Commit 5d9922e8 authored by Vernon Schryver's avatar Vernon Schryver

Allow the optional filter-aaaa-on-v4 option in view statements to close #20635

parent 9df45151
2792. [func] Optional filter-aaaa-on-v4 option, if built with
'./configure --enable-filter-aaaa', can now be
a view option. [RT #20635]
2791. [bug] The installation of isc-config.sh was broken.
[RT #20667]
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: server.h,v 1.103 2009/10/26 23:14:53 each Exp $ */
/* $Id: server.h,v 1.104 2009/11/28 15:57:37 vjs Exp $ */
#ifndef NAMED_SERVER_H
#define NAMED_SERVER_H 1
......@@ -115,9 +115,6 @@ struct ns_server {
dns_name_t *session_keyname;
unsigned int session_keyalg;
isc_uint16_t session_keybits;
#ifdef ALLOW_FILTER_AAAA_ON_V4
dns_v4_aaaa_t v4_aaaa;
#endif
};
#define NS_SERVER_MAGIC ISC_MAGIC('S','V','E','R')
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: query.c,v 1.334 2009/11/25 02:22:05 marka Exp $ */
/* $Id: query.c,v 1.335 2009/11/28 15:57:36 vjs Exp $ */
/*! \file */
......@@ -4729,7 +4729,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
* Notice the presence of A and AAAAs so
* that AAAAs can be hidden from IPv4 clients.
*/
if (ns_g_server->v4_aaaa != dns_v4_aaaa_ok &&
if (client->view->v4_aaaa != dns_v4_aaaa_ok &&
client->peeraddr_valid &&
client->peeraddr.type.sa.sa_family == AF_INET) {
if (rdataset->type == dns_rdatatype_aaaa)
......@@ -4790,7 +4790,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
*/
if (have_aaaa && have_a &&
(!have_sig || !WANTDNSSEC(client) ||
ns_g_server->v4_aaaa == dns_v4_aaaa_break_dnssec))
client->view->v4_aaaa == dns_v4_aaaa_break_dnssec))
client->attributes |= NS_CLIENTATTR_FILTER_AAAA;
#endif
if (fname != NULL)
......@@ -4863,13 +4863,13 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
* so fundamentally wrong, unavoidably inaccurate, and
* unneeded that it is best to keep it as short as possible.
*/
if (ns_g_server->v4_aaaa != dns_v4_aaaa_ok &&
if (client->view->v4_aaaa != dns_v4_aaaa_ok &&
client->peeraddr_valid &&
client->peeraddr.type.sa.sa_family == AF_INET &&
(!WANTDNSSEC(client) ||
sigrdataset == NULL ||
!dns_rdataset_isassociated(sigrdataset) ||
ns_g_server->v4_aaaa == dns_v4_aaaa_break_dnssec)) {
client->view->v4_aaaa == dns_v4_aaaa_break_dnssec)) {
if (qtype == dns_rdatatype_aaaa) {
trdataset = query_newrdataset(client);
result = dns_db_findrdataset(db, node, version,
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: server.c,v 1.555 2009/11/19 18:52:40 each Exp $ */
/* $Id: server.c,v 1.556 2009/11/28 15:57:36 vjs Exp $ */
/*! \file */
......@@ -2092,6 +2092,24 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,
cfg_obj_asuint32(obj),
max_clients_per_query);
#ifdef ALLOW_FILTER_AAAA_ON_V4
obj = NULL;
result = ns_config_get(maps, "filter-aaaa-on-v4", &obj);
INSIST(result == ISC_R_SUCCESS);
if (cfg_obj_isboolean(obj)) {
if (cfg_obj_asboolean(obj))
view->v4_aaaa = dns_v4_aaaa_filter;
else
view->v4_aaaa = dns_v4_aaaa_ok;
} else {
const char *v4_aaaastr = cfg_obj_asstring(obj);
if (strcasecmp(v4_aaaastr, "break-dnssec") == 0)
view->v4_aaaa = dns_v4_aaaa_break_dnssec;
else
INSIST(0);
}
#endif
obj = NULL;
result = ns_config_get(maps, "dnssec-enable", &obj);
INSIST(result == ISC_R_SUCCESS);
......@@ -4361,25 +4379,6 @@ load_configuration(const char *filename, ns_server_t *server,
server->flushonshutdown = ISC_FALSE;
}
#ifdef ALLOW_FILTER_AAAA_ON_V4
obj = NULL;
result = ns_config_get(maps, "filter-aaaa-on-v4", &obj);
INSIST(result == ISC_R_SUCCESS);
if (cfg_obj_isboolean(obj)) {
if (cfg_obj_asboolean(obj))
server->v4_aaaa = dns_v4_aaaa_filter;
else
server->v4_aaaa = dns_v4_aaaa_ok;
} else {
const char *v4_aaaastr = cfg_obj_asstring(obj);
if (strcasecmp(v4_aaaastr, "break-dnssec") == 0)
server->v4_aaaa
= dns_v4_aaaa_break_dnssec;
else
INSIST(0);
}
#endif
result = ISC_R_SUCCESS;
cleanup:
......
......@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- File: $Id: Bv9ARM-book.xml,v 1.446 2009/11/26 00:20:28 each Exp $ -->
<!-- File: $Id: Bv9ARM-book.xml,v 1.447 2009/11/28 15:57:37 vjs Exp $ -->
<book xmlns:xi="http://www.w3.org/2001/XInclude">
<title>BIND 9 Administrator Reference Manual</title>
......@@ -6251,6 +6251,10 @@ options {
to DNS clients unless they have connections to the IPv6
Internet. This is not recommended unless absolutely
necessary. The default is <userinput>no</userinput>.
The <command>filter-aaaa-on-v4</command> option
may also be specified in <command>view</command> statements
to override the global <command>filter-aaaa-on-v4</command>
option.
</para>
<para>
If <userinput>yes</userinput>,
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: view.h,v 1.119 2009/10/27 22:46:13 each Exp $ */
/* $Id: view.h,v 1.120 2009/11/28 15:57:37 vjs Exp $ */
#ifndef DNS_VIEW_H
#define DNS_VIEW_H 1
......@@ -153,6 +153,9 @@ struct dns_view {
dns_name_t * dlv;
dns_fixedname_t dlv_fixed;
isc_uint16_t maxudp;
#ifdef ALLOW_FILTER_AAAA_ON_V4
dns_v4_aaaa_t v4_aaaa;
#endif
/*
* Configurable data for server use only,
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: view.c,v 1.158 2009/11/12 23:30:36 marka Exp $ */
/* $Id: view.c,v 1.159 2009/11/28 15:57:37 vjs Exp $ */
/*! \file */
......@@ -177,6 +177,9 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass,
view->flush = ISC_FALSE;
view->dlv = NULL;
view->maxudp = 0;
#ifdef ALLOW_FILTER_AAAA_ON_V4
view->v4_aaaa = dns_v4_aaaa_ok;
#endif
dns_fixedname_init(&view->dlv_fixed);
#ifdef BIND9
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: namedconf.c,v 1.110 2009/10/26 23:14:54 each Exp $ */
/* $Id: namedconf.c,v 1.111 2009/11/28 15:57:37 vjs Exp $ */
/*! \file */
......@@ -877,9 +877,6 @@ options_clauses[] = {
{ "use-ixfr", &cfg_type_boolean, 0 },
{ "version", &cfg_type_qstringornone, 0 },
{ "flush-zones-on-shutdown", &cfg_type_boolean, 0 },
#ifdef ALLOW_FILTER_AAAA_ON_V4
{ "filter-aaaa-on-v4", &cfg_type_v4_aaaa, 0 },
#endif
{ NULL, NULL, 0 }
};
......@@ -1049,6 +1046,9 @@ view_clauses[] = {
{ "transfer-format", &cfg_type_transferformat, 0 },
{ "use-queryport-pool", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
{ "zero-no-soa-ttl-cache", &cfg_type_boolean, 0 },
#ifdef ALLOW_FILTER_AAAA_ON_V4
{ "filter-aaaa-on-v4", &cfg_type_v4_aaaa, 0 },
#endif
{ NULL, NULL, 0 }
};
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment