seperate out sibling glue checks

bin/check/check-tool.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: check-tool.c,v 1.18 2005/06/20 01:03:48 marka Exp $ */
+/* $Id: check-tool.c,v 1.19 2005/08/24 23:53:54 marka Exp $ */
 
 /*! \file */
 
@@ -70,7 +70,7 @@ unsigned int zone_options = DNS_ZONEOPT_CHECKNS |
 			    DNS_ZONEOPT_CHECKMX |
 			    DNS_ZONEOPT_MANYERRORS |
 			    DNS_ZONEOPT_CHECKNAMES |
-			    DNS_ZONEOPT_INTEGRITYCHECK |
+			    DNS_ZONEOPT_CHECKINTEGRITY |
 			    DNS_ZONEOPT_CHECKWILDCARD;
 
 /*

bin/check/named-checkconf.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named-checkconf.c,v 1.37 2005/08/23 02:36:05 marka Exp $ */
+/* $Id: named-checkconf.c,v 1.38 2005/08/24 23:53:54 marka Exp $ */
 
 /*! \file */
 
@@ -166,9 +166,7 @@ configure_zone(const char *vclass, const char *view, cfg_obj_t *zconfig,
 	cfg_obj_t *fmtobj = NULL;
 	dns_masterformat_t masterformat;
 
-	zone_options = DNS_ZONEOPT_CHECKNS |
-		       DNS_ZONEOPT_MANYERRORS |
-		       DNS_ZONEOPT_INTEGRITYCHECK;
+	zone_options = DNS_ZONEOPT_CHECKNS | DNS_ZONEOPT_MANYERRORS;
 
 	zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name"));
 	classobj = cfg_tuple_get(zconfig, "class");
@@ -219,6 +217,22 @@ configure_zone(const char *vclass, const char *view, cfg_obj_t *zconfig,
 		zone_options &= ~DNS_ZONEOPT_CHECKMXFAIL;
 	}
 
+	obj = NULL;
+	if (get_maps(maps, "check-integrity", &obj)) {
+		if (cfg_obj_asboolean(obj))
+			zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
+		else
+			zone_options &= ~DNS_ZONEOPT_CHECKINTEGRITY;
+	}
+
+	obj = NULL;
+	if (get_maps(maps, "check-sibling", &obj)) {
+		if (cfg_obj_asboolean(obj))
+			zone_options |= DNS_ZONEOPT_CHECKSIBLING;
+		else
+			zone_options &= ~DNS_ZONEOPT_CHECKSIBLING;
+	}
+
 	obj = NULL;
 	if (get_checknames(maps, &obj)) {
 		if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {

bin/check/named-checkzone.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named-checkzone.c,v 1.38 2005/08/22 00:58:18 marka Exp $ */
+/* $Id: named-checkzone.c,v 1.39 2005/08/24 23:53:55 marka Exp $ */
 
 /*! \file */
 
@@ -145,19 +145,36 @@ main(int argc, char **argv) {
 
 		case 'i':
 			if (!strcmp(isc_commandline_argument, "full")) {
-				zone_options |= DNS_ZONEOPT_INTEGRITYCHECK;
+				zone_options |= DNS_ZONEOPT_CHECKINTEGRITY |
+						DNS_ZONEOPT_CHECKSIBLING;
+				docheckmx = ISC_TRUE;
+				docheckns = ISC_TRUE;
+				dochecksrv = ISC_TRUE;
+			} else if (!strcmp(isc_commandline_argument,
+					   "full-sibling")) {
+				zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
+				zone_options &= ~DNS_ZONEOPT_CHECKSIBLING;
 				docheckmx = ISC_TRUE;
 				docheckns = ISC_TRUE;
 				dochecksrv = ISC_TRUE;
 			} else if (!strcmp(isc_commandline_argument,
 					   "local")) {
-				zone_options |= DNS_ZONEOPT_INTEGRITYCHECK;
+				zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
+				zone_options |= DNS_ZONEOPT_CHECKSIBLING;
+				docheckmx = ISC_FALSE;
+				docheckns = ISC_FALSE;
+				dochecksrv = ISC_FALSE;
+			} else if (!strcmp(isc_commandline_argument,
+					   "local-sibling")) {
+				zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
+				zone_options &= ~DNS_ZONEOPT_CHECKSIBLING;
 				docheckmx = ISC_FALSE;
 				docheckns = ISC_FALSE;
 				dochecksrv = ISC_FALSE;
 			} else if (!strcmp(isc_commandline_argument,
 					   "none")) {
-				zone_options &= ~DNS_ZONEOPT_INTEGRITYCHECK;
+				zone_options &= ~DNS_ZONEOPT_CHECKINTEGRITY;
+				zone_options &= ~DNS_ZONEOPT_CHECKSIBLING;
 				docheckmx = ISC_FALSE;
 				docheckns = ISC_FALSE;
 				dochecksrv = ISC_FALSE;

bin/check/named-checkzone.docbook

@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: named-checkzone.docbook,v 1.22 2005/07/19 04:55:19 marka Exp $ -->
+<!-- $Id: named-checkzone.docbook,v 1.23 2005/08/24 23:53:55 marka Exp $ -->
 <refentry id="man.named-checkzone">
   <refentryinfo>
     <date>June 13, 2000</date>
@@ -174,7 +174,9 @@
 	  <para>
 	      Perform post load zone integrity checks.  Possible modes are
 	      <command>"full"</command> (default),
-	      <command>"local"</command> and
+	      <command>"full-sibling"</command>,
+	      <command>"local"</command>,
+	      <command>"local-sibling"</command> and
 	      <command>"none"</command>.
 	  </para>
 	  <para>
@@ -198,6 +200,12 @@
 	      refer to in-zone hostnames or that some required glue exists,
 	      that is when the nameserver is in a child zone.
 	  </para>
+	  <para>
+	      Mode <command>"full-sibling"</command> and
+	      <command>"local-sibling"</command> disable sibling glue
+	      checks but are otherwise the same as <command>"full"</command>
+	      and <command>"local"</command> respectively.
+	  </para>
 	  <para>
 	      Mode <command>"none"</command> disables the checks.
 	  </para>

bin/named/config.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: config.c,v 1.59 2005/08/23 02:36:06 marka Exp $ */
+/* $Id: config.c,v 1.60 2005/08/24 23:53:56 marka Exp $ */
 
 /*! \file */
 
@@ -133,7 +133,6 @@ options {\n\
 	acache-cleaning-interval 60;\n\
 	max-acache-size 0;\n\
 	dnssec-enable no; /* Make yes for 9.4. */ \n\
-	integrity-check yes;\n\
 	clients-per-query 10;\n\
 	max-clients-per-query 100;\n\
 "
@@ -167,6 +166,8 @@ options {\n\
 	max-journal-size unlimited;\n\
 	ixfr-from-differences false;\n\
 	check-wildcard yes;\n\
+	check-sibling yes;\n\
+	check-integrity yes;\n\
 };\n\
 "
 

bin/named/update.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: update.c,v 1.123 2005/07/18 05:58:56 marka Exp $ */
+/* $Id: update.c,v 1.124 2005/08/24 23:53:57 marka Exp $ */
 
 #include <config.h>
 
@@ -2199,7 +2199,7 @@ check_mx(ns_client_t *client, dns_zone_t *zone,
 		/*
 		 * Check zone integrity checks.
 		 */
-		if ((options & DNS_ZONEOPT_INTEGRITYCHECK) == 0)
+		if ((options & DNS_ZONEOPT_CHECKINTEGRITY) == 0)
 			continue;
 		result = dns_db_find(db, &mx.mx, newver, dns_rdatatype_a,
 				     0, 0, NULL, foundname, NULL, NULL);

bin/named/zoneconf.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zoneconf.c,v 1.123 2005/08/23 02:36:08 marka Exp $ */
+/* $Id: zoneconf.c,v 1.124 2005/08/24 23:53:57 marka Exp $ */
 
 /*% */
 
@@ -600,6 +600,11 @@ ns_zone_configure(cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_t *zconfig,
 		INSIST(result == ISC_R_SUCCESS);
 		dns_zone_setnotifydelay(zone, cfg_obj_asuint32(obj));
 
+		obj = NULL;
+		result = ns_config_get(maps, "check-sibling", &obj);
+		INSIST(result == ISC_R_SUCCESS);
+		dns_zone_setoption(zone, DNS_ZONEOPT_CHECKSIBLING, 
+				   cfg_obj_asboolean(obj));
 	}
 
 	/*
@@ -666,9 +671,9 @@ ns_zone_configure(cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_t *zconfig,
 		dns_zone_setoption(zone, DNS_ZONEOPT_CHECKMXFAIL, fail);
 
 		obj = NULL;
-		result = ns_config_get(maps, "integrity-check", &obj);
+		result = ns_config_get(maps, "check-integrity", &obj);
 		INSIST(obj != NULL);
-		dns_zone_setoption(zone, DNS_ZONEOPT_INTEGRITYCHECK, 
+		dns_zone_setoption(zone, DNS_ZONEOPT_CHECKINTEGRITY, 
 				   cfg_obj_asboolean(obj));
 	}
 

bin/tests/system/cacheclean/ns1/named.conf

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named.conf,v 1.6 2005/05/30 02:00:38 marka Exp $ */
+/* $Id: named.conf,v 1.7 2005/08/24 23:53:58 marka Exp $ */
 
 controls { /* empty */ };
 
@@ -29,7 +29,7 @@ options {
 	listen-on-v6 { none; };
 	recursion no;
 	notify yes;
-	integrity-check no;
+	check-integrity no;
 };
 
 zone "." {

bin/tests/system/checknames/ns1/named.conf

@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named.conf,v 1.6 2005/05/30 02:00:39 marka Exp $ */
+/* $Id: named.conf,v 1.7 2005/08/24 23:53:58 marka Exp $ */
 
 controls { /* empty */ };
 
@@ -28,7 +28,7 @@ options {
         listen-on-v6 { none; };
         recursion no;
         notify yes;
-	integrity-check no;
+	check-integrity no;
 };
 
 zone "." {

bin/tests/system/glue/ns1/named.conf

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named.conf,v 1.12 2005/05/30 02:00:39 marka Exp $ */
+/* $Id: named.conf,v 1.13 2005/08/24 23:53:59 marka Exp $ */
 
 controls { /* empty */ };
 
@@ -30,7 +30,7 @@ options {
 	recursion no;
 	notify no;
 	cache-file "cache";
-	integrity-check no;
+	check-integrity no;
 };
 
 zone "." {

bin/tests/system/nsupdate/ns1/named.conf

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named.conf,v 1.14 2005/05/20 01:09:35 marka Exp $ */
+/* $Id: named.conf,v 1.15 2005/08/24 23:53:59 marka Exp $ */
 
 controls { /* empty */ };
 
@@ -43,7 +43,7 @@ controls {
 zone "example.nil" {
 	type master;
 	file "example.db";
-	integrity-check no;
+	check-integrity no;
 	allow-update { any; };
 	allow-transfer { any; };
 };
@@ -51,7 +51,7 @@ zone "example.nil" {
 zone "update.nil" {
 	type master;
 	file "update.db";
-	integrity-check no;
+	check-integrity no;
 	allow-update { any; };
 	allow-transfer { any; };
 	also-notify { 10.53.0.2; };

bin/tests/system/xfer/ns2/named.conf

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named.conf,v 1.20 2005/05/30 02:00:39 marka Exp $ */
+/* $Id: named.conf,v 1.21 2005/08/24 23:54:00 marka Exp $ */
 
 controls { /* empty */ };
 
@@ -30,7 +30,7 @@ options {
 	recursion no;
 	notify yes;
 	ixfr-from-differences yes;
-	integrity-check no;
+	check-integrity no;
 };
 
 include "../../common/controls.conf";

doc/arm/Bv9ARM-book.xml

@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- File: $Id: Bv9ARM-book.xml,v 1.277 2005/08/18 00:57:28 marka Exp $ -->
+<!-- File: $Id: Bv9ARM-book.xml,v 1.278 2005/08/24 23:54:01 marka Exp $ -->
 <book xmlns:xi="http://www.w3.org/2001/XInclude">
   <title>BIND 9 Administrator Reference Manual</title>
 
@@ -4359,7 +4359,8 @@ category notify { null; };
         ( <replaceable>warn</replaceable> | <replaceable>fail</replaceable> | <replaceable>ignore</replaceable> ); </optional>
     <optional> check-mx ( <replaceable>warn</replaceable> | <replaceable>fail</replaceable> | <replaceable>ignore</replaceable> ); </optional>
     <optional> check-wildcard <replaceable>yes_or_no</replaceable>; </optional>
-    <optional> integrity-checks <replaceable>yes_or_no</replaceable>; </optional>
+    <optional> check-integrity <replaceable>yes_or_no</replaceable>; </optional>
+    <optional> check-sibling <replaceable>yes_or_no</replaceable>; </optional>
     <optional> allow-notify { <replaceable>address_match_list</replaceable> }; </optional>
     <optional> allow-query { <replaceable>address_match_list</replaceable> }; </optional>
     <optional> allow-query-cache { <replaceable>address_match_list</replaceable> }; </optional>
@@ -5507,7 +5508,7 @@ options {
             </varlistentry>
 
 	    <varlistentry>
-	      <term><command>integrity-check</command></term>
+	      <term><command>check-integrity</command></term>
 	      <listitem>
 		<para>
 		  Perform post load zone integrity checks on master
@@ -5524,6 +5525,15 @@ options {
 	      </listitem>
 	    </varlistentry>
 
+	    <varlistentry>
+	      <term><command>check-sibling</command></term>
+	      <listitem>
+		<para>
+		  When performing integrity checks also check that
+		  sibling glue exists.  The default is <command>yes</command>.
+		</para>
+	      </listitem>
+	    </varlistentry>
           </variablelist>
 
         </sect3>
@@ -7749,7 +7759,7 @@ view "external" {
     <optional> check-names (<constant>warn</constant>|<constant>fail</constant>|<constant>ignore</constant>) ; </optional>
     <optional> check-mx (<constant>warn</constant>|<constant>fail</constant>|<constant>ignore</constant>) ; </optional>
     <optional> check-wildcard <replaceable>yes_or_no</replaceable>; </optional>
-    <optional> integrity-checks <replaceable>yes_or_no</replaceable> ; </optional>
+    <optional> check-integrity <replaceable>yes_or_no</replaceable> ; </optional>
     <optional> dialup <replaceable>dialup_option</replaceable> ; </optional>
     <optional> delegation-only <replaceable>yes_or_no</replaceable> ; </optional>
     <optional> file <replaceable>string</replaceable> ; </optional>
@@ -8160,11 +8170,21 @@ view "external" {
               </varlistentry>
 
               <varlistentry>
-                <term><command>integrity-check</command></term>
+                <term><command>check-integrity</command></term>
+                <listitem>
+                  <para>
+                    See the description of
+                    <command>check-integrity</command> in <xref linkend="boolean_options"/>.
+                  </para>
+                </listitem>
+              </varlistentry>
+
+              <varlistentry>
+                <term><command>check-sibling</command></term>
                 <listitem>
                   <para>
                     See the description of
-                    <command>integrity-check</command> in <xref linkend="boolean_options"/>.
+                    <command>check-sibling</command> in <xref linkend="boolean_options"/>.
                   </para>
                 </listitem>
               </varlistentry>

lib/dns/include/dns/zone.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zone.h,v 1.136 2005/08/18 00:57:30 marka Exp $ */
+/* $Id: zone.h,v 1.137 2005/08/24 23:54:03 marka Exp $ */
 
