From ae539191546dd6e47fd5b7fbb4cbf4482fec340c Mon Sep 17 00:00:00 2001 From: Aram Sargsyan Date: Fri, 3 Sep 2021 00:56:47 +0000 Subject: [PATCH] Add synonym configuration options for catalog zones This commit adds 'primaries' and 'default-primaries' catalog zones configuration options synonyms for 'masters' and 'default-masters' respectively. --- bin/named/named.conf.rst | 18 ++++-- bin/named/server.c | 3 + bin/tests/system/catz/ns2/named.conf.in | 4 +- bin/tests/system/catz/tests.sh | 16 +++--- .../checkconf/bad-catz-zone-primary-dup.conf | 25 ++++++++ doc/arm/catz.rst | 7 +++ doc/man/named.conf.5in | 18 ++++-- doc/misc/named.conf.rst | 6 ++ doc/misc/options | 18 ++++-- doc/misc/options.active | 18 ++++-- doc/misc/options.grammar.rst | 9 ++- lib/bind9/check.c | 57 +++++++++++++++++++ lib/dns/catz.c | 3 +- lib/dns/include/dns/catz.h | 2 +- lib/isccfg/namedconf.c | 1 + 15 files changed, 166 insertions(+), 39 deletions(-) create mode 100644 bin/tests/system/checkconf/bad-catz-zone-primary-dup.conf diff --git a/bin/named/named.conf.rst b/bin/named/named.conf.rst index 2ee989bde2..fe28c894c8 100644 --- a/bin/named/named.conf.rst +++ b/bin/named/named.conf.rst @@ -190,9 +190,12 @@ OPTIONS catalog-zones { zone string [ default-masters [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key - string ] [ tls string ]; ... } ] [ zone-directory - quoted_string ] [ in-memory boolean ] [ min-update-interval - duration ]; ... }; + string ] [ tls string ]; ... } ] [ default-primaries [ port + integer ] [ dscp integer ] { ( remote-servers | + ipv4_address [ port integer ] | ipv6_address [ port + integer ] ) [ key string ] [ tls string ]; ... } ] [ + zone-directory quoted_string ] [ in-memory boolean ] [ + min-update-interval duration ]; ... }; check-dup-records ( fail | warn | ignore ); check-integrity boolean; check-mx ( fail | warn | ignore ); @@ -621,9 +624,12 @@ VIEW catalog-zones { zone string [ default-masters [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key - string ] [ tls string ]; ... } ] [ zone-directory - quoted_string ] [ in-memory boolean ] [ min-update-interval - duration ]; ... }; + string ] [ tls string ]; ... } ] [ default-primaries [ port + integer ] [ dscp integer ] { ( remote-servers | + ipv4_address [ port integer ] | ipv6_address [ port + integer ] ) [ key string ] [ tls string ]; ... } ] [ + zone-directory quoted_string ] [ in-memory boolean ] [ + min-update-interval duration ]; ... }; check-dup-records ( fail | warn | ignore ); check-integrity boolean; check-mx ( fail | warn | ignore ); diff --git a/bin/named/server.c b/bin/named/server.c index ff04689685..fcbca7e863 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -3085,6 +3085,9 @@ configure_catz_zone(dns_view_t *view, const cfg_obj_t *config, opts = dns_catz_zone_getdefoptions(zone); obj = cfg_tuple_get(catz_obj, "default-masters"); + if (obj == NULL || !cfg_obj_istuple(obj)) { + obj = cfg_tuple_get(catz_obj, "default-primaries"); + } if (obj != NULL && cfg_obj_istuple(obj)) { result = named_config_getipandkeylist( config, "primaries", obj, view->mctx, &opts->masters); diff --git a/bin/tests/system/catz/ns2/named.conf.in b/bin/tests/system/catz/ns2/named.conf.in index 30333e6e1b..3a017b1c03 100644 --- a/bin/tests/system/catz/ns2/named.conf.in +++ b/bin/tests/system/catz/ns2/named.conf.in @@ -32,7 +32,7 @@ options { in-memory no zone-directory "zonedir"; zone "catalog2.example" - default-masters { 10.53.0.1 port @EXTRAPORT1@; } + default-primaries { 10.53.0.1 port @EXTRAPORT1@; } in-memory yes; zone "catalog3.example" default-masters { 10.53.0.1; } @@ -40,7 +40,7 @@ options { #T1 zone "catalog4.example" #T1 default-masters { 10.53.0.1; }; #T2 zone "catalog5.example" -#T2 default-masters { 10.53.0.1; }; +#T2 default-primaries { 10.53.0.1; }; }; }; diff --git a/bin/tests/system/catz/tests.sh b/bin/tests/system/catz/tests.sh index 91b200d939..00af67cf59 100644 --- a/bin/tests/system/catz/tests.sh +++ b/bin/tests/system/catz/tests.sh @@ -470,7 +470,7 @@ echo_i "adding dom6.example. and an invalid global masters option (TSIG without ret=0 $NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1 server 10.53.0.1 ${PORT} - update add label1.masters.catalog1.example. 3600 IN TXT "tsig_key" + update add label1.primaries.catalog1.example. 3600 IN TXT "tsig_key" update add 4346f565b4d63ddb99e5d2497ff22d04e878e8f8.zones.catalog1.example. 3600 IN PTR dom6.example. send END @@ -490,7 +490,7 @@ echo_i "removing dom6.example. ($n)" ret=0 $NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1 server 10.53.0.1 ${PORT} - update delete label1.masters.catalog1.example. 3600 IN TXT "tsig_key" + update delete label1.primaries.catalog1.example. 3600 IN TXT "tsig_key" update delete 4346f565b4d63ddb99e5d2497ff22d04e878e8f8.zones.catalog1.example. 3600 IN PTR dom6.example. send END @@ -704,8 +704,8 @@ ret=0 $NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1 server 10.53.0.1 ${PORT} update add f0f989bc71c5c8ca3a1eb9c9ab5246521907e3af.zones.catalog1.example. 3600 IN PTR dom9.example. - update add label1.masters.f0f989bc71c5c8ca3a1eb9c9ab5246521907e3af.zones.catalog1.example. 3600 IN A 10.53.0.1 - update add label1.masters.f0f989bc71c5c8ca3a1eb9c9ab5246521907e3af.zones.catalog1.example. 3600 IN TXT "tsig_key" + update add label1.primaries.f0f989bc71c5c8ca3a1eb9c9ab5246521907e3af.zones.catalog1.example. 3600 IN A 10.53.0.1 + update add label1.primaries.f0f989bc71c5c8ca3a1eb9c9ab5246521907e3af.zones.catalog1.example. 3600 IN TXT "tsig_key" send END if [ $ret -ne 0 ]; then echo_i "failed"; fi @@ -732,8 +732,8 @@ ret=0 $NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1 server 10.53.0.1 ${PORT} update delete f0f989bc71c5c8ca3a1eb9c9ab5246521907e3af.zones.catalog1.example. 3600 IN PTR dom9.example. - update delete label1.masters.f0f989bc71c5c8ca3a1eb9c9ab5246521907e3af.zones.catalog1.example. 3600 IN A 10.53.0.1 - update delete label1.masters.f0f989bc71c5c8ca3a1eb9c9ab5246521907e3af.zones.catalog1.example. 3600 IN TXT "tsig_key" + update delete label1.primaries.f0f989bc71c5c8ca3a1eb9c9ab5246521907e3af.zones.catalog1.example. 3600 IN A 10.53.0.1 + update delete label1.primaries.f0f989bc71c5c8ca3a1eb9c9ab5246521907e3af.zones.catalog1.example. 3600 IN TXT "tsig_key" send END if [ $ret -ne 0 ]; then echo_i "failed"; fi @@ -761,7 +761,7 @@ ret=0 $NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1 server 10.53.0.1 ${PORT} update add f0f989bc71c5c8ca3a1eb9c9ab5246521907e3af.zones.catalog1.example. 3600 IN PTR dom9.example. - update add label1.masters.f0f989bc71c5c8ca3a1eb9c9ab5246521907e3af.zones.catalog1.example. 3600 IN TXT "tsig_key" + update add label1.primaries.f0f989bc71c5c8ca3a1eb9c9ab5246521907e3af.zones.catalog1.example. 3600 IN TXT "tsig_key" send END if [ $ret -ne 0 ]; then echo_i "failed"; fi @@ -781,7 +781,7 @@ ret=0 $NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1 server 10.53.0.1 ${PORT} update delete f0f989bc71c5c8ca3a1eb9c9ab5246521907e3af.zones.catalog1.example. 3600 IN PTR dom9.example. - update delete label1.masters.f0f989bc71c5c8ca3a1eb9c9ab5246521907e3af.zones.catalog1.example. 3600 IN TXT "tsig_key" + update delete label1.primaries.f0f989bc71c5c8ca3a1eb9c9ab5246521907e3af.zones.catalog1.example. 3600 IN TXT "tsig_key" send END if [ $ret -ne 0 ]; then echo_i "failed"; fi diff --git a/bin/tests/system/checkconf/bad-catz-zone-primary-dup.conf b/bin/tests/system/checkconf/bad-catz-zone-primary-dup.conf new file mode 100644 index 0000000000..475136ee95 --- /dev/null +++ b/bin/tests/system/checkconf/bad-catz-zone-primary-dup.conf @@ -0,0 +1,25 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + catalog-zones { + zone "catalog.example" + default-masters { 10.53.0.1; } + default-primaries { 10.53.0.1 port 5304; } + in-memory yes; + }; +}; + +zone "catalog.example" { + type secondary; + file "catalog.example.db"; + primaries { 10.53.0.1; }; +}; diff --git a/doc/arm/catz.rst b/doc/arm/catz.rst index a2f855e18e..2b03a945a2 100644 --- a/doc/arm/catz.rst +++ b/doc/arm/catz.rst @@ -104,6 +104,9 @@ The options following the zone name are not required, and may be specified in any order. ``default-masters`` + Synonym for ``default-primaries``. + +``default-primaries`` This option defines the default primaries for member zones listed in a catalog zone, and can be overridden by options within a catalog zone. If no such options are included, then member zones @@ -182,6 +185,8 @@ BIND currently supports the following options: either an A or AAAA record. If multiple primaries are set, the order in which they are used is random. + Note: ``masters`` can be used as a synonym for ``primaries``. + - A ``primaries`` with a TSIG key defined: :: @@ -194,6 +199,8 @@ BIND currently supports the following options: key set. The TSIG key must be configured in the configuration file. ``label`` can be any valid DNS label. + Note: ``masters`` can be used as a synonym for ``primaries``. + - ``allow-query`` and ``allow-transfer`` ACLs: :: diff --git a/doc/man/named.conf.5in b/doc/man/named.conf.5in index e7fa8cfae9..3b35124e7a 100644 --- a/doc/man/named.conf.5in +++ b/doc/man/named.conf.5in @@ -257,9 +257,12 @@ options { catalog\-zones { zone string [ default\-masters [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key - string ] [ tls string ]; ... } ] [ zone\-directory - quoted_string ] [ in\-memory boolean ] [ min\-update\-interval - duration ]; ... }; + string ] [ tls string ]; ... } ] [ default\-primaries [ port + integer ] [ dscp integer ] { ( remote\-servers | + ipv4_address [ port integer ] | ipv6_address [ port + integer ] ) [ key string ] [ tls string ]; ... } ] [ + zone\-directory quoted_string ] [ in\-memory boolean ] [ + min\-update\-interval duration ]; ... }; check\-dup\-records ( fail | warn | ignore ); check\-integrity boolean; check\-mx ( fail | warn | ignore ); @@ -724,9 +727,12 @@ view string [ class ] { catalog\-zones { zone string [ default\-masters [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key - string ] [ tls string ]; ... } ] [ zone\-directory - quoted_string ] [ in\-memory boolean ] [ min\-update\-interval - duration ]; ... }; + string ] [ tls string ]; ... } ] [ default\-primaries [ port + integer ] [ dscp integer ] { ( remote\-servers | + ipv4_address [ port integer ] | ipv6_address [ port + integer ] ) [ key string ] [ tls string ]; ... } ] [ + zone\-directory quoted_string ] [ in\-memory boolean ] [ + min\-update\-interval duration ]; ... }; check\-dup\-records ( fail | warn | ignore ); check\-integrity boolean; check\-mx ( fail | warn | ignore ); diff --git a/doc/misc/named.conf.rst b/doc/misc/named.conf.rst index 2b911e782d..fcac8e6f19 100644 --- a/doc/misc/named.conf.rst +++ b/doc/misc/named.conf.rst @@ -182,6 +182,9 @@ OPTIONS blackhole { address_match_element; ... }; cache-file quoted_string; catalog-zones { zone string [ default-masters [ port integer ] + [ dscp integer ] { ( masters | ipv4_address [ port + integer ] | ipv6_address [ port integer ] ) [ key + string ]; ... } ] [ default-primaries [ port integer ] [ dscp integer ] { ( masters | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... } ] [ zone-directory quoted_string ] [ @@ -557,6 +560,9 @@ VIEW auto-dnssec ( allow | maintain | off ); cache-file quoted_string; catalog-zones { zone string [ default-masters [ port integer ] + [ dscp integer ] { ( masters | ipv4_address [ port + integer ] | ipv6_address [ port integer ] ) [ key + string ]; ... } ] [ default-primaries [ port integer ] [ dscp integer ] { ( masters | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... } ] [ zone-directory quoted_string ] [ diff --git a/doc/misc/options b/doc/misc/options index cdc0d6a16f..92d979d68d 100644 --- a/doc/misc/options +++ b/doc/misc/options @@ -114,9 +114,12 @@ options { catalog-zones { zone [ default-masters [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key - ] [ tls ]; ... } ] [ zone-directory - ] [ in-memory ] [ min-update-interval - ]; ... }; + ] [ tls ]; ... } ] [ default-primaries [ port + ] [ dscp ] { ( | + [ port ] | [ port + ] ) [ key ] [ tls ]; ... } ] [ + zone-directory ] [ in-memory ] [ + min-update-interval ]; ... }; check-dup-records ( fail | warn | ignore ); check-integrity ; check-mx ( fail | warn | ignore ); @@ -500,9 +503,12 @@ view [ ] { catalog-zones { zone [ default-masters [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key - ] [ tls ]; ... } ] [ zone-directory - ] [ in-memory ] [ min-update-interval - ]; ... }; + ] [ tls ]; ... } ] [ default-primaries [ port + ] [ dscp ] { ( | + [ port ] | [ port + ] ) [ key ] [ tls ]; ... } ] [ + zone-directory ] [ in-memory ] [ + min-update-interval ]; ... }; check-dup-records ( fail | warn | ignore ); check-integrity ; check-mx ( fail | warn | ignore ); diff --git a/doc/misc/options.active b/doc/misc/options.active index 854ac23b31..49525fefbd 100644 --- a/doc/misc/options.active +++ b/doc/misc/options.active @@ -113,9 +113,12 @@ options { catalog-zones { zone [ default-masters [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key - ] [ tls ]; ... } ] [ zone-directory - ] [ in-memory ] [ min-update-interval - ]; ... }; + ] [ tls ]; ... } ] [ default-primaries [ port + ] [ dscp ] { ( | + [ port ] | [ port + ] ) [ key ] [ tls ]; ... } ] [ + zone-directory ] [ in-memory ] [ + min-update-interval ]; ... }; check-dup-records ( fail | warn | ignore ); check-integrity ; check-mx ( fail | warn | ignore ); @@ -497,9 +500,12 @@ view [ ] { catalog-zones { zone [ default-masters [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key - ] [ tls ]; ... } ] [ zone-directory - ] [ in-memory ] [ min-update-interval - ]; ... }; + ] [ tls ]; ... } ] [ default-primaries [ port + ] [ dscp ] { ( | + [ port ] | [ port + ] ) [ key ] [ tls ]; ... } ] [ + zone-directory ] [ in-memory ] [ + min-update-interval ]; ... }; check-dup-records ( fail | warn | ignore ); check-integrity ; check-mx ( fail | warn | ignore ); diff --git a/doc/misc/options.grammar.rst b/doc/misc/options.grammar.rst index 15b12ab9c3..a97296f59b 100644 --- a/doc/misc/options.grammar.rst +++ b/doc/misc/options.grammar.rst @@ -33,9 +33,12 @@ catalog-zones { zone [ default-masters [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key - ] [ tls ]; ... } ] [ zone-directory - ] [ in-memory ] [ min-update-interval - ]; ... }; + ] [ tls ]; ... } ] [ default-primaries [ port + ] [ dscp ] { ( | + [ port ] | [ port + ] ) [ key ] [ tls ]; ... } ] [ + zone-directory ] [ in-memory ] [ + min-update-interval ]; ... }; check-dup-records ( fail | warn | ignore ); check-integrity ; check-mx ( fail | warn | ignore ); diff --git a/lib/bind9/check.c b/lib/bind9/check.c index 927615f79e..156bb6a7b8 100644 --- a/lib/bind9/check.c +++ b/lib/bind9/check.c @@ -4557,6 +4557,50 @@ check_rpz_catz(const char *rpz_catz, const cfg_obj_t *rpz_obj, return (result); } +static isc_result_t +check_catz(const cfg_obj_t *catz_obj, const char *viewname, isc_log_t *logctx) { + const cfg_listelt_t *element; + const cfg_obj_t *obj, *nameobj, *primariesobj; + const char *zonename; + const char *forview = " for view "; + isc_result_t result; + + if (viewname == NULL) { + viewname = ""; + forview = ""; + } + + result = ISC_R_SUCCESS; + + obj = cfg_tuple_get(catz_obj, "zone list"); + + for (element = cfg_list_first(obj); element != NULL; + element = cfg_list_next(element)) + { + obj = cfg_listelt_value(element); + nameobj = cfg_tuple_get(obj, "zone name"); + zonename = cfg_obj_asstring(nameobj); + + primariesobj = cfg_tuple_get(obj, "default-primaries"); + if (primariesobj != NULL && cfg_obj_istuple(primariesobj)) { + primariesobj = cfg_tuple_get(obj, "default-masters"); + if (primariesobj != NULL && + cfg_obj_istuple(primariesobj)) { + cfg_obj_log(nameobj, logctx, ISC_LOG_ERROR, + "catalog zone '%s'%s%s: " + "'default-primaries' and " + "'default-masters' can not be both " + "defined", + zonename, forview, viewname); + result = ISC_R_FAILURE; + break; + } + } + } + + return (result); +} + /*% * Data structure used for the 'callback_data' argument to check_one_plugin(). */ @@ -4736,6 +4780,19 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions, } } + /* + * Check catalog-zones configuration. + */ + if (opts != NULL) { + obj = NULL; + if ((cfg_map_get(opts, "catalog-zones", &obj) == + ISC_R_SUCCESS) && + (check_catz(obj, viewname, logctx) != ISC_R_SUCCESS)) + { + result = ISC_R_FAILURE; + } + } + isc_symtab_destroy(&symtab); /* diff --git a/lib/dns/catz.c b/lib/dns/catz.c index 41402dd3d1..3f60afaf35 100644 --- a/lib/dns/catz.c +++ b/lib/dns/catz.c @@ -899,7 +899,8 @@ static catz_opt_t catz_get_option(const dns_label_t *option) { if (catz_opt_cmp(option, "zones")) { return (CATZ_OPT_ZONES); - } else if (catz_opt_cmp(option, "masters")) { + } else if (catz_opt_cmp(option, "masters") || + catz_opt_cmp(option, "primaries")) { return (CATZ_OPT_MASTERS); } else if (catz_opt_cmp(option, "allow-query")) { return (CATZ_OPT_ALLOW_QUERY); diff --git a/lib/dns/include/dns/catz.h b/lib/dns/include/dns/catz.h index 1d693d4f79..1c979d5815 100644 --- a/lib/dns/include/dns/catz.h +++ b/lib/dns/include/dns/catz.h @@ -48,7 +48,7 @@ struct dns_catz_entry_options { /* * Options that can be overridden in catalog zone */ - /* default-masters definition */ + /* default-masters/default-primaries definition */ dns_ipkeylist_t masters; /* both as text in config format, NULL if none */ diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c index b44fed3dbb..5ce42dfbff 100644 --- a/lib/isccfg/namedconf.c +++ b/lib/isccfg/namedconf.c @@ -1842,6 +1842,7 @@ static cfg_type_t cfg_type_catz_zone = { "zone", parse_keyvalue, static cfg_tuplefielddef_t catz_zone_fields[] = { { "zone name", &cfg_type_catz_zone, 0 }, { "default-masters", &cfg_type_namesockaddrkeylist, 0 }, + { "default-primaries", &cfg_type_namesockaddrkeylist, 0 }, { "zone-directory", &cfg_type_qstring, 0 }, { "in-memory", &cfg_type_boolean, 0 }, { "min-update-interval", &cfg_type_duration, 0 },