mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-01 06:55:30 +00:00
Code Issues Releases Wiki Activity

[master] [rt37069] update NTA limit to a week

Browse Source 
3940.	[func]		"rndc nta" now allows negative trust anchors to be
			set for up to one week. [RT #37069]
This commit is contained in:
Evan Hunt
2014-09-03 19:00:03 -07:00
parent 74717eef53
commit 3d066288ad
5 changed files with 13 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@@ -1,3 +1,6 @@
3940. [func] "rndc nta" now allows negative trust anchors to be
set for up to one week. [RT #37069]
3939. [func] Improve UPDATE forwarding performance by allowing TCP 3939. [func] Improve UPDATE forwarding performance by allowing TCP
connections to be shared. [RT #37039] connections to be shared. [RT #37039]

4
bin/named/server.c
View File

@@ -9921,8 +9921,8 @@ ns_server_nta(ns_server_t *server, char *args, isc_buffer_t *text) {
CHECK(result); CHECK(result);
} }
if (ntattl > 86400) { if (ntattl > 604800) {
msg = "NTA lifetime cannot exceed one day"; msg = "NTA lifetime cannot exceed one week";
CHECK(ISC_R_RANGE); CHECK(ISC_R_RANGE);
} }

2
bin/rndc/rndc.docbook
View File

@@ -608,7 +608,7 @@
<option>lifetime</option>. The default lifetime is <option>lifetime</option>. The default lifetime is
configured in <file>named.conf</file> via the configured in <file>named.conf</file> via the
<option>nta-lifetime</option>, and defaults to <option>nta-lifetime</option>, and defaults to
one hour. The lifetime cannot exceed one day. one hour. The lifetime cannot exceed one week.
</para> </para>
<para> <para>
A negative trust anchor selectively disables A negative trust anchor selectively disables

6
bin/tests/system/rndc/tests.sh
View File

@@ -378,5 +378,11 @@ grep "query: foo9876.bind CH TXT" ns4/named.run > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret` status=`expr $status + $ret`
echo "I:testing rndc nta time limits"
ret=0
$RNDC -s 10.53.0.4 -p 9956 -c ns4/key6.conf nta -l 2h nta1.example 2>&1 | grep "Negative trust anchor added" > /dev/null || ret=1
$RNDC -s 10.53.0.4 -p 9956 -c ns4/key6.conf nta -l 1d nta2.example 2>&1 | grep "Negative trust anchor added" > /dev/null || ret=1
$RNDC -s 10.53.0.4 -p 9956 -c ns4/key6.conf nta -l 1w nta3.example 2>&1 | grep "Negative trust anchor added" > /dev/null || ret=1
$RNDC -s 10.53.0.4 -p 9956 -c ns4/key6.conf nta -l 8d nta4.example 2>&1 | grep "NTA lifetime cannot exceed one week" > /dev/null || ret=1
echo "I:exit status: $status" echo "I:exit status: $status"
exit $status exit $status

2
doc/arm/Bv9ARM-book.xml
View File

@@ -5737,7 +5737,7 @@ options {
For convenience, TTL-style time unit suffixes can be For convenience, TTL-style time unit suffixes can be
used to specify the NTA lifetime in seconds, minutes used to specify the NTA lifetime in seconds, minutes
or hours. <option>nta-lifetime</option> defaults to or hours. <option>nta-lifetime</option> defaults to
one hour. It cannot exceed one day. one hour. It cannot exceed one week.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>