3256. [bug] Disable empty zones for lwresd -C. [RT #27139]

3255.   [func]          No longer require that a empty zones be explicitly
                        enabled or that a empty zone is disabled for
                        RFC 1918 empty zones to be configured. [RT #27139]

CHANGES

@@ -1,3 +1,9 @@
+3256.	[bug]		Disable empty zones for lwresd -C. [RT #27139]
+
+3255.	[func]		No longer require that a empty zones be explicitly
+			enabled or that a empty zone is disabled for
+			RFC 1918 empty zones to be configured. [RT #27139]
+
 3254.	[bug]		Set isc_socket_ipv6only() on the IPv6 control channels.
 			[RT #22249]
 

bin/named/server.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: server.c,v 1.632 2011/12/02 02:44:01 marka Exp $ */
+/* $Id: server.c,v 1.633 2011/12/22 08:22:18 marka Exp $ */
 
 /*! \file */
 
@@ -231,53 +231,50 @@ typedef struct {
 /*
  * These zones should not leak onto the Internet.
  */
-static const struct {
+const char *empty_zones[] = {
-	const char	*zone;
-	isc_boolean_t	rfc1918;
-} empty_zones[] = {
 	/* RFC 1918 */
-	{ "10.IN-ADDR.ARPA", ISC_TRUE },
+	"10.IN-ADDR.ARPA",
-	{ "16.172.IN-ADDR.ARPA", ISC_TRUE },
+	"16.172.IN-ADDR.ARPA",
-	{ "17.172.IN-ADDR.ARPA", ISC_TRUE },
+	"17.172.IN-ADDR.ARPA",
-	{ "18.172.IN-ADDR.ARPA", ISC_TRUE },
+	"18.172.IN-ADDR.ARPA",
-	{ "19.172.IN-ADDR.ARPA", ISC_TRUE },
+	"19.172.IN-ADDR.ARPA",
-	{ "20.172.IN-ADDR.ARPA", ISC_TRUE },
+	"20.172.IN-ADDR.ARPA",
-	{ "21.172.IN-ADDR.ARPA", ISC_TRUE },
+	"21.172.IN-ADDR.ARPA",
-	{ "22.172.IN-ADDR.ARPA", ISC_TRUE },
+	"22.172.IN-ADDR.ARPA",
-	{ "23.172.IN-ADDR.ARPA", ISC_TRUE },
+	"23.172.IN-ADDR.ARPA",
-	{ "24.172.IN-ADDR.ARPA", ISC_TRUE },
+	"24.172.IN-ADDR.ARPA",
-	{ "25.172.IN-ADDR.ARPA", ISC_TRUE },
+	"25.172.IN-ADDR.ARPA",
-	{ "26.172.IN-ADDR.ARPA", ISC_TRUE },
+	"26.172.IN-ADDR.ARPA",
-	{ "27.172.IN-ADDR.ARPA", ISC_TRUE },
+	"27.172.IN-ADDR.ARPA",
-	{ "28.172.IN-ADDR.ARPA", ISC_TRUE },
+	"28.172.IN-ADDR.ARPA",
-	{ "29.172.IN-ADDR.ARPA", ISC_TRUE },
+	"29.172.IN-ADDR.ARPA",
-	{ "30.172.IN-ADDR.ARPA", ISC_TRUE },
+	"30.172.IN-ADDR.ARPA",
-	{ "31.172.IN-ADDR.ARPA", ISC_TRUE },
+	"31.172.IN-ADDR.ARPA",
-	{ "168.192.IN-ADDR.ARPA", ISC_TRUE },
+	"168.192.IN-ADDR.ARPA",
 
 	/* RFC 5735 and RFC 5737 */
-	{ "0.IN-ADDR.ARPA", ISC_FALSE },	/* THIS NETWORK */
+	"0.IN-ADDR.ARPA",	/* THIS NETWORK */
-	{ "127.IN-ADDR.ARPA", ISC_FALSE },	/* LOOPBACK */
+	"127.IN-ADDR.ARPA",	/* LOOPBACK */
-	{ "254.169.IN-ADDR.ARPA", ISC_FALSE },	/* LINK LOCAL */
+	"254.169.IN-ADDR.ARPA",	/* LINK LOCAL */
-	{ "2.0.192.IN-ADDR.ARPA", ISC_FALSE },	/* TEST NET */
+	"2.0.192.IN-ADDR.ARPA",	/* TEST NET */
-	{ "100.51.198.IN-ADDR.ARPA", ISC_FALSE },	/* TEST NET 2 */
+	"100.51.198.IN-ADDR.ARPA",	/* TEST NET 2 */
-	{ "113.0.203.IN-ADDR.ARPA", ISC_FALSE },	/* TEST NET 3 */
+	"113.0.203.IN-ADDR.ARPA",	/* TEST NET 3 */
-	{ "255.255.255.255.IN-ADDR.ARPA", ISC_FALSE },	/* BROADCAST */
+	"255.255.255.255.IN-ADDR.ARPA",	/* BROADCAST */
 
 	/* Local IPv6 Unicast Addresses */
-	{ "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA", ISC_FALSE },
+	"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA",
-	{ "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA", ISC_FALSE },
+	"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA",
 	/* LOCALLY ASSIGNED LOCAL ADDRESS SCOPE */
-	{ "D.F.IP6.ARPA", ISC_FALSE },
+	"D.F.IP6.ARPA",
-	{ "8.E.F.IP6.ARPA", ISC_FALSE },	/* LINK LOCAL */
+	"8.E.F.IP6.ARPA",	/* LINK LOCAL */
-	{ "9.E.F.IP6.ARPA", ISC_FALSE },	/* LINK LOCAL */
+	"9.E.F.IP6.ARPA",	/* LINK LOCAL */
-	{ "A.E.F.IP6.ARPA", ISC_FALSE },	/* LINK LOCAL */
+	"A.E.F.IP6.ARPA",	/* LINK LOCAL */
-	{ "B.E.F.IP6.ARPA", ISC_FALSE },	/* LINK LOCAL */
+	"B.E.F.IP6.ARPA",	/* LINK LOCAL */
 
 	/* Example Prefix, RFC 3849. */
-	{ "8.B.D.0.1.0.0.2.IP6.ARPA", ISC_FALSE },
+	"8.B.D.0.1.0.0.2.IP6.ARPA",
 
-	{ NULL, ISC_FALSE }
+	NULL
 };
 
 ISC_PLATFORM_NORETURN_PRE static void
@@ -1604,7 +1601,6 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
 	const char *sep = ": view ";
 	const char *viewname = view->name;
 	const char *forview = " for view ";
-	isc_boolean_t rfc1918;
 	isc_boolean_t empty_zones_enable;
 	const cfg_obj_t *disablelist = NULL;
 	isc_stats_t *resstats = NULL;
@@ -2705,19 +2701,16 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
 	(void)ns_config_get(maps, "disable-empty-zone", &disablelist);
 	if (obj == NULL && disablelist == NULL &&
 	    view->rdclass == dns_rdataclass_in) {
-		rfc1918 = ISC_FALSE;
 		empty_zones_enable = view->recursion;
 	} else if (view->rdclass == dns_rdataclass_in) {
-		rfc1918 = ISC_TRUE;
 		if (obj != NULL)
 			empty_zones_enable = cfg_obj_asboolean(obj);
 		else
 			empty_zones_enable = view->recursion;
 	} else {
-		rfc1918 = ISC_FALSE;
 		empty_zones_enable = ISC_FALSE;
 	}
-	if (empty_zones_enable) {
+	if (empty_zones_enable && !lwresd_g_useresolvconf) {
 		const char *empty;
 		int empty_zone = 0;
 		dns_fixedname_t fixed;
@@ -2771,9 +2764,9 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
 		zonestats_on = cfg_obj_asboolean(obj);
 
 		logit = ISC_TRUE;
-		for (empty = empty_zones[empty_zone].zone;
+		for (empty = empty_zones[empty_zone];
 		     empty != NULL;
-		     empty = empty_zones[++empty_zone].zone)
+		     empty = empty_zones[++empty_zone])
 		{
 			dns_forwarders_t *forwarders = NULL;
 			dns_view_t *pview = NULL;
@@ -2809,23 +2802,6 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
 			    forwarders->fwdpolicy == dns_fwdpolicy_only)
 				continue;
 
-			if (!rfc1918 && empty_zones[empty_zone].rfc1918) {
-				if (logit) {
-					isc_log_write(ns_g_lctx,
-						      NS_LOGCATEGORY_GENERAL,
-						      NS_LOGMODULE_SERVER,
-						      ISC_LOG_WARNING,
-						      "Warning%s%s: "
-						      "'empty-zones-enable/"
-						      "disable-empty-zone' "
-						      "not set: disabling "
-						      "RFC 1918 empty zones",
-						      sep, viewname);
-					logit = ISC_FALSE;
-				}
-				continue;
-			}
-
 			/*
 			 * See if we can re-use a existing zone.
 			 */