From d878b8d87c3f46a25ccae9f5cfe6e39af67562e0 Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Mon, 14 May 2012 11:50:00 -0700 Subject: [PATCH] merged filter-aaaa-on-v6 (ATT SoW) 3327. [func] Added 'filter-aaaa-on-v6' option; this is similar to 'filter-aaaa-on-v4' but applies to IPv6 connections. (Use "configure --enable-filter-aaaa" to enable this option.) [RT #27308] --- CHANGES | 5 + bin/named/client.c | 9 +- bin/named/config.c | 3 +- bin/named/include/named/client.h | 6 +- bin/named/query.c | 73 +- bin/named/server.c | 27 +- bin/tests/system/filter-aaaa/clean.sh | 8 +- bin/tests/system/filter-aaaa/filter-aaaa.c | 2 +- .../ns1/{named.conf => named1.conf} | 12 +- bin/tests/system/filter-aaaa/ns1/named2.conf | 46 ++ .../ns2/{named.conf => named1.conf} | 11 +- bin/tests/system/filter-aaaa/ns2/named2.conf | 44 ++ .../ns3/{named.conf => named1.conf} | 11 +- bin/tests/system/filter-aaaa/ns3/named2.conf | 44 ++ .../ns4/{named.conf => named1.conf} | 11 +- bin/tests/system/filter-aaaa/ns4/named2.conf | 46 ++ bin/tests/system/filter-aaaa/setup.sh | 5 + bin/tests/system/filter-aaaa/tests.sh | 655 +++++++++++++++++- bin/tests/system/statistics/tests.sh | 3 +- config.h.in | 7 +- configure | 537 +++++++------- configure.in | 8 +- doc/arm/Bv9ARM-book.xml | 13 + lib/bind9/check.c | 86 ++- lib/dns/include/dns/message.h | 2 +- lib/dns/include/dns/types.h | 8 +- lib/dns/include/dns/view.h | 5 +- lib/dns/message.c | 4 +- lib/dns/view.c | 9 +- lib/isccfg/namedconf.c | 21 +- 30 files changed, 1334 insertions(+), 387 deletions(-) rename bin/tests/system/filter-aaaa/ns1/{named.conf => named1.conf} (86%) create mode 100644 bin/tests/system/filter-aaaa/ns1/named2.conf rename bin/tests/system/filter-aaaa/ns2/{named.conf => named1.conf} (85%) create mode 100644 bin/tests/system/filter-aaaa/ns2/named2.conf rename bin/tests/system/filter-aaaa/ns3/{named.conf => named1.conf} (85%) create mode 100644 bin/tests/system/filter-aaaa/ns3/named2.conf rename bin/tests/system/filter-aaaa/ns4/{named.conf => named1.conf} (86%) create mode 100644 bin/tests/system/filter-aaaa/ns4/named2.conf diff --git a/CHANGES b/CHANGES index f94f7924b8..2c974099ea 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,8 @@ +3327. [func] Added 'filter-aaaa-on-v6' option; this is similar + to 'filter-aaaa-on-v4' but applies to IPv6 + connections. (Use "configure --enable-filter-aaaa" + to enable this option.) [RT #27308] + 3326. [func] Added task list statistics: task model, worker threads, quantum, tasks running, tasks ready. [RT #27678] diff --git a/bin/named/client.c b/bin/named/client.c index 1891be7ec4..00678c6337 100644 --- a/bin/named/client.c +++ b/bin/named/client.c @@ -941,10 +941,11 @@ ns_client_send(ns_client_t *client) { preferred_glue = DNS_MESSAGERENDER_PREFER_AAAA; } -#ifdef ALLOW_FILTER_AAAA_ON_V4 +#ifdef ALLOW_FILTER_AAAA /* * filter-aaaa-on-v4 yes or break-dnssec option to suppress - * AAAA records + * AAAA records. + * * We already know that request came via IPv4, * that we have both AAAA and A records, * and that we either have no signatures that the client wants @@ -2120,8 +2121,8 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) { client->recursionquota = NULL; client->interface = NULL; client->peeraddr_valid = ISC_FALSE; -#ifdef ALLOW_FILTER_AAAA_ON_V4 - client->filter_aaaa = dns_v4_aaaa_ok; +#ifdef ALLOW_FILTER_AAAA + client->filter_aaaa = dns_aaaa_ok; #endif ISC_EVENT_INIT(&client->ctlevent, sizeof(client->ctlevent), 0, NULL, NS_EVENT_CLIENTCONTROL, client_start, client, client, diff --git a/bin/named/config.c b/bin/named/config.c index b6894a6404..eb1eef3504 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -162,8 +162,9 @@ options {\n\ nsec3-test-zone no;\n\ allow-new-zones no;\n\ " -#ifdef ALLOW_FILTER_AAAA_ON_V4 +#ifdef ALLOW_FILTER_AAAA " filter-aaaa-on-v4 no;\n\ + filter-aaaa-on-v6 no;\n\ filter-aaaa { any; };\n\ " #endif diff --git a/bin/named/include/named/client.h b/bin/named/include/named/client.h index d37bf1adbf..9762e57535 100644 --- a/bin/named/include/named/client.h +++ b/bin/named/include/named/client.h @@ -141,8 +141,8 @@ struct ns_client { isc_netaddr_t destaddr; struct in6_pktinfo pktinfo; isc_event_t ctlevent; -#ifdef ALLOW_FILTER_AAAA_ON_V4 - dns_v4_aaaa_t filter_aaaa; +#ifdef ALLOW_FILTER_AAAA + dns_aaaa_t filter_aaaa; #endif /*% * Information about recent FORMERR response(s), for @@ -173,7 +173,7 @@ typedef ISC_LIST(ns_client_t) client_list_t; #define NS_CLIENTATTR_MULTICAST 0x08 /*%< recv'd from multicast */ #define NS_CLIENTATTR_WANTDNSSEC 0x10 /*%< include dnssec records */ #define NS_CLIENTATTR_WANTNSID 0x20 /*%< include nameserver ID */ -#ifdef ALLOW_FILTER_AAAA_ON_V4 +#ifdef ALLOW_FILTER_AAAA #define NS_CLIENTATTR_FILTER_AAAA 0x40 /*%< suppress AAAAs */ #define NS_CLIENTATTR_FILTER_AAAA_RC 0x80 /*%< recursing for A against AAAA */ #endif diff --git a/bin/named/query.c b/bin/named/query.c index 7e50097803..eb9639ec82 100644 --- a/bin/named/query.c +++ b/bin/named/query.c @@ -1381,7 +1381,7 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) { } if (qtype == dns_rdatatype_a) { -#ifdef ALLOW_FILTER_AAAA_ON_V4 +#ifdef ALLOW_FILTER_AAAA isc_boolean_t have_a = ISC_FALSE; #endif @@ -1423,7 +1423,7 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) { } if (result == ISC_R_SUCCESS) { mname = NULL; -#ifdef ALLOW_FILTER_AAAA_ON_V4 +#ifdef ALLOW_FILTER_AAAA have_a = ISC_TRUE; #endif if (!query_isduplicate(client, fname, @@ -1475,10 +1475,10 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) { /* * There's an A; check whether we're filtering AAAA */ -#ifdef ALLOW_FILTER_AAAA_ON_V4 +#ifdef ALLOW_FILTER_AAAA if (have_a && - (client->filter_aaaa == dns_v4_aaaa_break_dnssec || - (client->filter_aaaa == dns_v4_aaaa_filter && + (client->filter_aaaa == dns_aaaa_break_dnssec || + (client->filter_aaaa == dns_aaaa_filter && (!WANTDNSSEC(client) || sigrdataset == NULL || !dns_rdataset_isassociated(sigrdataset))))) goto addname; @@ -5190,7 +5190,7 @@ query_findclosestnsec3(dns_name_t *qname, dns_db_t *db, return; } -#ifdef ALLOW_FILTER_AAAA_ON_V4 +#ifdef ALLOW_FILTER_AAAA static isc_boolean_t is_v4_client(ns_client_t *client) { if (isc_sockaddr_pf(&client->peeraddr) == AF_INET) @@ -5200,6 +5200,14 @@ is_v4_client(ns_client_t *client) { return (ISC_TRUE); return (ISC_FALSE); } + +static isc_boolean_t +is_v6_client(ns_client_t *client) { + if (isc_sockaddr_pf(&client->peeraddr) == AF_INET6 && + !IN6_IS_ADDR_V4MAPPED(&client->peeraddr.type.sin6.sin6_addr)) + return (ISC_TRUE); + return (ISC_FALSE); +} #endif static isc_uint32_t @@ -6699,25 +6707,36 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) need_wildcardproof = ISC_TRUE; } -#ifdef ALLOW_FILTER_AAAA_ON_V4 - if (client->view->v4_aaaa != dns_v4_aaaa_ok && - is_v4_client(client) && - ns_client_checkaclsilent(client, NULL, - client->view->v4_aaaa_acl, - ISC_TRUE) == ISC_R_SUCCESS) - client->filter_aaaa = client->view->v4_aaaa; - else - client->filter_aaaa = dns_v4_aaaa_ok; +#ifdef ALLOW_FILTER_AAAA + /* + * The filter-aaaa-on-v4 option should suppress AAAAs for IPv4 + * clients if there is an A; filter-aaaa-on-v6 option does the same + * for IPv6 clients. + */ + client->filter_aaaa = dns_aaaa_ok; + if (client->view->v4_aaaa != dns_aaaa_ok || + client->view->v6_aaaa != dns_aaaa_ok) + { + result = ns_client_checkaclsilent(client, NULL, + client->view->aaaa_acl, + ISC_TRUE); + if (result == ISC_R_SUCCESS && + client->view->v4_aaaa != dns_aaaa_ok && + is_v4_client(client)) + client->filter_aaaa = client->view->v4_aaaa; + else if (result == ISC_R_SUCCESS && + client->view->v6_aaaa != dns_aaaa_ok && + is_v6_client(client)) + client->filter_aaaa = client->view->v6_aaaa; + } #endif if (type == dns_rdatatype_any) { -#ifdef ALLOW_FILTER_AAAA_ON_V4 +#ifdef ALLOW_FILTER_AAAA isc_boolean_t have_aaaa, have_a, have_sig; /* - * The filter-aaaa-on-v4 option should - * suppress AAAAs for IPv4 clients if there is an A. * If we are not authoritative, assume there is a A * even in if it is not in our cache. This assumption could * be wrong but it is a good bet. @@ -6754,12 +6773,12 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) result = dns_rdatasetiter_first(rdsiter); while (result == ISC_R_SUCCESS) { dns_rdatasetiter_current(rdsiter, rdataset); -#ifdef ALLOW_FILTER_AAAA_ON_V4 +#ifdef ALLOW_FILTER_AAAA /* * Notice the presence of A and AAAAs so * that AAAAs can be hidden from IPv4 clients. */ - if (client->filter_aaaa != dns_v4_aaaa_ok) { + if (client->filter_aaaa != dns_aaaa_ok) { if (rdataset->type == dns_rdatatype_aaaa) have_aaaa = ISC_TRUE; else if (rdataset->type == dns_rdatatype_a) @@ -6777,7 +6796,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) dns_rdataset_disassociate(rdataset); } else if ((qtype == dns_rdatatype_any || rdataset->type == qtype) && rdataset->type != 0) { -#ifdef ALLOW_FILTER_AAAA_ON_V4 +#ifdef ALLOW_FILTER_AAAA if (dns_rdatatype_isdnssec(rdataset->type)) have_sig = ISC_TRUE; #endif @@ -6811,14 +6830,14 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) result = dns_rdatasetiter_next(rdsiter); } -#ifdef ALLOW_FILTER_AAAA_ON_V4 +#ifdef ALLOW_FILTER_AAAA /* * Filter AAAAs if there is an A and there is no signature * or we are supposed to break DNSSEC. */ - if (client->filter_aaaa == dns_v4_aaaa_break_dnssec) + if (client->filter_aaaa == dns_aaaa_break_dnssec) client->attributes |= NS_CLIENTATTR_FILTER_AAAA; - else if (client->filter_aaaa != dns_v4_aaaa_ok && + else if (client->filter_aaaa != dns_aaaa_ok && have_aaaa && have_a && (!have_sig || !WANTDNSSEC(client))) client->attributes |= NS_CLIENTATTR_FILTER_AAAA; @@ -6873,7 +6892,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) * we know the answer. */ -#ifdef ALLOW_FILTER_AAAA_ON_V4 +#ifdef ALLOW_FILTER_AAAA /* * Optionally hide AAAAs from IPv4 clients if there is an A. * We add the AAAAs now, but might refuse to render them later @@ -6882,8 +6901,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) * so fundamentally wrong, unavoidably inaccurate, and * unneeded that it is best to keep it as short as possible. */ - if (client->filter_aaaa == dns_v4_aaaa_break_dnssec || - (client->filter_aaaa == dns_v4_aaaa_filter && + if (client->filter_aaaa == dns_aaaa_break_dnssec || + (client->filter_aaaa == dns_aaaa_filter && (!WANTDNSSEC(client) || sigrdataset == NULL || !dns_rdataset_isassociated(sigrdataset)))) { diff --git a/bin/named/server.c b/bin/named/server.c index c6375f8514..8ce6a5ac55 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -2572,24 +2572,41 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_asuint32(obj), max_clients_per_query); -#ifdef ALLOW_FILTER_AAAA_ON_V4 +#ifdef ALLOW_FILTER_AAAA obj = NULL; result = ns_config_get(maps, "filter-aaaa-on-v4", &obj); INSIST(result == ISC_R_SUCCESS); if (cfg_obj_isboolean(obj)) { if (cfg_obj_asboolean(obj)) - view->v4_aaaa = dns_v4_aaaa_filter; + view->v4_aaaa = dns_aaaa_filter; else - view->v4_aaaa = dns_v4_aaaa_ok; + view->v4_aaaa = dns_aaaa_ok; } else { const char *v4_aaaastr = cfg_obj_asstring(obj); if (strcasecmp(v4_aaaastr, "break-dnssec") == 0) - view->v4_aaaa = dns_v4_aaaa_break_dnssec; + view->v4_aaaa = dns_aaaa_break_dnssec; else INSIST(0); } + + obj = NULL; + result = ns_config_get(maps, "filter-aaaa-on-v6", &obj); + INSIST(result == ISC_R_SUCCESS); + if (cfg_obj_isboolean(obj)) { + if (cfg_obj_asboolean(obj)) + view->v6_aaaa = dns_aaaa_filter; + else + view->v6_aaaa = dns_aaaa_ok; + } else { + const char *v6_aaaastr = cfg_obj_asstring(obj); + if (strcasecmp(v6_aaaastr, "break-dnssec") == 0) + view->v6_aaaa = dns_aaaa_break_dnssec; + else + INSIST(0); + } + CHECK(configure_view_acl(vconfig, config, "filter-aaaa", NULL, - actx, ns_g_mctx, &view->v4_aaaa_acl)); + actx, ns_g_mctx, &view->aaaa_acl)); #endif obj = NULL; diff --git a/bin/tests/system/filter-aaaa/clean.sh b/bin/tests/system/filter-aaaa/clean.sh index 69fb72858d..65231d97d6 100644 --- a/bin/tests/system/filter-aaaa/clean.sh +++ b/bin/tests/system/filter-aaaa/clean.sh @@ -20,20 +20,20 @@ rm -f ns1/K* rm -f ns1/*.signed rm -f ns1/signer.err rm -f ns1/dsset-* -rm -f ns1/named.run +rm -f ns1/named.run ns1/named.conf rm -f ns1/named.memstats -rm -f ns2/named.run +rm -f ns2/named.run ns2/named.conf rm -f ns2/named.memstats -rm -f ns3/named.run +rm -f ns3/named.run ns3/named.conf rm -f ns3/named.memstats rm -f ns4/K* rm -f ns4/*.signed rm -f ns4/signer.err rm -f ns4/dsset-* -rm -f ns4/named.run +rm -f ns4/named.run ns4/named.conf rm -f ns4/named.memstats rm -f random.data diff --git a/bin/tests/system/filter-aaaa/filter-aaaa.c b/bin/tests/system/filter-aaaa/filter-aaaa.c index 64428d2c16..71bbc216ae 100644 --- a/bin/tests/system/filter-aaaa/filter-aaaa.c +++ b/bin/tests/system/filter-aaaa/filter-aaaa.c @@ -25,7 +25,7 @@ main(int argc, char **argv) { UNUSED(argc); UNUSED(argv); -#ifdef ALLOW_FILTER_AAAA_ON_V4 +#ifdef ALLOW_FILTER_AAAA return (0); #else return (1); diff --git a/bin/tests/system/filter-aaaa/ns1/named.conf b/bin/tests/system/filter-aaaa/ns1/named1.conf similarity index 86% rename from bin/tests/system/filter-aaaa/ns1/named.conf rename to bin/tests/system/filter-aaaa/ns1/named1.conf index 5971cc2a63..6282121cd9 100644 --- a/bin/tests/system/filter-aaaa/ns1/named.conf +++ b/bin/tests/system/filter-aaaa/ns1/named1.conf @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.2 2010/06/22 03:58:37 marka Exp $ */ +/* $Id: named1.conf,v 1.1.2.1 2012/01/07 03:32:15 each Exp $ */ controls { /* empty */ }; @@ -32,6 +32,16 @@ options { filter-aaaa { 10.53.0.1; }; }; +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-md5; +}; + +controls { + inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; }; +}; + + zone "." { type master; file "root.db"; }; zone "signed" { type master; file "signed.db.signed"; }; zone "unsigned" { type master; file "unsigned.db"; }; diff --git a/bin/tests/system/filter-aaaa/ns1/named2.conf b/bin/tests/system/filter-aaaa/ns1/named2.conf new file mode 100644 index 0000000000..2e39600586 --- /dev/null +++ b/bin/tests/system/filter-aaaa/ns1/named2.conf @@ -0,0 +1,46 @@ +/* + * Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: named2.conf,v 1.1.2.1 2012/01/07 03:32:15 each Exp $ */ + +controls { /* empty */ }; + +options { + query-source address 10.53.0.1; + notify-source 10.53.0.1; + transfer-source 10.53.0.1; + port 5300; + pid-file "named.pid"; + listen-on { 10.53.0.1; }; + listen-on-v6 { fd92:7065:b8e:ffff::1; }; + recursion no; + notify yes; + filter-aaaa-on-v6 yes; + filter-aaaa { fd92:7065:b8e:ffff::1; }; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-md5; +}; + +controls { + inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; }; +}; + +zone "." { type master; file "root.db"; }; +zone "signed" { type master; file "signed.db.signed"; }; +zone "unsigned" { type master; file "unsigned.db"; }; diff --git a/bin/tests/system/filter-aaaa/ns2/named.conf b/bin/tests/system/filter-aaaa/ns2/named1.conf similarity index 85% rename from bin/tests/system/filter-aaaa/ns2/named.conf rename to bin/tests/system/filter-aaaa/ns2/named1.conf index 627c91b1ae..620ce210d5 100644 --- a/bin/tests/system/filter-aaaa/ns2/named.conf +++ b/bin/tests/system/filter-aaaa/ns2/named1.conf @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.2 2010/06/22 03:58:38 marka Exp $ */ +/* $Id: named1.conf,v 1.1.2.1 2012/01/07 03:32:16 each Exp $ */ controls { /* empty */ }; @@ -32,4 +32,13 @@ options { filter-aaaa { 10.53.0.2; }; }; +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-md5; +}; + +controls { + inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; }; +}; + zone "." { type hint; file "hints"; }; diff --git a/bin/tests/system/filter-aaaa/ns2/named2.conf b/bin/tests/system/filter-aaaa/ns2/named2.conf new file mode 100644 index 0000000000..3e6d9b361f --- /dev/null +++ b/bin/tests/system/filter-aaaa/ns2/named2.conf @@ -0,0 +1,44 @@ +/* + * Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: named2.conf,v 1.1.2.1 2012/01/07 03:32:16 each Exp $ */ + +controls { /* empty */ }; + +options { + query-source address 10.53.0.2; + notify-source 10.53.0.2; + transfer-source 10.53.0.2; + port 5300; + pid-file "named.pid"; + listen-on { 10.53.0.2; }; + listen-on-v6 { fd92:7065:b8e:ffff::2; }; + recursion yes; + notify yes; + filter-aaaa-on-v6 yes; + filter-aaaa { fd92:7065:b8e:ffff::2; }; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-md5; +}; + +controls { + inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; }; +}; + +zone "." { type hint; file "hints"; }; diff --git a/bin/tests/system/filter-aaaa/ns3/named.conf b/bin/tests/system/filter-aaaa/ns3/named1.conf similarity index 85% rename from bin/tests/system/filter-aaaa/ns3/named.conf rename to bin/tests/system/filter-aaaa/ns3/named1.conf index 0260e50cca..4fff9ea5c8 100644 --- a/bin/tests/system/filter-aaaa/ns3/named.conf +++ b/bin/tests/system/filter-aaaa/ns3/named1.conf @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.2 2010/06/22 03:58:38 marka Exp $ */ +/* $Id: named1.conf,v 1.1.2.1 2012/01/07 03:32:16 each Exp $ */ controls { /* empty */ }; @@ -32,4 +32,13 @@ options { filter-aaaa { 10.53.0.3; }; }; +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-md5; +}; + +controls { + inet 10.53.0.3 port 9953 allow { any; } keys { rndc_key; }; +}; + zone "." { type hint; file "hints"; }; diff --git a/bin/tests/system/filter-aaaa/ns3/named2.conf b/bin/tests/system/filter-aaaa/ns3/named2.conf new file mode 100644 index 0000000000..c77285523a --- /dev/null +++ b/bin/tests/system/filter-aaaa/ns3/named2.conf @@ -0,0 +1,44 @@ +/* + * Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: named2.conf,v 1.1.2.1 2012/01/07 03:32:16 each Exp $ */ + +controls { /* empty */ }; + +options { + query-source address 10.53.0.3; + notify-source 10.53.0.3; + transfer-source 10.53.0.3; + port 5300; + pid-file "named.pid"; + listen-on { 10.53.0.3; }; + listen-on-v6 { fd92:7065:b8e:ffff::3; }; + recursion yes; + notify yes; + filter-aaaa-on-v6 break-dnssec; + filter-aaaa { fd92:7065:b8e:ffff::3; }; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-md5; +}; + +controls { + inet 10.53.0.3 port 9953 allow { any; } keys { rndc_key; }; +}; + +zone "." { type hint; file "hints"; }; diff --git a/bin/tests/system/filter-aaaa/ns4/named.conf b/bin/tests/system/filter-aaaa/ns4/named1.conf similarity index 86% rename from bin/tests/system/filter-aaaa/ns4/named.conf rename to bin/tests/system/filter-aaaa/ns4/named1.conf index 3e9539e26c..94b6c15a31 100644 --- a/bin/tests/system/filter-aaaa/ns4/named.conf +++ b/bin/tests/system/filter-aaaa/ns4/named1.conf @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.2 2010/06/22 03:58:38 marka Exp $ */ +/* $Id: named1.conf,v 1.1.2.1 2012/01/07 03:32:16 each Exp $ */ controls { /* empty */ }; @@ -32,6 +32,15 @@ options { filter-aaaa { 10.53.0.4; }; }; +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-md5; +}; + +controls { + inet 10.53.0.4 port 9953 allow { any; } keys { rndc_key; }; +}; + zone "." { type master; file "root.db"; }; zone "signed" { type master; file "signed.db.signed"; }; zone "unsigned" { type master; file "unsigned.db"; }; diff --git a/bin/tests/system/filter-aaaa/ns4/named2.conf b/bin/tests/system/filter-aaaa/ns4/named2.conf new file mode 100644 index 0000000000..cef92b8ba4 --- /dev/null +++ b/bin/tests/system/filter-aaaa/ns4/named2.conf @@ -0,0 +1,46 @@ +/* + * Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: named2.conf,v 1.1.2.1 2012/01/07 03:32:16 each Exp $ */ + +controls { /* empty */ }; + +options { + query-source address 10.53.0.4; + notify-source 10.53.0.4; + transfer-source 10.53.0.4; + port 5300; + pid-file "named.pid"; + listen-on { 10.53.0.4; }; + listen-on-v6 { fd92:7065:b8e:ffff::4; }; + recursion no; + notify yes; + filter-aaaa-on-v6 break-dnssec; + filter-aaaa { fd92:7065:b8e:ffff::4; }; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-md5; +}; + +controls { + inet 10.53.0.4 port 9953 allow { any; } keys { rndc_key; }; +}; + +zone "." { type master; file "root.db"; }; +zone "signed" { type master; file "signed.db.signed"; }; +zone "unsigned" { type master; file "unsigned.db"; }; diff --git a/bin/tests/system/filter-aaaa/setup.sh b/bin/tests/system/filter-aaaa/setup.sh index 3c0c94263f..3e196925e7 100644 --- a/bin/tests/system/filter-aaaa/setup.sh +++ b/bin/tests/system/filter-aaaa/setup.sh @@ -20,5 +20,10 @@ sh clean.sh ../../../tools/genrandom 400 random.data +cp ns1/named1.conf ns1/named.conf +cp ns2/named1.conf ns2/named.conf +cp ns3/named1.conf ns3/named.conf +cp ns4/named1.conf ns4/named.conf + (cd ns1 && sh -e sign.sh) (cd ns4 && sh -e sign.sh) diff --git a/bin/tests/system/filter-aaaa/tests.sh b/bin/tests/system/filter-aaaa/tests.sh index 7592de547a..3a7443c994 100644 --- a/bin/tests/system/filter-aaaa/tests.sh +++ b/bin/tests/system/filter-aaaa/tests.sh @@ -200,7 +200,7 @@ if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is included in additional section, qtype=MX, unsigned, over IPV6 ($n)" +echo "I:checking that AAAA is included in additional section, qtype=MX, unsigned, over IPv6 ($n)" if $TESTSOCK6 fd92:7065:b8e:ffff::1 then ret=0 @@ -368,7 +368,7 @@ if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is included in additional section, qtype=MX, unsigned, over IPV6, with break-dnssec ($n)" +echo "I:checking that AAAA is included in additional section, qtype=MX, unsigned, over IPv6, with break-dnssec ($n)" if $TESTSOCK6 fd92:7065:b8e:ffff::4 then ret=0 @@ -535,7 +535,7 @@ if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is included in additional section, qtype=MX, unsigned, over IPV6 ($n)" +echo "I:checking that AAAA is included in additional section, qtype=MX, unsigned, over IPv6 ($n)" if $TESTSOCK6 fd92:7065:b8e:ffff::2 then ret=0 @@ -702,7 +702,7 @@ if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is included in additional section, qtype=MX, unsigned, over IPV6, recursive with break-dnssec ($n)" +echo "I:checking that AAAA is included in additional section, qtype=MX, unsigned, over IPv6, recursive with break-dnssec ($n)" if $TESTSOCK6 fd92:7065:b8e:ffff::3 then ret=0 @@ -714,5 +714,652 @@ else echo "I: skipped." fi +$TESTSOCK6 fd92:7065:b8e:ffff::1 || { + echo "I:IPv6 address not configured; skipping IPv6 query tests" + echo "I:exit status: $status" + exit $status +} + +# Reconfiguring for IPv6 tests +echo "I:reconfiguring servers" +cp -f ns1/named2.conf ns1/named.conf +$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 reconfig 2>&1 | sed 's/^/I:ns1 /' +cp -f ns2/named2.conf ns2/named.conf +$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reconfig 2>&1 | sed 's/^/I:ns2 /' +cp -f ns3/named2.conf ns3/named.conf +$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 reconfig 2>&1 | sed 's/^/I:ns3 /' +cp -f ns4/named2.conf ns4/named.conf +$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 reconfig 2>&1 | sed 's/^/I:ns4 /' + +# BEGIN IPv6 TESTS + +# +# Authoritative tests against: +# filter-aaaa-on-v6 yes; +# filter-aaaa { fd92:7065:b8e:ffff::1; }; +# +n=`expr $n + 1` +echo "I:checking that AAAA is returned when only AAAA record exists, signed ($n)" +ret=0 +$DIG $DIGOPTS aaaa aaaa-only.signed -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 +grep ::2 dig.out.ns1.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that AAAA is returned when only AAAA record exists, unsigned ($n)" +ret=0 +$DIG $DIGOPTS aaaa aaaa-only.unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 +grep ::5 dig.out.ns1.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed ($n)" +ret=0 +$DIG $DIGOPTS aaaa dual.signed -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 +grep "ANSWER: 0" dig.out.ns1.test$n > /dev/null || ret=1 +grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned ($n)" +ret=0 +$DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 +grep "ANSWER: 0" dig.out.ns1.test$n > /dev/null || ret=1 +grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that AAAA is returned when both AAAA and A records exist, signed and DO set ($n)" +ret=0 +$DIG $DIGOPTS aaaa dual.signed +dnssec -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 +grep ::3 dig.out.ns1.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned and DO set ($n)" +ret=0 +$DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 +grep "ANSWER: 0" dig.out.ns1.test$n > /dev/null || ret=1 +grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that AAAA is returned when both AAAA and A records exist and query source does not match acl ($n)" +ret=0 +$DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 +grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 +grep ::6 dig.out.ns1.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, signed and qtype=ANY ($n)" +ret=0 +$DIG $DIGOPTS any dual.signed -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 +grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 +grep "1.0.0.3" dig.out.ns1.test$n > /dev/null || ret=1 +grep "::3" dig.out.ns1.test$n > /dev/null && ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned and qtype=ANY ($n)" +ret=0 +$DIG $DIGOPTS any dual.unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 +grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 +grep "1.0.0.6" dig.out.ns1.test$n > /dev/null || ret=1 +grep "::6" dig.out.ns1.test$n > /dev/null && ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that both A and AAAA are returned when both AAAA and A records exist, signed, qtype=ANY and DO is set ($n)" +ret=0 +$DIG $DIGOPTS any dual.signed +dnssec -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 +grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 +grep ::3 dig.out.ns1.test$n > /dev/null || ret=1 +grep "1.0.0.3" dig.out.ns1.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned, qtype=ANY and DO is set ($n)" +ret=0 +$DIG $DIGOPTS any dual.unsigned +dnssec -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 +grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 +grep "1.0.0.6" dig.out.ns1.test$n > /dev/null || ret=1 +grep "::6" dig.out.ns1.test$n > /dev/null && ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that both A and AAAA are returned when both AAAA and A records exist, qtype=ANY and query source does not match acl ($n)" +ret=0 +$DIG $DIGOPTS any dual.unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 +grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 +grep 1.0.0.6 dig.out.ns1.test$n > /dev/null || ret=1 +grep ::6 dig.out.ns1.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that AAAA is returned when both AAAA and A record exists, unsigned over IPv4 ($n)" +ret=0 +$DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 +grep 2001:db8::6 dig.out.ns1.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that AAAA is omitted from additional section, qtype=NS ($n)" +ret=0 +$DIG $DIGOPTS +add +dnssec ns unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 +grep AAAA dig.out.ns1.test$n > /dev/null 2>&1 && ret=1 +grep "ADDITIONAL: 2" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that AAAA is omitted from additional section, qtype=MX, unsigned ($n)" +ret=0 +$DIG $DIGOPTS +add +dnssec mx unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 +grep "^mx.unsigned.*AAAA" dig.out.ns1.test$n > /dev/null 2>&1 && ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that AAAA is included in additional section, qtype=MX, signed ($n)" +ret=0 +$DIG $DIGOPTS +add +dnssec mx signed -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 +grep "^mx.signed.*AAAA" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that AAAA is included in additional section, qtype=MX, unsigned, over IPv4 ($n)" +ret=0 +$DIG $DIGOPTS +add +dnssec mx unsigned -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 +grep "^mx.unsigned.*AAAA" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + + +# +# Authoritative tests against: +# filter-aaaa-on-v6 break-dnssec; +# filter-aaaa { fd92:7065:b8e:ffff::4; }; +# +n=`expr $n + 1` +echo "I:checking that AAAA is returned when only AAAA record exists, signed with break-dnssec ($n)" +ret=0 +$DIG $DIGOPTS aaaa aaaa-only.signed -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 +grep ::2 dig.out.ns4.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that AAAA is returned when only AAAA record exists, unsigned with break-dnssec ($n)" +ret=0 +$DIG $DIGOPTS aaaa aaaa-only.unsigned -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 +grep ::5 dig.out.ns4.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed with break-dnssec ($n)" +ret=0 +$DIG $DIGOPTS aaaa dual.signed -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 +grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned with break-dnssec ($n)" +ret=0 +$DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 +grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed and DO set with break-dnssec ($n)" +ret=0 +$DIG $DIGOPTS aaaa dual.signed +dnssec -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 +grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned and DO set with break-dnssec ($n)" +ret=0 +$DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 +grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that AAAA is returned when both AAAA and A records exist and query source does not match acl with break-dnssec ($n)" +ret=0 +$DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +grep ::6 dig.out.ns4.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, signed and qtype=ANY with break-dnssec ($n)" +ret=0 +$DIG $DIGOPTS any dual.signed -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +grep "1.0.0.3" dig.out.ns4.test$n > /dev/null || ret=1 +grep "::3" dig.out.ns4.test$n > /dev/null && ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned and qtype=ANY with break-dnssec ($n)" +ret=0 +$DIG $DIGOPTS any dual.unsigned -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +grep "1.0.0.6" dig.out.ns4.test$n > /dev/null || ret=1 +grep "::6" dig.out.ns4.test$n > /dev/null && ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, signed, qtype=ANY and DO is set with break-dnssec ($n)" +ret=0 +$DIG $DIGOPTS any dual.signed +dnssec -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +grep "1.0.0.3" dig.out.ns4.test$n > /dev/null || ret=1 +grep ::3 dig.out.ns4.test$n > /dev/null && ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned, qtype=ANY and DO is set with break-dnssec ($n)" +ret=0 +$DIG $DIGOPTS any dual.unsigned +dnssec -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +grep "1.0.0.6" dig.out.ns4.test$n > /dev/null || ret=1 +grep "::6" dig.out.ns4.test$n > /dev/null && ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that both A and AAAA are returned when both AAAA and A records exist, qtype=ANY and query source does not match acl with break-dnssec ($n)" +ret=0 +$DIG $DIGOPTS any dual.unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +grep 1.0.0.6 dig.out.ns4.test$n > /dev/null || ret=1 +grep ::6 dig.out.ns4.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that AAAA is returned when both AAAA and A record exists, unsigned over IPv4 with break-dnssec ($n)" +ret=0 +$DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 +grep 2001:db8::6 dig.out.ns4.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that AAAA is omitted from additional section, qtype=NS, with break-dnssec ($n)" +ret=0 +$DIG $DIGOPTS +add +dnssec ns unsigned -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 +grep AAAA dig.out.ns4.test$n > /dev/null 2>&1 && ret=1 +grep "ADDITIONAL: 2" dig.out.ns4.test$n > /dev/null 2>&1 || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that AAAA is omitted from additional section, qtype=MX, unsigned, with break-dnssec ($n)" +ret=0 +$DIG $DIGOPTS +add +dnssec mx unsigned -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 +grep "^mx.unsigned.*AAAA" dig.out.ns4.test$n > /dev/null 2>&1 && ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that AAAA is omitted from additional section, qtype=MX, signed, with break-dnssec ($n)" +ret=0 +$DIG $DIGOPTS +add +dnssec mx signed -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 +grep "^mx.signed.*AAAA" dig.out.ns4.test$n > /dev/null 2>&1 && ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that AAAA is included in additional section, qtype=MX, unsigned, over IPv4, with break-dnssec ($n)" +ret=0 +$DIG $DIGOPTS +add +dnssec mx unsigned -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 +grep "^mx.unsigned.*AAAA" dig.out.ns4.test$n > /dev/null 2>&1 || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + + +# +# Recursive tests against: +# filter-aaaa-on-v6 yes; +# filter-aaaa { fd92:7065:b8e:ffff::2; }; +# +n=`expr $n + 1` +echo "I:checking that AAAA is returned when only AAAA record exists, signed, recursive ($n)" +ret=0 +$DIG $DIGOPTS aaaa aaaa-only.signed -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 +grep ::2 dig.out.ns2.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that AAAA is returned when only AAAA record exists, unsigned, recursive ($n)" +ret=0 +$DIG $DIGOPTS aaaa aaaa-only.unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 +grep ::5 dig.out.ns2.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed, recursive ($n)" +ret=0 +$DIG $DIGOPTS aaaa dual.signed -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 +grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 +grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned, recursive ($n)" +ret=0 +$DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 +grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 +grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that AAAA is returned when both AAAA and A records exist, signed and DO set, recursive ($n)" +ret=0 +$DIG $DIGOPTS aaaa dual.signed +dnssec -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 +grep ::3 dig.out.ns2.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned and DO set, recursive ($n)" +ret=0 +$DIG $DIGOPTS aaaa dual.unsigned +dnssec -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 +grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 +grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that AAAA is returned when both AAAA and A records exist and query source does not match acl, recursive ($n)" +ret=0 +$DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 +grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 +grep ::6 dig.out.ns2.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, signed and qtype=ANY recursive ($n)" +ret=0 +$DIG $DIGOPTS any dual.signed -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 +grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 +grep "1.0.0.3" dig.out.ns2.test$n > /dev/null || ret=1 +grep "::3" dig.out.ns2.test$n > /dev/null && ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned and qtype=ANY recursive ($n)" +ret=0 +$DIG $DIGOPTS any dual.unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 +grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 +grep "1.0.0.6" dig.out.ns2.test$n > /dev/null || ret=1 +grep "::6" dig.out.ns2.test$n > /dev/null && ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that both A and AAAA are returned when both AAAA and A records exist, signed, qtype=ANY and DO is set, recursive ($n)" +ret=0 +$DIG $DIGOPTS any dual.signed +dnssec -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 +grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 +grep ::3 dig.out.ns2.test$n > /dev/null || ret=1 +grep "1.0.0.3" dig.out.ns2.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned, qtype=ANY and DO is set, recursive ($n)" +ret=0 +$DIG $DIGOPTS any dual.unsigned +dnssec -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 +grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 +grep "1.0.0.6" dig.out.ns2.test$n > /dev/null || ret=1 +grep "::6" dig.out.ns2.test$n > /dev/null && ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that both A and AAAA are returned when both AAAA and A records exist, qtype=ANY and query source does not match acl, recursive ($n)" +ret=0 +$DIG $DIGOPTS any dual.unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 +grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 +grep 1.0.0.6 dig.out.ns2.test$n > /dev/null || ret=1 +grep ::6 dig.out.ns2.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that AAAA is returned when both AAAA and A record exists, unsigned over IPv4, recursive ($n)" +ret=0 +$DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 +grep 2001:db8::6 dig.out.ns2.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that AAAA is omitted from additional section, qtype=NS ($n)" +ret=0 +$DIG $DIGOPTS +add +dnssec ns unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 +grep AAAA dig.out.ns2.test$n > /dev/null 2>&1 && ret=1 +grep "ADDITIONAL: 2" dig.out.ns2.test$n > /dev/null 2>&1 || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that AAAA is omitted from additional section, qtype=MX, unsigned ($n)" +ret=0 +$DIG $DIGOPTS +add +dnssec mx unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 +grep "^mx.unsigned.*AAAA" dig.out.ns2.test$n > /dev/null 2>&1 && ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that AAAA is included in additional section, qtype=MX, signed ($n)" +ret=0 +$DIG $DIGOPTS +add +dnssec mx signed -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 +grep "^mx.signed.*AAAA" dig.out.ns2.test$n > /dev/null 2>&1 || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that AAAA is included in additional section, qtype=MX, unsigned, over IPv4 ($n)" +ret=0 +$DIG $DIGOPTS +add +dnssec mx unsigned -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 +grep "^mx.unsigned.*AAAA" dig.out.ns2.test$n > /dev/null 2>&1 || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + + +# +# Recursive tests against: +# filter-aaaa-on-v6 yes; +# filter-aaaa { fd92:7065:b8e:ffff::3; }; +# +n=`expr $n + 1` +echo "I:checking that AAAA is returned when only AAAA record exists, signed, recursive with break-dnssec ($n)" +ret=0 +$DIG $DIGOPTS aaaa aaaa-only.signed -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 +grep ::2 dig.out.ns3.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that AAAA is returned when only AAAA record exists, unsigned, recursive with break-dnssec ($n)" +ret=0 +$DIG $DIGOPTS aaaa aaaa-only.unsigned -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 +grep ::5 dig.out.ns3.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed, recursive with break-dnssec ($n)" +ret=0 +$DIG $DIGOPTS aaaa dual.signed -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 +grep "ANSWER: 0" dig.out.ns3.test$n > /dev/null || ret=1 +grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned, recursive with break-dnssec ($n)" +ret=0 +$DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 +grep "ANSWER: 0" dig.out.ns3.test$n > /dev/null || ret=1 +grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed and DO set, recursive with break-dnssec ($n)" +ret=0 +$DIG $DIGOPTS aaaa dual.signed +dnssec -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 +grep "ANSWER: 0" dig.out.ns3.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned and DO set, recursive with break-dnssec ($n)" +ret=0 +$DIG $DIGOPTS aaaa dual.unsigned +dnssec -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 +grep "ANSWER: 0" dig.out.ns3.test$n > /dev/null || ret=1 +grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that AAAA is returned when both AAAA and A records exist and query source does not match acl, recursive with break-dnssec ($n)" +ret=0 +$DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 +grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 +grep ::6 dig.out.ns3.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, signed and qtype=ANY with break-dnssec ($n)" +ret=0 +$DIG $DIGOPTS any dual.signed -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 +grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 +grep "1.0.0.3" dig.out.ns3.test$n > /dev/null || ret=1 +grep "::3" dig.out.ns3.test$n > /dev/null && ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned and qtype=ANY with break-dnssec ($n)" +ret=0 +$DIG $DIGOPTS any dual.unsigned -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 +grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 +grep "1.0.0.6" dig.out.ns3.test$n > /dev/null || ret=1 +grep "::6" dig.out.ns3.test$n > /dev/null && ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, signed, qtype=ANY and DO is set with break-dnssec ($n)" +ret=0 +$DIG $DIGOPTS any dual.signed +dnssec -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 +grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 +grep "1.0.0.3" dig.out.ns3.test$n > /dev/null || ret=1 +grep ::3 dig.out.ns3.test$n > /dev/null && ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned, qtype=ANY and DO is set with break-dnssec ($n)" +ret=0 +$DIG $DIGOPTS any dual.unsigned +dnssec -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 +grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 +grep "1.0.0.6" dig.out.ns3.test$n > /dev/null || ret=1 +grep "::6" dig.out.ns3.test$n > /dev/null && ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that both A and AAAA are returned when both AAAA and A records exist, qtype=ANY and query source does not match acl, recursive with break-dnssec ($n)" +ret=0 +$DIG $DIGOPTS any dual.unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 +grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 +grep 1.0.0.6 dig.out.ns3.test$n > /dev/null || ret=1 +grep ::6 dig.out.ns3.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that AAAA is returned when both AAAA and A record exists, unsigned over IPv4, recursive with break-dnssec ($n)" +ret=0 +$DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 +grep 2001:db8::6 dig.out.ns3.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that AAAA is omitted from additional section, qtype=NS, recursive with break-dnssec ($n)" +ret=0 +$DIG $DIGOPTS +add +dnssec ns unsigned -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 +grep AAAA dig.out.ns3.test$n > /dev/null 2>&1 && ret=1 +grep "ADDITIONAL: 2" dig.out.ns3.test$n > /dev/null 2>&1 || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that AAAA is omitted from additional section, qtype=MX, unsigned, recursive with break-dnssec ($n)" +ret=0 +$DIG $DIGOPTS +add +dnssec mx unsigned -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 +grep "^mx.unsigned.*AAAA" dig.out.ns3.test$n > /dev/null 2>&1 && ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that AAAA is omitted from additional section, qtype=MX, signed, recursive with break-dnssec ($n)" +ret=0 +$DIG $DIGOPTS +add +dnssec mx signed -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 +grep "^mx.signed.*AAAA" dig.out.ns3.test$n > /dev/null 2>&1 && ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that AAAA is included in additional section, qtype=MX, unsigned, over IPv4, recursive with break-dnssec ($n)" +ret=0 +$DIG $DIGOPTS +add +dnssec mx unsigned -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 +grep "^mx.unsigned.*AAAA" dig.out.ns3.test$n > /dev/null 2>&1 || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + echo "I:exit status: $status" exit $status diff --git a/bin/tests/system/statistics/tests.sh b/bin/tests/system/statistics/tests.sh index d522641c53..1315017a63 100644 --- a/bin/tests/system/statistics/tests.sh +++ b/bin/tests/system/statistics/tests.sh @@ -84,8 +84,7 @@ status=`expr $status + $ret` ret=0 echo "I: verifying active sockets output" nsock1=`grep "UDP/IPv4 sockets active" ns3/named.stats | awk '{print $1}'` -[ "$nsock0" -eq 2 ] || ret=1 -[ "$nsock1" -eq 3 ] || ret=1 +[ `expr $nsock1 - $nsock0` -eq 1 ] || ret=1 if [ $ret != 0 ]; then echo "I: failed"; fi status=`expr $status + $ret` diff --git a/config.h.in b/config.h.in index 7075ee090d..290c3833f2 100644 --- a/config.h.in +++ b/config.h.in @@ -1,6 +1,6 @@ /* config.h.in. Generated from configure.in by autoheader. */ /* - * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2008, 2012 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -150,8 +150,9 @@ int sigwait(const unsigned int *set, int *sig); /* Define if building universal (internal helper macro) */ #undef AC_APPLE_UNIVERSAL_BUILD -/* Define to enable the "filter-aaaa-on-v4" option. */ -#undef ALLOW_FILTER_AAAA_ON_V4 +/* Define to enable the "filter-aaaa-on-v4" and "filter-aaaa-on-v6" options. + */ +#undef ALLOW_FILTER_AAAA /* define if ATF unit tests are to be built. */ #undef ATF_TEST diff --git a/configure b/configure index 55e3b78ccf..5dc4788101 100755 --- a/configure +++ b/configure @@ -519,12 +519,12 @@ # # From configure.in Revision: 1.533 . # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.67. +# Generated by GNU Autoconf 2.65. # # # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, -# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software -# Foundation, Inc. +# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # # # This configure script is free software; the Free Software Foundation @@ -835,7 +835,7 @@ $as_echo X"$as_dir" | test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" - } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" + } || test -d "$as_dir" || as_fn_error "cannot create directory $as_dir" } # as_fn_mkdir_p @@ -875,19 +875,19 @@ else fi # as_fn_arith -# as_fn_error STATUS ERROR [LINENO LOG_FD] -# ---------------------------------------- +# as_fn_error ERROR [LINENO LOG_FD] +# --------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the -# script with STATUS, using 1 if that was 0. +# script with status $?, using 1 if that was 0. as_fn_error () { - as_status=$1; test $as_status -eq 0 && as_status=1 - if test "$4"; then - as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + as_status=$?; test $as_status -eq 0 && as_status=1 + if test "$3"; then + as_lineno=${as_lineno-"$2"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $1" >&$3 fi - $as_echo "$as_me: error: $2" >&2 + $as_echo "$as_me: error: $1" >&2 as_fn_exit $as_status } # as_fn_error @@ -1203,7 +1203,7 @@ test -n "$DJDIR" || exec 7<&0 &1 # Name of the host. -# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status, +# hostname on some systems (SVR3.2, Linux) returns a bogus exit status, # so uname gets run too. ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` @@ -1677,9 +1677,8 @@ do fi case $ac_option in - *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; - *=) ac_optarg= ;; - *) ac_optarg=yes ;; + *=*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; + *) ac_optarg=yes ;; esac # Accept the important Cygnus configure options, so we can diagnose typos. @@ -1724,7 +1723,7 @@ do ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid feature name: $ac_useropt" + as_fn_error "invalid feature name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in @@ -1750,7 +1749,7 @@ do ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid feature name: $ac_useropt" + as_fn_error "invalid feature name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in @@ -1954,7 +1953,7 @@ do ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid package name: $ac_useropt" + as_fn_error "invalid package name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in @@ -1970,7 +1969,7 @@ do ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid package name: $ac_useropt" + as_fn_error "invalid package name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in @@ -2000,8 +1999,8 @@ do | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) x_libraries=$ac_optarg ;; - -*) as_fn_error $? "unrecognized option: \`$ac_option' -Try \`$0 --help' for more information" + -*) as_fn_error "unrecognized option: \`$ac_option' +Try \`$0 --help' for more information." ;; *=*) @@ -2009,7 +2008,7 @@ Try \`$0 --help' for more information" # Reject names that are not valid shell variable names. case $ac_envvar in #( '' | [0-9]* | *[!_$as_cr_alnum]* ) - as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; + as_fn_error "invalid variable name: \`$ac_envvar'" ;; esac eval $ac_envvar=\$ac_optarg export $ac_envvar ;; @@ -2027,13 +2026,13 @@ done if test -n "$ac_prev"; then ac_option=--`echo $ac_prev | sed 's/_/-/g'` - as_fn_error $? "missing argument to $ac_option" + as_fn_error "missing argument to $ac_option" fi if test -n "$ac_unrecognized_opts"; then case $enable_option_checking in no) ;; - fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; + fatal) as_fn_error "unrecognized options: $ac_unrecognized_opts" ;; *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; esac fi @@ -2056,7 +2055,7 @@ do [\\/$]* | ?:[\\/]* ) continue;; NONE | '' ) case $ac_var in *prefix ) continue;; esac;; esac - as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" + as_fn_error "expected an absolute directory name for --$ac_var: $ac_val" done # There might be people who depend on the old broken behavior: `$host' @@ -2070,8 +2069,8 @@ target=$target_alias if test "x$host_alias" != x; then if test "x$build_alias" = x; then cross_compiling=maybe - $as_echo "$as_me: WARNING: if you wanted to set the --build type, don't use --host. - If a cross compiler is detected then cross compile mode will be used" >&2 + $as_echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host. + If a cross compiler is detected then cross compile mode will be used." >&2 elif test "x$build_alias" != "x$host_alias"; then cross_compiling=yes fi @@ -2086,9 +2085,9 @@ test "$silent" = yes && exec 6>/dev/null ac_pwd=`pwd` && test -n "$ac_pwd" && ac_ls_di=`ls -di .` && ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || - as_fn_error $? "working directory cannot be determined" + as_fn_error "working directory cannot be determined" test "X$ac_ls_di" = "X$ac_pwd_ls_di" || - as_fn_error $? "pwd does not report name of working directory" + as_fn_error "pwd does not report name of working directory" # Find the source files, if location was not specified. @@ -2127,11 +2126,11 @@ else fi if test ! -r "$srcdir/$ac_unique_file"; then test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." - as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" + as_fn_error "cannot find sources ($ac_unique_file) in $srcdir" fi ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" ac_abs_confdir=`( - cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" + cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error "$ac_msg" pwd)` # When building in place, set srcdir=. if test "$ac_abs_confdir" = "$ac_pwd"; then @@ -2171,7 +2170,7 @@ Configuration: --help=short display options specific to this package --help=recursive display the short help of all the included packages -V, --version display version information and exit - -q, --quiet, --silent do not print \`checking ...' messages + -q, --quiet, --silent do not print \`checking...' messages --cache-file=FILE cache test results in FILE [disabled] -C, --config-cache alias for \`--cache-file=config.cache' -n, --no-create do not create output files @@ -2259,7 +2258,7 @@ Optional Features: [default=no] --enable-rpz-nsip enable rpz-nsip rules [default=no] --enable-rpz-nsdname enable rpz-nsdname rules [default=no] - --enable-filter-aaaa enable filtering of AAAA records over IPv4 + --enable-filter-aaaa enable filtering of AAAA records [default=no] Optional Packages: @@ -2392,9 +2391,9 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF configure -generated by GNU Autoconf 2.67 +generated by GNU Autoconf 2.65 -Copyright (C) 2010 Free Software Foundation, Inc. +Copyright (C) 2009 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ACEOF @@ -2510,7 +2509,7 @@ $as_echo "$ac_try_echo"; } >&5 mv -f conftest.er1 conftest.err fi $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } > conftest.i && { + test $ac_status = 0; } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then : @@ -2534,10 +2533,10 @@ fi ac_fn_c_check_header_mongrel () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - if eval "test \"\${$3+set}\"" = set; then : + if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } -if eval "test \"\${$3+set}\"" = set; then : +if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : $as_echo_n "(cached) " >&6 fi eval ac_res=\$$3 @@ -2573,7 +2572,7 @@ if ac_fn_c_try_cpp "$LINENO"; then : else ac_header_preproc=no fi -rm -f conftest.err conftest.i conftest.$ac_ext +rm -f conftest.err conftest.$ac_ext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5 $as_echo "$ac_header_preproc" >&6; } @@ -2600,7 +2599,7 @@ $as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } -if eval "test \"\${$3+set}\"" = set; then : +if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : $as_echo_n "(cached) " >&6 else eval "$3=\$ac_header_compiler" @@ -2664,7 +2663,7 @@ ac_fn_c_check_header_compile () as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } -if eval "test \"\${$3+set}\"" = set; then : +if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -2694,7 +2693,7 @@ ac_fn_c_check_func () as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } -if eval "test \"\${$3+set}\"" = set; then : +if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -2812,7 +2811,7 @@ $as_echo "$ac_try_echo"; } >&5 mv -f conftest.er1 conftest.err fi $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } > conftest.i && { + test $ac_status = 0; } >/dev/null && { test -z "$ac_cxx_preproc_warn_flag$ac_cxx_werror_flag" || test ! -s conftest.err }; then : @@ -2967,7 +2966,7 @@ ac_fn_c_check_type () as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } -if eval "test \"\${$3+set}\"" = set; then : +if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : $as_echo_n "(cached) " >&6 else eval "$3=no" @@ -3194,7 +3193,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It was created by $as_me, which was -generated by GNU Autoconf 2.67. Invocation command line was +generated by GNU Autoconf 2.65. Invocation command line was $ $0 $@ @@ -3304,9 +3303,11 @@ trap 'exit_status=$? { echo - $as_echo "## ---------------- ## + cat <<\_ASBOX +## ---------------- ## ## Cache variables. ## -## ---------------- ##" +## ---------------- ## +_ASBOX echo # The following way of writing the cache mishandles newlines in values, ( @@ -3340,9 +3341,11 @@ $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; ) echo - $as_echo "## ----------------- ## + cat <<\_ASBOX +## ----------------- ## ## Output variables. ## -## ----------------- ##" +## ----------------- ## +_ASBOX echo for ac_var in $ac_subst_vars do @@ -3355,9 +3358,11 @@ $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; echo if test -n "$ac_subst_files"; then - $as_echo "## ------------------- ## + cat <<\_ASBOX +## ------------------- ## ## File substitutions. ## -## ------------------- ##" +## ------------------- ## +_ASBOX echo for ac_var in $ac_subst_files do @@ -3371,9 +3376,11 @@ $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; fi if test -s confdefs.h; then - $as_echo "## ----------- ## + cat <<\_ASBOX +## ----------- ## ## confdefs.h. ## -## ----------- ##" +## ----------- ## +_ASBOX echo cat confdefs.h echo @@ -3428,12 +3435,7 @@ _ACEOF ac_site_file1=NONE ac_site_file2=NONE if test -n "$CONFIG_SITE"; then - # We do not want a PATH search for config.site. - case $CONFIG_SITE in #(( - -*) ac_site_file1=./$CONFIG_SITE;; - */*) ac_site_file1=$CONFIG_SITE;; - *) ac_site_file1=./$CONFIG_SITE;; - esac + ac_site_file1=$CONFIG_SITE elif test "x$prefix" != xNONE; then ac_site_file1=$prefix/share/config.site ac_site_file2=$prefix/etc/config.site @@ -3448,11 +3450,7 @@ do { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 $as_echo "$as_me: loading site script $ac_site_file" >&6;} sed 's/^/| /' "$ac_site_file" >&5 - . "$ac_site_file" \ - || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "failed to load site script $ac_site_file -See \`config.log' for more details" "$LINENO" 5; } + . "$ac_site_file" fi done @@ -3528,7 +3526,7 @@ if $ac_cache_corrupted; then $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 $as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} - as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 + as_fn_error "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 fi ## -------------------- ## ## Main body of script. ## @@ -3548,22 +3546,16 @@ ac_config_headers="$ac_config_headers config.h" ac_aux_dir= for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do - if test -f "$ac_dir/install-sh"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/install-sh -c" - break - elif test -f "$ac_dir/install.sh"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/install.sh -c" - break - elif test -f "$ac_dir/shtool"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/shtool install -c" - break - fi + for ac_t in install-sh install.sh shtool; do + if test -f "$ac_dir/$ac_t"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/$ac_t -c" + break 2 + fi + done done if test -z "$ac_aux_dir"; then - as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5 + as_fn_error "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5 fi # These three variables are undocumented and unsupported, @@ -3577,7 +3569,7 @@ ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. # Make sure we can run config.sub. $SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || - as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 + as_fn_error "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 $as_echo_n "checking build system type... " >&6; } @@ -3588,16 +3580,16 @@ else test "x$ac_build_alias" = x && ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` test "x$ac_build_alias" = x && - as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5 + as_fn_error "cannot guess build type; you must specify one" "$LINENO" 5 ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || - as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5 + as_fn_error "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5 fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 $as_echo "$ac_cv_build" >&6; } case $ac_cv_build in *-*-*) ;; -*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;; +*) as_fn_error "invalid value of canonical build" "$LINENO" 5;; esac build=$ac_cv_build ac_save_IFS=$IFS; IFS='-' @@ -3622,7 +3614,7 @@ else ac_cv_host=$ac_cv_build else ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || - as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5 + as_fn_error "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5 fi fi @@ -3630,7 +3622,7 @@ fi $as_echo "$ac_cv_host" >&6; } case $ac_cv_host in *-*-*) ;; -*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;; +*) as_fn_error "invalid value of canonical host" "$LINENO" 5;; esac host=$ac_cv_host ac_save_IFS=$IFS; IFS='-' @@ -3651,7 +3643,7 @@ case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac $as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } set x ${MAKE-make} ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` -if eval "test \"\${ac_cv_prog_make_${ac_make}_set+set}\"" = set; then : +if { as_var=ac_cv_prog_make_${ac_make}_set; eval "test \"\${$as_var+set}\" = set"; }; then : $as_echo_n "(cached) " >&6 else cat >conftest.make <<\_ACEOF @@ -3659,7 +3651,7 @@ SHELL = /bin/sh all: @echo '@@@%%%=$(MAKE)=@@@%%%' _ACEOF -# GNU make sometimes prints "make[1]: Entering ...", which would confuse us. +# GNU make sometimes prints "make[1]: Entering...", which would confuse us. case `${MAKE-make} -f conftest.make 2>/dev/null` in *@@@%%%=?*=@@@%%%*) eval ac_cv_prog_make_${ac_make}_set=yes;; @@ -4063,8 +4055,8 @@ fi test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "no acceptable C compiler found in \$PATH -See \`config.log' for more details" "$LINENO" 5; } +as_fn_error "no acceptable C compiler found in \$PATH +See \`config.log' for more details." "$LINENO" 5; } # Provide some information about the compiler. $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 @@ -4178,8 +4170,9 @@ sed 's/^/| /' conftest.$ac_ext >&5 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error 77 "C compiler cannot create executables -See \`config.log' for more details" "$LINENO" 5; } +{ as_fn_set_status 77 +as_fn_error "C compiler cannot create executables +See \`config.log' for more details." "$LINENO" 5; }; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } @@ -4221,8 +4214,8 @@ done else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "cannot compute suffix of executables: cannot compile and link -See \`config.log' for more details" "$LINENO" 5; } +as_fn_error "cannot compute suffix of executables: cannot compile and link +See \`config.log' for more details." "$LINENO" 5; } fi rm -f conftest conftest$ac_cv_exeext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 @@ -4279,9 +4272,9 @@ $as_echo "$ac_try_echo"; } >&5 else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "cannot run C compiled programs. +as_fn_error "cannot run C compiled programs. If you meant to cross compile, use \`--host'. -See \`config.log' for more details" "$LINENO" 5; } +See \`config.log' for more details." "$LINENO" 5; } fi fi fi @@ -4332,8 +4325,8 @@ sed 's/^/| /' conftest.$ac_ext >&5 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "cannot compute suffix of object files: cannot compile -See \`config.log' for more details" "$LINENO" 5; } +as_fn_error "cannot compute suffix of object files: cannot compile +See \`config.log' for more details." "$LINENO" 5; } fi rm -f conftest.$ac_cv_objext conftest.$ac_ext fi @@ -4663,7 +4656,7 @@ esac done IFS=$as_save_IFS if test -z "$ac_cv_path_GREP"; then - as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + as_fn_error "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_GREP=$GREP @@ -4729,7 +4722,7 @@ esac done IFS=$as_save_IFS if test -z "$ac_cv_path_EGREP"; then - as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + as_fn_error "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_EGREP=$EGREP @@ -4826,7 +4819,7 @@ else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi -test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5 +test -z "$LD" && as_fn_error "no acceptable ld found in \$PATH" "$LINENO" 5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5 $as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; } if test "${lt_cv_prog_gnu_ld+set}" = set; then : @@ -5172,7 +5165,7 @@ ia64-*-hpux*) ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 5175 "configure"' > conftest.$ac_ext + echo '#line 5168 "configure"' > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -5379,7 +5372,7 @@ else # Broken: fails on valid input. continue fi -rm -f conftest.err conftest.i conftest.$ac_ext +rm -f conftest.err conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. @@ -5395,11 +5388,11 @@ else ac_preproc_ok=: break fi -rm -f conftest.err conftest.i conftest.$ac_ext +rm -f conftest.err conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. -rm -f conftest.i conftest.err conftest.$ac_ext +rm -f conftest.err conftest.$ac_ext if $ac_preproc_ok; then : break fi @@ -5438,7 +5431,7 @@ else # Broken: fails on valid input. continue fi -rm -f conftest.err conftest.i conftest.$ac_ext +rm -f conftest.err conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. @@ -5454,18 +5447,18 @@ else ac_preproc_ok=: break fi -rm -f conftest.err conftest.i conftest.$ac_ext +rm -f conftest.err conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. -rm -f conftest.i conftest.err conftest.$ac_ext +rm -f conftest.err conftest.$ac_ext if $ac_preproc_ok; then : else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "C preprocessor \"$CPP\" fails sanity check -See \`config.log' for more details" "$LINENO" 5; } +as_fn_error "C preprocessor \"$CPP\" fails sanity check +See \`config.log' for more details." "$LINENO" 5; } fi ac_ext=c @@ -5594,7 +5587,8 @@ do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default " -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : +eval as_val=\$$as_ac_Header + if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF @@ -5916,7 +5910,7 @@ else # Broken: fails on valid input. continue fi -rm -f conftest.err conftest.i conftest.$ac_ext +rm -f conftest.err conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. @@ -5932,11 +5926,11 @@ else ac_preproc_ok=: break fi -rm -f conftest.err conftest.i conftest.$ac_ext +rm -f conftest.err conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. -rm -f conftest.i conftest.err conftest.$ac_ext +rm -f conftest.err conftest.$ac_ext if $ac_preproc_ok; then : break fi @@ -5975,7 +5969,7 @@ else # Broken: fails on valid input. continue fi -rm -f conftest.err conftest.i conftest.$ac_ext +rm -f conftest.err conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. @@ -5991,18 +5985,18 @@ else ac_preproc_ok=: break fi -rm -f conftest.err conftest.i conftest.$ac_ext +rm -f conftest.err conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. -rm -f conftest.i conftest.err conftest.$ac_ext +rm -f conftest.err conftest.$ac_ext if $ac_preproc_ok; then : else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "C++ preprocessor \"$CXXCPP\" fails sanity check -See \`config.log' for more details" "$LINENO" 5; } +as_fn_error "C++ preprocessor \"$CXXCPP\" fails sanity check +See \`config.log' for more details." "$LINENO" 5; } fi ac_ext=cpp @@ -6019,7 +6013,7 @@ ac_compile='$F77 -c $FFLAGS conftest.$ac_ext >&5' ac_link='$F77 -o conftest$ac_exeext $FFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_f77_compiler_gnu if test -n "$ac_tool_prefix"; then - for ac_prog in g77 xlf f77 frt pgf77 cf77 fort77 fl32 af77 xlf90 f90 pgf90 pghpf epcf90 gfortran g95 xlf95 f95 fort ifort ifc efc pgfortran pgf95 lf95 ftn + for ac_prog in g77 xlf f77 frt pgf77 cf77 fort77 fl32 af77 xlf90 f90 pgf90 pghpf epcf90 gfortran g95 xlf95 f95 fort ifort ifc efc pgf95 lf95 ftn do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 @@ -6063,7 +6057,7 @@ fi fi if test -z "$F77"; then ac_ct_F77=$F77 - for ac_prog in g77 xlf f77 frt pgf77 cf77 fort77 fl32 af77 xlf90 f90 pgf90 pghpf epcf90 gfortran g95 xlf95 f95 fort ifort ifc efc pgfortran pgf95 lf95 ftn + for ac_prog in g77 xlf f77 frt pgf77 cf77 fort77 fl32 af77 xlf90 f90 pgf90 pghpf epcf90 gfortran g95 xlf95 f95 fort ifort ifc efc pgf95 lf95 ftn do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 @@ -7466,11 +7460,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:7469: $lt_compile\"" >&5) + (eval echo "\"\$as_me:7463: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:7473: \$? = $ac_status" >&5 + echo "$as_me:7467: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -7756,11 +7750,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:7759: $lt_compile\"" >&5) + (eval echo "\"\$as_me:7753: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:7763: \$? = $ac_status" >&5 + echo "$as_me:7757: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -7860,11 +7854,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:7863: $lt_compile\"" >&5) + (eval echo "\"\$as_me:7857: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:7867: \$? = $ac_status" >&5 + echo "$as_me:7861: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -9885,7 +9879,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext < conftest.$ac_ext <&2;} # Check whether tagname contains only valid characters case `$echo "X$tagname" | $Xsed -e 's:[-_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890,/]::g'` in "") ;; - *) as_fn_error $? "invalid tag name: $tagname" "$LINENO" 5 + *) as_fn_error "invalid tag name: $tagname" "$LINENO" 5 ;; esac if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$" < "${ofile}" > /dev/null then - as_fn_error $? "tag name \"$tagname\" already exists" "$LINENO" 5 + as_fn_error "tag name \"$tagname\" already exists" "$LINENO" 5 fi # Update the list of available tags. @@ -10881,7 +10875,7 @@ else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi -test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5 +test -z "$LD" && as_fn_error "no acceptable ld found in \$PATH" "$LINENO" 5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5 $as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; } if test "${lt_cv_prog_gnu_ld+set}" = set; then : @@ -12330,11 +12324,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:12333: $lt_compile\"" >&5) + (eval echo "\"\$as_me:12327: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:12337: \$? = $ac_status" >&5 + echo "$as_me:12331: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -12434,11 +12428,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:12437: $lt_compile\"" >&5) + (eval echo "\"\$as_me:12431: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:12441: \$? = $ac_status" >&5 + echo "$as_me:12435: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -14017,11 +14011,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:14020: $lt_compile\"" >&5) + (eval echo "\"\$as_me:14014: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:14024: \$? = $ac_status" >&5 + echo "$as_me:14018: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -14121,11 +14115,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:14124: $lt_compile\"" >&5) + (eval echo "\"\$as_me:14118: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:14128: \$? = $ac_status" >&5 + echo "$as_me:14122: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -16286,11 +16280,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:16289: $lt_compile\"" >&5) + (eval echo "\"\$as_me:16283: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:16293: \$? = $ac_status" >&5 + echo "$as_me:16287: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -16576,11 +16570,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:16579: $lt_compile\"" >&5) + (eval echo "\"\$as_me:16573: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:16583: \$? = $ac_status" >&5 + echo "$as_me:16577: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -16680,11 +16674,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:16683: $lt_compile\"" >&5) + (eval echo "\"\$as_me:16677: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:16687: \$? = $ac_status" >&5 + echo "$as_me:16681: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -19248,7 +19242,7 @@ CC="$lt_save_CC" ;; *) - as_fn_error $? "Unsupported tag name: $tagname" "$LINENO" 5 + as_fn_error "Unsupported tag name: $tagname" "$LINENO" 5 ;; esac @@ -19266,7 +19260,7 @@ CC="$lt_save_CC" chmod +x "$ofile" else rm -f "${ofile}T" - as_fn_error $? "unable to update list of available tagged configurations." "$LINENO" 5 + as_fn_error "unable to update list of available tagged configurations." "$LINENO" 5 fi fi @@ -19418,7 +19412,7 @@ fi case "$enable_libbind" in yes) - as_fn_error $? "'libbind' is no longer part of the BIND 9 distribution. + as_fn_error "'libbind' is no longer part of the BIND 9 distribution. It is available from http://www.isc.org as a separate download." "$LINENO" 5 ;; no|'') @@ -19507,7 +19501,7 @@ LN=ln case "$AR" in "") - as_fn_error $? " + as_fn_error " ar program not found. Please fix your PATH to include the directory in which ar resides, or set AR in the environment with the full path to ar. " "$LINENO" 5 @@ -20041,8 +20035,8 @@ fi test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "no acceptable C compiler found in \$PATH -See \`config.log' for more details" "$LINENO" 5; } +as_fn_error "no acceptable C compiler found in \$PATH +See \`config.log' for more details." "$LINENO" 5; } # Provide some information about the compiler. $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 @@ -20455,7 +20449,8 @@ ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_include #endif " -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : +eval as_val=\$$as_ac_Header + if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF @@ -20677,7 +20672,8 @@ for ac_func in seteuid setresuid do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : +eval as_val=\$$as_ac_var + if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF @@ -20689,7 +20685,8 @@ for ac_func in setegid setresgid do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : +eval as_val=\$$as_ac_var + if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF @@ -20986,8 +20983,8 @@ $as_echo_n "checking epoll support... " >&6; } if test "$cross_compiling" = yes; then : { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "cannot run test program while cross compiling -See \`config.log' for more details" "$LINENO" 5; } +as_fn_error "cannot run test program while cross compiling +See \`config.log' for more details." "$LINENO" 5; } else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -21039,7 +21036,8 @@ yes) do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : +eval as_val=\$$as_ac_Header + if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF @@ -21093,7 +21091,7 @@ $as_echo "no" >&6; } LWRES_PLATFORM_NEEDSYSSELECTH="#define LWRES_PLATFORM_NEEDSYSSELECTH 1" ;; no) - as_fn_error $? "need either working unistd.h or sys/select.h" "$LINENO" 5 + as_fn_error "need either working unistd.h or sys/select.h" "$LINENO" 5 ;; esac @@ -21107,7 +21105,7 @@ no) LWRES_PLATFORM_NEEDSYSSELECTH="#define LWRES_PLATFORM_NEEDSYSSELECTH 1" ;; no) - as_fn_error $? "need either unistd.h or sys/select.h" "$LINENO" 5 + as_fn_error "need either unistd.h or sys/select.h" "$LINENO" 5 ;; esac ;; @@ -21338,7 +21336,7 @@ $as_echo "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h ;; #( *) - as_fn_error $? "unknown endianness + as_fn_error "unknown endianness presetting ac_cv_c_bigendian=no (or yes) will help" "$LINENO" 5 ;; esac @@ -21386,7 +21384,7 @@ $as_echo "no" >&6; } USE_OPENSSL="" OPENSSLLINKOBJS="" OPENSSLLINKSRCS="" - as_fn_error $? "OpenSSL was not found in any of $openssldirs; use --with-openssl=/path + as_fn_error "OpenSSL was not found in any of $openssldirs; use --with-openssl=/path If you don't want OpenSSL, use --without-openssl" "$LINENO" 5 ;; *) @@ -21405,11 +21403,11 @@ If you don't want OpenSSL, use --without-openssl" "$LINENO" 5 then { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 $as_echo "not found" >&6; } - as_fn_error $? "OpenSSL was not found in any of $openssldirs; use --with-openssl=/path" "$LINENO" 5 + as_fn_error "OpenSSL was not found in any of $openssldirs; use --with-openssl=/path" "$LINENO" 5 fi elif ! test -f "$use_openssl"/include/openssl/opensslv.h then - as_fn_error $? "\"$use_openssl/include/openssl/opensslv.h\" not found" "$LINENO" 5 + as_fn_error "\"$use_openssl/include/openssl/opensslv.h\" not found" "$LINENO" 5 fi USE_OPENSSL='-DOPENSSL' if test "$use_openssl" = "/usr" @@ -21474,7 +21472,7 @@ $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - as_fn_error $? "Could not run test program using OpenSSL from + as_fn_error "Could not run test program using OpenSSL from $use_openssl/lib and $use_openssl/include. Please check the argument to --with-openssl and your shared library configuration (e.g., LD_LIBRARY_PATH)." "$LINENO" 5 @@ -21524,7 +21522,7 @@ $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: unknown" >&5 $as_echo "unknown" >&6; } - as_fn_error $? "OpenSSL has unsupported dynamic loading" "$LINENO" 5 + as_fn_error "OpenSSL has unsupported dynamic loading" "$LINENO" 5 fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext @@ -21601,7 +21599,8 @@ $as_echo "no" >&6; } do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : +eval as_val=\$$as_ac_var + if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF @@ -21616,8 +21615,8 @@ $as_echo_n "checking for OpenSSL ECDSA support... " >&6; } if test "$cross_compiling" = yes; then : { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "cannot run test program while cross compiling -See \`config.log' for more details" "$LINENO" 5; } +as_fn_error "cannot run test program while cross compiling +See \`config.log' for more details." "$LINENO" 5; } else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -21718,7 +21717,7 @@ fi case "$with_gost" in yes) case "$have_gost" in - no) as_fn_error $? "gost not supported" "$LINENO" 5 ;; + no) as_fn_error "gost not supported" "$LINENO" 5 ;; *) have_gost=yes ;; esac ;; @@ -21727,7 +21726,7 @@ fi *) case "$have_gost" in yes|no) ;; - *) as_fn_error $? "need --with-gost=[yes or no]" "$LINENO" 5 ;; + *) as_fn_error "need --with-gost=[yes or no]" "$LINENO" 5 ;; esac ;; esac @@ -21778,7 +21777,7 @@ case $want_openssl_hash in yes) if test "$USE_OPENSSL" = "" then - as_fn_error $? "No OpenSSL for hash functions" "$LINENO" 5 + as_fn_error "No OpenSSL for hash functions" "$LINENO" 5 fi ISC_PLATFORM_OPENSSLHASH="#define ISC_PLATFORM_OPENSSLHASH 1" ISC_OPENSSL_INC="$DST_OPENSSL_INC" @@ -21894,7 +21893,7 @@ $as_echo "disabled" >&6; } USE_GSSAPI='' ;; yes) - as_fn_error $? "--with-gssapi must specify a path" "$LINENO" 5 + as_fn_error "--with-gssapi must specify a path" "$LINENO" 5 ;; *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: looking in $use_gssapi/lib" >&5 @@ -21906,7 +21905,8 @@ $as_echo "looking in $use_gssapi/lib" >&6; } do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : +eval as_val=\$$as_ac_Header + if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF @@ -21917,14 +21917,15 @@ done if test "$ISC_PLATFORM_GSSAPIHEADER" = ""; then - as_fn_error $? "gssapi.h not found" "$LINENO" 5 + as_fn_error "gssapi.h not found" "$LINENO" 5 fi for ac_header in gssapi_krb5.h gssapi/gssapi_krb5.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : +eval as_val=\$$as_ac_Header + if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF @@ -21938,7 +21939,8 @@ done do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : +eval as_val=\$$as_ac_Header + if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF @@ -21949,7 +21951,7 @@ done if test "$ISC_PLATFORM_KRB5HEADER" = ""; then - as_fn_error $? "krb5.h not found" "$LINENO" 5 + as_fn_error "krb5.h not found" "$LINENO" 5 fi CPPFLAGS="$saved_cppflags" @@ -22024,7 +22026,7 @@ $as_echo "no" >&6; } ;; done case $gssapi_linked in - no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;; + no) as_fn_error "could not determine proper GSSAPI linkage" "$LINENO" 5 ;; esac # @@ -22059,7 +22061,7 @@ $as_echo "no" >&6; } ;; NEW_LIBS="$NEW_LIBS $new_lib" ;; *) - as_fn_error $? "KTH vs MIT Kerberos confusion!" "$LINENO" 5 + as_fn_error "KTH vs MIT Kerberos confusion!" "$LINENO" 5 ;; esac done @@ -22121,11 +22123,11 @@ $as_echo "$devrandom" >&6; } as_ac_File=`$as_echo "ac_cv_file_$devrandom" | $as_tr_sh` { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $devrandom" >&5 $as_echo_n "checking for $devrandom... " >&6; } -if eval "test \"\${$as_ac_File+set}\"" = set; then : +if { as_var=$as_ac_File; eval "test \"\${$as_var+set}\" = set"; }; then : $as_echo_n "(cached) " >&6 else test "$cross_compiling" = yes && - as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 + as_fn_error "cannot check for file existence when cross compiling" "$LINENO" 5 if test -r "$devrandom"; then eval "$as_ac_File=yes" else @@ -22135,7 +22137,8 @@ fi eval ac_res=\$$as_ac_File { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } -if eval test \"x\$"$as_ac_File"\" = x"yes"; then : +eval as_val=\$$as_ac_File + if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF #define PATH_RANDOMDEV "$devrandom" _ACEOF @@ -22144,7 +22147,7 @@ fi ;; yes) - as_fn_error $? "--with-randomdev must specify a path" "$LINENO" 5 + as_fn_error "--with-randomdev must specify a path" "$LINENO" 5 ;; no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: disabled" >&5 @@ -22257,7 +22260,7 @@ case "$enable_threads" in # Use system-dependent default ;; *) - as_fn_error $? "--enable-threads takes yes or no" "$LINENO" 5 + as_fn_error "--enable-threads takes yes or no" "$LINENO" 5 ;; esac @@ -22487,7 +22490,7 @@ _ACEOF LIBS="-lc $LIBS" else - as_fn_error $? "\"could not find thread libraries\"" "$LINENO" 5 + as_fn_error "\"could not find thread libraries\"" "$LINENO" 5 fi fi @@ -22719,7 +22722,7 @@ _ACEOF LIBS="-lc $LIBS" else - as_fn_error $? "\"could not find thread libraries\"" "$LINENO" 5 + as_fn_error "\"could not find thread libraries\"" "$LINENO" 5 fi fi @@ -23515,7 +23518,7 @@ $as_echo "$purify_path" >&6; } PURIFYFLAGS="`echo $PURIFYOPTIONS`" PURIFY="$purify_path $PURIFYFLAGS" else - as_fn_error $? "$purify_path not found. + as_fn_error "$purify_path not found. Please choose the proper path with the following command: @@ -23618,7 +23621,7 @@ case $want_symtable in yes|all|minimal) # "yes" is a hidden value equivalent to "minimal" if test "$PERL" = "" then - as_fn_error $? "Internal symbol table requires perl but no perl is found. + as_fn_error "Internal symbol table requires perl but no perl is found. Install perl or explicitly disable the feature by --disable-symtable." "$LINENO" 5 fi if test "$use_libtool" = "yes"; then @@ -23685,7 +23688,7 @@ case "$enable_exportlib" in fi done if test -z "$gmake"; then - as_fn_error $? "exportlib requires GNU make. Install it or disable the feature." "$LINENO" 5 + as_fn_error "exportlib requires GNU make. Install it or disable the feature." "$LINENO" 5 fi LIBEXPORT=lib/export @@ -23810,7 +23813,7 @@ $as_echo "no" >&6; } $as_echo "$kame_path/lib/libinet6.a" >&6; } LIBS="-L$kame_path/lib -linet6 $LIBS" else - as_fn_error $? "$kame_path/lib/libinet6.a not found. + as_fn_error "$kame_path/lib/libinet6.a not found. Please choose the proper path with the following command: @@ -25059,7 +25062,8 @@ case "$enable_linux_caps" in do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : +eval as_val=\$$as_ac_Header + if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF @@ -25257,7 +25261,7 @@ ISC_PLATFORM_RLIMITTYPE="#define ISC_PLATFORM_RLIMITTYPE int" else if test "$cross_compiling" = yes; then : - as_fn_error $? "this cannot happen" "$LINENO" 5 + as_fn_error "this cannot happen" "$LINENO" 5 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -25274,7 +25278,7 @@ ISC_PLATFORM_RLIMITTYPE="#define ISC_PLATFORM_RLIMITTYPE long int" else if test "$cross_compiling" = yes; then : - as_fn_error $? "this cannot happen" "$LINENO" 5 + as_fn_error "this cannot happen" "$LINENO" 5 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -25289,7 +25293,7 @@ if ac_fn_c_try_run "$LINENO"; then : $as_echo "long long int" >&6; } ISC_PLATFORM_RLIMITTYPE="#define ISC_PLATFORM_RLIMITTYPE long long int" else - as_fn_error $? "unable to determine sizeof rlim_cur" "$LINENO" 5 + as_fn_error "unable to determine sizeof rlim_cur" "$LINENO" 5 fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ @@ -25588,7 +25592,8 @@ for ac_func in nanosleep usleep do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : +eval as_val=\$$as_ac_var + if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF @@ -25704,8 +25709,9 @@ else if test "$ac_cv_type_void_p" = yes; then { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error 77 "cannot compute sizeof (void *) -See \`config.log' for more details" "$LINENO" 5; } +{ as_fn_set_status 77 +as_fn_error "cannot compute sizeof (void *) +See \`config.log' for more details." "$LINENO" 5; }; } else ac_cv_sizeof_void_p=0 fi @@ -25745,8 +25751,9 @@ else if test "$ac_cv_type_void_p" = yes; then { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error 77 "cannot compute sizeof (void *) -See \`config.log' for more details" "$LINENO" 5; } +{ as_fn_set_status 77 +as_fn_error "cannot compute sizeof (void *) +See \`config.log' for more details." "$LINENO" 5; }; } else ac_cv_sizeof_void_p=0 fi @@ -26008,7 +26015,7 @@ $as_echo "#define ENABLE_RPZ_NSDNAME 1" >>confdefs.h esac # -# Activate "filter-aaaa-on-v4" or not? +# Activate "filter-aaaa-on-v4/v6" or not? # # Check whether --enable-filter-aaaa was given. if test "${enable_filter_aaaa+set}" = set; then : @@ -26020,7 +26027,7 @@ fi case "$enable_filter" in yes) -$as_echo "#define ALLOW_FILTER_AAAA_ON_V4 1" >>confdefs.h +$as_echo "#define ALLOW_FILTER_AAAA 1" >>confdefs.h ;; no) @@ -26754,7 +26761,7 @@ else fi if test "$idnlib" = yes; then - as_fn_error $? "You must specify ARG for --with-idnlib." "$LINENO" 5 + as_fn_error "You must specify ARG for --with-idnlib." "$LINENO" 5 fi IDNLIBS= @@ -26991,7 +26998,8 @@ fi do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : +eval as_val=\$$as_ac_var + if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF @@ -27183,7 +27191,7 @@ then { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 $as_echo "not found" >&6; } - as_fn_error $? "No pg_config and PostgreSQL was not found in any of $pgdirs; use --with-dlz-postgres=/path or put pg_config in your path" "$LINENO" 5 + as_fn_error "No pg_config and PostgreSQL was not found in any of $pgdirs; use --with-dlz-postgres=/path or put pg_config in your path" "$LINENO" 5 fi case "$use_dlz_postgres" in @@ -27290,7 +27298,7 @@ if test "$use_dlz_mysql" = "yes" then { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 $as_echo "not found" >&6; } - as_fn_error $? "MySQL was not found in any of $mysqldirs; use --with-dlz-mysql=/path" "$LINENO" 5 + as_fn_error "MySQL was not found in any of $mysqldirs; use --with-dlz-mysql=/path" "$LINENO" 5 fi case "$use_dlz_mysql" in @@ -27354,7 +27362,7 @@ $as_echo "no" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 $as_echo "not found" >&6; } - as_fn_error $? "path $use_dlz_bdb does not exist" "$LINENO" 5 + as_fn_error "path $use_dlz_bdb does not exist" "$LINENO" 5 bdbdirs="" fi @@ -27433,14 +27441,14 @@ $as_echo "not found" >&6; } then { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 $as_echo "not found" >&6; } - as_fn_error $? "could not find Berkeley DB include directory" "$LINENO" 5 + as_fn_error "could not find Berkeley DB include directory" "$LINENO" 5 fi if test "$dlz_bdb_libs" = "yes" then { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 $as_echo "not found" >&6; } - as_fn_error $? "could not find Berkeley DB library" "$LINENO" 5 + as_fn_error "could not find Berkeley DB library" "$LINENO" 5 fi @@ -27546,7 +27554,7 @@ if test "$use_dlz_ldap" = "yes" then { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 $as_echo "not found" >&6; } - as_fn_error $? "LDAP headers were not found in any of $ldapdirs; use --with-dlz-ldap=/path" "$LINENO" 5 + as_fn_error "LDAP headers were not found in any of $ldapdirs; use --with-dlz-ldap=/path" "$LINENO" 5 fi case "$use_dlz_ldap" in @@ -27615,7 +27623,7 @@ $as_echo "no" >&6; } yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 $as_echo "not found" >&6; } - as_fn_error $? "ODBC headers were not found in any of $odbcdirs; use --with-dlz-odbc=/path" "$LINENO" 5 + as_fn_error "ODBC headers were not found in any of $odbcdirs; use --with-dlz-odbc=/path" "$LINENO" 5 ;; *) @@ -27733,7 +27741,7 @@ fi if test "$cross_compiling" = "yes"; then if test -z "$BUILD_CC"; then - as_fn_error $? "BUILD_CC not set" "$LINENO" 5 + as_fn_error "BUILD_CC not set" "$LINENO" 5 fi BUILD_CFLAGS="$BUILD_CFLAGS" BUILD_CPPFLAGS="$BUILD_CPPFLAGS" @@ -27945,7 +27953,6 @@ DEFS=-DHAVE_CONFIG_H ac_libobjs= ac_ltlibobjs= -U= for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue # 1. Remove the extension, and $U if already installed. ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' @@ -28108,19 +28115,19 @@ export LANGUAGE (unset CDPATH) >/dev/null 2>&1 && unset CDPATH -# as_fn_error STATUS ERROR [LINENO LOG_FD] -# ---------------------------------------- +# as_fn_error ERROR [LINENO LOG_FD] +# --------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the -# script with STATUS, using 1 if that was 0. +# script with status $?, using 1 if that was 0. as_fn_error () { - as_status=$1; test $as_status -eq 0 && as_status=1 - if test "$4"; then - as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + as_status=$?; test $as_status -eq 0 && as_status=1 + if test "$3"; then + as_lineno=${as_lineno-"$2"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $1" >&$3 fi - $as_echo "$as_me: error: $2" >&2 + $as_echo "$as_me: error: $1" >&2 as_fn_exit $as_status } # as_fn_error @@ -28316,7 +28323,7 @@ $as_echo X"$as_dir" | test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" - } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" + } || test -d "$as_dir" || as_fn_error "cannot create directory $as_dir" } # as_fn_mkdir_p @@ -28370,7 +28377,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # values after options handling. ac_log=" This file was extended by $as_me, which was -generated by GNU Autoconf 2.67. Invocation command line was +generated by GNU Autoconf 2.65. Invocation command line was CONFIG_FILES = $CONFIG_FILES CONFIG_HEADERS = $CONFIG_HEADERS @@ -28436,10 +28443,10 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ config.status -configured by $0, generated by GNU Autoconf 2.67, +configured by $0, generated by GNU Autoconf 2.65, with options \\"\$ac_cs_config\\" -Copyright (C) 2010 Free Software Foundation, Inc. +Copyright (C) 2009 Free Software Foundation, Inc. This config.status script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it." @@ -28455,16 +28462,11 @@ ac_need_defaults=: while test $# != 0 do case $1 in - --*=?*) + --*=*) ac_option=`expr "X$1" : 'X\([^=]*\)='` ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` ac_shift=: ;; - --*=) - ac_option=`expr "X$1" : 'X\([^=]*\)='` - ac_optarg= - ac_shift=: - ;; *) ac_option=$1 ac_optarg=$2 @@ -28486,7 +28488,6 @@ do $ac_shift case $ac_optarg in *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; - '') as_fn_error $? "missing file argument" ;; esac as_fn_append CONFIG_FILES " '$ac_optarg'" ac_need_defaults=false;; @@ -28499,7 +28500,7 @@ do ac_need_defaults=false;; --he | --h) # Conflict between --help and --header - as_fn_error $? "ambiguous option: \`$1' + as_fn_error "ambiguous option: \`$1' Try \`$0 --help' for more information.";; --help | --hel | -h ) $as_echo "$ac_cs_usage"; exit ;; @@ -28508,7 +28509,7 @@ Try \`$0 --help' for more information.";; ac_cs_silent=: ;; # This is an error. - -*) as_fn_error $? "unrecognized option: \`$1' + -*) as_fn_error "unrecognized option: \`$1' Try \`$0 --help' for more information." ;; *) as_fn_append ac_config_targets " $1" @@ -28699,7 +28700,7 @@ do "unit/Makefile") CONFIG_FILES="$CONFIG_FILES unit/Makefile" ;; "unit/unittest.sh") CONFIG_FILES="$CONFIG_FILES unit/unittest.sh" ;; - *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; + *) as_fn_error "invalid argument: \`$ac_config_target'" "$LINENO" 5;; esac done @@ -28737,7 +28738,7 @@ $debug || { tmp=./conf$$-$RANDOM (umask 077 && mkdir "$tmp") -} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 +} || as_fn_error "cannot create a temporary directory in ." "$LINENO" 5 # Set up the scripts for CONFIG_FILES section. # No need to generate them if there are no CONFIG_FILES. @@ -28771,7 +28772,7 @@ if test "x$ac_cr" = x; then fi ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then - ac_cs_awk_cr='\\r' + ac_cs_awk_cr='\r' else ac_cs_awk_cr=$ac_cr fi @@ -28788,7 +28789,7 @@ _ACEOF echo "_ACEOF" } >conf$$files.sh && . ./conf$$files.sh || - as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 + as_fn_error "could not make $CONFIG_STATUS" "$LINENO" 5 rm -f conf$$files.sh { @@ -28796,18 +28797,18 @@ rm -f conf$$files.sh echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && echo "_ACEOF" } >conf$$subs.sh || - as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 -ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'` + as_fn_error "could not make $CONFIG_STATUS" "$LINENO" 5 +ac_delim_num=`echo "$ac_subst_vars" | grep -c '$'` ac_delim='%!_!# ' for ac_last_try in false false false false false :; do . ./conf$$subs.sh || - as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 + as_fn_error "could not make $CONFIG_STATUS" "$LINENO" 5 ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` if test $ac_delim_n = $ac_delim_num; then break elif $ac_last_try; then - as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 + as_fn_error "could not make $CONFIG_STATUS" "$LINENO" 5 else ac_delim="$ac_delim!$ac_delim _$ac_delim!! " fi @@ -28902,28 +28903,20 @@ if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then else cat fi < "$tmp/subs1.awk" > "$tmp/subs.awk" \ - || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 + || as_fn_error "could not setup config files machinery" "$LINENO" 5 _ACEOF -# VPATH may cause trouble with some makes, so we remove sole $(srcdir), -# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and +# VPATH may cause trouble with some makes, so we remove $(srcdir), +# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and # trailing colons and then remove the whole line if VPATH becomes empty # (actually we leave an empty line to preserve line numbers). if test "x$srcdir" = x.; then - ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{ -h -s/// -s/^/:/ -s/[ ]*$/:/ -s/:\$(srcdir):/:/g -s/:\${srcdir}:/:/g -s/:@srcdir@:/:/g -s/^:*// + ac_vpsub='/^[ ]*VPATH[ ]*=/{ +s/:*\$(srcdir):*/:/ +s/:*\${srcdir}:*/:/ +s/:*@srcdir@:*/:/ +s/^\([^=]*=[ ]*\):*/\1/ s/:*$// -x -s/\(=[ ]*\).*/\1/ -G -s/\n// s/^[^=]*=[ ]*$// }' fi @@ -28951,7 +28944,7 @@ for ac_last_try in false false :; do if test -z "$ac_t"; then break elif $ac_last_try; then - as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5 + as_fn_error "could not make $CONFIG_HEADERS" "$LINENO" 5 else ac_delim="$ac_delim!