mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-03 08:05:21 +00:00
Code Issues Releases Wiki Activity

1113. [bug] allow-update/allow-update-forwarding did not work

Browse Source 
when specified in a view.  [RT #2014]
This commit is contained in:
Mark Andrews
2001-11-08 05:36:23 +00:00
parent 993572b249
commit 80dd46d7aa
3 changed files with 38 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@@ -1,3 +1,6 @@
1113. [bug] allow-update/allow-update-forwarding did not work
when specified in a view. [RT #2014]
1112. [bug] On Win32 the exception fds bit for the socket 1112. [bug] On Win32 the exception fds bit for the socket
was not being cleared on a successful connect. was not being cleared on a successful connect.

6
bin/named/zoneconf.c
View File

@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: zoneconf.c,v 1.95 2001/10/17 18:57:01 gson Exp $ */ /* $Id: zoneconf.c,v 1.96 2001/11/08 05:36:23 marka Exp $ */
#include <config.h> #include <config.h>
@@ -514,7 +514,7 @@ ns_zone_configure(cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_t *zconfig,
*/ */
if (ztype == dns_zone_master) { if (ztype == dns_zone_master) {
dns_acl_t *updateacl; dns_acl_t *updateacl;
RETERR(configure_zone_acl(zconfig, NULL, config, RETERR(configure_zone_acl(zconfig, vconfig, config,
"allow-update", ac, zone, "allow-update", ac, zone,
dns_zone_setupdateacl, dns_zone_setupdateacl,
dns_zone_clearupdateacl)); dns_zone_clearupdateacl));
@@ -535,7 +535,7 @@ ns_zone_configure(cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_t *zconfig,
dns_zone_setsigvalidityinterval(zone, dns_zone_setsigvalidityinterval(zone,
cfg_obj_asuint32(obj) * 86400); cfg_obj_asuint32(obj) * 86400);
} else if (ztype == dns_zone_slave) { } else if (ztype == dns_zone_slave) {
RETERR(configure_zone_acl(zconfig, NULL, config, RETERR(configure_zone_acl(zconfig, vconfig, config,
"allow-update-forwarding", ac, zone, "allow-update-forwarding", ac, zone,
dns_zone_setforwardacl, dns_zone_setforwardacl,
dns_zone_clearforwardacl)); dns_zone_clearforwardacl));

51
doc/arm/Bv9ARM-book.xml
View File

@@ -2,7 +2,7 @@
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN" <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
"http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"> "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd">
<!-- File: $Id: Bv9ARM-book.xml,v 1.173 2001/11/07 03:52:19 marka Exp $ --> <!-- File: $Id: Bv9ARM-book.xml,v 1.174 2001/11/08 05:36:20 marka Exp $ -->
<book> <book>
<title>BIND 9 Administrator Reference Manual</title> <title>BIND 9 Administrator Reference Manual</title>
@@ -1994,7 +1994,8 @@ and whether the element was negated.</para>
access and a negated match denies access. If there is no match, access and a negated match denies access. If there is no match,
access is denied. The clauses <command>allow-notify</command>, access is denied. The clauses <command>allow-notify</command>,
<command>allow-query</command>, <command>allow-transfer</command>, <command>allow-query</command>, <command>allow-transfer</command>,
<command>allow-update</command> and <command>blackhole</command> all <command>allow-update</command>, <command>allow-update-forwarding</command>
and <command>blackhole</command> all
use address match lists this. Similarly, the listen-on option will cause use address match lists this. Similarly, the listen-on option will cause
the server to not accept queries on any of the machine's addresses the server to not accept queries on any of the machine's addresses
which do not match the list.</para> which do not match the list.</para>
@@ -2781,6 +2782,8 @@ statement in the <filename>named.conf</filename> file:</para>
<optional> allow-query { <replaceable>address_match_list</replaceable> }; </optional> <optional> allow-query { <replaceable>address_match_list</replaceable> }; </optional>
<optional> allow-transfer { <replaceable>address_match_list</replaceable> }; </optional> <optional> allow-transfer { <replaceable>address_match_list</replaceable> }; </optional>
<optional> allow-recursion { <replaceable>address_match_list</replaceable> }; </optional> <optional> allow-recursion { <replaceable>address_match_list</replaceable> }; </optional>
<optional> allow-update { <replaceable>address_match_list</replaceable> }; </optional>
<optional> allow-update-forwarding { <replaceable>address_match_list</replaceable> }; </optional>
<optional> allow-v6-synthesis { <replaceable>address_match_list</replaceable> }; </optional> <optional> allow-v6-synthesis { <replaceable>address_match_list</replaceable> }; </optional>
<optional> blackhole { <replaceable>address_match_list</replaceable> }; </optional> <optional> blackhole { <replaceable>address_match_list</replaceable> }; </optional>
<optional> listen-on <optional> port <replaceable>ip_port</replaceable> </optional> { <replaceable>address_match_list</replaceable> }; </optional> <optional> listen-on <optional> port <replaceable>ip_port</replaceable> </optional> { <replaceable>address_match_list</replaceable> }; </optional>
@@ -3381,6 +3384,29 @@ host from retrieving data that is already in the server's cache.
</para> </para>
</listitem></varlistentry> </listitem></varlistentry>
<varlistentry><term><command>allow-update</command></term>
<listitem><para>Specifies which hosts are allowed to
submit Dynamic DNS updates for master zones. The default is to deny
updates from all hosts.</para>
</listitem></varlistentry>
<varlistentry><term><command>allow-update-forwarding</command></term>
<listitem><para>Specifies which hosts are allowed to
submit Dynamic DNS updates to slave zones to be forwarded to the
master. The default is <userinput>{ none; }</userinput>, which
means that no update forwarding will be performed. To enable
update forwarding, specify
<userinput>allow-update-forwarding { any; };</userinput>.
Specifying values other than <userinput>{ none; }</userinput> or
<userinput>{ any; }</userinput> is usually counterproductive, since
the responsibility for update access control should rest with the
master server, not the slaves.</para>
<para>Note that enabling the update forwarding feature on a slave server
may expose master servers relying on insecure IP address based
access control to attacks; see <xref linkend="dynamic_update_security"/>
for more details.</para>
</listitem></varlistentry>
<varlistentry><term><command>allow-v6-synthesis</command></term> <varlistentry><term><command>allow-v6-synthesis</command></term>
<listitem><para>Specifies which hosts are to receive <listitem><para>Specifies which hosts are to receive
synthetic responses to IPv6 queries as described in synthetic responses to IPv6 queries as described in
@@ -4477,9 +4503,8 @@ in <xref linkend="access_control"/>.</para>
</listitem></varlistentry> </listitem></varlistentry>
<varlistentry><term><command>allow-update</command></term> <varlistentry><term><command>allow-update</command></term>
<listitem><para>Specifies which hosts are allowed to <listitem><para>See the description of <command>allow-update</command>
submit Dynamic DNS updates for master zones. The default is to deny in <xref linkend="access_control"/>.</para>
updates from all hosts.</para>
</listitem></varlistentry> </listitem></varlistentry>
<varlistentry><term><command>update-policy</command></term> <varlistentry><term><command>update-policy</command></term>
@@ -4488,20 +4513,8 @@ updates from all hosts.</para>
</listitem></varlistentry> </listitem></varlistentry>
<varlistentry><term><command>allow-update-forwarding</command></term> <varlistentry><term><command>allow-update-forwarding</command></term>
<listitem><para>Specifies which hosts are allowed to <listitem><para>See the description of <command>allow-update-forwarding</command>
submit Dynamic DNS updates to slave zones to be forwarded to the in <xref linkend="access_control"/>.</para>
master. The default is <userinput>{ none; }</userinput>, which
means that no update forwarding will be performed. To enable
update forwarding, specify
<userinput>allow-update-forwarding { any; };</userinput>.
Specifying values other than <userinput>{ none; }</userinput> or
<userinput>{ any; }</userinput> is usually counterproductive, since
the responsibility for update access control should rest with the
master server, not the slaves.</para>
<para>Note that enabling the update forwarding feature on a slave server
may expose master servers relying on insecure IP address based
access control to attacks; see <xref linkend="dynamic_update_security"/>
for more details.</para>
</listitem></varlistentry> </listitem></varlistentry>
<varlistentry><term><command>also-notify</command></term> <varlistentry><term><command>also-notify</command></term>