Commit 2cb9e8a0 authored by Michał Kępień's avatar Michał Kępień Committed by Ondřej Surý

Replace the "mirror" zone option with "type mirror;"

Use a zone's 'type' field instead of the value of its DNS_ZONEOPT_MIRROR
option for checking whether it is a mirror zone.  This makes said zone
option and its associated helper function, dns_zone_mirror(), redundant,
so remove them.  Remove a check specific to mirror zones from
named_zone_reusable() since another check in that function ensures that
changing a zone's type prevents it from being reused during
reconfiguration.
parent e1bb8de6
......@@ -6978,6 +6978,9 @@ removed(dns_zone_t *zone, void *uap) {
case dns_zone_slave:
type = "slave";
break;
case dns_zone_mirror:
type = "mirror";
break;
case dns_zone_stub:
type = "stub";
break;
......@@ -14043,7 +14046,10 @@ named_server_zonestatus(named_server_t *server, isc_lex_t *lex,
type = "master";
break;
case dns_zone_slave:
type = dns_zone_ismirror(zone) ? "mirror" : "slave";
type = "slave";
break;
case dns_zone_mirror:
type = "mirror";
break;
case dns_zone_stub:
type = "stub";
......
......@@ -1700,8 +1700,26 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
* Configure slave functionality.
*/
switch (ztype) {
case dns_zone_slave:
case dns_zone_mirror:
/*
* Disable outgoing zone transfers for mirror zones unless they
* are explicitly enabled by zone configuration.
*/
obj = NULL;
(void)cfg_map_get(zoptions, "allow-transfer", &obj);
if (obj == NULL) {
dns_acl_t *none;
RETERR(dns_acl_none(mctx, &none));
dns_zone_setxfracl(zone, none);
dns_acl_detach(&none);
}
/*
* Only allow "also-notify".
*/
notifytype = dns_notifytype_explicit;
dns_zone_setnotifytype(zone, notifytype);
/* FALLTHROUGH */
case dns_zone_slave:
case dns_zone_stub:
case dns_zone_redirect:
count = 0;
......@@ -1733,35 +1751,6 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
}
dns_zone_setoption(mayberaw, DNS_ZONEOPT_MULTIMASTER, multi);
obj = NULL;
(void)cfg_map_get(zoptions, "mirror", &obj);
if (obj != NULL) {
bool mirror = cfg_obj_asboolean(obj);
dns_zone_setoption(mayberaw, DNS_ZONEOPT_MIRROR,
mirror);
if (mirror) {
/*
* Disable outgoing zone transfers unless they
* are explicitly enabled by zone
* configuration.
*/
obj = NULL;
(void)cfg_map_get(zoptions, "allow-transfer",
&obj);
if (obj == NULL) {
dns_acl_t *none;
RETERR(dns_acl_none(mctx, &none));
dns_zone_setxfracl(zone, none);
dns_acl_detach(&none);
}
/*
* Only allow "also-notify".
*/
notifytype = dns_notifytype_explicit;
dns_zone_setnotifytype(zone, notifytype);
}
}
obj = NULL;
result = named_config_get(maps, "max-transfer-time-in", &obj);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
......@@ -1901,7 +1890,7 @@ named_zone_reusable(dns_zone_t *zone, const cfg_obj_t *zconfig) {
const char *cfilename;
const char *zfilename;
dns_zone_t *raw = NULL;
bool has_raw, mirror;
bool has_raw;
dns_zonetype_t ztype;
zoptions = cfg_tuple_get(zconfig, "options");
......@@ -1941,21 +1930,6 @@ named_zone_reusable(dns_zone_t *zone, const cfg_obj_t *zconfig) {
return (false);
}
/*
* Do not reuse a zone whose "mirror" setting was changed.
*/
obj = NULL;
mirror = false;
(void)cfg_map_get(zoptions, "mirror", &obj);
if (obj != NULL) {
mirror = cfg_obj_asboolean(obj);
}
if (dns_zone_ismirror(zone) != mirror) {
dns_zone_log(zone, ISC_LOG_DEBUG(1),
"not reusable: mirror setting changed");
return (false);
}
if (zonetype_fromconfig(zoptions) != ztype) {
dns_zone_log(zone, ISC_LOG_DEBUG(1),
"not reusable: type mismatch");
......
Copyright (C) Internet Systems Consortium, Inc. ("ISC")
See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
This test checks whether zones configured with "type mirror;" behave as
expected.
ns1 is an authoritative-only server. It only serves the root zone, which is
mirrored by ns3.
ns2 is an authoritative-only server. It serves a number of zones, some of which
are delegated to it by ns1 and used in recursive resolution tests aimed at ns3
while others are only served so that ns3 has a primary server to mirror zones
from during various tests of the mirror zone implementation.
ns3 is a recursive resolver. It has a number of mirror zones configured. This
is the only server whose behavior is being examined by this system test.
......@@ -37,62 +37,54 @@ zone "." {
};
zone "." {
type slave;
type mirror;
masters { 10.53.0.1; };
mirror yes;
file "root.db.mirror";
};
zone "initially-unavailable" {
type slave;
type mirror;
masters { 10.53.0.2; };
mirror yes;
file "initially-unavailable.db.mirror";
use-alt-transfer-source no;
};
zone "verify-axfr" {
type slave;
type mirror;
masters { 10.53.0.2; };
mirror yes;
file "verify-axfr.db.mirror";
};
zone "verify-ixfr" {
type slave;
type mirror;
masters { 10.53.0.2; };
mirror yes;
file "verify-ixfr.db.mirror";
masterfile-format text;
};
zone "verify-load" {
type slave;
type mirror;
masters { 10.53.0.2; };
mirror yes;
file "verify-load.db.mirror";
masterfile-format text;
};
zone "verify-reconfig" {
type slave;
type mirror;
masters { 10.53.0.2; };
mirror yes;
file "verify-reconfig.db.mirror";
masterfile-format text;
};
zone "verify-unsigned" {
type slave;
type mirror;
masters { 10.53.0.2; };
mirror yes;
file "verify-unsigned.db.mirror";
};
zone "verify-untrusted" {
type slave;
type mirror;
masters { 10.53.0.2; };
mirror yes;
file "verify-untrusted.db.mirror";
};
......
......@@ -21,6 +21,4 @@ copy_setports ns3/named.conf.in ns3/named.conf
( cd ns1 && $SHELL -e sign.sh )
cat ns2/verify-axfr.db.bad.signed > ns2/verify-axfr.db.signed
cat ns2/verify-ixfr.db.original.signed > ns2/verify-ixfr.db.signed
cat ns2/verify-load.db.bad.signed > ns3/verify-load.db.mirror
cat ns2/verify-untrusted.db.original.signed > ns2/verify-untrusted.db.signed
......@@ -380,7 +380,7 @@ if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo_i "checking that \"rndc reconfig\" properly handles a yes -> no \"mirror\" setting change ($n)"
echo_i "checking that \"rndc reconfig\" properly handles a mirror -> slave zone type change ($n)"
ret=0
# Sanity check before we start.
$DIG $DIGOPTS @10.53.0.3 +norec verify-reconfig SOA > dig.out.ns3.test$n.1 2>&1 || ret=1
......@@ -390,13 +390,13 @@ grep "flags:.* ad" dig.out.ns3.test$n.1 > /dev/null || ret=1
# Reconfigure the zone so that it is no longer a mirror zone.
# (NOTE: Keep the embedded newline in the sed function list below.)
sed '/^zone "verify-reconfig" {$/,/^};$/ {
s/mirror yes;/mirror no;/
s/type mirror;/type slave;/
}' ns3/named.conf > ns3/named.conf.modified
mv ns3/named.conf.modified ns3/named.conf
nextpart ns3/named.run > /dev/null
$RNDCCMD 10.53.0.3 reconfig > /dev/null 2>&1
# Zones whose "mirror" setting was changed should not be reusable, which means
# the tested zone should have been reloaded from disk.
# Zones whose type was changed should not be reusable, which means the tested
# zone should have been reloaded from disk.
wait_for_load verify-reconfig ${ORIGINAL_SERIAL} ns3/named.run
# Ensure responses sourced from the reconfigured zone have AA=1 and AD=0.
$DIG $DIGOPTS @10.53.0.3 +norec verify-reconfig SOA > dig.out.ns3.test$n.2 2>&1 || ret=1
......@@ -407,7 +407,7 @@ if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo_i "checking that \"rndc reconfig\" properly handles a no -> yes \"mirror\" setting change ($n)"
echo_i "checking that \"rndc reconfig\" properly handles a slave -> mirror zone type change ($n)"
ret=0
# Put an incorrectly signed version of the zone in the zone file used by ns3.
nextpart ns3/named.run > /dev/null
......@@ -415,7 +415,7 @@ cat ns2/verify-reconfig.db.bad.signed > ns3/verify-reconfig.db.mirror
# Reconfigure the zone so that it is a mirror zone again.
# (NOTE: Keep the embedded newline in the sed function list below.)
sed '/^zone "verify-reconfig" {$/,/^};$/ {
s/mirror no;/mirror yes;/
s/type slave;/type mirror;/
}' ns3/named.conf > ns3/named.conf.modified
mv ns3/named.conf.modified ns3/named.conf
$RNDCCMD 10.53.0.3 reconfig > /dev/null 2>&1
......
......@@ -83,7 +83,6 @@ typedef enum {
DNS_ZONEOPT_CHECKSPF = 1<<27, /*%< check SPF records */
DNS_ZONEOPT_CHECKTTL = 1<<28, /*%< check max-zone-ttl */
DNS_ZONEOPT_AUTOEMPTY = 1<<29, /*%< automatic empty zone */
DNS_ZONEOPT_MIRROR = 1<<30, /*%< mirror zone */
} dns_zoneopt_t;
/*
......@@ -2486,12 +2485,6 @@ dns_zone_isloaded(const dns_zone_t *zone);
* false otherwise.
*/
bool
dns_zone_ismirror(const dns_zone_t *zone);
/*%<
* Return true if 'zone' is a mirror zone, return false otherwise.
*/
isc_result_t
dns_zone_verifydb(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver);
/*%<
......
......@@ -1201,7 +1201,6 @@ dns_zone_idetach
dns_zone_isdynamic
dns_zone_isforced
dns_zone_isloaded
dns_zone_ismirror
dns_zone_keydone
dns_zone_link
dns_zone_load
......
......@@ -19446,13 +19446,6 @@ dns_zone_isloaded(const dns_zone_t *zone) {
return (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED));
}
bool
dns_zone_ismirror(const dns_zone_t *zone) {
REQUIRE(DNS_ZONE_VALID(zone));
return (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_MIRROR));
}
isc_result_t
dns_zone_verifydb(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver) {
dns_dbversion_t *version = NULL;
......@@ -19466,7 +19459,7 @@ dns_zone_verifydb(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver) {
REQUIRE(DNS_ZONE_VALID(zone));
REQUIRE(db != NULL);
if (!dns_zone_ismirror(zone)) {
if (dns_zone_gettype(zone) != dns_zone_mirror) {
return (ISC_R_SUCCESS);
}
......
......@@ -181,7 +181,8 @@ dns_zt_find(dns_zt_t *zt, const dns_name_t *name, unsigned int options,
* instead of returning a SERVFAIL.
*/
if ((options & DNS_ZTFIND_MIRROR) != 0 &&
dns_zone_ismirror(dummy) && !dns_zone_isloaded(dummy))
dns_zone_gettype(dummy) == dns_zone_mirror &&
!dns_zone_isloaded(dummy))
{
result = ISC_R_NOTFOUND;
} else {
......
......@@ -2152,9 +2152,6 @@ zone_clauses[] = {
{ "min-retry-time", &cfg_type_uint32,
CFG_ZONE_SLAVE | CFG_ZONE_MIRROR | CFG_ZONE_STUB
},
{ "mirror", &cfg_type_boolean,
CFG_ZONE_SLAVE
},
{ "multi-master", &cfg_type_boolean,
CFG_ZONE_SLAVE | CFG_ZONE_MIRROR | CFG_ZONE_STUB
},
......
......@@ -1095,7 +1095,7 @@ query_validatezonedb(ns_client_t *client, const dns_name_t *name,
/*
* Mirror zone data is treated as cache data.
*/
if (dns_zone_ismirror(zone)) {
if (dns_zone_gettype(zone) == dns_zone_mirror) {
return (query_checkcacheaccess(client, name, qtype, options));
}
......@@ -5382,7 +5382,7 @@ ns__query_start(query_ctx_t *qctx) {
if (qctx->is_zone) {
qctx->authoritative = true;
if (qctx->zone != NULL) {
if (dns_zone_ismirror(qctx->zone)) {
if (dns_zone_gettype(qctx->zone) == dns_zone_mirror) {
qctx->authoritative = false;
}
if (dns_zone_gettype(qctx->zone) ==
......@@ -7920,7 +7920,8 @@ query_zone_delegation(query_ctx_t *qctx) {
if (USECACHE(qctx->client) &&
(RECURSIONOK(qctx->client) ||
(qctx->zone != NULL && dns_zone_ismirror(qctx->zone))))
(qctx->zone != NULL &&
dns_zone_gettype(qctx->zone) == dns_zone_mirror)))
{
/*
* We might have a better answer or delegation in the
......
......@@ -1537,6 +1537,7 @@
./bin/tests/system/metadata/parent.db ZONE 2009,2016,2018
./bin/tests/system/metadata/setup.sh SH 2009,2011,2012,2014,2016,2017,2018
./bin/tests/system/metadata/tests.sh SH 2009,2011,2012,2013,2014,2016,2017,2018
./bin/tests/system/mirror/README TXT.BRIEF 2018
./bin/tests/system/mirror/clean.sh SH 2018
./bin/tests/system/mirror/ns1/named.conf.in CONF-C 2018
./bin/tests/system/mirror/ns1/root.db.in ZONE 2018
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment