2002-01-04 02:32:16 +00:00
|
|
|
/*
|
2011-01-04 23:47:14 +00:00
|
|
|
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
2002-01-04 02:32:16 +00:00
|
|
|
*
|
|
|
|
|
* SPDX-License-Identifier: MPL-2.0
|
2021-06-03 08:37:05 +02:00
|
|
|
*
|
2002-01-04 02:32:16 +00:00
|
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
|
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
2018-02-23 09:53:12 +01:00
|
|
|
*
|
2002-01-04 02:32:16 +00:00
|
|
|
* See the COPYRIGHT file distributed with this work for additional
|
|
|
|
|
* information regarding copyright ownership.
|
|
|
|
|
*/
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*! \file */
|
2002-01-04 02:32:16 +00:00
|
|
|
|
2018-03-28 14:19:37 +02:00
|
|
|
#include <inttypes.h>
|
2018-04-17 08:29:14 -07:00
|
|
|
#include <stdbool.h>
|
2018-01-22 13:07:24 -08:00
|
|
|
#include <stdlib.h>
|
2002-01-04 02:32:16 +00:00
|
|
|
#include <string.h>
|
|
|
|
|
|
|
|
|
|
#include <isc/lex.h>
|
2009-07-14 22:54:57 +00:00
|
|
|
#include <isc/mem.h>
|
2002-01-04 02:32:16 +00:00
|
|
|
#include <isc/result.h>
|
|
|
|
|
#include <isc/string.h>
|
|
|
|
|
#include <isc/util.h>
|
|
|
|
|
|
2014-02-18 23:26:50 -08:00
|
|
|
#include <dns/ttl.h>
|
|
|
|
|
|
2002-01-04 02:32:16 +00:00
|
|
|
#include <isccfg/cfg.h>
|
|
|
|
|
#include <isccfg/grammar.h>
|
|
|
|
|
#include <isccfg/log.h>
|
2018-01-22 11:00:45 -08:00
|
|
|
#include <isccfg/namedconf.h>
|
2002-01-04 02:32:16 +00:00
|
|
|
|
2002-01-22 19:31:57 +00:00
|
|
|
#define TOKEN_STRING(pctx) (pctx->token.value.as_textregion.base)
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*% Check a return value. */
|
2009-07-14 22:54:57 +00:00
|
|
|
#define CHECK(op) \
|
|
|
|
|
do { \
|
|
|
|
|
result = (op); \
|
|
|
|
|
if (result != ISC_R_SUCCESS) \
|
|
|
|
|
goto cleanup; \
|
2002-01-04 02:32:16 +00:00
|
|
|
} while (0)
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*% Clean up a configuration object if non-NULL. */
|
2002-01-04 02:32:16 +00:00
|
|
|
#define CLEANUP_OBJ(obj) \
|
|
|
|
|
do { \
|
|
|
|
|
if ((obj) != NULL) \
|
|
|
|
|
cfg_obj_destroy(pctx, &(obj)); \
|
|
|
|
|
} while (0)
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2002-01-04 02:32:16 +00:00
|
|
|
* Forward declarations of static functions.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
static isc_result_t
|
|
|
|
|
parse_keyvalue(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret);
|
|
|
|
|
|
2009-07-14 22:54:57 +00:00
|
|
|
static isc_result_t
|
|
|
|
|
parse_optional_keyvalue(cfg_parser_t *pctx, const cfg_type_t *type,
|
|
|
|
|
cfg_obj_t **ret);
|
|
|
|
|
|
|
|
|
|
static isc_result_t
|
|
|
|
|
parse_updatepolicy(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret);
|
2010-05-29 10:36:22 +00:00
|
|
|
static void
|
|
|
|
|
print_updatepolicy(cfg_printer_t *pctx, const cfg_obj_t *obj);
|
2009-07-14 22:54:57 +00:00
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
doc_updatepolicy(cfg_printer_t *pctx, const cfg_type_t *type);
|
2002-01-04 02:32:16 +00:00
|
|
|
|
2006-02-28 02:39:52 +00:00
|
|
|
static void
|
|
|
|
|
print_keyvalue(cfg_printer_t *pctx, const cfg_obj_t *obj);
|
2002-01-04 02:32:16 +00:00
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
doc_keyvalue(cfg_printer_t *pctx, const cfg_type_t *type);
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
doc_optional_keyvalue(cfg_printer_t *pctx, const cfg_type_t *type);
|
|
|
|
|
|
2021-02-03 11:36:33 -08:00
|
|
|
static isc_result_t
|
|
|
|
|
cfg_parse_kv_tuple(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret);
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
cfg_print_kv_tuple(cfg_printer_t *pctx, const cfg_obj_t *obj);
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
cfg_doc_kv_tuple(cfg_printer_t *pctx, const cfg_type_t *type);
|
|
|
|
|
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_type_t cfg_type_acl;
|
2016-08-12 10:48:51 +10:00
|
|
|
static cfg_type_t cfg_type_bracketed_namesockaddrkeylist;
|
2018-10-18 15:48:44 +02:00
|
|
|
static cfg_type_t cfg_type_bracketed_netaddrlist;
|
2004-10-14 00:49:34 +00:00
|
|
|
static cfg_type_t cfg_type_bracketed_sockaddrnameportlist;
|
2022-12-08 10:57:37 +00:00
|
|
|
static cfg_type_t cfg_type_bracketed_sockaddrtlslist;
|
2021-05-19 18:03:11 +03:00
|
|
|
static cfg_type_t cfg_type_bracketed_http_endpoint_list;
|
2023-03-08 14:56:08 +01:00
|
|
|
static cfg_type_t cfg_type_checkdstype;
|
2003-01-16 03:59:28 +00:00
|
|
|
static cfg_type_t cfg_type_controls;
|
|
|
|
|
static cfg_type_t cfg_type_controls_sockaddr;
|
|
|
|
|
static cfg_type_t cfg_type_destinationlist;
|
|
|
|
|
static cfg_type_t cfg_type_dialuptype;
|
2016-08-12 10:48:51 +10:00
|
|
|
static cfg_type_t cfg_type_dlz;
|
Introduce dnssec-policy configuration
This commit introduces the initial `dnssec-policy` configuration
statement. It has an initial set of options to deal with signature
and key maintenance.
Add some checks to ensure that dnssec-policy is configured at the
right locations, and that policies referenced to in zone statements
actually exist.
Add some checks that when a user adds the new `dnssec-policy`
configuration, it will no longer contain existing DNSSEC
configuration options. Specifically: `inline-signing`,
`auto-dnssec`, `dnssec-dnskey-kskonly`, `dnssec-secure-to-insecure`,
`update-check-ksk`, `dnssec-update-mode`, `dnskey-sig-validity`,
and `sig-validity-interval`.
Test a good kasp configuration, and some bad configurations.
2019-09-02 16:24:48 +02:00
|
|
|
static cfg_type_t cfg_type_dnssecpolicy;
|
2016-08-12 10:48:51 +10:00
|
|
|
static cfg_type_t cfg_type_dnstap;
|
|
|
|
|
static cfg_type_t cfg_type_dnstapoutput;
|
|
|
|
|
static cfg_type_t cfg_type_dyndb;
|
2020-09-16 12:21:32 -07:00
|
|
|
static cfg_type_t cfg_type_http_description;
|
2004-10-14 00:49:34 +00:00
|
|
|
static cfg_type_t cfg_type_ixfrdifftype;
|
2020-02-21 10:53:08 -08:00
|
|
|
static cfg_type_t cfg_type_ixfrratio;
|
2003-01-16 03:59:28 +00:00
|
|
|
static cfg_type_t cfg_type_key;
|
|
|
|
|
static cfg_type_t cfg_type_logfile;
|
|
|
|
|
static cfg_type_t cfg_type_logging;
|
|
|
|
|
static cfg_type_t cfg_type_logseverity;
|
2017-03-08 23:20:40 -08:00
|
|
|
static cfg_type_t cfg_type_logsuffix;
|
2017-02-06 16:03:37 -08:00
|
|
|
static cfg_type_t cfg_type_logversions;
|
2021-05-07 11:31:15 +02:00
|
|
|
static cfg_type_t cfg_type_remoteselement;
|
2020-02-06 15:41:47 +01:00
|
|
|
static cfg_type_t cfg_type_maxduration;
|
2016-08-12 10:48:51 +10:00
|
|
|
static cfg_type_t cfg_type_minimal;
|
2003-01-16 03:59:28 +00:00
|
|
|
static cfg_type_t cfg_type_nameportiplist;
|
|
|
|
|
static cfg_type_t cfg_type_notifytype;
|
2008-01-17 00:15:14 +00:00
|
|
|
static cfg_type_t cfg_type_optional_allow;
|
2003-01-16 03:59:28 +00:00
|
|
|
static cfg_type_t cfg_type_optional_class;
|
|
|
|
|
static cfg_type_t cfg_type_optional_facility;
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_type_t cfg_type_optional_keyref;
|
2003-01-16 03:59:28 +00:00
|
|
|
static cfg_type_t cfg_type_optional_port;
|
2022-12-13 17:28:19 +01:00
|
|
|
static cfg_type_t cfg_type_optional_sourceaddr4;
|
|
|
|
|
static cfg_type_t cfg_type_optional_sourceaddr6;
|
2015-07-08 22:53:39 -07:00
|
|
|
static cfg_type_t cfg_type_optional_uint32;
|
2020-09-16 12:21:32 -07:00
|
|
|
static cfg_type_t cfg_type_optional_tls;
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_type_t cfg_type_options;
|
2021-02-03 11:36:33 -08:00
|
|
|
static cfg_type_t cfg_type_plugin;
|
2003-01-16 03:59:28 +00:00
|
|
|
static cfg_type_t cfg_type_portiplist;
|
2016-11-22 23:34:47 -08:00
|
|
|
static cfg_type_t cfg_type_printtime;
|
2018-05-11 12:27:56 +02:00
|
|
|
static cfg_type_t cfg_type_qminmethod;
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_type_t cfg_type_querysource4;
|
|
|
|
|
static cfg_type_t cfg_type_querysource6;
|
|
|
|
|
static cfg_type_t cfg_type_querysource;
|
2003-01-16 03:59:28 +00:00
|
|
|
static cfg_type_t cfg_type_server;
|
|
|
|
|
static cfg_type_t cfg_type_server_key_kludge;
|
|
|
|
|
static cfg_type_t cfg_type_size;
|
|
|
|
|
static cfg_type_t cfg_type_sizenodefault;
|
2015-09-28 11:08:50 +02:00
|
|
|
static cfg_type_t cfg_type_sizeorpercent;
|
2017-04-26 23:43:35 +05:30
|
|
|
static cfg_type_t cfg_type_sizeval;
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_type_t cfg_type_sockaddr4wild;
|
|
|
|
|
static cfg_type_t cfg_type_sockaddr6wild;
|
2008-01-17 00:15:14 +00:00
|
|
|
static cfg_type_t cfg_type_statschannels;
|
2020-09-16 12:21:32 -07:00
|
|
|
static cfg_type_t cfg_type_tlsconf;
|
2003-01-16 03:59:28 +00:00
|
|
|
static cfg_type_t cfg_type_view;
|
|
|
|
|
static cfg_type_t cfg_type_viewopts;
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_type_t cfg_type_zone;
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*% listen-on */
|
2002-01-04 02:32:16 +00:00
|
|
|
|
2021-02-03 11:36:33 -08:00
|
|
|
static cfg_tuplefielddef_t listenon_tuple_fields[] = {
|
2002-01-04 02:32:16 +00:00
|
|
|
{ "port", &cfg_type_optional_port, 0 },
|
2021-02-03 11:36:33 -08:00
|
|
|
{ "tls", &cfg_type_astring, 0 },
|
2021-09-01 10:38:01 +03:00
|
|
|
#if HAVE_LIBNGHTTP2
|
2021-02-03 11:36:33 -08:00
|
|
|
{ "http", &cfg_type_astring, 0 },
|
2021-04-21 13:52:15 +02:00
|
|
|
#else
|
|
|
|
|
{ "http", &cfg_type_astring, CFG_CLAUSEFLAG_NOTCONFIGURED },
|
|
|
|
|
#endif
|
2021-02-03 11:36:33 -08:00
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
static cfg_type_t cfg_type_listen_tuple = {
|
|
|
|
|
"listenon tuple", cfg_parse_kv_tuple, cfg_print_kv_tuple,
|
|
|
|
|
cfg_doc_kv_tuple, &cfg_rep_tuple, listenon_tuple_fields
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_tuplefielddef_t listenon_fields[] = {
|
|
|
|
|
{ "tuple", &cfg_type_listen_tuple, 0 },
|
2002-01-04 02:32:16 +00:00
|
|
|
{ "acl", &cfg_type_bracketed_aml, 0 },
|
|
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
2013-03-22 12:27:54 -07:00
|
|
|
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_type_t cfg_type_listenon = { "listenon", cfg_parse_tuple,
|
2013-03-22 12:27:54 -07:00
|
|
|
cfg_print_tuple, cfg_doc_tuple,
|
|
|
|
|
&cfg_rep_tuple, listenon_fields };
|
2002-01-04 02:32:16 +00:00
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*% acl */
|
2002-01-04 02:32:16 +00:00
|
|
|
|
2021-11-04 16:52:49 +02:00
|
|
|
/*
|
|
|
|
|
* Encrypted transfer related definitions
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
static cfg_tuplefielddef_t cfg_transport_acl_tuple_fields[] = {
|
|
|
|
|
{ "port", &cfg_type_optional_port, 0 },
|
|
|
|
|
{ "transport", &cfg_type_astring, 0 },
|
|
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
static cfg_type_t cfg_transport_acl_tuple = {
|
|
|
|
|
"transport-acl tuple", cfg_parse_kv_tuple,
|
|
|
|
|
cfg_print_kv_tuple, cfg_doc_kv_tuple,
|
|
|
|
|
&cfg_rep_tuple, cfg_transport_acl_tuple_fields
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_tuplefielddef_t cfg_transport_acl_fields[] = {
|
|
|
|
|
{ "port-transport", &cfg_transport_acl_tuple, 0 },
|
|
|
|
|
{ "aml", &cfg_type_bracketed_aml, 0 },
|
|
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_transport_acl = {
|
|
|
|
|
"transport-acl", cfg_parse_tuple, cfg_print_tuple,
|
|
|
|
|
cfg_doc_tuple, &cfg_rep_tuple, cfg_transport_acl_fields
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* NOTE: To enable syntax which allows specifying port and protocol,
|
|
|
|
|
* replace 'cfg_type_bracketed_aml' with
|
|
|
|
|
* 'cfg_type_transport_acl'.
|
|
|
|
|
*
|
|
|
|
|
* Example: acl port 853 protocol tls { ... };
|
|
|
|
|
*/
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_tuplefielddef_t acl_fields[] = { { "name", &cfg_type_astring, 0 },
|
|
|
|
|
{ "value", &cfg_type_bracketed_aml,
|
|
|
|
|
0 },
|
|
|
|
|
{ NULL, NULL, 0 } };
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_acl = { "acl", cfg_parse_tuple,
|
2016-11-29 15:28:28 +11:00
|
|
|
cfg_print_tuple, cfg_doc_tuple,
|
|
|
|
|
&cfg_rep_tuple, acl_fields };
|
2002-01-04 02:32:16 +00:00
|
|
|
|
2021-05-07 11:31:15 +02:00
|
|
|
/*% remote servers, used for primaries and parental agents */
|
|
|
|
|
static cfg_tuplefielddef_t remotes_fields[] = {
|
2003-02-26 06:04:03 +00:00
|
|
|
{ "name", &cfg_type_astring, 0 },
|
|
|
|
|
{ "port", &cfg_type_optional_port, 0 },
|
2022-12-13 17:28:19 +01:00
|
|
|
{ "source", &cfg_type_optional_sourceaddr4, 0 },
|
|
|
|
|
{ "source-v6", &cfg_type_optional_sourceaddr6, 0 },
|
2003-02-26 06:04:03 +00:00
|
|
|
{ "addresses", &cfg_type_bracketed_namesockaddrkeylist, 0 },
|
|
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
|
2021-05-07 11:31:15 +02:00
|
|
|
static cfg_type_t cfg_type_remoteservers = { "remote-servers", cfg_parse_tuple,
|
|
|
|
|
cfg_print_tuple, cfg_doc_tuple,
|
|
|
|
|
&cfg_rep_tuple, remotes_fields };
|
2002-01-04 02:32:16 +00:00
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2002-01-04 02:32:16 +00:00
|
|
|
* "sockaddrkeylist", a list of socket addresses with optional keys
|
2021-05-07 11:31:15 +02:00
|
|
|
* and an optional default port, as used in the remote-servers option.
|
2002-01-04 02:32:16 +00:00
|
|
|
* E.g.,
|
2021-05-07 11:31:15 +02:00
|
|
|
* "port 1234 { myservers; 10.0.0.1 key foo; 1::2 port 69; }"
|
2002-01-04 02:32:16 +00:00
|
|
|
*/
|
|
|
|
|
|
2003-02-26 06:04:03 +00:00
|
|
|
static cfg_tuplefielddef_t namesockaddrkey_fields[] = {
|
2021-05-07 11:31:15 +02:00
|
|
|
{ "remoteselement", &cfg_type_remoteselement, 0 },
|
2002-01-04 02:32:16 +00:00
|
|
|
{ "key", &cfg_type_optional_keyref, 0 },
|
2021-01-14 12:51:25 +01:00
|
|
|
{ "tls", &cfg_type_optional_tls, 0 },
|
2002-01-04 02:32:16 +00:00
|
|
|
{ NULL, NULL, 0 },
|
|
|
|
|
};
|
|
|
|
|
|
2003-02-26 06:04:03 +00:00
|
|
|
static cfg_type_t cfg_type_namesockaddrkey = {
|
2016-11-29 15:28:28 +11:00
|
|
|
"namesockaddrkey", cfg_parse_tuple, cfg_print_tuple,
|
|
|
|
|
cfg_doc_tuple, &cfg_rep_tuple, namesockaddrkey_fields
|
2002-01-04 02:32:16 +00:00
|
|
|
};
|
|
|
|
|
|
2003-02-26 06:04:03 +00:00
|
|
|
static cfg_type_t cfg_type_bracketed_namesockaddrkeylist = {
|
|
|
|
|
"bracketed_namesockaddrkeylist",
|
|
|
|
|
cfg_parse_bracketed_list,
|
2016-11-29 15:28:28 +11:00
|
|
|
cfg_print_bracketed_list,
|
|
|
|
|
cfg_doc_bracketed_list,
|
|
|
|
|
&cfg_rep_list,
|
|
|
|
|
&cfg_type_namesockaddrkey
|
2002-01-04 02:32:16 +00:00
|
|
|
};
|
|
|
|
|
|
2003-02-26 06:04:03 +00:00
|
|
|
static cfg_tuplefielddef_t namesockaddrkeylist_fields[] = {
|
2002-01-04 02:32:16 +00:00
|
|
|
{ "port", &cfg_type_optional_port, 0 },
|
2022-12-13 17:28:19 +01:00
|
|
|
{ "source", &cfg_type_optional_sourceaddr4, 0 },
|
|
|
|
|
{ "source-v6", &cfg_type_optional_sourceaddr6, 0 },
|
2003-02-26 06:04:03 +00:00
|
|
|
{ "addresses", &cfg_type_bracketed_namesockaddrkeylist, 0 },
|
2002-01-04 02:32:16 +00:00
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
2003-02-26 06:04:03 +00:00
|
|
|
static cfg_type_t cfg_type_namesockaddrkeylist = {
|
2016-11-29 15:28:28 +11:00
|
|
|
"sockaddrkeylist", cfg_parse_tuple, cfg_print_tuple,
|
|
|
|
|
cfg_doc_tuple, &cfg_rep_tuple, namesockaddrkeylist_fields
|
2002-01-04 02:32:16 +00:00
|
|
|
};
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2011-05-06 21:23:51 +00:00
|
|
|
* A list of socket addresses with an optional default port, as used
|
2022-12-08 10:57:37 +00:00
|
|
|
* in the 'forwarders' option. E.g., "{ 10.0.0.1; 1::2 port 69; }"
|
2002-01-04 02:32:16 +00:00
|
|
|
*/
|
|
|
|
|
static cfg_tuplefielddef_t portiplist_fields[] = {
|
|
|
|
|
{ "port", &cfg_type_optional_port, 0 },
|
2022-12-08 10:57:37 +00:00
|
|
|
{ "tls", &cfg_type_optional_tls, 0 },
|
|
|
|
|
{ "addresses", &cfg_type_bracketed_sockaddrtlslist, 0 },
|
2002-01-04 02:32:16 +00:00
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
static cfg_type_t cfg_type_portiplist = { "portiplist", cfg_parse_tuple,
|
2011-05-06 21:23:51 +00:00
|
|
|
cfg_print_tuple, cfg_doc_tuple,
|
|
|
|
|
&cfg_rep_tuple, portiplist_fields };
|
2002-01-04 02:32:16 +00:00
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2002-01-04 02:32:16 +00:00
|
|
|
* A list of RR types, used in grant statements.
|
|
|
|
|
* Note that the old parser allows quotes around the RR type names.
|
|
|
|
|
*/
|
|
|
|
|
static cfg_type_t cfg_type_rrtypelist = {
|
2009-06-10 00:27:22 +00:00
|
|
|
"rrtypelist", cfg_parse_spacelist, cfg_print_spacelist,
|
2009-06-10 23:47:47 +00:00
|
|
|
cfg_doc_terminal, &cfg_rep_list, &cfg_type_astring
|
2002-01-04 02:32:16 +00:00
|
|
|
};
|
|
|
|
|
|
2016-11-29 15:28:28 +11:00
|
|
|
static const char *mode_enums[] = { "deny", "grant", NULL };
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_type_t cfg_type_mode = {
|
2009-07-10 23:47:58 +00:00
|
|
|
"mode", cfg_parse_enum, cfg_print_ustring,
|
2009-07-10 07:33:21 +00:00
|
|
|
cfg_doc_enum, &cfg_rep_string, &mode_enums
|
2002-01-04 02:32:16 +00:00
|
|
|
};
|
|
|
|
|
|
2009-06-10 00:27:22 +00:00
|
|
|
static isc_result_t
|
2016-11-29 15:28:28 +11:00
|
|
|
parse_matchtype(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
|
2009-06-10 00:27:22 +00:00
|
|
|
isc_result_t result;
|
|
|
|
|
|
|
|
|
|
CHECK(cfg_peektoken(pctx, 0));
|
|
|
|
|
if (pctx->token.type == isc_tokentype_string &&
|
|
|
|
|
strcasecmp(TOKEN_STRING(pctx), "zonesub") == 0)
|
|
|
|
|
{
|
2009-06-10 23:47:47 +00:00
|
|
|
pctx->flags |= CFG_PCTX_SKIP;
|
2009-06-10 00:27:22 +00:00
|
|
|
}
|
|
|
|
|
return (cfg_parse_enum(pctx, type, ret));
|
|
|
|
|
|
|
|
|
|
cleanup:
|
|
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static isc_result_t
|
2009-07-10 07:33:21 +00:00
|
|
|
parse_matchname(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
|
2009-06-10 00:27:22 +00:00
|
|
|
isc_result_t result;
|
|
|
|
|
cfg_obj_t *obj = NULL;
|
|
|
|
|
|
|
|
|
|
if ((pctx->flags & CFG_PCTX_SKIP) != 0) {
|
|
|
|
|
pctx->flags &= ~CFG_PCTX_SKIP;
|
|
|
|
|
CHECK(cfg_parse_void(pctx, NULL, &obj));
|
|
|
|
|
} else {
|
|
|
|
|
result = cfg_parse_astring(pctx, type, &obj);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2009-06-10 00:27:22 +00:00
|
|
|
|
|
|
|
|
*ret = obj;
|
|
|
|
|
cleanup:
|
|
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
|
2009-07-10 07:33:21 +00:00
|
|
|
static void
|
|
|
|
|
doc_matchname(cfg_printer_t *pctx, const cfg_type_t *type) {
|
2015-01-06 22:57:57 -08:00
|
|
|
cfg_print_cstr(pctx, "[ ");
|
2009-07-10 07:33:21 +00:00
|
|
|
cfg_doc_obj(pctx, type->of);
|
2015-01-06 22:57:57 -08:00
|
|
|
cfg_print_cstr(pctx, " ]");
|
2009-07-10 07:33:21 +00:00
|
|
|
}
|
|
|
|
|
|
2002-01-04 02:32:16 +00:00
|
|
|
static const char *matchtype_enums[] = { "6to4-self",
|
2018-08-30 18:31:17 +10:00
|
|
|
"external",
|
|
|
|
|
"krb5-self",
|
|
|
|
|
"krb5-selfsub",
|
|
|
|
|
"krb5-subdomain",
|
2018-08-24 09:19:38 +10:00
|
|
|
"krb5-subdomain-self-rhs",
|
2018-08-30 18:31:17 +10:00
|
|
|
"ms-self",
|
|
|
|
|
"ms-selfsub",
|
|
|
|
|
"ms-subdomain",
|
2018-08-24 09:19:38 +10:00
|
|
|
"ms-subdomain-self-rhs",
|
2018-08-30 18:31:17 +10:00
|
|
|
"name",
|
|
|
|
|
"self",
|
|
|
|
|
"selfsub",
|
|
|
|
|
"selfwild",
|
|
|
|
|
"subdomain",
|
|
|
|
|
"tcp-self",
|
|
|
|
|
"wildcard",
|
|
|
|
|
"zonesub",
|
|
|
|
|
NULL };
|
2020-02-12 13:59:18 +01:00
|
|
|
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_type_t cfg_type_matchtype = { "matchtype", parse_matchtype,
|
2009-06-10 00:27:22 +00:00
|
|
|
cfg_print_ustring, cfg_doc_enum,
|
2009-06-10 23:47:47 +00:00
|
|
|
&cfg_rep_string, &matchtype_enums };
|
2009-06-10 00:27:22 +00:00
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_matchname = {
|
|
|
|
|
"optional_matchname", parse_matchname, cfg_print_ustring,
|
2019-09-09 14:05:31 +02:00
|
|
|
doc_matchname, &cfg_rep_tuple, &cfg_type_ustring
|
2002-01-04 02:32:16 +00:00
|
|
|
};
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2002-01-04 02:32:16 +00:00
|
|
|
* A grant statement, used in the update policy.
|
|
|
|
|
*/
|
|
|
|
|
static cfg_tuplefielddef_t grant_fields[] = {
|
|
|
|
|
{ "mode", &cfg_type_mode, 0 },
|
2008-01-18 23:46:58 +00:00
|
|
|
{ "identity", &cfg_type_astring, 0 }, /* domain name */
|
2002-01-04 02:32:16 +00:00
|
|
|
{ "matchtype", &cfg_type_matchtype, 0 },
|
2009-06-10 00:27:22 +00:00
|
|
|
{ "name", &cfg_type_matchname, 0 }, /* domain name */
|
2002-01-04 02:32:16 +00:00
|
|
|
{ "types", &cfg_type_rrtypelist, 0 },
|
|
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
static cfg_type_t cfg_type_grant = { "grant", cfg_parse_tuple,
|
2009-07-10 07:33:21 +00:00
|
|
|
cfg_print_tuple, cfg_doc_tuple,
|
|
|
|
|
&cfg_rep_tuple, grant_fields };
|
2002-01-04 02:32:16 +00:00
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_updatepolicy = {
|
2010-05-29 10:36:22 +00:00
|
|
|
"update_policy", parse_updatepolicy, print_updatepolicy,
|
|
|
|
|
doc_updatepolicy, &cfg_rep_list, &cfg_type_grant
|
2002-01-04 02:32:16 +00:00
|
|
|
};
|
|
|
|
|
|
2009-07-14 22:54:57 +00:00
|
|
|
static isc_result_t
|
|
|
|
|
parse_updatepolicy(cfg_parser_t *pctx, const cfg_type_t *type,
|
|
|
|
|
cfg_obj_t **ret) {
|
|
|
|
|
isc_result_t result;
|
|
|
|
|
CHECK(cfg_gettoken(pctx, 0));
|
|
|
|
|
if (pctx->token.type == isc_tokentype_special &&
|
|
|
|
|
pctx->token.value.as_char == '{')
|
|
|
|
|
{
|
2009-07-29 17:52:00 +00:00
|
|
|
cfg_ungettoken(pctx);
|
2009-07-14 22:54:57 +00:00
|
|
|
return (cfg_parse_bracketed_list(pctx, type, ret));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (pctx->token.type == isc_tokentype_string &&
|
|
|
|
|
strcasecmp(TOKEN_STRING(pctx), "local") == 0)
|
|
|
|
|
{
|
|
|
|
|
cfg_obj_t *obj = NULL;
|
|
|
|
|
CHECK(cfg_create_obj(pctx, &cfg_type_ustring, &obj));
|
|
|
|
|
obj->value.string.length = strlen("local");
|
2019-07-16 15:52:14 +02:00
|
|
|
obj->value.string.base =
|
|
|
|
|
isc_mem_get(pctx->mctx, obj->value.string.length + 1);
|
2014-01-08 16:27:10 -08:00
|
|
|
memmove(obj->value.string.base, "local", 5);
|
2009-07-14 22:54:57 +00:00
|
|
|
obj->value.string.base[5] = '\0';
|
|
|
|
|
*ret = obj;
|
|
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
cfg_ungettoken(pctx);
|
|
|
|
|
return (ISC_R_UNEXPECTEDTOKEN);
|
|
|
|
|
|
|
|
|
|
cleanup:
|
|
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
|
2010-05-29 10:36:22 +00:00
|
|
|
static void
|
|
|
|
|
print_updatepolicy(cfg_printer_t *pctx, const cfg_obj_t *obj) {
|
|
|
|
|
if (cfg_obj_isstring(obj)) {
|
|
|
|
|
cfg_print_ustring(pctx, obj);
|
|
|
|
|
} else {
|
|
|
|
|
cfg_print_bracketed_list(pctx, obj);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2010-05-29 10:36:22 +00:00
|
|
|
}
|
|
|
|
|
|
2009-07-14 22:54:57 +00:00
|
|
|
static void
|
|
|
|
|
doc_updatepolicy(cfg_printer_t *pctx, const cfg_type_t *type) {
|
2010-05-13 03:16:55 +00:00
|
|
|
cfg_print_cstr(pctx, "( local | { ");
|
2009-07-14 22:54:57 +00:00
|
|
|
cfg_doc_obj(pctx, type->of);
|
2022-11-04 06:03:44 +00:00
|
|
|
cfg_print_cstr(pctx, "; ... } )");
|
2009-07-14 22:54:57 +00:00
|
|
|
}
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2002-01-04 02:32:16 +00:00
|
|
|
* A view statement.
|
|
|
|
|
*/
|
|
|
|
|
static cfg_tuplefielddef_t view_fields[] = {
|
|
|
|
|
{ "name", &cfg_type_astring, 0 },
|
|
|
|
|
{ "class", &cfg_type_optional_class, 0 },
|
|
|
|
|
{ "options", &cfg_type_viewopts, 0 },
|
|
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
static cfg_type_t cfg_type_view = { "view", cfg_parse_tuple,
|
2009-07-10 07:33:21 +00:00
|
|
|
cfg_print_tuple, cfg_doc_tuple,
|
|
|
|
|
&cfg_rep_tuple, view_fields };
|
2002-01-04 02:32:16 +00:00
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2002-01-04 02:32:16 +00:00
|
|
|
* A zone statement.
|
|
|
|
|
*/
|
|
|
|
|
static cfg_tuplefielddef_t zone_fields[] = {
|
|
|
|
|
{ "name", &cfg_type_astring, 0 },
|
|
|
|
|
{ "class", &cfg_type_optional_class, 0 },
|
|
|
|
|
{ "options", &cfg_type_zoneopts, 0 },
|
|
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
static cfg_type_t cfg_type_zone = { "zone", cfg_parse_tuple,
|
2009-07-10 07:33:21 +00:00
|
|
|
cfg_print_tuple, cfg_doc_tuple,
|
|
|
|
|
&cfg_rep_tuple, zone_fields };
|
2002-01-04 02:32:16 +00:00
|
|
|
|
Introduce dnssec-policy configuration
This commit introduces the initial `dnssec-policy` configuration
statement. It has an initial set of options to deal with signature
and key maintenance.
Add some checks to ensure that dnssec-policy is configured at the
right locations, and that policies referenced to in zone statements
actually exist.
Add some checks that when a user adds the new `dnssec-policy`
configuration, it will no longer contain existing DNSSEC
configuration options. Specifically: `inline-signing`,
`auto-dnssec`, `dnssec-dnskey-kskonly`, `dnssec-secure-to-insecure`,
`update-check-ksk`, `dnssec-update-mode`, `dnskey-sig-validity`,
and `sig-validity-interval`.
Test a good kasp configuration, and some bad configurations.
2019-09-02 16:24:48 +02:00
|
|
|
/*%
|
|
|
|
|
* A dnssec-policy statement.
|
|
|
|
|
*/
|
|
|
|
|
static cfg_tuplefielddef_t dnssecpolicy_fields[] = {
|
|
|
|
|
{ "name", &cfg_type_astring, 0 },
|
|
|
|
|
{ "options", &cfg_type_dnssecpolicyopts, 0 },
|
|
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_dnssecpolicy = {
|
|
|
|
|
"dnssec-policy", cfg_parse_tuple, cfg_print_tuple,
|
|
|
|
|
cfg_doc_tuple, &cfg_rep_tuple, dnssecpolicy_fields
|
|
|
|
|
};
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2002-01-04 02:32:16 +00:00
|
|
|
* A "category" clause in the "logging" statement.
|
|
|
|
|
*/
|
|
|
|
|
static cfg_tuplefielddef_t category_fields[] = {
|
|
|
|
|
{ "name", &cfg_type_astring, 0 },
|
|
|
|
|
{ "destinations", &cfg_type_destinationlist, 0 },
|
|
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
static cfg_type_t cfg_type_category = { "category", cfg_parse_tuple,
|
2009-07-10 07:33:21 +00:00
|
|
|
cfg_print_tuple, cfg_doc_tuple,
|
|
|
|
|
&cfg_rep_tuple, category_fields };
|
2002-01-04 02:32:16 +00:00
|
|
|
|
2020-02-06 15:41:47 +01:00
|
|
|
static isc_result_t
|
|
|
|
|
parse_maxduration(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
|
|
|
|
|
return (cfg_parse_enum_or_other(pctx, type, &cfg_type_duration, ret));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
doc_maxduration(cfg_printer_t *pctx, const cfg_type_t *type) {
|
|
|
|
|
cfg_doc_enum_or_other(pctx, type, &cfg_type_duration);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*%
|
|
|
|
|
* A duration or "unlimited", but not "default".
|
|
|
|
|
*/
|
|
|
|
|
static const char *maxduration_enums[] = { "unlimited", NULL };
|
|
|
|
|
static cfg_type_t cfg_type_maxduration = {
|
|
|
|
|
"maxduration_no_default", parse_maxduration, cfg_print_ustring,
|
|
|
|
|
doc_maxduration, &cfg_rep_duration, maxduration_enums
|
|
|
|
|
};
|
2002-01-04 02:32:16 +00:00
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2009-09-01 07:14:26 +00:00
|
|
|
* A dnssec key, as used in the "trusted-keys" statement.
|
2002-01-04 02:32:16 +00:00
|
|
|
*/
|
2009-06-30 02:53:46 +00:00
|
|
|
static cfg_tuplefielddef_t dnsseckey_fields[] = {
|
2002-01-04 02:32:16 +00:00
|
|
|
{ "name", &cfg_type_astring, 0 },
|
2019-09-15 22:15:29 -07:00
|
|
|
{ "anchortype", &cfg_type_void, 0 },
|
2019-12-02 09:29:02 +01:00
|
|
|
{ "rdata1", &cfg_type_uint32, 0 },
|
|
|
|
|
{ "rdata2", &cfg_type_uint32, 0 },
|
|
|
|
|
{ "rdata3", &cfg_type_uint32, 0 },
|
2019-09-15 22:15:29 -07:00
|
|
|
{ "data", &cfg_type_qstring, 0 },
|
2002-01-04 02:32:16 +00:00
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
2009-06-30 02:53:46 +00:00
|
|
|
static cfg_type_t cfg_type_dnsseckey = { "dnsseckey", cfg_parse_tuple,
|
|
|
|
|
cfg_print_tuple, cfg_doc_tuple,
|
|
|
|
|
&cfg_rep_tuple, dnsseckey_fields };
|
2002-01-04 02:32:16 +00:00
|
|
|
|
2020-02-06 15:56:58 +01:00
|
|
|
/*%
|
|
|
|
|
* Optional enums.
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
static isc_result_t
|
|
|
|
|
parse_optional_enum(cfg_parser_t *pctx, const cfg_type_t *type,
|
|
|
|
|
cfg_obj_t **ret) {
|
|
|
|
|
return (cfg_parse_enum_or_other(pctx, type, &cfg_type_void, ret));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
doc_optional_enum(cfg_printer_t *pctx, const cfg_type_t *type) {
|
|
|
|
|
UNUSED(type);
|
|
|
|
|
cfg_print_cstr(pctx, "[ ");
|
|
|
|
|
cfg_doc_enum(pctx, type);
|
|
|
|
|
cfg_print_cstr(pctx, " ]");
|
|
|
|
|
}
|
|
|
|
|
|
2009-09-01 07:14:26 +00:00
|
|
|
/*%
|
2018-10-05 12:00:42 -07:00
|
|
|
* A key initialization specifier, as used in the
|
2019-12-04 11:06:40 +01:00
|
|
|
* "trust-anchors" (or synonymous "managed-keys") statement.
|
2009-09-01 07:14:26 +00:00
|
|
|
*/
|
2019-09-15 22:15:29 -07:00
|
|
|
static const char *anchortype_enums[] = { "static-key", "initial-key",
|
|
|
|
|
"static-ds", "initial-ds", NULL };
|
|
|
|
|
static cfg_type_t cfg_type_anchortype = { "anchortype", cfg_parse_enum,
|
|
|
|
|
cfg_print_ustring, cfg_doc_enum,
|
|
|
|
|
&cfg_rep_string, anchortype_enums };
|
2009-09-01 07:14:26 +00:00
|
|
|
static cfg_tuplefielddef_t managedkey_fields[] = {
|
|
|
|
|
{ "name", &cfg_type_astring, 0 },
|
2019-09-15 22:15:29 -07:00
|
|
|
{ "anchortype", &cfg_type_anchortype, 0 },
|
2019-12-02 09:29:02 +01:00
|
|
|
{ "rdata1", &cfg_type_uint32, 0 },
|
|
|
|
|
{ "rdata2", &cfg_type_uint32, 0 },
|
|
|
|
|
{ "rdata3", &cfg_type_uint32, 0 },
|
2019-09-15 22:15:29 -07:00
|
|
|
{ "data", &cfg_type_qstring, 0 },
|
2009-09-01 07:14:26 +00:00
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
static cfg_type_t cfg_type_managedkey = { "managedkey", cfg_parse_tuple,
|
|
|
|
|
cfg_print_tuple, cfg_doc_tuple,
|
|
|
|
|
&cfg_rep_tuple, managedkey_fields };
|
|
|
|
|
|
Introduce dnssec-policy configuration
This commit introduces the initial `dnssec-policy` configuration
statement. It has an initial set of options to deal with signature
and key maintenance.
Add some checks to ensure that dnssec-policy is configured at the
right locations, and that policies referenced to in zone statements
actually exist.
Add some checks that when a user adds the new `dnssec-policy`
configuration, it will no longer contain existing DNSSEC
configuration options. Specifically: `inline-signing`,
`auto-dnssec`, `dnssec-dnskey-kskonly`, `dnssec-secure-to-insecure`,
`update-check-ksk`, `dnssec-update-mode`, `dnskey-sig-validity`,
and `sig-validity-interval`.
Test a good kasp configuration, and some bad configurations.
2019-09-02 16:24:48 +02:00
|
|
|
/*%
|
|
|
|
|
* DNSSEC key roles.
|
|
|
|
|
*/
|
|
|
|
|
static const char *dnsseckeyrole_enums[] = { "csk", "ksk", "zsk", NULL };
|
|
|
|
|
static cfg_type_t cfg_type_dnsseckeyrole = {
|
|
|
|
|
"dnssec-key-role", cfg_parse_enum, cfg_print_ustring,
|
|
|
|
|
cfg_doc_enum, &cfg_rep_string, &dnsseckeyrole_enums
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/*%
|
|
|
|
|
* DNSSEC key storage types.
|
|
|
|
|
*/
|
|
|
|
|
static const char *dnsseckeystore_enums[] = { "key-directory", NULL };
|
|
|
|
|
static cfg_type_t cfg_type_dnsseckeystore = {
|
2020-02-06 15:56:58 +01:00
|
|
|
"dnssec-key-storage", parse_optional_enum, cfg_print_ustring,
|
|
|
|
|
doc_optional_enum, &cfg_rep_string, dnsseckeystore_enums
|
Introduce dnssec-policy configuration
This commit introduces the initial `dnssec-policy` configuration
statement. It has an initial set of options to deal with signature
and key maintenance.
Add some checks to ensure that dnssec-policy is configured at the
right locations, and that policies referenced to in zone statements
actually exist.
Add some checks that when a user adds the new `dnssec-policy`
configuration, it will no longer contain existing DNSSEC
configuration options. Specifically: `inline-signing`,
`auto-dnssec`, `dnssec-dnskey-kskonly`, `dnssec-secure-to-insecure`,
`update-check-ksk`, `dnssec-update-mode`, `dnskey-sig-validity`,
and `sig-validity-interval`.
Test a good kasp configuration, and some bad configurations.
2019-09-02 16:24:48 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/*%
|
|
|
|
|
* A dnssec key, as used in the "keys" statement in a "dnssec-policy".
|
|
|
|
|
*/
|
2020-02-06 12:13:20 -08:00
|
|
|
static keyword_type_t algorithm_kw = { "algorithm", &cfg_type_ustring };
|
2019-10-21 13:26:30 +02:00
|
|
|
static cfg_type_t cfg_type_algorithm = { "algorithm", parse_keyvalue,
|
|
|
|
|
print_keyvalue, doc_keyvalue,
|
2020-02-06 12:13:20 -08:00
|
|
|
&cfg_rep_string, &algorithm_kw };
|
2019-10-21 13:26:30 +02:00
|
|
|
|
2020-02-06 15:41:47 +01:00
|
|
|
static keyword_type_t lifetime_kw = { "lifetime",
|
|
|
|
|
&cfg_type_duration_or_unlimited };
|
2019-10-21 13:26:30 +02:00
|
|
|
static cfg_type_t cfg_type_lifetime = { "lifetime", parse_keyvalue,
|
|
|
|
|
print_keyvalue, doc_keyvalue,
|
|
|
|
|
&cfg_rep_duration, &lifetime_kw };
|
|
|
|
|
|
Introduce dnssec-policy configuration
This commit introduces the initial `dnssec-policy` configuration
statement. It has an initial set of options to deal with signature
and key maintenance.
Add some checks to ensure that dnssec-policy is configured at the
right locations, and that policies referenced to in zone statements
actually exist.
Add some checks that when a user adds the new `dnssec-policy`
configuration, it will no longer contain existing DNSSEC
configuration options. Specifically: `inline-signing`,
`auto-dnssec`, `dnssec-dnskey-kskonly`, `dnssec-secure-to-insecure`,
`update-check-ksk`, `dnssec-update-mode`, `dnskey-sig-validity`,
and `sig-validity-interval`.
Test a good kasp configuration, and some bad configurations.
2019-09-02 16:24:48 +02:00
|
|
|
static cfg_tuplefielddef_t kaspkey_fields[] = {
|
|
|
|
|
{ "role", &cfg_type_dnsseckeyrole, 0 },
|
|
|
|
|
{ "keystore-type", &cfg_type_dnsseckeystore, 0 },
|
2019-10-21 13:26:30 +02:00
|
|
|
{ "lifetime", &cfg_type_lifetime, 0 },
|
|
|
|
|
{ "algorithm", &cfg_type_algorithm, 0 },
|
Introduce dnssec-policy configuration
This commit introduces the initial `dnssec-policy` configuration
statement. It has an initial set of options to deal with signature
and key maintenance.
Add some checks to ensure that dnssec-policy is configured at the
right locations, and that policies referenced to in zone statements
actually exist.
Add some checks that when a user adds the new `dnssec-policy`
configuration, it will no longer contain existing DNSSEC
configuration options. Specifically: `inline-signing`,
`auto-dnssec`, `dnssec-dnskey-kskonly`, `dnssec-secure-to-insecure`,
`update-check-ksk`, `dnssec-update-mode`, `dnskey-sig-validity`,
and `sig-validity-interval`.
Test a good kasp configuration, and some bad configurations.
2019-09-02 16:24:48 +02:00
|
|
|
{ "length", &cfg_type_optional_uint32, 0 },
|
|
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
static cfg_type_t cfg_type_kaspkey = { "kaspkey", cfg_parse_tuple,
|
|
|
|
|
cfg_print_tuple, cfg_doc_tuple,
|
|
|
|
|
&cfg_rep_tuple, kaspkey_fields };
|
|
|
|
|
|
2020-10-09 14:19:10 +02:00
|
|
|
/*%
|
|
|
|
|
* NSEC3 parameters.
|
|
|
|
|
*/
|
|
|
|
|
static keyword_type_t nsec3iter_kw = { "iterations", &cfg_type_uint32 };
|
|
|
|
|
static cfg_type_t cfg_type_nsec3iter = {
|
|
|
|
|
"iterations", parse_optional_keyvalue, print_keyvalue,
|
|
|
|
|
doc_optional_keyvalue, &cfg_rep_uint32, &nsec3iter_kw
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static keyword_type_t nsec3optout_kw = { "optout", &cfg_type_boolean };
|
|
|
|
|
static cfg_type_t cfg_type_nsec3optout = {
|
|
|
|
|
"optout", parse_optional_keyvalue,
|
|
|
|
|
print_keyvalue, doc_optional_keyvalue,
|
|
|
|
|
&cfg_rep_boolean, &nsec3optout_kw
|
|
|
|
|
};
|
|
|
|
|
|
2020-10-23 15:02:19 +02:00
|
|
|
static keyword_type_t nsec3salt_kw = { "salt-length", &cfg_type_uint32 };
|
2020-10-09 14:19:10 +02:00
|
|
|
static cfg_type_t cfg_type_nsec3salt = {
|
2020-10-23 15:02:19 +02:00
|
|
|
"salt-length", parse_optional_keyvalue, print_keyvalue,
|
|
|
|
|
doc_optional_keyvalue, &cfg_rep_uint32, &nsec3salt_kw
|
2020-10-09 14:19:10 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_tuplefielddef_t nsec3param_fields[] = {
|
|
|
|
|
{ "iterations", &cfg_type_nsec3iter, 0 },
|
|
|
|
|
{ "optout", &cfg_type_nsec3optout, 0 },
|
2020-10-23 15:02:19 +02:00
|
|
|
{ "salt-length", &cfg_type_nsec3salt, 0 },
|
2020-10-09 14:19:10 +02:00
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_nsec3 = { "nsec3param", cfg_parse_tuple,
|
|
|
|
|
cfg_print_tuple, cfg_doc_tuple,
|
|
|
|
|
&cfg_rep_tuple, nsec3param_fields };
|
|
|
|
|
|
2019-10-21 13:26:30 +02:00
|
|
|
/*%
|
|
|
|
|
* Wild class, type, name.
|
|
|
|
|
*/
|
2002-01-04 02:32:16 +00:00
|
|
|
static keyword_type_t wild_class_kw = { "class", &cfg_type_ustring };
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_optional_wild_class = {
|
|
|
|
|
"optional_wild_class", parse_optional_keyvalue, print_keyvalue,
|
|
|
|
|
doc_optional_keyvalue, &cfg_rep_string, &wild_class_kw
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static keyword_type_t wild_type_kw = { "type", &cfg_type_ustring };
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_optional_wild_type = {
|
|
|
|
|
"optional_wild_type", parse_optional_keyvalue, print_keyvalue,
|
|
|
|
|
doc_optional_keyvalue, &cfg_rep_string, &wild_type_kw
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static keyword_type_t wild_name_kw = { "name", &cfg_type_qstring };
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_optional_wild_name = {
|
2016-11-29 15:28:28 +11:00
|
|
|
"optional_wild_name", parse_optional_keyvalue, print_keyvalue,
|
|
|
|
|
doc_optional_keyvalue, &cfg_rep_string, &wild_name_kw
|
2002-01-04 02:32:16 +00:00
|
|
|
};
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2002-01-04 02:32:16 +00:00
|
|
|
* An rrset ordering element.
|
|
|
|
|
*/
|
|
|
|
|
static cfg_tuplefielddef_t rrsetorderingelement_fields[] = {
|
|
|
|
|
{ "class", &cfg_type_optional_wild_class, 0 },
|
|
|
|
|
{ "type", &cfg_type_optional_wild_type, 0 },
|
|
|
|
|
{ "name", &cfg_type_optional_wild_name, 0 },
|
2008-01-18 23:46:58 +00:00
|
|
|
{ "order", &cfg_type_ustring, 0 }, /* must be literal "order" */
|
2002-01-04 02:32:16 +00:00
|
|
|
{ "ordering", &cfg_type_ustring, 0 },
|
|
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
static cfg_type_t cfg_type_rrsetorderingelement = {
|
2016-11-29 15:28:28 +11:00
|
|
|
"rrsetorderingelement", cfg_parse_tuple, cfg_print_tuple,
|
|
|
|
|
cfg_doc_tuple, &cfg_rep_tuple, rrsetorderingelement_fields
|
2002-01-04 02:32:16 +00:00
|
|
|
};
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2002-01-04 02:32:16 +00:00
|
|
|
* A global or view "check-names" option. Note that the zone
|
|
|
|
|
* "check-names" option has a different syntax.
|
|
|
|
|
*/
|
2004-02-27 20:41:51 +00:00
|
|
|
|
2017-12-15 01:47:05 -08:00
|
|
|
static const char *checktype_enums[] = { "primary", "master", "secondary",
|
|
|
|
|
"slave", "response", NULL };
|
2004-02-27 20:41:51 +00:00
|
|
|
static cfg_type_t cfg_type_checktype = { "checktype", cfg_parse_enum,
|
|
|
|
|
cfg_print_ustring, cfg_doc_enum,
|
|
|
|
|
&cfg_rep_string, &checktype_enums };
|
|
|
|
|
|
|
|
|
|
static const char *checkmode_enums[] = { "fail", "warn", "ignore", NULL };
|
|
|
|
|
static cfg_type_t cfg_type_checkmode = { "checkmode", cfg_parse_enum,
|
|
|
|
|
cfg_print_ustring, cfg_doc_enum,
|
|
|
|
|
&cfg_rep_string, &checkmode_enums };
|
|
|
|
|
|
2013-04-30 13:49:41 +10:00
|
|
|
static const char *warn_enums[] = { "warn", "ignore", NULL };
|
|
|
|
|
static cfg_type_t cfg_type_warn = {
|
|
|
|
|
"warn", cfg_parse_enum, cfg_print_ustring,
|
|
|
|
|
cfg_doc_enum, &cfg_rep_string, &warn_enums
|
|
|
|
|
};
|
|
|
|
|
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_tuplefielddef_t checknames_fields[] = {
|
2004-02-27 20:41:51 +00:00
|
|
|
{ "type", &cfg_type_checktype, 0 },
|
|
|
|
|
{ "mode", &cfg_type_checkmode, 0 },
|
2002-01-04 02:32:16 +00:00
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
2009-12-04 21:09:34 +00:00
|
|
|
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_type_t cfg_type_checknames = { "checknames", cfg_parse_tuple,
|
2013-03-22 12:27:54 -07:00
|
|
|
cfg_print_tuple, cfg_doc_tuple,
|
|
|
|
|
&cfg_rep_tuple, checknames_fields };
|
|
|
|
|
|
2018-10-18 15:48:44 +02:00
|
|
|
static cfg_type_t cfg_type_bracketed_netaddrlist = { "bracketed_netaddrlist",
|
|
|
|
|
cfg_parse_bracketed_list,
|
2013-03-22 12:27:54 -07:00
|
|
|
cfg_print_bracketed_list,
|
|
|
|
|
cfg_doc_bracketed_list,
|
|
|
|
|
&cfg_rep_list,
|
2018-10-18 15:48:44 +02:00
|
|
|
&cfg_type_netaddr };
|
2002-01-04 02:32:16 +00:00
|
|
|
|
2022-12-08 10:57:37 +00:00
|
|
|
static cfg_type_t cfg_type_bracketed_sockaddrtlslist = {
|
|
|
|
|
"bracketed_sockaddrtlslist",
|
|
|
|
|
cfg_parse_bracketed_list,
|
|
|
|
|
cfg_print_bracketed_list,
|
|
|
|
|
cfg_doc_bracketed_list,
|
|
|
|
|
&cfg_rep_list,
|
|
|
|
|
&cfg_type_sockaddrtls
|
|
|
|
|
};
|
2023-01-09 16:57:41 -08:00
|
|
|
|
2016-11-29 15:28:28 +11:00
|
|
|
static const char *autodnssec_enums[] = { "allow", "maintain", "off", NULL };
|
2009-10-12 20:48:12 +00:00
|
|
|
static cfg_type_t cfg_type_autodnssec = {
|
|
|
|
|
"autodnssec", cfg_parse_enum, cfg_print_ustring,
|
|
|
|
|
cfg_doc_enum, &cfg_rep_string, &autodnssec_enums
|
|
|
|
|
};
|
|
|
|
|
|
2016-11-29 15:28:28 +11:00
|
|
|
static const char *dnssecupdatemode_enums[] = { "maintain", "no-resign", NULL };
|
2011-05-23 20:10:03 +00:00
|
|
|
static cfg_type_t cfg_type_dnssecupdatemode = {
|
|
|
|
|
"dnssecupdatemode", cfg_parse_enum, cfg_print_ustring,
|
|
|
|
|
cfg_doc_enum, &cfg_rep_string, &dnssecupdatemode_enums
|
|
|
|
|
};
|
|
|
|
|
|
2014-04-17 16:05:50 -07:00
|
|
|
static const char *updatemethods_enums[] = { "date", "increment", "unixtime",
|
2016-11-29 15:28:28 +11:00
|
|
|
NULL };
|
2011-07-01 02:25:48 +00:00
|
|
|
static cfg_type_t cfg_type_updatemethod = {
|
|
|
|
|
"updatemethod", cfg_parse_enum, cfg_print_ustring,
|
|
|
|
|
cfg_doc_enum, &cfg_rep_string, &updatemethods_enums
|
|
|
|
|
};
|
|
|
|
|
|
2013-02-27 11:53:58 -08:00
|
|
|
/*
|
|
|
|
|
* zone-statistics: full, terse, or none.
|
|
|
|
|
*
|
|
|
|
|
* for backward compatibility, we also support boolean values.
|
|
|
|
|
* yes represents "full", no represents "terse". in the future we
|
|
|
|
|
* may change no to mean "none".
|
|
|
|
|
*/
|
|
|
|
|
static const char *zonestat_enums[] = { "full", "terse", "none", NULL };
|
|
|
|
|
static isc_result_t
|
|
|
|
|
parse_zonestat(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
|
2018-08-12 23:06:00 -07:00
|
|
|
return (cfg_parse_enum_or_other(pctx, type, &cfg_type_boolean, ret));
|
2013-02-27 11:53:58 -08:00
|
|
|
}
|
2015-09-09 17:02:11 +10:00
|
|
|
static void
|
|
|
|
|
doc_zonestat(cfg_printer_t *pctx, const cfg_type_t *type) {
|
2018-08-12 23:06:00 -07:00
|
|
|
cfg_doc_enum_or_other(pctx, type, &cfg_type_boolean);
|
2015-09-09 17:02:11 +10:00
|
|
|
}
|
2013-02-27 11:53:58 -08:00
|
|
|
static cfg_type_t cfg_type_zonestat = { "zonestat", parse_zonestat,
|
2015-09-09 17:02:11 +10:00
|
|
|
cfg_print_ustring, doc_zonestat,
|
2013-02-27 11:53:58 -08:00
|
|
|
&cfg_rep_string, zonestat_enums };
|
|
|
|
|
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_type_t cfg_type_rrsetorder = { "rrsetorder",
|
2013-03-22 12:27:54 -07:00
|
|
|
cfg_parse_bracketed_list,
|
|
|
|
|
cfg_print_bracketed_list,
|
|
|
|
|
cfg_doc_bracketed_list,
|
|
|
|
|
&cfg_rep_list,
|
|
|
|
|
&cfg_type_rrsetorderingelement };
|
|
|
|
|
|
2002-01-04 02:32:16 +00:00
|
|
|
static keyword_type_t port_kw = { "port", &cfg_type_uint32 };
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_optional_port = {
|
|
|
|
|
"optional_port", parse_optional_keyvalue, print_keyvalue,
|
|
|
|
|
doc_optional_keyvalue, &cfg_rep_uint32, &port_kw
|
|
|
|
|
};
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*% A list of keys, as in the "key" clause of the controls statement. */
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_type_t cfg_type_keylist = { "keylist",
|
2009-06-30 02:53:46 +00:00
|
|
|
cfg_parse_bracketed_list,
|
|
|
|
|
cfg_print_bracketed_list,
|
|
|
|
|
cfg_doc_bracketed_list,
|
|
|
|
|
&cfg_rep_list,
|
|
|
|
|
&cfg_type_astring };
|
2002-01-04 02:32:16 +00:00
|
|
|
|
2018-08-15 16:59:45 -07:00
|
|
|
/*% A list of dnssec keys, as in "trusted-keys". Deprecated. */
|
2018-10-05 12:00:42 -07:00
|
|
|
static cfg_type_t cfg_type_trustedkeys = { "trustedkeys",
|
|
|
|
|
cfg_parse_bracketed_list,
|
|
|
|
|
cfg_print_bracketed_list,
|
2009-06-30 02:53:46 +00:00
|
|
|
cfg_doc_bracketed_list,
|
|
|
|
|
&cfg_rep_list,
|
|
|
|
|
&cfg_type_dnsseckey };
|
2002-01-04 02:32:16 +00:00
|
|
|
|
2009-09-01 07:14:26 +00:00
|
|
|
/*%
|
2019-09-15 22:15:29 -07:00
|
|
|
* A list of managed trust anchors. Each entry contains a name, a keyword
|
|
|
|
|
* ("static-key", initial-key", "static-ds" or "initial-ds"), and the
|
|
|
|
|
* fields associated with either a DNSKEY or a DS record.
|
2009-09-01 07:14:26 +00:00
|
|
|
*/
|
2018-10-05 12:00:42 -07:00
|
|
|
static cfg_type_t cfg_type_dnsseckeys = { "dnsseckeys",
|
|
|
|
|
cfg_parse_bracketed_list,
|
|
|
|
|
cfg_print_bracketed_list,
|
2009-09-01 07:14:26 +00:00
|
|
|
cfg_doc_bracketed_list,
|
|
|
|
|
&cfg_rep_list,
|
|
|
|
|
&cfg_type_managedkey };
|
|
|
|
|
|
Introduce dnssec-policy configuration
This commit introduces the initial `dnssec-policy` configuration
statement. It has an initial set of options to deal with signature
and key maintenance.
Add some checks to ensure that dnssec-policy is configured at the
right locations, and that policies referenced to in zone statements
actually exist.
Add some checks that when a user adds the new `dnssec-policy`
configuration, it will no longer contain existing DNSSEC
configuration options. Specifically: `inline-signing`,
`auto-dnssec`, `dnssec-dnskey-kskonly`, `dnssec-secure-to-insecure`,
`update-check-ksk`, `dnssec-update-mode`, `dnskey-sig-validity`,
and `sig-validity-interval`.
Test a good kasp configuration, and some bad configurations.
2019-09-02 16:24:48 +02:00
|
|
|
/*%
|
|
|
|
|
* A list of key entries, used in a DNSSEC Key and Signing Policy.
|
|
|
|
|
*/
|
|
|
|
|
static cfg_type_t cfg_type_kaspkeys = { "kaspkeys",
|
|
|
|
|
cfg_parse_bracketed_list,
|
|
|
|
|
cfg_print_bracketed_list,
|
|
|
|
|
cfg_doc_bracketed_list,
|
|
|
|
|
&cfg_rep_list,
|
|
|
|
|
&cfg_type_kaspkey };
|
|
|
|
|
|
2002-01-04 02:32:16 +00:00
|
|
|
static const char *forwardtype_enums[] = { "first", "only", NULL };
|
|
|
|
|
static cfg_type_t cfg_type_forwardtype = {
|
2016-11-29 15:28:28 +11:00
|
|
|
"forwardtype", cfg_parse_enum, cfg_print_ustring,
|
|
|
|
|
cfg_doc_enum, &cfg_rep_string, &forwardtype_enums
|
2002-01-04 02:32:16 +00:00
|
|
|
};
|
|
|
|
|
|
2023-03-22 16:57:54 -07:00
|
|
|
static const char *zonetype_enums[] = { "primary", "master", "secondary",
|
|
|
|
|
"slave", "mirror", "forward",
|
|
|
|
|
"hint", "redirect", "static-stub",
|
|
|
|
|
"stub", NULL };
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_type_t cfg_type_zonetype = { "zonetype", cfg_parse_enum,
|
2016-11-29 15:28:28 +11:00
|
|
|
cfg_print_ustring, cfg_doc_enum,
|
2005-08-18 00:57:31 +00:00
|
|
|
&cfg_rep_string, &zonetype_enums };
|
2002-01-04 02:32:16 +00:00
|
|
|
|
|
|
|
|
static const char *loglevel_enums[] = { "critical", "error", "warning",
|
2016-11-29 15:28:28 +11:00
|
|
|
"notice", "info", "dynamic",
|
|
|
|
|
NULL };
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_type_t cfg_type_loglevel = { "loglevel", cfg_parse_enum,
|
2016-11-29 15:28:28 +11:00
|
|
|
cfg_print_ustring, cfg_doc_enum,
|
|
|
|
|
&cfg_rep_string, &loglevel_enums };
|
2002-01-04 02:32:16 +00:00
|
|
|
|
|
|
|
|
static const char *transferformat_enums[] = { "many-answers", "one-answer",
|
2016-11-29 15:28:28 +11:00
|
|
|
NULL };
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_type_t cfg_type_transferformat = {
|
2016-11-29 15:28:28 +11:00
|
|
|
"transferformat", cfg_parse_enum, cfg_print_ustring,
|
|
|
|
|
cfg_doc_enum, &cfg_rep_string, &transferformat_enums
|
2002-01-04 02:32:16 +00:00
|
|
|
};
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2002-01-04 02:32:16 +00:00
|
|
|
* The special keyword "none", as used in the pid-file option.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
static void
|
2006-02-28 02:39:52 +00:00
|
|
|
print_none(cfg_printer_t *pctx, const cfg_obj_t *obj) {
|
2002-01-04 02:32:16 +00:00
|
|
|
UNUSED(obj);
|
2010-05-13 03:16:55 +00:00
|
|
|
cfg_print_cstr(pctx, "none");
|
2002-01-04 02:32:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_none = { "none", NULL, print_none,
|
|
|
|
|
NULL, &cfg_rep_void, NULL };
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2002-01-04 02:32:16 +00:00
|
|
|
* A quoted string or the special keyword "none". Used in the pid-file option.
|
|
|
|
|
*/
|
|
|
|
|
static isc_result_t
|
|
|
|
|
parse_qstringornone(cfg_parser_t *pctx, const cfg_type_t *type,
|
|
|
|
|
cfg_obj_t **ret) {
|
|
|
|
|
isc_result_t result;
|
2009-07-14 22:54:57 +00:00
|
|
|
|
2002-01-04 02:32:16 +00:00
|
|
|
CHECK(cfg_gettoken(pctx, CFG_LEXOPT_QSTRING));
|
|
|
|
|
if (pctx->token.type == isc_tokentype_string &&
|
2002-01-22 19:31:57 +00:00
|
|
|
strcasecmp(TOKEN_STRING(pctx), "none") == 0)
|
|
|
|
|
{
|
2002-01-04 02:32:16 +00:00
|
|
|
return (cfg_create_obj(pctx, &cfg_type_none, ret));
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2002-01-04 02:32:16 +00:00
|
|
|
cfg_ungettoken(pctx);
|
|
|
|
|
return (cfg_parse_qstring(pctx, type, ret));
|
|
|
|
|
cleanup:
|
|
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
doc_qstringornone(cfg_printer_t *pctx, const cfg_type_t *type) {
|
|
|
|
|
UNUSED(type);
|
2010-05-13 03:16:55 +00:00
|
|
|
cfg_print_cstr(pctx, "( <quoted_string> | none )");
|
2002-01-04 02:32:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_qstringornone = { "qstringornone",
|
2009-07-14 22:54:57 +00:00
|
|
|
parse_qstringornone,
|
|
|
|
|
NULL,
|
|
|
|
|
doc_qstringornone,
|
|
|
|
|
NULL,
|
|
|
|
|
NULL };
|
2002-01-04 02:32:16 +00:00
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2011-01-03 23:45:08 +00:00
|
|
|
* A boolean ("yes" or "no"), or the special keyword "auto".
|
|
|
|
|
* Used in the dnssec-validation option.
|
2003-01-20 05:46:11 +00:00
|
|
|
*/
|
2011-01-03 23:45:08 +00:00
|
|
|
static void
|
|
|
|
|
print_auto(cfg_printer_t *pctx, const cfg_obj_t *obj) {
|
|
|
|
|
UNUSED(obj);
|
|
|
|
|
cfg_print_cstr(pctx, "auto");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_auto = { "auto", NULL, print_auto,
|
|
|
|
|
NULL, &cfg_rep_void, NULL };
|
|
|
|
|
|
|
|
|
|
static isc_result_t
|
2016-11-29 15:28:28 +11:00
|
|
|
parse_boolorauto(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
|
2011-01-03 23:45:08 +00:00
|
|
|
isc_result_t result;
|
|
|
|
|
|
|
|
|
|
CHECK(cfg_gettoken(pctx, CFG_LEXOPT_QSTRING));
|
|
|
|
|
if (pctx->token.type == isc_tokentype_string &&
|
|
|
|
|
strcasecmp(TOKEN_STRING(pctx), "auto") == 0)
|
|
|
|
|
{
|
|
|
|
|
return (cfg_create_obj(pctx, &cfg_type_auto, ret));
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2011-01-03 23:45:08 +00:00
|
|
|
cfg_ungettoken(pctx);
|
|
|
|
|
return (cfg_parse_boolean(pctx, type, ret));
|
|
|
|
|
cleanup:
|
|
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
print_boolorauto(cfg_printer_t *pctx, const cfg_obj_t *obj) {
|
|
|
|
|
if (obj->type->rep == &cfg_rep_void) {
|
2015-01-06 22:57:57 -08:00
|
|
|
cfg_print_cstr(pctx, "auto");
|
2011-01-03 23:45:08 +00:00
|
|
|
} else if (obj->value.boolean) {
|
2015-01-06 22:57:57 -08:00
|
|
|
cfg_print_cstr(pctx, "yes");
|
2011-01-03 23:45:08 +00:00
|
|
|
} else {
|
2015-01-06 22:57:57 -08:00
|
|
|
cfg_print_cstr(pctx, "no");
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2011-01-03 23:45:08 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
doc_boolorauto(cfg_printer_t *pctx, const cfg_type_t *type) {
|
|
|
|
|
UNUSED(type);
|
|
|
|
|
cfg_print_cstr(pctx, "( yes | no | auto )");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_boolorauto = {
|
|
|
|
|
"boolorauto", parse_boolorauto, print_boolorauto, doc_boolorauto, NULL,
|
|
|
|
|
NULL
|
|
|
|
|
};
|
2003-01-20 05:46:11 +00:00
|
|
|
|
2011-01-03 23:45:08 +00:00
|
|
|
/*%
|
|
|
|
|
* keyword hostname
|
|
|
|
|
*/
|
2003-01-20 05:46:11 +00:00
|
|
|
static void
|
2006-02-28 02:39:52 +00:00
|
|
|
print_hostname(cfg_printer_t *pctx, const cfg_obj_t *obj) {
|
2003-01-20 05:46:11 +00:00
|
|
|
UNUSED(obj);
|
2010-05-13 03:16:55 +00:00
|
|
|
cfg_print_cstr(pctx, "hostname");
|
2003-01-20 05:46:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_hostname = { "hostname", NULL,
|
|
|
|
|
print_hostname, NULL,
|
|
|
|
|
&cfg_rep_boolean, NULL };
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2005-10-26 04:35:56 +00:00
|
|
|
* "server-id" argument.
|
2003-01-20 05:46:11 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
static isc_result_t
|
|
|
|
|
parse_serverid(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
|
|
|
|
|
isc_result_t result;
|
|
|
|
|
CHECK(cfg_gettoken(pctx, CFG_LEXOPT_QSTRING));
|
|
|
|
|
if (pctx->token.type == isc_tokentype_string &&
|
|
|
|
|
strcasecmp(TOKEN_STRING(pctx), "none") == 0)
|
|
|
|
|
{
|
|
|
|
|
return (cfg_create_obj(pctx, &cfg_type_none, ret));
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2003-01-20 05:46:11 +00:00
|
|
|
if (pctx->token.type == isc_tokentype_string &&
|
|
|
|
|
strcasecmp(TOKEN_STRING(pctx), "hostname") == 0)
|
|
|
|
|
{
|
2015-04-17 14:04:47 +10:00
|
|
|
result = cfg_create_obj(pctx, &cfg_type_hostname, ret);
|
|
|
|
|
if (result == ISC_R_SUCCESS) {
|
2018-04-17 08:29:14 -07:00
|
|
|
(*ret)->value.boolean = true;
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2015-04-17 14:04:47 +10:00
|
|
|
return (result);
|
2003-01-20 05:46:11 +00:00
|
|
|
}
|
|
|
|
|
cfg_ungettoken(pctx);
|
|
|
|
|
return (cfg_parse_qstring(pctx, type, ret));
|
|
|
|
|
cleanup:
|
|
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
doc_serverid(cfg_printer_t *pctx, const cfg_type_t *type) {
|
|
|
|
|
UNUSED(type);
|
2010-05-13 03:16:55 +00:00
|
|
|
cfg_print_cstr(pctx, "( <quoted_string> | none | hostname )");
|
2003-01-20 05:46:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_serverid = { "serverid", parse_serverid, NULL,
|
|
|
|
|
doc_serverid, NULL, NULL };
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2003-02-26 05:05:16 +00:00
|
|
|
* Port list.
|
|
|
|
|
*/
|
2015-09-09 16:49:11 +10:00
|
|
|
static void
|
|
|
|
|
print_porttuple(cfg_printer_t *pctx, const cfg_obj_t *obj) {
|
|
|
|
|
cfg_print_cstr(pctx, "range ");
|
|
|
|
|
cfg_print_tuple(pctx, obj);
|
|
|
|
|
}
|
2008-06-23 19:41:20 +00:00
|
|
|
static cfg_tuplefielddef_t porttuple_fields[] = {
|
|
|
|
|
{ "loport", &cfg_type_uint32, 0 },
|
|
|
|
|
{ "hiport", &cfg_type_uint32, 0 },
|
|
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
2015-09-09 16:49:11 +10:00
|
|
|
static cfg_type_t cfg_type_porttuple = { "porttuple", cfg_parse_tuple,
|
|
|
|
|
print_porttuple, cfg_doc_tuple,
|
2008-06-23 19:41:20 +00:00
|
|
|
&cfg_rep_tuple, porttuple_fields };
|
|
|
|
|
|
2003-02-26 05:05:16 +00:00
|
|
|
static isc_result_t
|
2008-06-23 19:41:20 +00:00
|
|
|
parse_port(cfg_parser_t *pctx, cfg_obj_t **ret) {
|
2003-02-26 05:05:16 +00:00
|
|
|
isc_result_t result;
|
2008-01-18 23:46:58 +00:00
|
|
|
|
2003-02-26 05:05:16 +00:00
|
|
|
CHECK(cfg_parse_uint32(pctx, NULL, ret));
|
|
|
|
|
if ((*ret)->value.uint32 > 0xffff) {
|
|
|
|
|
cfg_parser_error(pctx, CFG_LOG_NEAR, "invalid port");
|
|
|
|
|
cfg_obj_destroy(pctx, ret);
|
|
|
|
|
result = ISC_R_RANGE;
|
|
|
|
|
}
|
2008-06-23 23:47:11 +00:00
|
|
|
|
2003-02-26 05:05:16 +00:00
|
|
|
cleanup:
|
|
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
|
2008-06-23 19:41:20 +00:00
|
|
|
static isc_result_t
|
|
|
|
|
parse_portrange(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
|
|
|
|
|
isc_result_t result;
|
|
|
|
|
cfg_obj_t *obj = NULL;
|
|
|
|
|
|
|
|
|
|
UNUSED(type);
|
|
|
|
|
|
|
|
|
|
CHECK(cfg_peektoken(pctx, ISC_LEXOPT_NUMBER | ISC_LEXOPT_CNUMBER));
|
|
|
|
|
if (pctx->token.type == isc_tokentype_number) {
|
|
|
|
|
CHECK(parse_port(pctx, ret));
|
|
|
|
|
} else {
|
|
|
|
|
CHECK(cfg_gettoken(pctx, 0));
|
|
|
|
|
if (pctx->token.type != isc_tokentype_string ||
|
|
|
|
|
strcasecmp(TOKEN_STRING(pctx), "range") != 0)
|
|
|
|
|
{
|
|
|
|
|
cfg_parser_error(pctx, CFG_LOG_NEAR,
|
|
|
|
|
"expected integer or 'range'");
|
|
|
|
|
return (ISC_R_UNEXPECTEDTOKEN);
|
|
|
|
|
}
|
|
|
|
|
CHECK(cfg_create_tuple(pctx, &cfg_type_porttuple, &obj));
|
|
|
|
|
CHECK(parse_port(pctx, &obj->value.tuple[0]));
|
|
|
|
|
CHECK(parse_port(pctx, &obj->value.tuple[1]));
|
|
|
|
|
if (obj->value.tuple[0]->value.uint32 >
|
2022-11-02 19:33:14 +01:00
|
|
|
obj->value.tuple[1]->value.uint32)
|
|
|
|
|
{
|
2008-06-23 19:41:20 +00:00
|
|
|
cfg_parser_error(pctx, CFG_LOG_NOPREP,
|
|
|
|
|
"low port '%u' must not be larger "
|
|
|
|
|
"than high port",
|
|
|
|
|
obj->value.tuple[0]->value.uint32);
|
|
|
|
|
result = ISC_R_RANGE;
|
|
|
|
|
goto cleanup;
|
|
|
|
|
}
|
|
|
|
|
*ret = obj;
|
|
|
|
|
obj = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
cleanup:
|
|
|
|
|
if (obj != NULL) {
|
|
|
|
|
cfg_obj_destroy(pctx, &obj);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2008-06-23 19:41:20 +00:00
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_portrange = { "portrange", parse_portrange,
|
|
|
|
|
NULL, cfg_doc_terminal,
|
2003-02-26 05:05:16 +00:00
|
|
|
NULL, NULL };
|
|
|
|
|
|
2022-12-08 10:57:37 +00:00
|
|
|
static cfg_type_t cfg_type_bracketed_portlist = { "bracketed_portlist",
|
2008-06-23 19:41:20 +00:00
|
|
|
cfg_parse_bracketed_list,
|
|
|
|
|
cfg_print_bracketed_list,
|
|
|
|
|
cfg_doc_bracketed_list,
|
|
|
|
|
&cfg_rep_list,
|
|
|
|
|
&cfg_type_portrange };
|
2003-02-26 05:05:16 +00:00
|
|
|
|
2023-11-07 14:42:33 +01:00
|
|
|
static const char *cookiealg_enums[] = { "siphash24", NULL };
|
2015-07-06 09:44:24 +10:00
|
|
|
static cfg_type_t cfg_type_cookiealg = { "cookiealg", cfg_parse_enum,
|
|
|
|
|
cfg_print_ustring, cfg_doc_enum,
|
2016-11-29 15:28:28 +11:00
|
|
|
&cfg_rep_string, &cookiealg_enums };
|
2015-07-06 09:44:24 +10:00
|
|
|
|
2015-07-08 22:53:39 -07:00
|
|
|
/*%
|
|
|
|
|
* fetch-quota-params
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
static cfg_tuplefielddef_t fetchquota_fields[] = {
|
|
|
|
|
{ "frequency", &cfg_type_uint32, 0 },
|
|
|
|
|
{ "low", &cfg_type_fixedpoint, 0 },
|
|
|
|
|
{ "high", &cfg_type_fixedpoint, 0 },
|
|
|
|
|
{ "discount", &cfg_type_fixedpoint, 0 },
|
|
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_fetchquota = { "fetchquota", cfg_parse_tuple,
|
|
|
|
|
cfg_print_tuple, cfg_doc_tuple,
|
|
|
|
|
&cfg_rep_tuple, fetchquota_fields };
|
|
|
|
|
|
|
|
|
|
/*%
|
|
|
|
|
* fetches-per-server or fetches-per-zone
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
static const char *response_enums[] = { "drop", "fail", NULL };
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_responsetype = {
|
2015-10-02 12:32:42 -07:00
|
|
|
"responsetype", parse_optional_enum, cfg_print_ustring,
|
|
|
|
|
doc_optional_enum, &cfg_rep_string, response_enums
|
2015-07-08 22:53:39 -07:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_tuplefielddef_t fetchesper_fields[] = {
|
|
|
|
|
{ "fetches", &cfg_type_uint32, 0 },
|
|
|
|
|
{ "response", &cfg_type_responsetype, 0 },
|
|
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_fetchesper = { "fetchesper", cfg_parse_tuple,
|
|
|
|
|
cfg_print_tuple, cfg_doc_tuple,
|
|
|
|
|
&cfg_rep_tuple, fetchesper_fields };
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2002-01-04 02:32:16 +00:00
|
|
|
* Clauses that can be found within the top level of the named.conf
|
|
|
|
|
* file only.
|
|
|
|
|
*/
|
|
|
|
|
static cfg_clausedef_t namedconf_clauses[] = {
|
|
|
|
|
{ "acl", &cfg_type_acl, CFG_CLAUSEFLAG_MULTI },
|
2016-11-29 15:28:28 +11:00
|
|
|
{ "controls", &cfg_type_controls, CFG_CLAUSEFLAG_MULTI },
|
Introduce dnssec-policy configuration
This commit introduces the initial `dnssec-policy` configuration
statement. It has an initial set of options to deal with signature
and key maintenance.
Add some checks to ensure that dnssec-policy is configured at the
right locations, and that policies referenced to in zone statements
actually exist.
Add some checks that when a user adds the new `dnssec-policy`
configuration, it will no longer contain existing DNSSEC
configuration options. Specifically: `inline-signing`,
`auto-dnssec`, `dnssec-dnskey-kskonly`, `dnssec-secure-to-insecure`,
`update-check-ksk`, `dnssec-update-mode`, `dnskey-sig-validity`,
and `sig-validity-interval`.
Test a good kasp configuration, and some bad configurations.
2019-09-02 16:24:48 +02:00
|
|
|
{ "dnssec-policy", &cfg_type_dnssecpolicy, CFG_CLAUSEFLAG_MULTI },
|
2021-08-24 14:01:46 +10:00
|
|
|
#if HAVE_LIBNGHTTP2
|
2020-09-16 12:21:32 -07:00
|
|
|
{ "http", &cfg_type_http_description, CFG_CLAUSEFLAG_MULTI },
|
2021-08-24 14:01:46 +10:00
|
|
|
#else
|
|
|
|
|
{ "http", &cfg_type_http_description,
|
|
|
|
|
CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_NOTCONFIGURED },
|
|
|
|
|
#endif
|
2002-01-04 02:32:16 +00:00
|
|
|
{ "logging", &cfg_type_logging, 0 },
|
Remove a lot of obsoleted options
These options were ancient or made obsolete a long time ago, it is
safe to remove them.
Also stop printing ancient options, they should be treated the same as
unknown options.
Removed options: lwres, geoip-use-ecs, sit-secret, use-ixfr,
acache-cleaning-interval, acache-enable, additional-from-auth,
additional-from-cache, allow-v6-synthesis, dnssec-enable,
max-acache-size, nosit-udp-size, queryport-pool-ports,
queryport-pool-updateinterval, request-sit, use-queryport-pool, and
support-ixfr.
2020-12-08 15:08:32 +01:00
|
|
|
{ "lwres", NULL, CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_ANCIENT },
|
2022-02-25 16:33:30 -08:00
|
|
|
{ "masters", &cfg_type_remoteservers,
|
|
|
|
|
CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_NODOC },
|
2016-11-29 15:28:28 +11:00
|
|
|
{ "options", &cfg_type_options, 0 },
|
2021-05-07 11:36:40 +02:00
|
|
|
{ "parental-agents", &cfg_type_remoteservers, CFG_CLAUSEFLAG_MULTI },
|
2021-05-07 11:31:15 +02:00
|
|
|
{ "primaries", &cfg_type_remoteservers, CFG_CLAUSEFLAG_MULTI },
|
2008-01-17 00:15:14 +00:00
|
|
|
{ "statistics-channels", &cfg_type_statschannels,
|
|
|
|
|
CFG_CLAUSEFLAG_MULTI },
|
2020-09-16 12:21:32 -07:00
|
|
|
{ "tls", &cfg_type_tlsconf, CFG_CLAUSEFLAG_MULTI },
|
2016-11-29 15:28:28 +11:00
|
|
|
{ "view", &cfg_type_view, CFG_CLAUSEFLAG_MULTI },
|
2002-01-04 02:32:16 +00:00
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2002-01-04 02:32:16 +00:00
|
|
|
* Clauses that can occur at the top level or in the view
|
|
|
|
|
* statement, but not in the options block.
|
|
|
|
|
*/
|
|
|
|
|
static cfg_clausedef_t namedconf_or_view_clauses[] = {
|
2014-08-26 15:01:29 +10:00
|
|
|
{ "dlz", &cfg_type_dlz, CFG_CLAUSEFLAG_MULTI },
|
2015-09-28 23:12:35 -07:00
|
|
|
{ "dyndb", &cfg_type_dyndb, CFG_CLAUSEFLAG_MULTI },
|
2016-11-29 15:28:28 +11:00
|
|
|
{ "key", &cfg_type_key, CFG_CLAUSEFLAG_MULTI },
|
2018-10-05 12:00:42 -07:00
|
|
|
{ "managed-keys", &cfg_type_dnsseckeys,
|
|
|
|
|
CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_DEPRECATED },
|
2018-11-30 15:32:03 -08:00
|
|
|
{ "plugin", &cfg_type_plugin, CFG_CLAUSEFLAG_MULTI },
|
2002-01-04 02:32:16 +00:00
|
|
|
{ "server", &cfg_type_server, CFG_CLAUSEFLAG_MULTI },
|
2019-12-04 11:06:40 +01:00
|
|
|
{ "trust-anchors", &cfg_type_dnsseckeys, CFG_CLAUSEFLAG_MULTI },
|
2018-10-05 12:00:42 -07:00
|
|
|
{ "trusted-keys", &cfg_type_trustedkeys,
|
2018-08-15 16:59:45 -07:00
|
|
|
CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_DEPRECATED },
|
2022-02-23 17:36:11 -08:00
|
|
|
{ "zone", &cfg_type_zone, CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_NODOC },
|
2002-01-04 02:32:16 +00:00
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
|
2009-03-04 02:42:31 +00:00
|
|
|
/*%
|
|
|
|
|
* Clauses that can occur in the bind.keys file.
|
|
|
|
|
*/
|
|
|
|
|
static cfg_clausedef_t bindkeys_clauses[] = {
|
2018-10-05 12:00:42 -07:00
|
|
|
{ "managed-keys", &cfg_type_dnsseckeys,
|
|
|
|
|
CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_DEPRECATED },
|
2019-12-04 11:06:40 +01:00
|
|
|
{ "trust-anchors", &cfg_type_dnsseckeys, CFG_CLAUSEFLAG_MULTI },
|
2018-10-05 12:00:42 -07:00
|
|
|
{ "trusted-keys", &cfg_type_trustedkeys,
|
|
|
|
|
CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_DEPRECATED },
|
2009-03-04 02:42:31 +00:00
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
|
2016-11-29 15:28:28 +11:00
|
|
|
static const char *fstrm_model_enums[] = { "mpsc", "spsc", NULL };
|
2016-08-18 11:16:06 +10:00
|
|
|
static cfg_type_t cfg_type_fstrm_model = {
|
|
|
|
|
"model", cfg_parse_enum, cfg_print_ustring,
|
|
|
|
|
cfg_doc_enum, &cfg_rep_string, &fstrm_model_enums
|
|
|
|
|
};
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2002-01-04 02:32:16 +00:00
|
|
|
* Clauses that can be found within the 'options' statement.
|
|
|
|
|
*/
|
|
|
|
|
static cfg_clausedef_t options_clauses[] = {
|
2018-03-19 18:09:05 +05:30
|
|
|
{ "answer-cookie", &cfg_type_boolean, 0 },
|
2014-02-07 17:16:37 +11:00
|
|
|
{ "automatic-interface-scan", &cfg_type_boolean, 0 },
|
2023-01-06 17:01:06 -08:00
|
|
|
{ "avoid-v4-udp-ports", &cfg_type_bracketed_portlist,
|
|
|
|
|
CFG_CLAUSEFLAG_DEPRECATED },
|
|
|
|
|
{ "avoid-v6-udp-ports", &cfg_type_bracketed_portlist,
|
|
|
|
|
CFG_CLAUSEFLAG_DEPRECATED },
|
2023-02-03 14:57:17 -08:00
|
|
|
{ "bindkeys-file", &cfg_type_qstring, CFG_CLAUSEFLAG_TESTONLY },
|
2002-01-04 02:32:16 +00:00
|
|
|
{ "blackhole", &cfg_type_bracketed_aml, 0 },
|
2015-07-06 09:44:24 +10:00
|
|
|
{ "cookie-algorithm", &cfg_type_cookiealg, 0 },
|
2017-09-05 09:19:45 +10:00
|
|
|
{ "cookie-secret", &cfg_type_sstring, CFG_CLAUSEFLAG_MULTI },
|
2022-11-13 10:28:17 +01:00
|
|
|
{ "coresize", &cfg_type_size, CFG_CLAUSEFLAG_ANCIENT },
|
|
|
|
|
{ "datasize", &cfg_type_size, CFG_CLAUSEFLAG_ANCIENT },
|
Remove a lot of obsoleted options
These options were ancient or made obsolete a long time ago, it is
safe to remove them.
Also stop printing ancient options, they should be treated the same as
unknown options.
Removed options: lwres, geoip-use-ecs, sit-secret, use-ixfr,
acache-cleaning-interval, acache-enable, additional-from-auth,
additional-from-cache, allow-v6-synthesis, dnssec-enable,
max-acache-size, nosit-udp-size, queryport-pool-ports,
queryport-pool-updateinterval, request-sit, use-queryport-pool, and
support-ixfr.
2020-12-08 15:08:32 +01:00
|
|
|
{ "deallocate-on-exit", NULL, CFG_CLAUSEFLAG_ANCIENT },
|
2017-08-14 07:22:20 +00:00
|
|
|
{ "directory", &cfg_type_qstring, CFG_CLAUSEFLAG_CALLBACK },
|
2023-03-13 14:13:39 -07:00
|
|
|
#ifdef USE_DNSRPS
|
|
|
|
|
{ "dnsrps-library", &cfg_type_qstring, 0 },
|
|
|
|
|
#else /* ifdef USE_DNSRPS */
|
|
|
|
|
{ "dnsrps-library", &cfg_type_qstring, CFG_CLAUSEFLAG_NOTCONFIGURED },
|
|
|
|
|
#endif /* ifdef USE_DNSRPS */
|
2015-10-02 12:32:42 -07:00
|
|
|
#ifdef HAVE_DNSTAP
|
|
|
|
|
{ "dnstap-output", &cfg_type_dnstapoutput, 0 },
|
|
|
|
|
{ "dnstap-identity", &cfg_type_serverid, 0 },
|
|
|
|
|
{ "dnstap-version", &cfg_type_qstringornone, 0 },
|
2020-11-10 11:23:05 +01:00
|
|
|
#else /* ifdef HAVE_DNSTAP */
|
2017-08-14 07:22:20 +00:00
|
|
|
{ "dnstap-output", &cfg_type_dnstapoutput,
|
|
|
|
|
CFG_CLAUSEFLAG_NOTCONFIGURED },
|
|
|
|
|
{ "dnstap-identity", &cfg_type_serverid, CFG_CLAUSEFLAG_NOTCONFIGURED },
|
|
|
|
|
{ "dnstap-version", &cfg_type_qstringornone,
|
|
|
|
|
CFG_CLAUSEFLAG_NOTCONFIGURED },
|
|
|
|
|
#endif /* ifdef HAVE_DNSTAP */
|
2023-01-09 16:57:41 -08:00
|
|
|
{ "dscp", &cfg_type_uint32, CFG_CLAUSEFLAG_ANCIENT },
|
2017-08-14 07:22:20 +00:00
|
|
|
{ "dump-file", &cfg_type_qstring, 0 },
|
Remove a lot of obsoleted options
These options were ancient or made obsolete a long time ago, it is
safe to remove them.
Also stop printing ancient options, they should be treated the same as
unknown options.
Removed options: lwres, geoip-use-ecs, sit-secret, use-ixfr,
acache-cleaning-interval, acache-enable, additional-from-auth,
additional-from-cache, allow-v6-synthesis, dnssec-enable,
max-acache-size, nosit-udp-size, queryport-pool-ports,
queryport-pool-updateinterval, request-sit, use-queryport-pool, and
support-ixfr.
2020-12-08 15:08:32 +01:00
|
|
|
{ "fake-iquery", NULL, CFG_CLAUSEFLAG_ANCIENT },
|
2022-11-13 10:28:17 +01:00
|
|
|
{ "files", &cfg_type_size, CFG_CLAUSEFLAG_ANCIENT },
|
2017-08-14 07:22:20 +00:00
|
|
|
{ "flush-zones-on-shutdown", &cfg_type_boolean, 0 },
|
|
|
|
|
#ifdef HAVE_DNSTAP
|
2016-08-18 11:16:06 +10:00
|
|
|
{ "fstrm-set-buffer-hint", &cfg_type_uint32, 0 },
|
|
|
|
|
{ "fstrm-set-flush-timeout", &cfg_type_uint32, 0 },
|
|
|
|
|
{ "fstrm-set-input-queue-size", &cfg_type_uint32, 0 },
|
|
|
|
|
{ "fstrm-set-output-notify-threshold", &cfg_type_uint32, 0 },
|
|
|
|
|
{ "fstrm-set-output-queue-model", &cfg_type_fstrm_model, 0 },
|
|
|
|
|
{ "fstrm-set-output-queue-size", &cfg_type_uint32, 0 },
|
2019-09-02 15:46:28 +02:00
|
|
|
{ "fstrm-set-reopen-interval", &cfg_type_duration, 0 },
|
2020-11-10 11:23:05 +01:00
|
|
|
#else /* ifdef HAVE_DNSTAP */
|
2016-08-18 11:16:06 +10:00
|
|
|
{ "fstrm-set-buffer-hint", &cfg_type_uint32,
|
2016-11-29 15:28:28 +11:00
|
|
|
CFG_CLAUSEFLAG_NOTCONFIGURED },
|
2016-08-18 11:16:06 +10:00
|
|
|
{ "fstrm-set-flush-timeout", &cfg_type_uint32,
|
2016-11-29 15:28:28 +11:00
|
|
|
CFG_CLAUSEFLAG_NOTCONFIGURED },
|
2016-08-18 11:16:06 +10:00
|
|
|
{ "fstrm-set-input-queue-size", &cfg_type_uint32,
|
2016-11-29 15:28:28 +11:00
|
|
|
CFG_CLAUSEFLAG_NOTCONFIGURED },
|
2016-08-18 11:16:06 +10:00
|
|
|
{ "fstrm-set-output-notify-threshold", &cfg_type_uint32,
|
2016-11-29 15:28:28 +11:00
|
|
|
CFG_CLAUSEFLAG_NOTCONFIGURED },
|
2016-08-18 11:16:06 +10:00
|
|
|
{ "fstrm-set-output-queue-model", &cfg_type_fstrm_model,
|
2016-11-29 15:28:28 +11:00
|
|
|
CFG_CLAUSEFLAG_NOTCONFIGURED },
|
2016-08-18 11:16:06 +10:00
|
|
|
{ "fstrm-set-output-queue-size", &cfg_type_uint32,
|
2016-11-29 15:28:28 +11:00
|
|
|
CFG_CLAUSEFLAG_NOTCONFIGURED },
|
2019-09-02 15:46:28 +02:00
|
|
|
{ "fstrm-set-reopen-interval", &cfg_type_duration,
|
2016-11-29 15:28:28 +11:00
|
|
|
CFG_CLAUSEFLAG_NOTCONFIGURED },
|
2015-10-02 12:32:42 -07:00
|
|
|
#endif /* HAVE_DNSTAP */
|
2019-06-27 21:08:20 -07:00
|
|
|
#if defined(HAVE_GEOIP2)
|
2013-02-27 17:19:39 -08:00
|
|
|
{ "geoip-directory", &cfg_type_qstringornone, 0 },
|
2020-11-10 11:23:05 +01:00
|
|
|
#else /* if defined(HAVE_GEOIP2) */
|
2014-02-21 12:48:39 +11:00
|
|
|
{ "geoip-directory", &cfg_type_qstringornone,
|
|
|
|
|
CFG_CLAUSEFLAG_NOTCONFIGURED },
|
2019-06-27 21:08:20 -07:00
|
|
|
#endif /* HAVE_GEOIP2 */
|
Remove a lot of obsoleted options
These options were ancient or made obsolete a long time ago, it is
safe to remove them.
Also stop printing ancient options, they should be treated the same as
unknown options.
Removed options: lwres, geoip-use-ecs, sit-secret, use-ixfr,
acache-cleaning-interval, acache-enable, additional-from-auth,
additional-from-cache, allow-v6-synthesis, dnssec-enable,
max-acache-size, nosit-udp-size, queryport-pool-ports,
queryport-pool-updateinterval, request-sit, use-queryport-pool, and
support-ixfr.
2020-12-08 15:08:32 +01:00
|
|
|
{ "geoip-use-ecs", NULL, CFG_CLAUSEFLAG_ANCIENT },
|
|
|
|
|
{ "has-old-clients", NULL, CFG_CLAUSEFLAG_ANCIENT },
|
2023-07-03 16:34:22 -07:00
|
|
|
{ "heartbeat-interval", &cfg_type_uint32, CFG_CLAUSEFLAG_DEPRECATED },
|
Remove a lot of obsoleted options
These options were ancient or made obsolete a long time ago, it is
safe to remove them.
Also stop printing ancient options, they should be treated the same as
unknown options.
Removed options: lwres, geoip-use-ecs, sit-secret, use-ixfr,
acache-cleaning-interval, acache-enable, additional-from-auth,
additional-from-cache, allow-v6-synthesis, dnssec-enable,
max-acache-size, nosit-udp-size, queryport-pool-ports,
queryport-pool-updateinterval, request-sit, use-queryport-pool, and
support-ixfr.
2020-12-08 15:08:32 +01:00
|
|
|
{ "host-statistics", NULL, CFG_CLAUSEFLAG_ANCIENT },
|
|
|
|
|
{ "host-statistics-max", NULL, CFG_CLAUSEFLAG_ANCIENT },
|
2002-01-04 02:32:16 +00:00
|
|
|
{ "hostname", &cfg_type_qstringornone, 0 },
|
2019-09-02 15:46:28 +02:00
|
|
|
{ "interface-interval", &cfg_type_duration, 0 },
|
2022-01-27 10:13:10 +01:00
|
|
|
{ "keep-response-order", &cfg_type_bracketed_aml,
|
|
|
|
|
CFG_CLAUSEFLAG_OBSOLETE },
|
2002-01-04 02:32:16 +00:00
|
|
|
{ "listen-on", &cfg_type_listenon, CFG_CLAUSEFLAG_MULTI },
|
|
|
|
|
{ "listen-on-v6", &cfg_type_listenon, CFG_CLAUSEFLAG_MULTI },
|
2023-10-26 11:55:54 +02:00
|
|
|
{ "lock-file", &cfg_type_qstringornone, CFG_CLAUSEFLAG_ANCIENT },
|
2010-05-21 14:10:32 +00:00
|
|
|
{ "managed-keys-directory", &cfg_type_qstring, 0 },
|
2002-01-04 02:32:16 +00:00
|
|
|
{ "match-mapped-addresses", &cfg_type_boolean, 0 },
|
2012-06-14 15:44:20 +10:00
|
|
|
{ "max-rsa-exponent-size", &cfg_type_uint32, 0 },
|
2007-09-26 03:22:45 +00:00
|
|
|
{ "memstatistics", &cfg_type_boolean, 0 },
|
2017-08-14 07:22:20 +00:00
|
|
|
{ "memstatistics-file", &cfg_type_qstring, 0 },
|
Remove a lot of obsoleted options
These options were ancient or made obsolete a long time ago, it is
safe to remove them.
Also stop printing ancient options, they should be treated the same as
unknown options.
Removed options: lwres, geoip-use-ecs, sit-secret, use-ixfr,
acache-cleaning-interval, acache-enable, additional-from-auth,
additional-from-cache, allow-v6-synthesis, dnssec-enable,
max-acache-size, nosit-udp-size, queryport-pool-ports,
queryport-pool-updateinterval, request-sit, use-queryport-pool, and
support-ixfr.
2020-12-08 15:08:32 +01:00
|
|
|
{ "multiple-cnames", NULL, CFG_CLAUSEFLAG_ANCIENT },
|
|
|
|
|
{ "named-xfer", NULL, CFG_CLAUSEFLAG_ANCIENT },
|
2014-09-29 10:01:08 +10:00
|
|
|
{ "notify-rate", &cfg_type_uint32, 0 },
|
2002-01-04 02:32:16 +00:00
|
|
|
{ "pid-file", &cfg_type_qstringornone, 0 },
|
|
|
|
|
{ "port", &cfg_type_uint32, 0 },
|
2020-10-12 23:06:55 +02:00
|
|
|
{ "tls-port", &cfg_type_uint32, 0 },
|
2021-04-21 13:52:15 +02:00
|
|
|
#if HAVE_LIBNGHTTP2
|
2020-09-16 12:21:32 -07:00
|
|
|
{ "http-port", &cfg_type_uint32, 0 },
|
Add (http-)listener-clients option (DoH quota mechanism)
This commit adds support for http-listener-clients global options as
well as ability to override the default in an HTTP server description,
like:
http local-http-server {
...
listener-clients 100;
...
};
This way we have ability to specify per-listener active connections
quota globally and then override it when required. This is exactly
what AT&T requested us: they wanted a functionality to specify quota
globally and then override it for specific IPs. This change
functionality makes such a configuration possible.
It makes sense: for example, one could have different quotas for
internal and external clients. Or, for example, one could use BIND's
internal ability to serve encrypted DoH with some sane quota value for
internal clients, while having un-encrypted DoH listener without quota
to put BIND behind a load balancer doing TLS offloading for external
clients.
Moreover, the code no more shares the quota with TCP, which makes
little sense anyway (see tcp-clients option), because of the nature of
interaction of DoH clients: they tend to keep idle opened connections
for longer periods of time, preventing the TCP and TLS client from
being served. Thus, the need to have a separate, generally larger,
quota for them.
Also, the change makes any option within "http <name> { ... };"
statement optional, making it easier to override only required default
options.
By default, the DoH connections are limited to 300 per listener. I
hope that it is a good initial guesstimate.
2021-05-14 14:18:57 +03:00
|
|
|
{ "http-listener-clients", &cfg_type_uint32, 0 },
|
2021-05-18 12:03:58 +03:00
|
|
|
{ "http-streams-per-connection", &cfg_type_uint32, 0 },
|
2020-09-16 12:21:32 -07:00
|
|
|
{ "https-port", &cfg_type_uint32, 0 },
|
2021-04-21 13:52:15 +02:00
|
|
|
#else
|
|
|
|
|
{ "http-port", &cfg_type_uint32, CFG_CLAUSEFLAG_NOTCONFIGURED },
|
Add (http-)listener-clients option (DoH quota mechanism)
This commit adds support for http-listener-clients global options as
well as ability to override the default in an HTTP server description,
like:
http local-http-server {
...
listener-clients 100;
...
};
This way we have ability to specify per-listener active connections
quota globally and then override it when required. This is exactly
what AT&T requested us: they wanted a functionality to specify quota
globally and then override it for specific IPs. This change
functionality makes such a configuration possible.
It makes sense: for example, one could have different quotas for
internal and external clients. Or, for example, one could use BIND's
internal ability to serve encrypted DoH with some sane quota value for
internal clients, while having un-encrypted DoH listener without quota
to put BIND behind a load balancer doing TLS offloading for external
clients.
Moreover, the code no more shares the quota with TCP, which makes
little sense anyway (see tcp-clients option), because of the nature of
interaction of DoH clients: they tend to keep idle opened connections
for longer periods of time, preventing the TCP and TLS client from
being served. Thus, the need to have a separate, generally larger,
quota for them.
Also, the change makes any option within "http <name> { ... };"
statement optional, making it easier to override only required default
options.
By default, the DoH connections are limited to 300 per listener. I
hope that it is a good initial guesstimate.
2021-05-14 14:18:57 +03:00
|
|
|
{ "http-listener-clients", &cfg_type_uint32,
|
|
|
|
|
CFG_CLAUSEFLAG_NOTCONFIGURED },
|
2021-05-18 12:03:58 +03:00
|
|
|
{ "http-streams-per-connection", &cfg_type_uint32,
|
|
|
|
|
CFG_CLAUSEFLAG_NOTCONFIGURED },
|
2021-04-21 13:52:15 +02:00
|
|
|
{ "https-port", &cfg_type_uint32, CFG_CLAUSEFLAG_NOTCONFIGURED },
|
|
|
|
|
#endif
|
2004-03-02 01:15:00 +00:00
|
|
|
{ "querylog", &cfg_type_boolean, 0 },
|
2022-09-13 18:13:51 -07:00
|
|
|
{ "random-device", &cfg_type_qstringornone, CFG_CLAUSEFLAG_ANCIENT },
|
2017-08-14 07:22:20 +00:00
|
|
|
{ "recursing-file", &cfg_type_qstring, 0 },
|
2002-01-04 02:32:16 +00:00
|
|
|
{ "recursive-clients", &cfg_type_uint32, 0 },
|
2022-04-06 17:00:24 +02:00
|
|
|
{ "reuseport", &cfg_type_boolean, 0 },
|
2023-02-08 10:33:06 -08:00
|
|
|
{ "reserved-sockets", &cfg_type_uint32, CFG_CLAUSEFLAG_ANCIENT },
|
2010-06-25 03:24:05 +00:00
|
|
|
{ "secroots-file", &cfg_type_qstring, 0 },
|
Remove a lot of obsoleted options
These options were ancient or made obsolete a long time ago, it is
safe to remove them.
Also stop printing ancient options, they should be treated the same as
unknown options.
Removed options: lwres, geoip-use-ecs, sit-secret, use-ixfr,
acache-cleaning-interval, acache-enable, additional-from-auth,
additional-from-cache, allow-v6-synthesis, dnssec-enable,
max-acache-size, nosit-udp-size, queryport-pool-ports,
queryport-pool-updateinterval, request-sit, use-queryport-pool, and
support-ixfr.
2020-12-08 15:08:32 +01:00
|
|
|
{ "serial-queries", NULL, CFG_CLAUSEFLAG_ANCIENT },
|
2002-01-04 02:32:16 +00:00
|
|
|
{ "serial-query-rate", &cfg_type_uint32, 0 },
|
2003-01-20 05:46:11 +00:00
|
|
|
{ "server-id", &cfg_type_serverid, 0 },
|
2017-08-14 07:22:20 +00:00
|
|
|
{ "session-keyalg", &cfg_type_astring, 0 },
|
|
|
|
|
{ "session-keyfile", &cfg_type_qstringornone, 0 },
|
|
|
|
|
{ "session-keyname", &cfg_type_astring, 0 },
|
Remove a lot of obsoleted options
These options were ancient or made obsolete a long time ago, it is
safe to remove them.
Also stop printing ancient options, they should be treated the same as
unknown options.
Removed options: lwres, geoip-use-ecs, sit-secret, use-ixfr,
acache-cleaning-interval, acache-enable, additional-from-auth,
additional-from-cache, allow-v6-synthesis, dnssec-enable,
max-acache-size, nosit-udp-size, queryport-pool-ports,
queryport-pool-updateinterval, request-sit, use-queryport-pool, and
support-ixfr.
2020-12-08 15:08:32 +01:00
|
|
|
{ "sit-secret", NULL, CFG_CLAUSEFLAG_ANCIENT },
|
2022-11-13 10:28:17 +01:00
|
|
|
{ "stacksize", &cfg_type_size, CFG_CLAUSEFLAG_ANCIENT },
|
2014-09-29 10:01:08 +10:00
|
|
|
{ "startup-notify-rate", &cfg_type_uint32, 0 },
|
2002-01-04 02:32:16 +00:00
|
|
|
{ "statistics-file", &cfg_type_qstring, 0 },
|
Remove a lot of obsoleted options
These options were ancient or made obsolete a long time ago, it is
safe to remove them.
Also stop printing ancient options, they should be treated the same as
unknown options.
Removed options: lwres, geoip-use-ecs, sit-secret, use-ixfr,
acache-cleaning-interval, acache-enable, additional-from-auth,
additional-from-cache, allow-v6-synthesis, dnssec-enable,
max-acache-size, nosit-udp-size, queryport-pool-ports,
queryport-pool-updateinterval, request-sit, use-queryport-pool, and
support-ixfr.
2020-12-08 15:08:32 +01:00
|
|
|
{ "statistics-interval", NULL, CFG_CLAUSEFLAG_ANCIENT },
|
2017-01-04 09:16:30 -08:00
|
|
|
{ "tcp-advertised-timeout", &cfg_type_uint32, 0 },
|
2002-01-04 02:32:16 +00:00
|
|
|
{ "tcp-clients", &cfg_type_uint32, 0 },
|
2017-01-04 09:16:30 -08:00
|
|
|
{ "tcp-idle-timeout", &cfg_type_uint32, 0 },
|
|
|
|
|
{ "tcp-initial-timeout", &cfg_type_uint32, 0 },
|
|
|
|
|
{ "tcp-keepalive-timeout", &cfg_type_uint32, 0 },
|
2002-11-12 23:38:12 +00:00
|
|
|
{ "tcp-listen-queue", &cfg_type_uint32, 0 },
|
2020-12-02 20:51:38 +01:00
|
|
|
{ "tcp-receive-buffer", &cfg_type_uint32, 0 },
|
|
|
|
|
{ "tcp-send-buffer", &cfg_type_uint32, 0 },
|
2023-02-28 16:05:34 +01:00
|
|
|
{ "tkey-dhkey", NULL, CFG_CLAUSEFLAG_ANCIENT },
|
2017-08-14 07:22:20 +00:00
|
|
|
{ "tkey-domain", &cfg_type_qstring, 0 },
|
2002-01-04 02:32:16 +00:00
|
|
|
{ "tkey-gssapi-credential", &cfg_type_qstring, 0 },
|
2010-12-18 01:56:23 +00:00
|
|
|
{ "tkey-gssapi-keytab", &cfg_type_qstring, 0 },
|
2015-12-15 13:22:15 +05:30
|
|
|
{ "transfer-message-size", &cfg_type_uint32, 0 },
|
2002-01-04 02:32:16 +00:00
|
|
|
{ "transfers-in", &cfg_type_uint32, 0 },
|
|
|
|
|
{ "transfers-out", &cfg_type_uint32, 0 },
|
2017-08-14 07:22:20 +00:00
|
|
|
{ "transfers-per-ns", &cfg_type_uint32, 0 },
|
Remove a lot of obsoleted options
These options were ancient or made obsolete a long time ago, it is
safe to remove them.
Also stop printing ancient options, they should be treated the same as
unknown options.
Removed options: lwres, geoip-use-ecs, sit-secret, use-ixfr,
acache-cleaning-interval, acache-enable, additional-from-auth,
additional-from-cache, allow-v6-synthesis, dnssec-enable,
max-acache-size, nosit-udp-size, queryport-pool-ports,
queryport-pool-updateinterval, request-sit, use-queryport-pool, and
support-ixfr.
2020-12-08 15:08:32 +01:00
|
|
|
{ "treat-cr-as-space", NULL, CFG_CLAUSEFLAG_ANCIENT },
|
2020-12-02 20:51:38 +01:00
|
|
|
{ "udp-receive-buffer", &cfg_type_uint32, 0 },
|
|
|
|
|
{ "udp-send-buffer", &cfg_type_uint32, 0 },
|
2022-09-01 16:22:46 -07:00
|
|
|
{ "update-quota", &cfg_type_uint32, 0 },
|
Remove a lot of obsoleted options
These options were ancient or made obsolete a long time ago, it is
safe to remove them.
Also stop printing ancient options, they should be treated the same as
unknown options.
Removed options: lwres, geoip-use-ecs, sit-secret, use-ixfr,
acache-cleaning-interval, acache-enable, additional-from-auth,
additional-from-cache, allow-v6-synthesis, dnssec-enable,
max-acache-size, nosit-udp-size, queryport-pool-ports,
queryport-pool-updateinterval, request-sit, use-queryport-pool, and
support-ixfr.
2020-12-08 15:08:32 +01:00
|
|
|
{ "use-id-pool", NULL, CFG_CLAUSEFLAG_ANCIENT },
|
|
|
|
|
{ "use-ixfr", NULL, CFG_CLAUSEFLAG_ANCIENT },
|
2023-01-06 17:01:06 -08:00
|
|
|
{ "use-v4-udp-ports", &cfg_type_bracketed_portlist,
|
|
|
|
|
CFG_CLAUSEFLAG_DEPRECATED },
|
|
|
|
|
{ "use-v6-udp-ports", &cfg_type_bracketed_portlist,
|
|
|
|
|
CFG_CLAUSEFLAG_DEPRECATED },
|
2002-01-04 02:32:16 +00:00
|
|
|
{ "version", &cfg_type_qstringornone, 0 },
|
|
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
|
2003-09-19 12:39:49 +00:00
|
|
|
static cfg_type_t cfg_type_namelist = { "namelist",
|
|
|
|
|
cfg_parse_bracketed_list,
|
|
|
|
|
cfg_print_bracketed_list,
|
2018-04-30 16:10:17 -07:00
|
|
|
cfg_doc_bracketed_list,
|
|
|
|
|
&cfg_rep_list,
|
|
|
|
|
&cfg_type_astring };
|
2003-09-19 12:39:49 +00:00
|
|
|
|
|
|
|
|
static keyword_type_t exclude_kw = { "exclude", &cfg_type_namelist };
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_optional_exclude = {
|
|
|
|
|
"optional_exclude", parse_optional_keyvalue, print_keyvalue,
|
2016-11-29 15:28:28 +11:00
|
|
|
doc_optional_keyvalue, &cfg_rep_list, &exclude_kw
|
|
|
|
|
};
|
2003-09-19 12:39:49 +00:00
|
|
|
|
2016-11-29 15:28:28 +11:00
|
|
|
static keyword_type_t exceptionnames_kw = { "except-from", &cfg_type_namelist };
|
2009-05-29 22:22:37 +00:00
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_optional_exceptionnames = {
|
|
|
|
|
"optional_allow", parse_optional_keyvalue, print_keyvalue,
|
2016-11-29 15:28:28 +11:00
|
|
|
doc_optional_keyvalue, &cfg_rep_list, &exceptionnames_kw
|
|
|
|
|
};
|
2009-05-29 22:22:37 +00:00
|
|
|
|
|
|
|
|
static cfg_tuplefielddef_t denyaddresses_fields[] = {
|
|
|
|
|
{ "acl", &cfg_type_bracketed_aml, 0 },
|
|
|
|
|
{ "except-from", &cfg_type_optional_exceptionnames, 0 },
|
|
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_denyaddresses = {
|
|
|
|
|
"denyaddresses", cfg_parse_tuple, cfg_print_tuple,
|
|
|
|
|
cfg_doc_tuple, &cfg_rep_tuple, denyaddresses_fields
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_tuplefielddef_t denyaliases_fields[] = {
|
|
|
|
|
{ "name", &cfg_type_namelist, 0 },
|
|
|
|
|
{ "except-from", &cfg_type_optional_exceptionnames, 0 },
|
|
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_denyaliases = {
|
|
|
|
|
"denyaliases", cfg_parse_tuple, cfg_print_tuple,
|
|
|
|
|
cfg_doc_tuple, &cfg_rep_tuple, denyaliases_fields
|
|
|
|
|
};
|
|
|
|
|
|
2004-01-14 02:06:51 +00:00
|
|
|
static cfg_type_t cfg_type_algorithmlist = { "algorithmlist",
|
|
|
|
|
cfg_parse_bracketed_list,
|
|
|
|
|
cfg_print_bracketed_list,
|
2016-11-29 15:28:28 +11:00
|
|
|
cfg_doc_bracketed_list,
|
|
|
|
|
&cfg_rep_list,
|
|
|
|
|
&cfg_type_astring };
|
2004-01-14 02:06:51 +00:00
|
|
|
|
|
|
|
|
static cfg_tuplefielddef_t disablealgorithm_fields[] = {
|
|
|
|
|
{ "name", &cfg_type_astring, 0 },
|
|
|
|
|
{ "algorithms", &cfg_type_algorithmlist, 0 },
|
|
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_disablealgorithm = {
|
|
|
|
|
"disablealgorithm", cfg_parse_tuple, cfg_print_tuple,
|
|
|
|
|
cfg_doc_tuple, &cfg_rep_tuple, disablealgorithm_fields
|
|
|
|
|
};
|
|
|
|
|
|
2012-10-03 12:38:43 +10:00
|
|
|
static cfg_type_t cfg_type_dsdigestlist = { "dsdigestlist",
|
|
|
|
|
cfg_parse_bracketed_list,
|
|
|
|
|
cfg_print_bracketed_list,
|
2016-11-29 15:28:28 +11:00
|
|
|
cfg_doc_bracketed_list,
|
|
|
|
|
&cfg_rep_list,
|
|
|
|
|
&cfg_type_astring };
|
2012-10-03 12:38:43 +10:00
|
|
|
|
|
|
|
|
static cfg_tuplefielddef_t disabledsdigest_fields[] = {
|
|
|
|
|
{ "name", &cfg_type_astring, 0 },
|
|
|
|
|
{ "digests", &cfg_type_dsdigestlist, 0 },
|
|
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_disabledsdigest = {
|
|
|
|
|
"disabledsdigest", cfg_parse_tuple, cfg_print_tuple,
|
|
|
|
|
cfg_doc_tuple, &cfg_rep_tuple, disabledsdigest_fields
|
|
|
|
|
};
|
|
|
|
|
|
2004-04-15 23:40:27 +00:00
|
|
|
static cfg_tuplefielddef_t mustbesecure_fields[] = {
|
2008-01-18 23:46:58 +00:00
|
|
|
{ "name", &cfg_type_astring, 0 },
|
|
|
|
|
{ "value", &cfg_type_boolean, 0 },
|
|
|
|
|
{ NULL, NULL, 0 }
|
2004-04-15 23:40:27 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_mustbesecure = {
|
|
|
|
|
"mustbesecure", cfg_parse_tuple, cfg_print_tuple,
|
|
|
|
|
cfg_doc_tuple, &cfg_rep_tuple, mustbesecure_fields
|
|
|
|
|
};
|
|
|
|
|
|
2021-09-16 11:46:13 +02:00
|
|
|
static const char *masterformat_enums[] = { "raw", "text", NULL };
|
2005-06-20 01:05:33 +00:00
|
|
|
static cfg_type_t cfg_type_masterformat = {
|
|
|
|
|
"masterformat", cfg_parse_enum, cfg_print_ustring,
|
|
|
|
|
cfg_doc_enum, &cfg_rep_string, &masterformat_enums
|
|
|
|
|
};
|
|
|
|
|
|
2014-04-17 17:10:29 -07:00
|
|
|
static const char *masterstyle_enums[] = { "full", "relative", NULL };
|
|
|
|
|
static cfg_type_t cfg_type_masterstyle = {
|
|
|
|
|
"masterstyle", cfg_parse_enum, cfg_print_ustring,
|
|
|
|
|
cfg_doc_enum, &cfg_rep_string, &masterstyle_enums
|
|
|
|
|
};
|
2011-01-13 01:59:28 +00:00
|
|
|
|
2017-01-04 09:16:30 -08:00
|
|
|
static keyword_type_t blocksize_kw = { "block-size", &cfg_type_uint32 };
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_blocksize = { "blocksize", parse_keyvalue,
|
|
|
|
|
print_keyvalue, doc_keyvalue,
|
|
|
|
|
&cfg_rep_uint32, &blocksize_kw };
|
|
|
|
|
|
|
|
|
|
static cfg_tuplefielddef_t resppadding_fields[] = {
|
|
|
|
|
{ "acl", &cfg_type_bracketed_aml, 0 },
|
|
|
|
|
{ "block-size", &cfg_type_blocksize, 0 },
|
|
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_resppadding = {
|
|
|
|
|
"resppadding", cfg_parse_tuple, cfg_print_tuple,
|
|
|
|
|
cfg_doc_tuple, &cfg_rep_tuple, resppadding_fields
|
|
|
|
|
};
|
|
|
|
|
|
2015-10-02 12:32:42 -07:00
|
|
|
/*%
|
|
|
|
|
* dnstap {
|
2017-10-17 06:53:14 +02:00
|
|
|
* <message type> [query | response] ;
|
2015-10-02 12:32:42 -07:00
|
|
|
* ...
|
|
|
|
|
* }
|
|
|
|
|
*
|
2018-10-02 14:13:14 -07:00
|
|
|
* ... where message type is one of: client, resolver, auth, forwarder,
|
|
|
|
|
* update, all
|
2015-10-02 12:32:42 -07:00
|
|
|
*/
|
2016-11-29 15:28:28 +11:00
|
|
|
static const char *dnstap_types[] = { "all", "auth", "client",
|
2018-10-02 14:13:14 -07:00
|
|
|
"forwarder", "resolver", "update",
|
|
|
|
|
NULL };
|
2015-10-02 12:32:42 -07:00
|
|
|
|
|
|
|
|
static const char *dnstap_modes[] = { "query", "response", NULL };
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_dnstap_type = { "dnstap_type", cfg_parse_enum,
|
|
|
|
|
cfg_print_ustring, cfg_doc_enum,
|
|
|
|
|
&cfg_rep_string, dnstap_types };
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_dnstap_mode = {
|
|
|
|
|
"dnstap_mode", parse_optional_enum, cfg_print_ustring,
|
|
|
|
|
doc_optional_enum, &cfg_rep_string, dnstap_modes
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_tuplefielddef_t dnstap_fields[] = {
|
|
|
|
|
{ "type", &cfg_type_dnstap_type, 0 },
|
|
|
|
|
{ "mode", &cfg_type_dnstap_mode, 0 },
|
|
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_dnstap_entry = { "dnstap_value", cfg_parse_tuple,
|
|
|
|
|
cfg_print_tuple, cfg_doc_tuple,
|
2016-11-29 15:28:28 +11:00
|
|
|
&cfg_rep_tuple, dnstap_fields };
|
2015-10-02 12:32:42 -07:00
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_dnstap = { "dnstap",
|
|
|
|
|
cfg_parse_bracketed_list,
|
|
|
|
|
cfg_print_bracketed_list,
|
|
|
|
|
cfg_doc_bracketed_list,
|
|
|
|
|
&cfg_rep_list,
|
|
|
|
|
&cfg_type_dnstap_entry };
|
|
|
|
|
|
|
|
|
|
/*%
|
|
|
|
|
* dnstap-output
|
|
|
|
|
*/
|
2017-02-06 22:13:51 -08:00
|
|
|
static isc_result_t
|
|
|
|
|
parse_dtout(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
|
|
|
|
|
isc_result_t result;
|
|
|
|
|
cfg_obj_t *obj = NULL;
|
|
|
|
|
const cfg_tuplefielddef_t *fields = type->of;
|
|
|
|
|
|
|
|
|
|
CHECK(cfg_create_tuple(pctx, type, &obj));
|
|
|
|
|
|
|
|
|
|
/* Parse the mandatory "mode" and "path" fields */
|
|
|
|
|
CHECK(cfg_parse_obj(pctx, fields[0].type, &obj->value.tuple[0]));
|
|
|
|
|
CHECK(cfg_parse_obj(pctx, fields[1].type, &obj->value.tuple[1]));
|
|
|
|
|
|
|
|
|
|
/* Parse "versions" and "size" fields in any order. */
|
|
|
|
|
for (;;) {
|
|
|
|
|
CHECK(cfg_peektoken(pctx, 0));
|
|
|
|
|
if (pctx->token.type == isc_tokentype_string) {
|
|
|
|
|
CHECK(cfg_gettoken(pctx, 0));
|
|
|
|
|
if (strcasecmp(TOKEN_STRING(pctx), "size") == 0 &&
|
2022-11-02 19:33:14 +01:00
|
|
|
obj->value.tuple[2] == NULL)
|
|
|
|
|
{
|
2017-02-06 22:13:51 -08:00
|
|
|
CHECK(cfg_parse_obj(pctx, fields[2].type,
|
|
|
|
|
&obj->value.tuple[2]));
|
|
|
|
|
} else if (strcasecmp(TOKEN_STRING(pctx), "versions") ==
|
|
|
|
|
0 &&
|
|
|
|
|
obj->value.tuple[3] == NULL)
|
|
|
|
|
{
|
|
|
|
|
CHECK(cfg_parse_obj(pctx, fields[3].type,
|
|
|
|
|
&obj->value.tuple[3]));
|
2017-03-08 23:20:40 -08:00
|
|
|
} else if (strcasecmp(TOKEN_STRING(pctx), "suffix") ==
|
|
|
|
|
0 &&
|
|
|
|
|
obj->value.tuple[4] == NULL)
|
|
|
|
|
{
|
|
|
|
|
CHECK(cfg_parse_obj(pctx, fields[4].type,
|
|
|
|
|
&obj->value.tuple[4]));
|
2017-02-06 22:13:51 -08:00
|
|
|
} else {
|
|
|
|
|
cfg_parser_error(pctx, CFG_LOG_NEAR,
|
|
|
|
|
"unexpected token");
|
|
|
|
|
result = ISC_R_UNEXPECTEDTOKEN;
|
|
|
|
|
goto cleanup;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
2017-02-06 16:03:37 -08:00
|
|
|
|
2017-02-06 22:13:51 -08:00
|
|
|
/* Create void objects for missing optional values. */
|
|
|
|
|
if (obj->value.tuple[2] == NULL) {
|
|
|
|
|
CHECK(cfg_parse_void(pctx, NULL, &obj->value.tuple[2]));
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2017-02-06 22:13:51 -08:00
|
|
|
if (obj->value.tuple[3] == NULL) {
|
|
|
|
|
CHECK(cfg_parse_void(pctx, NULL, &obj->value.tuple[3]));
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2017-03-08 23:20:40 -08:00
|
|
|
if (obj->value.tuple[4] == NULL) {
|
|
|
|
|
CHECK(cfg_parse_void(pctx, NULL, &obj->value.tuple[4]));
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2017-02-06 22:13:51 -08:00
|
|
|
|
|
|
|
|
*ret = obj;
|
|
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
|
|
|
|
|
cleanup:
|
|
|
|
|
CLEANUP_OBJ(obj);
|
|
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
print_dtout(cfg_printer_t *pctx, const cfg_obj_t *obj) {
|
|
|
|
|
cfg_print_obj(pctx, obj->value.tuple[0]); /* mode */
|
|
|
|
|
cfg_print_obj(pctx, obj->value.tuple[1]); /* file */
|
|
|
|
|
if (obj->value.tuple[2]->type->print != cfg_print_void) {
|
|
|
|
|
cfg_print_cstr(pctx, " size ");
|
|
|
|
|
cfg_print_obj(pctx, obj->value.tuple[2]);
|
|
|
|
|
}
|
|
|
|
|
if (obj->value.tuple[3]->type->print != cfg_print_void) {
|
|
|
|
|
cfg_print_cstr(pctx, " versions ");
|
|
|
|
|
cfg_print_obj(pctx, obj->value.tuple[3]);
|
|
|
|
|
}
|
2017-03-08 23:20:40 -08:00
|
|
|
if (obj->value.tuple[4]->type->print != cfg_print_void) {
|
|
|
|
|
cfg_print_cstr(pctx, " suffix ");
|
|
|
|
|
cfg_print_obj(pctx, obj->value.tuple[4]);
|
|
|
|
|
}
|
2017-02-06 22:13:51 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
doc_dtout(cfg_printer_t *pctx, const cfg_type_t *type) {
|
|
|
|
|
UNUSED(type);
|
|
|
|
|
cfg_print_cstr(pctx, "( file | unix ) <quoted_string>");
|
|
|
|
|
cfg_print_cstr(pctx, " ");
|
|
|
|
|
cfg_print_cstr(pctx, "[ size ( unlimited | <size> ) ]");
|
|
|
|
|
cfg_print_cstr(pctx, " ");
|
|
|
|
|
cfg_print_cstr(pctx, "[ versions ( unlimited | <integer> ) ]");
|
2017-03-08 23:20:40 -08:00
|
|
|
cfg_print_cstr(pctx, " ");
|
|
|
|
|
cfg_print_cstr(pctx, "[ suffix ( increment | timestamp ) ]");
|
2017-02-06 22:13:51 -08:00
|
|
|
}
|
2017-02-06 16:03:37 -08:00
|
|
|
|
2015-10-02 12:32:42 -07:00
|
|
|
static const char *dtoutmode_enums[] = { "file", "unix", NULL };
|
|
|
|
|
static cfg_type_t cfg_type_dtmode = { "dtmode", cfg_parse_enum,
|
|
|
|
|
cfg_print_ustring, cfg_doc_enum,
|
|
|
|
|
&cfg_rep_string, &dtoutmode_enums };
|
|
|
|
|
|
|
|
|
|
static cfg_tuplefielddef_t dtout_fields[] = {
|
|
|
|
|
{ "mode", &cfg_type_dtmode, 0 },
|
|
|
|
|
{ "path", &cfg_type_qstring, 0 },
|
2017-02-06 22:13:51 -08:00
|
|
|
{ "size", &cfg_type_sizenodefault, 0 },
|
|
|
|
|
{ "versions", &cfg_type_logversions, 0 },
|
2017-03-08 23:20:40 -08:00
|
|
|
{ "suffix", &cfg_type_logsuffix, 0 },
|
2015-10-02 12:32:42 -07:00
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_dnstapoutput = { "dnstapoutput", parse_dtout,
|
2017-02-06 22:13:51 -08:00
|
|
|
print_dtout, doc_dtout,
|
2015-10-02 12:32:42 -07:00
|
|
|
&cfg_rep_tuple, dtout_fields };
|
2011-01-13 01:59:28 +00:00
|
|
|
|
2012-05-31 02:03:34 +00:00
|
|
|
/*%
|
2011-01-13 01:59:28 +00:00
|
|
|
* response-policy {
|
2017-10-17 06:53:14 +02:00
|
|
|
* zone <string> [ policy (given|disabled|passthru|drop|tcp-only|
|
|
|
|
|
* nxdomain|nodata|cname <domain> ) ]
|
2015-07-06 08:48:37 +05:30
|
|
|
* [ recursive-only yes|no ] [ log yes|no ]
|
2017-09-11 11:53:42 -07:00
|
|
|
* [ max-policy-ttl number ]
|
|
|
|
|
* [ nsip-enable yes|no ] [ nsdname-enable yes|no ];
|
2015-06-05 11:09:35 +10:00
|
|
|
* } [ recursive-only yes|no ] [ max-policy-ttl number ]
|
2017-02-20 11:57:28 +01:00
|
|
|
* [ min-update-interval number ]
|
2013-02-25 12:46:51 -08:00
|
|
|
* [ break-dnssec yes|no ] [ min-ns-dots number ]
|
2017-09-11 11:53:42 -07:00
|
|
|
* [ qname-wait-recurse yes|no ]
|
|
|
|
|
* [ nsip-enable yes|no ] [ nsdname-enable yes|no ]
|
|
|
|
|
* [ dnsrps-enable yes|no ]
|
|
|
|
|
* [ dnsrps-options { DNSRPS configuration string } ];
|
2011-01-13 01:59:28 +00:00
|
|
|
*/
|
2012-05-31 02:03:34 +00:00
|
|
|
|
2011-01-13 01:59:28 +00:00
|
|
|
static void
|
2012-05-31 02:03:34 +00:00
|
|
|
doc_rpz_policy(cfg_printer_t *pctx, const cfg_type_t *type) {
|
2011-01-13 01:59:28 +00:00
|
|
|
const char *const *p;
|
2012-05-31 02:03:34 +00:00
|
|
|
/*
|
|
|
|
|
* This is cfg_doc_enum() without the trailing " )".
|
|
|
|
|
*/
|
2015-01-06 22:57:57 -08:00
|
|
|
cfg_print_cstr(pctx, "( ");
|
2012-05-31 02:03:34 +00:00
|
|
|
for (p = type->of; *p != NULL; p++) {
|
2011-01-13 01:59:28 +00:00
|
|
|
cfg_print_cstr(pctx, *p);
|
|
|
|
|
if (p[1] != NULL) {
|
2015-01-06 22:57:57 -08:00
|
|
|
cfg_print_cstr(pctx, " | ");
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2011-01-13 01:59:28 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
doc_rpz_cname(cfg_printer_t *pctx, const cfg_type_t *type) {
|
|
|
|
|
cfg_doc_terminal(pctx, type);
|
2015-01-06 22:57:57 -08:00
|
|
|
cfg_print_cstr(pctx, " )");
|
2011-01-13 01:59:28 +00:00
|
|
|
}
|
|
|
|
|
|
2012-05-31 02:03:34 +00:00
|
|
|
/*
|
|
|
|
|
* Parse
|
2013-07-12 14:46:47 -07:00
|
|
|
* given|disabled|passthru|drop|tcp-only|nxdomain|nodata|cname <domain>
|
2012-05-31 02:03:34 +00:00
|
|
|
*/
|
2011-01-13 01:59:28 +00:00
|
|
|
static isc_result_t
|
2012-05-31 02:03:34 +00:00
|
|
|
cfg_parse_rpz_policy(cfg_parser_t *pctx, const cfg_type_t *type,
|
|
|
|
|
cfg_obj_t **ret) {
|
2011-01-13 01:59:28 +00:00
|
|
|
isc_result_t result;
|
2016-10-10 17:11:21 -07:00
|
|
|
cfg_obj_t *obj = NULL;
|
2012-05-31 02:03:34 +00:00
|
|
|
const cfg_tuplefielddef_t *fields;
|
2011-01-13 01:59:28 +00:00
|
|
|
|
|
|
|
|
CHECK(cfg_create_tuple(pctx, type, &obj));
|
2012-05-31 02:03:34 +00:00
|
|
|
|
|
|
|
|
fields = type->of;
|
2011-01-13 01:59:28 +00:00
|
|
|
CHECK(cfg_parse_obj(pctx, fields[0].type, &obj->value.tuple[0]));
|
|
|
|
|
/*
|
|
|
|
|
* parse cname domain only after "policy cname"
|
|
|
|
|
*/
|
2012-05-31 02:03:34 +00:00
|
|
|
if (strcasecmp("cname", cfg_obj_asstring(obj->value.tuple[0])) != 0) {
|
|
|
|
|
CHECK(cfg_parse_void(pctx, NULL, &obj->value.tuple[1]));
|
2011-01-13 01:59:28 +00:00
|
|
|
} else {
|
2012-05-31 02:03:34 +00:00
|
|
|
CHECK(cfg_parse_obj(pctx, fields[1].type,
|
|
|
|
|
&obj->value.tuple[1]));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
*ret = obj;
|
|
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
|
|
|
|
|
cleanup:
|
|
|
|
|
CLEANUP_OBJ(obj);
|
|
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2015-07-08 22:53:39 -07:00
|
|
|
* Parse a tuple consisting of any kind of required field followed
|
2012-05-31 02:03:34 +00:00
|
|
|
* by 2 or more optional keyvalues that can be in any order.
|
|
|
|
|
*/
|
|
|
|
|
static isc_result_t
|
2016-11-29 15:28:28 +11:00
|
|
|
cfg_parse_kv_tuple(cfg_parser_t *pctx, const cfg_type_t *type,
|
|
|
|
|
cfg_obj_t **ret) {
|
2012-05-31 02:03:34 +00:00
|
|
|
const cfg_tuplefielddef_t *fields, *f;
|
2016-10-10 17:11:21 -07:00
|
|
|
cfg_obj_t *obj = NULL;
|
2012-05-31 02:03:34 +00:00
|
|
|
int fn;
|
|
|
|
|
isc_result_t result;
|
|
|
|
|
|
|
|
|
|
CHECK(cfg_create_tuple(pctx, type, &obj));
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* The zone first field is required and always first.
|
|
|
|
|
*/
|
|
|
|
|
fields = type->of;
|
|
|
|
|
CHECK(cfg_parse_obj(pctx, fields[0].type, &obj->value.tuple[0]));
|
|
|
|
|
|
|
|
|
|
for (;;) {
|
|
|
|
|
CHECK(cfg_peektoken(pctx, CFG_LEXOPT_QSTRING));
|
|
|
|
|
if (pctx->token.type != isc_tokentype_string) {
|
|
|
|
|
break;
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2012-05-31 02:03:34 +00:00
|
|
|
|
|
|
|
|
for (fn = 1, f = &fields[1];; ++fn, ++f) {
|
|
|
|
|
if (f->name == NULL) {
|
|
|
|
|
cfg_parser_error(pctx, 0, "unexpected '%s'",
|
|
|
|
|
TOKEN_STRING(pctx));
|
|
|
|
|
result = ISC_R_UNEXPECTEDTOKEN;
|
|
|
|
|
goto cleanup;
|
|
|
|
|
}
|
|
|
|
|
if (obj->value.tuple[fn] == NULL &&
|
|
|
|
|
strcasecmp(f->name, TOKEN_STRING(pctx)) == 0)
|
|
|
|
|
{
|
|
|
|
|
break;
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2012-05-31 02:03:34 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
CHECK(cfg_gettoken(pctx, 0));
|
|
|
|
|
CHECK(cfg_parse_obj(pctx, f->type, &obj->value.tuple[fn]));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (fn = 1, f = &fields[1]; f->name != NULL; ++fn, ++f) {
|
|
|
|
|
if (obj->value.tuple[fn] == NULL) {
|
|
|
|
|
CHECK(cfg_parse_void(pctx, NULL,
|
|
|
|
|
&obj->value.tuple[fn]));
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2011-01-13 01:59:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
*ret = obj;
|
|
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
|
|
|
|
|
cleanup:
|
|
|
|
|
CLEANUP_OBJ(obj);
|
|
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
|
2012-05-31 02:03:34 +00:00
|
|
|
static void
|
|
|
|
|
cfg_print_kv_tuple(cfg_printer_t *pctx, const cfg_obj_t *obj) {
|
|
|
|
|
unsigned int i;
|
|
|
|
|
const cfg_tuplefielddef_t *fields, *f;
|
|
|
|
|
const cfg_obj_t *fieldobj;
|
|
|
|
|
|
|
|
|
|
fields = obj->type->of;
|
|
|
|
|
for (f = fields, i = 0; f->name != NULL; f++, i++) {
|
|
|
|
|
fieldobj = obj->value.tuple[i];
|
|
|
|
|
if (fieldobj->type->print == cfg_print_void) {
|
|
|
|
|
continue;
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2012-05-31 02:03:34 +00:00
|
|
|
if (i != 0) {
|
2015-01-06 22:57:57 -08:00
|
|
|
cfg_print_cstr(pctx, " ");
|
2012-05-31 02:03:34 +00:00
|
|
|
cfg_print_cstr(pctx, f->name);
|
2015-01-06 22:57:57 -08:00
|
|
|
cfg_print_cstr(pctx, " ");
|
2012-05-31 02:03:34 +00:00
|
|
|
}
|
|
|
|
|
cfg_print_obj(pctx, fieldobj);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
cfg_doc_kv_tuple(cfg_printer_t *pctx, const cfg_type_t *type) {
|
|
|
|
|
const cfg_tuplefielddef_t *fields, *f;
|
|
|
|
|
|
|
|
|
|
fields = type->of;
|
|
|
|
|
for (f = fields; f->name != NULL; f++) {
|
2022-02-25 16:33:30 -08:00
|
|
|
if ((f->flags & CFG_CLAUSEFLAG_NODOC) != 0) {
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2012-05-31 02:03:34 +00:00
|
|
|
if (f != fields) {
|
2015-01-06 22:57:57 -08:00
|
|
|
cfg_print_cstr(pctx, " [ ");
|
2012-05-31 02:03:34 +00:00
|
|
|
cfg_print_cstr(pctx, f->name);
|
|
|
|
|
if (f->type->doc != cfg_doc_void) {
|
2015-01-06 22:57:57 -08:00
|
|
|
cfg_print_cstr(pctx, " ");
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2012-05-31 02:03:34 +00:00
|
|
|
}
|
|
|
|
|
cfg_doc_obj(pctx, f->type);
|
|
|
|
|
if (f != fields) {
|
2015-01-06 22:57:57 -08:00
|
|
|
cfg_print_cstr(pctx, " ]");
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2012-05-31 02:03:34 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-10-28 23:25:46 -07:00
|
|
|
static keyword_type_t zone_kw = { "zone", &cfg_type_astring };
|
2012-05-31 02:03:34 +00:00
|
|
|
static cfg_type_t cfg_type_rpz_zone = { "zone", parse_keyvalue,
|
|
|
|
|
print_keyvalue, doc_keyvalue,
|
|
|
|
|
&cfg_rep_string, &zone_kw };
|
2013-07-12 14:46:47 -07:00
|
|
|
/*
|
|
|
|
|
* "no-op" is an obsolete equivalent of "passthru".
|
|
|
|
|
*/
|
2011-01-13 01:59:28 +00:00
|
|
|
static const char *rpz_policies[] = { "cname", "disabled", "drop",
|
2016-11-29 15:28:28 +11:00
|
|
|
"given", "no-op", "nodata",
|
|
|
|
|
"nxdomain", "passthru", "tcp-only",
|
|
|
|
|
NULL };
|
2012-05-31 02:03:34 +00:00
|
|
|
static cfg_type_t cfg_type_rpz_policy_name = {
|
|
|
|
|
"policy name", cfg_parse_enum, cfg_print_ustring,
|
|
|
|
|
doc_rpz_policy, &cfg_rep_string, &rpz_policies
|
|
|
|
|
};
|
|
|
|
|
static cfg_type_t cfg_type_rpz_cname = {
|
|
|
|
|
"quoted_string", cfg_parse_astring, NULL,
|
|
|
|
|
doc_rpz_cname, &cfg_rep_string, NULL
|
2011-01-13 01:59:28 +00:00
|
|
|
};
|
2012-05-31 02:03:34 +00:00
|
|
|
static cfg_tuplefielddef_t rpz_policy_fields[] = {
|
|
|
|
|
{ "policy name", &cfg_type_rpz_policy_name, 0 },
|
|
|
|
|
{ "cname", &cfg_type_rpz_cname, 0 },
|
|
|
|
|
{ NULL, NULL, 0 }
|
2011-01-13 01:59:28 +00:00
|
|
|
};
|
|
|
|
|
static cfg_type_t cfg_type_rpz_policy = { "policy tuple", cfg_parse_rpz_policy,
|
2012-05-31 02:03:34 +00:00
|
|
|
cfg_print_tuple, cfg_doc_tuple,
|
|
|
|
|
&cfg_rep_tuple, rpz_policy_fields };
|
|
|
|
|
static cfg_tuplefielddef_t rpz_zone_fields[] = {
|
|
|
|
|
{ "zone name", &cfg_type_rpz_zone, 0 },
|
2019-02-14 17:50:10 +11:00
|
|
|
{ "add-soa", &cfg_type_boolean, 0 },
|
2015-07-06 08:48:37 +05:30
|
|
|
{ "log", &cfg_type_boolean, 0 },
|
2019-09-02 15:46:28 +02:00
|
|
|
{ "max-policy-ttl", &cfg_type_duration, 0 },
|
|
|
|
|
{ "min-update-interval", &cfg_type_duration, 0 },
|
2016-05-05 16:29:05 +10:00
|
|
|
{ "policy", &cfg_type_rpz_policy, 0 },
|
|
|
|
|
{ "recursive-only", &cfg_type_boolean, 0 },
|
2017-09-11 11:53:42 -07:00
|
|
|
{ "nsip-enable", &cfg_type_boolean, 0 },
|
|
|
|
|
{ "nsdname-enable", &cfg_type_boolean, 0 },
|
2022-08-26 14:11:47 +00:00
|
|
|
{ "ede", &cfg_type_ustring, 0 },
|
2011-01-13 01:59:28 +00:00
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
2012-05-31 02:03:34 +00:00
|
|
|
static cfg_type_t cfg_type_rpz_tuple = { "rpz tuple", cfg_parse_kv_tuple,
|
|
|
|
|
cfg_print_kv_tuple, cfg_doc_kv_tuple,
|
|
|
|
|
&cfg_rep_tuple, rpz_zone_fields };
|
|
|
|
|
static cfg_type_t cfg_type_rpz_list = { "zone list",
|
|
|
|
|
cfg_parse_bracketed_list,
|
|
|
|
|
cfg_print_bracketed_list,
|
|
|
|
|
cfg_doc_bracketed_list,
|
|
|
|
|
&cfg_rep_list,
|
|
|
|
|
&cfg_type_rpz_tuple };
|
|
|
|
|
static cfg_tuplefielddef_t rpz_fields[] = {
|
|
|
|
|
{ "zone list", &cfg_type_rpz_list, 0 },
|
2019-02-14 17:50:10 +11:00
|
|
|
{ "add-soa", &cfg_type_boolean, 0 },
|
2012-05-31 02:03:34 +00:00
|
|
|
{ "break-dnssec", &cfg_type_boolean, 0 },
|
2019-09-02 15:46:28 +02:00
|
|
|
{ "max-policy-ttl", &cfg_type_duration, 0 },
|
|
|
|
|
{ "min-update-interval", &cfg_type_duration, 0 },
|
2013-02-25 12:46:51 -08:00
|
|
|
{ "min-ns-dots", &cfg_type_uint32, 0 },
|
2016-05-05 16:29:05 +10:00
|
|
|
{ "nsip-wait-recurse", &cfg_type_boolean, 0 },
|
Added RPZ configuration option "nsdname-wait-recurse"
This new option was added to fill a gap in RPZ configuration
options.
It was possible to instruct BIND wheter NSIP rewritting rules would
apply or not, as long as the required data was already in cache or not,
respectively, by means of the option nsip-wait-recurse.
A value of yes (default) could incur a little processing cost, since
BIND would need to recurse to find NS addresses in case they were not in
the cache.
This behavior could be changed by setting nsip-wait-recurse value to no,
in which case BIND would promptly return some error code if the NS IP addresses
data were not in cache, then BIND would start a recursive query
in background, so future similar requests would have the required data
(NS IPs) in cache, allowing BIND to apply NSIP rules accordingly.
A similar feature wasn't available for NSDNAME triggers, so this commit
adds the option nsdname-wait-recurse to fill this gap, as it was
expected by couple BIND users.
2020-03-02 14:52:10 -03:00
|
|
|
{ "nsdname-wait-recurse", &cfg_type_boolean, 0 },
|
2013-02-25 12:46:51 -08:00
|
|
|
{ "qname-wait-recurse", &cfg_type_boolean, 0 },
|
2016-05-05 16:29:05 +10:00
|
|
|
{ "recursive-only", &cfg_type_boolean, 0 },
|
2017-09-11 11:53:42 -07:00
|
|
|
{ "nsip-enable", &cfg_type_boolean, 0 },
|
|
|
|
|
{ "nsdname-enable", &cfg_type_boolean, 0 },
|
|
|
|
|
#ifdef USE_DNSRPS
|
|
|
|
|
{ "dnsrps-enable", &cfg_type_boolean, 0 },
|
|
|
|
|
{ "dnsrps-options", &cfg_type_bracketed_text, 0 },
|
2020-11-10 11:23:05 +01:00
|
|
|
#else /* ifdef USE_DNSRPS */
|
2017-09-11 11:53:42 -07:00
|
|
|
{ "dnsrps-enable", &cfg_type_boolean, CFG_CLAUSEFLAG_NOTCONFIGURED },
|
|
|
|
|
{ "dnsrps-options", &cfg_type_bracketed_text,
|
|
|
|
|
CFG_CLAUSEFLAG_NOTCONFIGURED },
|
|
|
|
|
#endif /* ifdef USE_DNSRPS */
|
2011-01-13 01:59:28 +00:00
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
static cfg_type_t cfg_type_rpz = { "rpz",
|
2012-05-31 02:03:34 +00:00
|
|
|
cfg_parse_kv_tuple,
|
|
|
|
|
cfg_print_kv_tuple,
|
|
|
|
|
cfg_doc_kv_tuple,
|
|
|
|
|
&cfg_rep_tuple,
|
|
|
|
|
rpz_fields };
|
2011-01-13 01:59:28 +00:00
|
|
|
|
2016-05-26 21:23:19 +02:00
|
|
|
/*
|
|
|
|
|
* Catalog zones
|
|
|
|
|
*/
|
|
|
|
|
static cfg_type_t cfg_type_catz_zone = { "zone", parse_keyvalue,
|
|
|
|
|
print_keyvalue, doc_keyvalue,
|
|
|
|
|
&cfg_rep_string, &zone_kw };
|
|
|
|
|
|
|
|
|
|
static cfg_tuplefielddef_t catz_zone_fields[] = {
|
|
|
|
|
{ "zone name", &cfg_type_catz_zone, 0 },
|
2022-02-25 16:33:30 -08:00
|
|
|
{ "default-masters", &cfg_type_namesockaddrkeylist,
|
|
|
|
|
CFG_CLAUSEFLAG_NODOC },
|
2021-09-03 00:56:47 +00:00
|
|
|
{ "default-primaries", &cfg_type_namesockaddrkeylist, 0 },
|
2016-05-31 10:36:27 -07:00
|
|
|
{ "zone-directory", &cfg_type_qstring, 0 },
|
2016-05-26 21:23:19 +02:00
|
|
|
{ "in-memory", &cfg_type_boolean, 0 },
|
2019-09-02 15:46:28 +02:00
|
|
|
{ "min-update-interval", &cfg_type_duration, 0 },
|
2016-05-26 21:23:19 +02:00
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
static cfg_type_t cfg_type_catz_tuple = {
|
|
|
|
|
"catz tuple", cfg_parse_kv_tuple, cfg_print_kv_tuple,
|
|
|
|
|
cfg_doc_kv_tuple, &cfg_rep_tuple, catz_zone_fields
|
|
|
|
|
};
|
|
|
|
|
static cfg_type_t cfg_type_catz_list = { "zone list",
|
|
|
|
|
cfg_parse_bracketed_list,
|
|
|
|
|
cfg_print_bracketed_list,
|
|
|
|
|
cfg_doc_bracketed_list,
|
|
|
|
|
&cfg_rep_list,
|
|
|
|
|
&cfg_type_catz_tuple };
|
|
|
|
|
static cfg_tuplefielddef_t catz_fields[] = {
|
|
|
|
|
{ "zone list", &cfg_type_catz_list, 0 }, { NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
static cfg_type_t cfg_type_catz = {
|
|
|
|
|
"catz", cfg_parse_kv_tuple, cfg_print_kv_tuple,
|
|
|
|
|
cfg_doc_kv_tuple, &cfg_rep_tuple, catz_fields
|
|
|
|
|
};
|
|
|
|
|
|
2013-02-25 10:49:30 -08:00
|
|
|
/*
|
|
|
|
|
* rate-limit
|
|
|
|
|
*/
|
|
|
|
|
static cfg_clausedef_t rrl_clauses[] = {
|
|
|
|
|
{ "all-per-second", &cfg_type_uint32, 0 },
|
2016-11-29 15:28:28 +11:00
|
|
|
{ "errors-per-second", &cfg_type_uint32, 0 },
|
|
|
|
|
{ "exempt-clients", &cfg_type_bracketed_aml, 0 },
|
2013-04-25 14:40:32 -07:00
|
|
|
{ "ipv4-prefix-length", &cfg_type_uint32, 0 },
|
|
|
|
|
{ "ipv6-prefix-length", &cfg_type_uint32, 0 },
|
2016-11-29 15:28:28 +11:00
|
|
|
{ "log-only", &cfg_type_boolean, 0 },
|
2013-02-25 10:49:30 -08:00
|
|
|
{ "max-table-size", &cfg_type_uint32, 0 },
|
|
|
|
|
{ "min-table-size", &cfg_type_uint32, 0 },
|
2016-11-29 15:28:28 +11:00
|
|
|
{ "nodata-per-second", &cfg_type_uint32, 0 },
|
|
|
|
|
{ "nxdomains-per-second", &cfg_type_uint32, 0 },
|
|
|
|
|
{ "qps-scale", &cfg_type_uint32, 0 },
|
|
|
|
|
{ "referrals-per-second", &cfg_type_uint32, 0 },
|
|
|
|
|
{ "responses-per-second", &cfg_type_uint32, 0 },
|
|
|
|
|
{ "slip", &cfg_type_uint32, 0 },
|
|
|
|
|
{ "window", &cfg_type_uint32, 0 },
|
2013-02-25 10:49:30 -08:00
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_clausedef_t *rrl_clausesets[] = { rrl_clauses, NULL };
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_rrl = { "rate-limit", cfg_parse_map, cfg_print_map,
|
|
|
|
|
cfg_doc_map, &cfg_rep_map, rrl_clausesets };
|
|
|
|
|
|
2014-01-12 21:29:15 +11:00
|
|
|
static isc_result_t
|
|
|
|
|
parse_optional_uint32(cfg_parser_t *pctx, const cfg_type_t *type,
|
|
|
|
|
cfg_obj_t **ret) {
|
|
|
|
|
isc_result_t result;
|
|
|
|
|
UNUSED(type);
|
|
|
|
|
|
|
|
|
|
CHECK(cfg_peektoken(pctx, ISC_LEXOPT_NUMBER | ISC_LEXOPT_CNUMBER));
|
|
|
|
|
if (pctx->token.type == isc_tokentype_number) {
|
|
|
|
|
CHECK(cfg_parse_obj(pctx, &cfg_type_uint32, ret));
|
|
|
|
|
} else {
|
|
|
|
|
CHECK(cfg_parse_obj(pctx, &cfg_type_void, ret));
|
|
|
|
|
}
|
|
|
|
|
cleanup:
|
|
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
doc_optional_uint32(cfg_printer_t *pctx, const cfg_type_t *type) {
|
|
|
|
|
UNUSED(type);
|
|
|
|
|
cfg_print_cstr(pctx, "[ <integer> ]");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_optional_uint32 = { "optional_uint32",
|
|
|
|
|
parse_optional_uint32,
|
|
|
|
|
NULL,
|
|
|
|
|
doc_optional_uint32,
|
2016-11-29 15:28:28 +11:00
|
|
|
NULL,
|
|
|
|
|
NULL };
|
2014-01-12 21:29:15 +11:00
|
|
|
|
|
|
|
|
static cfg_tuplefielddef_t prefetch_fields[] = {
|
|
|
|
|
{ "trigger", &cfg_type_uint32, 0 },
|
|
|
|
|
{ "eligible", &cfg_type_optional_uint32, 0 },
|
|
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_prefetch = { "prefetch", cfg_parse_tuple,
|
|
|
|
|
cfg_print_tuple, cfg_doc_tuple,
|
|
|
|
|
&cfg_rep_tuple, prefetch_fields };
|
2010-12-08 02:46:17 +00:00
|
|
|
/*
|
|
|
|
|
* DNS64.
|
|
|
|
|
*/
|
|
|
|
|
static cfg_clausedef_t dns64_clauses[] = {
|
2016-11-29 15:28:28 +11:00
|
|
|
{ "break-dnssec", &cfg_type_boolean, 0 },
|
2010-12-08 02:46:17 +00:00
|
|
|
{ "clients", &cfg_type_bracketed_aml, 0 },
|
|
|
|
|
{ "exclude", &cfg_type_bracketed_aml, 0 },
|
2016-11-29 15:28:28 +11:00
|
|
|
{ "mapped", &cfg_type_bracketed_aml, 0 },
|
2010-12-08 02:46:17 +00:00
|
|
|
{ "recursive-only", &cfg_type_boolean, 0 },
|
2016-11-29 15:28:28 +11:00
|
|
|
{ "suffix", &cfg_type_netaddr6, 0 },
|
2010-12-08 02:46:17 +00:00
|
|
|
{ NULL, NULL, 0 },
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_clausedef_t *dns64_clausesets[] = { dns64_clauses, NULL };
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_dns64 = { "dns64", cfg_parse_netprefix_map,
|
|
|
|
|
cfg_print_map, cfg_doc_map,
|
|
|
|
|
&cfg_rep_map, dns64_clausesets };
|
|
|
|
|
|
2020-12-18 16:24:56 -03:00
|
|
|
static const char *staleanswerclienttimeout_enums[] = { "disabled", "off",
|
|
|
|
|
NULL };
|
|
|
|
|
static isc_result_t
|
|
|
|
|
parse_staleanswerclienttimeout(cfg_parser_t *pctx, const cfg_type_t *type,
|
|
|
|
|
cfg_obj_t **ret) {
|
|
|
|
|
return (cfg_parse_enum_or_other(pctx, type, &cfg_type_uint32, ret));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
doc_staleanswerclienttimeout(cfg_printer_t *pctx, const cfg_type_t *type) {
|
|
|
|
|
cfg_doc_enum_or_other(pctx, type, &cfg_type_uint32);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_staleanswerclienttimeout = {
|
|
|
|
|
"staleanswerclienttimeout",
|
|
|
|
|
parse_staleanswerclienttimeout,
|
|
|
|
|
cfg_print_ustring,
|
|
|
|
|
doc_staleanswerclienttimeout,
|
|
|
|
|
&cfg_rep_string,
|
|
|
|
|
staleanswerclienttimeout_enums
|
|
|
|
|
};
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2002-01-04 02:32:16 +00:00
|
|
|
* Clauses that can be found within the 'view' statement,
|
|
|
|
|
* with defaults in the 'options' statement.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
static cfg_clausedef_t view_clauses[] = {
|
Remove a lot of obsoleted options
These options were ancient or made obsolete a long time ago, it is
safe to remove them.
Also stop printing ancient options, they should be treated the same as
unknown options.
Removed options: lwres, geoip-use-ecs, sit-secret, use-ixfr,
acache-cleaning-interval, acache-enable, additional-from-auth,
additional-from-cache, allow-v6-synthesis, dnssec-enable,
max-acache-size, nosit-udp-size, queryport-pool-ports,
queryport-pool-updateinterval, request-sit, use-queryport-pool, and
support-ixfr.
2020-12-08 15:08:32 +01:00
|
|
|
{ "acache-cleaning-interval", NULL, CFG_CLAUSEFLAG_ANCIENT },
|
|
|
|
|
{ "acache-enable", NULL, CFG_CLAUSEFLAG_ANCIENT },
|
|
|
|
|
{ "additional-from-auth", NULL, CFG_CLAUSEFLAG_ANCIENT },
|
|
|
|
|
{ "additional-from-cache", NULL, CFG_CLAUSEFLAG_ANCIENT },
|
2010-08-11 18:14:20 +00:00
|
|
|
{ "allow-new-zones", &cfg_type_boolean, 0 },
|
2004-10-21 00:58:33 +00:00
|
|
|
{ "allow-query-cache", &cfg_type_bracketed_aml, 0 },
|
2007-03-29 06:36:31 +00:00
|
|
|
{ "allow-query-cache-on", &cfg_type_bracketed_aml, 0 },
|
2002-01-04 02:32:16 +00:00
|
|
|
{ "allow-recursion", &cfg_type_bracketed_aml, 0 },
|
2007-03-29 06:36:31 +00:00
|
|
|
{ "allow-recursion-on", &cfg_type_bracketed_aml, 0 },
|
Remove a lot of obsoleted options
These options were ancient or made obsolete a long time ago, it is
safe to remove them.
Also stop printing ancient options, they should be treated the same as
unknown options.
Removed options: lwres, geoip-use-ecs, sit-secret, use-ixfr,
acache-cleaning-interval, acache-enable, additional-from-auth,
additional-from-cache, allow-v6-synthesis, dnssec-enable,
max-acache-size, nosit-udp-size, queryport-pool-ports,
queryport-pool-updateinterval, request-sit, use-queryport-pool, and
support-ixfr.
2020-12-08 15:08:32 +01:00
|
|
|
{ "allow-v6-synthesis", NULL, CFG_CLAUSEFLAG_ANCIENT },
|
2009-01-09 22:24:37 +00:00
|
|
|
{ "attach-cache", &cfg_type_astring, 0 },
|
2020-12-08 11:37:46 +01:00
|
|
|
{ "auth-nxdomain", &cfg_type_boolean, 0 },
|
2021-09-15 01:05:05 -07:00
|
|
|
{ "cache-file", &cfg_type_qstring, CFG_CLAUSEFLAG_ANCIENT },
|
2016-05-26 21:23:19 +02:00
|
|
|
{ "catalog-zones", &cfg_type_catz, 0 },
|
2008-04-03 02:01:08 +00:00
|
|
|
{ "check-names", &cfg_type_checknames, CFG_CLAUSEFLAG_MULTI },
|
Remove a lot of obsoleted options
These options were ancient or made obsolete a long time ago, it is
safe to remove them.
Also stop printing ancient options, they should be treated the same as
unknown options.
Removed options: lwres, geoip-use-ecs, sit-secret, use-ixfr,
acache-cleaning-interval, acache-enable, additional-from-auth,
additional-from-cache, allow-v6-synthesis, dnssec-enable,
max-acache-size, nosit-udp-size, queryport-pool-ports,
queryport-pool-updateinterval, request-sit, use-queryport-pool, and
support-ixfr.
2020-12-08 15:08:32 +01:00
|
|
|
{ "cleaning-interval", NULL, CFG_CLAUSEFLAG_ANCIENT },
|
2008-04-03 02:01:08 +00:00
|
|
|
{ "clients-per-query", &cfg_type_uint32, 0 },
|
2009-05-29 22:22:37 +00:00
|
|
|
{ "deny-answer-addresses", &cfg_type_denyaddresses, 0 },
|
|
|
|
|
{ "deny-answer-aliases", &cfg_type_denyaliases, 0 },
|
2004-01-14 02:06:51 +00:00
|
|
|
{ "disable-algorithms", &cfg_type_disablealgorithm,
|
|
|
|
|
CFG_CLAUSEFLAG_MULTI },
|
2012-10-03 12:38:43 +10:00
|
|
|
{ "disable-ds-digests", &cfg_type_disabledsdigest,
|
|
|
|
|
CFG_CLAUSEFLAG_MULTI },
|
2008-04-03 02:01:08 +00:00
|
|
|
{ "disable-empty-zone", &cfg_type_astring, CFG_CLAUSEFLAG_MULTI },
|
2010-12-08 02:46:17 +00:00
|
|
|
{ "dns64", &cfg_type_dns64, CFG_CLAUSEFLAG_MULTI },
|
2011-01-07 04:31:39 +00:00
|
|
|
{ "dns64-contact", &cfg_type_astring, 0 },
|
2017-08-31 08:40:33 +10:00
|
|
|
{ "dns64-server", &cfg_type_astring, 0 },
|
2017-09-11 11:53:42 -07:00
|
|
|
#ifdef USE_DNSRPS
|
|
|
|
|
{ "dnsrps-enable", &cfg_type_boolean, 0 },
|
|
|
|
|
{ "dnsrps-options", &cfg_type_bracketed_text, 0 },
|
2020-11-10 11:23:05 +01:00
|
|
|
#else /* ifdef USE_DNSRPS */
|
2017-09-11 11:53:42 -07:00
|
|
|
{ "dnsrps-enable", &cfg_type_boolean, CFG_CLAUSEFLAG_NOTCONFIGURED },
|
|
|
|
|
{ "dnsrps-options", &cfg_type_bracketed_text,
|
|
|
|
|
CFG_CLAUSEFLAG_NOTCONFIGURED },
|
|
|
|
|
#endif /* ifdef USE_DNSRPS */
|
2008-04-03 02:01:08 +00:00
|
|
|
{ "dnssec-accept-expired", &cfg_type_boolean, 0 },
|
Remove a lot of obsoleted options
These options were ancient or made obsolete a long time ago, it is
safe to remove them.
Also stop printing ancient options, they should be treated the same as
unknown options.
Removed options: lwres, geoip-use-ecs, sit-secret, use-ixfr,
acache-cleaning-interval, acache-enable, additional-from-auth,
additional-from-cache, allow-v6-synthesis, dnssec-enable,
max-acache-size, nosit-udp-size, queryport-pool-ports,
queryport-pool-updateinterval, request-sit, use-queryport-pool, and
support-ixfr.
2020-12-08 15:08:32 +01:00
|
|
|
{ "dnssec-enable", NULL, CFG_CLAUSEFLAG_ANCIENT },
|
|
|
|
|
{ "dnssec-lookaside", NULL,
|
|
|
|
|
CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_ANCIENT },
|
2004-04-15 23:40:27 +00:00
|
|
|
{ "dnssec-must-be-secure", &cfg_type_mustbesecure,
|
2023-09-04 13:08:48 +02:00
|
|
|
CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_DEPRECATED },
|
2011-01-03 23:45:08 +00:00
|
|
|
{ "dnssec-validation", &cfg_type_boolorauto, 0 },
|
2015-10-02 12:32:42 -07:00
|
|
|
#ifdef HAVE_DNSTAP
|
|
|
|
|
{ "dnstap", &cfg_type_dnstap, 0 },
|
2020-11-10 11:23:05 +01:00
|
|
|
#else /* ifdef HAVE_DNSTAP */
|
2015-10-02 12:32:42 -07:00
|
|
|
{ "dnstap", &cfg_type_dnstap, CFG_CLAUSEFLAG_NOTCONFIGURED },
|
|
|
|
|
#endif /* HAVE_DNSTAP */
|
2008-04-03 02:01:08 +00:00
|
|
|
{ "dual-stack-servers", &cfg_type_nameportiplist, 0 },
|
|
|
|
|
{ "edns-udp-size", &cfg_type_uint32, 0 },
|
|
|
|
|
{ "empty-contact", &cfg_type_astring, 0 },
|
|
|
|
|
{ "empty-server", &cfg_type_astring, 0 },
|
|
|
|
|
{ "empty-zones-enable", &cfg_type_boolean, 0 },
|
Remove a lot of obsoleted options
These options were ancient or made obsolete a long time ago, it is
safe to remove them.
Also stop printing ancient options, they should be treated the same as
unknown options.
Removed options: lwres, geoip-use-ecs, sit-secret, use-ixfr,
acache-cleaning-interval, acache-enable, additional-from-auth,
additional-from-cache, allow-v6-synthesis, dnssec-enable,
max-acache-size, nosit-udp-size, queryport-pool-ports,
queryport-pool-updateinterval, request-sit, use-queryport-pool, and
support-ixfr.
2020-12-08 15:08:32 +01:00
|
|
|
{ "fetch-glue", NULL, CFG_CLAUSEFLAG_ANCIENT },
|
2015-07-08 22:53:39 -07:00
|
|
|
{ "fetch-quota-params", &cfg_type_fetchquota, 0 },
|
|
|
|
|
{ "fetches-per-server", &cfg_type_fetchesper, 0 },
|
|
|
|
|
{ "fetches-per-zone", &cfg_type_fetchesper, 0 },
|
2020-12-14 10:36:17 +01:00
|
|
|
{ "filter-aaaa", &cfg_type_bracketed_aml, CFG_CLAUSEFLAG_ANCIENT },
|
|
|
|
|
{ "filter-aaaa-on-v4", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
|
|
|
|
|
{ "filter-aaaa-on-v6", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
|
2022-06-30 15:24:08 +02:00
|
|
|
{ "glue-cache", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
|
2018-07-05 15:29:30 +10:00
|
|
|
{ "ipv4only-enable", &cfg_type_boolean, 0 },
|
|
|
|
|
{ "ipv4only-contact", &cfg_type_astring, 0 },
|
|
|
|
|
{ "ipv4only-server", &cfg_type_astring, 0 },
|
2004-10-14 00:49:34 +00:00
|
|
|
{ "ixfr-from-differences", &cfg_type_ixfrdifftype, 0 },
|
2019-09-02 15:46:28 +02:00
|
|
|
{ "lame-ttl", &cfg_type_duration, 0 },
|
2017-04-26 23:43:35 +05:30
|
|
|
#ifdef HAVE_LMDB
|
|
|
|
|
{ "lmdb-mapsize", &cfg_type_sizeval, 0 },
|
2020-11-10 11:23:05 +01:00
|
|
|
#else /* ifdef HAVE_LMDB */
|
2020-12-08 11:34:15 +01:00
|
|
|
{ "lmdb-mapsize", &cfg_type_sizeval, CFG_CLAUSEFLAG_NOTCONFIGURED },
|
2017-04-26 23:43:35 +05:30
|
|
|
#endif /* ifdef HAVE_LMDB */
|
Remove a lot of obsoleted options
These options were ancient or made obsolete a long time ago, it is
safe to remove them.
Also stop printing ancient options, they should be treated the same as
unknown options.
Removed options: lwres, geoip-use-ecs, sit-secret, use-ixfr,
acache-cleaning-interval, acache-enable, additional-from-auth,
additional-from-cache, allow-v6-synthesis, dnssec-enable,
max-acache-size, nosit-udp-size, queryport-pool-ports,
queryport-pool-updateinterval, request-sit, use-queryport-pool, and
support-ixfr.
2020-12-08 15:08:32 +01:00
|
|
|
{ "max-acache-size", NULL, CFG_CLAUSEFLAG_ANCIENT },
|
2015-09-28 11:08:50 +02:00
|
|
|
{ "max-cache-size", &cfg_type_sizeorpercent, 0 },
|
2019-09-02 15:46:28 +02:00
|
|
|
{ "max-cache-ttl", &cfg_type_duration, 0 },
|
2005-06-27 00:15:45 +00:00
|
|
|
{ "max-clients-per-query", &cfg_type_uint32, 0 },
|
2019-09-02 15:46:28 +02:00
|
|
|
{ "max-ncache-ttl", &cfg_type_duration, 0 },
|
2014-11-17 23:24:44 -08:00
|
|
|
{ "max-recursion-depth", &cfg_type_uint32, 0 },
|
2014-11-18 22:00:40 -08:00
|
|
|
{ "max-recursion-queries", &cfg_type_uint32, 0 },
|
2019-09-02 15:46:28 +02:00
|
|
|
{ "max-stale-ttl", &cfg_type_duration, 0 },
|
2008-04-03 02:01:08 +00:00
|
|
|
{ "max-udp-size", &cfg_type_uint32, 0 },
|
2017-08-31 07:57:50 +10:00
|
|
|
{ "message-compression", &cfg_type_boolean, 0 },
|
2019-09-02 15:46:28 +02:00
|
|
|
{ "min-cache-ttl", &cfg_type_duration, 0 },
|
|
|
|
|
{ "min-ncache-ttl", &cfg_type_duration, 0 },
|
Remove a lot of obsoleted options
These options were ancient or made obsolete a long time ago, it is
safe to remove them.
Also stop printing ancient options, they should be treated the same as
unknown options.
Removed options: lwres, geoip-use-ecs, sit-secret, use-ixfr,
acache-cleaning-interval, acache-enable, additional-from-auth,
additional-from-cache, allow-v6-synthesis, dnssec-enable,
max-acache-size, nosit-udp-size, queryport-pool-ports,
queryport-pool-updateinterval, request-sit, use-queryport-pool, and
support-ixfr.
2020-12-08 15:08:32 +01:00
|
|
|
{ "min-roots", NULL, CFG_CLAUSEFLAG_ANCIENT },
|
2016-05-25 13:54:34 -07:00
|
|
|
{ "minimal-any", &cfg_type_boolean, 0 },
|
2016-08-12 10:48:51 +10:00
|
|
|
{ "minimal-responses", &cfg_type_minimal, 0 },
|
2017-04-23 23:16:53 -07:00
|
|
|
{ "new-zones-directory", &cfg_type_qstring, 0 },
|
2017-08-31 07:57:50 +10:00
|
|
|
{ "no-case-compress", &cfg_type_bracketed_aml, 0 },
|
|
|
|
|
{ "nocookie-udp-size", &cfg_type_uint32, 0 },
|
Remove a lot of obsoleted options
These options were ancient or made obsolete a long time ago, it is
safe to remove them.
Also stop printing ancient options, they should be treated the same as
unknown options.
Removed options: lwres, geoip-use-ecs, sit-secret, use-ixfr,
acache-cleaning-interval, acache-enable, additional-from-auth,
additional-from-cache, allow-v6-synthesis, dnssec-enable,
max-acache-size, nosit-udp-size, queryport-pool-ports,
queryport-pool-updateinterval, request-sit, use-queryport-pool, and
support-ixfr.
2020-12-08 15:08:32 +01:00
|
|
|
{ "nosit-udp-size", NULL, CFG_CLAUSEFLAG_ANCIENT },
|
2019-09-02 15:46:28 +02:00
|
|
|
{ "nta-lifetime", &cfg_type_duration, 0 },
|
|
|
|
|
{ "nta-recheck", &cfg_type_duration, 0 },
|
2015-04-23 16:57:15 +10:00
|
|
|
{ "nxdomain-redirect", &cfg_type_astring, 0 },
|
2008-04-03 02:01:08 +00:00
|
|
|
{ "preferred-glue", &cfg_type_astring, 0 },
|
2017-08-31 07:57:50 +10:00
|
|
|
{ "prefetch", &cfg_type_prefetch, 0 },
|
2008-04-03 02:01:08 +00:00
|
|
|
{ "provide-ixfr", &cfg_type_boolean, 0 },
|
2018-05-11 12:27:56 +02:00
|
|
|
{ "qname-minimization", &cfg_type_qminmethod, 0 },
|
2008-04-03 02:01:08 +00:00
|
|
|
/*
|
|
|
|
|
* Note that the query-source option syntax is different
|
|
|
|
|
* from the other -source options.
|
|
|
|
|
*/
|
|
|
|
|
{ "query-source", &cfg_type_querysource4, 0 },
|
|
|
|
|
{ "query-source-v6", &cfg_type_querysource6, 0 },
|
Remove a lot of obsoleted options
These options were ancient or made obsolete a long time ago, it is
safe to remove them.
Also stop printing ancient options, they should be treated the same as
unknown options.
Removed options: lwres, geoip-use-ecs, sit-secret, use-ixfr,
acache-cleaning-interval, acache-enable, additional-from-auth,
additional-from-cache, allow-v6-synthesis, dnssec-enable,
max-acache-size, nosit-udp-size, queryport-pool-ports,
queryport-pool-updateinterval, request-sit, use-queryport-pool, and
support-ixfr.
2020-12-08 15:08:32 +01:00
|
|
|
{ "queryport-pool-ports", NULL, CFG_CLAUSEFLAG_ANCIENT },
|
|
|
|
|
{ "queryport-pool-updateinterval", NULL, CFG_CLAUSEFLAG_ANCIENT },
|
2015-09-28 18:57:19 +10:00
|
|
|
{ "rate-limit", &cfg_type_rrl, 0 },
|
2008-04-03 02:01:08 +00:00
|
|
|
{ "recursion", &cfg_type_boolean, 0 },
|
|
|
|
|
{ "request-nsid", &cfg_type_boolean, 0 },
|
Remove a lot of obsoleted options
These options were ancient or made obsolete a long time ago, it is
safe to remove them.
Also stop printing ancient options, they should be treated the same as
unknown options.
Removed options: lwres, geoip-use-ecs, sit-secret, use-ixfr,
acache-cleaning-interval, acache-enable, additional-from-auth,
additional-from-cache, allow-v6-synthesis, dnssec-enable,
max-acache-size, nosit-udp-size, queryport-pool-ports,
queryport-pool-updateinterval, request-sit, use-queryport-pool, and
support-ixfr.
2020-12-08 15:08:32 +01:00
|
|
|
{ "request-sit", NULL, CFG_CLAUSEFLAG_ANCIENT },
|
2015-08-13 08:26:23 +10:00
|
|
|
{ "require-server-cookie", &cfg_type_boolean, 0 },
|
2017-09-06 09:58:29 +10:00
|
|
|
{ "resolver-nonbackoff-tries", &cfg_type_uint32, 0 },
|
2011-02-03 05:41:55 +00:00
|
|
|
{ "resolver-query-timeout", &cfg_type_uint32, 0 },
|
2017-09-06 09:58:29 +10:00
|
|
|
{ "resolver-retry-interval", &cfg_type_uint32, 0 },
|
2017-01-04 09:16:30 -08:00
|
|
|
{ "response-padding", &cfg_type_resppadding, 0 },
|
2015-09-28 18:57:19 +10:00
|
|
|
{ "response-policy", &cfg_type_rpz, 0 },
|
Remove a lot of obsoleted options
These options were ancient or made obsolete a long time ago, it is
safe to remove them.
Also stop printing ancient options, they should be treated the same as
unknown options.
Removed options: lwres, geoip-use-ecs, sit-secret, use-ixfr,
acache-cleaning-interval, acache-enable, additional-from-auth,
additional-from-cache, allow-v6-synthesis, dnssec-enable,
max-acache-size, nosit-udp-size, queryport-pool-ports,
queryport-pool-updateinterval, request-sit, use-queryport-pool, and
support-ixfr.
2020-12-08 15:08:32 +01:00
|
|
|
{ "rfc2308-type1", NULL, CFG_CLAUSEFLAG_ANCIENT },
|
2023-03-22 15:01:30 -07:00
|
|
|
{ "root-delegation-only", &cfg_type_optional_exclude,
|
2023-03-22 16:57:54 -07:00
|
|
|
CFG_CLAUSEFLAG_ANCIENT },
|
2018-03-13 15:17:22 +11:00
|
|
|
{ "root-key-sentinel", &cfg_type_boolean, 0 },
|
2008-04-03 02:01:08 +00:00
|
|
|
{ "rrset-order", &cfg_type_rrsetorder, 0 },
|
2015-07-06 09:44:24 +10:00
|
|
|
{ "send-cookie", &cfg_type_boolean, 0 },
|
2019-09-02 15:46:28 +02:00
|
|
|
{ "servfail-ttl", &cfg_type_duration, 0 },
|
2008-04-03 02:01:08 +00:00
|
|
|
{ "sortlist", &cfg_type_bracketed_aml, 0 },
|
2017-09-06 09:58:29 +10:00
|
|
|
{ "stale-answer-enable", &cfg_type_boolean, 0 },
|
2020-12-18 16:24:56 -03:00
|
|
|
{ "stale-answer-client-timeout", &cfg_type_staleanswerclienttimeout,
|
|
|
|
|
0 },
|
2019-09-02 15:46:28 +02:00
|
|
|
{ "stale-answer-ttl", &cfg_type_duration, 0 },
|
2020-07-21 10:38:55 +02:00
|
|
|
{ "stale-cache-enable", &cfg_type_boolean, 0 },
|
Add stale-refresh-time option
Before this update, BIND would attempt to do a full recursive resolution
process for each query received if the requested rrset had its ttl
expired. If the resolution fails for any reason, only then BIND would
check for stale rrset in cache (if 'stale-cache-enable' and
'stale-answer-enable' is on).
The problem with this approach is that if an authoritative server is
unreachable or is failing to respond, it is very unlikely that the
problem will be fixed in the next seconds.
A better approach to improve performance in those cases, is to mark the
moment in which a resolution failed, and if new queries arrive for that
same rrset, try to respond directly from the stale cache, and do that
for a window of time configured via 'stale-refresh-time'.
Only when this interval expires we then try to do a normal refresh of
the rrset.
The logic behind this commit is as following:
- In query.c / query_gotanswer(), if the test of 'result' variable falls
to the default case, an error is assumed to have happened, and a call
to 'query_usestale()' is made to check if serving of stale rrset is
enabled in configuration.
- If serving of stale answers is enabled, a flag will be turned on in
the query context to look for stale records:
query.c:6839
qctx->client->query.dboptions |= DNS_DBFIND_STALEOK;
- A call to query_lookup() will be made again, inside it a call to
'dns_db_findext()' is made, which in turn will invoke rbdb.c /
cache_find().
- In rbtdb.c / cache_find() the important bits of this change is the
call to 'check_stale_header()', which is a function that yields true
if we should skip the stale entry, or false if we should consider it.
- In check_stale_header() we now check if the DNS_DBFIND_STALEOK option
is set, if that is the case we know that this new search for stale
records was made due to a failure in a normal resolution, so we keep
track of the time in which the failured occured in rbtdb.c:4559:
header->last_refresh_fail_ts = search->now;
- In check_stale_header(), if DNS_DBFIND_STALEOK is not set, then we
know this is a normal lookup, if the record is stale and the query
time is between last failure time + stale-refresh-time window, then
we return false so cache_find() knows it can consider this stale
rrset entry to return as a response.
The last additions are two new methods to the database interface:
- setservestale_refresh
- getservestale_refresh
Those were added so rbtdb can be aware of the value set in configuration
option, since in that level we have no access to the view object.
2020-10-19 17:02:03 -03:00
|
|
|
{ "stale-refresh-time", &cfg_type_duration, 0 },
|
2020-12-08 11:26:08 +01:00
|
|
|
{ "suppress-initial-notify", &cfg_type_boolean,
|
2023-02-08 10:33:06 -08:00
|
|
|
CFG_CLAUSEFLAG_ANCIENT },
|
2017-08-31 07:57:50 +10:00
|
|
|
{ "synth-from-dnssec", &cfg_type_boolean, 0 },
|
Remove a lot of obsoleted options
These options were ancient or made obsolete a long time ago, it is
safe to remove them.
Also stop printing ancient options, they should be treated the same as
unknown options.
Removed options: lwres, geoip-use-ecs, sit-secret, use-ixfr,
acache-cleaning-interval, acache-enable, additional-from-auth,
additional-from-cache, allow-v6-synthesis, dnssec-enable,
max-acache-size, nosit-udp-size, queryport-pool-ports,
queryport-pool-updateinterval, request-sit, use-queryport-pool, and
support-ixfr.
2020-12-08 15:08:32 +01:00
|
|
|
{ "topology", NULL, CFG_CLAUSEFLAG_ANCIENT },
|
2008-04-03 02:01:08 +00:00
|
|
|
{ "transfer-format", &cfg_type_transferformat, 0 },
|
2016-11-29 15:28:28 +11:00
|
|
|
{ "trust-anchor-telemetry", &cfg_type_boolean,
|
|
|
|
|
CFG_CLAUSEFLAG_EXPERIMENTAL },
|
2019-07-22 02:26:39 +10:00
|
|
|
{ "resolver-use-dns64", &cfg_type_boolean, 0 },
|
Remove a lot of obsoleted options
These options were ancient or made obsolete a long time ago, it is
safe to remove them.
Also stop printing ancient options, they should be treated the same as
unknown options.
Removed options: lwres, geoip-use-ecs, sit-secret, use-ixfr,
acache-cleaning-interval, acache-enable, additional-from-auth,
additional-from-cache, allow-v6-synthesis, dnssec-enable,
max-acache-size, nosit-udp-size, queryport-pool-ports,
queryport-pool-updateinterval, request-sit, use-queryport-pool, and
support-ixfr.
2020-12-08 15:08:32 +01:00
|
|
|
{ "use-queryport-pool", NULL, CFG_CLAUSEFLAG_ANCIENT },
|
2018-04-30 16:10:17 -07:00
|
|
|
{ "validate-except", &cfg_type_namelist, 0 },
|
2015-09-28 18:57:19 +10:00
|
|
|
{ "v6-bias", &cfg_type_uint32, 0 },
|
2008-04-03 02:01:08 +00:00
|
|
|
{ "zero-no-soa-ttl-cache", &cfg_type_boolean, 0 },
|
2002-01-04 02:32:16 +00:00
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2002-01-04 02:32:16 +00:00
|
|
|
* Clauses that can be found within the 'view' statement only.
|
|
|
|
|
*/
|
|
|
|
|
static cfg_clausedef_t view_only_clauses[] = {
|
|
|
|
|
{ "match-clients", &cfg_type_bracketed_aml, 0 },
|
|
|
|
|
{ "match-destinations", &cfg_type_bracketed_aml, 0 },
|
|
|
|
|
{ "match-recursive-only", &cfg_type_boolean, 0 },
|
|
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
|
2008-04-02 02:37:42 +00:00
|
|
|
/*%
|
|
|
|
|
* Sig-validity-interval.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
static cfg_tuplefielddef_t validityinterval_fields[] = {
|
|
|
|
|
{ "validity", &cfg_type_uint32, 0 },
|
|
|
|
|
{ "re-sign", &cfg_type_optional_uint32, 0 },
|
|
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_validityinterval = {
|
|
|
|
|
"validityinterval", cfg_parse_tuple, cfg_print_tuple,
|
|
|
|
|
cfg_doc_tuple, &cfg_rep_tuple, validityinterval_fields
|
|
|
|
|
};
|
|
|
|
|
|
2023-03-08 14:56:08 +01:00
|
|
|
/*%
|
|
|
|
|
* Checkds type.
|
|
|
|
|
*/
|
|
|
|
|
static const char *checkds_enums[] = { "explicit", NULL };
|
|
|
|
|
static isc_result_t
|
|
|
|
|
parse_checkds_type(cfg_parser_t *pctx, const cfg_type_t *type,
|
|
|
|
|
cfg_obj_t **ret) {
|
|
|
|
|
return (cfg_parse_enum_or_other(pctx, type, &cfg_type_boolean, ret));
|
|
|
|
|
}
|
|
|
|
|
static void
|
|
|
|
|
doc_checkds_type(cfg_printer_t *pctx, const cfg_type_t *type) {
|
|
|
|
|
cfg_doc_enum_or_other(pctx, type, &cfg_type_boolean);
|
|
|
|
|
}
|
|
|
|
|
static cfg_type_t cfg_type_checkdstype = {
|
|
|
|
|
"checkdstype", parse_checkds_type, cfg_print_ustring,
|
|
|
|
|
doc_checkds_type, &cfg_rep_string, checkds_enums,
|
|
|
|
|
};
|
|
|
|
|
|
Introduce dnssec-policy configuration
This commit introduces the initial `dnssec-policy` configuration
statement. It has an initial set of options to deal with signature
and key maintenance.
Add some checks to ensure that dnssec-policy is configured at the
right locations, and that policies referenced to in zone statements
actually exist.
Add some checks that when a user adds the new `dnssec-policy`
configuration, it will no longer contain existing DNSSEC
configuration options. Specifically: `inline-signing`,
`auto-dnssec`, `dnssec-dnskey-kskonly`, `dnssec-secure-to-insecure`,
`update-check-ksk`, `dnssec-update-mode`, `dnskey-sig-validity`,
and `sig-validity-interval`.
Test a good kasp configuration, and some bad configurations.
2019-09-02 16:24:48 +02:00
|
|
|
/*%
|
|
|
|
|
* Clauses that can be found in a 'dnssec-policy' statement.
|
|
|
|
|
*/
|
|
|
|
|
static cfg_clausedef_t dnssecpolicy_clauses[] = {
|
2023-05-11 14:11:45 +02:00
|
|
|
{ "cdnskey", &cfg_type_boolean, 0 },
|
2023-02-10 15:18:36 +01:00
|
|
|
{ "cds-digest-types", &cfg_type_algorithmlist, 0 },
|
Introduce dnssec-policy configuration
This commit introduces the initial `dnssec-policy` configuration
statement. It has an initial set of options to deal with signature
and key maintenance.
Add some checks to ensure that dnssec-policy is configured at the
right locations, and that policies referenced to in zone statements
actually exist.
Add some checks that when a user adds the new `dnssec-policy`
configuration, it will no longer contain existing DNSSEC
configuration options. Specifically: `inline-signing`,
`auto-dnssec`, `dnssec-dnskey-kskonly`, `dnssec-secure-to-insecure`,
`update-check-ksk`, `dnssec-update-mode`, `dnskey-sig-validity`,
and `sig-validity-interval`.
Test a good kasp configuration, and some bad configurations.
2019-09-02 16:24:48 +02:00
|
|
|
{ "dnskey-ttl", &cfg_type_duration, 0 },
|
2023-04-03 17:00:36 +02:00
|
|
|
{ "inline-signing", &cfg_type_boolean, 0 },
|
Introduce dnssec-policy configuration
This commit introduces the initial `dnssec-policy` configuration
statement. It has an initial set of options to deal with signature
and key maintenance.
Add some checks to ensure that dnssec-policy is configured at the
right locations, and that policies referenced to in zone statements
actually exist.
Add some checks that when a user adds the new `dnssec-policy`
configuration, it will no longer contain existing DNSSEC
configuration options. Specifically: `inline-signing`,
`auto-dnssec`, `dnssec-dnskey-kskonly`, `dnssec-secure-to-insecure`,
`update-check-ksk`, `dnssec-update-mode`, `dnskey-sig-validity`,
and `sig-validity-interval`.
Test a good kasp configuration, and some bad configurations.
2019-09-02 16:24:48 +02:00
|
|
|
{ "keys", &cfg_type_kaspkeys, 0 },
|
2020-02-05 22:09:48 -08:00
|
|
|
{ "max-zone-ttl", &cfg_type_duration, 0 },
|
2020-10-09 14:19:10 +02:00
|
|
|
{ "nsec3param", &cfg_type_nsec3, 0 },
|
2020-02-05 22:09:48 -08:00
|
|
|
{ "parent-ds-ttl", &cfg_type_duration, 0 },
|
|
|
|
|
{ "parent-propagation-delay", &cfg_type_duration, 0 },
|
2020-07-31 09:58:59 +02:00
|
|
|
{ "parent-registration-delay", &cfg_type_duration,
|
2023-02-08 10:33:06 -08:00
|
|
|
CFG_CLAUSEFLAG_ANCIENT },
|
Introduce dnssec-policy configuration
This commit introduces the initial `dnssec-policy` configuration
statement. It has an initial set of options to deal with signature
and key maintenance.
Add some checks to ensure that dnssec-policy is configured at the
right locations, and that policies referenced to in zone statements
actually exist.
Add some checks that when a user adds the new `dnssec-policy`
configuration, it will no longer contain existing DNSSEC
configuration options. Specifically: `inline-signing`,
`auto-dnssec`, `dnssec-dnskey-kskonly`, `dnssec-secure-to-insecure`,
`update-check-ksk`, `dnssec-update-mode`, `dnskey-sig-validity`,
and `sig-validity-interval`.
Test a good kasp configuration, and some bad configurations.
2019-09-02 16:24:48 +02:00
|
|
|
{ "publish-safety", &cfg_type_duration, 0 },
|
2021-02-08 12:02:19 +01:00
|
|
|
{ "purge-keys", &cfg_type_duration, 0 },
|
Introduce dnssec-policy configuration
This commit introduces the initial `dnssec-policy` configuration
statement. It has an initial set of options to deal with signature
and key maintenance.
Add some checks to ensure that dnssec-policy is configured at the
right locations, and that policies referenced to in zone statements
actually exist.
Add some checks that when a user adds the new `dnssec-policy`
configuration, it will no longer contain existing DNSSEC
configuration options. Specifically: `inline-signing`,
`auto-dnssec`, `dnssec-dnskey-kskonly`, `dnssec-secure-to-insecure`,
`update-check-ksk`, `dnssec-update-mode`, `dnskey-sig-validity`,
and `sig-validity-interval`.
Test a good kasp configuration, and some bad configurations.
2019-09-02 16:24:48 +02:00
|
|
|
{ "retire-safety", &cfg_type_duration, 0 },
|
|
|
|
|
{ "signatures-refresh", &cfg_type_duration, 0 },
|
|
|
|
|
{ "signatures-validity", &cfg_type_duration, 0 },
|
|
|
|
|
{ "signatures-validity-dnskey", &cfg_type_duration, 0 },
|
2019-10-16 18:36:38 +02:00
|
|
|
{ "zone-propagation-delay", &cfg_type_duration, 0 },
|
Introduce dnssec-policy configuration
This commit introduces the initial `dnssec-policy` configuration
statement. It has an initial set of options to deal with signature
and key maintenance.
Add some checks to ensure that dnssec-policy is configured at the
right locations, and that policies referenced to in zone statements
actually exist.
Add some checks that when a user adds the new `dnssec-policy`
configuration, it will no longer contain existing DNSSEC
configuration options. Specifically: `inline-signing`,
`auto-dnssec`, `dnssec-dnskey-kskonly`, `dnssec-secure-to-insecure`,
`update-check-ksk`, `dnssec-update-mode`, `dnskey-sig-validity`,
and `sig-validity-interval`.
Test a good kasp configuration, and some bad configurations.
2019-09-02 16:24:48 +02:00
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2002-01-04 02:32:16 +00:00
|
|
|
* Clauses that can be found in a 'zone' statement,
|
|
|
|
|
* with defaults in the 'view' or 'options' statement.
|
2018-01-22 11:00:45 -08:00
|
|
|
*
|
|
|
|
|
* Note: CFG_ZONE_* options indicate in which zone types this clause is
|
|
|
|
|
* legal.
|
2002-01-04 02:32:16 +00:00
|
|
|
*/
|
2021-11-04 16:52:49 +02:00
|
|
|
/*
|
|
|
|
|
* NOTE: To enable syntax which allows specifying port and protocol
|
|
|
|
|
* within 'allow-*' clauses, replace 'cfg_type_bracketed_aml' with
|
|
|
|
|
* 'cfg_type_transport_acl'.
|
|
|
|
|
*
|
|
|
|
|
* Example: allow-transfer port 853 protocol tls { ... };
|
|
|
|
|
*/
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_clausedef_t zone_clauses[] = {
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "allow-notify", &cfg_type_bracketed_aml,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "allow-query", &cfg_type_bracketed_aml,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR |
|
|
|
|
|
CFG_ZONE_STUB | CFG_ZONE_REDIRECT | CFG_ZONE_STATICSTUB },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "allow-query-on", &cfg_type_bracketed_aml,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR |
|
|
|
|
|
CFG_ZONE_STUB | CFG_ZONE_REDIRECT | CFG_ZONE_STATICSTUB },
|
2021-11-04 16:52:49 +02:00
|
|
|
{ "allow-transfer", &cfg_type_transport_acl,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR },
|
|
|
|
|
{ "allow-update", &cfg_type_bracketed_aml, CFG_ZONE_PRIMARY },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "allow-update-forwarding", &cfg_type_bracketed_aml,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "also-notify", &cfg_type_namesockaddrkeylist,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "alt-transfer-source", &cfg_type_sockaddr4wild,
|
2022-11-23 08:13:25 +01:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR |
|
2022-12-02 16:38:52 +01:00
|
|
|
CFG_CLAUSEFLAG_ANCIENT },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "alt-transfer-source-v6", &cfg_type_sockaddr6wild,
|
2022-11-23 08:13:25 +01:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR |
|
2022-12-02 16:38:52 +01:00
|
|
|
CFG_CLAUSEFLAG_ANCIENT },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "auto-dnssec", &cfg_type_autodnssec,
|
2023-07-04 17:06:36 +02:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_CLAUSEFLAG_ANCIENT },
|
2021-08-25 22:31:18 -07:00
|
|
|
{ "check-dup-records", &cfg_type_checkmode, CFG_ZONE_PRIMARY },
|
|
|
|
|
{ "check-integrity", &cfg_type_boolean, CFG_ZONE_PRIMARY },
|
|
|
|
|
{ "check-mx", &cfg_type_checkmode, CFG_ZONE_PRIMARY },
|
|
|
|
|
{ "check-mx-cname", &cfg_type_checkmode, CFG_ZONE_PRIMARY },
|
|
|
|
|
{ "check-sibling", &cfg_type_boolean, CFG_ZONE_PRIMARY },
|
|
|
|
|
{ "check-spf", &cfg_type_warn, CFG_ZONE_PRIMARY },
|
|
|
|
|
{ "check-srv-cname", &cfg_type_checkmode, CFG_ZONE_PRIMARY },
|
2022-10-05 17:49:07 +11:00
|
|
|
{ "check-svcb", &cfg_type_boolean, CFG_ZONE_PRIMARY },
|
2021-08-25 22:31:18 -07:00
|
|
|
{ "check-wildcard", &cfg_type_boolean, CFG_ZONE_PRIMARY },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "dialup", &cfg_type_dialuptype,
|
2023-07-03 16:34:22 -07:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_ZONE_STUB |
|
|
|
|
|
CFG_CLAUSEFLAG_DEPRECATED },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "dnssec-dnskey-kskonly", &cfg_type_boolean,
|
2023-07-11 13:57:49 +02:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_CLAUSEFLAG_OBSOLETE },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "dnssec-loadkeys-interval", &cfg_type_uint32,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY },
|
2019-11-05 17:22:35 +01:00
|
|
|
{ "dnssec-policy", &cfg_type_astring,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY },
|
2022-11-07 14:40:28 +01:00
|
|
|
{ "dnssec-secure-to-insecure", &cfg_type_boolean,
|
|
|
|
|
CFG_ZONE_PRIMARY | CFG_CLAUSEFLAG_OBSOLETE },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "dnssec-update-mode", &cfg_type_dnssecupdatemode,
|
2023-07-11 16:49:45 +02:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_CLAUSEFLAG_OBSOLETE },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "forward", &cfg_type_forwardtype,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_ZONE_STUB |
|
2018-01-22 11:00:45 -08:00
|
|
|
CFG_ZONE_STATICSTUB | CFG_ZONE_FORWARD },
|
|
|
|
|
{ "forwarders", &cfg_type_portiplist,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_ZONE_STUB |
|
2018-01-22 11:00:45 -08:00
|
|
|
CFG_ZONE_STATICSTUB | CFG_ZONE_FORWARD },
|
|
|
|
|
{ "key-directory", &cfg_type_qstring,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY },
|
Remove a lot of obsoleted options
These options were ancient or made obsolete a long time ago, it is
safe to remove them.
Also stop printing ancient options, they should be treated the same as
unknown options.
Removed options: lwres, geoip-use-ecs, sit-secret, use-ixfr,
acache-cleaning-interval, acache-enable, additional-from-auth,
additional-from-cache, allow-v6-synthesis, dnssec-enable,
max-acache-size, nosit-udp-size, queryport-pool-ports,
queryport-pool-updateinterval, request-sit, use-queryport-pool, and
support-ixfr.
2020-12-08 15:08:32 +01:00
|
|
|
{ "maintain-ixfr-base", NULL, CFG_CLAUSEFLAG_ANCIENT },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "masterfile-format", &cfg_type_masterformat,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR |
|
|
|
|
|
CFG_ZONE_STUB | CFG_ZONE_REDIRECT },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "masterfile-style", &cfg_type_masterstyle,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR |
|
|
|
|
|
CFG_ZONE_STUB | CFG_ZONE_REDIRECT },
|
Remove a lot of obsoleted options
These options were ancient or made obsolete a long time ago, it is
safe to remove them.
Also stop printing ancient options, they should be treated the same as
unknown options.
Removed options: lwres, geoip-use-ecs, sit-secret, use-ixfr,
acache-cleaning-interval, acache-enable, additional-from-auth,
additional-from-cache, allow-v6-synthesis, dnssec-enable,
max-acache-size, nosit-udp-size, queryport-pool-ports,
queryport-pool-updateinterval, request-sit, use-queryport-pool, and
support-ixfr.
2020-12-08 15:08:32 +01:00
|
|
|
{ "max-ixfr-log-size", NULL, CFG_CLAUSEFLAG_ANCIENT },
|
2020-02-21 10:53:08 -08:00
|
|
|
{ "max-ixfr-ratio", &cfg_type_ixfrratio,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "max-journal-size", &cfg_type_size,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "max-records", &cfg_type_uint32,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR |
|
|
|
|
|
CFG_ZONE_STUB | CFG_ZONE_STATICSTUB | CFG_ZONE_REDIRECT },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "max-refresh-time", &cfg_type_uint32,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR | CFG_ZONE_STUB },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "max-retry-time", &cfg_type_uint32,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR | CFG_ZONE_STUB },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "max-transfer-idle-in", &cfg_type_uint32,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR | CFG_ZONE_STUB },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "max-transfer-idle-out", &cfg_type_uint32,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_MIRROR | CFG_ZONE_SECONDARY },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "max-transfer-time-in", &cfg_type_uint32,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR | CFG_ZONE_STUB },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "max-transfer-time-out", &cfg_type_uint32,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_MIRROR | CFG_ZONE_SECONDARY },
|
2020-02-06 15:41:47 +01:00
|
|
|
{ "max-zone-ttl", &cfg_type_maxduration,
|
2022-07-11 13:38:51 -07:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_REDIRECT | CFG_CLAUSEFLAG_DEPRECATED },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "min-refresh-time", &cfg_type_uint32,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR | CFG_ZONE_STUB },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "min-retry-time", &cfg_type_uint32,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR | CFG_ZONE_STUB },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "multi-master", &cfg_type_boolean,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR | CFG_ZONE_STUB },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "notify", &cfg_type_notifytype,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "notify-delay", &cfg_type_uint32,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "notify-source", &cfg_type_sockaddr4wild,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "notify-source-v6", &cfg_type_sockaddr6wild,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "notify-to-soa", &cfg_type_boolean,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "nsec3-test-zone", &cfg_type_boolean,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_CLAUSEFLAG_TESTONLY | CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY },
|
2021-05-14 11:33:51 +02:00
|
|
|
{ "parental-source", &cfg_type_sockaddr4wild,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY },
|
2021-05-14 11:33:51 +02:00
|
|
|
{ "parental-source-v6", &cfg_type_sockaddr6wild,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "request-expire", &cfg_type_boolean,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR },
|
|
|
|
|
{ "request-ixfr", &cfg_type_boolean,
|
|
|
|
|
CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR },
|
|
|
|
|
{ "serial-update-method", &cfg_type_updatemethod, CFG_ZONE_PRIMARY },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "sig-signing-nodes", &cfg_type_uint32,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "sig-signing-signatures", &cfg_type_uint32,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "sig-signing-type", &cfg_type_uint32,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "sig-validity-interval", &cfg_type_validityinterval,
|
2023-07-05 10:59:24 +02:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_CLAUSEFLAG_OBSOLETE },
|
2018-03-12 22:14:26 -07:00
|
|
|
{ "dnskey-sig-validity", &cfg_type_uint32,
|
2023-07-05 10:59:24 +02:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_CLAUSEFLAG_OBSOLETE },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "transfer-source", &cfg_type_sockaddr4wild,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR | CFG_ZONE_STUB },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "transfer-source-v6", &cfg_type_sockaddr6wild,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR | CFG_ZONE_STUB },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "try-tcp-refresh", &cfg_type_boolean,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "update-check-ksk", &cfg_type_boolean,
|
2023-07-11 13:57:49 +02:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_CLAUSEFLAG_OBSOLETE },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "use-alt-transfer-source", &cfg_type_boolean,
|
2022-11-23 08:13:25 +01:00
|
|
|
CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR | CFG_ZONE_STUB |
|
2022-12-02 16:38:52 +01:00
|
|
|
CFG_CLAUSEFLAG_ANCIENT },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "zero-no-soa-ttl", &cfg_type_boolean,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "zone-statistics", &cfg_type_zonestat,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR |
|
|
|
|
|
CFG_ZONE_STUB | CFG_ZONE_STATICSTUB | CFG_ZONE_REDIRECT },
|
2002-01-04 02:32:16 +00:00
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2018-01-22 11:00:45 -08:00
|
|
|
* Clauses that can be found in a 'zone' statement only.
|
|
|
|
|
*
|
|
|
|
|
* Note: CFG_ZONE_* options indicate in which zone types this clause is
|
|
|
|
|
* legal.
|
2002-01-04 02:32:16 +00:00
|
|
|
*/
|
|
|
|
|
static cfg_clausedef_t zone_only_clauses[] = {
|
|
|
|
|
/*
|
|
|
|
|
* Note that the format of the check-names option is different between
|
|
|
|
|
* the zone options and the global/view options. Ugh.
|
|
|
|
|
*/
|
2018-01-22 13:18:50 -08:00
|
|
|
{ "type", &cfg_type_zonetype,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR |
|
|
|
|
|
CFG_ZONE_STUB | CFG_ZONE_STATICSTUB | CFG_ZONE_DELEGATION |
|
|
|
|
|
CFG_ZONE_HINT | CFG_ZONE_REDIRECT | CFG_ZONE_FORWARD },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "check-names", &cfg_type_checkmode,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR |
|
|
|
|
|
CFG_ZONE_HINT | CFG_ZONE_STUB },
|
2023-03-08 14:56:08 +01:00
|
|
|
{ "checkds", &cfg_type_checkdstype,
|
|
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "database", &cfg_type_astring,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR |
|
|
|
|
|
CFG_ZONE_STUB },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "delegation-only", &cfg_type_boolean,
|
2023-03-22 15:01:30 -07:00
|
|
|
CFG_ZONE_HINT | CFG_ZONE_STUB | CFG_ZONE_FORWARD |
|
2023-03-22 16:57:54 -07:00
|
|
|
CFG_CLAUSEFLAG_ANCIENT },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "dlz", &cfg_type_astring,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_ZONE_REDIRECT },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "file", &cfg_type_qstring,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR |
|
|
|
|
|
CFG_ZONE_STUB | CFG_ZONE_HINT | CFG_ZONE_REDIRECT },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "in-view", &cfg_type_astring, CFG_ZONE_INVIEW },
|
2021-02-26 10:00:09 +11:00
|
|
|
{ "inline-signing", &cfg_type_boolean,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY },
|
Remove a lot of obsoleted options
These options were ancient or made obsolete a long time ago, it is
safe to remove them.
Also stop printing ancient options, they should be treated the same as
unknown options.
Removed options: lwres, geoip-use-ecs, sit-secret, use-ixfr,
acache-cleaning-interval, acache-enable, additional-from-auth,
additional-from-cache, allow-v6-synthesis, dnssec-enable,
max-acache-size, nosit-udp-size, queryport-pool-ports,
queryport-pool-updateinterval, request-sit, use-queryport-pool, and
support-ixfr.
2020-12-08 15:08:32 +01:00
|
|
|
{ "ixfr-base", NULL, CFG_CLAUSEFLAG_ANCIENT },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "ixfr-from-differences", &cfg_type_boolean,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR },
|
Remove a lot of obsoleted options
These options were ancient or made obsolete a long time ago, it is
safe to remove them.
Also stop printing ancient options, they should be treated the same as
unknown options.
Removed options: lwres, geoip-use-ecs, sit-secret, use-ixfr,
acache-cleaning-interval, acache-enable, additional-from-auth,
additional-from-cache, allow-v6-synthesis, dnssec-enable,
max-acache-size, nosit-udp-size, queryport-pool-ports,
queryport-pool-updateinterval, request-sit, use-queryport-pool, and
support-ixfr.
2020-12-08 15:08:32 +01:00
|
|
|
{ "ixfr-tmp-file", NULL, CFG_CLAUSEFLAG_ANCIENT },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "journal", &cfg_type_qstring,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR },
|
2018-01-22 11:00:45 -08:00
|
|
|
{ "masters", &cfg_type_namesockaddrkeylist,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR | CFG_ZONE_STUB |
|
2022-02-25 16:33:30 -08:00
|
|
|
CFG_ZONE_REDIRECT | CFG_CLAUSEFLAG_NODOC },
|
2021-05-07 11:36:40 +02:00
|
|
|
{ "parental-agents", &cfg_type_namesockaddrkeylist,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY },
|
2020-06-17 02:02:27 -07:00
|
|
|
{ "primaries", &cfg_type_namesockaddrkeylist,
|
2021-08-25 22:31:18 -07:00
|
|
|
CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR | CFG_ZONE_STUB |
|
2020-06-17 02:02:27 -07:00
|
|
|
CFG_ZONE_REDIRECT },
|
Remove a lot of obsoleted options
These options were ancient or made obsolete a long time ago, it is
safe to remove them.
Also stop printing ancient options, they should be treated the same as
unknown options.
Removed options: lwres, geoip-use-ecs, sit-secret, use-ixfr,
acache-cleaning-interval, acache-enable, additional-from-auth,
additional-from-cache, allow-v6-synthesis, dnssec-enable,
max-acache-size, nosit-udp-size, queryport-pool-ports,
queryport-pool-updateinterval, request-sit, use-queryport-pool, and
support-ixfr.
2020-12-08 15:08:32 +01:00
|
|
|
{ "pubkey", NULL, CFG_CLAUSEFLAG_ANCIENT },
|
2018-10-18 15:48:44 +02:00
|
|
|
{ "server-addresses", &cfg_type_bracketed_netaddrlist,
|
2018-01-22 11:00:45 -08:00
|
|
|
CFG_ZONE_STATICSTUB },
|
|
|
|
|
{ "server-names", &cfg_type_namelist, CFG_ZONE_STATICSTUB },
|
2021-08-25 22:31:18 -07:00
|
|
|
{ "update-policy", &cfg_type_updatepolicy, CFG_ZONE_PRIMARY },
|
2002-01-04 02:32:16 +00:00
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*% The top-level named.conf syntax. */
|
2002-01-04 02:32:16 +00:00
|
|
|
|
|
|
|
|
static cfg_clausedef_t *namedconf_clausesets[] = { namedconf_clauses,
|
|
|
|
|
namedconf_or_view_clauses,
|
|
|
|
|
NULL };
|
2021-06-10 08:06:48 +02:00
|
|
|
cfg_type_t cfg_type_namedconf = { "namedconf", cfg_parse_mapbody,
|
|
|
|
|
cfg_print_mapbody, cfg_doc_mapbody,
|
|
|
|
|
&cfg_rep_map, namedconf_clausesets };
|
2002-01-04 02:32:16 +00:00
|
|
|
|
2019-12-04 11:06:40 +01:00
|
|
|
/*% The bind.keys syntax (trust-anchors/managed-keys/trusted-keys only). */
|
2009-03-04 02:42:31 +00:00
|
|
|
static cfg_clausedef_t *bindkeys_clausesets[] = { bindkeys_clauses, NULL };
|
2021-06-10 08:06:48 +02:00
|
|
|
cfg_type_t cfg_type_bindkeys = { "bindkeys", cfg_parse_mapbody,
|
|
|
|
|
cfg_print_mapbody, cfg_doc_mapbody,
|
|
|
|
|
&cfg_rep_map, bindkeys_clausesets };
|
2009-03-04 02:42:31 +00:00
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*% The "options" statement syntax. */
|
2002-01-04 02:32:16 +00:00
|
|
|
|
|
|
|
|
static cfg_clausedef_t *options_clausesets[] = { options_clauses, view_clauses,
|
|
|
|
|
zone_clauses, NULL };
|
|
|
|
|
static cfg_type_t cfg_type_options = { "options", cfg_parse_map,
|
2016-11-29 15:28:28 +11:00
|
|
|
cfg_print_map, cfg_doc_map,
|
|
|
|
|
&cfg_rep_map, options_clausesets };
|
2002-01-04 02:32:16 +00:00
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*% The "view" statement syntax. */
|
2002-01-04 02:32:16 +00:00
|
|
|
|
|
|
|
|
static cfg_clausedef_t *view_clausesets[] = { view_only_clauses,
|
|
|
|
|
namedconf_or_view_clauses,
|
|
|
|
|
view_clauses, zone_clauses,
|
|
|
|
|
NULL };
|
2015-09-28 18:57:19 +10:00
|
|
|
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_type_t cfg_type_viewopts = { "view", cfg_parse_map,
|
2015-09-28 18:57:19 +10:00
|
|
|
cfg_print_map, cfg_doc_map,
|
|
|
|
|
&cfg_rep_map, view_clausesets };
|
2002-01-04 02:32:16 +00:00
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*% The "zone" statement syntax. */
|
2002-01-04 02:32:16 +00:00
|
|
|
|
|
|
|
|
static cfg_clausedef_t *zone_clausesets[] = { zone_only_clauses, zone_clauses,
|
|
|
|
|
NULL };
|
2021-06-10 08:06:48 +02:00
|
|
|
cfg_type_t cfg_type_zoneopts = { "zoneopts", cfg_parse_map, cfg_print_map,
|
|
|
|
|
cfg_doc_map, &cfg_rep_map, zone_clausesets };
|
2008-01-18 23:46:58 +00:00
|
|
|
|
Introduce dnssec-policy configuration
This commit introduces the initial `dnssec-policy` configuration
statement. It has an initial set of options to deal with signature
and key maintenance.
Add some checks to ensure that dnssec-policy is configured at the
right locations, and that policies referenced to in zone statements
actually exist.
Add some checks that when a user adds the new `dnssec-policy`
configuration, it will no longer contain existing DNSSEC
configuration options. Specifically: `inline-signing`,
`auto-dnssec`, `dnssec-dnskey-kskonly`, `dnssec-secure-to-insecure`,
`update-check-ksk`, `dnssec-update-mode`, `dnskey-sig-validity`,
and `sig-validity-interval`.
Test a good kasp configuration, and some bad configurations.
2019-09-02 16:24:48 +02:00
|
|
|
/*% The "dnssec-policy" statement syntax. */
|
|
|
|
|
static cfg_clausedef_t *dnssecpolicy_clausesets[] = { dnssecpolicy_clauses,
|
|
|
|
|
NULL };
|
2021-06-10 08:06:48 +02:00
|
|
|
cfg_type_t cfg_type_dnssecpolicyopts = {
|
Introduce dnssec-policy configuration
This commit introduces the initial `dnssec-policy` configuration
statement. It has an initial set of options to deal with signature
and key maintenance.
Add some checks to ensure that dnssec-policy is configured at the
right locations, and that policies referenced to in zone statements
actually exist.
Add some checks that when a user adds the new `dnssec-policy`
configuration, it will no longer contain existing DNSSEC
configuration options. Specifically: `inline-signing`,
`auto-dnssec`, `dnssec-dnskey-kskonly`, `dnssec-secure-to-insecure`,
`update-check-ksk`, `dnssec-update-mode`, `dnskey-sig-validity`,
and `sig-validity-interval`.
Test a good kasp configuration, and some bad configurations.
2019-09-02 16:24:48 +02:00
|
|
|
"dnssecpolicyopts", cfg_parse_map, cfg_print_map,
|
|
|
|
|
cfg_doc_map, &cfg_rep_map, dnssecpolicy_clausesets
|
|
|
|
|
};
|
|
|
|
|
|
2005-09-05 00:12:29 +00:00
|
|
|
/*% The "dynamically loadable zones" statement syntax. */
|
2008-01-18 23:46:58 +00:00
|
|
|
|
2014-08-26 15:01:29 +10:00
|
|
|
static cfg_clausedef_t dlz_clauses[] = { { "database", &cfg_type_astring, 0 },
|
|
|
|
|
{ "search", &cfg_type_boolean, 0 },
|
|
|
|
|
{ NULL, NULL, 0 } };
|
2005-09-05 00:12:29 +00:00
|
|
|
static cfg_clausedef_t *dlz_clausesets[] = { dlz_clauses, NULL };
|
2014-08-26 15:01:29 +10:00
|
|
|
static cfg_type_t cfg_type_dlz = { "dlz", cfg_parse_named_map,
|
|
|
|
|
cfg_print_map, cfg_doc_map,
|
|
|
|
|
&cfg_rep_map, dlz_clausesets };
|
2008-01-18 23:46:58 +00:00
|
|
|
|
2015-09-28 23:12:35 -07:00
|
|
|
/*%
|
|
|
|
|
* The "dyndb" statement syntax.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
static cfg_tuplefielddef_t dyndb_fields[] = {
|
|
|
|
|
{ "name", &cfg_type_astring, 0 },
|
|
|
|
|
{ "library", &cfg_type_qstring, 0 },
|
|
|
|
|
{ "parameters", &cfg_type_bracketed_text, 0 },
|
|
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_dyndb = { "dyndb", cfg_parse_tuple,
|
|
|
|
|
cfg_print_tuple, cfg_doc_tuple,
|
|
|
|
|
&cfg_rep_tuple, dyndb_fields };
|
|
|
|
|
|
2018-08-12 11:19:36 -07:00
|
|
|
/*%
|
2018-11-30 15:32:03 -08:00
|
|
|
* The "plugin" statement syntax.
|
|
|
|
|
* Currently only one plugin type is supported: query.
|
2018-08-12 11:19:36 -07:00
|
|
|
*/
|
|
|
|
|
|
2018-11-30 15:32:03 -08:00
|
|
|
static const char *plugin_enums[] = { "query", NULL };
|
|
|
|
|
static cfg_type_t cfg_type_plugintype = { "plugintype", cfg_parse_enum,
|
|
|
|
|
cfg_print_ustring, cfg_doc_enum,
|
|
|
|
|
&cfg_rep_string, plugin_enums };
|
|
|
|
|
static cfg_tuplefielddef_t plugin_fields[] = {
|
|
|
|
|
{ "type", &cfg_type_plugintype, 0 },
|
2018-08-12 11:19:36 -07:00
|
|
|
{ "library", &cfg_type_astring, 0 },
|
|
|
|
|
{ "parameters", &cfg_type_optional_bracketed_text, 0 },
|
|
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
2018-11-30 15:32:03 -08:00
|
|
|
static cfg_type_t cfg_type_plugin = { "plugin", cfg_parse_tuple,
|
|
|
|
|
cfg_print_tuple, cfg_doc_tuple,
|
|
|
|
|
&cfg_rep_tuple, plugin_fields };
|
2018-08-12 11:19:36 -07:00
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2002-01-04 02:32:16 +00:00
|
|
|
* Clauses that can be found within the 'key' statement.
|
|
|
|
|
*/
|
|
|
|
|
static cfg_clausedef_t key_clauses[] = { { "algorithm", &cfg_type_astring, 0 },
|
2014-01-10 16:56:36 +11:00
|
|
|
{ "secret", &cfg_type_sstring, 0 },
|
2002-01-04 02:32:16 +00:00
|
|
|
{ NULL, NULL, 0 } };
|
|
|
|
|
|
2016-11-29 15:28:28 +11:00
|
|
|
static cfg_clausedef_t *key_clausesets[] = { key_clauses, NULL };
|
2003-02-26 06:04:03 +00:00
|
|
|
static cfg_type_t cfg_type_key = { "key", cfg_parse_named_map,
|
2016-11-29 15:28:28 +11:00
|
|
|
cfg_print_map, cfg_doc_map,
|
2008-01-18 23:46:58 +00:00
|
|
|
&cfg_rep_map, key_clausesets };
|
2002-01-04 02:32:16 +00:00
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2002-01-04 02:32:16 +00:00
|
|
|
* Clauses that can be found in a 'server' statement.
|
2021-12-01 14:52:31 +11:00
|
|
|
*
|
2022-12-16 10:39:15 +00:00
|
|
|
* Please update lib/isccfg/check.c and
|
2021-12-01 14:52:31 +11:00
|
|
|
* bin/tests/system/checkconf/good-server-christmas-tree.conf.in to
|
|
|
|
|
* exercise the new clause when adding new clauses.
|
2002-01-04 02:32:16 +00:00
|
|
|
*/
|
|
|
|
|
static cfg_clausedef_t server_clauses[] = {
|
|
|
|
|
{ "bogus", &cfg_type_boolean, 0 },
|
2014-07-22 14:00:27 +10:00
|
|
|
{ "edns", &cfg_type_boolean, 0 },
|
|
|
|
|
{ "edns-udp-size", &cfg_type_uint32, 0 },
|
2014-09-10 15:31:40 +10:00
|
|
|
{ "edns-version", &cfg_type_uint32, 0 },
|
2014-07-22 14:00:27 +10:00
|
|
|
{ "keys", &cfg_type_server_key_kludge, 0 },
|
|
|
|
|
{ "max-udp-size", &cfg_type_uint32, 0 },
|
|
|
|
|
{ "notify-source", &cfg_type_sockaddr4wild, 0 },
|
|
|
|
|
{ "notify-source-v6", &cfg_type_sockaddr6wild, 0 },
|
2017-01-04 09:16:30 -08:00
|
|
|
{ "padding", &cfg_type_uint32, 0 },
|
2002-01-04 02:32:16 +00:00
|
|
|
{ "provide-ixfr", &cfg_type_boolean, 0 },
|
2014-07-22 14:00:27 +10:00
|
|
|
{ "query-source", &cfg_type_querysource4, 0 },
|
|
|
|
|
{ "query-source-v6", &cfg_type_querysource6, 0 },
|
2014-08-06 11:50:40 +10:00
|
|
|
{ "request-expire", &cfg_type_boolean, 0 },
|
2002-01-04 02:32:16 +00:00
|
|
|
{ "request-ixfr", &cfg_type_boolean, 0 },
|
2014-07-22 14:00:27 +10:00
|
|
|
{ "request-nsid", &cfg_type_boolean, 0 },
|
Remove a lot of obsoleted options
These options were ancient or made obsolete a long time ago, it is
safe to remove them.
Also stop printing ancient options, they should be treated the same as
unknown options.
Removed options: lwres, geoip-use-ecs, sit-secret, use-ixfr,
acache-cleaning-interval, acache-enable, additional-from-auth,
additional-from-cache, allow-v6-synthesis, dnssec-enable,
max-acache-size, nosit-udp-size, queryport-pool-ports,
queryport-pool-updateinterval, request-sit, use-queryport-pool, and
support-ixfr.
2020-12-08 15:08:32 +01:00
|
|
|
{ "request-sit", NULL, CFG_CLAUSEFLAG_ANCIENT },
|
2020-11-24 10:44:40 +11:00
|
|
|
{ "require-cookie", &cfg_type_boolean, 0 },
|
2015-07-06 09:44:24 +10:00
|
|
|
{ "send-cookie", &cfg_type_boolean, 0 },
|
Remove a lot of obsoleted options
These options were ancient or made obsolete a long time ago, it is
safe to remove them.
Also stop printing ancient options, they should be treated the same as
unknown options.
Removed options: lwres, geoip-use-ecs, sit-secret, use-ixfr,
acache-cleaning-interval, acache-enable, additional-from-auth,
additional-from-cache, allow-v6-synthesis, dnssec-enable,
max-acache-size, nosit-udp-size, queryport-pool-ports,
queryport-pool-updateinterval, request-sit, use-queryport-pool, and
support-ixfr.
2020-12-08 15:08:32 +01:00
|
|
|
{ "support-ixfr", NULL, CFG_CLAUSEFLAG_ANCIENT },
|
2017-08-14 07:00:02 +00:00
|
|
|
{ "tcp-keepalive", &cfg_type_boolean, 0 },
|
|
|
|
|
{ "tcp-only", &cfg_type_boolean, 0 },
|
2002-01-04 02:32:16 +00:00
|
|
|
{ "transfer-format", &cfg_type_transferformat, 0 },
|
2003-09-25 18:16:50 +00:00
|
|
|
{ "transfer-source", &cfg_type_sockaddr4wild, 0 },
|
|
|
|
|
{ "transfer-source-v6", &cfg_type_sockaddr6wild, 0 },
|
2014-07-22 14:00:27 +10:00
|
|
|
{ "transfers", &cfg_type_uint32, 0 },
|
2002-01-04 02:32:16 +00:00
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
static cfg_clausedef_t *server_clausesets[] = { server_clauses, NULL };
|
|
|
|
|
static cfg_type_t cfg_type_server = { "server", cfg_parse_netprefix_map,
|
2016-11-29 15:28:28 +11:00
|
|
|
cfg_print_map, cfg_doc_map,
|
|
|
|
|
&cfg_rep_map, server_clausesets };
|
2002-01-04 02:32:16 +00:00
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2002-01-04 02:32:16 +00:00
|
|
|
* Clauses that can be found in a 'channel' clause in the
|
|
|
|
|
* 'logging' statement.
|
|
|
|
|
*
|
|
|
|
|
* These have some additional constraints that need to be
|
|
|
|
|
* checked after parsing:
|
|
|
|
|
* - There must exactly one of file/syslog/null/stderr
|
|
|
|
|
*/
|
2016-11-22 23:34:47 -08:00
|
|
|
|
|
|
|
|
static const char *printtime_enums[] = { "iso8601", "iso8601-utc", "local",
|
2016-11-29 15:28:28 +11:00
|
|
|
NULL };
|
2016-11-22 23:34:47 -08:00
|
|
|
static isc_result_t
|
|
|
|
|
parse_printtime(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
|
2018-08-12 23:06:00 -07:00
|
|
|
return (cfg_parse_enum_or_other(pctx, type, &cfg_type_boolean, ret));
|
2016-11-22 23:34:47 -08:00
|
|
|
}
|
|
|
|
|
static void
|
|
|
|
|
doc_printtime(cfg_printer_t *pctx, const cfg_type_t *type) {
|
2018-08-12 23:06:00 -07:00
|
|
|
cfg_doc_enum_or_other(pctx, type, &cfg_type_boolean);
|
2016-11-22 23:34:47 -08:00
|
|
|
}
|
|
|
|
|
static cfg_type_t cfg_type_printtime = { "printtime", parse_printtime,
|
|
|
|
|
cfg_print_ustring, doc_printtime,
|
|
|
|
|
&cfg_rep_string, printtime_enums };
|
|
|
|
|
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_clausedef_t channel_clauses[] = {
|
|
|
|
|
/* Destinations. We no longer require these to be first. */
|
|
|
|
|
{ "file", &cfg_type_logfile, 0 },
|
|
|
|
|
{ "syslog", &cfg_type_optional_facility, 0 },
|
|
|
|
|
{ "null", &cfg_type_void, 0 },
|
|
|
|
|
{ "stderr", &cfg_type_void, 0 },
|
|
|
|
|
/* Options. We now accept these for the null channel, too. */
|
|
|
|
|
{ "severity", &cfg_type_logseverity, 0 },
|
2016-11-22 23:34:47 -08:00
|
|
|
{ "print-time", &cfg_type_printtime, 0 },
|
2002-01-04 02:32:16 +00:00
|
|
|
{ "print-severity", &cfg_type_boolean, 0 },
|
|
|
|
|
{ "print-category", &cfg_type_boolean, 0 },
|
2014-10-30 11:37:05 +11:00
|
|
|
{ "buffered", &cfg_type_boolean, 0 },
|
2002-01-04 02:32:16 +00:00
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
static cfg_clausedef_t *channel_clausesets[] = { channel_clauses, NULL };
|
|
|
|
|
static cfg_type_t cfg_type_channel = { "channel", cfg_parse_named_map,
|
|
|
|
|
cfg_print_map, cfg_doc_map,
|
|
|
|
|
&cfg_rep_map, channel_clausesets };
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*% A list of log destination, used in the "category" clause. */
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_type_t cfg_type_destinationlist = { "destinationlist",
|
2016-11-29 15:28:28 +11:00
|
|
|
cfg_parse_bracketed_list,
|
|
|
|
|
cfg_print_bracketed_list,
|
|
|
|
|
cfg_doc_bracketed_list,
|
|
|
|
|
&cfg_rep_list,
|
|
|
|
|
&cfg_type_astring };
|
2002-01-04 02:32:16 +00:00
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2002-01-04 02:32:16 +00:00
|
|
|
* Clauses that can be found in a 'logging' statement.
|
|
|
|
|
*/
|
2016-11-29 15:28:28 +11:00
|
|
|
static cfg_clausedef_t logging_clauses[] = {
|
2002-01-04 02:32:16 +00:00
|
|
|
{ "channel", &cfg_type_channel, CFG_CLAUSEFLAG_MULTI },
|
|
|
|
|
{ "category", &cfg_type_category, CFG_CLAUSEFLAG_MULTI },
|
|
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
2016-11-29 15:28:28 +11:00
|
|
|
static cfg_clausedef_t *logging_clausesets[] = { logging_clauses, NULL };
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_type_t cfg_type_logging = { "logging", cfg_parse_map,
|
2016-11-29 15:28:28 +11:00
|
|
|
cfg_print_map, cfg_doc_map,
|
|
|
|
|
&cfg_rep_map, logging_clausesets };
|
2002-01-04 02:32:16 +00:00
|
|
|
|
2010-07-11 00:12:57 +00:00
|
|
|
/*%
|
|
|
|
|
* For parsing an 'addzone' statement
|
|
|
|
|
*/
|
|
|
|
|
static cfg_tuplefielddef_t addzone_fields[] = {
|
|
|
|
|
{ "name", &cfg_type_astring, 0 },
|
|
|
|
|
{ "class", &cfg_type_optional_class, 0 },
|
|
|
|
|
{ "view", &cfg_type_optional_class, 0 },
|
|
|
|
|
{ "options", &cfg_type_zoneopts, 0 },
|
|
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
static cfg_type_t cfg_type_addzone = { "zone", cfg_parse_tuple,
|
2016-11-29 15:28:28 +11:00
|
|
|
cfg_print_tuple, cfg_doc_tuple,
|
|
|
|
|
&cfg_rep_tuple, addzone_fields };
|
2010-07-11 00:12:57 +00:00
|
|
|
|
|
|
|
|
static cfg_clausedef_t addzoneconf_clauses[] = {
|
2015-01-06 22:57:57 -08:00
|
|
|
{ "zone", &cfg_type_addzone, CFG_CLAUSEFLAG_MULTI }, { NULL, NULL, 0 }
|
2010-07-11 00:12:57 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_clausedef_t *addzoneconf_clausesets[] = { addzoneconf_clauses,
|
|
|
|
|
NULL };
|
|
|
|
|
|
2021-06-10 08:06:48 +02:00
|
|
|
cfg_type_t cfg_type_addzoneconf = { "addzoneconf", cfg_parse_mapbody,
|
|
|
|
|
cfg_print_mapbody, cfg_doc_mapbody,
|
|
|
|
|
&cfg_rep_map, addzoneconf_clausesets };
|
2010-07-11 00:12:57 +00:00
|
|
|
|
2002-01-04 02:32:16 +00:00
|
|
|
static isc_result_t
|
2022-11-13 11:04:30 +01:00
|
|
|
parse_unitstring(char *str, uint64_t *valuep) {
|
2002-01-04 02:32:16 +00:00
|
|
|
char *endp;
|
|
|
|
|
unsigned int len;
|
2018-03-28 14:19:37 +02:00
|
|
|
uint64_t value;
|
|
|
|
|
uint64_t unit;
|
2002-01-04 02:32:16 +00:00
|
|
|
|
2018-03-21 16:09:08 +00:00
|
|
|
value = strtoull(str, &endp, 10);
|
2002-01-04 02:32:16 +00:00
|
|
|
if (*endp == 0) {
|
|
|
|
|
*valuep = value;
|
|
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
len = strlen(str);
|
|
|
|
|
if (len < 2 || endp[1] != '\0') {
|
|
|
|
|
return (ISC_R_FAILURE);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2002-01-04 02:32:16 +00:00
|
|
|
|
|
|
|
|
switch (str[len - 1]) {
|
|
|
|
|
case 'k':
|
|
|
|
|
case 'K':
|
|
|
|
|
unit = 1024;
|
|
|
|
|
break;
|
|
|
|
|
case 'm':
|
|
|
|
|
case 'M':
|
|
|
|
|
unit = 1024 * 1024;
|
|
|
|
|
break;
|
|
|
|
|
case 'g':
|
|
|
|
|
case 'G':
|
|
|
|
|
unit = 1024 * 1024 * 1024;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
return (ISC_R_FAILURE);
|
|
|
|
|
}
|
2019-08-08 13:52:44 +10:00
|
|
|
if (value > ((uint64_t)UINT64_MAX / unit)) {
|
2002-01-04 02:32:16 +00:00
|
|
|
return (ISC_R_FAILURE);
|
2019-08-08 13:52:44 +10:00
|
|
|
}
|
2002-01-04 02:32:16 +00:00
|
|
|
*valuep = value * unit;
|
|
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static isc_result_t
|
|
|
|
|
parse_sizeval(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
|
|
|
|
|
isc_result_t result;
|
|
|
|
|
cfg_obj_t *obj = NULL;
|
2018-03-28 14:19:37 +02:00
|
|
|
uint64_t val;
|
2002-01-04 02:32:16 +00:00
|
|
|
|
|
|
|
|
UNUSED(type);
|
|
|
|
|
|
|
|
|
|
CHECK(cfg_gettoken(pctx, 0));
|
2003-04-17 03:26:58 +00:00
|
|
|
if (pctx->token.type != isc_tokentype_string) {
|
|
|
|
|
result = ISC_R_UNEXPECTEDTOKEN;
|
|
|
|
|
goto cleanup;
|
|
|
|
|
}
|
2002-01-22 19:31:57 +00:00
|
|
|
CHECK(parse_unitstring(TOKEN_STRING(pctx), &val));
|
2002-01-04 02:32:16 +00:00
|
|
|
|
|
|
|
|
CHECK(cfg_create_obj(pctx, &cfg_type_uint64, &obj));
|
|
|
|
|
obj->value.uint64 = val;
|
|
|
|
|
*ret = obj;
|
|
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
|
|
|
|
|
cleanup:
|
2016-11-29 15:28:28 +11:00
|
|
|
cfg_parser_error(pctx, CFG_LOG_NEAR,
|
|
|
|
|
"expected integer and optional unit");
|
2002-01-04 02:32:16 +00:00
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
|
2015-09-28 11:08:50 +02:00
|
|
|
static isc_result_t
|
|
|
|
|
parse_sizeval_percent(cfg_parser_t *pctx, const cfg_type_t *type,
|
|
|
|
|
cfg_obj_t **ret) {
|
|
|
|
|
char *endp;
|
|
|
|
|
isc_result_t result;
|
|
|
|
|
cfg_obj_t *obj = NULL;
|
2018-03-28 14:19:37 +02:00
|
|
|
uint64_t val;
|
|
|
|
|
uint64_t percent;
|
2015-09-28 11:08:50 +02:00
|
|
|
|
|
|
|
|
UNUSED(type);
|
|
|
|
|
|
|
|
|
|
CHECK(cfg_gettoken(pctx, 0));
|
|
|
|
|
if (pctx->token.type != isc_tokentype_string) {
|
|
|
|
|
result = ISC_R_UNEXPECTEDTOKEN;
|
|
|
|
|
goto cleanup;
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-21 16:09:08 +00:00
|
|
|
percent = strtoull(TOKEN_STRING(pctx), &endp, 10);
|
2015-09-28 11:08:50 +02:00
|
|
|
|
|
|
|
|
if (*endp == '%' && *(endp + 1) == 0) {
|
|
|
|
|
CHECK(cfg_create_obj(pctx, &cfg_type_percentage, &obj));
|
2018-03-28 14:19:37 +02:00
|
|
|
obj->value.uint32 = (uint32_t)percent;
|
2015-09-28 11:08:50 +02:00
|
|
|
*ret = obj;
|
|
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
} else {
|
|
|
|
|
CHECK(parse_unitstring(TOKEN_STRING(pctx), &val));
|
|
|
|
|
CHECK(cfg_create_obj(pctx, &cfg_type_uint64, &obj));
|
|
|
|
|
obj->value.uint64 = val;
|
|
|
|
|
*ret = obj;
|
|
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
cleanup:
|
2016-11-29 15:28:28 +11:00
|
|
|
cfg_parser_error(pctx, CFG_LOG_NEAR,
|
|
|
|
|
"expected integer and optional unit or percent");
|
2015-09-28 11:08:50 +02:00
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
doc_sizeval_percent(cfg_printer_t *pctx, const cfg_type_t *type) {
|
|
|
|
|
UNUSED(type);
|
|
|
|
|
|
|
|
|
|
cfg_print_cstr(pctx, "( ");
|
|
|
|
|
cfg_doc_terminal(pctx, &cfg_type_size);
|
|
|
|
|
cfg_print_cstr(pctx, " | ");
|
|
|
|
|
cfg_doc_terminal(pctx, &cfg_type_percentage);
|
|
|
|
|
cfg_print_cstr(pctx, " )");
|
|
|
|
|
}
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2002-01-04 02:32:16 +00:00
|
|
|
* A size value (number + optional unit).
|
|
|
|
|
*/
|
|
|
|
|
static cfg_type_t cfg_type_sizeval = { "sizeval", parse_sizeval,
|
|
|
|
|
cfg_print_uint64, cfg_doc_terminal,
|
2016-11-29 15:28:28 +11:00
|
|
|
&cfg_rep_uint64, NULL };
|
2002-01-04 02:32:16 +00:00
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2002-01-04 02:32:16 +00:00
|
|
|
* A size, "unlimited", or "default".
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
static isc_result_t
|
|
|
|
|
parse_size(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
|
2018-08-12 23:06:00 -07:00
|
|
|
return (cfg_parse_enum_or_other(pctx, type, &cfg_type_sizeval, ret));
|
2002-01-04 02:32:16 +00:00
|
|
|
}
|
|
|
|
|
|
2015-09-09 17:02:11 +10:00
|
|
|
static void
|
|
|
|
|
doc_size(cfg_printer_t *pctx, const cfg_type_t *type) {
|
2018-08-12 23:06:00 -07:00
|
|
|
cfg_doc_enum_or_other(pctx, type, &cfg_type_sizeval);
|
2015-09-09 17:02:11 +10:00
|
|
|
}
|
|
|
|
|
|
2016-11-29 15:28:28 +11:00
|
|
|
static const char *size_enums[] = { "default", "unlimited", NULL };
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_type_t cfg_type_size = {
|
2015-09-09 17:02:11 +10:00
|
|
|
"size", parse_size, cfg_print_ustring,
|
2002-01-04 02:32:16 +00:00
|
|
|
doc_size, &cfg_rep_string, size_enums
|
|
|
|
|
};
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2002-01-04 02:32:16 +00:00
|
|
|
* A size or "unlimited", but not "default".
|
|
|
|
|
*/
|
|
|
|
|
static const char *sizenodefault_enums[] = { "unlimited", NULL };
|
|
|
|
|
static cfg_type_t cfg_type_sizenodefault = {
|
2015-09-28 11:08:50 +02:00
|
|
|
"size_no_default", parse_size, cfg_print_ustring,
|
2002-01-04 02:32:16 +00:00
|
|
|
doc_size, &cfg_rep_string, sizenodefault_enums
|
|
|
|
|
};
|
|
|
|
|
|
2015-09-28 11:08:50 +02:00
|
|
|
/*%
|
|
|
|
|
* A size in absolute values or percents.
|
|
|
|
|
*/
|
|
|
|
|
static cfg_type_t cfg_type_sizeval_percent = {
|
|
|
|
|
"sizeval_percent", parse_sizeval_percent, cfg_print_ustring,
|
|
|
|
|
doc_sizeval_percent, &cfg_rep_string, NULL
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/*%
|
|
|
|
|
* A size in absolute values or percents, or "unlimited", or "default"
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
static isc_result_t
|
|
|
|
|
parse_size_or_percent(cfg_parser_t *pctx, const cfg_type_t *type,
|
|
|
|
|
cfg_obj_t **ret) {
|
2018-08-12 23:06:00 -07:00
|
|
|
return (cfg_parse_enum_or_other(pctx, type, &cfg_type_sizeval_percent,
|
2015-09-28 11:08:50 +02:00
|
|
|
ret));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
doc_parse_size_or_percent(cfg_printer_t *pctx, const cfg_type_t *type) {
|
2018-08-12 23:06:00 -07:00
|
|
|
UNUSED(type);
|
|
|
|
|
cfg_print_cstr(pctx, "( default | unlimited | ");
|
|
|
|
|
cfg_doc_terminal(pctx, &cfg_type_sizeval);
|
|
|
|
|
cfg_print_cstr(pctx, " | ");
|
|
|
|
|
cfg_doc_terminal(pctx, &cfg_type_percentage);
|
|
|
|
|
cfg_print_cstr(pctx, " )");
|
2015-09-28 11:08:50 +02:00
|
|
|
}
|
|
|
|
|
|
2016-11-29 15:28:28 +11:00
|
|
|
static const char *sizeorpercent_enums[] = { "default", "unlimited", NULL };
|
2015-09-28 11:08:50 +02:00
|
|
|
static cfg_type_t cfg_type_sizeorpercent = {
|
|
|
|
|
"size_or_percent", parse_size_or_percent, cfg_print_ustring,
|
|
|
|
|
doc_parse_size_or_percent, &cfg_rep_string, sizeorpercent_enums
|
|
|
|
|
};
|
|
|
|
|
|
2020-02-21 10:53:08 -08:00
|
|
|
/*%
|
|
|
|
|
* An IXFR size ratio: percentage, or "unlimited".
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
static isc_result_t
|
|
|
|
|
parse_ixfrratio(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
|
|
|
|
|
return (cfg_parse_enum_or_other(pctx, type, &cfg_type_percentage, ret));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
doc_ixfrratio(cfg_printer_t *pctx, const cfg_type_t *type) {
|
|
|
|
|
UNUSED(type);
|
|
|
|
|
cfg_print_cstr(pctx, "( unlimited | ");
|
|
|
|
|
cfg_doc_terminal(pctx, &cfg_type_percentage);
|
|
|
|
|
cfg_print_cstr(pctx, " )");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static const char *ixfrratio_enums[] = { "unlimited", NULL };
|
|
|
|
|
static cfg_type_t cfg_type_ixfrratio = { "ixfr_ratio", parse_ixfrratio,
|
|
|
|
|
NULL, doc_ixfrratio,
|
|
|
|
|
NULL, ixfrratio_enums };
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2002-01-04 02:32:16 +00:00
|
|
|
* optional_keyvalue
|
|
|
|
|
*/
|
|
|
|
|
static isc_result_t
|
|
|
|
|
parse_maybe_optional_keyvalue(cfg_parser_t *pctx, const cfg_type_t *type,
|
2018-04-17 08:29:14 -07:00
|
|
|
bool optional, cfg_obj_t **ret) {
|
2008-01-18 23:46:58 +00:00
|
|
|
isc_result_t result;
|
2002-01-04 02:32:16 +00:00
|
|
|
cfg_obj_t *obj = NULL;
|
|
|
|
|
const keyword_type_t *kw = type->of;
|
|
|
|
|
|
|
|
|
|
CHECK(cfg_peektoken(pctx, 0));
|
|
|
|
|
if (pctx->token.type == isc_tokentype_string &&
|
2002-01-22 19:31:57 +00:00
|
|
|
strcasecmp(TOKEN_STRING(pctx), kw->name) == 0)
|
|
|
|
|
{
|
2002-01-04 02:32:16 +00:00
|
|
|
CHECK(cfg_gettoken(pctx, 0));
|
|
|
|
|
CHECK(kw->type->parse(pctx, kw->type, &obj));
|
|
|
|
|
obj->type = type; /* XXX kludge */
|
|
|
|
|
} else {
|
|
|
|
|
if (optional) {
|
|
|
|
|
CHECK(cfg_parse_void(pctx, NULL, &obj));
|
|
|
|
|
} else {
|
|
|
|
|
cfg_parser_error(pctx, CFG_LOG_NEAR, "expected '%s'",
|
|
|
|
|
kw->name);
|
|
|
|
|
result = ISC_R_UNEXPECTEDTOKEN;
|
|
|
|
|
goto cleanup;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
*ret = obj;
|
|
|
|
|
cleanup:
|
|
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static isc_result_t
|
|
|
|
|
parse_keyvalue(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
|
2018-04-17 08:29:14 -07:00
|
|
|
return (parse_maybe_optional_keyvalue(pctx, type, false, ret));
|
2002-01-04 02:32:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static isc_result_t
|
2013-03-22 12:27:54 -07:00
|
|
|
parse_optional_keyvalue(cfg_parser_t *pctx, const cfg_type_t *type,
|
|
|
|
|
cfg_obj_t **ret) {
|
2018-04-17 08:29:14 -07:00
|
|
|
return (parse_maybe_optional_keyvalue(pctx, type, true, ret));
|
2002-01-04 02:32:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
2006-02-28 02:39:52 +00:00
|
|
|
print_keyvalue(cfg_printer_t *pctx, const cfg_obj_t *obj) {
|
2002-01-04 02:32:16 +00:00
|
|
|
const keyword_type_t *kw = obj->type->of;
|
|
|
|
|
cfg_print_cstr(pctx, kw->name);
|
2015-01-06 22:57:57 -08:00
|
|
|
cfg_print_cstr(pctx, " ");
|
2002-01-04 02:32:16 +00:00
|
|
|
kw->type->print(pctx, obj);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
doc_keyvalue(cfg_printer_t *pctx, const cfg_type_t *type) {
|
|
|
|
|
const keyword_type_t *kw = type->of;
|
|
|
|
|
cfg_print_cstr(pctx, kw->name);
|
2015-01-06 22:57:57 -08:00
|
|
|
cfg_print_cstr(pctx, " ");
|
2002-01-04 02:32:16 +00:00
|
|
|
cfg_doc_obj(pctx, kw->type);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
doc_optional_keyvalue(cfg_printer_t *pctx, const cfg_type_t *type) {
|
|
|
|
|
const keyword_type_t *kw = type->of;
|
2015-01-06 22:57:57 -08:00
|
|
|
cfg_print_cstr(pctx, "[ ");
|
2002-01-04 02:32:16 +00:00
|
|
|
cfg_print_cstr(pctx, kw->name);
|
2015-01-06 22:57:57 -08:00
|
|
|
cfg_print_cstr(pctx, " ");
|
2002-01-04 02:32:16 +00:00
|
|
|
cfg_doc_obj(pctx, kw->type);
|
2015-01-06 22:57:57 -08:00
|
|
|
cfg_print_cstr(pctx, " ]");
|
2002-01-04 02:32:16 +00:00
|
|
|
}
|
|
|
|
|
|
2016-11-29 15:28:28 +11:00
|
|
|
static const char *dialup_enums[] = { "notify", "notify-passive", "passive",
|
|
|
|
|
"refresh", NULL };
|
2002-01-04 02:32:16 +00:00
|
|
|
static isc_result_t
|
2016-11-29 15:28:28 +11:00
|
|
|
parse_dialup_type(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
|
2018-08-12 23:06:00 -07:00
|
|
|
return (cfg_parse_enum_or_other(pctx, type, &cfg_type_boolean, ret));
|
2002-01-04 02:32:16 +00:00
|
|
|
}
|
2015-09-09 17:02:11 +10:00
|
|
|
static void
|
|
|
|
|
doc_dialup_type(cfg_printer_t *pctx, const cfg_type_t *type) {
|
2018-08-12 23:06:00 -07:00
|
|
|
cfg_doc_enum_or_other(pctx, type, &cfg_type_boolean);
|
2015-09-09 17:02:11 +10:00
|
|
|
}
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_type_t cfg_type_dialuptype = { "dialuptype", parse_dialup_type,
|
2015-09-09 17:02:11 +10:00
|
|
|
cfg_print_ustring, doc_dialup_type,
|
2002-01-04 02:32:16 +00:00
|
|
|
&cfg_rep_string, dialup_enums };
|
|
|
|
|
|
2020-06-17 02:45:07 -07:00
|
|
|
static const char *notify_enums[] = { "explicit", "master-only", "primary-only",
|
|
|
|
|
NULL };
|
2002-01-04 02:32:16 +00:00
|
|
|
static isc_result_t
|
2016-11-29 15:28:28 +11:00
|
|
|
parse_notify_type(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
|
2018-08-12 23:06:00 -07:00
|
|
|
return (cfg_parse_enum_or_other(pctx, type, &cfg_type_boolean, ret));
|
2002-01-04 02:32:16 +00:00
|
|
|
}
|
2015-09-09 17:02:11 +10:00
|
|
|
static void
|
|
|
|
|
doc_notify_type(cfg_printer_t *pctx, const cfg_type_t *type) {
|
2018-08-12 23:06:00 -07:00
|
|
|
cfg_doc_enum_or_other(pctx, type, &cfg_type_boolean);
|
2015-09-09 17:02:11 +10:00
|
|
|
}
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_type_t cfg_type_notifytype = {
|
2015-09-09 17:02:11 +10:00
|
|
|
"notifytype", parse_notify_type, cfg_print_ustring,
|
2008-01-18 23:46:58 +00:00
|
|
|
doc_notify_type, &cfg_rep_string, notify_enums,
|
2002-01-04 02:32:16 +00:00
|
|
|
};
|
|
|
|
|
|
2016-08-12 10:48:51 +10:00
|
|
|
static const char *minimal_enums[] = { "no-auth", "no-auth-recursive", NULL };
|
|
|
|
|
static isc_result_t
|
|
|
|
|
parse_minimal(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
|
2018-08-12 23:06:00 -07:00
|
|
|
return (cfg_parse_enum_or_other(pctx, type, &cfg_type_boolean, ret));
|
2016-08-12 10:48:51 +10:00
|
|
|
}
|
|
|
|
|
static void
|
|
|
|
|
doc_minimal(cfg_printer_t *pctx, const cfg_type_t *type) {
|
2018-08-12 23:06:00 -07:00
|
|
|
cfg_doc_enum_or_other(pctx, type, &cfg_type_boolean);
|
2016-08-12 10:48:51 +10:00
|
|
|
}
|
|
|
|
|
static cfg_type_t cfg_type_minimal = {
|
|
|
|
|
"minimal", parse_minimal, cfg_print_ustring,
|
|
|
|
|
doc_minimal, &cfg_rep_string, minimal_enums,
|
|
|
|
|
};
|
|
|
|
|
|
2017-12-15 01:47:05 -08:00
|
|
|
static const char *ixfrdiff_enums[] = { "primary", "master", "secondary",
|
|
|
|
|
"slave", NULL };
|
2004-10-14 00:49:34 +00:00
|
|
|
static isc_result_t
|
2015-09-09 17:02:11 +10:00
|
|
|
parse_ixfrdiff_type(cfg_parser_t *pctx, const cfg_type_t *type,
|
|
|
|
|
cfg_obj_t **ret) {
|
2018-08-12 23:06:00 -07:00
|
|
|
return (cfg_parse_enum_or_other(pctx, type, &cfg_type_boolean, ret));
|
2004-10-14 00:49:34 +00:00
|
|
|
}
|
2015-09-09 17:02:11 +10:00
|
|
|
static void
|
|
|
|
|
doc_ixfrdiff_type(cfg_printer_t *pctx, const cfg_type_t *type) {
|
2018-08-12 23:06:00 -07:00
|
|
|
cfg_doc_enum_or_other(pctx, type, &cfg_type_boolean);
|
2015-09-09 17:02:11 +10:00
|
|
|
}
|
2004-10-14 00:49:34 +00:00
|
|
|
static cfg_type_t cfg_type_ixfrdifftype = {
|
2015-09-09 17:02:11 +10:00
|
|
|
"ixfrdiff", parse_ixfrdiff_type, cfg_print_ustring,
|
2008-01-18 23:46:58 +00:00
|
|
|
doc_ixfrdiff_type, &cfg_rep_string, ixfrdiff_enums,
|
2004-10-14 00:49:34 +00:00
|
|
|
};
|
|
|
|
|
|
2002-01-04 02:32:16 +00:00
|
|
|
static keyword_type_t key_kw = { "key", &cfg_type_astring };
|
|
|
|
|
|
2021-06-10 08:06:48 +02:00
|
|
|
cfg_type_t cfg_type_keyref = { "keyref", parse_keyvalue, print_keyvalue,
|
|
|
|
|
doc_keyvalue, &cfg_rep_string, &key_kw };
|
2002-01-04 02:32:16 +00:00
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_optional_keyref = {
|
|
|
|
|
"optional_keyref", parse_optional_keyvalue, print_keyvalue,
|
|
|
|
|
doc_optional_keyvalue, &cfg_rep_string, &key_kw
|
|
|
|
|
};
|
|
|
|
|
|
2018-05-11 12:27:56 +02:00
|
|
|
static const char *qminmethod_enums[] = { "strict", "relaxed", "disabled",
|
2018-06-12 10:20:43 +02:00
|
|
|
"off", NULL };
|
2018-05-11 12:27:56 +02:00
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_qminmethod = { "qminmethod", cfg_parse_enum,
|
|
|
|
|
cfg_print_ustring, cfg_doc_enum,
|
|
|
|
|
&cfg_rep_string, qminmethod_enums };
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2002-01-04 02:32:16 +00:00
|
|
|
* A "controls" statement is represented as a map with the multivalued
|
2008-01-18 23:46:58 +00:00
|
|
|
* "inet" and "unix" clauses.
|
2002-01-04 02:32:16 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
static keyword_type_t controls_allow_kw = { "allow", &cfg_type_bracketed_aml };
|
2005-02-23 01:09:23 +00:00
|
|
|
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_type_t cfg_type_controls_allow = {
|
|
|
|
|
"controls_allow", parse_keyvalue, print_keyvalue,
|
|
|
|
|
doc_keyvalue, &cfg_rep_list, &controls_allow_kw
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static keyword_type_t controls_keys_kw = { "keys", &cfg_type_keylist };
|
2005-02-23 01:09:23 +00:00
|
|
|
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_type_t cfg_type_controls_keys = {
|
|
|
|
|
"controls_keys", parse_optional_keyvalue, print_keyvalue,
|
|
|
|
|
doc_optional_keyvalue, &cfg_rep_list, &controls_keys_kw
|
|
|
|
|
};
|
|
|
|
|
|
2015-11-11 13:29:38 +05:30
|
|
|
static keyword_type_t controls_readonly_kw = { "read-only", &cfg_type_boolean };
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_controls_readonly = {
|
|
|
|
|
"controls_readonly", parse_optional_keyvalue, print_keyvalue,
|
|
|
|
|
doc_optional_keyvalue, &cfg_rep_boolean, &controls_readonly_kw
|
|
|
|
|
};
|
|
|
|
|
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_tuplefielddef_t inetcontrol_fields[] = {
|
|
|
|
|
{ "address", &cfg_type_controls_sockaddr, 0 },
|
|
|
|
|
{ "allow", &cfg_type_controls_allow, 0 },
|
|
|
|
|
{ "keys", &cfg_type_controls_keys, 0 },
|
2015-11-11 13:29:38 +05:30
|
|
|
{ "read-only", &cfg_type_controls_readonly, 0 },
|
2002-01-04 02:32:16 +00:00
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
2005-02-23 01:09:23 +00:00
|
|
|
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_type_t cfg_type_inetcontrol = {
|
2016-11-29 15:28:28 +11:00
|
|
|
"inetcontrol", cfg_parse_tuple, cfg_print_tuple,
|
|
|
|
|
cfg_doc_tuple, &cfg_rep_tuple, inetcontrol_fields
|
2002-01-04 02:32:16 +00:00
|
|
|
};
|
|
|
|
|
|
2005-02-23 01:09:23 +00:00
|
|
|
static keyword_type_t controls_perm_kw = { "perm", &cfg_type_uint32 };
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_controls_perm = {
|
|
|
|
|
"controls_perm", parse_keyvalue, print_keyvalue,
|
|
|
|
|
doc_keyvalue, &cfg_rep_uint32, &controls_perm_kw
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static keyword_type_t controls_owner_kw = { "owner", &cfg_type_uint32 };
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_controls_owner = {
|
|
|
|
|
"controls_owner", parse_keyvalue, print_keyvalue,
|
|
|
|
|
doc_keyvalue, &cfg_rep_uint32, &controls_owner_kw
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static keyword_type_t controls_group_kw = { "group", &cfg_type_uint32 };
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_controls_group = {
|
|
|
|
|
"controls_allow", parse_keyvalue, print_keyvalue,
|
|
|
|
|
doc_keyvalue, &cfg_rep_uint32, &controls_group_kw
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_tuplefielddef_t unixcontrol_fields[] = {
|
|
|
|
|
{ "path", &cfg_type_qstring, 0 },
|
|
|
|
|
{ "perm", &cfg_type_controls_perm, 0 },
|
|
|
|
|
{ "owner", &cfg_type_controls_owner, 0 },
|
|
|
|
|
{ "group", &cfg_type_controls_group, 0 },
|
|
|
|
|
{ "keys", &cfg_type_controls_keys, 0 },
|
2015-11-11 13:29:38 +05:30
|
|
|
{ "read-only", &cfg_type_controls_readonly, 0 },
|
2005-02-23 01:09:23 +00:00
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_unixcontrol = {
|
2016-11-29 15:28:28 +11:00
|
|
|
"unixcontrol", cfg_parse_tuple, cfg_print_tuple,
|
|
|
|
|
cfg_doc_tuple, &cfg_rep_tuple, unixcontrol_fields
|
2005-02-23 01:09:23 +00:00
|
|
|
};
|
|
|
|
|
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_clausedef_t controls_clauses[] = {
|
|
|
|
|
{ "inet", &cfg_type_inetcontrol, CFG_CLAUSEFLAG_MULTI },
|
2005-02-23 01:09:23 +00:00
|
|
|
{ "unix", &cfg_type_unixcontrol, CFG_CLAUSEFLAG_MULTI },
|
2002-01-04 02:32:16 +00:00
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
2004-06-04 02:31:43 +00:00
|
|
|
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_clausedef_t *controls_clausesets[] = { controls_clauses, NULL };
|
|
|
|
|
static cfg_type_t cfg_type_controls = { "controls", cfg_parse_map,
|
2016-11-29 15:28:28 +11:00
|
|
|
cfg_print_map, cfg_doc_map,
|
|
|
|
|
&cfg_rep_map, &controls_clausesets };
|
2002-01-04 02:32:16 +00:00
|
|
|
|
2008-01-17 00:15:14 +00:00
|
|
|
/*%
|
|
|
|
|
* A "statistics-channels" statement is represented as a map with the
|
2008-01-18 23:46:58 +00:00
|
|
|
* multivalued "inet" clauses.
|
2008-01-17 00:15:14 +00:00
|
|
|
*/
|
|
|
|
|
static void
|
|
|
|
|
doc_optional_bracketed_list(cfg_printer_t *pctx, const cfg_type_t *type) {
|
|
|
|
|
const keyword_type_t *kw = type->of;
|
2015-01-06 22:57:57 -08:00
|
|
|
cfg_print_cstr(pctx, "[ ");
|
2008-01-17 21:38:24 +00:00
|
|
|
cfg_print_cstr(pctx, kw->name);
|
2015-01-06 22:57:57 -08:00
|
|
|
cfg_print_cstr(pctx, " ");
|
2008-01-17 00:15:14 +00:00
|
|
|
cfg_doc_obj(pctx, kw->type);
|
2015-01-06 22:57:57 -08:00
|
|
|
cfg_print_cstr(pctx, " ]");
|
2008-01-17 00:15:14 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_optional_allow = {
|
|
|
|
|
"optional_allow", parse_optional_keyvalue,
|
|
|
|
|
print_keyvalue, doc_optional_bracketed_list,
|
|
|
|
|
&cfg_rep_list, &controls_allow_kw
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_tuplefielddef_t statserver_fields[] = {
|
|
|
|
|
{ "address", &cfg_type_controls_sockaddr, 0 }, /* reuse controls def */
|
|
|
|
|
{ "allow", &cfg_type_optional_allow, 0 },
|
|
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_statschannel = {
|
|
|
|
|
"statschannel", cfg_parse_tuple, cfg_print_tuple,
|
|
|
|
|
cfg_doc_tuple, &cfg_rep_tuple, statserver_fields
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_clausedef_t statservers_clauses[] = {
|
|
|
|
|
{ "inet", &cfg_type_statschannel, CFG_CLAUSEFLAG_MULTI },
|
|
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_clausedef_t *statservers_clausesets[] = { statservers_clauses,
|
|
|
|
|
NULL };
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_statschannels = {
|
|
|
|
|
"statistics-channels", cfg_parse_map, cfg_print_map,
|
|
|
|
|
cfg_doc_map, &cfg_rep_map, &statservers_clausesets
|
|
|
|
|
};
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2002-01-04 02:32:16 +00:00
|
|
|
* An optional class, as used in view and zone statements.
|
|
|
|
|
*/
|
|
|
|
|
static isc_result_t
|
2013-02-27 17:19:39 -08:00
|
|
|
parse_optional_class(cfg_parser_t *pctx, const cfg_type_t *type,
|
|
|
|
|
cfg_obj_t **ret) {
|
2002-01-04 02:32:16 +00:00
|
|
|
isc_result_t result;
|
|
|
|
|
UNUSED(type);
|
|
|
|
|
CHECK(cfg_peektoken(pctx, 0));
|
|
|
|
|
if (pctx->token.type == isc_tokentype_string) {
|
|
|
|
|
CHECK(cfg_parse_obj(pctx, &cfg_type_ustring, ret));
|
|
|
|
|
} else {
|
|
|
|
|
CHECK(cfg_parse_obj(pctx, &cfg_type_void, ret));
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2002-01-04 02:32:16 +00:00
|
|
|
cleanup:
|
|
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
|
2015-09-18 13:25:31 +10:00
|
|
|
static void
|
|
|
|
|
doc_optional_class(cfg_printer_t *pctx, const cfg_type_t *type) {
|
|
|
|
|
UNUSED(type);
|
|
|
|
|
cfg_print_cstr(pctx, "[ <class> ]");
|
|
|
|
|
}
|
|
|
|
|
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_type_t cfg_type_optional_class = { "optional_class",
|
2015-09-18 13:25:31 +10:00
|
|
|
parse_optional_class,
|
|
|
|
|
NULL,
|
|
|
|
|
doc_optional_class,
|
2002-01-04 02:32:16 +00:00
|
|
|
NULL,
|
|
|
|
|
NULL };
|
|
|
|
|
|
|
|
|
|
static isc_result_t
|
2016-11-29 15:28:28 +11:00
|
|
|
parse_querysource(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
|
2002-01-04 02:32:16 +00:00
|
|
|
isc_result_t result;
|
|
|
|
|
cfg_obj_t *obj = NULL;
|
|
|
|
|
isc_netaddr_t netaddr;
|
2013-03-22 12:27:54 -07:00
|
|
|
in_port_t port = 0;
|
2002-01-04 02:32:16 +00:00
|
|
|
unsigned int have_address = 0;
|
|
|
|
|
unsigned int have_port = 0;
|
2022-12-08 10:57:37 +00:00
|
|
|
unsigned int have_tls = 0;
|
2004-03-30 02:05:40 +00:00
|
|
|
const unsigned int *flagp = type->of;
|
2002-01-04 02:32:16 +00:00
|
|
|
|
2018-11-07 15:00:07 +07:00
|
|
|
if ((*flagp & CFG_ADDR_V4OK) != 0) {
|
2002-01-04 02:32:16 +00:00
|
|
|
isc_netaddr_any(&netaddr);
|
2018-11-07 15:00:07 +07:00
|
|
|
} else if ((*flagp & CFG_ADDR_V6OK) != 0) {
|
2002-01-04 02:32:16 +00:00
|
|
|
isc_netaddr_any6(&netaddr);
|
2018-11-07 15:00:07 +07:00
|
|
|
} else {
|
2021-10-11 12:50:17 +02:00
|
|
|
UNREACHABLE();
|
2018-11-07 15:00:07 +07:00
|
|
|
}
|
2002-01-04 02:32:16 +00:00
|
|
|
|
|
|
|
|
for (;;) {
|
|
|
|
|
CHECK(cfg_peektoken(pctx, 0));
|
|
|
|
|
if (pctx->token.type == isc_tokentype_string) {
|
2002-01-22 19:31:57 +00:00
|
|
|
if (strcasecmp(TOKEN_STRING(pctx), "address") == 0) {
|
2002-01-04 02:32:16 +00:00
|
|
|
/* read "address" */
|
2008-01-18 23:46:58 +00:00
|
|
|
CHECK(cfg_gettoken(pctx, 0));
|
2004-03-30 02:05:40 +00:00
|
|
|
CHECK(cfg_parse_rawaddr(pctx, *flagp,
|
2002-01-22 19:31:57 +00:00
|
|
|
&netaddr));
|
2002-01-04 02:32:16 +00:00
|
|
|
have_address++;
|
2002-01-22 19:31:57 +00:00
|
|
|
} else if (strcasecmp(TOKEN_STRING(pctx), "port") == 0)
|
|
|
|
|
{
|
2002-01-04 02:32:16 +00:00
|
|
|
/* read "port" */
|
2023-01-06 17:01:06 -08:00
|
|
|
if ((pctx->flags & CFG_PCTX_NODEPRECATED) == 0)
|
|
|
|
|
{
|
|
|
|
|
cfg_parser_warning(
|
|
|
|
|
pctx, 0,
|
|
|
|
|
"token 'port' is deprecated");
|
|
|
|
|
}
|
2008-01-18 23:46:58 +00:00
|
|
|
CHECK(cfg_gettoken(pctx, 0));
|
2002-01-22 19:31:57 +00:00
|
|
|
CHECK(cfg_parse_rawport(pctx, CFG_ADDR_WILDOK,
|
|
|
|
|
&port));
|
2002-01-04 02:32:16 +00:00
|
|
|
have_port++;
|
2022-12-08 10:57:37 +00:00
|
|
|
} else if (strcasecmp(TOKEN_STRING(pctx), "tls") == 0) {
|
|
|
|
|
/* We do not expect TLS here, not parsing. */
|
|
|
|
|
++have_tls;
|
|
|
|
|
} else if (have_port == 0 && have_tls == 0 &&
|
|
|
|
|
have_address == 0)
|
|
|
|
|
{
|
2004-03-30 02:05:40 +00:00
|
|
|
return (cfg_parse_sockaddr(pctx, type, ret));
|
2002-01-04 02:32:16 +00:00
|
|
|
} else {
|
|
|
|
|
cfg_parser_error(pctx, CFG_LOG_NEAR,
|
2023-01-05 22:18:55 -08:00
|
|
|
"expected 'address' "
|
|
|
|
|
"or 'port'");
|
2002-01-04 02:32:16 +00:00
|
|
|
return (ISC_R_UNEXPECTEDTOKEN);
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
break;
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2002-01-04 02:32:16 +00:00
|
|
|
}
|
2022-12-08 10:57:37 +00:00
|
|
|
|
2002-01-04 02:32:16 +00:00
|
|
|
if (have_address > 1 || have_port > 1 || have_address + have_port == 0)
|
|
|
|
|
{
|
|
|
|
|
cfg_parser_error(pctx, 0, "expected one address and/or port");
|
|
|
|
|
return (ISC_R_UNEXPECTEDTOKEN);
|
|
|
|
|
}
|
|
|
|
|
|
2022-12-08 10:57:37 +00:00
|
|
|
if (have_tls > 0) {
|
|
|
|
|
cfg_parser_error(pctx, 0, "unexpected tls");
|
|
|
|
|
return (ISC_R_UNEXPECTEDTOKEN);
|
|
|
|
|
}
|
|
|
|
|
|
2004-03-30 02:05:40 +00:00
|
|
|
CHECK(cfg_create_obj(pctx, &cfg_type_querysource, &obj));
|
2002-01-04 02:32:16 +00:00
|
|
|
isc_sockaddr_fromnetaddr(&obj->value.sockaddr, &netaddr, port);
|
|
|
|
|
*ret = obj;
|
|
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
|
|
|
|
|
cleanup:
|
|
|
|
|
cfg_parser_error(pctx, CFG_LOG_NEAR, "invalid query source");
|
|
|
|
|
CLEANUP_OBJ(obj);
|
|
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
2006-02-28 02:39:52 +00:00
|
|
|
print_querysource(cfg_printer_t *pctx, const cfg_obj_t *obj) {
|
2002-01-04 02:32:16 +00:00
|
|
|
isc_netaddr_t na;
|
|
|
|
|
isc_netaddr_fromsockaddr(&na, &obj->value.sockaddr);
|
2010-05-13 03:16:55 +00:00
|
|
|
cfg_print_cstr(pctx, "address ");
|
2002-01-04 02:32:16 +00:00
|
|
|
cfg_print_rawaddr(pctx, &na);
|
2010-05-13 03:16:55 +00:00
|
|
|
cfg_print_cstr(pctx, " port ");
|
2002-01-04 02:32:16 +00:00
|
|
|
cfg_print_rawuint(pctx, isc_sockaddr_getport(&obj->value.sockaddr));
|
|
|
|
|
}
|
|
|
|
|
|
2016-12-02 11:16:08 +05:30
|
|
|
static void
|
|
|
|
|
doc_querysource(cfg_printer_t *pctx, const cfg_type_t *type) {
|
|
|
|
|
const unsigned int *flagp = type->of;
|
|
|
|
|
|
2023-01-06 17:01:06 -08:00
|
|
|
cfg_print_cstr(pctx, "[ address ] ( ");
|
2018-10-11 11:57:57 +02:00
|
|
|
if ((*flagp & CFG_ADDR_V4OK) != 0) {
|
2016-12-02 11:16:08 +05:30
|
|
|
cfg_print_cstr(pctx, "<ipv4_address>");
|
2018-10-11 11:57:57 +02:00
|
|
|
} else if ((*flagp & CFG_ADDR_V6OK) != 0) {
|
2016-12-02 11:16:08 +05:30
|
|
|
cfg_print_cstr(pctx, "<ipv6_address>");
|
2018-10-11 11:57:57 +02:00
|
|
|
} else {
|
2021-10-11 12:50:17 +02:00
|
|
|
UNREACHABLE();
|
2018-10-11 11:57:57 +02:00
|
|
|
}
|
2023-01-06 17:01:06 -08:00
|
|
|
cfg_print_cstr(pctx, " | * )");
|
2016-12-02 11:16:08 +05:30
|
|
|
}
|
|
|
|
|
|
2023-01-09 16:57:41 -08:00
|
|
|
static unsigned int sockaddr4wild_flags = CFG_ADDR_WILDOK | CFG_ADDR_V4OK;
|
|
|
|
|
static unsigned int sockaddr6wild_flags = CFG_ADDR_WILDOK | CFG_ADDR_V6OK;
|
2006-12-21 06:03:37 +00:00
|
|
|
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_type_t cfg_type_querysource4 = {
|
2016-12-02 11:16:08 +05:30
|
|
|
"querysource4", parse_querysource, NULL, doc_querysource,
|
2004-03-30 02:05:40 +00:00
|
|
|
NULL, &sockaddr4wild_flags
|
2002-01-04 02:32:16 +00:00
|
|
|
};
|
2004-03-30 02:05:40 +00:00
|
|
|
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_type_t cfg_type_querysource6 = {
|
2016-12-02 11:16:08 +05:30
|
|
|
"querysource6", parse_querysource, NULL, doc_querysource,
|
2004-03-30 02:05:40 +00:00
|
|
|
NULL, &sockaddr6wild_flags
|
2002-01-04 02:32:16 +00:00
|
|
|
};
|
2004-03-30 02:05:40 +00:00
|
|
|
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_type_t cfg_type_querysource = { "querysource", NULL,
|
2004-03-30 02:05:40 +00:00
|
|
|
print_querysource, NULL,
|
|
|
|
|
&cfg_rep_sockaddr, NULL };
|
2002-01-04 02:32:16 +00:00
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2002-01-04 02:32:16 +00:00
|
|
|
* The socket address syntax in the "controls" statement is silly.
|
|
|
|
|
* It allows both socket address families, but also allows "*",
|
|
|
|
|
* which is gratuitously interpreted as the IPv4 wildcard address.
|
|
|
|
|
*/
|
|
|
|
|
static unsigned int controls_sockaddr_flags = CFG_ADDR_V4OK | CFG_ADDR_V6OK |
|
2023-01-06 17:01:06 -08:00
|
|
|
CFG_ADDR_WILDOK | CFG_ADDR_PORTOK;
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_type_t cfg_type_controls_sockaddr = {
|
|
|
|
|
"controls_sockaddr", cfg_parse_sockaddr, cfg_print_sockaddr,
|
|
|
|
|
cfg_doc_sockaddr, &cfg_rep_sockaddr, &controls_sockaddr_flags
|
|
|
|
|
};
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2002-01-04 02:32:16 +00:00
|
|
|
* Handle the special kludge syntax of the "keys" clause in the "server"
|
|
|
|
|
* statement, which takes a single key with or without braces and semicolon.
|
|
|
|
|
*/
|
|
|
|
|
static isc_result_t
|
2011-03-11 06:11:27 +00:00
|
|
|
parse_server_key_kludge(cfg_parser_t *pctx, const cfg_type_t *type,
|
|
|
|
|
cfg_obj_t **ret) {
|
2002-01-04 02:32:16 +00:00
|
|
|
isc_result_t result;
|
2018-04-17 08:29:14 -07:00
|
|
|
bool braces = false;
|
2002-01-04 02:32:16 +00:00
|
|
|
UNUSED(type);
|
|
|
|
|
|
|
|
|
|
/* Allow opening brace. */
|
|
|
|
|
CHECK(cfg_peektoken(pctx, 0));
|
|
|
|
|
if (pctx->token.type == isc_tokentype_special &&
|
|
|
|
|
pctx->token.value.as_char == '{')
|
|
|
|
|
{
|
2011-03-11 06:11:27 +00:00
|
|
|
CHECK(cfg_gettoken(pctx, 0));
|
2018-04-17 08:29:14 -07:00
|
|
|
braces = true;
|
2002-01-04 02:32:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
CHECK(cfg_parse_obj(pctx, &cfg_type_astring, ret));
|
|
|
|
|
|
|
|
|
|
if (braces) {
|
|
|
|
|
/* Skip semicolon if present. */
|
|
|
|
|
CHECK(cfg_peektoken(pctx, 0));
|
|
|
|
|
if (pctx->token.type == isc_tokentype_special &&
|
|
|
|
|
pctx->token.value.as_char == ';')
|
|
|
|
|
{
|
|
|
|
|
CHECK(cfg_gettoken(pctx, 0));
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2002-01-04 02:32:16 +00:00
|
|
|
|
|
|
|
|
CHECK(cfg_parse_special(pctx, '}'));
|
|
|
|
|
}
|
|
|
|
|
cleanup:
|
|
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
static cfg_type_t cfg_type_server_key_kludge = {
|
|
|
|
|
"server_key", parse_server_key_kludge, NULL, cfg_doc_terminal, NULL,
|
|
|
|
|
NULL
|
|
|
|
|
};
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2002-01-04 02:32:16 +00:00
|
|
|
* An optional logging facility.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
static isc_result_t
|
2016-11-29 15:28:28 +11:00
|
|
|
parse_optional_facility(cfg_parser_t *pctx, const cfg_type_t *type,
|
|
|
|
|
cfg_obj_t **ret) {
|
2002-01-04 02:32:16 +00:00
|
|
|
isc_result_t result;
|
|
|
|
|
UNUSED(type);
|
|
|
|
|
|
|
|
|
|
CHECK(cfg_peektoken(pctx, CFG_LEXOPT_QSTRING));
|
|
|
|
|
if (pctx->token.type == isc_tokentype_string ||
|
|
|
|
|
pctx->token.type == isc_tokentype_qstring)
|
|
|
|
|
{
|
|
|
|
|
CHECK(cfg_parse_obj(pctx, &cfg_type_astring, ret));
|
|
|
|
|
} else {
|
|
|
|
|
CHECK(cfg_parse_obj(pctx, &cfg_type_void, ret));
|
|
|
|
|
}
|
|
|
|
|
cleanup:
|
|
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
|
2015-09-18 13:12:50 +10:00
|
|
|
static void
|
|
|
|
|
doc_optional_facility(cfg_printer_t *pctx, const cfg_type_t *type) {
|
|
|
|
|
UNUSED(type);
|
|
|
|
|
cfg_print_cstr(pctx, "[ <syslog_facility> ]");
|
|
|
|
|
}
|
|
|
|
|
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_type_t cfg_type_optional_facility = { "optional_facility",
|
2015-09-18 13:12:50 +10:00
|
|
|
parse_optional_facility,
|
2016-11-29 15:28:28 +11:00
|
|
|
NULL,
|
|
|
|
|
doc_optional_facility,
|
|
|
|
|
NULL,
|
|
|
|
|
NULL };
|
2002-01-04 02:32:16 +00:00
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2002-01-04 02:32:16 +00:00
|
|
|
* A log severity. Return as a string, except "debug N",
|
|
|
|
|
* which is returned as a keyword object.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
static keyword_type_t debug_kw = { "debug", &cfg_type_uint32 };
|
|
|
|
|
static cfg_type_t cfg_type_debuglevel = { "debuglevel", parse_keyvalue,
|
|
|
|
|
print_keyvalue, doc_keyvalue,
|
|
|
|
|
&cfg_rep_uint32, &debug_kw };
|
|
|
|
|
|
|
|
|
|
static isc_result_t
|
2016-11-29 15:28:28 +11:00
|
|
|
parse_logseverity(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
|
2002-01-04 02:32:16 +00:00
|
|
|
isc_result_t result;
|
|
|
|
|
UNUSED(type);
|
|
|
|
|
|
|
|
|
|
CHECK(cfg_peektoken(pctx, 0));
|
|
|
|
|
if (pctx->token.type == isc_tokentype_string &&
|
2002-01-22 19:31:57 +00:00
|
|
|
strcasecmp(TOKEN_STRING(pctx), "debug") == 0)
|
|
|
|
|
{
|
2002-01-04 02:32:16 +00:00
|
|
|
CHECK(cfg_gettoken(pctx, 0)); /* read "debug" */
|
|
|
|
|
CHECK(cfg_peektoken(pctx, ISC_LEXOPT_NUMBER));
|
|
|
|
|
if (pctx->token.type == isc_tokentype_number) {
|
|
|
|
|
CHECK(cfg_parse_uint32(pctx, NULL, ret));
|
|
|
|
|
} else {
|
|
|
|
|
/*
|
|
|
|
|
* The debug level is optional and defaults to 1.
|
|
|
|
|
* This makes little sense, but we support it for
|
|
|
|
|
* compatibility with BIND 8.
|
|
|
|
|
*/
|
|
|
|
|
CHECK(cfg_create_obj(pctx, &cfg_type_uint32, ret));
|
|
|
|
|
(*ret)->value.uint32 = 1;
|
|
|
|
|
}
|
|
|
|
|
(*ret)->type = &cfg_type_debuglevel; /* XXX kludge */
|
|
|
|
|
} else {
|
|
|
|
|
CHECK(cfg_parse_obj(pctx, &cfg_type_loglevel, ret));
|
|
|
|
|
}
|
|
|
|
|
cleanup:
|
|
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_logseverity = { "log_severity", parse_logseverity,
|
|
|
|
|
NULL, cfg_doc_terminal,
|
2016-11-29 15:28:28 +11:00
|
|
|
NULL, NULL };
|
2002-01-04 02:32:16 +00:00
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2002-01-04 02:32:16 +00:00
|
|
|
* The "file" clause of the "channel" statement.
|
|
|
|
|
* This is yet another special case.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
static const char *logversions_enums[] = { "unlimited", NULL };
|
|
|
|
|
static isc_result_t
|
2016-11-29 15:28:28 +11:00
|
|
|
parse_logversions(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
|
2018-08-12 23:06:00 -07:00
|
|
|
return (cfg_parse_enum_or_other(pctx, type, &cfg_type_uint32, ret));
|
2002-01-04 02:32:16 +00:00
|
|
|
}
|
2008-03-27 03:30:53 +00:00
|
|
|
|
2015-09-09 17:02:11 +10:00
|
|
|
static void
|
|
|
|
|
doc_logversions(cfg_printer_t *pctx, const cfg_type_t *type) {
|
2018-08-12 23:06:00 -07:00
|
|
|
cfg_doc_enum_or_other(pctx, type, &cfg_type_uint32);
|
2015-09-09 17:02:11 +10:00
|
|
|
}
|
|
|
|
|
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_type_t cfg_type_logversions = {
|
2015-09-09 17:02:11 +10:00
|
|
|
"logversions", parse_logversions, cfg_print_ustring,
|
2002-01-04 02:32:16 +00:00
|
|
|
doc_logversions, &cfg_rep_string, logversions_enums
|
|
|
|
|
};
|
|
|
|
|
|
2017-03-08 23:20:40 -08:00
|
|
|
static const char *logsuffix_enums[] = { "increment", "timestamp", NULL };
|
|
|
|
|
static cfg_type_t cfg_type_logsuffix = { "logsuffix", cfg_parse_enum,
|
|
|
|
|
cfg_print_ustring, cfg_doc_enum,
|
|
|
|
|
&cfg_rep_string, &logsuffix_enums };
|
|
|
|
|
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_tuplefielddef_t logfile_fields[] = {
|
|
|
|
|
{ "file", &cfg_type_qstring, 0 },
|
|
|
|
|
{ "versions", &cfg_type_logversions, 0 },
|
|
|
|
|
{ "size", &cfg_type_size, 0 },
|
2017-03-08 23:20:40 -08:00
|
|
|
{ "suffix", &cfg_type_logsuffix, 0 },
|
2002-01-04 02:32:16 +00:00
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static isc_result_t
|
|
|
|
|
parse_logfile(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
|
|
|
|
|
isc_result_t result;
|
|
|
|
|
cfg_obj_t *obj = NULL;
|
2008-01-18 23:46:58 +00:00
|
|
|
const cfg_tuplefielddef_t *fields = type->of;
|
2002-01-04 02:32:16 +00:00
|
|
|
|
2008-01-18 23:46:58 +00:00
|
|
|
CHECK(cfg_create_tuple(pctx, type, &obj));
|
2002-01-04 02:32:16 +00:00
|
|
|
|
|
|
|
|
/* Parse the mandatory "file" field */
|
|
|
|
|
CHECK(cfg_parse_obj(pctx, fields[0].type, &obj->value.tuple[0]));
|
|
|
|
|
|
|
|
|
|
/* Parse "versions" and "size" fields in any order. */
|
|
|
|
|
for (;;) {
|
|
|
|
|
CHECK(cfg_peektoken(pctx, 0));
|
|
|
|
|
if (pctx->token.type == isc_tokentype_string) {
|
2008-01-18 23:46:58 +00:00
|
|
|
CHECK(cfg_gettoken(pctx, 0));
|
2002-01-22 19:31:57 +00:00
|
|
|
if (strcasecmp(TOKEN_STRING(pctx), "versions") == 0 &&
|
2002-01-04 02:32:16 +00:00
|
|
|
obj->value.tuple[1] == NULL)
|
|
|
|
|
{
|
|
|
|
|
CHECK(cfg_parse_obj(pctx, fields[1].type,
|
|
|
|
|
&obj->value.tuple[1]));
|
2002-01-22 19:31:57 +00:00
|
|
|
} else if (strcasecmp(TOKEN_STRING(pctx), "size") ==
|
2002-01-04 02:32:16 +00:00
|
|
|
0 &&
|
|
|
|
|
obj->value.tuple[2] == NULL)
|
|
|
|
|
{
|
|
|
|
|
CHECK(cfg_parse_obj(pctx, fields[2].type,
|
|
|
|
|
&obj->value.tuple[2]));
|
2017-03-08 23:20:40 -08:00
|
|
|
} else if (strcasecmp(TOKEN_STRING(pctx), "suffix") ==
|
|
|
|
|
0 &&
|
|
|
|
|
obj->value.tuple[3] == NULL)
|
|
|
|
|
{
|
|
|
|
|
CHECK(cfg_parse_obj(pctx, fields[3].type,
|
|
|
|
|
&obj->value.tuple[3]));
|
2002-01-04 02:32:16 +00:00
|
|
|
} else {
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Create void objects for missing optional values. */
|
|
|
|
|
if (obj->value.tuple[1] == NULL) {
|
|
|
|
|
CHECK(cfg_parse_void(pctx, NULL, &obj->value.tuple[1]));
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2002-01-04 02:32:16 +00:00
|
|
|
if (obj->value.tuple[2] == NULL) {
|
|
|
|
|
CHECK(cfg_parse_void(pctx, NULL, &obj->value.tuple[2]));
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2017-03-08 23:20:40 -08:00
|
|
|
if (obj->value.tuple[3] == NULL) {
|
|
|
|
|
CHECK(cfg_parse_void(pctx, NULL, &obj->value.tuple[3]));
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2002-01-04 02:32:16 +00:00
|
|
|
|
|
|
|
|
*ret = obj;
|
|
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
|
|
|
|
|
cleanup:
|
2008-01-18 23:46:58 +00:00
|
|
|
CLEANUP_OBJ(obj);
|
2002-01-04 02:32:16 +00:00
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
2006-02-28 02:39:52 +00:00
|
|
|
print_logfile(cfg_printer_t *pctx, const cfg_obj_t *obj) {
|
2002-01-04 02:32:16 +00:00
|
|
|
cfg_print_obj(pctx, obj->value.tuple[0]); /* file */
|
|
|
|
|
if (obj->value.tuple[1]->type->print != cfg_print_void) {
|
2010-05-13 03:16:55 +00:00
|
|
|
cfg_print_cstr(pctx, " versions ");
|
2002-01-04 02:32:16 +00:00
|
|
|
cfg_print_obj(pctx, obj->value.tuple[1]);
|
|
|
|
|
}
|
|
|
|
|
if (obj->value.tuple[2]->type->print != cfg_print_void) {
|
2010-05-13 03:16:55 +00:00
|
|
|
cfg_print_cstr(pctx, " size ");
|
2002-01-04 02:32:16 +00:00
|
|
|
cfg_print_obj(pctx, obj->value.tuple[2]);
|
|
|
|
|
}
|
2017-03-08 23:20:40 -08:00
|
|
|
if (obj->value.tuple[3]->type->print != cfg_print_void) {
|
|
|
|
|
cfg_print_cstr(pctx, " suffix ");
|
|
|
|
|
cfg_print_obj(pctx, obj->value.tuple[3]);
|
|
|
|
|
}
|
2002-01-04 02:32:16 +00:00
|
|
|
}
|
|
|
|
|
|
2008-03-27 03:30:53 +00:00
|
|
|
static void
|
|
|
|
|
doc_logfile(cfg_printer_t *pctx, const cfg_type_t *type) {
|
|
|
|
|
UNUSED(type);
|
|
|
|
|
cfg_print_cstr(pctx, "<quoted_string>");
|
2015-01-06 22:57:57 -08:00
|
|
|
cfg_print_cstr(pctx, " ");
|
2017-03-08 23:20:40 -08:00
|
|
|
cfg_print_cstr(pctx, "[ versions ( unlimited | <integer> ) ]");
|
2015-01-06 22:57:57 -08:00
|
|
|
cfg_print_cstr(pctx, " ");
|
2008-03-27 03:30:53 +00:00
|
|
|
cfg_print_cstr(pctx, "[ size <size> ]");
|
2017-03-08 23:20:40 -08:00
|
|
|
cfg_print_cstr(pctx, " ");
|
|
|
|
|
cfg_print_cstr(pctx, "[ suffix ( increment | timestamp ) ]");
|
2008-03-27 03:30:53 +00:00
|
|
|
}
|
|
|
|
|
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_type_t cfg_type_logfile = { "log_file", parse_logfile,
|
2008-03-27 03:30:53 +00:00
|
|
|
print_logfile, doc_logfile,
|
2002-01-04 02:32:16 +00:00
|
|
|
&cfg_rep_tuple, logfile_fields };
|
|
|
|
|
|
2023-01-06 17:01:06 -08:00
|
|
|
/*% An IPv4 address, "*" accepted as wildcard. */
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_type_t cfg_type_sockaddr4wild = {
|
|
|
|
|
"sockaddr4wild", cfg_parse_sockaddr, cfg_print_sockaddr,
|
|
|
|
|
cfg_doc_sockaddr, &cfg_rep_sockaddr, &sockaddr4wild_flags
|
|
|
|
|
};
|
|
|
|
|
|
2023-01-06 17:01:06 -08:00
|
|
|
/*% An IPv6 address, "*" accepted as wildcard. */
|
2002-01-04 02:32:16 +00:00
|
|
|
static cfg_type_t cfg_type_sockaddr6wild = {
|
2003-09-25 18:16:50 +00:00
|
|
|
"v6addrportwild", cfg_parse_sockaddr, cfg_print_sockaddr,
|
|
|
|
|
cfg_doc_sockaddr, &cfg_rep_sockaddr, &sockaddr6wild_flags
|
2002-01-04 02:32:16 +00:00
|
|
|
};
|
|
|
|
|
|
2022-12-13 17:28:19 +01:00
|
|
|
static keyword_type_t sourceaddr4_kw = { "source", &cfg_type_sockaddr4wild };
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_optional_sourceaddr4 = {
|
|
|
|
|
"optional_sourceaddr4", parse_optional_keyvalue, print_keyvalue,
|
|
|
|
|
doc_optional_keyvalue, &cfg_rep_sockaddr, &sourceaddr4_kw
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static keyword_type_t sourceaddr6_kw = { "source-v6", &cfg_type_sockaddr6wild };
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_optional_sourceaddr6 = {
|
|
|
|
|
"optional_sourceaddr6", parse_optional_keyvalue, print_keyvalue,
|
|
|
|
|
doc_optional_keyvalue, &cfg_rep_sockaddr, &sourceaddr6_kw
|
|
|
|
|
};
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2002-01-04 02:32:16 +00:00
|
|
|
* rndc
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
static cfg_clausedef_t rndcconf_options_clauses[] = {
|
|
|
|
|
{ "default-key", &cfg_type_astring, 0 },
|
|
|
|
|
{ "default-port", &cfg_type_uint32, 0 },
|
2004-07-23 04:15:27 +00:00
|
|
|
{ "default-server", &cfg_type_astring, 0 },
|
|
|
|
|
{ "default-source-address", &cfg_type_netaddr4wild, 0 },
|
|
|
|
|
{ "default-source-address-v6", &cfg_type_netaddr6wild, 0 },
|
2002-01-04 02:32:16 +00:00
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_clausedef_t *rndcconf_options_clausesets[] = {
|
|
|
|
|
rndcconf_options_clauses, NULL
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_rndcconf_options = {
|
2004-07-23 04:15:27 +00:00
|
|
|
"rndcconf_options", cfg_parse_map, cfg_print_map,
|
|
|
|
|
cfg_doc_map, &cfg_rep_map, rndcconf_options_clausesets
|
2002-01-04 02:32:16 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_clausedef_t rndcconf_server_clauses[] = {
|
|
|
|
|
{ "key", &cfg_type_astring, 0 },
|
|
|
|
|
{ "port", &cfg_type_uint32, 0 },
|
2004-07-23 04:15:27 +00:00
|
|
|
{ "source-address", &cfg_type_netaddr4wild, 0 },
|
|
|
|
|
{ "source-address-v6", &cfg_type_netaddr6wild, 0 },
|
2004-06-18 04:38:47 +00:00
|
|
|
{ "addresses", &cfg_type_bracketed_sockaddrnameportlist, 0 },
|
2002-01-04 02:32:16 +00:00
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_clausedef_t *rndcconf_server_clausesets[] = {
|
|
|
|
|
rndcconf_server_clauses, NULL
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_rndcconf_server = {
|
2004-07-23 04:15:27 +00:00
|
|
|
"rndcconf_server", cfg_parse_named_map, cfg_print_map,
|
|
|
|
|
cfg_doc_map, &cfg_rep_map, rndcconf_server_clausesets
|
2002-01-04 02:32:16 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_clausedef_t rndcconf_clauses[] = {
|
|
|
|
|
{ "key", &cfg_type_key, CFG_CLAUSEFLAG_MULTI },
|
|
|
|
|
{ "server", &cfg_type_rndcconf_server, CFG_CLAUSEFLAG_MULTI },
|
|
|
|
|
{ "options", &cfg_type_rndcconf_options, 0 },
|
|
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_clausedef_t *rndcconf_clausesets[] = { rndcconf_clauses, NULL };
|
|
|
|
|
|
2021-06-10 08:06:48 +02:00
|
|
|
cfg_type_t cfg_type_rndcconf = { "rndcconf", cfg_parse_mapbody,
|
|
|
|
|
cfg_print_mapbody, cfg_doc_mapbody,
|
|
|
|
|
&cfg_rep_map, rndcconf_clausesets };
|
2002-01-04 02:32:16 +00:00
|
|
|
|
|
|
|
|
static cfg_clausedef_t rndckey_clauses[] = { { "key", &cfg_type_key, 0 },
|
|
|
|
|
{ NULL, NULL, 0 } };
|
|
|
|
|
|
|
|
|
|
static cfg_clausedef_t *rndckey_clausesets[] = { rndckey_clauses, NULL };
|
|
|
|
|
|
2021-06-10 08:06:48 +02:00
|
|
|
cfg_type_t cfg_type_rndckey = { "rndckey", cfg_parse_mapbody,
|
|
|
|
|
cfg_print_mapbody, cfg_doc_mapbody,
|
|
|
|
|
&cfg_rep_map, rndckey_clausesets };
|
2003-01-16 03:59:28 +00:00
|
|
|
|
2009-06-10 00:27:22 +00:00
|
|
|
/*
|
2009-07-14 22:54:57 +00:00
|
|
|
* session.key has exactly the same syntax as rndc.key, but it's defined
|
2009-06-10 00:27:22 +00:00
|
|
|
* separately for clarity (and so we can extend it someday, if needed).
|
|
|
|
|
*/
|
2021-06-10 08:06:48 +02:00
|
|
|
cfg_type_t cfg_type_sessionkey = { "sessionkey", cfg_parse_mapbody,
|
|
|
|
|
cfg_print_mapbody, cfg_doc_mapbody,
|
|
|
|
|
&cfg_rep_map, rndckey_clausesets };
|
2009-06-10 00:27:22 +00:00
|
|
|
|
2003-01-16 03:59:28 +00:00
|
|
|
static cfg_tuplefielddef_t nameport_fields[] = {
|
|
|
|
|
{ "name", &cfg_type_astring, 0 },
|
|
|
|
|
{ "port", &cfg_type_optional_port, 0 },
|
|
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
2013-03-22 12:27:54 -07:00
|
|
|
|
2003-01-16 03:59:28 +00:00
|
|
|
static cfg_type_t cfg_type_nameport = { "nameport", cfg_parse_tuple,
|
|
|
|
|
cfg_print_tuple, cfg_doc_tuple,
|
|
|
|
|
&cfg_rep_tuple, nameport_fields };
|
|
|
|
|
|
|
|
|
|
static void
|
2003-02-26 06:04:03 +00:00
|
|
|
doc_sockaddrnameport(cfg_printer_t *pctx, const cfg_type_t *type) {
|
2003-01-16 03:59:28 +00:00
|
|
|
UNUSED(type);
|
2015-01-06 22:57:57 -08:00
|
|
|
cfg_print_cstr(pctx, "( ");
|
2003-01-16 03:59:28 +00:00
|
|
|
cfg_print_cstr(pctx, "<quoted_string>");
|
2015-01-06 22:57:57 -08:00
|
|
|
cfg_print_cstr(pctx, " ");
|
2008-03-27 03:30:53 +00:00
|
|
|
cfg_print_cstr(pctx, "[ port <integer> ]");
|
2015-01-06 22:57:57 -08:00
|
|
|
cfg_print_cstr(pctx, " | ");
|
2003-01-16 03:59:28 +00:00
|
|
|
cfg_print_cstr(pctx, "<ipv4_address>");
|
2015-01-06 22:57:57 -08:00
|
|
|
cfg_print_cstr(pctx, " ");
|
2008-03-27 03:30:53 +00:00
|
|
|
cfg_print_cstr(pctx, "[ port <integer> ]");
|
2015-01-06 22:57:57 -08:00
|
|
|
cfg_print_cstr(pctx, " | ");
|
2003-01-16 03:59:28 +00:00
|
|
|
cfg_print_cstr(pctx, "<ipv6_address>");
|
2015-01-06 22:57:57 -08:00
|
|
|
cfg_print_cstr(pctx, " ");
|
2008-03-27 03:30:53 +00:00
|
|
|
cfg_print_cstr(pctx, "[ port <integer> ]");
|
2015-01-06 22:57:57 -08:00
|
|
|
cfg_print_cstr(pctx, " )");
|
2003-01-16 03:59:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static isc_result_t
|
2003-02-26 06:04:03 +00:00
|
|
|
parse_sockaddrnameport(cfg_parser_t *pctx, const cfg_type_t *type,
|
|
|
|
|
cfg_obj_t **ret) {
|
2008-01-18 23:46:58 +00:00
|
|
|
isc_result_t result;
|
2003-01-16 03:59:28 +00:00
|
|
|
cfg_obj_t *obj = NULL;
|
|
|
|
|
UNUSED(type);
|
|
|
|
|
|
|
|
|
|
CHECK(cfg_peektoken(pctx, CFG_LEXOPT_QSTRING));
|
|
|
|
|
if (pctx->token.type == isc_tokentype_string ||
|
|
|
|
|
pctx->token.type == isc_tokentype_qstring)
|
|
|
|
|
{
|
|
|
|
|
if (cfg_lookingat_netaddr(pctx, CFG_ADDR_V4OK | CFG_ADDR_V6OK))
|
|
|
|
|
{
|
2016-11-29 15:28:28 +11:00
|
|
|
CHECK(cfg_parse_sockaddr(pctx, &cfg_type_sockaddr,
|
|
|
|
|
ret));
|
2003-01-16 03:59:28 +00:00
|
|
|
} else {
|
|
|
|
|
const cfg_tuplefielddef_t *fields =
|
2008-01-18 23:46:58 +00:00
|
|
|
cfg_type_nameport.of;
|
2003-01-16 03:59:28 +00:00
|
|
|
CHECK(cfg_create_tuple(pctx, &cfg_type_nameport, &obj));
|
|
|
|
|
CHECK(cfg_parse_obj(pctx, fields[0].type,
|
|
|
|
|
&obj->value.tuple[0]));
|
|
|
|
|
CHECK(cfg_parse_obj(pctx, fields[1].type,
|
|
|
|
|
&obj->value.tuple[1]));
|
2013-03-22 12:27:54 -07:00
|
|
|
CHECK(cfg_parse_obj(pctx, fields[2].type,
|
|
|
|
|
&obj->value.tuple[2]));
|
2003-01-16 03:59:28 +00:00
|
|
|
*ret = obj;
|
|
|
|
|
obj = NULL;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
cfg_parser_error(pctx, CFG_LOG_NEAR,
|
2003-02-26 06:04:03 +00:00
|
|
|
"expected IP address or hostname");
|
2003-01-16 03:59:28 +00:00
|
|
|
return (ISC_R_UNEXPECTEDTOKEN);
|
|
|
|
|
}
|
|
|
|
|
cleanup:
|
2008-01-18 23:46:58 +00:00
|
|
|
CLEANUP_OBJ(obj);
|
2003-01-16 03:59:28 +00:00
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
|
2003-02-26 06:04:03 +00:00
|
|
|
static cfg_type_t cfg_type_sockaddrnameport = { "sockaddrnameport_element",
|
|
|
|
|
parse_sockaddrnameport,
|
|
|
|
|
NULL,
|
|
|
|
|
doc_sockaddrnameport,
|
|
|
|
|
NULL,
|
|
|
|
|
NULL };
|
2003-01-16 03:59:28 +00:00
|
|
|
|
2003-02-26 06:04:03 +00:00
|
|
|
static cfg_type_t cfg_type_bracketed_sockaddrnameportlist = {
|
|
|
|
|
"bracketed_sockaddrnameportlist",
|
|
|
|
|
cfg_parse_bracketed_list,
|
2003-01-16 03:59:28 +00:00
|
|
|
cfg_print_bracketed_list,
|
|
|
|
|
cfg_doc_bracketed_list,
|
2003-02-26 06:04:03 +00:00
|
|
|
&cfg_rep_list,
|
|
|
|
|
&cfg_type_sockaddrnameport
|
2003-01-16 03:59:28 +00:00
|
|
|
};
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2003-02-26 06:04:03 +00:00
|
|
|
* A list of socket addresses or name with an optional default port,
|
2003-01-16 03:59:28 +00:00
|
|
|
* as used in the dual-stack-servers option. E.g.,
|
|
|
|
|
* "port 1234 { dual-stack-servers.net; 10.0.0.1; 1::2 port 69; }"
|
|
|
|
|
*/
|
|
|
|
|
static cfg_tuplefielddef_t nameportiplist_fields[] = {
|
|
|
|
|
{ "port", &cfg_type_optional_port, 0 },
|
2003-02-26 06:04:03 +00:00
|
|
|
{ "addresses", &cfg_type_bracketed_sockaddrnameportlist, 0 },
|
2003-01-16 03:59:28 +00:00
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_nameportiplist = {
|
|
|
|
|
"nameportiplist", cfg_parse_tuple, cfg_print_tuple,
|
|
|
|
|
cfg_doc_tuple, &cfg_rep_tuple, nameportiplist_fields
|
|
|
|
|
};
|
2003-02-26 06:04:03 +00:00
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2021-05-07 11:31:15 +02:00
|
|
|
* remote servers element.
|
2003-02-26 06:04:03 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
static void
|
2021-05-07 11:31:15 +02:00
|
|
|
doc_remoteselement(cfg_printer_t *pctx, const cfg_type_t *type) {
|
2003-02-26 06:04:03 +00:00
|
|
|
UNUSED(type);
|
2015-01-06 22:57:57 -08:00
|
|
|
cfg_print_cstr(pctx, "( ");
|
2021-05-07 11:31:15 +02:00
|
|
|
cfg_print_cstr(pctx, "<remote-servers>");
|
2015-01-06 22:57:57 -08:00
|
|
|
cfg_print_cstr(pctx, " | ");
|
2003-02-26 06:04:03 +00:00
|
|
|
cfg_print_cstr(pctx, "<ipv4_address>");
|
2015-01-06 22:57:57 -08:00
|
|
|
cfg_print_cstr(pctx, " ");
|
2008-03-27 03:30:53 +00:00
|
|
|
cfg_print_cstr(pctx, "[ port <integer> ]");
|
2015-01-06 22:57:57 -08:00
|
|
|
cfg_print_cstr(pctx, " | ");
|
2003-02-26 06:04:03 +00:00
|
|
|
cfg_print_cstr(pctx, "<ipv6_address>");
|
2015-01-06 22:57:57 -08:00
|
|
|
cfg_print_cstr(pctx, " ");
|
2008-03-27 03:30:53 +00:00
|
|
|
cfg_print_cstr(pctx, "[ port <integer> ]");
|
2015-01-06 22:57:57 -08:00
|
|
|
cfg_print_cstr(pctx, " )");
|
2003-02-26 06:04:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static isc_result_t
|
2021-05-07 11:31:15 +02:00
|
|
|
parse_remoteselement(cfg_parser_t *pctx, const cfg_type_t *type,
|
|
|
|
|
cfg_obj_t **ret) {
|
2008-01-18 23:46:58 +00:00
|
|
|
isc_result_t result;
|
2003-02-26 06:04:03 +00:00
|
|
|
cfg_obj_t *obj = NULL;
|
|
|
|
|
UNUSED(type);
|
|
|
|
|
|
|
|
|
|
CHECK(cfg_peektoken(pctx, CFG_LEXOPT_QSTRING));
|
|
|
|
|
if (pctx->token.type == isc_tokentype_string ||
|
|
|
|
|
pctx->token.type == isc_tokentype_qstring)
|
|
|
|
|
{
|
|
|
|
|
if (cfg_lookingat_netaddr(pctx, CFG_ADDR_V4OK | CFG_ADDR_V6OK))
|
|
|
|
|
{
|
2016-11-29 15:28:28 +11:00
|
|
|
CHECK(cfg_parse_sockaddr(pctx, &cfg_type_sockaddr,
|
|
|
|
|
ret));
|
2003-02-26 06:04:03 +00:00
|
|
|
} else {
|
|
|
|
|
CHECK(cfg_parse_astring(pctx, &cfg_type_astring, ret));
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2003-02-26 06:04:03 +00:00
|
|
|
} else {
|
|
|
|
|
cfg_parser_error(pctx, CFG_LOG_NEAR,
|
2021-05-07 11:31:15 +02:00
|
|
|
"expected IP address or remote servers list "
|
|
|
|
|
"name");
|
2003-02-26 06:04:03 +00:00
|
|
|
return (ISC_R_UNEXPECTEDTOKEN);
|
|
|
|
|
}
|
|
|
|
|
cleanup:
|
2008-01-18 23:46:58 +00:00
|
|
|
CLEANUP_OBJ(obj);
|
2003-02-26 06:04:03 +00:00
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-07 11:31:15 +02:00
|
|
|
static cfg_type_t cfg_type_remoteselement = { "remotes_element",
|
|
|
|
|
parse_remoteselement,
|
|
|
|
|
NULL,
|
|
|
|
|
doc_remoteselement,
|
|
|
|
|
NULL,
|
|
|
|
|
NULL };
|
2014-02-18 23:26:50 -08:00
|
|
|
|
2018-01-22 11:00:45 -08:00
|
|
|
static int
|
|
|
|
|
cmp_clause(const void *ap, const void *bp) {
|
|
|
|
|
const cfg_clausedef_t *a = (const cfg_clausedef_t *)ap;
|
|
|
|
|
const cfg_clausedef_t *b = (const cfg_clausedef_t *)bp;
|
|
|
|
|
return (strcmp(a->name, b->name));
|
|
|
|
|
}
|
|
|
|
|
|
2018-04-17 08:29:14 -07:00
|
|
|
bool
|
2018-01-22 11:00:45 -08:00
|
|
|
cfg_clause_validforzone(const char *name, unsigned int ztype) {
|
|
|
|
|
const cfg_clausedef_t *clause;
|
2018-04-17 08:29:14 -07:00
|
|
|
bool valid = false;
|
2018-01-22 11:00:45 -08:00
|
|
|
|
|
|
|
|
for (clause = zone_clauses; clause->name != NULL; clause++) {
|
|
|
|
|
if ((clause->flags & ztype) == 0 ||
|
2022-11-02 19:33:14 +01:00
|
|
|
strcmp(clause->name, name) != 0)
|
|
|
|
|
{
|
2018-01-22 11:00:45 -08:00
|
|
|
continue;
|
|
|
|
|
}
|
2018-04-17 08:29:14 -07:00
|
|
|
valid = true;
|
2018-01-22 11:00:45 -08:00
|
|
|
}
|
|
|
|
|
for (clause = zone_only_clauses; clause->name != NULL; clause++) {
|
|
|
|
|
if ((clause->flags & ztype) == 0 ||
|
2022-11-02 19:33:14 +01:00
|
|
|
strcmp(clause->name, name) != 0)
|
|
|
|
|
{
|
2018-01-22 11:00:45 -08:00
|
|
|
continue;
|
|
|
|
|
}
|
2018-04-17 08:29:14 -07:00
|
|
|
valid = true;
|
2018-01-22 11:00:45 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (valid);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
2019-08-07 10:31:19 -07:00
|
|
|
cfg_print_zonegrammar(const unsigned int zonetype, unsigned int flags,
|
2018-01-22 11:00:45 -08:00
|
|
|
void (*f)(void *closure, const char *text, int textlen),
|
|
|
|
|
void *closure) {
|
|
|
|
|
#define NCLAUSES \
|
|
|
|
|
(((sizeof(zone_clauses) + sizeof(zone_only_clauses)) / \
|
|
|
|
|
sizeof(clause[0])) - \
|
|
|
|
|
1)
|
|
|
|
|
|
|
|
|
|
cfg_printer_t pctx;
|
|
|
|
|
cfg_clausedef_t *clause = NULL;
|
|
|
|
|
cfg_clausedef_t clauses[NCLAUSES];
|
|
|
|
|
|
|
|
|
|
pctx.f = f;
|
|
|
|
|
pctx.closure = closure;
|
|
|
|
|
pctx.indent = 0;
|
2019-08-07 10:31:19 -07:00
|
|
|
pctx.flags = flags;
|
2018-01-22 11:00:45 -08:00
|
|
|
|
|
|
|
|
memmove(clauses, zone_clauses, sizeof(zone_clauses));
|
|
|
|
|
memmove(clauses + sizeof(zone_clauses) / sizeof(zone_clauses[0]) - 1,
|
|
|
|
|
zone_only_clauses, sizeof(zone_only_clauses));
|
|
|
|
|
qsort(clauses, NCLAUSES - 1, sizeof(clause[0]), cmp_clause);
|
|
|
|
|
|
|
|
|
|
cfg_print_cstr(&pctx, "zone <string> [ <class> ] {\n");
|
|
|
|
|
pctx.indent++;
|
|
|
|
|
|
|
|
|
|
switch (zonetype) {
|
2021-08-25 22:31:18 -07:00
|
|
|
case CFG_ZONE_PRIMARY:
|
2018-01-22 11:00:45 -08:00
|
|
|
cfg_print_indent(&pctx);
|
2022-02-23 17:18:38 -08:00
|
|
|
cfg_print_cstr(&pctx, "type primary;\n");
|
2018-01-22 11:00:45 -08:00
|
|
|
break;
|
2021-08-25 22:31:18 -07:00
|
|
|
case CFG_ZONE_SECONDARY:
|
2018-01-22 11:00:45 -08:00
|
|
|
cfg_print_indent(&pctx);
|
2022-02-23 17:18:38 -08:00
|
|
|
cfg_print_cstr(&pctx, "type secondary;\n");
|
2018-01-22 11:00:45 -08:00
|
|
|
break;
|
2018-10-09 10:54:51 +02:00
|
|
|
case CFG_ZONE_MIRROR:
|
|
|
|
|
cfg_print_indent(&pctx);
|
|
|
|
|
cfg_print_cstr(&pctx, "type mirror;\n");
|
|
|
|
|
break;
|
2018-01-22 11:00:45 -08:00
|
|
|
case CFG_ZONE_STUB:
|
|
|
|
|
cfg_print_indent(&pctx);
|
|
|
|
|
cfg_print_cstr(&pctx, "type stub;\n");
|
|
|
|
|
break;
|
|
|
|
|
case CFG_ZONE_HINT:
|
|
|
|
|
cfg_print_indent(&pctx);
|
|
|
|
|
cfg_print_cstr(&pctx, "type hint;\n");
|
|
|
|
|
break;
|
|
|
|
|
case CFG_ZONE_FORWARD:
|
|
|
|
|
cfg_print_indent(&pctx);
|
|
|
|
|
cfg_print_cstr(&pctx, "type forward;\n");
|
|
|
|
|
break;
|
|
|
|
|
case CFG_ZONE_STATICSTUB:
|
|
|
|
|
cfg_print_indent(&pctx);
|
|
|
|
|
cfg_print_cstr(&pctx, "type static-stub;\n");
|
|
|
|
|
break;
|
|
|
|
|
case CFG_ZONE_REDIRECT:
|
|
|
|
|
cfg_print_indent(&pctx);
|
|
|
|
|
cfg_print_cstr(&pctx, "type redirect;\n");
|
|
|
|
|
break;
|
|
|
|
|
case CFG_ZONE_INVIEW:
|
|
|
|
|
/* no zone type is specified for these */
|
|
|
|
|
break;
|
|
|
|
|
default:
|
2021-10-11 12:50:17 +02:00
|
|
|
UNREACHABLE();
|
2018-01-22 11:00:45 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (clause = clauses; clause->name != NULL; clause++) {
|
2019-08-07 10:31:19 -07:00
|
|
|
if (((pctx.flags & CFG_PRINTER_ACTIVEONLY) != 0) &&
|
|
|
|
|
(((clause->flags & CFG_CLAUSEFLAG_OBSOLETE) != 0) ||
|
|
|
|
|
((clause->flags & CFG_CLAUSEFLAG_TESTONLY) != 0)))
|
|
|
|
|
{
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2022-02-25 16:33:30 -08:00
|
|
|
if ((clause->flags & CFG_CLAUSEFLAG_ANCIENT) != 0 ||
|
|
|
|
|
(clause->flags & CFG_CLAUSEFLAG_NODOC) != 0)
|
|
|
|
|
{
|
Remove a lot of obsoleted options
These options were ancient or made obsolete a long time ago, it is
safe to remove them.
Also stop printing ancient options, they should be treated the same as
unknown options.
Removed options: lwres, geoip-use-ecs, sit-secret, use-ixfr,
acache-cleaning-interval, acache-enable, additional-from-auth,
additional-from-cache, allow-v6-synthesis, dnssec-enable,
max-acache-size, nosit-udp-size, queryport-pool-ports,
queryport-pool-updateinterval, request-sit, use-queryport-pool, and
support-ixfr.
2020-12-08 15:08:32 +01:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2018-01-22 11:00:45 -08:00
|
|
|
if ((clause->flags & zonetype) == 0 ||
|
2022-11-02 19:33:14 +01:00
|
|
|
strcasecmp(clause->name, "type") == 0)
|
|
|
|
|
{
|
2018-01-22 11:00:45 -08:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
cfg_print_indent(&pctx);
|
|
|
|
|
cfg_print_cstr(&pctx, clause->name);
|
|
|
|
|
cfg_print_cstr(&pctx, " ");
|
|
|
|
|
cfg_doc_obj(&pctx, clause->type);
|
|
|
|
|
cfg_print_cstr(&pctx, ";");
|
|
|
|
|
cfg_print_clauseflags(&pctx, clause->flags);
|
|
|
|
|
cfg_print_cstr(&pctx, "\n");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pctx.indent--;
|
|
|
|
|
cfg_print_cstr(&pctx, "};\n");
|
|
|
|
|
}
|
2020-09-16 12:21:32 -07:00
|
|
|
|
|
|
|
|
/*%
|
|
|
|
|
* "tls" and related statement syntax.
|
|
|
|
|
*/
|
2021-09-13 15:39:36 +03:00
|
|
|
static cfg_type_t cfg_type_tlsprotos = { "tls_protocols",
|
|
|
|
|
cfg_parse_bracketed_list,
|
|
|
|
|
cfg_print_bracketed_list,
|
|
|
|
|
cfg_doc_bracketed_list,
|
|
|
|
|
&cfg_rep_list,
|
|
|
|
|
&cfg_type_astring };
|
2020-09-16 12:21:32 -07:00
|
|
|
|
|
|
|
|
static cfg_clausedef_t tls_clauses[] = {
|
|
|
|
|
{ "key-file", &cfg_type_qstring, 0 },
|
|
|
|
|
{ "cert-file", &cfg_type_qstring, 0 },
|
2021-01-14 12:51:25 +01:00
|
|
|
{ "ca-file", &cfg_type_qstring, 0 },
|
2022-05-03 16:51:33 +03:00
|
|
|
{ "remote-hostname", &cfg_type_qstring, 0 },
|
2021-09-16 14:48:30 +03:00
|
|
|
{ "dhparam-file", &cfg_type_qstring, 0 },
|
2021-09-13 15:39:36 +03:00
|
|
|
{ "protocols", &cfg_type_tlsprotos, 0 },
|
2021-09-20 14:25:59 +03:00
|
|
|
{ "ciphers", &cfg_type_astring, 0 },
|
2021-09-20 16:53:27 +03:00
|
|
|
{ "prefer-server-ciphers", &cfg_type_boolean, 0 },
|
Add "session-tickets" options to the "tls" clause
This commit adds the ability to enable or disable stateless TLS
session resumption tickets (see RFC5077). Having this ability is
twofold.
Firstly, these tickets are encrypted by the server, and the algorithm
might be weaker than the algorithm negotiated during the TLS session
establishment (it is in general the case for TLSv1.2, but the generic
principle applies to TLSv1.3 as well, despite it having better ciphers
for session tickets). Thus, they might compromise Perfect Forward
Secrecy.
Secondly, disabling it might be necessary if the same TLS key/cert
pair is supposed to be used by multiple servers to achieve, e.g., load
balancing because the session ticket by default gets generated in
runtime, while to achieve successful session resumption ability, in
this case, would have required using a shared key.
The proper alternative to having the ability to disable stateless TLS
session resumption tickets is to implement a proper session tickets
key rollover mechanism so that key rotation might be performed
often (e.g. once an hour) to not compromise forward secrecy while
retaining the associated performance benefits. That is much more work,
though. On the other hand, having the ability to disable session
tickets allows having a deployable configuration right now in the
cases when either forward secrecy is wanted or sharing the TLS
key/cert pair between multiple servers is needed (or both).
2021-09-21 14:09:56 +03:00
|
|
|
{ "session-tickets", &cfg_type_boolean, 0 },
|
2020-09-16 12:21:32 -07:00
|
|
|
{ NULL, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_clausedef_t *tls_clausesets[] = { tls_clauses, NULL };
|
|
|
|
|
static cfg_type_t cfg_type_tlsconf = { "tlsconf", cfg_parse_named_map,
|
|
|
|
|
cfg_print_map, cfg_doc_map,
|
|
|
|
|
&cfg_rep_map, tls_clausesets };
|
|
|
|
|
|
|
|
|
|
static keyword_type_t tls_kw = { "tls", &cfg_type_astring };
|
|
|
|
|
static cfg_type_t cfg_type_optional_tls = {
|
|
|
|
|
"tlsoptional", parse_optional_keyvalue, print_keyvalue,
|
|
|
|
|
doc_optional_keyvalue, &cfg_rep_string, &tls_kw
|
|
|
|
|
};
|
2020-09-16 12:21:32 -07:00
|
|
|
|
|
|
|
|
/* http and https */
|
|
|
|
|
|
2021-05-19 18:03:11 +03:00
|
|
|
static cfg_type_t cfg_type_bracketed_http_endpoint_list = {
|
|
|
|
|
"bracketed_http_endpoint_list",
|
|
|
|
|
cfg_parse_bracketed_list,
|
|
|
|
|
cfg_print_bracketed_list,
|
|
|
|
|
cfg_doc_bracketed_list,
|
|
|
|
|
&cfg_rep_list,
|
|
|
|
|
&cfg_type_qstring
|
|
|
|
|
};
|
2020-09-16 12:21:32 -07:00
|
|
|
|
|
|
|
|
static cfg_clausedef_t cfg_http_description_clauses[] = {
|
2021-05-19 18:03:11 +03:00
|
|
|
{ "endpoints", &cfg_type_bracketed_http_endpoint_list, 0 },
|
Add (http-)listener-clients option (DoH quota mechanism)
This commit adds support for http-listener-clients global options as
well as ability to override the default in an HTTP server description,
like:
http local-http-server {
...
listener-clients 100;
...
};
This way we have ability to specify per-listener active connections
quota globally and then override it when required. This is exactly
what AT&T requested us: they wanted a functionality to specify quota
globally and then override it for specific IPs. This change
functionality makes such a configuration possible.
It makes sense: for example, one could have different quotas for
internal and external clients. Or, for example, one could use BIND's
internal ability to serve encrypted DoH with some sane quota value for
internal clients, while having un-encrypted DoH listener without quota
to put BIND behind a load balancer doing TLS offloading for external
clients.
Moreover, the code no more shares the quota with TCP, which makes
little sense anyway (see tcp-clients option), because of the nature of
interaction of DoH clients: they tend to keep idle opened connections
for longer periods of time, preventing the TCP and TLS client from
being served. Thus, the need to have a separate, generally larger,
quota for them.
Also, the change makes any option within "http <name> { ... };"
statement optional, making it easier to override only required default
options.
By default, the DoH connections are limited to 300 per listener. I
hope that it is a good initial guesstimate.
2021-05-14 14:18:57 +03:00
|
|
|
{ "listener-clients", &cfg_type_uint32, 0 },
|
2021-05-18 12:03:58 +03:00
|
|
|
{ "streams-per-connection", &cfg_type_uint32, 0 },
|
Add (http-)listener-clients option (DoH quota mechanism)
This commit adds support for http-listener-clients global options as
well as ability to override the default in an HTTP server description,
like:
http local-http-server {
...
listener-clients 100;
...
};
This way we have ability to specify per-listener active connections
quota globally and then override it when required. This is exactly
what AT&T requested us: they wanted a functionality to specify quota
globally and then override it for specific IPs. This change
functionality makes such a configuration possible.
It makes sense: for example, one could have different quotas for
internal and external clients. Or, for example, one could use BIND's
internal ability to serve encrypted DoH with some sane quota value for
internal clients, while having un-encrypted DoH listener without quota
to put BIND behind a load balancer doing TLS offloading for external
clients.
Moreover, the code no more shares the quota with TCP, which makes
little sense anyway (see tcp-clients option), because of the nature of
interaction of DoH clients: they tend to keep idle opened connections
for longer periods of time, preventing the TCP and TLS client from
being served. Thus, the need to have a separate, generally larger,
quota for them.
Also, the change makes any option within "http <name> { ... };"
statement optional, making it easier to override only required default
options.
By default, the DoH connections are limited to 300 per listener. I
hope that it is a good initial guesstimate.
2021-05-14 14:18:57 +03:00
|
|
|
{ NULL, NULL, 0 }
|
2020-09-16 12:21:32 -07:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_clausedef_t *http_description_clausesets[] = {
|
|
|
|
|
cfg_http_description_clauses, NULL
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static cfg_type_t cfg_type_http_description = {
|
|
|
|
|
"http_desc", cfg_parse_named_map, cfg_print_map,
|
|
|
|
|
cfg_doc_map, &cfg_rep_map, http_description_clausesets
|
|
|
|
|
};
|
