Commit 576f85e5 authored by Andreas Gustafsson's avatar Andreas Gustafsson
Browse files

673. [func] The server can now convert RFC1886-style recursive

                        lookup requests into RFC2874-style lookups, when
                        enabled using the new option "allow-v6-synthesis".
parent 4b0ed7a5
673. [func] The server can now convert RFC1886-style recursive
lookup requests into RFC2874-style lookups, when
enabled using the new option "allow-v6-synthesis".
672. [bug] The wrong time was in the "time signed" field when
replying with BADTIME error.
......
......@@ -15,13 +15,14 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: query.h,v 1.24 2001/01/07 22:06:14 gson Exp $ */
/* $Id: query.h,v 1.25 2001/01/09 18:25:50 gson Exp $ */
#ifndef NAMED_QUERY_H
#define NAMED_QUERY_H 1
#include <isc/types.h>
#include <isc/buffer.h>
#include <isc/netaddr.h>
#include <dns/types.h>
#include <dns/a6.h>
......@@ -49,6 +50,12 @@ struct ns_query {
isc_bufferlist_t namebufs;
ISC_LIST(ns_dbversion_t) activeversions;
ISC_LIST(ns_dbversion_t) freeversions;
/*
* Additional state used during IPv6 response synthesis only.
*/
struct {
isc_netaddr_t na;
} synth;
};
#define NS_QUERYATTR_RECURSIONOK 0x0001
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: query.c,v 1.169 2001/01/09 06:48:47 gson Exp $ */
/* $Id: query.c,v 1.170 2001/01/09 18:25:47 gson Exp $ */
#include <config.h>
......@@ -3395,16 +3395,21 @@ ns_query_start(ns_client_t *client) {
if (WANTDNSSEC(client))
message->flags |= DNS_MESSAGEFLAG_AD;
/*
* Synthesize IPv6 responses if appropriate.
*/
if (RECURSIONOK(client) &&
ISC_FALSE && /* XXX configurable via option allow-v6-synthesis */
client->message->rdclass == dns_rdataclass_in) {
client->message->rdclass == dns_rdataclass_in &&
ns_client_checkacl(client, "v6 synthesis",
client->view->v6synthesisacl,
ISC_FALSE, ISC_LOG_DEBUG(9)) == ISC_R_SUCCESS)
{
if (qtype == dns_rdatatype_aaaa) {
qclient = NULL;
ns_client_attach(client, &qclient);
synth_fwd_start(qclient);
return;
}
else if (qtype == dns_rdatatype_ptr &&
} else if (qtype == dns_rdatatype_ptr &&
/* Must be 32 nibbles + "ip6" + "int" + root */
dns_name_countlabels(client->query.qname) == 32 + 3 &&
dns_name_issubdomain(client->query.qname, &ip6int_name)) {
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: server.c,v 1.276 2000/12/15 21:11:38 gson Exp $ */
/* $Id: server.c,v 1.277 2001/01/09 18:25:48 gson Exp $ */
#include <config.h>
......@@ -647,6 +647,11 @@ configure_view(dns_view_t *view, dns_c_ctx_t *cctx, dns_c_view_t *cview,
dns_c_ctx_getallowrecursion,
&view->recursionacl));
CHECK(configure_view_acl(cview, cctx, actx, ns_g_mctx,
dns_c_view_getv6synthesisacl,
dns_c_ctx_getallowv6synthesis,
&view->v6synthesisacl));
CHECK(configure_view_acl(cview, cctx, actx, ns_g_mctx,
dns_c_view_getsortlist,
dns_c_ctx_getsortlist,
......
......@@ -2,7 +2,7 @@
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
"http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd">
<!-- File: $Id: Bv9ARM-book.xml,v 1.79 2001/01/09 00:05:03 bwelling Exp $ -->
<!-- File: $Id: Bv9ARM-book.xml,v 1.80 2001/01/09 18:25:44 gson Exp $ -->
<book>
......@@ -2535,6 +2535,7 @@ lookups performed on behalf of clients by a caching name server.</para></entry>
<optional> allow-query { <replaceable>address_match_list</replaceable> }; </optional>
<optional> allow-transfer { <replaceable>address_match_list</replaceable> }; </optional>
<optional> allow-recursion { <replaceable>address_match_list</replaceable> }; </optional>
<optional> allow-v6-synthesis { <replaceable>address_match_list</replaceable> }; </optional>
<optional> blackhole { <replaceable>address_match_list</replaceable> }; </optional>
<optional> listen-on <optional> port <replaceable>ip_port</replaceable> </optional> { <replaceable>address_match_list</replaceable> }; </optional>
<optional> listen-on-v6 <optional> port <replaceable>ip_port</replaceable> </optional> { <replaceable>address_match_list</replaceable> }; </optional>
......@@ -2973,6 +2974,7 @@ be specified in the <command>zone</command> statement, in which
case it overrides the <command>options allow-query</command> statement. If
not specified, the default is to allow queries from all hosts.</para></entry>
</row>
<row rowsep = "0">
<entry colname = "1"><para><command>allow-recursion</command></para></entry>
<entry colname = "2"><para>Specifies which hosts are allowed to
......@@ -2982,6 +2984,15 @@ Note that disallowing recursive queries for a host does not prevent the
host from retrieving data that is already in the server's cache.
</para></entry>
</row>
<row rowsep = "0">
<entry colname = "1"><para><command>allow-v6-synthesis</command></para></entry>
<entry colname = "2"><para>Specifies which hosts are to receive
synthetic responses to IPv6 queries as described in
<xref linkend="synthesis"/>.
</para></entry>
</row>
<row rowsep = "0">
<entry colname = "1"><para><command>allow-transfer</command></para></entry>
<entry colname = "2"><para>Specifies which hosts are allowed to
......@@ -3464,6 +3475,40 @@ is used.</para>
<note><simpara>The <command>rrset-order</command> statement
is not yet implemented in <acronym>BIND</acronym> 9.</simpara></note>
</sect3>
<sect3 id="synthesis"><title>Synthetic IPv6 responses</title>
<para>Many existing stub resolvers support IPv6 DNS lookups as defined in
RFC1886, using AAAA records for forward lookups and "nibble labels" in
the <literal>ip6.int</literal> domain for reverse lookups, but do not support
RFC2874-style lookups (using A6 records and binary labels in the
<literal>ip6.arpa</literal> domain).</para>
<para>For those who wish to continue to use such stub resolvers rather than
switching to the BIND 9 lightweight resolver, BIND 9 provides a way
to automatically convert RFC1886-style lookups into
RFC2874-style lookups and return the results as "synthetic" AAAA and
PTR records.</para>
<para>This feature is disabled by default and can be enabled on a per-client
basis by adding a
<command>allow-v6-synthesis { <replaceable>address_match_list</replaceable> };</command>
clause to the <command>options</command> or <command>view</command> statement.
When it is enabled, recursive
AAAA queries cause the server to first try an A6 lookup and if that
fails, an AAAA lookups. No matter which one succeeds, the results are
returned as a set of synthetic AAAA records. Similarly, recursive PTR
queries in <literal>ip6.int</literal> will cause a
lookup in <literal>ip6.arpa</literal> using binary
labels, and if that fails, another lookup in <literal>ip6.int</literal>.
The results are returned as a synthetic PTR record in
<literal>ip6.int</literal>.</para>
<para>The synthetic records have a TTL of zero. DNSSEC validation of
synthetic responses is not currently supported; therefore responses
containing synthetic RRs will not have the AD flag set.</para>
</sect3>
<sect3 id="tuning"><title>Tuning</title>
<informaltable colsep = "0" rowsep = "0"><tgroup cols = "2"
colsep = "0" rowsep = "0" tgroupstyle = "4Level-table">
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: confctx.c,v 1.113 2000/12/13 00:15:18 tale Exp $ */
/* $Id: confctx.c,v 1.114 2001/01/09 18:25:58 gson Exp $ */
#include <config.h>
......@@ -1091,6 +1091,7 @@ dns_c_ctx_optionsprint(FILE *fp, int indent, dns_c_options_t *options)
PRINT_IPMLIST(queryacl, "allow-query");
PRINT_IPMLIST(transferacl, "allow-transfer");
PRINT_IPMLIST(recursionacl, "allow-recursion");
PRINT_IPMLIST(v6synthesisacl, "allow-v6-synthesis");
PRINT_IPMLIST(blackhole, "blackhole");
PRINT_IPMLIST(topology, "topology");
PRINT_IPMLIST(sortlist, "sortlist");
......@@ -1617,6 +1618,7 @@ dns_c_ctx_optionsnew(isc_mem_t *mem, dns_c_options_t **options)
opts->queryacl = NULL;
opts->transferacl = NULL;
opts->recursionacl = NULL;
opts->v6synthesisacl = NULL;
opts->blackhole = NULL;
opts->topology = NULL;
opts->sortlist = NULL;
......@@ -1771,6 +1773,7 @@ dns_c_ctx_optionsdelete(dns_c_options_t **opts)
FREEIPMLIST(queryacl);
FREEIPMLIST(transferacl);
FREEIPMLIST(recursionacl);
FREEIPMLIST(v6synthesisacl);
FREEIPMLIST(blackhole);
FREEIPMLIST(topology);
FREEIPMLIST(sortlist);
......@@ -2090,6 +2093,7 @@ IPMLIST_FUNCS(allownotify, notifyacl)
IPMLIST_FUNCS(allowquery, queryacl)
IPMLIST_FUNCS(allowtransfer, transferacl)
IPMLIST_FUNCS(allowrecursion, recursionacl)
IPMLIST_FUNCS(allowv6synthesis, v6synthesisacl)
IPMLIST_FUNCS(blackhole, blackhole)
IPMLIST_FUNCS(topology, topology)
IPMLIST_FUNCS(sortlist, sortlist)
......
......@@ -33,7 +33,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: confparser.y.dirty,v 1.46 2001/01/08 19:27:19 gson Exp $ */
/* $Id: confparser.y.dirty,v 1.47 2001/01/09 18:26:00 gson Exp $ */
#include <config.h>
......@@ -274,6 +274,7 @@ static isc_boolean_t int_too_big(isc_uint32_t base, isc_uint32_t mult);
%token L_ALLOW_TRANSFER
%token L_ALLOW_UPDATE
%token L_ALLOW_UPDATE_FORWARDING
%token L_ALLOW_V6_SYNTHESIS
%token L_ALSO_NOTIFY
%token L_AUTH_NXDOMAIN
%token L_BANG
......@@ -1262,6 +1263,21 @@ option: /* Empty */
YYABORT;
}
}
| L_ALLOW_V6_SYNTHESIS L_LBRACE address_match_list L_RBRACE
{
tmpres = dns_c_ctx_setallowv6synthesis(currcfg, $3);
dns_c_ipmatchlist_detach(&$3);
if (tmpres == ISC_R_EXISTS) {
parser_error(ISC_FALSE,
"cannot redefine allow-v6-synthesis list");
YYABORT;
} else if (tmpres != ISC_R_SUCCESS) {
parser_error(ISC_FALSE,
"failed to set allow-v6-synthesis");
YYABORT;
}
}
| L_SORTLIST L_LBRACE address_match_list L_RBRACE
{
tmpres = dns_c_ctx_setsortlist(currcfg, $3);
......@@ -3821,6 +3837,25 @@ view_option: L_FORWARD zone_forward_opt
YYABORT;
}
}
| L_ALLOW_V6_SYNTHESIS L_LBRACE address_match_list L_RBRACE
{
dns_c_view_t *view = dns_c_ctx_getcurrview(currcfg);
INSIST(view != NULL);
tmpres = dns_c_view_setv6synthesisacl(view, $3);
dns_c_ipmatchlist_detach(&$3);
if (tmpres == ISC_R_EXISTS) {
parser_error(ISC_FALSE,
"cannot redefine view allow-v6-synthesis");
YYABORT;
} else if (tmpres != ISC_R_SUCCESS) {
parser_error(ISC_FALSE,
"failed to set view allow-v6-synthesis");
YYABORT;
}
}
| L_SORTLIST L_LBRACE address_match_list L_RBRACE
{
dns_c_view_t *view = dns_c_ctx_getcurrview(currcfg);
......@@ -6159,6 +6194,7 @@ static struct token keyword_tokens [] = {
{ "allow-transfer", L_ALLOW_TRANSFER },
{ "allow-update", L_ALLOW_UPDATE },
{ "allow-update-forwarding", L_ALLOW_UPDATE_FORWARDING },
{ "allow-v6-synthesis", L_ALLOW_V6_SYNTHESIS },
{ "also-notify", L_ALSO_NOTIFY },
{ "auth-nxdomain", L_AUTH_NXDOMAIN },
{ "blackhole", L_BLACKHOLE },
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: confview.c,v 1.66 2000/12/13 00:15:24 tale Exp $ */
/* $Id: confview.c,v 1.67 2001/01/09 18:26:01 gson Exp $ */
#include <config.h>
......@@ -535,6 +535,7 @@ dns_c_view_new(isc_mem_t *mem, const char *name, dns_rdataclass_t viewclass,
view->allowupdateforwarding = NULL;
view->transferacl = NULL;
view->recursionacl = NULL;
view->v6synthesisacl = NULL;
view->sortlist = NULL;
view->topology = NULL;
view->matchclients = NULL;
......@@ -775,6 +776,7 @@ dns_c_view_print(FILE *fp, int indent, dns_c_view_t *view) {
PRINT_IPMLIST(allowupdateforwarding, "allow-update-forwarding");
PRINT_IPMLIST(transferacl, "alllow-transfer");
PRINT_IPMLIST(recursionacl, "allow-recursion");
PRINT_IPMLIST(v6synthesisacl, "allow-v6-synthesis");
PRINT_IPMLIST(sortlist, "sortlist");
PRINT_IPMLIST(topology, "topology");
PRINT_IPMLIST(matchclients, "match-clients");
......@@ -949,6 +951,7 @@ dns_c_view_delete(dns_c_view_t **viewptr) {
FREEIPMLIST(allowupdateforwarding);
FREEIPMLIST(transferacl);
FREEIPMLIST(recursionacl);
FREEIPMLIST(v6synthesisacl);
FREEIPMLIST(sortlist);
FREEIPMLIST(topology);
FREEIPMLIST(matchclients);
......@@ -1599,6 +1602,7 @@ IPMLIST_FUNCS(allowquery, allowquery)
IPMLIST_FUNCS(allowupdateforwarding, allowupdateforwarding)
IPMLIST_FUNCS(transferacl, transferacl)
IPMLIST_FUNCS(recursionacl, recursionacl)
IPMLIST_FUNCS(v6synthesisacl, v6synthesisacl)
IPMLIST_FUNCS(sortlist, sortlist)
IPMLIST_FUNCS(topology, topology)
IPMLIST_FUNCS(matchclients, matchclients)
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: confctx.h,v 1.60 2000/12/13 00:15:30 tale Exp $ */
/* $Id: confctx.h,v 1.61 2001/01/09 18:25:57 gson Exp $ */
#ifndef DNS_CONFCTX_H
#define DNS_CONFCTX_H 1
......@@ -209,6 +209,7 @@ struct dns_c_options {
dns_c_ipmatchlist_t *queryacl;
dns_c_ipmatchlist_t *transferacl;
dns_c_ipmatchlist_t *recursionacl;
dns_c_ipmatchlist_t *v6synthesisacl;
dns_c_ipmatchlist_t *blackhole;
dns_c_ipmatchlist_t *topology;
dns_c_ipmatchlist_t *sortlist;
......@@ -774,6 +775,13 @@ isc_result_t dns_c_ctx_getallowrecursion(dns_c_ctx_t *cfg,
isc_result_t dns_c_ctx_unsetallowrecursion(dns_c_ctx_t *cfg);
isc_result_t dns_c_ctx_setallowv6synthesis(dns_c_ctx_t *cfg,
dns_c_ipmatchlist_t *iml);
isc_result_t dns_c_ctx_getallowv6synthesis(dns_c_ctx_t *cfg,
dns_c_ipmatchlist_t **list);
isc_result_t dns_c_ctx_unsetallowv6synthesis(dns_c_ctx_t *cfg);
isc_result_t dns_c_ctx_setblackhole(dns_c_ctx_t *cfg,
dns_c_ipmatchlist_t *iml);
isc_result_t dns_c_ctx_getblackhole(dns_c_ctx_t *cfg,
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: confview.h,v 1.48 2000/12/13 00:15:33 tale Exp $ */
/* $Id: confview.h,v 1.49 2001/01/09 18:25:55 gson Exp $ */
#ifndef DNS_CONFVIEW_H
#define DNS_CONFVIEW_H 1
......@@ -107,6 +107,7 @@ struct dns_c_view {
dns_c_ipmatchlist_t *allowupdateforwarding;
dns_c_ipmatchlist_t *transferacl;
dns_c_ipmatchlist_t *recursionacl;
dns_c_ipmatchlist_t *v6synthesisacl;
dns_c_ipmatchlist_t *sortlist;
dns_c_ipmatchlist_t *topology;
dns_c_ipmatchlist_t *matchclients;
......@@ -273,6 +274,13 @@ isc_result_t dns_c_view_setrecursionacl(dns_c_view_t *view,
isc_result_t dns_c_view_unsetrecursionacl(dns_c_view_t *view);
isc_result_t dns_c_view_getv6synthesisacl(dns_c_view_t *view,
dns_c_ipmatchlist_t **retval);
isc_result_t dns_c_view_setv6synthesisacl(dns_c_view_t *view,
dns_c_ipmatchlist_t *newval);
isc_result_t dns_c_view_unsetv6synthesisacl(dns_c_view_t *view);
isc_result_t dns_c_view_getsortlist(dns_c_view_t *view,
dns_c_ipmatchlist_t **retval);
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: view.h,v 1.61 2000/12/20 23:31:11 bwelling Exp $ */
/* $Id: view.h,v 1.62 2001/01/09 18:25:54 gson Exp $ */
#ifndef DNS_VIEW_H
#define DNS_VIEW_H 1
......@@ -108,6 +108,7 @@ struct dns_view {
dns_transfer_format_t transfer_format;
dns_acl_t * queryacl;
dns_acl_t * recursionacl;
dns_acl_t * v6synthesisacl;
dns_acl_t * sortlist;
isc_boolean_t requestixfr;
isc_boolean_t provideixfr;
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: view.c,v 1.89 2000/12/20 23:31:06 bwelling Exp $ */
/* $Id: view.c,v 1.90 2001/01/09 18:25:51 gson Exp $ */
#include <config.h>
......@@ -157,6 +157,7 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass,
view->transfer_format = dns_one_answer;
view->queryacl = NULL;
view->recursionacl = NULL;
view->v6synthesisacl = NULL;
view->sortlist = NULL;
view->requestixfr = ISC_TRUE;
view->provideixfr = ISC_TRUE;
......@@ -251,6 +252,8 @@ destroy(dns_view_t *view) {
dns_acl_detach(&view->queryacl);
if (view->recursionacl != NULL)
dns_acl_detach(&view->recursionacl);
if (view->v6synthesisacl != NULL)
dns_acl_detach(&view->v6synthesisacl);
if (view->sortlist != NULL)
dns_acl_detach(&view->sortlist);
if (view->cachefile != NULL)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment