Commit 5c5c6d28 authored by Francis Dupont's avatar Francis Dupont
Browse files

Add a TCP only option to server/peer

parent fc63119c
4012. [bug] Check returned status of OpenSSL digest and HMAC
4013. [func] Add a new tcp-only option to server (config) /
peer (struct) to use TCP transport to send
queries (in place of UDP transport with a
TCP fallback on truncated (TC set) response).
[RT #37800]
4012. [cleanup] Check returned status of OpenSSL digest and HMAC
functions when they return one. Note this applies
only to FIPS capable OpenSSL libraries put in
FIPS mode and MD5. [RT #37944]
......@@ -6,8 +12,8 @@
4011. [bug] master's list port and dscp inheritance was not
properly implemented. [RT #37792]
4010. [cleanup] Clear the prefetchable state when initiating a prefetch.
[RT #37399]
4010. [cleanup] Clear the prefetchable state when initiating a
prefetch. [RT #37399]
4009. [func] delv: added a +tcp option. [RT #37855]
......
......@@ -112,6 +112,7 @@ server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable>
edns <replaceable>boolean</replaceable>;
edns-udp-size <replaceable>integer</replaceable>;
max-udp-size <replaceable>integer</replaceable>;
tcp-only <replaceable>boolean</replaceable>;
provide-ixfr <replaceable>boolean</replaceable>;
request-ixfr <replaceable>boolean</replaceable>;
keys <replaceable>server_key</replaceable>;
......
......@@ -1251,6 +1251,11 @@ configure_peer(const cfg_obj_t *cpeer, isc_mem_t *mctx, dns_peer_t **peerp) {
CHECK(dns_peer_setmaxudp(peer, (isc_uint16_t)udpsize));
}
obj = NULL;
(void)cfg_map_get(cpeer, "tcp-only", &obj);
if (obj != NULL)
CHECK(dns_peer_setforcetcp(peer, cfg_obj_asboolean(obj)));
obj = NULL;
(void)cfg_map_get(cpeer, "transfers", &obj);
if (obj != NULL)
......
......@@ -73,7 +73,7 @@ SUBDIRS="acl additional allow_query addzone autosign builtin
notify nslookup nsupdate pending @PKCS11_TEST@ reclimit redirect
resolver rndc rpz rrl rrchecker rrsetorder rsabigexponent
sit sfcache smartsign sortlist spf staticstub statistics
stub tkey tsig tsiggss unknown upforwd verify views wildcard
stub tcp tkey tsig tsiggss unknown upforwd verify views wildcard
xfer xferquota zero zonechecks"
# Use the CONFIG_SHELL detected by configure for tests
......
#!/bin/sh
#
# Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
rm -f */named.memstats
rm -f */named.run
rm -f */named.stats
rm -f dig.out*
/*
* Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
controls { /* empty */ };
options {
query-source address 10.53.0.1;
notify-source 10.53.0.1;
transfer-source 10.53.0.1;
port 5300;
pid-file "named.pid";
listen-on { 10.53.0.1; };
listen-on-v6 { none; };
recursion no;
notify yes;
statistics-file "named.stats";
};
key rndc_key {
secret "1234abcd8765";
algorithm hmac-sha256;
};
controls {
inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; };
};
zone "." {
type master;
file "root.db";
};
; Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
$TTL 300
. IN SOA gson.nominum.com. a.root.servers.nil. (
2000042100 ; serial
600 ; refresh
600 ; retry
1200 ; expire
600 ; minimum
)
. NS a.root-servers.nil.
a.root-servers.nil. A 10.53.0.1
example. NS ns2.example.
ns2.example. A 10.53.0.2
; Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
$ORIGIN .
$TTL 300 ; 5 minutes
example IN SOA mname1. . (
1 ; serial
20 ; refresh (20 seconds)
20 ; retry (20 seconds)
1814400 ; expire (3 weeks)
3600 ; minimum (1 hour)
)
example. NS ns2.example.
ns2.example. A 10.53.0.2
$ORIGIN example.
a A 10.0.0.1
MX 10 mail.example.
mail A 10.0.0.2
/*
* Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
controls { /* empty */ };
options {
query-source address 10.53.0.2;
notify-source 10.53.0.2;
transfer-source 10.53.0.2;
port 5300;
pid-file "named.pid";
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
recursion yes;
notify yes;
statistics-file "named.stats";
};
include "../../common/controls.conf";
zone "." {
type hint;
file "../../common/root.hint";
};
zone "example" {
type master;
file "example.db";
allow-update { any; };
};
/*
* Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
controls { /* empty */ };
options {
query-source address 10.53.0.3;
notify-source 10.53.0.3;
transfer-source 10.53.0.3;
port 5300;
directory ".";
pid-file "named.pid";
listen-on { 10.53.0.3; };
listen-on-v6 { none; };
recursion yes;
notify yes;
};
server 10.53.0.1 { tcp-only yes; };
key rndc_key {
secret "1234abcd8765";
algorithm hmac-sha256;
};
controls {
inet 10.53.0.3 port 9953 allow { any; } keys { rndc_key; };
};
zone "." {
type hint;
file "../../common/root.hint";
};
/*
* Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
controls { /* empty */ };
options {
query-source address 10.53.0.4;
notify-source 10.53.0.4;
transfer-source 10.53.0.4;
port 5300;
directory ".";
pid-file "named.pid";
listen-on { 10.53.0.4; };
listen-on-v6 { none; };
recursion yes;
notify yes;
forwarders { 10.53.0.2; };
forward only;
};
server 10.53.0.2 { tcp-only yes; };
key rndc_key {
secret "1234abcd8765";
algorithm hmac-sha256;
};
controls {
inet 10.53.0.4 port 9953 allow { any; } keys { rndc_key; };
};
zone "." {
type hint;
file "../../common/root.hint";
};
#!/bin/sh
#
# Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
RNDCCMD="$RNDC -p 9953 -c ../common/rndc.conf"
status=0
echo "I:initialize counters"
$RNDCCMD -s 10.53.0.1 stats > /dev/null 2>&1
$RNDCCMD -s 10.53.0.2 stats > /dev/null 2>&1
ntcp10=`grep "TCP requests received" ns1/named.stats | tail -1 | awk '{print $1}'`
ntcp20=`grep "TCP requests received" ns2/named.stats | tail -1 | awk '{print $1}'`
#echo ntcp10 ':' "$ntcp10"
#echo ntcp20 ':' "$ntcp20"
echo "I:check TCP transport"
ret=0
$DIG -p 5300 @10.53.0.3 txt.example. > dig.out.3
$RNDCCMD -s 10.53.0.1 stats > /dev/null 2>&1
$RNDCCMD -s 10.53.0.2 stats > /dev/null 2>&1
ntcp11=`grep "TCP requests received" ns1/named.stats | tail -1 | awk '{print $1}'`
ntcp21=`grep "TCP requests received" ns2/named.stats | tail -1 | awk '{print $1}'`
#echo ntcp11 ':' "$ntcp11"
#echo ntcp21 ':' "$ntcp21"
if [ "$ntcp10" -ge "$ntcp11" ]; then ret=1; fi
if [ "$ntcp20" -ne "$ntcp21" ]; then ret=1; fi
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:check TCP forwarder"
ret=0
$DIG -p 5300 @10.53.0.4 txt.example. > dig.out.4
$RNDCCMD -s 10.53.0.1 stats > /dev/null 2>&1
$RNDCCMD -s 10.53.0.2 stats > /dev/null 2>&1
ntcp12=`grep "TCP requests received" ns1/named.stats | tail -1 | awk '{print $1}'`
ntcp22=`grep "TCP requests received" ns2/named.stats | tail -1 | awk '{print $1}'`
#echo ntcp12 ':' "$ntcp12"
#echo ntcp22 ':' "$ntcp22"
if [ "$ntcp11" -ne "$ntcp12" ]; then ret=1; fi
if [ "$ntcp21" -ge "$ntcp22" ];then ret=1; fi
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:exit status: $status"
exit $status
......@@ -10438,6 +10438,7 @@ example.com CNAME rpz-tcp-only.
<optional> edns-version <replaceable>number</replaceable> ; </optional>
<optional> nosit-udp-size <replaceable>number</replaceable> ; </optional>
<optional> max-udp-size <replaceable>number</replaceable> ; </optional>
<optional> tcp-only <replaceable>yes_or_no</replaceable> ; </optional>
<optional> transfers <replaceable>number</replaceable> ; </optional>
<optional> transfer-format <replaceable>( one-answer | many-answers )</replaceable> ; ]</optional>
<optional> keys <replaceable>{ string ; <optional> string ; <optional>...</optional></optional> }</replaceable> ; </optional>
......@@ -10600,6 +10601,13 @@ example.com CNAME rpz-tcp-only.
the response size.
</para>
<para>
The <command>tcp-only</command> option sets the transport
protocol to TCP. The default is to use the UDP transport
and to fallback on TCP only when a truncated response
is received.
</para>
<para>
The server supports two zone transfer methods. The first, <command>one-answer</command>,
uses one DNS message per resource record transferred. <command>many-answers</command> packs
......
......@@ -315,6 +315,7 @@ server <netprefix> {
edns-version <integer>;
keys <server_key>;
max-udp-size <integer>;
tcp-only <boolean>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
dscp <integer> ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
......@@ -525,6 +526,7 @@ view <string> <optional_class> {
edns-version <integer>;
keys <server_key>;
max-udp-size <integer>;
tcp-only <boolean>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
) ] [ dscp <integer> ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
......
......@@ -76,6 +76,7 @@ struct dns_peer {
isc_boolean_t request_nsid;
isc_boolean_t request_sit;
isc_boolean_t request_expire;
isc_boolean_t force_tcp;
dns_name_t *key;
isc_sockaddr_t *transfer_source;
isc_dscp_t transfer_dscp;
......@@ -177,6 +178,12 @@ dns_peer_getrequestexpire(dns_peer_t *peer, isc_boolean_t *retval);
isc_result_t
dns_peer_setsupportedns(dns_peer_t *peer, isc_boolean_t newval);
isc_result_t
dns_peer_getforcetcp(dns_peer_t *peer, isc_boolean_t *retval);
isc_result_t
dns_peer_setforcetcp(dns_peer_t *peer, isc_boolean_t newval);
isc_result_t
dns_peer_getsupportedns(dns_peer_t *peer, isc_boolean_t *retval);
......
......@@ -49,6 +49,7 @@
#define QUERY_DSCP_BIT 12
#define REQUEST_EXPIRE_BIT 13
#define EDNS_VERSION_BIT 14
#define FORCE_TCP_BIT 15
static void
peerlist_delete(dns_peerlist_t **list);
......@@ -505,6 +506,32 @@ dns_peer_getrequestexpire(dns_peer_t *peer, isc_boolean_t *retval) {
return (ISC_R_NOTFOUND);
}
isc_result_t
dns_peer_setforcetcp(dns_peer_t *peer, isc_boolean_t newval) {
isc_boolean_t existed;
REQUIRE(DNS_PEER_VALID(peer));
existed = DNS_BIT_CHECK(FORCE_TCP_BIT, &peer->bitflags);
peer->force_tcp = newval;
DNS_BIT_SET(FORCE_TCP_BIT, &peer->bitflags);
return (existed ? ISC_R_EXISTS : ISC_R_SUCCESS);
}
isc_result_t
dns_peer_getforcetcp(dns_peer_t *peer, isc_boolean_t *retval) {
REQUIRE(DNS_PEER_VALID(peer));
REQUIRE(retval != NULL);
if (DNS_BIT_CHECK(FORCE_TCP_BIT, &peer->bitflags)) {
*retval = peer->force_tcp;
return (ISC_R_SUCCESS);
} else
return (ISC_R_NOTFOUND);
}
isc_result_t
dns_peer_settransfers(dns_peer_t *peer, isc_uint32_t newval) {
isc_boolean_t existed;
......
......@@ -1494,6 +1494,7 @@ fctx_query(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo,
if (res->view->peers != NULL) {
dns_peer_t *peer = NULL;
isc_netaddr_t dstip;
isc_boolean_t usetcp = ISC_FALSE;
isc_netaddr_fromsockaddr(&dstip, &addrinfo->sockaddr);
result = dns_peerlist_peerbyaddr(res->view->peers,
&dstip, &peer);
......@@ -1504,6 +1505,9 @@ fctx_query(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo,
result = dns_peer_getquerydscp(peer, &dscp);
if (result == ISC_R_SUCCESS)
query->dscp = dscp;
result = dns_peer_getforcetcp(peer, &usetcp);
if (result == ISC_R_SUCCESS && usetcp)
query->options |= DNS_FETCHOPT_TCP;
}
}
......
......@@ -507,6 +507,7 @@ dns_order_find
dns_peer_attach
dns_peer_detach
dns_peer_getbogus
dns_peer_getforcetcp
dns_peer_getkey
dns_peer_getmaxudp
dns_peer_getnotifydscp
......@@ -523,6 +524,7 @@ dns_peer_gettransfersource
dns_peer_new
dns_peer_newprefix
dns_peer_setbogus
dns_peer_setforcetcp
dns_peer_setkey
dns_peer_setkeybycharp
dns_peer_setmaxudp
......
......@@ -10285,7 +10285,7 @@ notify_send_toaddr(isc_task_t *task, isc_event_t *event) {
dns_tsigkey_t *key = NULL;
char addrbuf[ISC_SOCKADDR_FORMATSIZE];
isc_sockaddr_t src;
int timeout;
unsigned int options, timeout;
isc_boolean_t have_notifysource = ISC_FALSE;
isc_boolean_t have_notifydscp = ISC_FALSE;
isc_dscp_t dscp = -1;
......@@ -10349,8 +10349,10 @@ notify_send_toaddr(isc_task_t *task, isc_event_t *event) {
/* XXX: should we log the tsig key too? */
notify_log(notify->zone, ISC_LOG_DEBUG(3), "sending notify to %s",
addrbuf);
options = 0;
if (notify->zone->view->peers != NULL) {
dns_peer_t *peer = NULL;
isc_boolean_t usetcp = ISC_FALSE;
result = dns_peerlist_peerbyaddr(notify->zone->view->peers,
&dstip, &peer);
if (result == ISC_R_SUCCESS) {
......@@ -10360,6 +10362,9 @@ notify_send_toaddr(isc_task_t *task, isc_event_t *event) {
dns_peer_getnotifydscp(peer, &dscp);
if (dscp != -1)
have_notifydscp = ISC_TRUE;
result = dns_peer_getforcetcp(peer, &usetcp);
if (result == ISC_R_SUCCESS && usetcp)
options |= DNS_FETCHOPT_TCP;
}
}
switch (isc_sockaddr_pf(&notify->dst)) {
......@@ -10384,8 +10389,8 @@ notify_send_toaddr(isc_task_t *task, isc_event_t *event) {
timeout = 30;
result = dns_request_createvia4(notify->zone->view->requestmgr,
message, &src, &notify->dst, dscp,
0, key, timeout * 3, timeout, 0,
notify->zone->task, notify_done,
options, key, timeout * 3, timeout,
0, notify->zone->task, notify_done,
notify, &notify->request);
if (result == ISC_R_SUCCESS) {
if (isc_sockaddr_pf(&notify->dst) == AF_INET) {
......@@ -11700,12 +11705,14 @@ soa_query(isc_task_t *task, isc_event_t *event) {
}
}
options = DNS_ZONE_FLAG(zone, DNS_ZONEFLG_USEVC) ?
DNS_REQUESTOPT_TCP : 0;
have_xfrsource = have_xfrdscp = ISC_FALSE;
reqnsid = zone->view->requestnsid;
reqexpire = zone->requestexpire;
if (zone->view->peers != NULL) {
dns_peer_t *peer = NULL;
isc_boolean_t edns;
isc_boolean_t edns, usetcp;
result = dns_peerlist_peerbyaddr(zone->view->peers,
&masterip, &peer);
if (result == ISC_R_SUCCESS) {
......@@ -11725,6 +11732,9 @@ soa_query(isc_task_t *task, isc_event_t *event) {
(void)dns_peer_getudpsize(peer, &udpsize);
(void)dns_peer_getrequestnsid(peer, &reqnsid);
(void)dns_peer_getrequestexpire(peer, &reqexpire);
result = dns_peer_getforcetcp(peer, &usetcp);
if (result == ISC_R_SUCCESS && usetcp)
options |= DNS_REQUESTOPT_TCP;
}
}
......@@ -11762,9 +11772,6 @@ soa_query(isc_task_t *task, isc_event_t *event) {
goto cleanup;
}
options = DNS_ZONE_FLAG(zone, DNS_ZONEFLG_USEVC) ?
DNS_REQUESTOPT_TCP : 0;
if (!DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NOEDNS)) {
result = add_opt(message, udpsize, reqnsid, reqexpire);
if (result != ISC_R_SUCCESS)
......
......@@ -1830,6 +1830,7 @@ server_clauses[] = {
{ "edns-version", &cfg_type_uint32, 0 },
{ "keys", &cfg_type_server_key_kludge, 0 },
{ "max-udp-size", &cfg_type_uint32, 0 },
{ "tcp-only", &cfg_type_boolean, 0 },
{ "notify-source", &cfg_type_sockaddr4wild, 0 },
{ "notify-source-v6", &cfg_type_sockaddr6wild, 0 },
{ "provide-ixfr", &cfg_type_boolean, 0 },
......
......@@ -1872,6 +1872,14 @@
./bin/tests/system/stub/ns3/example.db ZONE 2000,2001,2004,2007
./bin/tests/system/stub/ns3/named.conf CONF-C 2000,2001,2004,2007
./bin/tests/system/stub/tests.sh SH 2000,2001,2004,2007,2011,2012,2013
./bin/tests/system/tcp/clean.sh SH 2014
./bin/tests/system/tcp/ns1/named.conf CONF-C 2014
./bin/tests/system/tcp/ns1/root.db ZONE 2014
./bin/tests/system/tcp/ns2/example.db ZONE 2014
./bin/tests/system/tcp/ns2/named.conf CONF-C 2014
./bin/tests/system/tcp/ns3/named.conf CONF-C 2014
./bin/tests/system/tcp/ns4/named.conf CONF-C 2014
./bin/tests/system/tcp/tests.sh SH 2014
./bin/tests/system/testcrypto.sh SH 2014
./bin/tests/system/testsock.pl PERL 2000,2001,2004,2007,2010,2011,2012,2013
./bin/tests/system/testsock6.pl PERL 2010,2012,2014
......
Markdown is supported
0% or .