 22:29:25 -07:00
|
|
|
ztype = dns_zone_secondary;
|
2018-10-09 10:54:51 +02:00
|
|
|
} else if (strcasecmp(str, "mirror") == 0) {
|
|
|
|
|
ztype = dns_zone_mirror;
|
2017-12-15 01:47:05 -08:00
|
|
|
} else if (strcasecmp(str, "stub") == 0) {
|
2001-03-04 21:21:39 +00:00
|
|
|
ztype = dns_zone_stub;
|
2017-12-15 01:47:05 -08:00
|
|
|
} else if (strcasecmp(str, "static-stub") == 0) {
|
2010-12-16 09:51:30 +00:00
|
|
|
ztype = dns_zone_staticstub;
|
2017-12-15 01:47:05 -08:00
|
|
|
} else if (strcasecmp(str, "redirect") == 0) {
|
2011-02-23 03:08:11 +00:00
|
|
|
ztype = dns_zone_redirect;
|
2017-12-15 01:47:05 -08:00
|
|
|
} else {
|
2001-03-04 21:21:39 +00:00
|
|
|
INSIST(0);
|
2018-11-07 15:00:07 +07:00
|
|
|
ISC_UNREACHABLE();
|
2017-12-15 01:47:05 -08:00
|
|
|
}
|
2001-03-04 21:21:39 +00:00
|
|
|
return (ztype);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
isc_result_t
|
2017-09-08 13:39:09 -07:00
|
|
|
named_config_getiplist(const cfg_obj_t *config, const cfg_obj_t *list,
|
2020-02-12 13:59:18 +01:00
|
|
|
in_port_t defport, isc_mem_t *mctx,
|
|
|
|
|
isc_sockaddr_t **addrsp, isc_dscp_t **dscpsp,
|
2020-02-13 14:44:37 -08:00
|
|
|
uint32_t *countp) {
|
|
|
|
|
int count, i = 0;
|
|
|
|
|
const cfg_obj_t *addrlist;
|
|
|
|
|
const cfg_obj_t *portobj, *dscpobj;
|
2006-02-28 02:39:52 +00:00
|
|
|
const cfg_listelt_t *element;
|
2020-02-13 14:44:37 -08:00
|
|
|
isc_sockaddr_t *addrs;
|
|
|
|
|
in_port_t port;
|
|
|
|
|
isc_dscp_t dscp = -1, *dscps = NULL;
|
|
|
|
|
isc_result_t result;
|
2001-03-04 21:21:39 +00:00
|
|
|
|
|
|
|
|
INSIST(addrsp != NULL && *addrsp == NULL);
|
2013-03-22 12:27:54 -07:00
|
|
|
INSIST(dscpsp == NULL || *dscpsp == NULL);
|
2002-01-23 02:12:24 +00:00
|
|
|
INSIST(countp != NULL);
|
2001-03-04 21:21:39 +00:00
|
|
|
|
|
|
|
|
addrlist = cfg_tuple_get(list, "addresses");
|
2017-09-08 13:39:09 -07:00
|
|
|
count = named_config_listcount(addrlist);
|
2001-03-04 21:21:39 +00:00
|
|
|
|
|
|
|
|
portobj = cfg_tuple_get(list, "port");
|
|
|
|
|
if (cfg_obj_isuint32(portobj)) {
|
2018-03-28 14:19:37 +02:00
|
|
|
uint32_t val = cfg_obj_asuint32(portobj);
|
|
|
|
|
if (val > UINT16_MAX) {
|
2017-09-08 13:39:09 -07:00
|
|
|
cfg_obj_log(portobj, named_g_lctx, ISC_LOG_ERROR,
|
2001-03-04 21:21:39 +00:00
|
|
|
"port '%u' out of range", val);
|
|
|
|
|
return (ISC_R_RANGE);
|
|
|
|
|
}
|
2020-02-12 13:59:18 +01:00
|
|
|
port = (in_port_t)val;
|
2020-02-13 21:48:23 +01:00
|
|
|
} else if (defport != 0) {
|
2001-03-04 21:21:39 +00:00
|
|
|
port = defport;
|
2020-02-13 21:48:23 +01:00
|
|
|
} else {
|
2020-10-01 13:18:47 +02:00
|
|
|
result = named_config_getport(config, "port", &port);
|
2020-02-13 21:48:23 +01:00
|
|
|
if (result != ISC_R_SUCCESS) {
|
2001-03-04 21:21:39 +00:00
|
|
|
return (result);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2001-03-04 21:21:39 +00:00
|
|
|
}
|
|
|
|
|
|
2013-03-22 12:27:54 -07:00
|
|
|
if (dscpsp != NULL) {
|
|
|
|
|
dscpobj = cfg_tuple_get(list, "dscp");
|
|
|
|
|
if (dscpobj != NULL && cfg_obj_isuint32(dscpobj)) {
|
|
|
|
|
if (cfg_obj_asuint32(dscpobj) > 63) {
|
2017-09-08 13:39:09 -07:00
|
|
|
cfg_obj_log(dscpobj, named_g_lctx,
|
|
|
|
|
ISC_LOG_ERROR,
|
2013-03-22 12:27:54 -07:00
|
|
|
"dscp value '%u' is out of range",
|
|
|
|
|
cfg_obj_asuint32(dscpobj));
|
|
|
|
|
return (ISC_R_RANGE);
|
|
|
|
|
}
|
|
|
|
|
dscp = (isc_dscp_t)cfg_obj_asuint32(dscpobj);
|
|
|
|
|
}
|
2015-04-29 03:16:50 +10:00
|
|
|
|
|
|
|
|
dscps = isc_mem_get(mctx, count * sizeof(isc_dscp_t));
|
2013-03-22 12:27:54 -07:00
|
|
|
}
|
|
|
|
|
|
2001-03-04 21:21:39 +00:00
|
|
|
addrs = isc_mem_get(mctx, count * sizeof(isc_sockaddr_t));
|
|
|
|
|
|
2020-02-12 13:59:18 +01:00
|
|
|
for (element = cfg_list_first(addrlist); element != NULL;
|
2020-02-13 14:44:37 -08:00
|
|
|
element = cfg_list_next(element), i++)
|
|
|
|
|
{
|
2013-03-22 12:27:54 -07:00
|
|
|
const cfg_obj_t *addr;
|
2001-03-04 21:21:39 +00:00
|
|
|
INSIST(i < count);
|
2013-03-22 12:27:54 -07:00
|
|
|
addr = cfg_listelt_value(element);
|
|
|
|
|
addrs[i] = *cfg_obj_assockaddr(addr);
|
|
|
|
|
if (dscpsp != NULL) {
|
|
|
|
|
isc_dscp_t innerdscp;
|
|
|
|
|
innerdscp = cfg_obj_getdscp(addr);
|
2020-02-13 21:48:23 +01:00
|
|
|
if (innerdscp == -1) {
|
2013-03-22 12:27:54 -07:00
|
|
|
innerdscp = dscp;
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2013-03-22 12:27:54 -07:00
|
|
|
dscps[i] = innerdscp;
|
|
|
|
|
}
|
2020-02-13 21:48:23 +01:00
|
|
|
if (isc_sockaddr_getport(&addrs[i]) == 0) {
|
2001-03-04 21:21:39 +00:00
|
|
|
isc_sockaddr_setport(&addrs[i], port);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2001-03-04 21:21:39 +00:00
|
|
|
}
|
|
|
|
|
INSIST(i == count);
|
|
|
|
|
|
|
|
|
|
*addrsp = addrs;
|
|
|
|
|
*countp = count;
|
|
|
|
|
|
2020-02-13 21:48:23 +01:00
|
|
|
if (dscpsp != NULL) {
|
2013-03-22 12:27:54 -07:00
|
|
|
*dscpsp = dscps;
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2013-03-22 12:27:54 -07:00
|
|
|
|
2001-03-04 21:21:39 +00:00
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
2017-09-08 13:39:09 -07:00
|
|
|
named_config_putiplist(isc_mem_t *mctx, isc_sockaddr_t **addrsp,
|
2020-02-13 14:44:37 -08:00
|
|
|
isc_dscp_t **dscpsp, uint32_t count) {
|
2001-03-04 21:21:39 +00:00
|
|
|
INSIST(addrsp != NULL && *addrsp != NULL);
|
2013-03-22 12:27:54 -07:00
|
|
|
INSIST(dscpsp == NULL || *dscpsp != NULL);
|
2001-03-04 21:21:39 +00:00
|
|
|
|
|
|
|
|
isc_mem_put(mctx, *addrsp, count * sizeof(isc_sockaddr_t));
|
|
|
|
|
*addrsp = NULL;
|
2013-03-22 12:27:54 -07:00
|
|
|
|
|
|
|
|
if (dscpsp != NULL) {
|
|
|
|
|
isc_mem_put(mctx, *dscpsp, count * sizeof(isc_dscp_t));
|
|
|
|
|
*dscpsp = NULL;
|
|
|
|
|
}
|
2001-03-04 21:21:39 +00:00
|
|
|
}
|
|
|
|
|
|
2020-06-25 21:59:56 -07:00
|
|
|
static isc_result_t
|
2021-05-11 14:43:02 +02:00
|
|
|
getremotesdef(const cfg_obj_t *cctx, const char *list, const char *name,
|
|
|
|
|
const cfg_obj_t **ret) {
|
2020-02-13 14:44:37 -08:00
|
|
|
isc_result_t result;
|
2020-06-25 21:59:56 -07:00
|
|
|
const cfg_obj_t *obj = NULL;
|
2006-02-28 02:39:52 +00:00
|
|
|
const cfg_listelt_t *elt;
|
2003-02-26 06:04:03 +00:00
|
|
|
|
2020-06-25 21:59:56 -07:00
|
|
|
REQUIRE(cctx != NULL);
|
|
|
|
|
REQUIRE(name != NULL);
|
|
|
|
|
REQUIRE(ret != NULL && *ret == NULL);
|
|
|
|
|
|
|
|
|
|
result = cfg_map_get(cctx, list, &obj);
|
2020-02-13 21:48:23 +01:00
|
|
|
if (result != ISC_R_SUCCESS) {
|
2003-02-26 06:04:03 +00:00
|
|
|
return (result);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2020-06-25 21:59:56 -07:00
|
|
|
elt = cfg_list_first(obj);
|
|
|
|
|
while (elt != NULL) {
|
|
|
|
|
obj = cfg_listelt_value(elt);
|
|
|
|
|
if (strcasecmp(cfg_obj_asstring(cfg_tuple_get(obj, "name")),
|
|
|
|
|
name) == 0) {
|
|
|
|
|
*ret = obj;
|
2003-02-26 06:04:03 +00:00
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
}
|
2020-06-25 21:59:56 -07:00
|
|
|
elt = cfg_list_next(elt);
|
2003-02-26 06:04:03 +00:00
|
|
|
}
|
|
|
|
|
return (ISC_R_NOTFOUND);
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-25 21:59:56 -07:00
|
|
|
isc_result_t
|
2021-05-11 14:43:02 +02:00
|
|
|
named_config_getremotesdef(const cfg_obj_t *cctx, const char *list,
|
|
|
|
|
const char *name, const cfg_obj_t **ret) {
|
2020-06-25 21:59:56 -07:00
|
|
|
isc_result_t result;
|
|
|
|
|
|
2021-05-11 14:43:02 +02:00
|
|
|
if (strcmp(list, "parental-agents") == 0) {
|
|
|
|
|
return (getremotesdef(cctx, list, name, ret));
|
|
|
|
|
} else if (strcmp(list, "primaries") == 0) {
|
|
|
|
|
result = getremotesdef(cctx, list, name, ret);
|
|
|
|
|
if (result != ISC_R_SUCCESS) {
|
|
|
|
|
result = getremotesdef(cctx, "masters", name, ret);
|
|
|
|
|
}
|
|
|
|
|
return (result);
|
2020-06-25 21:59:56 -07:00
|
|
|
}
|
2021-05-11 14:43:02 +02:00
|
|
|
return (ISC_R_NOTFOUND);
|
2020-06-25 21:59:56 -07:00
|
|
|
}
|
|
|
|
|
|
2021-01-14 12:51:25 +01:00
|
|
|
static isc_result_t
|
|
|
|
|
named_config_getname(isc_mem_t *mctx, const cfg_obj_t *obj,
|
|
|
|
|
dns_name_t **namep) {
|
|
|
|
|
REQUIRE(namep != NULL && *namep == NULL);
|
|
|
|
|
|
|
|
|
|
const char *objstr;
|
|
|
|
|
isc_result_t result;
|
|
|
|
|
isc_buffer_t b;
|
|
|
|
|
dns_fixedname_t fname;
|
|
|
|
|
|
|
|
|
|
if (!cfg_obj_isstring(obj)) {
|
|
|
|
|
*namep = NULL;
|
|
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
*namep = isc_mem_get(mctx, sizeof(**namep));
|
|
|
|
|
dns_name_init(*namep, NULL);
|
|
|
|
|
|
|
|
|
|
objstr = cfg_obj_asstring(obj);
|
|
|
|
|
isc_buffer_constinit(&b, objstr, strlen(objstr));
|
|
|
|
|
isc_buffer_add(&b, strlen(objstr));
|
|
|
|
|
dns_fixedname_init(&fname);
|
|
|
|
|
result = dns_name_fromtext(dns_fixedname_name(&fname), &b, dns_rootname,
|
|
|
|
|
0, NULL);
|
|
|
|
|
if (result != ISC_R_SUCCESS) {
|
Fix wrong length passed to isc_mem_put
If an invalid key name (e.g. "a..b") in a primaries list in named.conf
is specified the wrong size is passed to isc_mem_put resulting in the
returned memory being put on the wrong freed list.
*** CID 316784: Incorrect expression (SIZEOF_MISMATCH)
/bin/named/config.c: 636 in named_config_getname()
630 isc_buffer_constinit(&b, objstr, strlen(objstr));
631 isc_buffer_add(&b, strlen(objstr));
632 dns_fixedname_init(&fname);
633 result = dns_name_fromtext(dns_fixedname_name(&fname), &b, dns_rootname,
634 0, NULL);
635 if (result != ISC_R_SUCCESS) {
CID 316784: Incorrect expression (SIZEOF_MISMATCH)
Passing argument "*namep" of type "dns_name_t *" and argument "8UL /* sizeof (*namep) */" to function "isc__mem_put" is suspicious.
636 isc_mem_put(mctx, *namep, sizeof(*namep));
637 *namep = NULL;
638 return (result);
639 }
640 dns_name_dup(dns_fixedname_name(&fname), mctx, *namep);
641
2021-02-01 11:43:45 +11:00
|
|
|
isc_mem_put(mctx, *namep, sizeof(**namep));
|
2021-01-14 12:51:25 +01:00
|
|
|
*namep = NULL;
|
|
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
dns_name_dup(dns_fixedname_name(&fname), mctx, *namep);
|
|
|
|
|
|
|
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#define grow_array(mctx, array, newlen, oldlen) \
|
|
|
|
|
if (newlen >= oldlen) { \
|
|
|
|
|
size_t newsize = (newlen + 16) * sizeof(array[0]); \
|
|
|
|
|
size_t oldsize = oldlen * sizeof(array[0]); \
|
|
|
|
|
void *tmp = isc_mem_get(mctx, newsize); \
|
|
|
|
|
memset(tmp, 0, newsize); \
|
|
|
|
|
if (oldlen != 0) { \
|
|
|
|
|
memmove(tmp, array, oldsize); \
|
|
|
|
|
isc_mem_put(mctx, array, oldsize); \
|
|
|
|
|
} \
|
|
|
|
|
array = tmp; \
|
|
|
|
|
oldlen = newlen + 16; \
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#define shrink_array(mctx, array, newlen, oldlen) \
|
|
|
|
|
if (newlen < oldlen) { \
|
|
|
|
|
void *tmp = NULL; \
|
|
|
|
|
size_t newsize = newlen * sizeof(array[0]); \
|
|
|
|
|
size_t oldsize = oldlen * sizeof(array[0]); \
|
|
|
|
|
if (newlen != 0) { \
|
|
|
|
|
tmp = isc_mem_get(mctx, newsize); \
|
|
|
|
|
memset(tmp, 0, newsize); \
|
|
|
|
|
memmove(tmp, array, newsize); \
|
|
|
|
|
} else { \
|
|
|
|
|
tmp = NULL; \
|
|
|
|
|
} \
|
|
|
|
|
isc_mem_put(mctx, array, oldsize); \
|
|
|
|
|
array = tmp; \
|
|
|
|
|
oldlen = newlen; \
|
|
|
|
|
}
|
|
|
|
|
|
2001-03-04 21:21:39 +00:00
|
|
|
isc_result_t
|
2021-05-11 14:43:02 +02:00
|
|
|
named_config_getipandkeylist(const cfg_obj_t *config, const char *listtype,
|
|
|
|
|
const cfg_obj_t *list, isc_mem_t *mctx,
|
|
|
|
|
dns_ipkeylist_t *ipkl) {
|
2021-01-14 12:51:25 +01:00
|
|
|
uint32_t addrcount = 0, dscpcount = 0, keycount = 0, tlscount = 0,
|
|
|
|
|
i = 0;
|
2020-02-13 14:44:37 -08:00
|
|
|
uint32_t listcount = 0, l = 0, j;
|
|
|
|
|
uint32_t stackcount = 0, pushed = 0;
|
|
|
|
|
isc_result_t result;
|
2006-02-28 02:39:52 +00:00
|
|
|
const cfg_listelt_t *element;
|
2020-02-13 14:44:37 -08:00
|
|
|
const cfg_obj_t *addrlist;
|
|
|
|
|
const cfg_obj_t *portobj;
|
|
|
|
|
const cfg_obj_t *dscpobj;
|
2021-01-14 12:51:25 +01:00
|
|
|
in_port_t port = (in_port_t)0;
|
|
|
|
|
in_port_t def_port;
|
|
|
|
|
in_port_t def_tlsport;
|
2020-02-13 14:44:37 -08:00
|
|
|
isc_dscp_t dscp = -1;
|
|
|
|
|
isc_sockaddr_t *addrs = NULL;
|
|
|
|
|
isc_dscp_t *dscps = NULL;
|
|
|
|
|
dns_name_t **keys = NULL;
|
2021-01-14 12:51:25 +01:00
|
|
|
dns_name_t **tlss = NULL;
|
2020-02-12 13:59:18 +01:00
|
|
|
struct {
|
|
|
|
|
const char *name;
|
|
|
|
|
} *lists = NULL;
|
2003-02-26 06:04:03 +00:00
|
|
|
struct {
|
2006-02-28 02:39:52 +00:00
|
|
|
const cfg_listelt_t *element;
|
2020-02-13 14:44:37 -08:00
|
|
|
in_port_t port;
|
|
|
|
|
isc_dscp_t dscp;
|
2003-02-26 06:04:03 +00:00
|
|
|
} *stack = NULL;
|
2001-03-04 21:21:39 +00:00
|
|
|
|
2016-05-26 21:23:19 +02:00
|
|
|
REQUIRE(ipkl != NULL);
|
2016-06-22 10:49:25 +02:00
|
|
|
REQUIRE(ipkl->count == 0);
|
2016-05-26 21:23:19 +02:00
|
|
|
REQUIRE(ipkl->addrs == NULL);
|
|
|
|
|
REQUIRE(ipkl->keys == NULL);
|
2021-01-14 12:51:25 +01:00
|
|
|
REQUIRE(ipkl->tlss == NULL);
|
2016-05-26 21:23:19 +02:00
|
|
|
REQUIRE(ipkl->dscps == NULL);
|
2016-06-22 10:49:25 +02:00
|
|
|
REQUIRE(ipkl->labels == NULL);
|
|
|
|
|
REQUIRE(ipkl->allocated == 0);
|
2001-03-04 21:21:39 +00:00
|
|
|
|
2014-11-24 11:25:06 +11:00
|
|
|
/*
|
|
|
|
|
* Get system defaults.
|
|
|
|
|
*/
|
2021-01-14 12:51:25 +01:00
|
|
|
result = named_config_getport(config, "port", &def_port);
|
|
|
|
|
if (result != ISC_R_SUCCESS) {
|
|
|
|
|
goto cleanup;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
result = named_config_getport(config, "tls-port", &def_tlsport);
|
2020-02-13 21:48:23 +01:00
|
|
|
if (result != ISC_R_SUCCESS) {
|
2014-11-24 11:25:06 +11:00
|
|
|
goto cleanup;
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2014-11-24 11:25:06 +11:00
|
|
|
|
2017-09-08 13:39:09 -07:00
|
|
|
result = named_config_getdscp(config, &dscp);
|
2020-02-13 21:48:23 +01:00
|
|
|
if (result != ISC_R_SUCCESS) {
|
2014-11-24 11:25:06 +11:00
|
|
|
goto cleanup;
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2014-11-24 11:25:06 +11:00
|
|
|
|
2020-02-12 13:59:18 +01:00
|
|
|
newlist:
|
2001-03-04 21:21:39 +00:00
|
|
|
addrlist = cfg_tuple_get(list, "addresses");
|
|
|
|
|
portobj = cfg_tuple_get(list, "port");
|
2013-03-22 12:27:54 -07:00
|
|
|
dscpobj = cfg_tuple_get(list, "dscp");
|
|
|
|
|
|
2001-03-04 21:21:39 +00:00
|
|
|
if (cfg_obj_isuint32(portobj)) {
|
2018-03-28 14:19:37 +02:00
|
|
|
uint32_t val = cfg_obj_asuint32(portobj);
|
|
|
|
|
if (val > UINT16_MAX) {
|
2017-09-08 13:39:09 -07:00
|
|
|
cfg_obj_log(portobj, named_g_lctx, ISC_LOG_ERROR,
|
2001-03-04 21:21:39 +00:00
|
|
|
"port '%u' out of range", val);
|
2005-11-30 03:33:49 +00:00
|
|
|
result = ISC_R_RANGE;
|
|
|
|
|
goto cleanup;
|
2001-03-04 21:21:39 +00:00
|
|
|
}
|
2020-02-12 13:59:18 +01:00
|
|
|
port = (in_port_t)val;
|
2001-03-04 21:21:39 +00:00
|
|
|
}
|
|
|
|
|
|
2013-03-22 12:27:54 -07:00
|
|
|
if (dscpobj != NULL && cfg_obj_isuint32(dscpobj)) {
|
|
|
|
|
if (cfg_obj_asuint32(dscpobj) > 63) {
|
2017-09-08 13:39:09 -07:00
|
|
|
cfg_obj_log(dscpobj, named_g_lctx, ISC_LOG_ERROR,
|
2013-03-22 12:27:54 -07:00
|
|
|
"dscp value '%u' is out of range",
|
|
|
|
|
cfg_obj_asuint32(dscpobj));
|
2015-04-29 03:16:50 +10:00
|
|
|
result = ISC_R_RANGE;
|
|
|
|
|
goto cleanup;
|
2013-03-22 12:27:54 -07:00
|
|
|
}
|
|
|
|
|
dscp = (isc_dscp_t)cfg_obj_asuint32(dscpobj);
|
|
|
|
|
}
|
|
|
|
|
|
2001-03-04 21:21:39 +00:00
|
|
|
result = ISC_R_NOMEMORY;
|
|
|
|
|
|
2003-02-26 06:04:03 +00:00
|
|
|
element = cfg_list_first(addrlist);
|
2020-02-12 13:59:18 +01:00
|
|
|
resume:
|
|
|
|
|
for (; element != NULL; element = cfg_list_next(element)) {
|
2006-02-28 02:39:52 +00:00
|
|
|
const cfg_obj_t *addr;
|
|
|
|
|
const cfg_obj_t *key;
|
2021-01-14 12:51:25 +01:00
|
|
|
const cfg_obj_t *tls;
|
2001-03-04 21:21:39 +00:00
|
|
|
|
2020-02-17 12:05:39 -08:00
|
|
|
addr = cfg_tuple_get(cfg_listelt_value(element),
|
2021-05-07 11:31:15 +02:00
|
|
|
"remoteselement");
|
2001-03-04 21:21:39 +00:00
|
|
|
key = cfg_tuple_get(cfg_listelt_value(element), "key");
|
2021-01-14 12:51:25 +01:00
|
|
|
tls = cfg_tuple_get(cfg_listelt_value(element), "tls");
|
2001-03-04 21:21:39 +00:00
|
|
|
|
2003-02-26 06:04:03 +00:00
|
|
|
if (!cfg_obj_issockaddr(addr)) {
|
2020-02-13 14:44:37 -08:00
|
|
|
const char *listname = cfg_obj_asstring(addr);
|
2003-02-26 06:04:03 +00:00
|
|
|
isc_result_t tresult;
|
|
|
|
|
|
|
|
|
|
/* Grow lists? */
|
2021-01-14 12:51:25 +01:00
|
|
|
grow_array(mctx, lists, l, listcount);
|
|
|
|
|
|
2003-02-26 06:04:03 +00:00
|
|
|
/* Seen? */
|
2020-02-13 18:16:57 +01:00
|
|
|
for (j = 0; j < l; j++) {
|
|
|
|
|
if (strcasecmp(lists[j].name, listname) == 0) {
|
2003-02-26 06:04:03 +00:00
|
|
|
break;
|
2020-02-13 18:16:57 +01:00
|
|
|
}
|
|
|
|
|
}
|
2020-02-13 21:48:23 +01:00
|
|
|
if (j < l) {
|
2003-02-26 06:04:03 +00:00
|
|
|
continue;
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2020-06-25 21:59:56 -07:00
|
|
|
list = NULL;
|
2021-05-11 14:43:02 +02:00
|
|
|
tresult = named_config_getremotesdef(config, listtype,
|
|
|
|
|
listname, &list);
|
2003-02-26 06:04:03 +00:00
|
|
|
if (tresult == ISC_R_NOTFOUND) {
|
2017-09-08 13:39:09 -07:00
|
|
|
cfg_obj_log(addr, named_g_lctx, ISC_LOG_ERROR,
|
2021-05-11 14:43:02 +02:00
|
|
|
"%s \"%s\" not found", listtype,
|
2020-02-12 13:59:18 +01:00
|
|
|
listname);
|
2003-02-26 06:04:03 +00:00
|
|
|
|
|
|
|
|
result = tresult;
|
|
|
|
|
goto cleanup;
|
|
|
|
|
}
|
2020-02-13 21:48:23 +01:00
|
|
|
if (tresult != ISC_R_SUCCESS) {
|
2003-02-26 06:04:03 +00:00
|
|
|
goto cleanup;
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2005-09-05 02:54:38 +00:00
|
|
|
lists[l++].name = listname;
|
2003-02-26 06:04:03 +00:00
|
|
|
/* Grow stack? */
|
2021-01-14 12:51:25 +01:00
|
|
|
grow_array(mctx, stack, pushed, stackcount);
|
2003-02-26 06:04:03 +00:00
|
|
|
/*
|
|
|
|
|
* We want to resume processing this list on the
|
|
|
|
|
* next element.
|
|
|
|
|
*/
|
|
|
|
|
stack[pushed].element = cfg_list_next(element);
|
|
|
|
|
stack[pushed].port = port;
|
2013-03-22 12:27:54 -07:00
|
|
|
stack[pushed].dscp = dscp;
|
2003-02-26 06:04:03 +00:00
|
|
|
pushed++;
|
|
|
|
|
goto newlist;
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-14 12:51:25 +01:00
|
|
|
grow_array(mctx, addrs, i, addrcount);
|
|
|
|
|
grow_array(mctx, dscps, i, dscpcount);
|
|
|
|
|
grow_array(mctx, keys, i, keycount);
|
|
|
|
|
grow_array(mctx, tlss, i, tlscount);
|
2003-02-26 06:04:03 +00:00
|
|
|
|
2001-03-04 21:21:39 +00:00
|
|
|
addrs[i] = *cfg_obj_assockaddr(addr);
|
2013-03-22 12:27:54 -07:00
|
|
|
dscps[i] = cfg_obj_getdscp(addr);
|
2020-02-13 21:48:23 +01:00
|
|
|
if (dscps[i] == -1) {
|
2013-03-22 12:27:54 -07:00
|
|
|
dscps[i] = dscp;
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2021-01-14 12:51:25 +01:00
|
|
|
|
|
|
|
|
result = named_config_getname(mctx, key, &keys[i]);
|
|
|
|
|
if (result != ISC_R_SUCCESS) {
|
|
|
|
|
i++; /* Increment here so that cleanup on error works.
|
|
|
|
|
*/
|
|
|
|
|
goto cleanup;
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2021-01-14 12:51:25 +01:00
|
|
|
|
|
|
|
|
result = named_config_getname(mctx, tls, &tlss[i]);
|
2020-02-13 21:48:23 +01:00
|
|
|
if (result != ISC_R_SUCCESS) {
|
2021-01-14 12:51:25 +01:00
|
|
|
i++; /* Increment here so that cleanup on error works.
|
|
|
|
|
*/
|
2001-03-04 21:21:39 +00:00
|
|
|
goto cleanup;
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2021-01-14 12:51:25 +01:00
|
|
|
|
|
|
|
|
/* Set the default port or tls-port */
|
|
|
|
|
if (port == 0) {
|
|
|
|
|
if (tlss[i] != NULL) {
|
|
|
|
|
port = def_tlsport;
|
|
|
|
|
} else {
|
|
|
|
|
port = def_port;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (isc_sockaddr_getport(&addrs[i]) == 0) {
|
|
|
|
|
isc_sockaddr_setport(&addrs[i], port);
|
|
|
|
|
}
|
|
|
|
|
i++;
|
2003-02-26 06:04:03 +00:00
|
|
|
}
|
|
|
|
|
if (pushed != 0) {
|
|
|
|
|
pushed--;
|
|
|
|
|
element = stack[pushed].element;
|
|
|
|
|
port = stack[pushed].port;
|
2013-03-22 12:27:54 -07:00
|
|
|
dscp = stack[pushed].dscp;
|
2003-02-26 06:04:03 +00:00
|
|
|
goto resume;
|
|
|
|
|
}
|
2021-01-14 12:51:25 +01:00
|
|
|
|
|
|
|
|
shrink_array(mctx, addrs, i, addrcount);
|
|
|
|
|
shrink_array(mctx, dscps, i, dscpcount);
|
|
|
|
|
shrink_array(mctx, keys, i, keycount);
|
|
|
|
|
shrink_array(mctx, tlss, i, tlscount);
|
2003-02-26 06:04:03 +00:00
|
|
|
|
2020-02-13 21:48:23 +01:00
|
|
|
if (lists != NULL) {
|
2021-01-14 12:51:25 +01:00
|
|
|
isc_mem_put(mctx, lists, listcount * sizeof(lists[0]));
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
|
|
|
|
if (stack != NULL) {
|
2021-01-14 12:51:25 +01:00
|
|
|
isc_mem_put(mctx, stack, stackcount * sizeof(stack[0]));
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2008-01-22 23:28:04 +00:00
|
|
|
|
2019-08-08 13:52:44 +10:00
|
|
|
INSIST(dscpcount == addrcount);
|
2003-02-26 06:04:03 +00:00
|
|
|
INSIST(keycount == addrcount);
|
2021-01-14 12:51:25 +01:00
|
|
|
INSIST(tlscount == addrcount);
|
2019-09-06 11:32:32 +10:00
|
|
|
INSIST(keycount == dscpcount);
|
2001-03-04 21:21:39 +00:00
|
|
|
|
2016-05-26 21:23:19 +02:00
|
|
|
ipkl->addrs = addrs;
|
|
|
|
|
ipkl->dscps = dscps;
|
|
|
|
|
ipkl->keys = keys;
|
2021-01-14 12:51:25 +01:00
|
|
|
ipkl->tlss = tlss;
|
2016-05-26 21:23:19 +02:00
|
|
|
ipkl->count = addrcount;
|
2016-06-22 10:49:25 +02:00
|
|
|
ipkl->allocated = addrcount;
|
2001-03-04 21:21:39 +00:00
|
|
|
|
|
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
|
2020-02-12 13:59:18 +01:00
|
|
|
cleanup:
|
2020-02-13 21:48:23 +01:00
|
|
|
if (addrs != NULL) {
|
2021-01-14 12:51:25 +01:00
|
|
|
isc_mem_put(mctx, addrs, addrcount * sizeof(addrs[0]));
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
|
|
|
|
if (dscps != NULL) {
|
2021-01-14 12:51:25 +01:00
|
|
|
isc_mem_put(mctx, dscps, dscpcount * sizeof(dscps[0]));
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2001-03-04 21:21:39 +00:00
|
|
|
if (keys != NULL) {
|
2012-09-26 15:28:46 +10:00
|
|
|
for (j = 0; j < i; j++) {
|
2020-02-13 21:48:23 +01:00
|
|
|
if (keys[j] == NULL) {
|
2001-03-04 21:21:39 +00:00
|
|
|
continue;
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
|
|
|
|
if (dns_name_dynamic(keys[j])) {
|
2001-03-04 21:21:39 +00:00
|
|
|
dns_name_free(keys[j], mctx);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2021-01-14 12:51:25 +01:00
|
|
|
isc_mem_put(mctx, keys[j], sizeof(*keys[j]));
|
|
|
|
|
}
|
|
|
|
|
isc_mem_put(mctx, keys, keycount * sizeof(keys[0]));
|
|
|
|
|
}
|
|
|
|
|
if (tlss != NULL) {
|
|
|
|
|
for (j = 0; j < i; j++) {
|
|
|
|
|
if (tlss[j] == NULL) {
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
if (dns_name_dynamic(tlss[j])) {
|
|
|
|
|
dns_name_free(tlss[j], mctx);
|
|
|
|
|
}
|
|
|
|
|
isc_mem_put(mctx, tlss[j], sizeof(*tlss[j]));
|
2001-03-04 21:21:39 +00:00
|
|
|
}
|
2021-01-14 12:51:25 +01:00
|
|
|
isc_mem_put(mctx, tlss, tlscount * sizeof(tlss[0]));
|
2001-03-04 21:21:39 +00:00
|
|
|
}
|
2020-02-13 21:48:23 +01:00
|
|
|
if (lists != NULL) {
|
2021-01-14 12:51:25 +01:00
|
|
|
isc_mem_put(mctx, lists, listcount * sizeof(lists[0]));
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
|
|
|
|
if (stack != NULL) {
|
2021-01-14 12:51:25 +01:00
|
|
|
isc_mem_put(mctx, stack, stackcount * sizeof(stack[0]));
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2001-03-04 21:21:39 +00:00
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
isc_result_t
|
2020-10-01 13:18:47 +02:00
|
|
|
named_config_getport(const cfg_obj_t *config, const char *type,
|
|
|
|
|
in_port_t *portp) {
|
2006-02-28 02:39:52 +00:00
|
|
|
const cfg_obj_t *maps[3];
|
|
|
|
|
const cfg_obj_t *options = NULL;
|
|
|
|
|
const cfg_obj_t *portobj = NULL;
|
2020-02-13 14:44:37 -08:00
|
|
|
isc_result_t result;
|
|
|
|
|
int i;
|
2001-03-04 21:21:39 +00:00
|
|
|
|
2001-11-30 01:59:49 +00:00
|
|
|
(void)cfg_map_get(config, "options", &options);
|
2001-03-04 21:21:39 +00:00
|
|
|
i = 0;
|
2020-02-13 21:48:23 +01:00
|
|
|
if (options != NULL) {
|
2001-03-04 21:21:39 +00:00
|
|
|
maps[i++] = options;
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2017-09-08 13:39:09 -07:00
|
|
|
maps[i++] = named_g_defaults;
|
2001-03-04 21:21:39 +00:00
|
|
|
maps[i] = NULL;
|
|
|
|
|
|
2020-10-01 13:18:47 +02:00
|
|
|
result = named_config_get(maps, type, &portobj);
|
2001-03-04 21:21:39 +00:00
|
|
|
INSIST(result == ISC_R_SUCCESS);
|
2018-03-28 14:19:37 +02:00
|
|
|
if (cfg_obj_asuint32(portobj) >= UINT16_MAX) {
|
2017-09-08 13:39:09 -07:00
|
|
|
cfg_obj_log(portobj, named_g_lctx, ISC_LOG_ERROR,
|
2001-03-04 21:21:39 +00:00
|
|
|
"port '%u' out of range",
|
|
|
|
|
cfg_obj_asuint32(portobj));
|
|
|
|
|
return (ISC_R_RANGE);
|
|
|
|
|
}
|
|
|
|
|
*portp = (in_port_t)cfg_obj_asuint32(portobj);
|
|
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
}
|
2001-08-03 18:12:08 +00:00
|
|
|
|
2013-03-22 12:27:54 -07:00
|
|
|
isc_result_t
|
2020-02-13 14:44:37 -08:00
|
|
|
named_config_getdscp(const cfg_obj_t *config, isc_dscp_t *dscpp) {
|
2013-03-22 12:27:54 -07:00
|
|
|
const cfg_obj_t *options = NULL;
|
|
|
|
|
const cfg_obj_t *dscpobj = NULL;
|
2020-02-13 14:44:37 -08:00
|
|
|
isc_result_t result;
|
2013-03-22 12:27:54 -07:00
|
|
|
|
|
|
|
|
(void)cfg_map_get(config, "options", &options);
|
2020-02-13 21:48:23 +01:00
|
|
|
if (options == NULL) {
|
2013-04-19 12:36:02 +10:00
|
|
|
return (ISC_R_SUCCESS);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2013-03-22 12:27:54 -07:00
|
|
|
|
2013-04-19 12:36:02 +10:00
|
|
|
result = cfg_map_get(options, "dscp", &dscpobj);
|
2013-03-23 19:40:20 +11:00
|
|
|
if (result != ISC_R_SUCCESS || dscpobj == NULL) {
|
2013-03-22 12:27:54 -07:00
|
|
|
*dscpp = -1;
|
|
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
}
|
|
|
|
|
if (cfg_obj_asuint32(dscpobj) >= 64) {
|
2017-09-08 13:39:09 -07:00
|
|
|
cfg_obj_log(dscpobj, named_g_lctx, ISC_LOG_ERROR,
|
2013-03-22 12:27:54 -07:00
|
|
|
"dscp '%u' out of range",
|
|
|
|
|
cfg_obj_asuint32(dscpobj));
|
|
|
|
|
return (ISC_R_RANGE);
|
|
|
|
|
}
|
|
|
|
|
*dscpp = (isc_dscp_t)cfg_obj_asuint32(dscpobj);
|
|
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
}
|
|
|
|
|
|
2006-01-27 02:35:15 +00:00
|
|
|
struct keyalgorithms {
|
|
|
|
|
const char *str;
|
2020-08-24 09:23:19 +02:00
|
|
|
enum {
|
|
|
|
|
hmacnone,
|
|
|
|
|
hmacmd5,
|
|
|
|
|
hmacsha1,
|
|
|
|
|
hmacsha224,
|
|
|
|
|
hmacsha256,
|
|
|
|
|
hmacsha384,
|
|
|
|
|
hmacsha512
|
|
|
|
|
} hmac;
|
2009-06-10 00:27:22 +00:00
|
|
|
unsigned int type;
|
2020-02-13 14:44:37 -08:00
|
|
|
uint16_t size;
|
2020-02-12 13:59:18 +01:00
|
|
|
} algorithms[] = { { "hmac-md5", hmacmd5, DST_ALG_HMACMD5, 128 },
|
|
|
|
|
{ "hmac-md5.sig-alg.reg.int", hmacmd5, DST_ALG_HMACMD5, 0 },
|
|
|
|
|
{ "hmac-md5.sig-alg.reg.int.", hmacmd5, DST_ALG_HMACMD5, 0 },
|
|
|
|
|
{ "hmac-sha1", hmacsha1, DST_ALG_HMACSHA1, 160 },
|
|
|
|
|
{ "hmac-sha224", hmacsha224, DST_ALG_HMACSHA224, 224 },
|
|
|
|
|
{ "hmac-sha256", hmacsha256, DST_ALG_HMACSHA256, 256 },
|
|
|
|
|
{ "hmac-sha384", hmacsha384, DST_ALG_HMACSHA384, 384 },
|
|
|
|
|
{ "hmac-sha512", hmacsha512, DST_ALG_HMACSHA512, 512 },
|
|
|
|
|
{ NULL, hmacnone, DST_ALG_UNKNOWN, 0 } };
|
2006-01-27 02:35:15 +00:00
|
|
|
|
2001-08-03 18:12:08 +00:00
|
|
|
isc_result_t
|
2017-09-08 13:39:09 -07:00
|
|
|
named_config_getkeyalgorithm(const char *str, const dns_name_t **name,
|
2020-02-13 14:44:37 -08:00
|
|
|
uint16_t *digestbits) {
|
2017-09-08 13:39:09 -07:00
|
|
|
return (named_config_getkeyalgorithm2(str, name, NULL, digestbits));
|
2009-06-10 00:27:22 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
isc_result_t
|
2017-09-08 13:39:09 -07:00
|
|
|
named_config_getkeyalgorithm2(const char *str, const dns_name_t **name,
|
2020-02-13 14:44:37 -08:00
|
|
|
unsigned int *typep, uint16_t *digestbits) {
|
|
|
|
|
int i;
|
|
|
|
|
size_t len = 0;
|
|
|
|
|
uint16_t bits;
|
2006-01-27 02:35:15 +00:00
|
|
|
isc_result_t result;
|
|
|
|
|
|
|
|
|
|
for (i = 0; algorithms[i].str != NULL; i++) {
|
|
|
|
|
len = strlen(algorithms[i].str);
|
|
|
|
|
if (strncasecmp(algorithms[i].str, str, len) == 0 &&
|
|
|
|
|
(str[len] == '\0' ||
|
2020-02-13 14:44:37 -08:00
|
|
|
(algorithms[i].size != 0 && str[len] == '-')))
|
|
|
|
|
{
|
2006-01-27 02:35:15 +00:00
|
|
|
break;
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2001-08-03 18:12:08 +00:00
|
|
|
}
|
2020-02-13 21:48:23 +01:00
|
|
|
if (algorithms[i].str == NULL) {
|
2006-01-27 02:35:15 +00:00
|
|
|
return (ISC_R_NOTFOUND);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2006-01-27 02:35:15 +00:00
|
|
|
if (str[len] == '-') {
|
|
|
|
|
result = isc_parse_uint16(&bits, str + len + 1, 10);
|
2020-02-13 21:48:23 +01:00
|
|
|
if (result != ISC_R_SUCCESS) {
|
2006-01-27 02:35:15 +00:00
|
|
|
return (result);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
|
|
|
|
if (bits > algorithms[i].size) {
|
2006-01-27 02:35:15 +00:00
|
|
|
return (ISC_R_RANGE);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
|
|
|
|
} else if (algorithms[i].size == 0) {
|
2006-01-27 02:35:15 +00:00
|
|
|
bits = 128;
|
2020-02-13 21:48:23 +01:00
|
|
|
} else {
|
2006-01-27 02:35:15 +00:00
|
|
|
bits = algorithms[i].size;
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2006-01-27 02:35:15 +00:00
|
|
|
|
|
|
|
|
if (name != NULL) {
|
|
|
|
|
switch (algorithms[i].hmac) {
|
2020-02-12 13:59:18 +01:00
|
|
|
case hmacmd5:
|
|
|
|
|
*name = dns_tsig_hmacmd5_name;
|
|
|
|
|
break;
|
|
|
|
|
case hmacsha1:
|
|
|
|
|
*name = dns_tsig_hmacsha1_name;
|
|
|
|
|
break;
|
|
|
|
|
case hmacsha224:
|
|
|
|
|
*name = dns_tsig_hmacsha224_name;
|
|
|
|
|
break;
|
|
|
|
|
case hmacsha256:
|
|
|
|
|
*name = dns_tsig_hmacsha256_name;
|
|
|
|
|
break;
|
|
|
|
|
case hmacsha384:
|
|
|
|
|
*name = dns_tsig_hmacsha384_name;
|
|
|
|
|
break;
|
|
|
|
|
case hmacsha512:
|
|
|
|
|
*name = dns_tsig_hmacsha512_name;
|
|
|
|
|
break;
|
2006-01-27 02:35:15 +00:00
|
|
|
default:
|
|
|
|
|
INSIST(0);
|
2018-11-07 15:00:07 +07:00
|
|
|
ISC_UNREACHABLE();
|
2006-01-27 02:35:15 +00:00
|
|
|
}
|
|
|
|
|
}
|
2020-02-13 21:48:23 +01:00
|
|
|
if (typep != NULL) {
|
2009-06-10 00:27:22 +00:00
|
|
|
*typep = algorithms[i].type;
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
|
|
|
|
if (digestbits != NULL) {
|
2006-01-27 02:35:15 +00:00
|
|
|
*digestbits = bits;
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2006-01-27 02:35:15 +00:00
|
|
|
return (ISC_R_SUCCESS);
|
2001-08-03 18:12:08 +00:00
|
|
|
}
|
