Commit 5d9922e8 authored by Vernon Schryver's avatar Vernon Schryver
Browse files

Allow the optional filter-aaaa-on-v4 option in view statements to close #20635

parent 9df45151
2792. [func] Optional filter-aaaa-on-v4 option, if built with
'./configure --enable-filter-aaaa', can now be
a view option. [RT #20635]
2791. [bug] The installation of isc-config.sh was broken. 2791. [bug] The installation of isc-config.sh was broken.
[RT #20667] [RT #20667]
......
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: server.h,v 1.103 2009/10/26 23:14:53 each Exp $ */ /* $Id: server.h,v 1.104 2009/11/28 15:57:37 vjs Exp $ */
#ifndef NAMED_SERVER_H #ifndef NAMED_SERVER_H
#define NAMED_SERVER_H 1 #define NAMED_SERVER_H 1
...@@ -115,9 +115,6 @@ struct ns_server { ...@@ -115,9 +115,6 @@ struct ns_server {
dns_name_t *session_keyname; dns_name_t *session_keyname;
unsigned int session_keyalg; unsigned int session_keyalg;
isc_uint16_t session_keybits; isc_uint16_t session_keybits;
#ifdef ALLOW_FILTER_AAAA_ON_V4
dns_v4_aaaa_t v4_aaaa;
#endif
}; };
#define NS_SERVER_MAGIC ISC_MAGIC('S','V','E','R') #define NS_SERVER_MAGIC ISC_MAGIC('S','V','E','R')
......
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: query.c,v 1.334 2009/11/25 02:22:05 marka Exp $ */ /* $Id: query.c,v 1.335 2009/11/28 15:57:36 vjs Exp $ */
/*! \file */ /*! \file */
...@@ -4729,7 +4729,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) ...@@ -4729,7 +4729,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
* Notice the presence of A and AAAAs so * Notice the presence of A and AAAAs so
* that AAAAs can be hidden from IPv4 clients. * that AAAAs can be hidden from IPv4 clients.
*/ */
if (ns_g_server->v4_aaaa != dns_v4_aaaa_ok && if (client->view->v4_aaaa != dns_v4_aaaa_ok &&
client->peeraddr_valid && client->peeraddr_valid &&
client->peeraddr.type.sa.sa_family == AF_INET) { client->peeraddr.type.sa.sa_family == AF_INET) {
if (rdataset->type == dns_rdatatype_aaaa) if (rdataset->type == dns_rdatatype_aaaa)
...@@ -4790,7 +4790,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) ...@@ -4790,7 +4790,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
*/ */
if (have_aaaa && have_a && if (have_aaaa && have_a &&
(!have_sig || !WANTDNSSEC(client) || (!have_sig || !WANTDNSSEC(client) ||
ns_g_server->v4_aaaa == dns_v4_aaaa_break_dnssec)) client->view->v4_aaaa == dns_v4_aaaa_break_dnssec))
client->attributes |= NS_CLIENTATTR_FILTER_AAAA; client->attributes |= NS_CLIENTATTR_FILTER_AAAA;
#endif #endif
if (fname != NULL) if (fname != NULL)
...@@ -4863,13 +4863,13 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) ...@@ -4863,13 +4863,13 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
* so fundamentally wrong, unavoidably inaccurate, and * so fundamentally wrong, unavoidably inaccurate, and
* unneeded that it is best to keep it as short as possible. * unneeded that it is best to keep it as short as possible.
*/ */
if (ns_g_server->v4_aaaa != dns_v4_aaaa_ok && if (client->view->v4_aaaa != dns_v4_aaaa_ok &&
client->peeraddr_valid && client->peeraddr_valid &&
client->peeraddr.type.sa.sa_family == AF_INET && client->peeraddr.type.sa.sa_family == AF_INET &&
(!WANTDNSSEC(client) || (!WANTDNSSEC(client) ||
sigrdataset == NULL || sigrdataset == NULL ||
!dns_rdataset_isassociated(sigrdataset) || !dns_rdataset_isassociated(sigrdataset) ||
ns_g_server->v4_aaaa == dns_v4_aaaa_break_dnssec)) { client->view->v4_aaaa == dns_v4_aaaa_break_dnssec)) {
if (qtype == dns_rdatatype_aaaa) { if (qtype == dns_rdatatype_aaaa) {
trdataset = query_newrdataset(client); trdataset = query_newrdataset(client);
result = dns_db_findrdataset(db, node, version, result = dns_db_findrdataset(db, node, version,
......
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: server.c,v 1.555 2009/11/19 18:52:40 each Exp $ */ /* $Id: server.c,v 1.556 2009/11/28 15:57:36 vjs Exp $ */
/*! \file */ /*! \file */
...@@ -2092,6 +2092,24 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, ...@@ -2092,6 +2092,24 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,
cfg_obj_asuint32(obj), cfg_obj_asuint32(obj),
max_clients_per_query); max_clients_per_query);
#ifdef ALLOW_FILTER_AAAA_ON_V4
obj = NULL;
result = ns_config_get(maps, "filter-aaaa-on-v4", &obj);
INSIST(result == ISC_R_SUCCESS);
if (cfg_obj_isboolean(obj)) {
if (cfg_obj_asboolean(obj))
view->v4_aaaa = dns_v4_aaaa_filter;
else
view->v4_aaaa = dns_v4_aaaa_ok;
} else {
const char *v4_aaaastr = cfg_obj_asstring(obj);
if (strcasecmp(v4_aaaastr, "break-dnssec") == 0)
view->v4_aaaa = dns_v4_aaaa_break_dnssec;
else
INSIST(0);
}
#endif
obj = NULL; obj = NULL;
result = ns_config_get(maps, "dnssec-enable", &obj); result = ns_config_get(maps, "dnssec-enable", &obj);
INSIST(result == ISC_R_SUCCESS); INSIST(result == ISC_R_SUCCESS);
...@@ -4361,25 +4379,6 @@ load_configuration(const char *filename, ns_server_t *server, ...@@ -4361,25 +4379,6 @@ load_configuration(const char *filename, ns_server_t *server,
server->flushonshutdown = ISC_FALSE; server->flushonshutdown = ISC_FALSE;
} }
#ifdef ALLOW_FILTER_AAAA_ON_V4
obj = NULL;
result = ns_config_get(maps, "filter-aaaa-on-v4", &obj);
INSIST(result == ISC_R_SUCCESS);
if (cfg_obj_isboolean(obj)) {
if (cfg_obj_asboolean(obj))
server->v4_aaaa = dns_v4_aaaa_filter;
else
server->v4_aaaa = dns_v4_aaaa_ok;
} else {
const char *v4_aaaastr = cfg_obj_asstring(obj);
if (strcasecmp(v4_aaaastr, "break-dnssec") == 0)
server->v4_aaaa
= dns_v4_aaaa_break_dnssec;
else
INSIST(0);
}
#endif
result = ISC_R_SUCCESS; result = ISC_R_SUCCESS;
cleanup: cleanup:
......
...@@ -18,7 +18,7 @@ ...@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE. - PERFORMANCE OF THIS SOFTWARE.
--> -->
<!-- File: $Id: Bv9ARM-book.xml,v 1.446 2009/11/26 00:20:28 each Exp $ --> <!-- File: $Id: Bv9ARM-book.xml,v 1.447 2009/11/28 15:57:37 vjs Exp $ -->
<book xmlns:xi="http://www.w3.org/2001/XInclude"> <book xmlns:xi="http://www.w3.org/2001/XInclude">
<title>BIND 9 Administrator Reference Manual</title> <title>BIND 9 Administrator Reference Manual</title>
...@@ -6251,6 +6251,10 @@ options { ...@@ -6251,6 +6251,10 @@ options {
to DNS clients unless they have connections to the IPv6 to DNS clients unless they have connections to the IPv6
Internet. This is not recommended unless absolutely Internet. This is not recommended unless absolutely
necessary. The default is <userinput>no</userinput>. necessary. The default is <userinput>no</userinput>.