 #ifndef DNS_ZONE_H
 #define DNS_ZONE_H 1
@@ -58,8 +58,9 @@ typedef enum {
 #define DNS_ZONEOPT_CHECKWILDCARD 0x00002000U	/*%< check for internal wildcards */
 #define DNS_ZONEOPT_CHECKMX	  0x00004000U	/*%< check-mx */
 #define DNS_ZONEOPT_CHECKMXFAIL   0x00008000U	/*%< fatal check-mx failures */
-#define DNS_ZONEOPT_INTEGRITYCHECK 0x00010000U	/*%< perform integrity checks */
-#define DNS_ZONEOPT_NOCHECKNS	  0x00020000U	/*%< disable IN NS address checks */
+#define DNS_ZONEOPT_CHECKINTEGRITY 0x00010000U	/*%< perform integrity checks */
+#define DNS_ZONEOPT_CHECKSIBLING 0x00020000U	/*%< perform sibling glue checks */
+#define DNS_ZONEOPT_NOCHECKNS	  0x00040000U	/*%< disable IN NS address checks */
 
 #ifndef NOMINUM_PUBLIC
 /*

lib/dns/zone.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zone.c,v 1.444 2005/08/18 00:57:29 marka Exp $ */
+/* $Id: zone.c,v 1.445 2005/08/24 23:54:02 marka Exp $ */
 
 /*! \file */
 
@@ -1585,15 +1585,20 @@ zone_check_glue(dns_zone_t *zone, dns_db_t *db, dns_name_t *name,
 			what = "SIBLING GLUE ";
 		else
 			what = "";
-		dns_zone_log(zone, level,
-			     "%s/NS '%s' has no %saddress records (A or AAAA)",
-			     ownerbuf, namebuf, what);
-		/*
-		 * Log missing address record.
-		 */
-		if (result == DNS_R_DELEGATION && zone->checkns != NULL)
-			answer = (zone->checkns)(zone, name, owner, &a, &aaaa);
-		answer = ISC_FALSE;
+
+		if (result != DNS_R_DELEGATION ||
+		    DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKSIBLING)) {
+			dns_zone_log(zone, level, "%s/NS '%s' has no %s"
+				     "address records (A or AAAA)",
+				     ownerbuf, namebuf, what);
+			/*
+			 * Log missing address record.
+			 */
+			if (result == DNS_R_DELEGATION && zone->checkns != NULL)
+				(void)(zone->checkns)(zone, name, owner,
+						      &a, &aaaa);
+			answer = ISC_FALSE;
+		}
 	} else if (result == DNS_R_CNAME) {
 		dns_zone_log(zone, level, "%s/NS '%s' is a CNAME (illegal)",
 			     ownerbuf, namebuf);
@@ -1849,7 +1854,7 @@ zone_postload(dns_zone_t *zone, dns_db_t *db, isc_time_t loadtime,
 			goto cleanup;
 		}
 		if (zone->type == dns_zone_master &&
-		    DNS_ZONE_OPTION(zone, DNS_ZONEOPT_INTEGRITYCHECK) &&
+		    DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKINTEGRITY) &&
 		    !integrity_checks(zone, db)) {
 			result = DNS_R_BADZONE;
 			goto cleanup;

lib/isccfg/namedconf.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: namedconf.c,v 1.55 2005/08/18 00:57:31 marka Exp $ */
+/* $Id: namedconf.c,v 1.56 2005/08/24 23:54:04 marka Exp $ */
 
 /*! \file */
 
@@ -806,8 +806,9 @@ zone_clauses[] = {
 	{ "zone-statistics", &cfg_type_boolean, 0 },
 	{ "key-directory", &cfg_type_qstring, 0 },
 	{ "check-wildcard", &cfg_type_boolean, 0 },
-	{ "integrity-check", &cfg_type_boolean, 0 },
+	{ "check-integrity", &cfg_type_boolean, 0 },
 	{ "check-mx", &cfg_type_checkmode, 0 },
+	{ "check-sibling", &cfg_type_boolean, 0 },
 	{ NULL, NULL, 0 }
 };