mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 22:45:39 +00:00
Code Issues Releases Wiki Activity

1509. [bug] Hint zones should accept delegation-only. Forward

Browse Source 
zone should not accept delegation-only.

1508.   [bug]           Don't apply delegation-only checks to answers from
                        forwarders.

1507.   [bug]           Handle BIND 8 style returns to NS queries to parents
                        when making delegation-only checks.
This commit is contained in:
Mark Andrews
2003-09-19 05:53:28 +00:00
parent 20d90a3753
commit da34d92aee
5 changed files with 67 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
CHANGES
View File

@@ -1,6 +1,15 @@
1509. [bug] Hint zones should accept delegation-only. Forward
zone should not accept delegation-only.
1508. [bug] Don't apply delegation-only checks to answers from
forwarders.
1507. [bug] Handle BIND 8 style returns to NS queries to parents
when making delegation-only checks.
1506. [bug] Wrong return type for dns_view_isdelegationonly(). 1506. [bug] Wrong return type for dns_view_isdelegationonly().
1505. [bug] Uninitialized rdataset in sdb. [RT #8750] 1505. [bug] Uninitialised rdataset in sdb. [RT #8750]
1504. [func] New zone type "delegation-only". 1504. [func] New zone type "delegation-only".

16
bin/named/server.c
View File

@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: server.c,v 1.401 2003/09/17 05:24:41 marka Exp $ */ /* $Id: server.c,v 1.402 2003/09/19 05:53:26 marka Exp $ */
#include <config.h> #include <config.h>
@@ -1276,6 +1276,7 @@ configure_zone(cfg_obj_t *config, cfg_obj_t *zconfig, cfg_obj_t *vconfig,
cfg_obj_t *forwardtype = NULL; cfg_obj_t *forwardtype = NULL;
cfg_obj_t *only = NULL; cfg_obj_t *only = NULL;
isc_result_t result; isc_result_t result;
isc_result_t tresult;
isc_buffer_t buffer; isc_buffer_t buffer;
dns_fixedname_t fixorigin; dns_fixedname_t fixorigin;
dns_name_t *origin; dns_name_t *origin;
@@ -1341,14 +1342,25 @@ configure_zone(cfg_obj_t *config, cfg_obj_t *zconfig, cfg_obj_t *vconfig,
} }
if (dns_name_equal(origin, dns_rootname)) { if (dns_name_equal(origin, dns_rootname)) {
char *hintsfile = cfg_obj_asstring(fileobj); char *hintsfile = cfg_obj_asstring(fileobj);
result = configure_hints(view, hintsfile); result = configure_hints(view, hintsfile);
if (result != ISC_R_SUCCESS) if (result != ISC_R_SUCCESS) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, NS_LOGMODULE_SERVER,
ISC_LOG_ERROR, ISC_LOG_ERROR,
"could not configure root hints " "could not configure root hints "
"from '%s': %s", hintsfile, "from '%s': %s", hintsfile,
isc_result_totext(result)); isc_result_totext(result));
goto cleanup;
}
/*
* Hint zones may also refer to delegation only points.
*/
only = NULL;
tresult = cfg_map_get(zoptions, "delegation-only",
&only);
if (tresult == ISC_R_SUCCESS && cfg_obj_asboolean(only))
CHECK(dns_view_adddelegationonly(view, origin));
} else { } else {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_WARNING, NS_LOGMODULE_SERVER, ISC_LOG_WARNING,

13
doc/arm/Bv9ARM-book.xml
View File

@@ -2,7 +2,7 @@
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN" <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
"http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"> "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd">
<!-- File: $Id: Bv9ARM-book.xml,v 1.223 2003/09/17 05:24:41 marka Exp $ --> <!-- File: $Id: Bv9ARM-book.xml,v 1.224 2003/09/19 05:53:26 marka Exp $ -->
<book> <book>
<title>BIND 9 Administrator Reference Manual</title> <title>BIND 9 Administrator Reference Manual</title>
@@ -2638,8 +2638,7 @@ those servers during resolution.
<entry colname = "1"><para><command>delegation-only</command></para></entry> <entry colname = "1"><para><command>delegation-only</command></para></entry>
<entry colname = "2"><para>Delegation only. Logs queries that have have <entry colname = "2"><para>Delegation only. Logs queries that have have
been forced to NXDOMAIN as the result of a delegation-only zone or been forced to NXDOMAIN as the result of a delegation-only zone or
a <command>delegation-only</command> in a stub or forward a <command>delegation-only</command> in a hint or stub zone declartation.
zone declartation.
</para></entry> </para></entry>
</row> </row>
</tbody> </tbody>
@@ -4436,7 +4435,7 @@ view "external" {
<sect2 id="zone_statement_grammar"><title><command>zone</command> <sect2 id="zone_statement_grammar"><title><command>zone</command>
Statement Grammar</title> Statement Grammar</title>
<programlisting>zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replaceable></optional> <optional>{ <programlisting>zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replaceable></optional> <optional>{
type ( master | slave | hint | stub | forward /| delegation-only ) ; type ( master | slave | hint | stub | forward | delegation-only ) ;
<optional> allow-notify { <replaceable>address_match_list</replaceable> } ; </optional> <optional> allow-notify { <replaceable>address_match_list</replaceable> } ; </optional>
<optional> allow-query { <replaceable>address_match_list</replaceable> } ; </optional> <optional> allow-query { <replaceable>address_match_list</replaceable> } ; </optional>
<optional> allow-transfer { <replaceable>address_match_list</replaceable> } ; </optional> <optional> allow-transfer { <replaceable>address_match_list</replaceable> } ; </optional>
@@ -4582,7 +4581,9 @@ Classes other than IN have no built-in defaults hints.</para></entry>
status of infrastructure zones (e.g. COM, NET, ORG). Any answer that status of infrastructure zones (e.g. COM, NET, ORG). Any answer that
is received without a explicit or implict delegation in the authority is received without a explicit or implict delegation in the authority
section will be treated as NXDOMAIN. This does not apply to the zone section will be treated as NXDOMAIN. This does not apply to the zone
apex. This SHOULD NOT be applied to leaf zones.</para></entry> apex. This SHOULD NOT be applied to leaf zones.</para>
<para><varname>delegation-only</varname> has no effect on answers received
from forwarders.</para></entry>
</row> </row>
</tbody> </tbody>
</tgroup></informaltable></sect3> </tgroup></informaltable></sect3>
@@ -4681,7 +4682,7 @@ with the distribution but none are linked in by default.</para>
</listitem></varlistentry> </listitem></varlistentry>
<varlistentry><term><command>delegation-only</command></term> <varlistentry><term><command>delegation-only</command></term>
<listitem><para>The flag only applies to forward and stub zones. If set <listitem><para>The flag only applies to hint and stub zones. If set
to <userinput>yes</userinput> then the zone will also be treated as if it to <userinput>yes</userinput> then the zone will also be treated as if it
is also a delegation-only type zone. is also a delegation-only type zone.
</para> </para>

4
lib/bind9/check.c
View File

@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: check.c,v 1.38 2003/09/17 05:24:42 marka Exp $ */ /* $Id: check.c,v 1.39 2003/09/19 05:53:27 marka Exp $ */
#include <config.h> #include <config.h>
@@ -438,7 +438,7 @@ check_zoneconf(cfg_obj_t *zconfig, cfg_obj_t *config, isc_symtab_t *symtab,
{ "notify", MASTERZONE | SLAVEZONE }, { "notify", MASTERZONE | SLAVEZONE },
{ "also-notify", MASTERZONE | SLAVEZONE }, { "also-notify", MASTERZONE | SLAVEZONE },
{ "dialup", MASTERZONE | SLAVEZONE | STUBZONE }, { "dialup", MASTERZONE | SLAVEZONE | STUBZONE },
{ "delegation-only", STUBZONE | FORWARDZONE}, { "delegation-only", HINTZONE | STUBZONE },
{ "forward", MASTERZONE | SLAVEZONE | STUBZONE | FORWARDZONE}, { "forward", MASTERZONE | SLAVEZONE | STUBZONE | FORWARDZONE},
{ "forwarders", MASTERZONE | SLAVEZONE | STUBZONE | FORWARDZONE}, { "forwarders", MASTERZONE | SLAVEZONE | STUBZONE | FORWARDZONE},
{ "maintain-ixfr-base", MASTERZONE | SLAVEZONE }, { "maintain-ixfr-base", MASTERZONE | SLAVEZONE },

41
lib/dns/resolver.c
View File

@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: resolver.c,v 1.265 2003/09/17 05:24:42 marka Exp $ */ /* $Id: resolver.c,v 1.266 2003/09/19 05:53:28 marka Exp $ */
#include <config.h> #include <config.h>
@@ -327,9 +327,9 @@ static isc_result_t ncache_adderesult(dns_message_t *message,
isc_result_t *eresultp); isc_result_t *eresultp);
static isc_boolean_t static isc_boolean_t
fix_mustbedelegationornxdomain(dns_message_t *message, dns_name_t *domain) { fix_mustbedelegationornxdomain(dns_message_t *message, fetchctx_t *fctx) {
dns_name_t *name; dns_name_t *name;
dns_name_t *domain = &fctx->domain;
dns_rdataset_t *rdataset; dns_rdataset_t *rdataset;
dns_rdatatype_t type; dns_rdatatype_t type;
isc_result_t result; isc_result_t result;
@@ -338,6 +338,33 @@ fix_mustbedelegationornxdomain(dns_message_t *message, dns_name_t *domain) {
if (message->rcode == dns_rcode_nxdomain) if (message->rcode == dns_rcode_nxdomain)
return (ISC_FALSE); return (ISC_FALSE);
/*
* Look for BIND 8 style delegations.
* Also look for answers to ANY queries where the duplicate NS RRset
* may have been stripped from the authority section.
*/
if (message->counts[DNS_SECTION_ANSWER] != 0 &&
(fctx->type == dns_rdatatype_ns ||
fctx->type == dns_rdatatype_any)) {
result = dns_message_firstname(message, DNS_SECTION_ANSWER);
while (result == ISC_R_SUCCESS) {
name = NULL;
dns_message_currentname(message, DNS_SECTION_ANSWER,
&name);
for (rdataset = ISC_LIST_HEAD(name->list);
rdataset != NULL;
rdataset = ISC_LIST_NEXT(rdataset, link)) {
type = rdataset->type;
if (type != dns_rdatatype_ns)
continue;
if (dns_name_issubdomain(name, domain))
return (ISC_FALSE);
}
result = dns_message_nextname(message,
DNS_SECTION_ANSWER);
}
}
/* Look for referral. */ /* Look for referral. */
if (message->counts[DNS_SECTION_AUTHORITY] == 0) if (message->counts[DNS_SECTION_AUTHORITY] == 0)
goto munge; goto munge;
@@ -345,8 +372,7 @@ fix_mustbedelegationornxdomain(dns_message_t *message, dns_name_t *domain) {
result = dns_message_firstname(message, DNS_SECTION_AUTHORITY); result = dns_message_firstname(message, DNS_SECTION_AUTHORITY);
while (result == ISC_R_SUCCESS) { while (result == ISC_R_SUCCESS) {
name = NULL; name = NULL;
dns_message_currentname(message, DNS_SECTION_AUTHORITY, dns_message_currentname(message, DNS_SECTION_AUTHORITY, &name);
&name);
for (rdataset = ISC_LIST_HEAD(name->list); for (rdataset = ISC_LIST_HEAD(name->list);
rdataset != NULL; rdataset != NULL;
rdataset = ISC_LIST_NEXT(rdataset, link)) { rdataset = ISC_LIST_NEXT(rdataset, link)) {
@@ -4967,9 +4993,10 @@ resquery_response(isc_task_t *task, isc_event_t *event) {
/* /*
* Enforce delegations only zones like NET and COM. * Enforce delegations only zones like NET and COM.
*/ */
if (dns_view_isdelegationonly(fctx->res->view, &fctx->domain) && if (!ISFORWARDER(query->addrinfo) &&
dns_view_isdelegationonly(fctx->res->view, &fctx->domain) &&
!dns_name_equal(&fctx->domain, &fctx->name) && !dns_name_equal(&fctx->domain, &fctx->name) &&
fix_mustbedelegationornxdomain(message, &fctx->domain)) { fix_mustbedelegationornxdomain(message, fctx)) {
char namebuf[DNS_NAME_FORMATSIZE]; char namebuf[DNS_NAME_FORMATSIZE];
char domainbuf[DNS_NAME_FORMATSIZE]; char domainbuf[DNS_NAME_FORMATSIZE];