diff --git a/CHANGES b/CHANGES index cb3c764c13..cccd100926 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,7 @@ +6105. [bug] Detach 'rpzs' and 'catzs' from the previous view in + configure_rpz() and configure_catz(), respectively, + just after attaching it to the new view. [GL #3880] + 6104. [cleanup] Move libbind9's configuration checking code into libisccfg alongside the other configuration code. [GL !7461] diff --git a/bin/named/server.c b/bin/named/server.c index 87df9669b3..44d706bdc0 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -2646,6 +2646,7 @@ configure_rpz(dns_view_t *view, dns_view_t *pview, const cfg_obj_t **maps, dns_rpz_shutdown_rpzs(view->rpzs); dns_rpz_detach_rpzs(&view->rpzs); dns_rpz_attach_rpzs(pview->rpzs, &view->rpzs); + dns_rpz_detach_rpzs(&pview->rpzs); } else if (old != NULL && pview != NULL) { ++pview->rpzs->rpz_ver; view->rpzs->rpz_ver = pview->rpzs->rpz_ver; @@ -3179,6 +3180,7 @@ configure_catz(dns_view_t *view, dns_view_t *pview, const cfg_obj_t *config, if (old != NULL) { dns_catz_catzs_detach(&view->catzs); dns_catz_catzs_attach(pview->catzs, &view->catzs); + dns_catz_catzs_detach(&pview->catzs); dns_catz_prereconfig(view->catzs); } @@ -6012,9 +6014,6 @@ cleanup: named_config_get(maps, "catalog-zones", &obj) == ISC_R_SUCCESS) { - if (pview->catzs != NULL) { - dns_catz_catzs_detach(&pview->catzs); - } /* * We are swapping the places of the `view` and * `pview` in the function's parameters list diff --git a/bin/tests/system/rpz/ns3/named.conf.in b/bin/tests/system/rpz/ns3/named.conf.in index b0f6804bd2..80a9d832f0 100644 --- a/bin/tests/system/rpz/ns3/named.conf.in +++ b/bin/tests/system/rpz/ns3/named.conf.in @@ -148,3 +148,13 @@ zone "static-stub-nomatch." { type static-stub; server-addresses { 10.53.0.10; }; }; + +# A faulty dlz configuration to check if named with response policy zones +# survives a certain class of failed configuration attempts (see GL #3880). +# "dlz" is used because the dlz processing code is located in an ideal place in +# the view configuration function for the test to cover the view reverting code. +# The "BAD" comments below are necessary, because they will be removed using +# 'sed' by tests.sh in order to activate the faulty configuration. +#BAD dlz "bad-dlz" { +#BAD database "dlopen bad-dlz.so example.org"; +#BAD }; diff --git a/bin/tests/system/rpz/tests.sh b/bin/tests/system/rpz/tests.sh index 1cfafbe813..4e83a6b702 100644 --- a/bin/tests/system/rpz/tests.sh +++ b/bin/tests/system/rpz/tests.sh @@ -848,6 +848,16 @@ EOF stop_server --use-rndc --port ${CONTROLPORT} ns3 restart 3 "rebuild-bl-rpz" + t=`expr $t + 1` + echo_i "checking if rpz survives a certain class of failed reconfiguration attempts (${t})" + sed -e "s/^#BAD//" < ns3/named.conf.in > ns3/named.conf.tmp + copy_setports ns3/named.conf.tmp ns3/named.conf + rm ns3/named.conf.tmp + $RNDCCMD $ns3 reconfig > /dev/null 2>&1 && setret "failed" + sleep 1 + copy_setports ns3/named.conf.in ns3/named.conf + $RNDCCMD $ns3 reconfig || setret "failed" + t=`expr $t + 1` echo_i "checking the configured extended DNS error code (EDE) (${t})" $DIG -p ${PORT} @$ns3 walled.tld2 > dig.out.$t