mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-04 00:25:29 +00:00
Code Issues Releases Wiki Activity

Add 'first_time' member to 'dns_rpz_zones_t'

Browse Source 
During the initial configuration of named after startup, 'first_time'
is true. This is needed for implementing the new 'servfail-until-ready'
configuration option, which should take into effect only during the
initial configuration.
This commit is contained in:
Aram Sargsyan
2025-08-08 12:08:55 +00:00
committed by Arаm Sаrgsyаn
parent 888b5f55a8
commit 88ed81e12d
3 changed files with 35 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
bin/named/server.c
View File

@@ -2137,7 +2137,7 @@ configure_rpz_zone(dns_view_t *view, const cfg_listelt_t *element,
static isc_result_t static isc_result_t
configure_rpz(dns_view_t *view, dns_view_t *pview, const cfg_obj_t *rpz_obj, configure_rpz(dns_view_t *view, dns_view_t *pview, const cfg_obj_t *rpz_obj,
bool *old_rpz_okp) { bool *old_rpz_okp, bool first_time) {
const cfg_obj_t *zonelist = NULL; const cfg_obj_t *zonelist = NULL;
const cfg_obj_t *sub_obj = NULL; const cfg_obj_t *sub_obj = NULL;
bool recursive_only_default, add_soa_default; bool recursive_only_default, add_soa_default;
@@ -2172,7 +2172,7 @@ configure_rpz(dns_view_t *view, dns_view_t *pview, const cfg_obj_t *rpz_obj,
} }
nsdname_on = nsdname_enabled ? DNS_RPZ_ALL_ZBITS : 0; nsdname_on = nsdname_enabled ? DNS_RPZ_ALL_ZBITS : 0;
result = dns_rpz_new_zones(view, &view->rpzs); result = dns_rpz_new_zones(view, &view->rpzs, first_time);
if (result != ISC_R_SUCCESS) { if (result != ISC_R_SUCCESS) {
return result; return result;
} }
@@ -2296,8 +2296,17 @@ configure_rpz(dns_view_t *view, dns_view_t *pview, const cfg_obj_t *rpz_obj,
} }
if (*old_rpz_okp) { if (*old_rpz_okp) {
/* Discard the newly created rpzs. */
dns_rpz_zones_shutdown(view->rpzs); dns_rpz_zones_shutdown(view->rpzs);
dns_rpz_zones_detach(&view->rpzs); dns_rpz_zones_detach(&view->rpzs);
/*
* We are reusing the old rpzs, so it can no longer be its
* first time.
*/
pview->rpzs->first_time = false;
/* Reuse rpzs from the old view. */
dns_rpz_zones_attach(pview->rpzs, &view->rpzs); dns_rpz_zones_attach(pview->rpzs, &view->rpzs);
dns_rpz_zones_detach(&pview->rpzs); dns_rpz_zones_detach(&pview->rpzs);
} else if (old != NULL && pview != NULL) { } else if (old != NULL && pview != NULL) {
@@ -3754,7 +3763,8 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config,
cfg_obj_t *vconfig, named_cachelist_t *cachelist, cfg_obj_t *vconfig, named_cachelist_t *cachelist,
named_cachelist_t *oldcachelist, dns_kasplist_t *kasplist, named_cachelist_t *oldcachelist, dns_kasplist_t *kasplist,
dns_keystorelist_t *keystores, const cfg_obj_t *bindkeys, dns_keystorelist_t *keystores, const cfg_obj_t *bindkeys,
isc_mem_t *mctx, cfg_aclconfctx_t *actx, bool need_hints) { isc_mem_t *mctx, cfg_aclconfctx_t *actx, bool need_hints,
bool first_time) {
const cfg_obj_t *maps[4]; const cfg_obj_t *maps[4];
const cfg_obj_t *cfgmaps[3]; const cfg_obj_t *cfgmaps[3];
const cfg_obj_t *optionmaps[3]; const cfg_obj_t *optionmaps[3];
@@ -3859,7 +3869,7 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config,
if (view->rdclass == dns_rdataclass_in && need_hints && if (view->rdclass == dns_rdataclass_in && need_hints &&
named_config_get(maps, "response-policy", &obj) == ISC_R_SUCCESS) named_config_get(maps, "response-policy", &obj) == ISC_R_SUCCESS)
{ {
CHECK(configure_rpz(view, NULL, obj, &old_rpz_ok)); CHECK(configure_rpz(view, NULL, obj, &old_rpz_ok, first_time));
rpz_configured = true; rpz_configured = true;
} }
@@ -5731,7 +5741,8 @@ cleanup:
* done previously in the "correct" order. * done previously in the "correct" order.
*/ */
result2 = configure_rpz(pview, view, obj, result2 = configure_rpz(pview, view, obj,
&old_rpz_ok); &old_rpz_ok,
first_time);
if (result2 != ISC_R_SUCCESS) { if (result2 != ISC_R_SUCCESS) {
isc_log_write(NAMED_LOGCATEGORY_GENERAL, isc_log_write(NAMED_LOGCATEGORY_GENERAL,
NAMED_LOGMODULE_SERVER, NAMED_LOGMODULE_SERVER,
@@ -8631,11 +8642,11 @@ apply_configuration(cfg_parser_t *configparser, cfg_obj_t *config,
goto cleanup_cachelist; goto cleanup_cachelist;
} }
result = configure_view(view, &viewlist, config, vconfig, result = configure_view(
&cachelist, &server->cachelist, view, &viewlist, config, vconfig, &cachelist,
&server->kasplist, &server->cachelist, &server->kasplist,
&server->keystorelist, bindkeys, &server->keystorelist, bindkeys, isc_g_mctx,
isc_g_mctx, named_g_aclconfctx, true); named_g_aclconfctx, true, first_time);
if (result != ISC_R_SUCCESS) { if (result != ISC_R_SUCCESS) {
dns_view_detach(&view); dns_view_detach(&view);
goto cleanup_cachelist; goto cleanup_cachelist;
@@ -8654,11 +8665,11 @@ apply_configuration(cfg_parser_t *configparser, cfg_obj_t *config,
if (result != ISC_R_SUCCESS) { if (result != ISC_R_SUCCESS) {
goto cleanup_cachelist; goto cleanup_cachelist;
} }
result = configure_view(view, &viewlist, config, NULL, result = configure_view(
&cachelist, &server->cachelist, view, &viewlist, config, NULL, &cachelist,
&server->kasplist, &server->cachelist, &server->kasplist,
&server->keystorelist, bindkeys, &server->keystorelist, bindkeys, isc_g_mctx,
isc_g_mctx, named_g_aclconfctx, true); named_g_aclconfctx, true, first_time);
if (result != ISC_R_SUCCESS) { if (result != ISC_R_SUCCESS) {
dns_view_detach(&view); dns_view_detach(&view);
goto cleanup_cachelist; goto cleanup_cachelist;
@@ -8682,11 +8693,11 @@ apply_configuration(cfg_parser_t *configparser, cfg_obj_t *config,
goto cleanup_cachelist; goto cleanup_cachelist;
} }
result = configure_view(view, &viewlist, config, vconfig, result = configure_view(
&cachelist, &server->cachelist, view, &viewlist, config, vconfig, &cachelist,
&server->kasplist, &server->cachelist, &server->kasplist,
&server->keystorelist, bindkeys, &server->keystorelist, bindkeys, isc_g_mctx,
isc_g_mctx, named_g_aclconfctx, false); named_g_aclconfctx, false, first_time);
if (result != ISC_R_SUCCESS) { if (result != ISC_R_SUCCESS) {
dns_view_detach(&view); dns_view_detach(&view);
goto cleanup_cachelist; goto cleanup_cachelist;

3
lib/dns/include/dns/rpz.h
View File

@@ -259,6 +259,7 @@ struct dns_rpz_zones {
isc_rwlock_t search_lock; isc_rwlock_t search_lock;
isc_mutex_t maint_lock; isc_mutex_t maint_lock;
bool first_time;
bool shuttingdown; bool shuttingdown;
dns_rpz_cidr_node_t *cidr; dns_rpz_cidr_node_t *cidr;
@@ -375,7 +376,7 @@ dns_rpz_decode_cname(dns_rpz_zone_t *rpz, dns_rdataset_t *rdataset,
dns_name_t *selfname); dns_name_t *selfname);
isc_result_t isc_result_t
dns_rpz_new_zones(dns_view_t *view, dns_rpz_zones_t **rpzsp); dns_rpz_new_zones(dns_view_t *view, dns_rpz_zones_t **rpzsp, bool first_time);
isc_result_t isc_result_t
dns_rpz_new_zone(dns_rpz_zones_t *rpzs, dns_rpz_zone_t **rpzp); dns_rpz_new_zone(dns_rpz_zones_t *rpzs, dns_rpz_zone_t **rpzp);

3
lib/dns/rpz.c
View File

@@ -1451,7 +1451,7 @@ add_name(dns_rpz_zone_t *rpz, dns_rpz_type_t rpz_type,
* Get ready for a new set of policy zones for a view. * Get ready for a new set of policy zones for a view.
*/ */
isc_result_t isc_result_t
dns_rpz_new_zones(dns_view_t *view, dns_rpz_zones_t **rpzsp) { dns_rpz_new_zones(dns_view_t *view, dns_rpz_zones_t **rpzsp, bool first_time) {
dns_rpz_zones_t *rpzs = NULL; dns_rpz_zones_t *rpzs = NULL;
isc_mem_t *mctx = NULL; isc_mem_t *mctx = NULL;
@@ -1463,6 +1463,7 @@ dns_rpz_new_zones(dns_view_t *view, dns_rpz_zones_t **rpzsp) {
rpzs = isc_mem_get(mctx, sizeof(*rpzs)); rpzs = isc_mem_get(mctx, sizeof(*rpzs));
*rpzs = (dns_rpz_zones_t){ *rpzs = (dns_rpz_zones_t){
.magic = DNS_RPZ_ZONES_MAGIC, .magic = DNS_RPZ_ZONES_MAGIC,
.first_time = first_time,
}; };
isc_rwlock_init(&rpzs->search_lock); isc_rwlock_init(&rpzs->search_lock);