diff --git a/CHANGES b/CHANGES index c7fa74b5bd..a935f584b9 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,8 @@ +5142. [cleanup] Removed "configure --disable-rpz-nsip" and + "--disable-rpz-nsdname" options. "nsip-enable" + and "nsdname-enable" both now default to yes, + regardless of compile-time settings. [GL #824] + 5141. [placeholder] 5140. [bug] Don't immediately mark existing keys as inactive and diff --git a/bin/named/server.c b/bin/named/server.c index e1e2e1b89f..9cac32f8e0 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -2289,21 +2289,18 @@ configure_rpz(dns_view_t *view, const cfg_obj_t **maps, if (zone_element == NULL) return (ISC_R_SUCCESS); -#ifdef ENABLE_RPZ_NSIP nsip_enabled = true; - nsdname_enabled = true; -#else - nsip_enabled = false; - nsdname_enabled = false; -#endif sub_obj = cfg_tuple_get(rpz_obj, "nsip-enable"); - if (!cfg_obj_isvoid(sub_obj)) + if (!cfg_obj_isvoid(sub_obj)) { nsip_enabled = cfg_obj_asboolean(sub_obj); + } nsip_on = nsip_enabled ? DNS_RPZ_ALL_ZBITS : 0; + nsdname_enabled = true; sub_obj = cfg_tuple_get(rpz_obj, "nsdname-enable"); - if (!cfg_obj_isvoid(sub_obj)) + if (!cfg_obj_isvoid(sub_obj)) { nsdname_enabled = cfg_obj_asboolean(sub_obj); + } nsdname_on = nsdname_enabled ? DNS_RPZ_ALL_ZBITS : 0; /* diff --git a/bin/tests/system/feature-test.c b/bin/tests/system/feature-test.c index 44b0558d4f..246cc09b6a 100644 --- a/bin/tests/system/feature-test.c +++ b/bin/tests/system/feature-test.c @@ -45,8 +45,6 @@ usage() { fprintf(stderr, " --have-geoip\n"); fprintf(stderr, " --have-libxml2\n"); fprintf(stderr, " --ipv6only=no\n"); - fprintf(stderr, " --rpz-nsdname\n"); - fprintf(stderr, " --rpz-nsip\n"); fprintf(stderr, " --with-idn\n"); fprintf(stderr, " --with-lmdb\n"); } @@ -136,22 +134,6 @@ main(int argc, char **argv) { #endif } - if (strcmp(argv[1], "--rpz-nsip") == 0) { -#ifdef ENABLE_RPZ_NSIP - return (0); -#else - return (1); -#endif - } - - if (strcmp(argv[1], "--rpz-nsdname") == 0) { -#ifdef ENABLE_RPZ_NSDNAME - return (0); -#else - return (1); -#endif - } - if (strcmp(argv[1], "--with-idn") == 0) { #ifdef HAVE_LIBIDN2 return (0); diff --git a/config.h.in b/config.h.in index 50608551e3..3ac18ce85d 100644 --- a/config.h.in +++ b/config.h.in @@ -21,12 +21,6 @@ /* Define to enable American Fuzzy Lop test harness */ #undef ENABLE_AFL -/* Define to enable rpz nsdname rules. */ -#undef ENABLE_RPZ_NSDNAME - -/* Define to enable rpz nsip rules. */ -#undef ENABLE_RPZ_NSIP - /* define if you want TCP_FASTOPEN enabled if available */ #undef ENABLE_TCP_FASTOPEN diff --git a/config.h.win32 b/config.h.win32 index 44f6bf6432..d87050d40c 100644 --- a/config.h.win32 +++ b/config.h.win32 @@ -325,12 +325,6 @@ typedef __int64 off_t; /* Define if zlib was found */ @HAVE_ZLIB@ -/* Define to enable rpz-nsdname rules. */ -@ENABLE_RPZ_NSDNAME@ - -/* Define to enable rpz-nsip rules. */ -@ENABLE_RPZ_NSIP@ - /* From enable developer */ @ISC_LIST_CHECKINIT@ diff --git a/configure b/configure index 5bb378a9de..fde843e2ee 100755 --- a/configure +++ b/configure @@ -842,6 +842,7 @@ infodir docdir oldincludedir includedir +runstatedir localstatedir sharedstatedir sysconfdir @@ -917,8 +918,6 @@ enable_isc_spnego enable_chroot enable_linux_caps enable_fixed_rrset -enable_rpz_nsip -enable_rpz_nsdname enable_dnstap with_protobuf_c with_libfstrm @@ -1001,6 +1000,7 @@ datadir='${datarootdir}' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' +runstatedir='${localstatedir}/run' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' @@ -1253,6 +1253,15 @@ do | -silent | --silent | --silen | --sile | --sil) silent=yes ;; + -runstatedir | --runstatedir | --runstatedi | --runstated \ + | --runstate | --runstat | --runsta | --runst | --runs \ + | --run | --ru | --r) + ac_prev=runstatedir ;; + -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ + | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ + | --run=* | --ru=* | --r=*) + runstatedir=$ac_optarg ;; + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ @@ -1390,7 +1399,7 @@ fi for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ - libdir localedir mandir + libdir localedir mandir runstatedir do eval ac_val=\$$ac_var # Remove trailing slashes. @@ -1543,6 +1552,7 @@ Fine tuning of the installation directories: --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] @@ -1605,8 +1615,6 @@ Optional Features: --disable-chroot disable chroot --disable-linux-caps disable Linux capabilities --enable-fixed-rrset enable fixed rrset ordering [default=no] - --disable-rpz-nsip disable rpz nsip rules [default=enabled] - --disable-rpz-nsdname disable rpz nsdname rules [default=enabled] --enable-dnstap enable dnstap support (requires fstrm, protobuf-c) --enable-querytrace enable very verbose query trace logging [default=no] --enable-auto-validation @@ -18179,50 +18187,6 @@ $as_echo "#define DNS_RDATASET_FIXED 1" >>confdefs.h ;; esac -# -# Enable response policy rewriting using NS IP addresses -# -# Check whether --enable-rpz-nsip was given. -if test "${enable_rpz_nsip+set}" = set; then : - enableval=$enable_rpz_nsip; enable_nsip="$enableval" -else - enable_nsip="yes" -fi - -case "$enable_nsip" in - yes) - -$as_echo "#define ENABLE_RPZ_NSIP 1" >>confdefs.h - - ;; - no) - ;; - *) - ;; -esac - -# -# Enable response policy rewriting using NS name -# -# Check whether --enable-rpz-nsdname was given. -if test "${enable_rpz_nsdname+set}" = set; then : - enableval=$enable_rpz_nsdname; enable_nsdname="$enableval" -else - enable_nsdname="yes" -fi - -case "$enable_nsdname" in - yes) - -$as_echo "#define ENABLE_RPZ_NSDNAME 1" >>confdefs.h - - ;; - no) - ;; - *) - ;; -esac - # # Activate dnstap? # diff --git a/configure.ac b/configure.ac index c2f0103d69..42add3a29b 100644 --- a/configure.ac +++ b/configure.ac @@ -2034,42 +2034,6 @@ case "$enable_fixed" in ;; esac -# -# Enable response policy rewriting using NS IP addresses -# -AC_ARG_ENABLE(rpz-nsip, - AS_HELP_STRING([--disable-rpz-nsip], - [disable rpz nsip rules [default=enabled]]), - enable_nsip="$enableval", enable_nsip="yes") -case "$enable_nsip" in - yes) - AC_DEFINE(ENABLE_RPZ_NSIP, 1, - [Define to enable rpz nsip rules.]) - ;; - no) - ;; - *) - ;; -esac - -# -# Enable response policy rewriting using NS name -# -AC_ARG_ENABLE(rpz-nsdname, - AS_HELP_STRING([--disable-rpz-nsdname], - [disable rpz nsdname rules [default=enabled]]), - enable_nsdname="$enableval", enable_nsdname="yes") -case "$enable_nsdname" in - yes) - AC_DEFINE(ENABLE_RPZ_NSDNAME, 1, - [Define to enable rpz nsdname rules.]) - ;; - no) - ;; - *) - ;; -esac - # # Activate dnstap? # diff --git a/win32utils/Configure b/win32utils/Configure index 568386bafa..02fdb7098e 100644 --- a/win32utils/Configure +++ b/win32utils/Configure @@ -194,8 +194,6 @@ my %configdefh; my @substdefh = ("AES_CC", "CONFIGARGS", "DNS_RDATASET_FIXED", - "ENABLE_RPZ_NSDNAME", - "ENABLE_RPZ_NSIP", "HAVE_GEOIP", "HAVE_GEOIP_CITY_V6", "HAVE_GEOIP_V6", @@ -360,9 +358,7 @@ my @enablelist = ("developer", "isc-spnego", "native-pkcs11", "openssl-hash", - "querytrace", - "rpz-nsdname", - "rpz-nsip"); + "querytrace"); # with-xxx/without-xxx @@ -419,8 +415,6 @@ my @help = ( " enable-fixed-rrset enable fixed rrset ordering [default=no]\n", " enable-developer enable developer build settings [default=no]\n", " enable-querytrace enable very verbose query trace [default=no]\n", -" enable-rpz-nsip enable rpz-nsip rules [default=yes]\n", -" enable-rpz-nsdname enable rpz-nsdname rules [default=yes]\n", "\nOptional Packages:\n", " with-tests build with test suite\n", " with-extra-tests build with extra test suite\n", @@ -677,14 +671,6 @@ sub myenable { if ($val =~ /^yes$/i) { $enable_querytrace = "yes"; } - } elsif ($key =~ /^rpz-nsip$/i) { - if ($val =~ /^no$/i) { - $enable_rpz_nsip = "no"; - } - } elsif ($key =~ /^rpz-nsdname$/i) { - if ($val =~ /^no$/i) { - $enable_rpz_nsdname = "no"; - } } elsif ($key =~ /^auto-validation$/i) { if ($val =~ /^no$/i) { $validation_default = "yes"; @@ -940,16 +926,6 @@ if ($verbose) { } else { print "querytrace: disabled\n"; } - if ($enable_rpz_nsip eq "yes") { - print "rpz-nsip: enabled\n"; - } else { - print "rpz-nsip: disabled\n"; - } - if ($enable_rpz_nsdname eq "yes") { - print "rpz-nsdname: enabled\n"; - } else { - print "rpz-nsdname: disabled\n"; - } print "cookie algorithm: $cookie_algorithm\n"; print "openssl-path: $openssl_path\n"; if ($use_tests eq "yes") { @@ -1269,21 +1245,11 @@ if ($enable_fixed_rrset eq "yes") { $configdefh{"DNS_RDATASET_FIXED"} = 1; } -# enable-rpz-nsip -if ($enable_rpz_nsip ne "no") { - $configdefh{"ENABLE_RPZ_NSIP"} = 1; -} - # enable-querytrace if ($enable_querytrace eq "yes") { $configdefh{"WANT_QUERYTRACE"} = 1; } -# enable-rpz-nsdname -if ($enable_rpz_nsdname ne "no") { - $configdefh{"ENABLE_RPZ_NSDNAME"} = 1; -} - # with-tests if ($use_tests eq "yes") { $configcond{"TESTS"} = 1; @@ -2965,8 +2931,6 @@ exit 0; # --enable-isc-spnego supported (part of GSSAPI) # --enable-fixed-rrset supported # --enable-querytrace supported -# --disable-rpz-nsip supported -# --disable-rpz-nsdname supported # --enable-full-report supported by verbose # --enable-dnstap not supported (requires libfstrm support on WIN32) # --enable-afl not supported (not yet available on Visual Studio C++)