Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
ISC Open Source Projects
BIND
Commits
5c5c6d28
Commit
5c5c6d28
authored
Dec 02, 2014
by
Francis Dupont
Browse files
Add a TCP only option to server/peer
parent
fc63119c
Changes
21
Hide whitespace changes
Inline
Side-by-side
CHANGES
View file @
5c5c6d28
4012. [bug] Check returned status of OpenSSL digest and HMAC
4013. [func] Add a new tcp-only option to server (config) /
peer (struct) to use TCP transport to send
queries (in place of UDP transport with a
TCP fallback on truncated (TC set) response).
[RT #37800]
4012. [cleanup] Check returned status of OpenSSL digest and HMAC
functions when they return one. Note this applies
only to FIPS capable OpenSSL libraries put in
FIPS mode and MD5. [RT #37944]
...
...
@@ -6,8 +12,8 @@
4011. [bug] master's list port and dscp inheritance was not
properly implemented. [RT #37792]
4010. [cleanup] Clear the prefetchable state when initiating a
prefetch.
[RT #37399]
4010. [cleanup] Clear the prefetchable state when initiating a
prefetch.
[RT #37399]
4009. [func] delv: added a +tcp option. [RT #37855]
...
...
bin/named/named.conf.docbook
View file @
5c5c6d28
...
...
@@ -112,6 +112,7 @@ server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable>
edns
<replaceable>
boolean
</replaceable>
;
edns-udp-size
<replaceable>
integer
</replaceable>
;
max-udp-size
<replaceable>
integer
</replaceable>
;
tcp-only
<replaceable>
boolean
</replaceable>
;
provide-ixfr
<replaceable>
boolean
</replaceable>
;
request-ixfr
<replaceable>
boolean
</replaceable>
;
keys
<replaceable>
server_key
</replaceable>
;
...
...
bin/named/server.c
View file @
5c5c6d28
...
...
@@ -1251,6 +1251,11 @@ configure_peer(const cfg_obj_t *cpeer, isc_mem_t *mctx, dns_peer_t **peerp) {
CHECK
(
dns_peer_setmaxudp
(
peer
,
(
isc_uint16_t
)
udpsize
));
}
obj
=
NULL
;
(
void
)
cfg_map_get
(
cpeer
,
"tcp-only"
,
&
obj
);
if
(
obj
!=
NULL
)
CHECK
(
dns_peer_setforcetcp
(
peer
,
cfg_obj_asboolean
(
obj
)));
obj
=
NULL
;
(
void
)
cfg_map_get
(
cpeer
,
"transfers"
,
&
obj
);
if
(
obj
!=
NULL
)
...
...
bin/tests/system/conf.sh.in
View file @
5c5c6d28
...
...
@@ -73,7 +73,7 @@ SUBDIRS="acl additional allow_query addzone autosign builtin
notify nslookup nsupdate pending @PKCS11_TEST@ reclimit redirect
resolver rndc rpz rrl rrchecker rrsetorder rsabigexponent
sit sfcache smartsign sortlist spf staticstub statistics
stub tkey tsig tsiggss unknown upforwd verify views wildcard
stub
tcp
tkey tsig tsiggss unknown upforwd verify views wildcard
xfer xferquota zero zonechecks"
# Use the CONFIG_SHELL detected by configure for tests
...
...
bin/tests/system/tcp/clean.sh
0 → 100644
View file @
5c5c6d28
#!/bin/sh
#
# Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
rm
-f
*
/named.memstats
rm
-f
*
/named.run
rm
-f
*
/named.stats
rm
-f
dig.out
*
bin/tests/system/tcp/ns1/named.conf
0 → 100644
View file @
5c5c6d28
/*
*
Copyright
(
C
)
2014
Internet
Systems
Consortium
,
Inc
. (
"ISC"
)
*
*
Permission
to
use
,
copy
,
modify
,
and
/
or
distribute
this
software
for
any
*
purpose
with
or
without
fee
is
hereby
granted
,
provided
that
the
above
*
copyright
notice
and
this
permission
notice
appear
in
all
copies
.
*
*
THE
SOFTWARE
IS
PROVIDED
"AS IS"
AND
ISC
DISCLAIMS
ALL
WARRANTIES
WITH
*
REGARD
TO
THIS
SOFTWARE
INCLUDING
ALL
IMPLIED
WARRANTIES
OF
MERCHANTABILITY
*
AND
FITNESS
.
IN
NO
EVENT
SHALL
ISC
BE
LIABLE
FOR
ANY
SPECIAL
,
DIRECT
,
*
INDIRECT
,
OR
CONSEQUENTIAL
DAMAGES
OR
ANY
DAMAGES
WHATSOEVER
RESULTING
FROM
*
LOSS
OF
USE
,
DATA
OR
PROFITS
,
WHETHER
IN
AN
ACTION
OF
CONTRACT
,
NEGLIGENCE
*
OR
OTHER
TORTIOUS
ACTION
,
ARISING
OUT
OF
OR
IN
CONNECTION
WITH
THE
USE
OR
*
PERFORMANCE
OF
THIS
SOFTWARE
.
*/
controls
{ /*
empty
*/ };
options
{
query
-
source
address
10
.
53
.
0
.
1
;
notify
-
source
10
.
53
.
0
.
1
;
transfer
-
source
10
.
53
.
0
.
1
;
port
5300
;
pid
-
file
"named.pid"
;
listen
-
on
{
10
.
53
.
0
.
1
; };
listen
-
on
-
v6
{
none
; };
recursion
no
;
notify
yes
;
statistics
-
file
"named.stats"
;
};
key
rndc_key
{
secret
"1234abcd8765"
;
algorithm
hmac
-
sha256
;
};
controls
{
inet
10
.
53
.
0
.
1
port
9953
allow
{
any
; }
keys
{
rndc_key
; };
};
zone
"."
{
type
master
;
file
"root.db"
;
};
bin/tests/system/tcp/ns1/root.db
0 → 100644
View file @
5c5c6d28
; Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
$TTL 300
. IN SOA gson.nominum.com. a.root.servers.nil. (
2000042100 ; serial
600 ; refresh
600 ; retry
1200 ; expire
600 ; minimum
)
. NS a.root-servers.nil.
a.root-servers.nil. A 10.53.0.1
example. NS ns2.example.
ns2.example. A 10.53.0.2
bin/tests/system/tcp/ns2/example.db
0 → 100644
View file @
5c5c6d28
; Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
$ORIGIN .
$TTL 300 ; 5 minutes
example IN SOA mname1. . (
1 ; serial
20 ; refresh (20 seconds)
20 ; retry (20 seconds)
1814400 ; expire (3 weeks)
3600 ; minimum (1 hour)
)
example. NS ns2.example.
ns2.example. A 10.53.0.2
$ORIGIN example.
a A 10.0.0.1
MX 10 mail.example.
mail A 10.0.0.2
bin/tests/system/tcp/ns2/named.conf
0 → 100644
View file @
5c5c6d28
/*
*
Copyright
(
C
)
2014
Internet
Systems
Consortium
,
Inc
. (
"ISC"
)
*
*
Permission
to
use
,
copy
,
modify
,
and
/
or
distribute
this
software
for
any
*
purpose
with
or
without
fee
is
hereby
granted
,
provided
that
the
above
*
copyright
notice
and
this
permission
notice
appear
in
all
copies
.
*
*
THE
SOFTWARE
IS
PROVIDED
"AS IS"
AND
ISC
DISCLAIMS
ALL
WARRANTIES
WITH
*
REGARD
TO
THIS
SOFTWARE
INCLUDING
ALL
IMPLIED
WARRANTIES
OF
MERCHANTABILITY
*
AND
FITNESS
.
IN
NO
EVENT
SHALL
ISC
BE
LIABLE
FOR
ANY
SPECIAL
,
DIRECT
,
*
INDIRECT
,
OR
CONSEQUENTIAL
DAMAGES
OR
ANY
DAMAGES
WHATSOEVER
RESULTING
FROM
*
LOSS
OF
USE
,
DATA
OR
PROFITS
,
WHETHER
IN
AN
ACTION
OF
CONTRACT
,
NEGLIGENCE
*
OR
OTHER
TORTIOUS
ACTION
,
ARISING
OUT
OF
OR
IN
CONNECTION
WITH
THE
USE
OR
*
PERFORMANCE
OF
THIS
SOFTWARE
.
*/
controls
{ /*
empty
*/ };
options
{
query
-
source
address
10
.
53
.
0
.
2
;
notify
-
source
10
.
53
.
0
.
2
;
transfer
-
source
10
.
53
.
0
.
2
;
port
5300
;
pid
-
file
"named.pid"
;
listen
-
on
{
10
.
53
.
0
.
2
; };
listen
-
on
-
v6
{
none
; };
recursion
yes
;
notify
yes
;
statistics
-
file
"named.stats"
;
};
include
"../../common/controls.conf"
;
zone
"."
{
type
hint
;
file
"../../common/root.hint"
;
};
zone
"example"
{
type
master
;
file
"example.db"
;
allow
-
update
{
any
; };
};
bin/tests/system/tcp/ns3/named.conf
0 → 100644
View file @
5c5c6d28
/*
*
Copyright
(
C
)
2014
Internet
Systems
Consortium
,
Inc
. (
"ISC"
)
*
*
Permission
to
use
,
copy
,
modify
,
and
/
or
distribute
this
software
for
any
*
purpose
with
or
without
fee
is
hereby
granted
,
provided
that
the
above
*
copyright
notice
and
this
permission
notice
appear
in
all
copies
.
*
*
THE
SOFTWARE
IS
PROVIDED
"AS IS"
AND
ISC
DISCLAIMS
ALL
WARRANTIES
WITH
*
REGARD
TO
THIS
SOFTWARE
INCLUDING
ALL
IMPLIED
WARRANTIES
OF
MERCHANTABILITY
*
AND
FITNESS
.
IN
NO
EVENT
SHALL
ISC
BE
LIABLE
FOR
ANY
SPECIAL
,
DIRECT
,
*
INDIRECT
,
OR
CONSEQUENTIAL
DAMAGES
OR
ANY
DAMAGES
WHATSOEVER
RESULTING
FROM
*
LOSS
OF
USE
,
DATA
OR
PROFITS
,
WHETHER
IN
AN
ACTION
OF
CONTRACT
,
NEGLIGENCE
*
OR
OTHER
TORTIOUS
ACTION
,
ARISING
OUT
OF
OR
IN
CONNECTION
WITH
THE
USE
OR
*
PERFORMANCE
OF
THIS
SOFTWARE
.
*/
controls
{ /*
empty
*/ };
options
{
query
-
source
address
10
.
53
.
0
.
3
;
notify
-
source
10
.
53
.
0
.
3
;
transfer
-
source
10
.
53
.
0
.
3
;
port
5300
;
directory
"."
;
pid
-
file
"named.pid"
;
listen
-
on
{
10
.
53
.
0
.
3
; };
listen
-
on
-
v6
{
none
; };
recursion
yes
;
notify
yes
;
};
server
10
.
53
.
0
.
1
{
tcp
-
only
yes
; };
key
rndc_key
{
secret
"1234abcd8765"
;
algorithm
hmac
-
sha256
;
};
controls
{
inet
10
.
53
.
0
.
3
port
9953
allow
{
any
; }
keys
{
rndc_key
; };
};
zone
"."
{
type
hint
;
file
"../../common/root.hint"
;
};
bin/tests/system/tcp/ns4/named.conf
0 → 100644
View file @
5c5c6d28
/*
*
Copyright
(
C
)
2014
Internet
Systems
Consortium
,
Inc
. (
"ISC"
)
*
*
Permission
to
use
,
copy
,
modify
,
and
/
or
distribute
this
software
for
any
*
purpose
with
or
without
fee
is
hereby
granted
,
provided
that
the
above
*
copyright
notice
and
this
permission
notice
appear
in
all
copies
.
*
*
THE
SOFTWARE
IS
PROVIDED
"AS IS"
AND
ISC
DISCLAIMS
ALL
WARRANTIES
WITH
*
REGARD
TO
THIS
SOFTWARE
INCLUDING
ALL
IMPLIED
WARRANTIES
OF
MERCHANTABILITY
*
AND
FITNESS
.
IN
NO
EVENT
SHALL
ISC
BE
LIABLE
FOR
ANY
SPECIAL
,
DIRECT
,
*
INDIRECT
,
OR
CONSEQUENTIAL
DAMAGES
OR
ANY
DAMAGES
WHATSOEVER
RESULTING
FROM
*
LOSS
OF
USE
,
DATA
OR
PROFITS
,
WHETHER
IN
AN
ACTION
OF
CONTRACT
,
NEGLIGENCE
*
OR
OTHER
TORTIOUS
ACTION
,
ARISING
OUT
OF
OR
IN
CONNECTION
WITH
THE
USE
OR
*
PERFORMANCE
OF
THIS
SOFTWARE
.
*/
controls
{ /*
empty
*/ };
options
{
query
-
source
address
10
.
53
.
0
.
4
;
notify
-
source
10
.
53
.
0
.
4
;
transfer
-
source
10
.
53
.
0
.
4
;
port
5300
;
directory
"."
;
pid
-
file
"named.pid"
;
listen
-
on
{
10
.
53
.
0
.
4
; };
listen
-
on
-
v6
{
none
; };
recursion
yes
;
notify
yes
;
forwarders
{
10
.
53
.
0
.
2
; };
forward
only
;
};
server
10
.
53
.
0
.
2
{
tcp
-
only
yes
; };
key
rndc_key
{
secret
"1234abcd8765"
;
algorithm
hmac
-
sha256
;
};
controls
{
inet
10
.
53
.
0
.
4
port
9953
allow
{
any
; }
keys
{
rndc_key
; };
};
zone
"."
{
type
hint
;
file
"../../common/root.hint"
;
};
bin/tests/system/tcp/tests.sh
0 → 100644
View file @
5c5c6d28
#!/bin/sh
#
# Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
SYSTEMTESTTOP
=
..
.
$SYSTEMTESTTOP
/conf.sh
RNDCCMD
=
"
$RNDC
-p 9953 -c ../common/rndc.conf"
status
=
0
echo
"I:initialize counters"
$RNDCCMD
-s
10.53.0.1 stats
>
/dev/null 2>&1
$RNDCCMD
-s
10.53.0.2 stats
>
/dev/null 2>&1
ntcp10
=
`
grep
"TCP requests received"
ns1/named.stats |
tail
-1
|
awk
'{print $1}'
`
ntcp20
=
`
grep
"TCP requests received"
ns2/named.stats |
tail
-1
|
awk
'{print $1}'
`
#echo ntcp10 ':' "$ntcp10"
#echo ntcp20 ':' "$ntcp20"
echo
"I:check TCP transport"
ret
=
0
$DIG
-p
5300 @10.53.0.3 txt.example.
>
dig.out.3
$RNDCCMD
-s
10.53.0.1 stats
>
/dev/null 2>&1
$RNDCCMD
-s
10.53.0.2 stats
>
/dev/null 2>&1
ntcp11
=
`
grep
"TCP requests received"
ns1/named.stats |
tail
-1
|
awk
'{print $1}'
`
ntcp21
=
`
grep
"TCP requests received"
ns2/named.stats |
tail
-1
|
awk
'{print $1}'
`
#echo ntcp11 ':' "$ntcp11"
#echo ntcp21 ':' "$ntcp21"
if
[
"
$ntcp10
"
-ge
"
$ntcp11
"
]
;
then
ret
=
1
;
fi
if
[
"
$ntcp20
"
-ne
"
$ntcp21
"
]
;
then
ret
=
1
;
fi
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
echo
"I:check TCP forwarder"
ret
=
0
$DIG
-p
5300 @10.53.0.4 txt.example.
>
dig.out.4
$RNDCCMD
-s
10.53.0.1 stats
>
/dev/null 2>&1
$RNDCCMD
-s
10.53.0.2 stats
>
/dev/null 2>&1
ntcp12
=
`
grep
"TCP requests received"
ns1/named.stats |
tail
-1
|
awk
'{print $1}'
`
ntcp22
=
`
grep
"TCP requests received"
ns2/named.stats |
tail
-1
|
awk
'{print $1}'
`
#echo ntcp12 ':' "$ntcp12"
#echo ntcp22 ':' "$ntcp22"
if
[
"
$ntcp11
"
-ne
"
$ntcp12
"
]
;
then
ret
=
1
;
fi
if
[
"
$ntcp21
"
-ge
"
$ntcp22
"
]
;
then
ret
=
1
;
fi
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
echo
"I:exit status:
$status
"
exit
$status
doc/arm/Bv9ARM-book.xml
View file @
5c5c6d28
...
...
@@ -10438,6 +10438,7 @@ example.com CNAME rpz-tcp-only.
<optional> edns-version <replaceable>number</replaceable> ; </optional>
<optional> nosit-udp-size <replaceable>number</replaceable> ; </optional>
<optional> max-udp-size <replaceable>number</replaceable> ; </optional>
<optional> tcp-only <replaceable>yes_or_no</replaceable> ; </optional>
<optional> transfers <replaceable>number</replaceable> ; </optional>
<optional> transfer-format <replaceable>( one-answer | many-answers )</replaceable> ; ]</optional>
<optional> keys <replaceable>{ string ; <optional> string ; <optional>...</optional></optional> }</replaceable> ; </optional>
...
...
@@ -10600,6 +10601,13 @@ example.com CNAME rpz-tcp-only.
the response size.
</para>
<para>
The <command>tcp-only</command> option sets the transport
protocol to TCP. The default is to use the UDP transport
and to fallback on TCP only when a truncated response
is received.
</para>
<para>
The server supports two zone transfer methods. The first, <command>one-answer</command>,
uses one DNS message per resource record transferred. <command>many-answers</command> packs
...
...
doc/misc/options
View file @
5c5c6d28
...
...
@@ -315,6 +315,7 @@ server <netprefix> {
edns-version <integer>;
keys <server_key>;
max-udp-size <integer>;
tcp-only <boolean>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
dscp <integer> ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
...
...
@@ -525,6 +526,7 @@ view <string> <optional_class> {
edns-version <integer>;
keys <server_key>;
max-udp-size <integer>;
tcp-only <boolean>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
) ] [ dscp <integer> ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
...
...
lib/dns/include/dns/peer.h
View file @
5c5c6d28
...
...
@@ -76,6 +76,7 @@ struct dns_peer {
isc_boolean_t
request_nsid
;
isc_boolean_t
request_sit
;
isc_boolean_t
request_expire
;
isc_boolean_t
force_tcp
;
dns_name_t
*
key
;
isc_sockaddr_t
*
transfer_source
;
isc_dscp_t
transfer_dscp
;
...
...
@@ -177,6 +178,12 @@ dns_peer_getrequestexpire(dns_peer_t *peer, isc_boolean_t *retval);
isc_result_t
dns_peer_setsupportedns
(
dns_peer_t
*
peer
,
isc_boolean_t
newval
);
isc_result_t
dns_peer_getforcetcp
(
dns_peer_t
*
peer
,
isc_boolean_t
*
retval
);
isc_result_t
dns_peer_setforcetcp
(
dns_peer_t
*
peer
,
isc_boolean_t
newval
);
isc_result_t
dns_peer_getsupportedns
(
dns_peer_t
*
peer
,
isc_boolean_t
*
retval
);
...
...
lib/dns/peer.c
View file @
5c5c6d28
...
...
@@ -49,6 +49,7 @@
#define QUERY_DSCP_BIT 12
#define REQUEST_EXPIRE_BIT 13
#define EDNS_VERSION_BIT 14
#define FORCE_TCP_BIT 15
static
void
peerlist_delete
(
dns_peerlist_t
**
list
);
...
...
@@ -505,6 +506,32 @@ dns_peer_getrequestexpire(dns_peer_t *peer, isc_boolean_t *retval) {
return
(
ISC_R_NOTFOUND
);
}
isc_result_t
dns_peer_setforcetcp
(
dns_peer_t
*
peer
,
isc_boolean_t
newval
)
{
isc_boolean_t
existed
;
REQUIRE
(
DNS_PEER_VALID
(
peer
));
existed
=
DNS_BIT_CHECK
(
FORCE_TCP_BIT
,
&
peer
->
bitflags
);
peer
->
force_tcp
=
newval
;
DNS_BIT_SET
(
FORCE_TCP_BIT
,
&
peer
->
bitflags
);
return
(
existed
?
ISC_R_EXISTS
:
ISC_R_SUCCESS
);
}
isc_result_t
dns_peer_getforcetcp
(
dns_peer_t
*
peer
,
isc_boolean_t
*
retval
)
{
REQUIRE
(
DNS_PEER_VALID
(
peer
));
REQUIRE
(
retval
!=
NULL
);
if
(
DNS_BIT_CHECK
(
FORCE_TCP_BIT
,
&
peer
->
bitflags
))
{
*
retval
=
peer
->
force_tcp
;
return
(
ISC_R_SUCCESS
);
}
else
return
(
ISC_R_NOTFOUND
);
}
isc_result_t
dns_peer_settransfers
(
dns_peer_t
*
peer
,
isc_uint32_t
newval
)
{
isc_boolean_t
existed
;
...
...
lib/dns/resolver.c
View file @
5c5c6d28
...
...
@@ -1494,6 +1494,7 @@ fctx_query(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo,
if
(
res
->
view
->
peers
!=
NULL
)
{
dns_peer_t
*
peer
=
NULL
;
isc_netaddr_t
dstip
;
isc_boolean_t
usetcp
=
ISC_FALSE
;
isc_netaddr_fromsockaddr
(
&
dstip
,
&
addrinfo
->
sockaddr
);
result
=
dns_peerlist_peerbyaddr
(
res
->
view
->
peers
,
&
dstip
,
&
peer
);
...
...
@@ -1504,6 +1505,9 @@ fctx_query(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo,
result
=
dns_peer_getquerydscp
(
peer
,
&
dscp
);
if
(
result
==
ISC_R_SUCCESS
)
query
->
dscp
=
dscp
;
result
=
dns_peer_getforcetcp
(
peer
,
&
usetcp
);
if
(
result
==
ISC_R_SUCCESS
&&
usetcp
)
query
->
options
|=
DNS_FETCHOPT_TCP
;
}
}
...
...
lib/dns/win32/libdns.def.in
View file @
5c5c6d28
...
...
@@ -507,6 +507,7 @@ dns_order_find
dns_peer_attach
dns_peer_detach
dns_peer_getbogus
dns_peer_getforcetcp
dns_peer_getkey
dns_peer_getmaxudp
dns_peer_getnotifydscp
...
...
@@ -523,6 +524,7 @@ dns_peer_gettransfersource
dns_peer_new
dns_peer_newprefix
dns_peer_setbogus
dns_peer_setforcetcp
dns_peer_setkey
dns_peer_setkeybycharp
dns_peer_setmaxudp
...
...
lib/dns/zone.c
View file @
5c5c6d28
...
...
@@ -10285,7 +10285,7 @@ notify_send_toaddr(isc_task_t *task, isc_event_t *event) {
dns_tsigkey_t
*
key
=
NULL
;
char
addrbuf
[
ISC_SOCKADDR_FORMATSIZE
];
isc_sockaddr_t
src
;
int
timeout
;
unsigned
int
options
,
timeout
;
isc_boolean_t
have_notifysource
=
ISC_FALSE
;
isc_boolean_t
have_notifydscp
=
ISC_FALSE
;
isc_dscp_t
dscp
=
-
1
;
...
...
@@ -10349,8 +10349,10 @@ notify_send_toaddr(isc_task_t *task, isc_event_t *event) {
/* XXX: should we log the tsig key too? */
notify_log
(
notify
->
zone
,
ISC_LOG_DEBUG
(
3
),
"sending notify to %s"
,
addrbuf
);
options
=
0
;
if
(
notify
->
zone
->
view
->
peers
!=
NULL
)
{
dns_peer_t
*
peer
=
NULL
;
isc_boolean_t
usetcp
=
ISC_FALSE
;
result
=
dns_peerlist_peerbyaddr
(
notify
->
zone
->
view
->
peers
,
&
dstip
,
&
peer
);
if
(
result
==
ISC_R_SUCCESS
)
{
...
...
@@ -10360,6 +10362,9 @@ notify_send_toaddr(isc_task_t *task, isc_event_t *event) {
dns_peer_getnotifydscp
(
peer
,
&
dscp
);
if
(
dscp
!=
-
1
)
have_notifydscp
=
ISC_TRUE
;
result
=
dns_peer_getforcetcp
(
peer
,
&
usetcp
);
if
(
result
==
ISC_R_SUCCESS
&&
usetcp
)
options
|=
DNS_FETCHOPT_TCP
;
}
}
switch
(
isc_sockaddr_pf
(
&
notify
->
dst
))
{
...
...
@@ -10384,8 +10389,8 @@ notify_send_toaddr(isc_task_t *task, isc_event_t *event) {
timeout
=
30
;
result
=
dns_request_createvia4
(
notify
->
zone
->
view
->
requestmgr
,
message
,
&
src
,
&
notify
->
dst
,
dscp
,
0
,
key
,
timeout
*
3
,
timeout
,
0
,
notify
->
zone
->
task
,
notify_done
,
options
,
key
,
timeout
*
3
,
timeout
,
0
,
notify
->
zone
->
task
,
notify_done
,
notify
,
&
notify
->
request
);
if
(
result
==
ISC_R_SUCCESS
)
{
if
(
isc_sockaddr_pf
(
&
notify
->
dst
)
==
AF_INET
)
{
...
...
@@ -11700,12 +11705,14 @@ soa_query(isc_task_t *task, isc_event_t *event) {
}
}
options
=
DNS_ZONE_FLAG
(
zone
,
DNS_ZONEFLG_USEVC
)
?
DNS_REQUESTOPT_TCP
:
0
;
have_xfrsource
=
have_xfrdscp
=
ISC_FALSE
;
reqnsid
=
zone
->
view
->
requestnsid
;
reqexpire
=
zone
->
requestexpire
;
if
(
zone
->
view
->
peers
!=
NULL
)
{
dns_peer_t
*
peer
=
NULL
;
isc_boolean_t
edns
;
isc_boolean_t
edns
,
usetcp
;
result
=
dns_peerlist_peerbyaddr
(
zone
->
view
->
peers
,
&
masterip
,
&
peer
);
if
(
result
==
ISC_R_SUCCESS
)
{
...
...
@@ -11725,6 +11732,9 @@ soa_query(isc_task_t *task, isc_event_t *event) {
(
void
)
dns_peer_getudpsize
(
peer
,
&
udpsize
);
(
void
)
dns_peer_getrequestnsid
(
peer
,
&
reqnsid
);
(
void
)
dns_peer_getrequestexpire
(
peer
,
&
reqexpire
);
result
=
dns_peer_getforcetcp
(
peer
,
&
usetcp
);
if
(
result
==
ISC_R_SUCCESS
&&
usetcp
)
options
|=
DNS_REQUESTOPT_TCP
;
}
}
...
...
@@ -11762,9 +11772,6 @@ soa_query(isc_task_t *task, isc_event_t *event) {
goto
cleanup
;
}
options
=
DNS_ZONE_FLAG
(
zone
,
DNS_ZONEFLG_USEVC
)
?
DNS_REQUESTOPT_TCP
:
0
;
if
(
!
DNS_ZONE_FLAG
(
zone
,
DNS_ZONEFLG_NOEDNS
))
{
result
=
add_opt
(
message
,
udpsize
,
reqnsid
,
reqexpire
);
if
(
result
!=
ISC_R_SUCCESS
)
...
...
lib/isccfg/namedconf.c
View file @
5c5c6d28
...
...
@@ -1830,6 +1830,7 @@ server_clauses[] = {
{
"edns-version"
,
&
cfg_type_uint32
,
0
},
{
"keys"
,
&
cfg_type_server_key_kludge
,
0
},
{
"max-udp-size"
,
&
cfg_type_uint32
,
0
},
{
"tcp-only"
,
&
cfg_type_boolean
,
0
},
{
"notify-source"
,
&
cfg_type_sockaddr4wild
,
0
},
{
"notify-source-v6"
,
&
cfg_type_sockaddr6wild
,
0
},
{
"provide-ixfr"
,
&
cfg_type_boolean
,
0
},
...
...
Prev
1
2
Next
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment