Commit 83dc5a70 authored by Evan Hunt's avatar Evan Hunt
Browse files

report when NTAs added to multiple views

- the text returned by "rndc nta" when adding NTAs to multiple views
  was incorrectly terminated after the first line, so users only saw
  on NTA added unless they checked the logs.
parent 07f29a08
...@@ -938,7 +938,8 @@ configure_view_dnsseckeys(dns_view_t *view, const cfg_obj_t *vconfig, ...@@ -938,7 +938,8 @@ configure_view_dnsseckeys(dns_view_t *view, const cfg_obj_t *vconfig,
/* We don't need trust anchors for the _bind view */ /* We don't need trust anchors for the _bind view */
if (strcmp(view->name, "_bind") == 0 && if (strcmp(view->name, "_bind") == 0 &&
view->rdclass == dns_rdataclass_chaos) { view->rdclass == dns_rdataclass_chaos)
{
return (ISC_R_SUCCESS); return (ISC_R_SUCCESS);
} }
...@@ -14344,18 +14345,23 @@ named_server_nta(named_server_t *server, isc_lex_t *lex, ...@@ -14344,18 +14345,23 @@ named_server_nta(named_server_t *server, isc_lex_t *lex,
view != NULL; view != NULL;
view = ISC_LIST_NEXT(view, link)) view = ISC_LIST_NEXT(view, link))
{ {
if (viewname != NULL && static bool first = true;
strcmp(view->name, viewname) != 0)
if (viewname != NULL && strcmp(view->name, viewname) != 0) {
continue; continue;
}
if (view->nta_lifetime == 0) if (view->nta_lifetime == 0) {
continue; continue;
}
if (!ttlset) if (!ttlset) {
ntattl = view->nta_lifetime; ntattl = view->nta_lifetime;
}
if (ntatable != NULL) if (ntatable != NULL) {
dns_ntatable_detach(&ntatable); dns_ntatable_detach(&ntatable);
}
result = dns_view_getntatable(view, &ntatable); result = dns_view_getntatable(view, &ntatable);
if (result == ISC_R_NOTFOUND) { if (result == ISC_R_NOTFOUND) {
...@@ -14378,6 +14384,11 @@ named_server_nta(named_server_t *server, isc_lex_t *lex, ...@@ -14378,6 +14384,11 @@ named_server_nta(named_server_t *server, isc_lex_t *lex,
isc_time_set(&t, when, 0); isc_time_set(&t, when, 0);
isc_time_formattimestamp(&t, tbuf, sizeof(tbuf)); isc_time_formattimestamp(&t, tbuf, sizeof(tbuf));
if (!first) {
CHECK(putstr(text, "\n"));
}
first = false;
CHECK(putstr(text, "Negative trust anchor added: ")); CHECK(putstr(text, "Negative trust anchor added: "));
CHECK(putstr(text, namebuf)); CHECK(putstr(text, namebuf));
CHECK(putstr(text, "/")); CHECK(putstr(text, "/"));
...@@ -14392,6 +14403,11 @@ named_server_nta(named_server_t *server, isc_lex_t *lex, ...@@ -14392,6 +14403,11 @@ named_server_nta(named_server_t *server, isc_lex_t *lex,
} else { } else {
CHECK(dns_ntatable_delete(ntatable, ntaname)); CHECK(dns_ntatable_delete(ntatable, ntaname));
if (!first) {
CHECK(putstr(text, "\n"));
}
first = false;
CHECK(putstr(text, "Negative trust anchor removed: ")); CHECK(putstr(text, "Negative trust anchor removed: "));
CHECK(putstr(text, namebuf)); CHECK(putstr(text, namebuf));
CHECK(putstr(text, "/")); CHECK(putstr(text, "/"));
...@@ -14411,11 +14427,10 @@ named_server_nta(named_server_t *server, isc_lex_t *lex, ...@@ -14411,11 +14427,10 @@ named_server_nta(named_server_t *server, isc_lex_t *lex,
"for view '%s': %s", "for view '%s': %s",
view->name, isc_result_totext(result)); view->name, isc_result_totext(result));
} }
CHECK(putnull(text));
} }
CHECK(putnull(text));
cleanup: cleanup:
if (msg != NULL) { if (msg != NULL) {
(void) putstr(text, msg); (void) putstr(text, msg);
......
...@@ -25,3 +25,4 @@ rm -f nsupdate.out.*.test* ...@@ -25,3 +25,4 @@ rm -f nsupdate.out.*.test*
rm -f python.out.*.test* rm -f python.out.*.test*
rm -f rndc.out.*.test* rm -f rndc.out.*.test*
rm -f ns*/managed-keys.bind* ns*/*.mkeys* rm -f ns*/managed-keys.bind* ns*/*.mkeys*
rm -f ns*/*.nta
...@@ -14,7 +14,6 @@ options { ...@@ -14,7 +14,6 @@ options {
pid-file "named.pid"; pid-file "named.pid";
listen-on { 10.53.0.3; }; listen-on { 10.53.0.3; };
listen-on-v6 { none; }; listen-on-v6 { none; };
recursion no;
}; };
key rndc_key { key rndc_key {
...@@ -31,8 +30,17 @@ controls { ...@@ -31,8 +30,17 @@ controls {
inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
}; };
view all {
match-clients { any; };
recursion no;
zone "." {
type hint;
file "../../common/root.hint";
};
};
zone "." { view none {
type hint; match-clients { none; };
file "../../common/root.hint";
}; };
...@@ -656,5 +656,14 @@ grep "address family not supported" rndc.out.1.test$n > /dev/null || ret=1 ...@@ -656,5 +656,14 @@ grep "address family not supported" rndc.out.1.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret` status=`expr $status + $ret`
n=`expr $n + 1`
echo_i "check rndc nta reports adding to multiple views ($n)"
ret=0
$RNDCCMD 10.53.0.3 nta test.com > rndc.out.test$n 2>&1 || ret=1
lines=`cat rndc.out.test$n | wc -l`
[ ${lines:-0} -eq 2 ] || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
echo_i "exit status: $status" echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1 [ $status -eq 0 ] || exit 1
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment