diff --git a/bin/named/server.c b/bin/named/server.c index 446edd406a..08b3f62735 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -1269,7 +1269,7 @@ cleanup: */ static isc_result_t get_view_querysource_dispatch(const cfg_obj_t **maps, int af, - dns_dispatch_t **dispatchp, bool is_firstview) { + dns_dispatch_t **dispatchp) { isc_result_t result = ISC_R_FAILURE; dns_dispatch_t *disp = NULL; isc_sockaddr_t sa; @@ -1290,6 +1290,7 @@ get_view_querysource_dispatch(const cfg_obj_t **maps, int af, sa = *(cfg_obj_assockaddr(obj)); INSIST(isc_sockaddr_pf(&sa) == af); + INSIST(isc_sockaddr_getport(&sa) == 0); /* * If we don't support this address family, we're done! @@ -1311,16 +1312,6 @@ get_view_querysource_dispatch(const cfg_obj_t **maps, int af, /* * Try to find a dispatcher that we can share. */ - if (isc_sockaddr_getport(&sa) != 0) { - INSIST(obj != NULL); - if (is_firstview) { - cfg_obj_log(obj, ISC_LOG_INFO, - "using specific query-source port " - "suppresses port randomization and can be " - "insecure."); - } - } - result = dns_dispatch_createudp(named_g_dispatchmgr, &sa, &disp); if (result != ISC_R_SUCCESS) { isc_sockaddr_t any; @@ -4506,12 +4497,8 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config, /* * Resolver. */ - CHECK(get_view_querysource_dispatch( - maps, AF_INET, &dispatch4, - (ISC_LIST_PREV(view, link) == NULL))); - CHECK(get_view_querysource_dispatch( - maps, AF_INET6, &dispatch6, - (ISC_LIST_PREV(view, link) == NULL))); + CHECK(get_view_querysource_dispatch(maps, AF_INET, &dispatch4)); + CHECK(get_view_querysource_dispatch(maps, AF_INET6, &dispatch6)); if (dispatch4 == NULL && dispatch6 == NULL) { UNEXPECTED_ERROR("unable to obtain either an IPv4 or" " an IPv6 dispatch"); diff --git a/lib/isccfg/check.c b/lib/isccfg/check.c index f4a449ea13..ea465cb494 100644 --- a/lib/isccfg/check.c +++ b/lib/isccfg/check.c @@ -3134,10 +3134,6 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions, "allow-update", "allow-update-forwarding", }; - static const char *sources[] = { - "transfer-source", "transfer-source-v6", "notify-source", - "notify-source-v6", "parental-source", "parental-source-v6", - }; znamestr = cfg_obj_asstring(cfg_tuple_get(zconfig, "name")); @@ -3582,28 +3578,6 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions, } } - /* - * Warn if *-source and *-source-v6 options specify a port, - * and fail if they specify the default listener port. - */ - for (i = 0; i < ARRAY_SIZE(sources); i++) { - obj = NULL; - (void)cfg_map_get(zoptions, sources[i], &obj); - if (obj == NULL && goptions != NULL) { - (void)cfg_map_get(goptions, sources[i], &obj); - } - if (obj != NULL) { - in_port_t port = - isc_sockaddr_getport(cfg_obj_assockaddr(obj)); - if (port != 0) { - cfg_obj_log(obj, ISC_LOG_ERROR, - "'%s': specifying a port is " - "deprecated", - sources[i]); - } - } - } - /* * Primary and secondary zones that have a "parental-agents" field, * must have a corresponding "parental-agents" clause.