mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-04 00:25:29 +00:00
Code Issues Releases Wiki Activity

Use TLS for notifies if configured to do so

Browse Source
This commit is contained in:
Timo Eisenmann
2024-08-22 16:58:18 +02:00
committed by Mark Andrews
parent a7df51b706
commit e9d54d798f
1 changed files with 29 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
lib/dns/zone.c
View File

@@ -12491,6 +12491,7 @@ notify_send_toaddr(void *arg) {
isc_sockaddr_t src; isc_sockaddr_t src;
unsigned int options, timeout, udptimeout; unsigned int options, timeout, udptimeout;
bool have_notifysource = false; bool have_notifysource = false;
isc_tlsctx_cache_t *zmgr_tlsctx_cache = NULL;
REQUIRE(DNS_NOTIFY_VALID(notify)); REQUIRE(DNS_NOTIFY_VALID(notify));
@@ -12605,10 +12606,17 @@ again:
udptimeout = 0; udptimeout = 0;
timeout = 15; timeout = 15;
} }
result = dns_request_create(
notify->zone->view->requestmgr, message, &src, &notify->dst, zmgr_tlsctx_attach(notify->zone->zmgr, &zmgr_tlsctx_cache);
NULL, NULL, options, key, timeout, udptimeout, 2,
notify->zone->loop, notify_done, notify, &notify->request); result = dns_request_create(notify->zone->view->requestmgr, message,
&src, &notify->dst, notify->transport,
zmgr_tlsctx_cache, options, key, timeout,
udptimeout, 2, notify->zone->loop,
notify_done, notify, &notify->request);
isc_tlsctx_cache_detach(&zmgr_tlsctx_cache);
if (result == ISC_R_SUCCESS) { if (result == ISC_R_SUCCESS) {
if (isc_sockaddr_pf(&notify->dst) == AF_INET) { if (isc_sockaddr_pf(&notify->dst) == AF_INET) {
inc_stats(notify->zone, inc_stats(notify->zone,
@@ -12835,11 +12843,23 @@ zone_notify(dns_zone_t *zone, isc_time_t *now) {
if (dns_remote_tlsname(&zone->notify) != NULL) { if (dns_remote_tlsname(&zone->notify) != NULL) {
dns_name_t *tlsname = dns_remote_tlsname(&zone->notify); dns_name_t *tlsname = dns_remote_tlsname(&zone->notify);
(void)dns_view_gettransport(view, DNS_TRANSPORT_TLS, result = dns_view_gettransport(view, DNS_TRANSPORT_TLS,
tlsname, &transport); tlsname, &transport);
notify_log(zone, ISC_LOG_INFO, if (result == ISC_R_SUCCESS) {
"got TLS configuration for a notify"); notify_log(
zone, ISC_LOG_INFO,
"got TLS configuration for a notify");
} else {
dns_zone_logc(zone, DNS_LOGCATEGORY_XFER_IN,
ISC_LOG_ERROR,
"could not get TLS configuration "
"for zone transfer: %s",
isc_result_totext(result));
goto next;
}
flags |= DNS_NOTIFY_TCP;
} }
/* TODO: glue the transport to the notify */ /* TODO: glue the transport to the notify */
@@ -12901,6 +12921,7 @@ zone_notify(dns_zone_t *zone, isc_time_t *now) {
loggednotify = true; loggednotify = true;
} }
next: next:
flags &= ~DNS_NOTIFY_TCP;
dns_remote_next(&zone->notify, false); dns_remote_next(&zone->notify, false);
} }
UNLOCK_ZONE(zone); UNLOCK_ZONE(zone);