mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-22 10:10:06 +00:00
Code Issues Releases Wiki Activity

chg: usr: The configuration clauses parental-agents and primaries are renamed to remote-servers

Browse Source 
The top blocks 'primaries' and 'parental-agents' are no longer preferred and should be renamed to 'remote-servers'. The zone statements 'parental-agents' and 'primaries' are still used, and may refer to any 'remote-servers' top block.

Closes #4544

Merge branch '4544-primaries-block-documentation-issues' into 'main'

See merge request isc-projects/bind9!9822
This commit is contained in:
Matthijs Mekking 2024-12-13 09:10:56 +00:00
commit 858ba71eaf
32 changed files with 204 additions and 202 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
bin/named/config.c
View File

@ -331,7 +331,7 @@ dnssec-policy \"insecure\" {\n\
"# END TRUST ANCHORS\n\
\n\
primaries " DEFAULT_IANA_ROOT_ZONE_PRIMARIES " {\n\
remote-servers " DEFAULT_IANA_ROOT_ZONE_PRIMARIES " {\n\
2801:1b8:10::b; # b.root-servers.net\n\
2001:500:2::c; # c.root-servers.net\n\
2001:500:2f::f; # f.root-servers.net\n\
@ -503,9 +503,9 @@ named_config_getzonetype(const cfg_obj_t *zonetypeobj) {
return ztype;
}
static isc_result_t
getremotesdef(const cfg_obj_t *cctx, const char *list, const char *name,
const cfg_obj_t **ret) {
isc_result_t
named_config_getremotesdef(const cfg_obj_t *cctx, const char *list,
const char *name, const cfg_obj_t **ret) {
isc_result_t result;
const cfg_obj_t *obj = NULL;
const cfg_listelt_t *elt;
@ -532,23 +532,6 @@ getremotesdef(const cfg_obj_t *cctx, const char *list, const char *name,
return ISC_R_NOTFOUND;
}
isc_result_t
named_config_getremotesdef(const cfg_obj_t *cctx, const char *list,
const char *name, const cfg_obj_t **ret) {
isc_result_t result;
if (strcmp(list, "parental-agents") == 0) {
return getremotesdef(cctx, list, name, ret);
} else if (strcmp(list, "primaries") == 0) {
result = getremotesdef(cctx, list, name, ret);
if (result != ISC_R_SUCCESS) {
result = getremotesdef(cctx, "masters", name, ret);
}
return result;
}
return ISC_R_NOTFOUND;
}
static isc_result_t
named_config_getname(isc_mem_t *mctx, const cfg_obj_t *obj,
dns_name_t **namep) {
@ -597,10 +580,12 @@ named_config_getname(isc_mem_t *mctx, const cfg_obj_t *obj,
oldlen = newlen; \
}
static const char *remotesnames[4] = { "remote-servers", "parental-agents",
"primaries", "masters" };
isc_result_t
named_config_getipandkeylist(const cfg_obj_t *config, const char *listtype,
const cfg_obj_t *list, isc_mem_t *mctx,
dns_ipkeylist_t *ipkl) {
named_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
isc_mem_t *mctx, dns_ipkeylist_t *ipkl) {
uint32_t addrcount = 0, srccount = 0;
uint32_t keycount = 0, tlscount = 0;
uint32_t listcount = 0, l = 0, i = 0;
@ -683,8 +668,6 @@ newlist:
isc_sockaddr_any6(&src6);
}
result = ISC_R_NOMEMORY;
element = cfg_list_first(addrlist);
resume:
for (; element != NULL; element = cfg_list_next(element)) {
@ -715,17 +698,22 @@ resume:
continue;
}
list = NULL;
tresult = named_config_getremotesdef(config, listtype,
listname, &list);
tresult = ISC_R_NOTFOUND;
for (size_t n = 0; n < ARRAY_SIZE(remotesnames); n++) {
tresult = named_config_getremotesdef(
config, remotesnames[n], listname,
&list);
if (tresult == ISC_R_SUCCESS) {
break;
}
}
if (tresult == ISC_R_NOTFOUND) {
cfg_obj_log(addr, ISC_LOG_ERROR,
"%s \"%s\" not found", listtype,
"remote-servers \"%s\" not found",
listname);
result = tresult;
goto cleanup;
}
if (tresult != ISC_R_SUCCESS) {
result = tresult;
goto cleanup;
}
lists[l++].name = listname;

5
bin/named/include/named/config.h
View File

@ -57,9 +57,8 @@ named_config_getremotesdef(const cfg_obj_t *cctx, const char *list,
const char *name, const cfg_obj_t **ret);
isc_result_t
named_config_getipandkeylist(const cfg_obj_t *config, const char *listtype,
const cfg_obj_t *list, isc_mem_t *mctx,
dns_ipkeylist_t *ipkl);
named_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
isc_mem_t *mctx, dns_ipkeylist_t *ipkl);
isc_result_t
named_config_getport(const cfg_obj_t *config, const char *type,

4
bin/named/server.c
View File

@ -2779,8 +2779,8 @@ configure_catz_zone(dns_view_t *view, dns_view_t *pview,
obj = cfg_tuple_get(catz_obj, "default-primaries");
}
if (obj != NULL && cfg_obj_istuple(obj)) {
result = named_config_getipandkeylist(
config, "primaries", obj, view->mctx, &opts->masters);
result = named_config_getipandkeylist(config, obj, view->mctx,
&opts->masters);
}
obj = cfg_tuple_get(catz_obj, "in-memory");

13
bin/named/zoneconf.c
View File

@ -1273,8 +1273,8 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
dns_ipkeylist_t ipkl;
dns_ipkeylist_init(&ipkl);
CHECK(named_config_getipandkeylist(config, "primaries",
obj, mctx, &ipkl));
CHECK(named_config_getipandkeylist(config, obj, mctx,
&ipkl));
dns_zone_setalsonotify(zone, ipkl.addrs, ipkl.sources,
ipkl.keys, ipkl.tlss,
ipkl.count);
@ -1679,9 +1679,8 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
if (parentals != NULL) {
dns_ipkeylist_t ipkl;
dns_ipkeylist_init(&ipkl);
CHECK(named_config_getipandkeylist(
config, "parental-agents", parentals, mctx,
&ipkl));
CHECK(named_config_getipandkeylist(config, parentals,
mctx, &ipkl));
dns_zone_setparentals(zone, ipkl.addrs, ipkl.sources,
ipkl.keys, ipkl.tlss, ipkl.count);
dns_ipkeylist_clear(mctx, &ipkl);
@ -1861,8 +1860,8 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
dns_ipkeylist_t ipkl;
dns_ipkeylist_init(&ipkl);
CHECK(named_config_getipandkeylist(config, "primaries",
obj, mctx, &ipkl));
CHECK(named_config_getipandkeylist(config, obj, mctx,
&ipkl));
dns_zone_setprimaries(mayberaw, ipkl.addrs,
ipkl.sources, ipkl.keys,
ipkl.tlss, ipkl.count);

2
bin/tests/system/addzone/ns3/named1.conf.in
View File

@ -34,6 +34,6 @@ zone "." {
file "redirect.db";
};
primaries "test" {
remote-servers "test" {
10.53.0.99;
};

2
bin/tests/system/checkconf/bad-duplicate-primaries-1.conf → bin/tests/system/checkconf/bad-duplicate-remote-servers-synonyms.conf
View File

@ -11,5 +11,5 @@
* information regarding copyright ownership.
*/
primaries duplicate { 1.2.3.4; };
remote-servers duplicate { 1.2.3.4; };
primaries duplicate { 4.3.2.1; };

4
bin/tests/system/checkconf/bad-duplicate-primaries-2.conf → bin/tests/system/checkconf/bad-duplicate-remote-servers.conf
View File

@ -11,5 +11,5 @@
* information regarding copyright ownership.
*/
masters duplicate { 1.2.3.4; };
primaries duplicate { 4.3.2.1; };
remote-servers duplicate { 1.2.3.4; };
remote-servers duplicate { 4.3.2.1; };

2
bin/tests/system/checkconf/bad-parental-agents-def-view2.conf
View File

@ -12,7 +12,7 @@
*/
view "test" {
parental-agents "net" {
remote-servers "net" {
192.168.1.2;
};
zone "example.net" {

4
bin/tests/system/checkconf/bad-parental-agents-dupdef.conf
View File

@ -11,11 +11,11 @@
* information regarding copyright ownership.
*/
parental-agents "net" {
remote-servers "net" {
192.168.1.1;
};
parental-agents "net" {
remote-servers "net" {
192.168.1.2;
};

2
bin/tests/system/checkconf/bad-parental-agents-empty.conf
View File

@ -11,7 +11,7 @@
* information regarding copyright ownership.
*/
parental-agents "net" { };
remote-servers "net" { };
zone "example.net" {
type primary;

2
bin/tests/system/checkconf/bad-parental-agents-notfound.conf
View File

@ -11,7 +11,7 @@
* information regarding copyright ownership.
*/
parental-agents "com" {
remote-servers "com" {
192.168.1.2;
};

2
bin/tests/system/checkconf/bad-primaries-notfound.conf
View File

@ -11,7 +11,7 @@
* information regarding copyright ownership.
*/
primaries "net" {
remote-servers "net" {
192.168.1.2;
};

28
bin/tests/system/checkconf/good-multiple-remote-servers-synonyms.conf Normal file
View File

@ -0,0 +1,28 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* SPDX-License-Identifier: MPL-2.0
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
remote-servers "one" {
1.2.3.4;
};
parental-agents "two" {
1.2.3.5;
};
primaries "three" {
1.2.3.6;
};
masters "four" {
1.2.3.7;
};

4
bin/tests/system/checkconf/good-masters-and-primaries.conf → bin/tests/system/checkconf/good-multiple-remote-servers.conf
View File

@ -11,5 +11,5 @@
* information regarding copyright ownership.
*/
masters a { 1.2.3.4; };
primaries b { 1.2.3.4; };
remote-servers a { 1.2.3.4; };
remote-servers b { 1.2.3.4; };

2
bin/tests/system/checkconf/good.conf.in
View File

@ -86,7 +86,7 @@ options {
transfer-source 0.0.0.0;
zone-statistics none;
};
parental-agents "parents" port 5353 source 10.10.10.10 source-v6 2001:db8::10 {
remote-servers "parents" port 5353 source 10.10.10.10 source-v6 2001:db8::10 {
10.10.10.11;
2001:db8::11;
};

4
bin/tests/system/checkconf/inline-bad.conf
View File

@ -12,8 +12,8 @@
*/
acl "transferees" {};
primaries "stealthPrimaries" {127.0.0.1;};
primaries "publicSecondaries" {127.0.0.1;};
remote-servers "stealthPrimaries" {127.0.0.1;};
remote-servers "publicSecondaries" {127.0.0.1;};
zone "example.net" {
type secondary;
key-directory "/var/lib/bind/example.net";

4
bin/tests/system/checkconf/inline-good.conf
View File

@ -12,8 +12,8 @@
*/
acl "transferees" {};
primaries "stealthPrimaries" {127.0.0.1;};
primaries "publicSecondaries" {127.0.0.1;};
remote-servers "stealthPrimaries" {127.0.0.1;};
remote-servers "publicSecondaries" {127.0.0.1;};
zone "example.net" {
type secondary;
file "/var/cache/bind/example.net.db";

4
bin/tests/system/checkconf/inline-no.conf
View File

@ -12,8 +12,8 @@
*/
acl "transferees" {};
primaries "stealthPrimaries" {127.0.0.1;};
primaries "publicSecondaries" {127.0.0.1;};
remote-servers "stealthPrimaries" {127.0.0.1;};
remote-servers "publicSecondaries" {127.0.0.1;};
zone "example.net" {
type secondary;
key-directory "/var/lib/bind/example.net";

2
bin/tests/system/checkds/ns9/named.conf.in
View File

@ -37,7 +37,7 @@ controls {
inet 10.53.0.9 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
parental-agents "ns8" port @PORT@ {
remote-servers "ns8" port @PORT@ {
10.53.0.8;
};

6
bin/tests/system/notify/ns2/named.conf.in
View File

@ -51,10 +51,8 @@ zone "example" {
also-notify { /* empty */ };
};
# use both 'primaries' and 'masters' to test that they
# can work correctly together.
primaries noport { 10.53.0.4; };
masters x21 port @EXTRAPORT1@ { noport; };
remote-servers noport { 10.53.0.4; };
remote-servers x21 port @EXTRAPORT1@ { noport; };
zone x1 {
type primary;

2
bin/tests/system/nsupdate/ns1/named.conf.in
View File

@ -94,7 +94,7 @@ zone "other.nil" {
allow-transfer { any; };
};
primaries others {
remote-servers others {
10.53.0.2 port @PORT@;
10.53.0.2 port @PORT@ key altkey;
};

2
bin/tests/system/xfer/ns2/named.conf.in
View File

@ -61,7 +61,7 @@ zone "tsigzone" {
allow-transfer { tzkey; };
};
primaries "ns1" port @PORT@ source 10.53.0.2 {
remote-servers "ns1" port @PORT@ source 10.53.0.2 {
10.53.0.1;
};

125
doc/arm/reference.rst
View File

@ -364,8 +364,8 @@ file documentation:
``portrange``
A list of a :term:`port` or a port range. A port range is specified in the form of ``range`` followed by two :term:`port` s, ``port_low`` and ``port_high``, which represents port numbers from ``port_low`` through ``port_high``, inclusive. ``port_low`` must not be larger than ``port_high``. For example, ``range 1024 65535`` represents ports from 1024 through 65535. The asterisk (``*``) character is not allowed as a valid :term:`port` or as a port range boundary.
``remote-servers``
A named list of one or more :term:`ip_address` es with optional :term:`tls_id`, :term:`server_key`, and/or :term:`port`. A ``remote-servers`` list may include other ``remote-servers`` lists. See :any:`primaries` block.
``server-list``
A named list of one or more :term:`ip_address` es with optional :term:`tls_id`, :term:`server_key`, and/or :term:`port`. A ``server-list`` list may include other ``server-list`` lists.
``server_key``
A :term:`domain_name` representing the name of a shared key, to be used for
@ -413,17 +413,11 @@ The following blocks are supported:
:any:`logging`
Specifies what information the server logs and where the log messages are sent.
``masters``
Synonym for :any:`primaries`.
:namedconf:ref:`options`
Controls global server configuration options and sets defaults for other statements.
:any:`parental-agents`
Defines a named list of servers for inclusion in primary and secondary zones' :any:`parental-agents` lists.
:any:`primaries`
Defines a named list of servers for inclusion in stub and secondary zones' :any:`primaries` or :any:`also-notify` lists. (Note: this is a synonym for the original keyword ``masters``, which can still be used, but is no longer the preferred terminology.)
:namedconf:ref:`remote-servers`
Defines a named list of servers for inclusion in various zone statements such as :any:`parental-agents`, :any:`primaries` or :any:`also-notify` lists.
:namedconf:ref:`server`
Sets certain configuration options on a per-server basis.
@ -1048,34 +1042,20 @@ At ``debug`` level 4 or higher, the detailed context information logged at
``debug`` level 2 is logged for errors other than SERVFAIL and for negative
responses such as NXDOMAIN.
:any:`parental-agents` Block Grammar
``remote-servers`` Block Grammar
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. namedconf:statement:: parental-agents
:tags: zone
:short: Defines a list of delegation agents to be used by primary and secondary zones.
.. namedconf:statement:: remote-servers
:tags: server
:short: Defines a list of servers to be used by primary and secondary zones.
:any:`parental-agents` Block Definition and Usage
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This specifies a list that allows for a common set of servers to be easily used
by multiple zones. The following options may reference to a list of
remote servers: :any:`parental-agents`, :any:`primaries`, and :any:`also-notify`.
:any:`parental-agents` lists allow for a common set of parental agents to be
easily used by multiple primary and secondary zones. A "parental agent" is a
trusted DNS server that is queried to check whether DS records for a given zones
are up-to-date.
A "parental agent" is a trusted DNS server that is queried to check whether DS
records for a given zones are up-to-date.
:any:`primaries` Block Grammar
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. namedconf:statement:: primaries
:tags: zone
:short: Defines one or more primary servers for a zone.
:any:`primaries` Block Definition and Usage
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:any:`primaries` lists allow for a common set of primary servers to be easily
used by multiple stub and secondary zones in their :any:`primaries` or
:any:`also-notify` lists. (Note: :any:`primaries` is a synonym for the original
keyword ``masters``, which can still be used, but is no longer the
preferred terminology.)
A "primary server" is where a secondary server can request zone transfers from.
To force the zone transfer requests to be sent over TLS, use :any:`tls` keyword,
e.g. ``primaries { 192.0.2.1 tls tls-configuration-name; };``,
@ -3388,6 +3368,19 @@ options apply to zone transfers.
per second. The lowest possible rate is one per second; when set to
zero, it is silently raised to one.
.. namedconf:statement:: primaries
:tags: transfer, zone
:short: Defines one or more servers that zone transfer can be requested from.
This specifies a list of one or more IP addresses of primary servers that
the secondary contacts to update its copy of the zone. Primaries list
elements can also be names of :any:`remote-servers` blocks.
By default, transfers are made from port 53 on the servers; this can be
changed for all servers by specifying a port number before the list of IP
addresses, or on a per-server basis after the IP address. Authentication to
the primary can also be done with per-server TSIG keys.
.. namedconf:statement:: startup-notify-rate
:tags: transfer, zone
:short: Specifies the rate at which NOTIFY requests are sent when the name server is first starting, or when new zones have been added.
@ -6476,6 +6469,18 @@ old DNSSEC key.
trust relationship with the parental agent. For example, use TSIG to
authenticate the parental agent, or point to a validating resolver.
.. namedconf:statement:: parental-agents
:tags: dnssec
This specifies a list of one or more IP addresses of parental agents that
are used to query the zone's DS records during a KSK rollover. The list of
parental agents can also contain the names of :any:`remote-servers` blocks.
By default, DS queries are sent from port 53 on the servers; this can be
changed for all servers by specifying a port number before the list of IP
addresses, or on a per-server basis after the IP address. Authentication to
the primary can also be done with per-server TSIG keys.
The following options apply to DS queries sent to :any:`parental-agents`:
.. namedconf:statement:: checkds
@ -6662,33 +6667,22 @@ Zone Types
:tags: zone
:short: Contains a duplicate of the data for a zone that has been transferred from a primary server.
A secondary zone is a replica of a primary zone. Type ``slave`` is a
synonym for :any:`secondary <type secondary>`. The :any:`primaries` list specifies one or more IP
addresses of primary servers that the secondary contacts to update
its copy of the zone. Primaries list elements can
also be names of other primaries lists. By default,
transfers are made from port 53 on the servers;
this can be changed for all servers by specifying
a port number before the list of IP addresses,
or on a per-server basis after the IP address.
Authentication to the primary can also be done with
per-server TSIG keys. If a file is specified, then the
replica is written to this file
whenever the zone
is changed, and reloaded from this file on a server
restart. Use of a file is recommended, since it
often speeds server startup and eliminates a
needless waste of bandwidth. Note that for large
numbers (in the tens or hundreds of thousands) of
zones per server, it is best to use a two-level
naming scheme for zone filenames. For example,
a secondary server for the zone
``example.com`` might place
the zone contents into a file called
``ex/example.com``, where
``ex/`` is just the first two
letters of the zone name. (Most operating systems
behave very slowly if there are 100,000 files in a single directory.)
A secondary zone is a replica of a primary zone. Type ``slave`` is a
synonym for :any:`secondary <type secondary>`. The :any:`primaries` list
specifies one or more IP addresses of primary servers that the secondary
contacts to update its copy of the zone.
If a file is
specified, then the replica is written to this file whenever the zone
is changed, and reloaded from this file on a server restart. Use of a file
is recommended, since it often speeds server startup and eliminates a
needless waste of bandwidth. Note that for large numbers (in the tens or
hundreds of thousands) of zones per server, it is best to use a two-level
naming scheme for zone filenames. For example, a secondary server for the
zone ``example.com`` might place the zone contents into a file called
``ex/example.com``, where ``ex/`` is just the first two letters of the zone
name. (Most operating systems behave very slowly if there are 100,000 files
in a single directory.)
.. namedconf:statement:: type mirror
:tags: zone
@ -7056,6 +7050,15 @@ Zone Options
:any:`notify-to-soa`
See the description of :any:`notify-to-soa` in :ref:`boolean_options`.
:any:`parental-agents`
This option is only meaningful if the zone is DNSSEC signed. When performing
a key rollover, BIND will query the parental agents to see if the new DS is
actually published before withdrawing the old DNSSEC key.
:any:`primaries`
For secondary zones, these are the name servers to request zone transfers
from.
:any:`zone-statistics`
See the description of :any:`zone-statistics` in :namedconf:ref:`options`.

2
doc/dnssec-guide/signing.rst
View File

@ -898,7 +898,7 @@ presence. Let's look at the following configuration excerpt:
::
parental-agents "net" {
remote-servers "net" {
10.53.0.11; 10.53.0.12;
};

4
doc/misc/mirror.zoneopt
View File

@ -5,7 +5,7 @@ zone <string> [ <class> ] {
allow-query-on { <address_match_element>; ... };
allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
allow-update-forwarding { <address_match_element>; ... };
also-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
also-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
check-names ( fail | warn | ignore );
database <string>;
file <quoted_string>;
@ -31,7 +31,7 @@ zone <string> [ <class> ] {
notify-delay <integer>;
notify-source ( <ipv4_address> | * );
notify-source-v6 ( <ipv6_address> | * );
primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
request-expire <boolean>;
request-ixfr <boolean>;
request-ixfr-max-diffs <integer>;

12
doc/misc/options
View File

@ -78,14 +78,14 @@ options {
allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
allow-update { <address_match_element>; ... };
allow-update-forwarding { <address_match_element>; ... };
also-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
also-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
answer-cookie <boolean>;
attach-cache <string>;
auth-nxdomain <boolean>;
automatic-interface-scan <boolean>;
bindkeys-file <quoted_string>; // test only
blackhole { <address_match_element>; ... };
catalog-zones { zone <string> [ default-primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone-directory <quoted_string> ] [ in-memory <boolean> ] [ min-update-interval <duration> ]; ... };
catalog-zones { zone <string> [ default-primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone-directory <quoted_string> ] [ in-memory <boolean> ] [ min-update-interval <duration> ]; ... };
check-dup-records ( fail | warn | ignore );
check-integrity <boolean>;
check-mx ( fail | warn | ignore );
@ -319,11 +319,9 @@ options {
zone-statistics ( full | terse | none | <boolean> );
};
parental-agents <string> [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; // may occur multiple times
plugin ( query ) <string> [ { <unspecified-text> } ]; // may occur multiple times
primaries <string> [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; // may occur multiple times
remote-servers <string> [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; // may occur multiple times
server <netprefix> {
bogus <boolean>;
@ -385,10 +383,10 @@ view <string> [ <class> ] {
allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
allow-update { <address_match_element>; ... };
allow-update-forwarding { <address_match_element>; ... };
also-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
also-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
attach-cache <string>;
auth-nxdomain <boolean>;
catalog-zones { zone <string> [ default-primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone-directory <quoted_string> ] [ in-memory <boolean> ] [ min-update-interval <duration> ]; ... };
catalog-zones { zone <string> [ default-primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone-directory <quoted_string> ] [ in-memory <boolean> ] [ min-update-interval <duration> ]; ... };
check-dup-records ( fail | warn | ignore );
check-integrity <boolean>;
check-mx ( fail | warn | ignore );

4
doc/misc/primary.zoneopt
View File

@ -4,7 +4,7 @@ zone <string> [ <class> ] {
allow-query-on { <address_match_element>; ... };
allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
allow-update { <address_match_element>; ... };
also-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
also-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
check-dup-records ( fail | warn | ignore );
check-integrity <boolean>;
check-mx ( fail | warn | ignore );
@ -48,7 +48,7 @@ zone <string> [ <class> ] {
notify-source-v6 ( <ipv6_address> | * );
notify-to-soa <boolean>;
nsec3-test-zone <boolean>; // test only
parental-agents [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
parental-agents [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
parental-source ( <ipv4_address> | * );
parental-source-v6 ( <ipv6_address> | * );
send-report-channel <string>;

2
doc/misc/redirect.zoneopt
View File

@ -10,6 +10,6 @@ zone <string> [ <class> ] {
max-records-per-type <integer>;
max-types-per-name <integer>;
max-zone-ttl ( unlimited | <duration> ); // deprecated
primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
zone-statistics ( full | terse | none | <boolean> );
};

6
doc/misc/secondary.zoneopt
View File

@ -5,7 +5,7 @@ zone <string> [ <class> ] {
allow-query-on { <address_match_element>; ... };
allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
allow-update-forwarding { <address_match_element>; ... };
also-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
also-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
check-names ( fail | warn | ignore );
checkds ( explicit | <boolean> );
database <string>;
@ -45,10 +45,10 @@ zone <string> [ <class> ] {
notify-source-v6 ( <ipv6_address> | * );
notify-to-soa <boolean>;
nsec3-test-zone <boolean>; // test only
parental-agents [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
parental-agents [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
parental-source ( <ipv4_address> | * );
parental-source-v6 ( <ipv6_address> | * );
primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
request-expire <boolean>;
request-ixfr <boolean>;
request-ixfr-max-diffs <integer>;

2
doc/misc/stub.zoneopt
View File

@ -19,7 +19,7 @@ zone <string> [ <class> ] {
min-refresh-time <integer>;
min-retry-time <integer>;
multi-master <boolean>;
primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
transfer-source ( <ipv4_address> | * );
transfer-source-v6 ( <ipv6_address> | * );
zone-statistics ( full | terse | none | <boolean> );

80
lib/isccfg/check.c
View File

@ -2098,10 +2098,10 @@ check_remoteserverlist(const cfg_obj_t *cctx, const char *list,
}
/*
* Check primaries lists for duplicates.
* Check remote-server lists for duplicates.
*/
static isc_result_t
check_primarylists(const cfg_obj_t *cctx, isc_mem_t *mctx) {
check_remoteserverlists(const cfg_obj_t *cctx, isc_mem_t *mctx) {
isc_result_t result, tresult;
isc_symtab_t *symtab = NULL;
@ -2109,6 +2109,15 @@ check_primarylists(const cfg_obj_t *cctx, isc_mem_t *mctx) {
if (result != ISC_R_SUCCESS) {
return result;
}
tresult = check_remoteserverlist(cctx, "remote-servers", symtab, mctx);
if (tresult != ISC_R_SUCCESS) {
result = tresult;
}
/* parental-agents, primaries, masters are treated as synonyms */
tresult = check_remoteserverlist(cctx, "parental-agents", symtab, mctx);
if (tresult != ISC_R_SUCCESS) {
result = tresult;
}
tresult = check_remoteserverlist(cctx, "primaries", symtab, mctx);
if (tresult != ISC_R_SUCCESS) {
result = tresult;
@ -2121,26 +2130,6 @@ check_primarylists(const cfg_obj_t *cctx, isc_mem_t *mctx) {
return result;
}
/*
* Check parental-agents lists for duplicates.
*/
static isc_result_t
check_parentalagentlists(const cfg_obj_t *cctx, isc_mem_t *mctx) {
isc_result_t result, tresult;
isc_symtab_t *symtab = NULL;
result = isc_symtab_create(mctx, 100, freekey, mctx, false, &symtab);
if (result != ISC_R_SUCCESS) {
return result;
}
tresult = check_remoteserverlist(cctx, "parental-agents", symtab, mctx);
if (tresult != ISC_R_SUCCESS) {
result = tresult;
}
isc_symtab_destroy(&symtab);
return result;
}
#if HAVE_LIBNGHTTP2
static isc_result_t
check_httpserver(const cfg_obj_t *http, isc_symtab_t *symtab) {
@ -2435,24 +2424,28 @@ get_remotes(const cfg_obj_t *cctx, const char *list, const char *name,
}
static isc_result_t
get_remoteservers_def(const char *list, const char *name, const cfg_obj_t *cctx,
get_remoteservers_def(const char *name, const cfg_obj_t *cctx,
const cfg_obj_t **ret) {
isc_result_t result = ISC_R_NOTFOUND;
isc_result_t result;
if (strcmp(list, "primaries") == 0) {
result = get_remotes(cctx, "primaries", name, ret);
if (result != ISC_R_SUCCESS) {
result = get_remotes(cctx, "masters", name, ret);
}
} else if (strcmp(list, "parental-agents") == 0) {
result = get_remotes(cctx, "parental-agents", name, ret);
result = get_remotes(cctx, "remote-servers", name, ret);
if (result == ISC_R_SUCCESS) {
return result;
}
return result;
result = get_remotes(cctx, "primaries", name, ret);
if (result == ISC_R_SUCCESS) {
return result;
}
result = get_remotes(cctx, "parental-agents", name, ret);
if (result == ISC_R_SUCCESS) {
return result;
}
return get_remotes(cctx, "masters", name, ret);
}
static isc_result_t
validate_remotes(const char *list, const cfg_obj_t *obj,
const cfg_obj_t *config, uint32_t *countp, isc_mem_t *mctx) {
validate_remotes(const cfg_obj_t *obj, const cfg_obj_t *config,
uint32_t *countp, isc_mem_t *mctx) {
isc_result_t result = ISC_R_SUCCESS;
isc_result_t tresult;
uint32_t count = 0;
@ -2555,13 +2548,13 @@ resume:
if (tresult == ISC_R_EXISTS) {
continue;
}
tresult = get_remoteservers_def(list, listname, config, &obj);
tresult = get_remoteservers_def(listname, config, &obj);
if (tresult != ISC_R_SUCCESS) {
if (result == ISC_R_SUCCESS) {
result = tresult;
}
cfg_obj_log(addr, ISC_LOG_ERROR,
"unable to find %s list '%s'", list,
"unable to find remote-servers list '%s'",
listname);
continue;
}
@ -3444,8 +3437,7 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
}
if (tresult == ISC_R_SUCCESS && donotify) {
uint32_t count;
tresult = validate_remotes("primaries", obj, config,
&count, mctx);
tresult = validate_remotes(obj, config, &count, mctx);
if (tresult != ISC_R_SUCCESS && result == ISC_R_SUCCESS)
{
result = tresult;
@ -3487,8 +3479,7 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
result = ISC_R_FAILURE;
} else {
uint32_t count;
tresult = validate_remotes("primaries", obj, config,
&count, mctx);
tresult = validate_remotes(obj, config, &count, mctx);
if (tresult != ISC_R_SUCCESS && result == ISC_R_SUCCESS)
{
result = tresult;
@ -3512,8 +3503,7 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
(void)cfg_map_get(zoptions, "parental-agents", &obj);
if (obj != NULL) {
uint32_t count;
tresult = validate_remotes("parental-agents", obj,
config, &count, mctx);
tresult = validate_remotes(obj, config, &count, mctx);
if (tresult != ISC_R_SUCCESS && result == ISC_R_SUCCESS)
{
result = tresult;
@ -5911,11 +5901,7 @@ isccfg_check_namedconf(const cfg_obj_t *config, unsigned int flags,
result = ISC_R_FAILURE;
}
if (check_primarylists(config, mctx) != ISC_R_SUCCESS) {
result = ISC_R_FAILURE;
}
if (check_parentalagentlists(config, mctx) != ISC_R_SUCCESS) {
if (check_remoteserverlists(config, mctx) != ISC_R_SUCCESS) {
result = ISC_R_FAILURE;
}

17
lib/isccfg/namedconf.c
View File

@ -234,9 +234,9 @@ static cfg_tuplefielddef_t remotes_fields[] = {
{ NULL, NULL, 0 }
};
static cfg_type_t cfg_type_remoteservers = { "remote-servers", cfg_parse_tuple,
cfg_print_tuple, cfg_doc_tuple,
&cfg_rep_tuple, remotes_fields };
static cfg_type_t cfg_type_serverlist = { "server-list", cfg_parse_tuple,
cfg_print_tuple, cfg_doc_tuple,
&cfg_rep_tuple, remotes_fields };
/*%
* "sockaddrkeylist", a list of socket addresses with optional keys
@ -1140,11 +1140,14 @@ static cfg_clausedef_t namedconf_clauses[] = {
{ "key-store", &cfg_type_keystore, CFG_CLAUSEFLAG_MULTI },
{ "logging", &cfg_type_logging, 0 },
{ "lwres", NULL, CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_ANCIENT },
{ "masters", &cfg_type_remoteservers,
{ "masters", &cfg_type_serverlist,
CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_NODOC },
{ "options", &cfg_type_options, 0 },
{ "parental-agents", &cfg_type_remoteservers, CFG_CLAUSEFLAG_MULTI },
{ "primaries", &cfg_type_remoteservers, CFG_CLAUSEFLAG_MULTI },
{ "parental-agents", &cfg_type_serverlist,
CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_NODOC },
{ "primaries", &cfg_type_serverlist,
CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_NODOC },
{ "remote-servers", &cfg_type_serverlist, CFG_CLAUSEFLAG_MULTI },
#if defined(HAVE_LIBXML2) || defined(HAVE_JSON_C)
{ "statistics-channels", &cfg_type_statschannels,
CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_OPTIONAL },
@ -3740,7 +3743,7 @@ static void
doc_remoteselement(cfg_printer_t *pctx, const cfg_type_t *type) {
UNUSED(type);
cfg_print_cstr(pctx, "( ");
cfg_print_cstr(pctx, "<remote-servers>");
cfg_print_cstr(pctx, "<server-list>");
cfg_print_cstr(pctx, " | ");
cfg_print_cstr(pctx, "<ipv4_address>");
cfg_print_cstr(pctx, " ");