$ac_delim _$ac_delim!! " fi @@ -29036,7 +29029,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 _ACAWK _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 - as_fn_error $? "could not setup config headers machinery" "$LINENO" 5 + as_fn_error "could not setup config headers machinery" "$LINENO" 5 fi # test -n "$CONFIG_HEADERS" @@ -29049,7 +29042,7 @@ do esac case $ac_mode$ac_tag in :[FHL]*:*);; - :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; + :L* | :C*:*) as_fn_error "invalid tag \`$ac_tag'" "$LINENO" 5;; :[FH]-) ac_tag=-:-;; :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; esac @@ -29077,7 +29070,7 @@ do [\\/$]*) false;; *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; esac || - as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; + as_fn_error "cannot find input file: \`$ac_f'" "$LINENO" 5;; esac case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac as_fn_append ac_file_inputs " '$ac_f'" @@ -29104,7 +29097,7 @@ $as_echo "$as_me: creating $ac_file" >&6;} case $ac_tag in *:-:* | *:-) cat >"$tmp/stdin" \ - || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; + || as_fn_error "could not create $ac_file" "$LINENO" 5 ;; esac ;; esac @@ -29240,22 +29233,22 @@ if $ac_cs_awk_getline; then else $AWK -f "$tmp/subs.awk" | $SHELL fi >$tmp/out \ - || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + || as_fn_error "could not create $ac_file" "$LINENO" 5 test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } && { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } && { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' -which seems to be undefined. Please make sure it is defined" >&5 +which seems to be undefined. Please make sure it is defined." >&5 $as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' -which seems to be undefined. Please make sure it is defined" >&2;} +which seems to be undefined. Please make sure it is defined." >&2;} rm -f "$tmp/stdin" case $ac_file in -) cat "$tmp/out" && rm -f "$tmp/out";; *) rm -f "$ac_file" && mv "$tmp/out" "$ac_file";; esac \ - || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + || as_fn_error "could not create $ac_file" "$LINENO" 5 ;; :H) # @@ -29266,19 +29259,19 @@ which seems to be undefined. Please make sure it is defined" >&2;} $as_echo "/* $configure_input */" \ && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs" } >"$tmp/config.h" \ - || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + || as_fn_error "could not create $ac_file" "$LINENO" 5 if diff "$ac_file" "$tmp/config.h" >/dev/null 2>&1; then { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 $as_echo "$as_me: $ac_file is unchanged" >&6;} else rm -f "$ac_file" mv "$tmp/config.h" "$ac_file" \ - || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + || as_fn_error "could not create $ac_file" "$LINENO" 5 fi else $as_echo "/* $configure_input */" \ && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs" \ - || as_fn_error $? "could not create -" "$LINENO" 5 + || as_fn_error "could not create -" "$LINENO" 5 fi ;; @@ -29301,7 +29294,7 @@ _ACEOF ac_clean_files=$ac_clean_files_save test $ac_write_fail = 0 || - as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5 + as_fn_error "write failure creating $CONFIG_STATUS" "$LINENO" 5 # configure is writing to config.log, and then calls config.status. @@ -29322,7 +29315,7 @@ if test "$no_create" != yes; then exec 5>>config.log # Use ||, not &&, to avoid exiting from the if with $? = 1, which # would make configure fail if this is the last instruction. - $ac_cs_success || as_fn_exit 1 + $ac_cs_success || as_fn_exit $? fi if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 diff --git a/configure.in b/configure.in index 3f0295b6d6..054341afff 100644 --- a/configure.in +++ b/configure.in @@ -2882,17 +2882,17 @@ case "$enable_nsdname" in esac # -# Activate "filter-aaaa-on-v4" or not? +# Activate "filter-aaaa-on-v4/v6" or not? # AC_ARG_ENABLE(filter-aaaa, - [ --enable-filter-aaaa enable filtering of AAAA records over IPv4 + [ --enable-filter-aaaa enable filtering of AAAA records [[default=no]]], enable_filter="$enableval", enable_filter="no") case "$enable_filter" in yes) - AC_DEFINE(ALLOW_FILTER_AAAA_ON_V4, 1, - [Define to enable the "filter-aaaa-on-v4" option.]) + AC_DEFINE(ALLOW_FILTER_AAAA, 1, + [Define to enable the "filter-aaaa-on-v4" and "filter-aaaa-on-v6" options.]) ;; no) ;; diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml index 4f2e97fc35..290ee3dd20 100644 --- a/doc/arm/Bv9ARM-book.xml +++ b/doc/arm/Bv9ARM-book.xml @@ -5300,6 +5300,7 @@ badresp:1,adberr:0,findfail:0,valfail:0] max-cache-size size_spec ; match-mapped-addresses yes_or_no; filter-aaaa-on-v4 ( yes_or_no | break-dnssec ); + filter-aaaa-on-v6 ( yes_or_no | break-dnssec ); filter-aaaa { address_match_list }; dns64 IPv6-prefix { clients { address_match_list }; @@ -6765,6 +6766,18 @@ options { + + filter-aaaa-on-v6 + + + Identical to filter-aaaa-on-v4, + excppt it filters AAAA responses to queries from IPv6 + clients instead of IPv4 clients. To filter all + responses, set both options to yes. + + + + ixfr-from-differences diff --git a/lib/bind9/check.c b/lib/bind9/check.c index 08d393ec0d..762039df21 100644 --- a/lib/bind9/check.c +++ b/lib/bind9/check.c @@ -598,29 +598,12 @@ check_filteraaaa(cfg_aclconfctx_t *actx, const cfg_obj_t *voptions, const char *viewname, const cfg_obj_t *config, isc_log_t *logctx, isc_mem_t *mctx) { - const cfg_obj_t *options, *aclobj, *obj = NULL; + const cfg_obj_t *options, *aclobj, *obj; dns_acl_t *acl = NULL; - isc_result_t result = ISC_R_SUCCESS, tresult; - dns_v4_aaaa_t filter; + isc_result_t result = ISC_R_SUCCESS; + dns_aaaa_t filter4, filter6; const char *forview = " for view "; - if (voptions != NULL) - cfg_map_get(voptions, "filter-aaaa-on-v4", &obj); - if (obj == NULL && config != NULL) { - options = NULL; - cfg_map_get(config, "options", &options); - if (options != NULL) - cfg_map_get(options, "filter-aaaa-on-v4", &obj); - } - - if (obj == NULL) - filter = dns_v4_aaaa_ok; /* default */ - else if (cfg_obj_isboolean(obj)) - filter = cfg_obj_asboolean(obj) ? dns_v4_aaaa_filter : - dns_v4_aaaa_ok; - else - filter = dns_v4_aaaa_break_dnssec; /* break-dnssec */ - if (viewname == NULL) { viewname = ""; forview = ""; @@ -640,25 +623,66 @@ check_filteraaaa(cfg_aclconfctx_t *actx, const cfg_obj_t *voptions, if (aclobj == NULL) return (result); - tresult = cfg_acl_fromconfig(aclobj, config, logctx, + result = cfg_acl_fromconfig(aclobj, config, logctx, actx, mctx, 0, &acl); + if (result != ISC_R_SUCCESS) + goto failure; - if (tresult != ISC_R_SUCCESS) { - result = tresult; - } else if (filter != dns_v4_aaaa_ok && dns_acl_isnone(acl)) { + obj = NULL; + if (voptions != NULL) + cfg_map_get(voptions, "filter-aaaa-on-v4", &obj); + if (obj == NULL && config != NULL) { + options = NULL; + cfg_map_get(config, "options", &options); + if (options != NULL) + cfg_map_get(options, "filter-aaaa-on-v4", &obj); + } + + if (obj == NULL) + filter4 = dns_aaaa_ok; /* default */ + else if (cfg_obj_isboolean(obj)) + filter4 = cfg_obj_asboolean(obj) ? dns_aaaa_filter : + dns_aaaa_ok; + else + filter4 = dns_aaaa_break_dnssec; /* break-dnssec */ + + obj = NULL; + if (voptions != NULL) + cfg_map_get(voptions, "filter-aaaa-on-v6", &obj); + if (obj == NULL && config != NULL) { + options = NULL; + cfg_map_get(config, "options", &options); + if (options != NULL) + cfg_map_get(options, "filter-aaaa-on-v6", &obj); + } + + if (obj == NULL) + filter6 = dns_aaaa_ok; /* default */ + else if (cfg_obj_isboolean(obj)) + filter6 = cfg_obj_asboolean(obj) ? dns_aaaa_filter : + dns_aaaa_ok; + else + filter6 = dns_aaaa_break_dnssec; /* break-dnssec */ + + if ((filter4 != dns_aaaa_ok || filter6 != dns_aaaa_ok) && + dns_acl_isnone(acl)) + { cfg_obj_log(aclobj, logctx, ISC_LOG_WARNING, - "both \"filter-aaaa-on-v4 %s;\" and " - "\"filter-aaaa\" is 'none;'%s%s", - filter == dns_v4_aaaa_break_dnssec ? - "break-dnssec" : "yes", forview, viewname); + "\"filter-aaaa\" is 'none;' but " + "either filter-aaaa-on-v4 or filter-aaaa-on-v6 " + "is enabled%s%s", forview, viewname); result = ISC_R_FAILURE; - } else if (filter == dns_v4_aaaa_ok && !dns_acl_isnone(acl)) { + } else if (filter4 == dns_aaaa_ok && filter6 == dns_aaaa_ok && + !dns_acl_isnone(acl)) + { cfg_obj_log(aclobj, logctx, ISC_LOG_WARNING, - "both \"filter-aaaa-on-v4 no;\" and " - "\"filter-aaaa\" is set%s%s", forview, viewname); + "\"filter-aaaa\" is set but " + "neither filter-aaaa-on-v4 or filter-aaaa-on-v6 " + "is enabled%s%s", forview, viewname); result = ISC_R_FAILURE; } + failure: if (acl != NULL) dns_acl_detach(&acl); diff --git a/lib/dns/include/dns/message.h b/lib/dns/include/dns/message.h index 032caaa60a..d8edf96c5a 100644 --- a/lib/dns/include/dns/message.h +++ b/lib/dns/include/dns/message.h @@ -175,7 +175,7 @@ typedef int dns_messagetextflag_t; additional section. */ #define DNS_MESSAGERENDER_PREFER_AAAA 0x0010 /*%< prefer AAAA records in additional section. */ -#ifdef ALLOW_FILTER_AAAA_ON_V4 +#ifdef ALLOW_FILTER_AAAA #define DNS_MESSAGERENDER_FILTER_AAAA 0x0020 /*%< filter AAAA records */ #endif diff --git a/lib/dns/include/dns/types.h b/lib/dns/include/dns/types.h index 4f78a31ec5..204baf726d 100644 --- a/lib/dns/include/dns/types.h +++ b/lib/dns/include/dns/types.h @@ -192,10 +192,10 @@ typedef enum { } dns_masterformat_t; typedef enum { - dns_v4_aaaa_ok = 0, - dns_v4_aaaa_filter = 1, - dns_v4_aaaa_break_dnssec = 2 -} dns_v4_aaaa_t; + dns_aaaa_ok = 0, + dns_aaaa_filter = 1, + dns_aaaa_break_dnssec = 2 +} dns_aaaa_t; /* * These are generated by gen.c. diff --git a/lib/dns/include/dns/view.h b/lib/dns/include/dns/view.h index 603819a267..b9a951f59c 100644 --- a/lib/dns/include/dns/view.h +++ b/lib/dns/include/dns/view.h @@ -158,8 +158,9 @@ struct dns_view { dns_name_t * dlv; dns_fixedname_t dlv_fixed; isc_uint16_t maxudp; - dns_v4_aaaa_t v4_aaaa; - dns_acl_t * v4_aaaa_acl; + dns_aaaa_t v4_aaaa; + dns_aaaa_t v6_aaaa; + dns_acl_t * aaaa_acl; dns_dns64list_t dns64; unsigned int dns64cnt; ISC_LIST(dns_rpz_zone_t) rpz_zones; diff --git a/lib/dns/message.c b/lib/dns/message.c index 816150c49b..cb72afeefb 100644 --- a/lib/dns/message.c +++ b/lib/dns/message.c @@ -1803,7 +1803,7 @@ wrong_priority(dns_rdataset_t *rds, int pass, dns_rdatatype_t preferred_glue) { return (ISC_TRUE); } -#ifdef ALLOW_FILTER_AAAA_ON_V4 +#ifdef ALLOW_FILTER_AAAA /* * Decide whether to not answer with an AAAA record and its RRSIG */ @@ -1960,7 +1960,7 @@ dns_message_rendersection(dns_message_t *msg, dns_section_t sectionid, preferred_glue)) goto next; -#ifdef ALLOW_FILTER_AAAA_ON_V4 +#ifdef ALLOW_FILTER_AAAA /* * Suppress AAAAs if asked and we are * not doing DNSSEC or are breaking DNSSEC. diff --git a/lib/dns/view.c b/lib/dns/view.c index 611e4871c9..517f018bb0 100644 --- a/lib/dns/view.c +++ b/lib/dns/view.c @@ -191,8 +191,9 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass, view->flush = ISC_FALSE; view->dlv = NULL; view->maxudp = 0; - view->v4_aaaa = dns_v4_aaaa_ok; - view->v4_aaaa_acl = NULL; + view->v4_aaaa = dns_aaaa_ok; + view->v6_aaaa = dns_aaaa_ok; + view->aaaa_acl = NULL; ISC_LIST_INIT(view->rpz_zones); dns_fixedname_init(&view->dlv_fixed); view->managed_keys = NULL; @@ -374,8 +375,8 @@ destroy(dns_view_t *view) { dns_acl_detach(&view->upfwdacl); if (view->denyansweracl != NULL) dns_acl_detach(&view->denyansweracl); - if (view->v4_aaaa_acl != NULL) - dns_acl_detach(&view->v4_aaaa_acl); + if (view->aaaa_acl != NULL) + dns_acl_detach(&view->aaaa_acl); if (view->answeracl_exclude != NULL) dns_rbt_destroy(&view->answeracl_exclude); if (view->denyanswernames != NULL) diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c index 58b5ca4c99..563e8d4a94 100644 --- a/lib/isccfg/namedconf.c +++ b/lib/isccfg/namedconf.c @@ -122,7 +122,7 @@ static cfg_type_t cfg_type_zone; static cfg_type_t cfg_type_zoneopts; static cfg_type_t cfg_type_dynamically_loadable_zones; static cfg_type_t cfg_type_dynamically_loadable_zones_opts; -static cfg_type_t cfg_type_v4_aaaa; +static cfg_type_t cfg_type_filter_aaaa; /* * Clauses that can be found in a 'dynamically loadable zones' statement @@ -1282,13 +1282,16 @@ view_clauses[] = { { "transfer-format", &cfg_type_transferformat, 0 }, { "use-queryport-pool", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, { "zero-no-soa-ttl-cache", &cfg_type_boolean, 0 }, -#ifdef ALLOW_FILTER_AAAA_ON_V4 +#ifdef ALLOW_FILTER_AAAA { "filter-aaaa", &cfg_type_bracketed_aml, 0 }, - { "filter-aaaa-on-v4", &cfg_type_v4_aaaa, 0 }, + { "filter-aaaa-on-v4", &cfg_type_filter_aaaa, 0 }, + { "filter-aaaa-on-v6", &cfg_type_filter_aaaa, 0 }, #else { "filter-aaaa", &cfg_type_bracketed_aml, CFG_CLAUSEFLAG_NOTCONFIGURED }, - { "filter-aaaa-on-v4", &cfg_type_v4_aaaa, + { "filter-aaaa-on-v4", &cfg_type_filter_aaaa, + CFG_CLAUSEFLAG_NOTCONFIGURED }, + { "filter-aaaa-on-v6", &cfg_type_filter_aaaa, CFG_CLAUSEFLAG_NOTCONFIGURED }, #endif { "response-policy", &cfg_type_rpz, 0 }, @@ -1898,15 +1901,15 @@ static cfg_type_t cfg_type_ixfrdifftype = { &cfg_rep_string, ixfrdiff_enums, }; -static const char *v4_aaaa_enums[] = { "break-dnssec", NULL }; +static const char *filter_aaaa_enums[] = { "break-dnssec", NULL }; static isc_result_t -parse_v4_aaaa(cfg_parser_t *pctx, const cfg_type_t *type, +parse_filter_aaaa(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { return (parse_enum_or_other(pctx, type, &cfg_type_boolean, ret)); } -static cfg_type_t cfg_type_v4_aaaa = { - "v4_aaaa", parse_v4_aaaa, cfg_print_ustring, - doc_enum_or_other, &cfg_rep_string, v4_aaaa_enums, +static cfg_type_t cfg_type_filter_aaaa = { + "filter_aaaa", parse_filter_aaaa, cfg_print_ustring, + doc_enum_or_other, &cfg_rep_string, filter_aaaa_enums, }; static keyword_type_t key_kw = { "key", &cfg_type_astring };