Commit 8d8f9f7f authored by Evan Hunt's avatar Evan Hunt

[master] suppress unnecessary db lookups in DLZ redirect zones

3876.	[bug]		Improve efficiency of DLZ redirect zones by
			suppressing unnecessary database lookups. [RT #35835]
parent 206e697f
3876. [bug] Improve efficiency of DLZ redirect zones by
suppressing unnecessary database lookups. [RT #35835]
3875. [cleanup] Clarify log message when unable to read private
key files. [RT #24702]
......
......@@ -6031,8 +6031,8 @@ redirect(ns_client_t *client, dns_name_t *name, dns_rdataset_t *rdataset,
* Lookup the requested data in the redirect zone.
*/
result = dns_db_findext(db, client->query.qname, dbversion->version,
qtype, 0, client->now, &node, found, &cm, &ci,
&trdataset, NULL);
qtype, DNS_DBFIND_NOZONECUT, client->now,
&node, found, &cm, &ci, &trdataset, NULL);
if (result != ISC_R_SUCCESS) {
if (dns_rdataset_isassociated(&trdataset))
dns_rdataset_disassociate(&trdataset);
......
......@@ -65,7 +65,7 @@ RANDFILE=$TOP/bin/tests/system/random.data
# v6synth
SUBDIRS="acl additional allow_query addzone autosign builtin
cacheclean case checkconf @CHECKDS@ checknames checkzone
@COVERAGE@ database dlv dlvauto dlz dlzexternal dlzredir
@COVERAGE@ database dlv dlvauto dlz dlzexternal
dname dns64 dnssec dsdigest dscp ecdsa emptyzones filter-aaaa
formerr forward geoip glue gost ixfr inline limits logfileconfig
lwresd masterfile masterformat metadata notify nsupdate pending
......
......@@ -405,6 +405,8 @@ dlz_lookup(const char *zone, const char *name, void *dbdata,
isc_sockaddr_t *src;
char full_name[256];
char buf[512];
static char last[256] = { 0 };
static int count = 0;
int i;
UNUSED(zone);
......@@ -415,9 +417,22 @@ dlz_lookup(const char *zone, const char *name, void *dbdata,
if (strcmp(name, "@") == 0) {
strncpy(full_name, state->zone_name, 255);
full_name[255] = '\0';
} else
} else if (strcmp(state->zone_name, ".") == 0)
snprintf(full_name, 255, "%s.", name);
else
snprintf(full_name, 255, "%s.%s", name, state->zone_name);
/*
* For test purposes, log all calls to dlz_lookup()
*/
if (strncasecmp(full_name, last, 255) == 0)
count++;
else {
count = 1;
strncpy(last, full_name, 255);
}
state->log(ISC_LOG_INFO, "lookup #%d for %s", count, full_name);
/*
* If we need to know the database version (as set in
* the 'newversion' dlz function) we can pick it up from the
......@@ -439,7 +454,7 @@ dlz_lookup(const char *zone, const char *name, void *dbdata,
if (dbversion != NULL && *(isc_boolean_t *)dbversion)
state->log(ISC_LOG_INFO,
"dlz_example: lookup against live "
"transaction\n");
"transaction");
}
if (strcmp(name, "source-addr") == 0) {
......@@ -455,7 +470,7 @@ dlz_lookup(const char *zone, const char *name, void *dbdata,
}
state->log(ISC_LOG_INFO,
"dlz_example: lookup connection from %s\n", buf);
"dlz_example: lookup connection from %s", buf);
found = ISC_TRUE;
result = state->putrr(lookup, "TXT", 0, buf);
......@@ -475,6 +490,24 @@ dlz_lookup(const char *zone, const char *name, void *dbdata,
return (result);
}
/* Tests for DLZ redirection zones */
if (strcmp(name, "*") == 0 && strcmp(zone, ".") == 0) {
result = state->putrr(lookup, "A", 0, "100.100.100.2");
found = ISC_TRUE;
if (result != ISC_R_SUCCESS)
return (result);
}
if (strcmp(name, "long.name.is.not.there") == 0 &&
strcmp(zone, ".") == 0)
{
result = state->putrr(lookup, "A", 0, "100.100.100.3");
found = ISC_TRUE;
if (result != ISC_R_SUCCESS)
return (result);
}
/* Answer from current records */
for (i = 0; i < MAX_RECORDS; i++) {
if (strcasecmp(state->current[i].name, full_name) == 0) {
found = ISC_TRUE;
......
/*
* Copyright (C) 2011-2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2011-2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
......@@ -60,7 +60,22 @@ dlz "unsearched2" {
search no;
};
dlz redzone {
database "dlopen ../driver.so .";
search no;
};
zone zone.nil {
type master;
dlz unsearched2;
};
zone "." {
type redirect;
dlz redzone;
};
zone "." {
type master;
file "root.db";
};
; Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
; Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
......
......@@ -20,9 +20,16 @@ SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
status=0
n=0
DIGOPTS="@10.53.0.1 -p 5300"
newtest() {
n=`expr $n + 1`
echo "${1} (${n})"
ret=0
}
test_update() {
host="$1"
type="$2"
......@@ -36,7 +43,7 @@ update add $host $cmd
send
EOF
echo "I:testing update for $host $type $cmd $comment"
newtest "I:testing update for $host $type $cmd${comment:+ }$comment"
$NSUPDATE -k ns1/ddns.key ns1/update.txt > /dev/null 2>&1 || {
[ "$should_fail" ] || \
echo "I:update failed for $host $type $cmd"
......@@ -53,8 +60,6 @@ EOF
return 0
}
ret=0
test_update testdc1.example.nil. A "86400 A 10.53.0.10" "10.53.0.10" || ret=1
status=`expr $status + $ret`
......@@ -67,8 +72,7 @@ status=`expr $status + $ret`
test_update deny.example.nil. TXT "86400 TXT helloworld" "helloworld" should_fail && ret=1
status=`expr $status + $ret`
echo "I:testing prerequisites are checked correctly"
ret=0
newtest "I:testing prerequisites are checked correctly"
cat > ns1/update.txt << EOF
server 10.53.0.1 5300
prereq nxdomain testdc3.example.nil
......@@ -81,16 +85,14 @@ out=`$DIG $DIGOPTS +short a testdc3.example.nil`
[ "$ret" -eq 0 ] || echo "I:failed"
status=`expr $status + $ret`
echo "I:testing passing client info into DLZ driver"
ret=0
newtest "I:testing passing client info into DLZ driver"
out=`$DIG $DIGOPTS +short -t txt -q source-addr.example.nil | grep -v '^;'`
addr=`eval echo "$out" | cut -f1 -d'#'`
[ "$addr" = "10.53.0.1" ] || ret=1
[ "$ret" -eq 0 ] || echo "I:failed"
status=`expr $status + $ret`
ret=0
echo "I:testing DLZ driver is cleaned up on reload"
newtest "I:testing DLZ driver is cleaned up on reload"
$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 reload 2>&1 | sed 's/^/I:ns1 /'
for i in 0 1 2 3 4 5 6 7 8 9; do
ret=0
......@@ -101,45 +103,39 @@ done
[ "$ret" -eq 0 ] || echo "I:failed"
status=`expr $status + $ret`
ret=0
echo "I:testing multiple DLZ drivers"
newtest "I:testing multiple DLZ drivers"
test_update testdc1.alternate.nil. A "86400 A 10.53.0.10" "10.53.0.10" || ret=1
status=`expr $status + $ret`
ret=0
echo "I:testing AXFR from DLZ drivers"
$DIG $DIGOPTS +noall +answer axfr example.nil > dig.out.ns1.1
n=`cat dig.out.ns1.1 | wc -l`
[ "$n" -eq 4 ] || ret=1
$DIG $DIGOPTS +noall +answer axfr alternate.nil > dig.out.ns1.2
n=`cat dig.out.ns1.2 | wc -l`
[ "$n" -eq 5 ] || ret=1
newtest "I:testing AXFR from DLZ drivers"
$DIG $DIGOPTS +noall +answer axfr example.nil > dig.out.ns1.test$n
lines=`cat dig.out.ns1.test$n | wc -l`
[ ${lines:-0} -eq 4 ] || ret=1
$DIG $DIGOPTS +noall +answer axfr alternate.nil > dig.out.ns1.test$n
lines=`cat dig.out.ns1.test$n | wc -l`
[ ${lines:-0} -eq 5 ] || ret=1
[ "$ret" -eq 0 ] || echo "I:failed"
status=`expr $status + $ret`
ret=0
echo "I:testing unsearched/unregistered DLZ zone is not found"
$DIG $DIGOPTS +noall +answer ns other.nil > dig.out.ns1.3
grep "3600.IN.NS.other.nil." dig.out.ns1.3 > /dev/null && ret=1
newtest "I:testing unsearched/unregistered DLZ zone is not found"
$DIG $DIGOPTS +noall +answer ns other.nil > dig.out.ns1.test$n
grep "3600.IN.NS.other.nil." dig.out.ns1.test$n > /dev/null && ret=1
[ "$ret" -eq 0 ] || echo "I:failed"
status=`expr $status + $ret`
ret=0
echo "I:testing unsearched/registered DLZ zone is found"
$DIG $DIGOPTS +noall +answer ns zone.nil > dig.out.ns1.4
grep "3600.IN.NS.zone.nil." dig.out.ns1.4 > /dev/null || ret=1
newtest "I:testing unsearched/registered DLZ zone is found"
$DIG $DIGOPTS +noall +answer ns zone.nil > dig.out.ns1.test$n
grep "3600.IN.NS.zone.nil." dig.out.ns1.test$n > /dev/null || ret=1
[ "$ret" -eq 0 ] || echo "I:failed"
status=`expr $status + $ret`
ret=0
echo "I:testing unsearched/registered DLZ zone is found"
$DIG $DIGOPTS +noall +answer ns zone.nil > dig.out.ns1.5
grep "3600.IN.NS.zone.nil." dig.out.ns1.5 > /dev/null || ret=1
newtest "I:testing unsearched/registered DLZ zone is found"
$DIG $DIGOPTS +noall +answer ns zone.nil > dig.out.ns1.test$n
grep "3600.IN.NS.zone.nil." dig.out.ns1.test$n > /dev/null || ret=1
[ "$ret" -eq 0 ] || echo "I:failed"
status=`expr $status + $ret`
ret=0
echo "I:testing correct behavior with findzone returning ISC_R_NOMORE"
newtest "I:testing correct behavior with findzone returning ISC_R_NOMORE"
$DIG $DIGOPTS +noall a test.example.com > /dev/null 2>&1 || ret=1
# we should only find one logged lookup per searched DLZ database
lines=`grep "dlz_findzonedb.*test\.example\.com.*example.nil" ns1/named.run | wc -l`
......@@ -149,8 +145,7 @@ lines=`grep "dlz_findzonedb.*test\.example\.com.*alternate.nil" ns1/named.run |
[ "$ret" -eq 0 ] || echo "I:failed"
status=`expr $status + $ret`
ret=0
echo "I:testing findzone can return different results per client"
newtest "I:testing findzone can return different results per client"
$DIG $DIGOPTS -b 10.53.0.1 +noall a test.example.net > /dev/null 2>&1 || ret=1
# we should only find one logged lookup per searched DLZ database
lines=`grep "dlz_findzonedb.*example\.net.*example.nil" ns1/named.run | wc -l`
......@@ -166,18 +161,34 @@ lines=`grep "dlz_findzonedb.*example\.net.*alternate.nil" ns1/named.run | wc -l`
[ "$ret" -eq 0 ] || echo "I:failed"
status=`expr $status + $ret`
ret=0
echo "I:testing zone returning oversized data"
$DIG $DIGOPTS txt too-long.example.nil > dig.out.ns1.6 2>&1 || ret=1
grep "status: SERVFAIL" dig.out.ns1.6 > /dev/null || ret=1
newtest "I:testing zone returning oversized data"
$DIG $DIGOPTS txt too-long.example.nil > dig.out.ns1.test$n 2>&1 || ret=1
grep "status: SERVFAIL" dig.out.ns1.test$n > /dev/null || ret=1
[ "$ret" -eq 0 ] || echo "I:failed"
status=`expr $status + $ret`
ret=0
echo "I:testing zone returning oversized data at zone origin"
$DIG $DIGOPTS txt bigcname.domain > dig.out.ns1.7 2>&1 || ret=1
grep "status: SERVFAIL" dig.out.ns1.7 > /dev/null || ret=1
newtest "I:testing zone returning oversized data at zone origin"
$DIG $DIGOPTS txt bigcname.domain > dig.out.ns1.test$n 2>&1 || ret=1
grep "status: SERVFAIL" dig.out.ns1.test$n > /dev/null || ret=1
[ "$ret" -eq 0 ] || echo "I:failed"
status=`expr $status + $ret`
newtest "I:checking redirected lookup for nonexistent name"
$DIG $DIGOPTS @10.53.0.1 unexists a > dig.out.ns1.test$n || ret=1
grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
grep "^unexists.*A.*100.100.100.2" dig.out.ns1.test$n > /dev/null || ret=1