The <command>filter-aaaa-on-v4</command> option
may also be specified in <command>view</command> statements
to override the global <command>filter-aaaa-on-v4</command>
option.
</para> </para>
<para> <para>
If <userinput>yes</userinput>, If <userinput>yes</userinput>,
......
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: view.h,v 1.119 2009/10/27 22:46:13 each Exp $ */ /* $Id: view.h,v 1.120 2009/11/28 15:57:37 vjs Exp $ */
#ifndef DNS_VIEW_H #ifndef DNS_VIEW_H
#define DNS_VIEW_H 1 #define DNS_VIEW_H 1
...@@ -153,6 +153,9 @@ struct dns_view { ...@@ -153,6 +153,9 @@ struct dns_view {
dns_name_t * dlv; dns_name_t * dlv;
dns_fixedname_t dlv_fixed; dns_fixedname_t dlv_fixed;
isc_uint16_t maxudp; isc_uint16_t maxudp;
#ifdef ALLOW_FILTER_AAAA_ON_V4
dns_v4_aaaa_t v4_aaaa;
#endif
/* /*
* Configurable data for server use only, * Configurable data for server use only,
......
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: view.c,v 1.158 2009/11/12 23:30:36 marka Exp $ */ /* $Id: view.c,v 1.159 2009/11/28 15:57:37 vjs Exp $ */
/*! \file */ /*! \file */
...@@ -177,6 +177,9 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass, ...@@ -177,6 +177,9 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass,
view->flush = ISC_FALSE; view->flush = ISC_FALSE;
view->dlv = NULL; view->dlv = NULL;
view->maxudp = 0; view->maxudp = 0;
#ifdef ALLOW_FILTER_AAAA_ON_V4
view->v4_aaaa = dns_v4_aaaa_ok;
#endif
dns_fixedname_init(&view->dlv_fixed); dns_fixedname_init(&view->dlv_fixed);
#ifdef BIND9 #ifdef BIND9
......
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: namedconf.c,v 1.110 2009/10/26 23:14:54 each Exp $ */ /* $Id: namedconf.c,v 1.111 2009/11/28 15:57:37 vjs Exp $ */
/*! \file */ /*! \file */
...@@ -877,9 +877,6 @@ options_clauses[] = { ...@@ -877,9 +877,6 @@ options_clauses[] = {
{ "use-ixfr", &cfg_type_boolean, 0 }, { "use-ixfr", &cfg_type_boolean, 0 },
{ "version", &cfg_type_qstringornone, 0 }, { "version", &cfg_type_qstringornone, 0 },
{ "flush-zones-on-shutdown", &cfg_type_boolean, 0 }, { "flush-zones-on-shutdown", &cfg_type_boolean, 0 },
#ifdef ALLOW_FILTER_AAAA_ON_V4
{ "filter-aaaa-on-v4", &cfg_type_v4_aaaa, 0 },
#endif
{ NULL, NULL, 0 } { NULL, NULL, 0 }
}; };
...@@ -1049,6 +1046,9 @@ view_clauses[] = { ...@@ -1049,6 +1046,9 @@ view_clauses[] = {
{ "transfer-format", &cfg_type_transferformat, 0 }, { "transfer-format", &cfg_type_transferformat, 0 },
{ "use-queryport-pool", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, { "use-queryport-pool", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
{ "zero-no-soa-ttl-cache", &cfg_type_boolean, 0 }, { "zero-no-soa-ttl-cache", &cfg_type_boolean, 0 },
#ifdef ALLOW_FILTER_AAAA_ON_V4
{ "filter-aaaa-on-v4", &cfg_type_v4_aaaa, 0 },
#endif
{ NULL, NULL, 0 } { NULL, NULL, 0 }
}; };
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment