Commit 4071efbe authored by Evan Hunt's avatar Evan Hunt
Browse files

[master] disallow map zones in response-policy

4269.	[bug]		Zones using "map" format master files currently
			don't work as policy zones.  This limitation has
			now been documented; attempting to use such zones
			in "response-policy" statements is now a
			configuration error.  [RT #38321]
parent 7bde79b3
4269. [bug] Zones using "map" format master files currently
don't work as policy zones. This limitation has
now been documented; attempting to use such zones
in "response-policy" statements is now a
configuration error. [RT #38321]
4268. [func] "rndc status" now reports the path to the
configuration file. [RT #36470]
......
......@@ -9924,6 +9924,8 @@ deny-answer-aliases { "example.net"; };
that can be queried normally if allowed.
It is usually best to restrict those queries with something like
<command>allow-query { localhost; };</command>.
Note that zones using <command>masterfile-format map</command>
cannot be used as policy zones.
</para>
 
<para>
......
......@@ -907,6 +907,17 @@
when the server was reloaded or reconfigured. [RT #41058]
</para>
</listitem>
<listitem>
<para>
Zones configured to use <command>map</command> format
master files can't be used as policy zones because RPZ
summary data isn't compiled when such zones are mapped into
memory. This limitation may be fixed in a future release,
but in the meantime it has been documented, and attempting
to use such zones in <command>response-policy</command>
statements is now a configuration error. [RT #38321]
</para>
</listitem>
</itemizedlist>
</listitem>
</itemizedlist>
......
......@@ -1710,6 +1710,8 @@ dns_zone_rpz_enable(dns_zone_t *zone, dns_rpz_zones_t *rpzs,
if (strcmp(zone->db_argv[0], "rbt") != 0 &&
strcmp(zone->db_argv[0], "rbt64") != 0)
return (ISC_R_NOTIMPLEMENTED);
if (zone->masterformat == dns_masterformat_map)
return (ISC_R_NOTIMPLEMENTED);
/*
* This must happen only once or be redundant.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment