Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
BIND
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
606
Issues
606
List
Boards
Labels
Service Desk
Milestones
Merge Requests
113
Merge Requests
113
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Packages & Registries
Packages & Registries
Container Registry
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
ISC Open Source Projects
BIND
Commits
03be5a6b
Commit
03be5a6b
authored
Apr 22, 2017
by
Mukund Sivaraman
8
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Improve performance for delegation heavy answers and also general query performance (#44029)
parent
4c31eda5
Changes
134
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
134 changed files
with
1570 additions
and
4371 deletions
+1570
-4371
CHANGES
CHANGES
+12
-0
bin/named/config.c
bin/named/config.c
+1
-7
bin/named/include/named/server.h
bin/named/include/named/server.h
+0
-2
bin/named/query.c
bin/named/query.c
+73
-577
bin/named/server.c
bin/named/server.c
+4
-88
bin/tests/system/additional/ns1/named1.conf
bin/tests/system/additional/ns1/named1.conf
+0
-1
bin/tests/system/additional/ns1/named2.conf
bin/tests/system/additional/ns1/named2.conf
+0
-1
bin/tests/system/additional/ns1/named3.conf
bin/tests/system/additional/ns1/named3.conf
+0
-1
bin/tests/system/additional/ns1/named4.conf
bin/tests/system/additional/ns1/named4.conf
+0
-1
bin/tests/system/autosign/clean.sh
bin/tests/system/autosign/clean.sh
+2
-1
bin/tests/system/autosign/ns2/keygen.sh
bin/tests/system/autosign/ns2/keygen.sh
+12
-2
bin/tests/system/autosign/ns4/named.conf
bin/tests/system/autosign/ns4/named.conf
+1
-3
bin/tests/system/autosign/ns5/named.conf
bin/tests/system/autosign/ns5/named.conf
+0
-1
bin/tests/system/autosign/tests.sh
bin/tests/system/autosign/tests.sh
+4
-9
bin/tests/system/cacheclean/ns1/named.conf
bin/tests/system/cacheclean/ns1/named.conf
+1
-2
bin/tests/system/case/ns1/named.conf
bin/tests/system/case/ns1/named.conf
+1
-0
bin/tests/system/case/ns2/named.conf
bin/tests/system/case/ns2/named.conf
+1
-0
bin/tests/system/checknames/ns2/named.conf
bin/tests/system/checknames/ns2/named.conf
+0
-1
bin/tests/system/checknames/ns3/named.conf
bin/tests/system/checknames/ns3/named.conf
+0
-1
bin/tests/system/checknames/ns4/named.conf
bin/tests/system/checknames/ns4/named.conf
+0
-1
bin/tests/system/cookie/ns1/named.conf
bin/tests/system/cookie/ns1/named.conf
+0
-1
bin/tests/system/cookie/ns2/named.conf
bin/tests/system/cookie/ns2/named.conf
+0
-1
bin/tests/system/cookie/ns3/named.conf
bin/tests/system/cookie/ns3/named.conf
+0
-1
bin/tests/system/digdelv/ns3/named.conf
bin/tests/system/digdelv/ns3/named.conf
+0
-1
bin/tests/system/dlv/ns5/named.conf
bin/tests/system/dlv/ns5/named.conf
+0
-1
bin/tests/system/dnssec/ns2/named.conf
bin/tests/system/dnssec/ns2/named.conf
+1
-2
bin/tests/system/dnssec/ns3/named.conf
bin/tests/system/dnssec/ns3/named.conf
+1
-2
bin/tests/system/dnssec/ns4/named1.conf
bin/tests/system/dnssec/ns4/named1.conf
+1
-3
bin/tests/system/dnssec/ns4/named2.conf
bin/tests/system/dnssec/ns4/named2.conf
+1
-3
bin/tests/system/dnssec/ns4/named3.conf
bin/tests/system/dnssec/ns4/named3.conf
+1
-3
bin/tests/system/dnssec/ns4/named4.conf
bin/tests/system/dnssec/ns4/named4.conf
+44
-0
bin/tests/system/dnssec/ns5/named1.conf
bin/tests/system/dnssec/ns5/named1.conf
+0
-1
bin/tests/system/dnssec/ns6/named.conf
bin/tests/system/dnssec/ns6/named.conf
+0
-1
bin/tests/system/dnssec/tests.sh
bin/tests/system/dnssec/tests.sh
+2
-6
bin/tests/system/emptyzones/ns1/named1.conf
bin/tests/system/emptyzones/ns1/named1.conf
+0
-1
bin/tests/system/emptyzones/ns1/named2.conf
bin/tests/system/emptyzones/ns1/named2.conf
+0
-1
bin/tests/system/filter-aaaa/ns1/named1.conf
bin/tests/system/filter-aaaa/ns1/named1.conf
+1
-0
bin/tests/system/filter-aaaa/ns1/named2.conf
bin/tests/system/filter-aaaa/ns1/named2.conf
+1
-0
bin/tests/system/filter-aaaa/ns1/root.db
bin/tests/system/filter-aaaa/ns1/root.db
+8
-4
bin/tests/system/filter-aaaa/ns1/signed.db.in
bin/tests/system/filter-aaaa/ns1/signed.db.in
+6
-4
bin/tests/system/filter-aaaa/ns1/unsigned.db
bin/tests/system/filter-aaaa/ns1/unsigned.db
+6
-4
bin/tests/system/filter-aaaa/ns2/named1.conf
bin/tests/system/filter-aaaa/ns2/named1.conf
+1
-0
bin/tests/system/filter-aaaa/ns2/named2.conf
bin/tests/system/filter-aaaa/ns2/named2.conf
+1
-0
bin/tests/system/filter-aaaa/ns3/named1.conf
bin/tests/system/filter-aaaa/ns3/named1.conf
+1
-0
bin/tests/system/filter-aaaa/ns3/named2.conf
bin/tests/system/filter-aaaa/ns3/named2.conf
+1
-0
bin/tests/system/filter-aaaa/ns4/named1.conf
bin/tests/system/filter-aaaa/ns4/named1.conf
+1
-0
bin/tests/system/filter-aaaa/ns4/named2.conf
bin/tests/system/filter-aaaa/ns4/named2.conf
+1
-0
bin/tests/system/filter-aaaa/ns4/root.db
bin/tests/system/filter-aaaa/ns4/root.db
+10
-6
bin/tests/system/filter-aaaa/ns4/signed.db.in
bin/tests/system/filter-aaaa/ns4/signed.db.in
+6
-4
bin/tests/system/filter-aaaa/ns4/unsigned.db
bin/tests/system/filter-aaaa/ns4/unsigned.db
+6
-4
bin/tests/system/glue/ns1/root.db
bin/tests/system/glue/ns1/root.db
+0
-10
bin/tests/system/glue/tests.sh
bin/tests/system/glue/tests.sh
+0
-8
bin/tests/system/limits/ns1/named.conf
bin/tests/system/limits/ns1/named.conf
+1
-2
bin/tests/system/notify/ns3/named.conf
bin/tests/system/notify/ns3/named.conf
+0
-1
bin/tests/system/notify/ns4/named.conf
bin/tests/system/notify/ns4/named.conf
+0
-1
bin/tests/system/notify/ns5/named.conf
bin/tests/system/notify/ns5/named.conf
+0
-1
bin/tests/system/nsupdate/ns1/named.conf
bin/tests/system/nsupdate/ns1/named.conf
+1
-2
bin/tests/system/nsupdate/ns2/named.conf
bin/tests/system/nsupdate/ns2/named.conf
+0
-1
bin/tests/system/resolver/ns1/named.conf
bin/tests/system/resolver/ns1/named.conf
+0
-1
bin/tests/system/rpz/ns1/named.conf
bin/tests/system/rpz/ns1/named.conf
+1
-2
bin/tests/system/rpz/ns2/named.conf
bin/tests/system/rpz/ns2/named.conf
+1
-3
bin/tests/system/rpz/ns3/named.conf
bin/tests/system/rpz/ns3/named.conf
+1
-3
bin/tests/system/rpz/ns4/named.conf
bin/tests/system/rpz/ns4/named.conf
+1
-2
bin/tests/system/rpz/ns5/named.conf
bin/tests/system/rpz/ns5/named.conf
+1
-3
bin/tests/system/rpz/ns6/named.conf
bin/tests/system/rpz/ns6/named.conf
+1
-0
bin/tests/system/rpz/ns7/named.conf
bin/tests/system/rpz/ns7/named.conf
+1
-0
bin/tests/system/rrl/broken.conf
bin/tests/system/rrl/broken.conf
+0
-2
bin/tests/system/rrl/ns2/named.conf
bin/tests/system/rrl/ns2/named.conf
+0
-2
bin/tests/system/rrl/ns4/named.conf
bin/tests/system/rrl/ns4/named.conf
+0
-2
bin/tests/system/rrsetorder/clean.sh
bin/tests/system/rrsetorder/clean.sh
+1
-3
bin/tests/system/rrsetorder/ns1/root.db
bin/tests/system/rrsetorder/ns1/root.db
+5
-0
bin/tests/system/rrsetorder/ns3/named.conf
bin/tests/system/rrsetorder/ns3/named.conf
+0
-1
bin/tests/system/rrsetorder/ns4/named.conf
bin/tests/system/rrsetorder/ns4/named.conf
+0
-1
bin/tests/system/rrsetorder/tests.sh
bin/tests/system/rrsetorder/tests.sh
+5
-5
bin/tests/system/sfcache/ns5/named.conf
bin/tests/system/sfcache/ns5/named.conf
+0
-1
bin/tests/system/statschannel/ns2/named.conf
bin/tests/system/statschannel/ns2/named.conf
+1
-0
bin/tests/system/stress/ns3/named.conf
bin/tests/system/stress/ns3/named.conf
+0
-1
bin/tests/system/stress/ns4/named.conf
bin/tests/system/stress/ns4/named.conf
+0
-1
bin/tests/system/stub/ns1/named.conf
bin/tests/system/stub/ns1/named.conf
+1
-2
bin/tests/system/stub/ns2/named.conf
bin/tests/system/stub/ns2/named.conf
+1
-2
bin/tests/system/stub/ns3/named.conf
bin/tests/system/stub/ns3/named.conf
+1
-3
bin/tests/system/tkey/ns1/named.conf.in
bin/tests/system/tkey/ns1/named.conf.in
+0
-2
bin/tests/system/tkey/tests.sh
bin/tests/system/tkey/tests.sh
+2
-4
bin/tests/system/upforwd/ns1/named.conf
bin/tests/system/upforwd/ns1/named.conf
+0
-1
bin/tests/system/upforwd/ns2/named.conf
bin/tests/system/upforwd/ns2/named.conf
+0
-1
bin/tests/system/upforwd/ns3/named.conf
bin/tests/system/upforwd/ns3/named.conf
+0
-1
bin/tests/system/v6synth/ns2/named.conf
bin/tests/system/v6synth/ns2/named.conf
+0
-1
bin/tests/system/v6synth/ns3/named.conf
bin/tests/system/v6synth/ns3/named.conf
+0
-1
bin/tests/system/xfer/ns3/named.conf
bin/tests/system/xfer/ns3/named.conf
+0
-1
bin/tests/system/zero/ns1/named.conf
bin/tests/system/zero/ns1/named.conf
+0
-1
bin/tests/system/zero/ns2/named.conf
bin/tests/system/zero/ns2/named.conf
+0
-1
bin/tests/system/zero/ns3/named.conf
bin/tests/system/zero/ns3/named.conf
+0
-1
bin/tests/system/zero/ns4/named.conf
bin/tests/system/zero/ns4/named.conf
+0
-1
doc/arm/Bv9ARM-book.xml
doc/arm/Bv9ARM-book.xml
+34
-230
doc/misc/options
doc/misc/options
+10
-10
lib/bind9/check.c
lib/bind9/check.c
+2
-1
lib/dns/Makefile.in
lib/dns/Makefile.in
+2
-2
lib/dns/acache.c
lib/dns/acache.c
+0
-1790
lib/dns/compress.c
lib/dns/compress.c
+232
-61
lib/dns/ecdb.c
lib/dns/ecdb.c
+2
-4
lib/dns/include/dns/Makefile.in
lib/dns/include/dns/Makefile.in
+1
-1
lib/dns/include/dns/acache.h
lib/dns/include/dns/acache.h
+0
-440
lib/dns/include/dns/compress.h
lib/dns/include/dns/compress.h
+11
-6
lib/dns/include/dns/log.h
lib/dns/include/dns/log.h
+1
-1
lib/dns/include/dns/rdataset.h
lib/dns/include/dns/rdataset.h
+43
-119
lib/dns/include/dns/types.h
lib/dns/include/dns/types.h
+0
-3
lib/dns/include/dns/view.h
lib/dns/include/dns/view.h
+0
-3
lib/dns/include/dns/zone.h
lib/dns/include/dns/zone.h
+0
-13
lib/dns/log.c
lib/dns/log.c
+1
-1
lib/dns/message.c
lib/dns/message.c
+5
-3
lib/dns/name.c
lib/dns/name.c
+24
-16
lib/dns/ncache.c
lib/dns/ncache.c
+10
-12
lib/dns/order.c
lib/dns/order.c
+2
-4
lib/dns/rbtdb.c
lib/dns/rbtdb.c
+709
-422
lib/dns/rdatalist.c
lib/dns/rdatalist.c
+5
-7
lib/dns/rdataset.c
lib/dns/rdataset.c
+87
-150
lib/dns/rdataslab.c
lib/dns/rdataslab.c
+10
-12
lib/dns/sdb.c
lib/dns/sdb.c
+8
-10
lib/dns/sdlz.c
lib/dns/sdlz.c
+8
-10
lib/dns/ssu_external.c
lib/dns/ssu_external.c
+1
-1
lib/dns/view.c
lib/dns/view.c
+0
-20
lib/dns/win32/libdns.def.in
lib/dns/win32/libdns.def.in
+1
-19
lib/dns/win32/libdns.dsp.in
lib/dns/win32/libdns.dsp.in
+0
-8
lib/dns/win32/libdns.mak.in
lib/dns/win32/libdns.mak.in
+0
-24
lib/dns/win32/libdns.vcxproj.filters.in
lib/dns/win32/libdns.vcxproj.filters.in
+1
-7
lib/dns/win32/libdns.vcxproj.in
lib/dns/win32/libdns.vcxproj.in
+1
-3
lib/dns/zone.c
lib/dns/zone.c
+0
-46
lib/isc/hash.c
lib/isc/hash.c
+35
-26
lib/isc/include/isc/buffer.h
lib/isc/include/isc/buffer.h
+27
-23
lib/isc/include/isc/msgs.h
lib/isc/include/isc/msgs.h
+1
-0
lib/isc/mem.c
lib/isc/mem.c
+25
-18
lib/isc/rwlock.c
lib/isc/rwlock.c
+22
-3
lib/isccfg/namedconf.c
lib/isccfg/namedconf.c
+10
-5
util/copyrights
util/copyrights
+0
-2
No files found.
CHANGES
View file @
03be5a6b
4605. [performance] Improve performance for delegation heavy answers
and also general query performance. Removes the
acache feature that didn't significantly improve
performance. Adds a glue cache. Removes
additional-from-cache and additional-from-auth
features. Enables minimal-responses by
default. Improves performance of compression
code, owner case restoration, hash function,
etc. Uses inline buffer implementation by
default. Many other performance changes and fixes.
[RT #44029]
4604. [bug] Don't use ERR_load_crypto_strings() when building
4604. [bug] Don't use ERR_load_crypto_strings() when building
with OpenSSL 1.1.0. [RT #45117]
with OpenSSL 1.1.0. [RT #45117]
...
...
bin/named/config.c
View file @
03be5a6b
...
@@ -94,7 +94,6 @@ options {\n\
...
@@ -94,7 +94,6 @@ options {\n\
"\
"\
recursive-clients 1000;
\n
\
recursive-clients 1000;
\n
\
resolver-query-timeout 10;
\n
\
resolver-query-timeout 10;
\n
\
rrset-order { order random; };
\n
\
# serial-queries <obsolete>;
\n
\
# serial-queries <obsolete>;
\n
\
serial-query-rate 20;
\n
\
serial-query-rate 20;
\n
\
server-id none;
\n
\
server-id none;
\n
\
...
@@ -140,15 +139,13 @@ options {\n\
...
@@ -140,15 +139,13 @@ options {\n\
# topology <none>
\n
\
# topology <none>
\n
\
auth-nxdomain false;
\n
\
auth-nxdomain false;
\n
\
minimal-any false;
\n
\
minimal-any false;
\n
\
minimal-responses
fals
e;
\n
\
minimal-responses
tru
e;
\n
\
recursion true;
\n
\
recursion true;
\n
\
provide-ixfr true;
\n
\
provide-ixfr true;
\n
\
request-ixfr true;
\n
\
request-ixfr true;
\n
\
request-expire true;
\n
\
request-expire true;
\n
\
# fetch-glue <obsolete>;
\n
\
# fetch-glue <obsolete>;
\n
\
# rfc2308-type1 <obsolete>;
\n
\
# rfc2308-type1 <obsolete>;
\n
\
additional-from-auth true;
\n
\
additional-from-cache true;
\n
\
query-source address *;
\n
\
query-source address *;
\n
\
query-source-v6 address *;
\n
\
query-source-v6 address *;
\n
\
notify-source *;
\n
\
notify-source *;
\n
\
...
@@ -167,9 +164,6 @@ options {\n\
...
@@ -167,9 +164,6 @@ options {\n\
check-dup-records warn;
\n
\
check-dup-records warn;
\n
\
check-mx warn;
\n
\
check-mx warn;
\n
\
check-spf warn;
\n
\
check-spf warn;
\n
\
acache-enable no;
\n
\
acache-cleaning-interval 60;
\n
\
max-acache-size 16M;
\n
\
dnssec-enable yes;
\n
\
dnssec-enable yes;
\n
\
dnssec-validation yes;
\n
\
dnssec-validation yes;
\n
\
dnssec-accept-expired no;
\n
\
dnssec-accept-expired no;
\n
\
...
...
bin/named/include/named/server.h
View file @
03be5a6b
...
@@ -108,8 +108,6 @@ struct ns_server {
...
@@ -108,8 +108,6 @@ struct ns_server {
unsigned
int
dispatchgen
;
unsigned
int
dispatchgen
;
ns_dispatchlist_t
dispatches
;
ns_dispatchlist_t
dispatches
;
dns_acache_t
*
acache
;
ns_statschannellist_t
statschannels
;
ns_statschannellist_t
statschannels
;
dns_tsigkey_t
*
sessionkey
;
dns_tsigkey_t
*
sessionkey
;
...
...
bin/named/query.c
View file @
03be5a6b
This diff is collapsed.
Click to expand it.
bin/named/server.c
View file @
03be5a6b
...
@@ -52,7 +52,6 @@
...
@@ -52,7 +52,6 @@
#include <bind9/check.h>
#include <bind9/check.h>
#include <dns/acache.h>
#include <dns/adb.h>
#include <dns/adb.h>
#include <dns/badcache.h>
#include <dns/badcache.h>
#include <dns/cache.h>
#include <dns/cache.h>
...
@@ -1279,12 +1278,14 @@ configure_order(dns_order_t *order, const cfg_obj_t *ent) {
...
@@ -1279,12 +1278,14 @@ configure_order(dns_order_t *order, const cfg_obj_t *ent) {
#if DNS_RDATASET_FIXED
#if DNS_RDATASET_FIXED
mode = DNS_RDATASETATTR_FIXEDORDER;
mode = DNS_RDATASETATTR_FIXEDORDER;
#else
#else
mode =
0
;
mode =
DNS_RDATASETATTR_CYCLIC
;
#endif /* DNS_RDATASET_FIXED */
#endif /* DNS_RDATASET_FIXED */
else if (!strcasecmp(str, "random"))
else if (!strcasecmp(str, "random"))
mode = DNS_RDATASETATTR_RANDOMIZE;
mode = DNS_RDATASETATTR_RANDOMIZE;
else if (!strcasecmp(str, "cyclic"))
else if (!strcasecmp(str, "cyclic"))
mode = 0;
mode = DNS_RDATASETATTR_CYCLIC;
else if (!strcasecmp(str, "none"))
mode = DNS_RDATASETATTR_NONE;
else
else
INSIST(0);
INSIST(0);
...
@@ -2517,8 +2518,6 @@ configure_catz_zone(dns_view_t *view, const cfg_obj_t *config,
...
@@ -2517,8 +2518,6 @@ configure_catz_zone(dns_view_t *view, const cfg_obj_t *config,
RUNTIME_CHECK(tresult == ISC_R_SUCCESS);
RUNTIME_CHECK(tresult == ISC_R_SUCCESS);
dns_zone_setview(dnszone, view);
dns_zone_setview(dnszone, view);
if (view->acache != NULL)
dns_zone_setacache(dnszone, view->acache);
dns_view_addzone(view, dnszone);
dns_view_addzone(view, dnszone);
}
}
...
@@ -3310,7 +3309,6 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
...
@@ -3310,7 +3309,6 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
unsigned int cleaning_interval;
unsigned int cleaning_interval;
size_t max_cache_size;
size_t max_cache_size;
isc_uint32_t max_cache_size_percent = 0;
isc_uint32_t max_cache_size_percent = 0;
size_t max_acache_size;
size_t max_adb_size;
size_t max_adb_size;
isc_uint32_t lame_ttl, fail_ttl;
isc_uint32_t lame_ttl, fail_ttl;
dns_tsig_keyring_t *ring = NULL;
dns_tsig_keyring_t *ring = NULL;
...
@@ -3377,53 +3375,6 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
...
@@ -3377,53 +3375,6 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
CHECKM(ns_config_getport(config, &port), "port");
CHECKM(ns_config_getport(config, &port), "port");
dns_view_setdstport(view, port);
dns_view_setdstport(view, port);
/*
* Create additional cache for this view and zones under the view
* if explicitly enabled.
* XXX950 default to on.
*/
obj = NULL;
(void)ns_config_get(maps, "acache-enable", &obj);
if (obj != NULL && cfg_obj_asboolean(obj)) {
cmctx = NULL;
CHECK(isc_mem_create(0, 0, &cmctx));
CHECK(dns_acache_create(&view->acache, cmctx, ns_g_taskmgr,
ns_g_timermgr));
isc_mem_setname(cmctx, "acache", NULL);
isc_mem_detach(&cmctx);
}
if (view->acache != NULL) {
obj = NULL;
result = ns_config_get(maps, "acache-cleaning-interval", &obj);
INSIST(result == ISC_R_SUCCESS);
dns_acache_setcleaninginterval(view->acache,
cfg_obj_asuint32(obj) * 60);
obj = NULL;
result = ns_config_get(maps, "max-acache-size", &obj);
INSIST(result == ISC_R_SUCCESS);
if (cfg_obj_isstring(obj)) {
str = cfg_obj_asstring(obj);
INSIST(strcasecmp(str, "unlimited") == 0);
max_acache_size = 0;
} else {
isc_resourcevalue_t value;
value = cfg_obj_asuint64(obj);
if (value > SIZE_MAX) {
cfg_obj_log(obj, ns_g_lctx,
ISC_LOG_WARNING,
"'max-acache-size "
"%" ISC_PRINT_QUADFORMAT "u' "
"is too large for this "
"system; reducing to %lu",
value, (unsigned long)SIZE_MAX);
value = SIZE_MAX;
}
max_acache_size = (size_t) value;
}
dns_acache_setcachesize(view->acache, max_acache_size);
}
CHECK(configure_view_acl(vconfig, config, "allow-query", NULL, actx,
CHECK(configure_view_acl(vconfig, config, "allow-query", NULL, actx,
ns_g_mctx, &view->queryacl));
ns_g_mctx, &view->queryacl));
if (view->queryacl == NULL) {
if (view->queryacl == NULL) {
...
@@ -4305,32 +4256,6 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
...
@@ -4305,32 +4256,6 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
INSIST(result == ISC_R_SUCCESS);
INSIST(result == ISC_R_SUCCESS);
view->trust_anchor_telemetry = cfg_obj_asboolean(obj);
view->trust_anchor_telemetry = cfg_obj_asboolean(obj);
/*
* Set sources where additional data and CNAME/DNAME
* targets for authoritative answers may be found.
*/
obj = NULL;
result = ns_config_get(maps, "additional-from-auth", &obj);
INSIST(result == ISC_R_SUCCESS);
view->additionalfromauth = cfg_obj_asboolean(obj);
if (view->recursion && ! view->additionalfromauth) {
cfg_obj_log(obj, ns_g_lctx, ISC_LOG_WARNING,
"'additional-from-auth no' is only supported "
"with 'recursion no'");
view->additionalfromauth = ISC_TRUE;
}
obj = NULL;
result = ns_config_get(maps, "additional-from-cache", &obj);
INSIST(result == ISC_R_SUCCESS);
view->additionalfromcache = cfg_obj_asboolean(obj);
if (view->recursion && ! view->additionalfromcache) {
cfg_obj_log(obj, ns_g_lctx, ISC_LOG_WARNING,
"'additional-from-cache no' is only supported "
"with 'recursion no'");
view->additionalfromcache = ISC_TRUE;
}
/*
/*
* Set "allow-query-cache", "allow-query-cache-on",
* Set "allow-query-cache", "allow-query-cache-on",
* "allow-recursion", and "allow-recursion-on" acls if
* "allow-recursion", and "allow-recursion-on" acls if
...
@@ -5600,8 +5525,6 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig,
...
@@ -5600,8 +5525,6 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig,
* new view.
* new view.
*/
*/
dns_zone_setview(zone, view);
dns_zone_setview(zone, view);
if (view->acache != NULL)
dns_zone_setacache(zone, view->acache);
} else {
} else {
/*
/*
* We cannot reuse an existing zone, we have
* We cannot reuse an existing zone, we have
...
@@ -5610,8 +5533,6 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig,
...
@@ -5610,8 +5533,6 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig,
CHECK(dns_zonemgr_createzone(ns_g_server->zonemgr, &zone));
CHECK(dns_zonemgr_createzone(ns_g_server->zonemgr, &zone));
CHECK(dns_zone_setorigin(zone, origin));
CHECK(dns_zone_setorigin(zone, origin));
dns_zone_setview(zone, view);
dns_zone_setview(zone, view);
if (view->acache != NULL)
dns_zone_setacache(zone, view->acache);
CHECK(dns_zonemgr_managezone(ns_g_server->zonemgr, zone));
CHECK(dns_zonemgr_managezone(ns_g_server->zonemgr, zone));
dns_zone_setstats(zone, ns_g_server->zonestats);
dns_zone_setstats(zone, ns_g_server->zonestats);
}
}
...
@@ -5670,8 +5591,6 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig,
...
@@ -5670,8 +5591,6 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig,
CHECK(dns_zone_create(&raw, mctx));
CHECK(dns_zone_create(&raw, mctx));
CHECK(dns_zone_setorigin(raw, origin));
CHECK(dns_zone_setorigin(raw, origin));
dns_zone_setview(raw, view);
dns_zone_setview(raw, view);
if (view->acache != NULL)
dns_zone_setacache(raw, view->acache);
dns_zone_setstats(raw, ns_g_server->zonestats);
dns_zone_setstats(raw, ns_g_server->zonestats);
CHECK(dns_zone_link(zone, raw));
CHECK(dns_zone_link(zone, raw));
}
}
...
@@ -5768,9 +5687,6 @@ add_keydata_zone(dns_view_t *view, const char *directory, isc_mem_t *mctx) {
...
@@ -5768,9 +5687,6 @@ add_keydata_zone(dns_view_t *view, const char *directory, isc_mem_t *mctx) {
CHECK(dns_zonemgr_managezone(ns_g_server->zonemgr, zone));
CHECK(dns_zonemgr_managezone(ns_g_server->zonemgr, zone));
if (view->acache != NULL)
dns_zone_setacache(zone, view->acache);
CHECK(dns_acl_none(mctx, &none));
CHECK(dns_acl_none(mctx, &none));
dns_zone_setqueryacl(zone, none);
dns_zone_setqueryacl(zone, none);
dns_zone_setqueryonacl(zone, none);
dns_zone_setqueryonacl(zone, none);
...
...
bin/tests/system/additional/ns1/named1.conf
View file @
03be5a6b
...
@@ -13,7 +13,6 @@ options {
...
@@ -13,7 +13,6 @@ options {
notify
-
source
10
.
53
.
0
.
1
;
notify
-
source
10
.
53
.
0
.
1
;
transfer
-
source
10
.
53
.
0
.
1
;
transfer
-
source
10
.
53
.
0
.
1
;
recursion
no
;
recursion
no
;
additional
-
from
-
auth
no
;
port
5300
;
port
5300
;
pid
-
file
"named.pid"
;
pid
-
file
"named.pid"
;
listen
-
on
{
10
.
53
.
0
.
1
; };
listen
-
on
{
10
.
53
.
0
.
1
; };
...
...
bin/tests/system/additional/ns1/named2.conf
View file @
03be5a6b
...
@@ -13,7 +13,6 @@ options {
...
@@ -13,7 +13,6 @@ options {
notify
-
source
10
.
53
.
0
.
1
;
notify
-
source
10
.
53
.
0
.
1
;
transfer
-
source
10
.
53
.
0
.
1
;
transfer
-
source
10
.
53
.
0
.
1
;
recursion
no
;
recursion
no
;
additional
-
from
-
auth
no
;
port
5300
;
port
5300
;
pid
-
file
"named.pid"
;
pid
-
file
"named.pid"
;
listen
-
on
{
10
.
53
.
0
.
1
; };
listen
-
on
{
10
.
53
.
0
.
1
; };
...
...
bin/tests/system/additional/ns1/named3.conf
View file @
03be5a6b
...
@@ -11,7 +11,6 @@ options {
...
@@ -11,7 +11,6 @@ options {
notify
-
source
10
.
53
.
0
.
1
;
notify
-
source
10
.
53
.
0
.
1
;
transfer
-
source
10
.
53
.
0
.
1
;
transfer
-
source
10
.
53
.
0
.
1
;
recursion
no
;
recursion
no
;
additional
-
from
-
auth
no
;
port
5300
;
port
5300
;
pid
-
file
"named.pid"
;
pid
-
file
"named.pid"
;
listen
-
on
{
10
.
53
.
0
.
1
; };
listen
-
on
{
10
.
53
.
0
.
1
; };
...
...
bin/tests/system/additional/ns1/named4.conf
View file @
03be5a6b
...
@@ -11,7 +11,6 @@ options {
...
@@ -11,7 +11,6 @@ options {
notify
-
source
10
.
53
.
0
.
1
;
notify
-
source
10
.
53
.
0
.
1
;
transfer
-
source
10
.
53
.
0
.
1
;
transfer
-
source
10
.
53
.
0
.
1
;
recursion
no
;
recursion
no
;
additional
-
from
-
auth
no
;
port
5300
;
port
5300
;
pid
-
file
"named.pid"
;
pid
-
file
"named.pid"
;
listen
-
on
{
10
.
53
.
0
.
1
; };
listen
-
on
{
10
.
53
.
0
.
1
; };
...
...
bin/tests/system/autosign/clean.sh
View file @
03be5a6b
...
@@ -6,7 +6,8 @@
...
@@ -6,7 +6,8 @@
# License, v. 2.0. If a copy of the MPL was not distributed with this
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
rm
-f
*
/K
*
*
/dsset-
*
*
/
*
.signed
*
/trusted.conf
*
/tmp
*
*
/
*
.jnl
*
/
*
.bk
rm
-f
*
/K
*
*
/dsset-
*
*
/
*
.signed
*
/tmp
*
*
/
*
.jnl
*
/
*
.bk
rm
-f
*
/trusted.conf
*
/private.conf
rm
-f
*
/core
rm
-f
*
/core
rm
-f
*
/example.bk
rm
-f
*
/example.bk
rm
-f
*
/named.memstats
rm
-f
*
/named.memstats
...
...
bin/tests/system/autosign/ns2/keygen.sh
View file @
03be5a6b
...
@@ -31,9 +31,19 @@ $DSFROMKEY $kskname.key > dsset-${zone}$TP
...
@@ -31,9 +31,19 @@ $DSFROMKEY $kskname.key > dsset-${zone}$TP
zone
=
private.secure.example
zone
=
private.secure.example
zonefile
=
"
${
zone
}
.db"
zonefile
=
"
${
zone
}
.db"
infile
=
"
${
zonefile
}
.in"
infile
=
"
${
zonefile
}
.in"
cp
$infile
$zonefile
ksk
=
`
$KEYGEN
-3
-q
-r
$RANDFILE
-fk
$zone
`
$KEYGEN
-3
-q
-r
$RANDFILE
-fk
$zone
>
/dev/null
$KEYGEN
-3
-q
-r
$RANDFILE
$zone
>
/dev/null
$KEYGEN
-3
-q
-r
$RANDFILE
$zone
>
/dev/null
cat
$ksk
.key |
grep
-v
'^; '
|
$PERL
-n
-e
'
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print <<EOF
trusted-keys {
"$dn" $flags $proto $alg "$key";
};
EOF
'
>
private.conf
cp
private.conf ../ns4/private.conf
$SIGNER
-S
-3
beef
-A
-o
$zone
-f
$zonefile
$infile
>
/dev/null 2>&1
# Extract saved keys for the revoke-to-duplicate-key test
# Extract saved keys for the revoke-to-duplicate-key test
zone
=
bar
zone
=
bar
...
...
bin/tests/system/autosign/ns4/named.conf
View file @
03be5a6b
...
@@ -6,8 +6,6 @@
...
@@ -6,8 +6,6 @@
*
file
,
You
can
obtain
one
at
http
://
mozilla
.
org
/
MPL
/
2
.
0
/.
*
file
,
You
can
obtain
one
at
http
://
mozilla
.
org
/
MPL
/
2
.
0
/.
*/
*/
/* $
Id
:
named
.
conf
,
v
1
.
3
2009
/
11
/
30
23
:
48
:
02
tbox
Exp
$ */
//
NS4
//
NS4
controls
{ /*
empty
*/ };
controls
{ /*
empty
*/ };
...
@@ -21,7 +19,6 @@ options {
...
@@ -21,7 +19,6 @@ options {
listen
-
on
{
10
.
53
.
0
.
4
; };
listen
-
on
{
10
.
53
.
0
.
4
; };
listen
-
on
-
v6
{
none
; };
listen
-
on
-
v6
{
none
; };
recursion
yes
;
recursion
yes
;
acache
-
enable
yes
;
dnssec
-
enable
yes
;
dnssec
-
enable
yes
;
dnssec
-
validation
yes
;
dnssec
-
validation
yes
;
dnssec
-
must
-
be
-
secure
mustbesecure
.
example
yes
;
dnssec
-
must
-
be
-
secure
mustbesecure
.
example
yes
;
...
@@ -33,3 +30,4 @@ zone "." {
...
@@ -33,3 +30,4 @@ zone "." {
};
};
include
"trusted.conf"
;
include
"trusted.conf"
;
include
"private.conf"
;
bin/tests/system/autosign/ns5/named.conf
View file @
03be5a6b
...
@@ -21,7 +21,6 @@ options {
...
@@ -21,7 +21,6 @@ options {
listen
-
on
{
10
.
53
.
0
.
5
; };
listen
-
on
{
10
.
53
.
0
.
5
; };
listen
-
on
-
v6
{
none
; };
listen
-
on
-
v6
{
none
; };
recursion
yes
;
recursion
yes
;
acache
-
enable
yes
;
dnssec
-
enable
yes
;
dnssec
-
enable
yes
;
dnssec
-
validation
yes
;
dnssec
-
validation
yes
;
};
};
...
...
bin/tests/system/autosign/tests.sh
View file @
03be5a6b
...
@@ -692,8 +692,7 @@ $DIG $DIGOPTS +noauth a.private.secure.example. a @10.53.0.4 \
...
@@ -692,8 +692,7 @@ $DIG $DIGOPTS +noauth a.private.secure.example. a @10.53.0.4 \
>
dig.out.ns4.test
$n
||
ret
=
1
>
dig.out.ns4.test
$n
||
ret
=
1
$PERL
../digcomp.pl dig.out.ns2.test
$n
dig.out.ns4.test
$n
||
ret
=
1
$PERL
../digcomp.pl dig.out.ns2.test
$n
dig.out.ns4.test
$n
||
ret
=
1
grep
"NOERROR"
dig.out.ns4.test
$n
>
/dev/null
||
ret
=
1
grep
"NOERROR"
dig.out.ns4.test
$n
>
/dev/null
||
ret
=
1
# Note - this is looking for failure, hence the &&
grep
"flags:.*ad.*QUERY"
dig.out.ns4.test
$n
>
/dev/null
||
ret
=
1
grep
"flags:.*ad.*QUERY"
dig.out.ns4.test
$n
>
/dev/null
&&
ret
=
1
n
=
`
expr
$n
+ 1
`
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
status
=
`
expr
$status
+
$ret
`
...
@@ -714,13 +713,9 @@ status=`expr $status + $ret`
...
@@ -714,13 +713,9 @@ status=`expr $status + $ret`
echo
"I:checking privately secure to nxdomain works (
$n
)"
echo
"I:checking privately secure to nxdomain works (
$n
)"
ret
=
0
ret
=
0
$DIG
$DIGOPTS
+noauth private2secure-nxdomain.private.secure.example. SOA @10.53.0.2
\
$DIG
$DIGOPTS
+noauth private2secure-nxdomain.private.secure.example. SOA @10.53.0.4
>
dig.out.ns4.test
$n
||
ret
=
1
>
dig.out.ns2.test
$n
||
ret
=
1
grep
"NXDOMAIN"
dig.out.ns4.test
$n
>
/dev/null
||
ret
=
1
$DIG
$DIGOPTS
+noauth private2secure-nxdomain.private.secure.example. SOA @10.53.0.4
\
grep
"flags:.*ad.*QUERY"
dig.out.ns4.test
$n
>
/dev/null
||
ret
=
1
>
dig.out.ns4.test
$n
||
ret
=
1
$PERL
../digcomp.pl dig.out.ns2.test
$n
dig.out.ns4.test
$n
||
ret
=
1
# Note - this is looking for failure, hence the &&
grep
"flags:.*ad.*QUERY"
dig.out.ns4.test
$n
>
/dev/null
&&
ret
=
1
n
=
`
expr
$n
+ 1
`
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
status
=
`
expr
$status
+
$ret
`
...
...
bin/tests/system/cacheclean/ns1/named.conf
View file @
03be5a6b
...
@@ -6,8 +6,6 @@
...
@@ -6,8 +6,6 @@
*
file
,
You
can
obtain
one
at
http
://
mozilla
.
org
/
MPL
/
2
.
0
/.
*
file
,
You
can
obtain
one
at
http
://
mozilla
.
org
/
MPL
/
2
.
0
/.
*/
*/
/* $
Id
:
named
.
conf
,
v
1
.
11
2011
/
08
/
02
23
:
47
:
52
tbox
Exp
$ */
controls
{ /*
empty
*/ };
controls
{ /*
empty
*/ };
options
{
options
{
...
@@ -21,6 +19,7 @@ options {
...
@@ -21,6 +19,7 @@ options {
recursion
no
;
recursion
no
;
notify
yes
;
notify
yes
;
check
-
integrity
no
;
check
-
integrity
no
;
minimal
-
responses
no
;
};
};
zone
"."
{
zone
"."
{
...
...
bin/tests/system/case/ns1/named.conf
View file @
03be5a6b
...
@@ -20,6 +20,7 @@ options {
...
@@ -20,6 +20,7 @@ options {
notify
yes
;
notify
yes
;
ixfr
-
from
-
differences
yes
;
ixfr
-
from
-
differences
yes
;
check
-
integrity
no
;
check
-
integrity
no
;
minimal
-
responses
no
;
};
};
zone
"example"
{
zone
"example"
{
...
...
bin/tests/system/case/ns2/named.conf
View file @
03be5a6b
...
@@ -21,6 +21,7 @@ options {
...
@@ -21,6 +21,7 @@ options {
ixfr
-
from
-
differences
yes
;
ixfr
-
from
-
differences
yes
;
check
-
integrity
no
;
check
-
integrity
no
;
no
-
case
-
compress
{
10
.
53
.
0
.
2
; };
no
-
case
-
compress
{
10
.
53
.
0
.
2
; };
minimal
-
responses
no
;
};
};
zone
"example"
{
zone
"example"
{
...
...
bin/tests/system/checknames/ns2/named.conf
View file @
03be5a6b
...
@@ -19,7 +19,6 @@ options {
...
@@ -19,7 +19,6 @@ options {
listen
-
on
{
10
.
53
.
0
.
2
; };
listen
-
on
{
10
.
53
.
0
.
2
; };
listen
-
on
-
v6
{
none
; };
listen
-
on
-
v6
{
none
; };
recursion
yes
;
recursion
yes
;
acache
-
enable
yes
;
check
-
names
response
warn
;
check
-
names
response
warn
;
notify
yes
;
notify
yes
;
};
};
...
...
bin/tests/system/checknames/ns3/named.conf
View file @
03be5a6b
...
@@ -19,7 +19,6 @@ options {
...
@@ -19,7 +19,6 @@ options {
listen
-
on
{
10
.
53
.
0
.
3
; };
listen
-
on
{
10
.
53
.
0
.
3
; };
listen
-
on
-
v6
{
none
; };
listen
-
on
-
v6
{
none
; };
recursion
yes
;
recursion
yes
;
acache
-
enable
yes
;
check
-
names
response
fail
;
check
-
names
response
fail
;
notify
yes
;
notify
yes
;
};
};
...
...
bin/tests/system/checknames/ns4/named.conf
View file @
03be5a6b
...
@@ -19,7 +19,6 @@ options {
...
@@ -19,7 +19,6 @@ options {
listen
-
on
{
10
.
53
.
0
.
4
; };
listen
-
on
{
10
.
53
.
0
.
4
; };
listen
-
on
-
v6
{
none
; };
listen
-
on
-
v6
{
none
; };
recursion
yes
;
recursion
yes
;
acache
-
enable
yes
;
check
-
names
master
ignore
;
check
-
names
master
ignore
;
notify
yes
;
notify
yes
;
};
};
...
...
bin/tests/system/cookie/ns1/named.conf
View file @
03be5a6b
...
@@ -24,7 +24,6 @@ options {
...
@@ -24,7 +24,6 @@ options {
listen
-
on
{
10
.
53
.
0
.
1
; };
listen
-
on
{
10
.
53
.
0
.
1
; };
listen
-
on
-
v6
{
none
; };
listen
-
on
-
v6
{
none
; };
recursion
yes
;
recursion
yes
;
acache
-
enable
yes
;
deny
-
answer
-
addresses
{
192
.
0
.
2
.
0
/
24
;
2001
:
db8
:
beef
::/
48
; }
deny
-
answer
-
addresses
{
192
.
0
.
2
.
0
/
24
;
2001
:
db8
:
beef
::/
48
; }
except
-
from
{
"example.org"
; };
except
-
from
{
"example.org"
; };
deny
-
answer
-
aliases
{
"example.org"
; }
deny
-
answer
-
aliases
{
"example.org"
; }
...
...
bin/tests/system/cookie/ns2/named.conf
View file @
03be5a6b
...
@@ -17,7 +17,6 @@ options {
...
@@ -17,7 +17,6 @@ options {
listen
-
on
{
10
.
53
.
0
.
2
; };
listen
-
on
{
10
.
53
.
0
.
2
; };
listen
-
on
-
v6
{
none
; };
listen
-
on
-
v6
{
none
; };
recursion
no
;
recursion
no
;