mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-08-29 05:28:00 +00:00
expand validity checks for send-report-channel
when configured at the zone level, send-report-channel cannot be a subdomain of the zone name.
This commit is contained in:
Evan Hunt
parent
1cd0d291d3
commit
5bcccf4754
@ -22,7 +22,7 @@ options {
|
||||
recursion no;
|
||||
notify yes;
|
||||
dnssec-validation no;
|
||||
send-report-channel "rad.example.net";
|
||||
send-report-channel "example.rad";
|
||||
};
|
||||
|
||||
view main in {
|
||||
@ -36,10 +36,10 @@ view main in {
|
||||
zone example.com {
|
||||
type primary;
|
||||
file "example.com.db";
|
||||
send-report-channel "rad.example.com";
|
||||
send-report-channel "rad.example.net";
|
||||
};
|
||||
|
||||
zone rad.example.net {
|
||||
zone example.rad {
|
||||
type primary;
|
||||
file "rad.db";
|
||||
log-report-channel yes;
|
||||
|
||||
@ -190,7 +190,7 @@ n=$((n + 1))
|
||||
echo_i "check that a Report-Channel EDNS option is added to responses ($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.1 example.net >dig.out.test$n
|
||||
grep "; Report-Channel: rad.example.net" dig.out.test$n >/dev/null || ret=1
|
||||
grep "; Report-Channel: example.rad" dig.out.test$n >/dev/null || ret=1
|
||||
[ $ret -eq 0 ] || echo_i "failed"
|
||||
status=$((status + ret))
|
||||
|
||||
@ -198,7 +198,7 @@ n=$((n + 1))
|
||||
echo_i "check that a zone-level Report-Channel EDNS option is added to responses ($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.1 example.com >dig.out.test$n
|
||||
grep "; Report-Channel: rad.example.com" dig.out.test$n >/dev/null || ret=1
|
||||
grep "; Report-Channel: rad.example.net" dig.out.test$n >/dev/null || ret=1
|
||||
[ $ret -eq 0 ] || echo_i "failed"
|
||||
status=$((status + ret))
|
||||
|
||||
@ -206,9 +206,9 @@ n=$((n + 1))
|
||||
echo_i "check that error report queries are logged and no Report-Channel option is present in the response ($n)"
|
||||
ret=0
|
||||
nextpart ns1/named.run >/dev/null
|
||||
$DIG $DIGOPTS @10.53.0.1 _er.0.example.1._er.rad.example.net TXT >dig.out.test$n
|
||||
nextpart ns1/named.run | grep "dns-reporting-agent '_er.0.example.1._er.rad.example.net/IN'" >/dev/null || ret=1
|
||||
grep "; Report-Channel: rad.example.net" dig.out.test$n >/dev/null && ret=1
|
||||
$DIG $DIGOPTS @10.53.0.1 _er.0.example.1._er.example.rad TXT >dig.out.test$n
|
||||
nextpart ns1/named.run | grep "dns-reporting-agent '_er.0.example.1._er.example.rad/IN'" >/dev/null || ret=1
|
||||
grep "; Report-Channel: example.rad" dig.out.test$n >/dev/null && ret=1
|
||||
[ $ret -eq 0 ] || echo_i "failed"
|
||||
status=$((status + ret))
|
||||
|
||||
@ -218,7 +218,7 @@ ret=0
|
||||
nextpart ns1/named.run >/dev/null
|
||||
$DIG $DIGOPTS @10.53.0.1 _er.0.example.1._er.example.com TXT >dig.out.test$n
|
||||
nextpart ns1/named.run | grep "dns-reporting-agent '_er.0.example.1._er.example.com/IN'" >/dev/null && ret=1
|
||||
grep "; Report-Channel: rad.example.com" dig.out.test$n >/dev/null || ret=1
|
||||
grep "; Report-Channel: rad.example.net" dig.out.test$n >/dev/null || ret=1
|
||||
[ $ret -eq 0 ] || echo_i "failed"
|
||||
status=$((status + ret))
|
||||
|
||||
|
||||
20
bin/tests/system/checkconf/bad-rad2.conf
Normal file
20
bin/tests/system/checkconf/bad-rad2.conf
Normal file
@ -0,0 +1,20 @@
|
||||
/*
|
||||
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
*
|
||||
* SPDX-License-Identifier: MPL-2.0
|
||||
*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
||||
*
|
||||
* See the COPYRIGHT file distributed with this work for additional
|
||||
* information regarding copyright ownership.
|
||||
*/
|
||||
|
||||
zone example.com {
|
||||
type primary;
|
||||
file "example.db";
|
||||
|
||||
/* agent-domain can't be the same as the zone name */
|
||||
send-report-channel example.com;
|
||||
};
|
||||
20
bin/tests/system/checkconf/bad-rad3.conf
Normal file
20
bin/tests/system/checkconf/bad-rad3.conf
Normal file
@ -0,0 +1,20 @@
|
||||
/*
|
||||
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
*
|
||||
* SPDX-License-Identifier: MPL-2.0
|
||||
*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
||||
*
|
||||
* See the COPYRIGHT file distributed with this work for additional
|
||||
* information regarding copyright ownership.
|
||||
*/
|
||||
|
||||
zone example.com {
|
||||
type primary;
|
||||
file "example.db";
|
||||
|
||||
/* agent-domain can't be the below the zone name */
|
||||
send-report-channel sub.example.com;
|
||||
};
|
||||
@ -1945,6 +1945,9 @@ default is used.
|
||||
There should be an authoritative zone configured to respond to such
|
||||
queries, with the :any:`log-report-channel` option set to ``yes``.
|
||||
|
||||
Note that a zone cannot be configured to use itself or any subdomain
|
||||
of itself as an agent-domain.
|
||||
|
||||
.. namedconf:statement:: stale-answer-ttl
|
||||
:tags: query
|
||||
:short: Specifies the time to live (TTL) to be returned on stale answers, in seconds.
|
||||
|
||||
@ -1618,18 +1618,21 @@ check_options(const cfg_obj_t *options, const cfg_obj_t *config,
|
||||
}
|
||||
|
||||
/*
|
||||
* Check send-report-channel.
|
||||
* Check send-report-channel. (Skip for zone level because we
|
||||
* have an additional check in check_zoneconf() for that.)
|
||||
*/
|
||||
obj = NULL;
|
||||
(void)cfg_map_get(options, "send-report-channel", &obj);
|
||||
if (obj != NULL) {
|
||||
str = cfg_obj_asstring(obj);
|
||||
tresult = check_name(str);
|
||||
if (tresult != ISC_R_SUCCESS) {
|
||||
cfg_obj_log(obj, ISC_LOG_ERROR,
|
||||
"'%s' is not a valid name", str);
|
||||
if (result == ISC_R_SUCCESS) {
|
||||
result = tresult;
|
||||
if (optlevel != optlevel_zone) {
|
||||
obj = NULL;
|
||||
(void)cfg_map_get(options, "send-report-channel", &obj);
|
||||
if (obj != NULL) {
|
||||
str = cfg_obj_asstring(obj);
|
||||
tresult = check_name(str);
|
||||
if (tresult != ISC_R_SUCCESS) {
|
||||
cfg_obj_log(obj, ISC_LOG_ERROR,
|
||||
"'%s' is not a valid name", str);
|
||||
if (result == ISC_R_SUCCESS) {
|
||||
result = tresult;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -3858,6 +3861,31 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
|
||||
}
|
||||
}
|
||||
|
||||
obj = NULL;
|
||||
(void)cfg_map_get(zoptions, "send-report-channel", &obj);
|
||||
if (obj != NULL) {
|
||||
const char *str = cfg_obj_asstring(obj);
|
||||
dns_fixedname_t fad;
|
||||
dns_name_t *ad = dns_fixedname_initname(&fad);
|
||||
|
||||
tresult = dns_name_fromstring(ad, str, dns_rootname, 0, NULL);
|
||||
if (tresult != ISC_R_SUCCESS) {
|
||||
cfg_obj_log(obj, ISC_LOG_ERROR,
|
||||
"'%s' is not a valid name", str);
|
||||
if (result == ISC_R_SUCCESS) {
|
||||
result = ISC_R_FAILURE;
|
||||
}
|
||||
} else if (dns_name_issubdomain(ad, zname)) {
|
||||
cfg_obj_log(obj, ISC_LOG_ERROR,
|
||||
"send-report-channel '%s' cannot "
|
||||
"be at or below the zone name '%s'",
|
||||
str, znamestr);
|
||||
if (result == ISC_R_SUCCESS) {
|
||||
result = ISC_R_FAILURE;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Warn if key-directory doesn't exist
|
||||
*/
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user