grep "flags:[^;]* aa[ ;]" dig.out.ns1.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
newtest "I:checking redirected lookup for a long nonexistent name"
$DIG $DIGOPTS @10.53.0.1 long.name.is.not.there a > dig.out.ns1.test$n || ret=1
grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
grep "^long.name.*A.*100.100.100.3" dig.out.ns1.test$n > /dev/null || ret=1
grep "flags:[^;]* aa[ ;]" dig.out.ns1.test$n > /dev/null || ret=1
lookups=`grep "lookup #.*\.not\.there" ns1/named.run | wc -l`
[ "$lookups" -eq 1 ] || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
exit $status
#!/bin/sh
#
# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: clean.sh,v 1.2 2010/08/16 04:46:15 marka Exp $
rm -f dig.out.*
rm -f */named.memstats
rm -f */named.run
Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
$Id: NS=10=example.com.=,v 1.1 2010/08/16 04:46:15 marka Exp $
The contents of this file is not read by the filesystem driver.
This is the file for "NS 10 example.com.".
Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
$Id: NS=10=example.com.=,v 1.1 2010/08/16 04:46:15 marka Exp $
The contents of this file is not read by the filesystem driver.
This is the file for "NS 10 example.com.".
Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
$Id: SOA=10=ns.example.com.=root.example.com.=2010062900=0=0=0=10=,v 1.1 2010/08/16 04:46:15 marka Exp $
The contents of this file is not read by the filesystem driver.
This is the file for "SOA 10 ns.example.com. root.example.com. 2010062900 0 0 0 10".
/*
* Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named.conf,v 1.2 2010/08/16 04:46:15 marka Exp $ */
controls { /* empty */ };
options {
query-source address 10.53.0.1;
notify-source 10.53.0.1;
transfer-source 10.53.0.1;
port 5300;
pid-file "named.pid";
listen-on { 10.53.0.1; };
listen-on-v6 { none; };
recursion no;
};
dlz fszone {
database "filesystem dns-root/ dns.d xfr.d 0 =";
search no;
};
zone "." {
type redirect;
dlz fszone;
};
zone "." {
type master;
file "root.db";
};
#!/bin/sh
#
# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: prereq.sh.in,v 1.2 2011/04/19 22:30:52 each Exp $
TOP=${SYSTEMTESTTOP:=.}/../../../..
if [ "@DLZ_SYSTEM_TEST@" != "filesystem" ]; then
echo "I:DLZ filesystem driver not supported"
exit 255
fi
exit 0
#!/bin/sh
#
# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: tests.sh,v 1.4 2011/04/19 23:47:52 tbox Exp $
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
status=0
n=0
rm -f dig.out.*
DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p 5300"
echo "I:checking query for existing name ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.1 exists a > dig.out.ns1.test$n || ret=1
grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
grep "exists.*A.*10.10.10.10" dig.out.ns1.test$n > /dev/null || ret=1
grep "flags:[^;]* aa[ ;]" dig.out.ns1.test$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:checking query for nonexistent name ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.1 unexists a > dig.out.ns1.test$n || ret=1
grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
grep "unexists.*A.*100.100.100.2" dig.out.ns1.test$n > /dev/null || ret=1
grep "flags:[^;]* aa[ ;]" dig.out.ns1.test$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:exit status: $status"
exit $status
......@@ -21630,7 +21630,7 @@ ac_config_commands="$ac_config_commands chmod"
