mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-03 16:15:27 +00:00
Code Issues Releases Wiki Activity

[master] "rndc validation check"

Browse Source 
3512.	[func]		"rndc validation check" reports the current status
			of DNSSEC validation. [RT #21397]
This commit is contained in:
Evan Hunt
2013-03-04 12:00:51 -08:00
parent c387825f77
commit 9ffd0f0270
5 changed files with 48 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@@ -1,3 +1,6 @@
3512. [func] "rndc validation check" reports the current status
of DNSSEC validation. [RT #21397]
3511. [doc] Improve documentation of redirect zones. [RT #32756] 3511. [doc] Improve documentation of redirect zones. [RT #32756]
3510. [func] "rndc status" and XML statistics channel now report 3510. [func] "rndc status" and XML statistics channel now report

2
bin/named/control.c
View File

@@ -197,7 +197,7 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
} else if (command_compare(command, NS_COMMAND_NOTIFY)) { } else if (command_compare(command, NS_COMMAND_NOTIFY)) {
result = ns_server_notifycommand(ns_g_server, command, text); result = ns_server_notifycommand(ns_g_server, command, text);
} else if (command_compare(command, NS_COMMAND_VALIDATION)) { } else if (command_compare(command, NS_COMMAND_VALIDATION)) {
result = ns_server_validation(ns_g_server, command); result = ns_server_validation(ns_g_server, command, text);
} else if (command_compare(command, NS_COMMAND_SIGN) || } else if (command_compare(command, NS_COMMAND_SIGN) ||
command_compare(command, NS_COMMAND_LOADKEYS)) { command_compare(command, NS_COMMAND_LOADKEYS)) {
result = ns_server_rekey(ns_g_server, command); result = ns_server_rekey(ns_g_server, command);

2
bin/named/include/named/server.h
View File

@@ -338,7 +338,7 @@ ns_add_reserved_dispatch(ns_server_t *server, const isc_sockaddr_t *addr);
* Enable or disable dnssec validation. * Enable or disable dnssec validation.
*/ */
isc_result_t isc_result_t
ns_server_validation(ns_server_t *server, char *args); ns_server_validation(ns_server_t *server, char *args, isc_buffer_t *text);
/*% /*%
* Add a zone to a running process * Add a zone to a running process

40
bin/named/server.c
View File

@@ -7333,12 +7333,12 @@ ns_server_setdebuglevel(ns_server_t *server, char *args) {
} }
isc_result_t isc_result_t
ns_server_validation(ns_server_t *server, char *args) { ns_server_validation(ns_server_t *server, char *args, isc_buffer_t *text) {
char *ptr, *viewname; char *ptr, *viewname;
dns_view_t *view; dns_view_t *view;
isc_boolean_t changed = ISC_FALSE; isc_boolean_t changed = ISC_FALSE;
isc_result_t result; isc_result_t result;
isc_boolean_t enable; isc_boolean_t enable, set = ISC_TRUE, first = ISC_TRUE;
/* Skip the command name. */ /* Skip the command name. */
ptr = next_token(&args, " \t"); ptr = next_token(&args, " \t");
@@ -7356,7 +7356,9 @@ ns_server_validation(ns_server_t *server, char *args) {
else if (!strcasecmp(ptr, "off") || !strcasecmp(ptr, "no") || else if (!strcasecmp(ptr, "off") || !strcasecmp(ptr, "no") ||
!strcasecmp(ptr, "disable") || !strcasecmp(ptr, "false")) !strcasecmp(ptr, "disable") || !strcasecmp(ptr, "false"))
enable = ISC_FALSE; enable = ISC_FALSE;
else else if (!strcasecmp(ptr, "check")) {
set = ISC_FALSE;
} else
return (DNS_R_SYNTAX); return (DNS_R_SYNTAX);
/* Look for the view name. */ /* Look for the view name. */
@@ -7373,10 +7375,40 @@ ns_server_validation(ns_server_t *server, char *args) {
result = dns_view_flushcache(view); result = dns_view_flushcache(view);
if (result != ISC_R_SUCCESS) if (result != ISC_R_SUCCESS)
goto out; goto out;
if (set) {
view->enablevalidation = enable; view->enablevalidation = enable;
changed = ISC_TRUE; changed = ISC_TRUE;
} else {
unsigned int n;
if (!first) {
n = snprintf((char *)isc_buffer_used(text),
isc_buffer_availablelength(text),
"\n");
if (n >= isc_buffer_availablelength(text)) {
result = ISC_R_NOSPACE;
goto out;
} }
if (changed) isc_buffer_add(text, n);
}
first = ISC_FALSE;
n = snprintf((char *)isc_buffer_used(text),
isc_buffer_availablelength(text),
"DNSSEC validation is %s (view %s)",
view->enablevalidation ?
"enabled" : "disabled",
view->name);
if (n >= isc_buffer_availablelength(text)) {
result = ISC_R_NOSPACE;
goto out;
}
isc_buffer_add(text, n);
}
}
if (!set)
result = ISC_R_SUCCESS;
else if (changed)
result = ISC_R_SUCCESS; result = ISC_R_SUCCESS;
else else
result = ISC_R_FAILURE; result = ISC_R_FAILURE;

8
doc/arm/Bv9ARM-book.xml
View File

@@ -1512,14 +1512,16 @@ zone "eng.example.com" {
<varlistentry> <varlistentry>
<term><userinput>validation <term><userinput>validation
<optional>on|off</optional> ( on | off | check )
<optional><replaceable>view ...</replaceable></optional> <optional><replaceable>view ...</replaceable></optional>
</userinput></term> </userinput></term>
<listitem> <listitem>
<para> <para>
Enable or disable DNSSEC validation. Enable, disable, or check the current status of
DNSSEC validation.
Note <command>dnssec-enable</command> also needs to be Note <command>dnssec-enable</command> also needs to be
set to <userinput>yes</userinput> to be effective. set to <userinput>yes</userinput> or
<userinput>auto</userinput> to be effective.
It defaults to enabled. It defaults to enabled.
</para> </para>
</listitem> </listitem>