diff --git a/bin/named/config.c b/bin/named/config.c index d398a92990..ade302bd74 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -240,6 +240,7 @@ options {\n\ notify yes;\n\ notify-delay 5;\n\ notify-to-soa no;\n\ + provide-zoneversion yes;\n\ send-report-channel .;\n\ serial-update-method increment;\n\ sig-signing-nodes 100;\n\ diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c index 35f5301344..cdcf115e70 100644 --- a/bin/named/zoneconf.c +++ b/bin/named/zoneconf.c @@ -1227,6 +1227,12 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, dns_zone_setkasp(zone, NULL); } + obj = NULL; + result = named_config_get(maps, "provide-zoneversion", &obj); + INSIST(result == ISC_R_SUCCESS && obj != NULL); + dns_zone_setoption(zone, DNS_ZONEOPT_ZONEVERSION, + cfg_obj_asboolean(obj)); + obj = NULL; result = named_config_get(maps, "notify", &obj); INSIST(result == ISC_R_SUCCESS && obj != NULL); diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst index 67cde91d29..b36725487b 100644 --- a/doc/arm/reference.rst +++ b/doc/arm/reference.rst @@ -2165,6 +2165,14 @@ Boolean Options ultimate primary should be set to still send NOTIFY messages to all the name servers listed in the NS RRset. +.. namedconf:statement:: provide-zoneversion + :tags: transfer + :short: Controls the return EDNS ZONEVERSION answers. + + If ``yes`` EDNS ZONEVERSION answers will be returned otherwise + not for primary, secondary and mirror zones. The default is + ``yes``. + .. namedconf:statement:: recursion :tags: query :short: Defines whether recursion and caching are allowed. @@ -5613,6 +5621,7 @@ and :namedconf:ref:`options` blocks: - :namedconf:ref:`notify-source-v6` - :namedconf:ref:`notify-source` - :namedconf:ref:`provide-ixfr` + - :namedconf:ref:`provide-zoneversion` - :namedconf:ref:`query-source-v6` - :namedconf:ref:`query-source` - :namedconf:ref:`request-expire` diff --git a/doc/misc/mirror.zoneopt b/doc/misc/mirror.zoneopt index b1c5c08ea7..4db4d9f19b 100644 --- a/doc/misc/mirror.zoneopt +++ b/doc/misc/mirror.zoneopt @@ -33,6 +33,7 @@ zone [ ] { notify-source ( | * ); notify-source-v6 ( | * ); primaries [ port ] [ source ( | * ) ] [ source-v6 ( | * ) ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + provide-zoneversion ; request-expire ; request-ixfr ; request-ixfr-max-diffs ; diff --git a/doc/misc/options b/doc/misc/options index e233c042dc..55f4afb3fa 100644 --- a/doc/misc/options +++ b/doc/misc/options @@ -226,6 +226,7 @@ options { preferred-glue ; prefetch [ ]; provide-ixfr ; + provide-zoneversion ; qname-minimization ( strict | relaxed | disabled | off ); query-source [ address ] ( | * | none ); query-source-v6 [ address ] ( | * | none ); @@ -511,6 +512,7 @@ view [ ] { preferred-glue ; prefetch [ ]; provide-ixfr ; + provide-zoneversion ; qname-minimization ( strict | relaxed | disabled | off ); query-source [ address ] ( | * | none ); query-source-v6 [ address ] ( | * | none ); diff --git a/doc/misc/primary.zoneopt b/doc/misc/primary.zoneopt index dfa2b79661..28d8dad453 100644 --- a/doc/misc/primary.zoneopt +++ b/doc/misc/primary.zoneopt @@ -51,6 +51,7 @@ zone [ ] { parental-agents [ port ] [ source ( | * ) ] [ source-v6 ( | * ) ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; parental-source ( | * ); parental-source-v6 ( | * ); + provide-zoneversion ; send-report-channel ; serial-update-method ( date | increment | unixtime ); sig-signing-nodes ; diff --git a/doc/misc/secondary.zoneopt b/doc/misc/secondary.zoneopt index 6fbe1fbaf5..08c7008ca2 100644 --- a/doc/misc/secondary.zoneopt +++ b/doc/misc/secondary.zoneopt @@ -50,6 +50,7 @@ zone [ ] { parental-source ( | * ); parental-source-v6 ( | * ); primaries [ port ] [ source ( | * ) ] [ source-v6 ( | * ) ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + provide-zoneversion ; request-expire ; request-ixfr ; request-ixfr-max-diffs ; diff --git a/lib/dns/include/dns/zone.h b/lib/dns/include/dns/zone.h index cec638fe64..a9d8526a7f 100644 --- a/lib/dns/include/dns/zone.h +++ b/lib/dns/include/dns/zone.h @@ -102,6 +102,7 @@ typedef enum { DNS_ZONEOPT_CHECKTTL = 1 << 28, /*%< check max-zone-ttl */ DNS_ZONEOPT_AUTOEMPTY = 1 << 29, /*%< automatic empty zone */ DNS_ZONEOPT_CHECKSVCB = 1 << 30, /*%< check SVBC records */ + DNS_ZONEOPT_ZONEVERSION = 1U << 31, /*%< enable zoneversion */ DNS_ZONEOPT___MAX = UINT64_MAX, /* trick to make the ENUM 64-bit wide */ } dns_zoneopt_t; diff --git a/lib/dns/zone.c b/lib/dns/zone.c index 8d4c101f32..7d16993f1c 100644 --- a/lib/dns/zone.c +++ b/lib/dns/zone.c @@ -1508,7 +1508,8 @@ dns_zone_getzoneversion(dns_zone_t *zone, isc_buffer_t *b) { LOCK_ZONE(zone); ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read); - if (zone->db != NULL) { + if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_ZONEVERSION) && zone->db != NULL) + { result = dns_db_getzoneversion(zone->db, b); if (result == ISC_R_NOTIMPLEMENTED) { result = zone_get_from_db(zone, zone->db, NULL, diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c index 45649d8770..72b317db15 100644 --- a/lib/isccfg/namedconf.c +++ b/lib/isccfg/namedconf.c @@ -2355,6 +2355,8 @@ static cfg_clausedef_t zone_clauses[] = { CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY }, { "parental-source-v6", &cfg_type_sockaddr6wild, CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY }, + { "provide-zoneversion", &cfg_type_boolean, + CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR }, { "send-report-channel", &cfg_type_astring, CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY }, { "request-expire", &cfg_type_boolean,