# elsewhere if there's a good reason for doing so.
#
ac_config_files="$ac_config_files make/Makefile make/mkdep Makefile bin/Makefile bin/check/Makefile bin/confgen/Makefile bin/confgen/unix/Makefile bin/delv/Makefile bin/dig/Makefile bin/dnssec/Makefile bin/named/Makefile bin/named/unix/Makefile bin/nsupdate/Makefile bin/pkcs11/Makefile bin/python/Makefile bin/python/dnssec-checkds.py bin/python/dnssec-coverage.py bin/rndc/Makefile bin/tests/Makefile bin/tests/atomic/Makefile bin/tests/db/Makefile bin/tests/dst/Makefile bin/tests/dst/Kdh.+002+18602.key bin/tests/dst/Kdh.+002+18602.private bin/tests/dst/Kdh.+002+48957.key bin/tests/dst/Kdh.+002+48957.private bin/tests/dst/Ktest.+001+00002.key bin/tests/dst/Ktest.+001+54622.key bin/tests/dst/Ktest.+001+54622.private bin/tests/dst/Ktest.+003+23616.key bin/tests/dst/Ktest.+003+23616.private bin/tests/dst/Ktest.+003+49667.key bin/tests/dst/dst_2_data bin/tests/dst/t2_data_1 bin/tests/dst/t2_data_2 bin/tests/dst/t2_dsasig bin/tests/dst/t2_rsasig bin/tests/hashes/Makefile bin/tests/headerdep_test.sh bin/tests/master/Makefile bin/tests/mem/Makefile bin/tests/names/Makefile bin/tests/net/Makefile bin/tests/pkcs11/Makefile bin/tests/pkcs11/benchmarks/Makefile bin/tests/rbt/Makefile bin/tests/resolver/Makefile bin/tests/sockaddr/Makefile bin/tests/system/Makefile bin/tests/system/conf.sh bin/tests/system/dlz/prereq.sh bin/tests/system/dlzexternal/Makefile bin/tests/system/dlzexternal/ns1/named.conf bin/tests/system/dlzredir/prereq.sh bin/tests/system/filter-aaaa/Makefile bin/tests/system/geoip/Makefile bin/tests/system/inline/checkdsa.sh bin/tests/system/lwresd/Makefile bin/tests/system/sit/prereq.sh bin/tests/system/rpz/Makefile bin/tests/system/rsabigexponent/Makefile bin/tests/system/tkey/Makefile bin/tests/system/tsiggss/Makefile bin/tests/tasks/Makefile bin/tests/timers/Makefile bin/tests/virtual-time/Makefile bin/tests/virtual-time/conf.sh bin/tools/Makefile contrib/scripts/check-secure-delegation.pl contrib/scripts/zone-edit.sh doc/Makefile doc/arm/Makefile doc/doxygen/Doxyfile doc/doxygen/Makefile doc/doxygen/doxygen-input-filter doc/misc/Makefile doc/xsl/Makefile doc/xsl/isc-docbook-chunk.xsl doc/xsl/isc-docbook-html.xsl doc/xsl/isc-docbook-latex.xsl doc/xsl/isc-manpage.xsl isc-config.sh lib/Makefile lib/bind9/Makefile lib/bind9/include/Makefile lib/bind9/include/bind9/Makefile lib/dns/Makefile lib/dns/include/Makefile lib/dns/include/dns/Makefile lib/dns/include/dst/Makefile lib/dns/tests/Makefile lib/irs/Makefile lib/irs/include/Makefile lib/irs/include/irs/Makefile lib/irs/include/irs/netdb.h lib/irs/include/irs/platform.h lib/isc/$arch/Makefile lib/isc/$arch/include/Makefile lib/isc/$arch/include/isc/Makefile lib/isc/$thread_dir/Makefile lib/isc/$thread_dir/include/Makefile lib/isc/$thread_dir/include/isc/Makefile lib/isc/Makefile lib/isc/include/Makefile lib/isc/include/isc/Makefile lib/isc/include/isc/platform.h lib/isc/include/pk11/Makefile lib/isc/include/pkcs11/Makefile lib/isc/tests/Makefile lib/isc/nls/Makefile lib/isc/unix/Makefile lib/isc/unix/include/Makefile lib/isc/unix/include/isc/Makefile lib/isc/unix/include/pkcs11/Makefile lib/isccc/Makefile lib/isccc/include/Makefile lib/isccc/include/isccc/Makefile lib/isccfg/Makefile lib/isccfg/include/Makefile lib/isccfg/include/isccfg/Makefile lib/lwres/Makefile lib/lwres/include/Makefile lib/lwres/include/lwres/Makefile lib/lwres/include/lwres/netdb.h lib/lwres/include/lwres/platform.h lib/lwres/man/Makefile lib/lwres/unix/Makefile lib/lwres/unix/include/Makefile lib/lwres/unix/include/lwres/Makefile lib/tests/Makefile lib/tests/include/Makefile lib/tests/include/tests/Makefile lib/samples/Makefile lib/samples/Makefile-postinstall unit/Makefile unit/unittest.sh"
ac_config_files="$ac_config_files make/Makefile make/mkdep Makefile bin/Makefile bin/check/Makefile bin/confgen/Makefile bin/confgen/unix/Makefile bin/delv/Makefile bin/dig/Makefile bin/dnssec/Makefile bin/named/Makefile bin/named/unix/Makefile bin/nsupdate/Makefile bin/pkcs11/Makefile bin/python/Makefile bin/python/dnssec-checkds.py bin/python/dnssec-coverage.py bin/rndc/Makefile bin/tests/Makefile bin/tests/atomic/Makefile bin/tests/db/Makefile bin/tests/dst/Makefile bin/tests/dst/Kdh.+002+18602.key bin/tests/dst/Kdh.+002+18602.private bin/tests/dst/Kdh.+002+48957.key bin/tests/dst/Kdh.+002+48957.private bin/tests/dst/Ktest.+001+00002.key bin/tests/dst/Ktest.+001+54622.key bin/tests/dst/Ktest.+001+54622.private bin/tests/dst/Ktest.+003+23616.key bin/tests/dst/Ktest.+003+23616.private bin/tests/dst/Ktest.+003+49667.key bin/tests/dst/dst_2_data bin/tests/dst/t2_data_1 bin/tests/dst/t2_data_2 bin/tests/dst/t2_dsasig bin/tests/dst/t2_rsasig bin/tests/hashes/Makefile bin/tests/headerdep_test.sh bin/tests/master/Makefile bin/tests/mem/Makefile bin/tests/names/Makefile bin/tests/net/Makefile bin/tests/pkcs11/Makefile bin/tests/pkcs11/benchmarks/Makefile bin/tests/rbt/Makefile bin/tests/resolver/Makefile bin/tests/sockaddr/Makefile bin/tests/system/Makefile bin/tests/system/conf.sh bin/tests/system/dlz/prereq.sh bin/tests/system/dlzexternal/Makefile bin/tests/system/dlzexternal/ns1/named.conf bin/tests/system/filter-aaaa/Makefile bin/tests/system/geoip/Makefile bin/tests/system/inline/checkdsa.sh bin/tests/system/lwresd/Makefile bin/tests/system/sit/prereq.sh bin/tests/system/rpz/Makefile bin/tests/system/rsabigexponent/Makefile bin/tests/system/tkey/Makefile bin/tests/system/tsiggss/Makefile bin/tests/tasks/Makefile bin/tests/timers/Makefile bin/tests/virtual-time/Makefile bin/tests/virtual-time/conf.sh bin/tools/Makefile contrib/scripts/check-secure-delegation.pl contrib/scripts/zone-edit.sh doc/Makefile doc/arm/Makefile doc/doxygen/Doxyfile doc/doxygen/Makefile doc/doxygen/doxygen-input-filter doc/misc/Makefile doc/xsl/Makefile doc/xsl/isc-docbook-chunk.xsl doc/xsl/isc-docbook-html.xsl doc/xsl/isc-docbook-latex.xsl doc/xsl/isc-manpage.xsl isc-config.sh lib/Makefile lib/bind9/Makefile lib/bind9/include/Makefile lib/bind9/include/bind9/Makefile lib/dns/Makefile lib/dns/include/Makefile lib/dns/include/dns/Makefile lib/dns/include/dst/Makefile lib/dns/tests/Makefile lib/irs/Makefile lib/irs/include/Makefile lib/irs/include/irs/Makefile lib/irs/include/irs/netdb.h lib/irs/include/irs/platform.h lib/isc/$arch/Makefile lib/isc/$arch/include/Makefile lib/isc/$arch/include/isc/Makefile lib/isc/$thread_dir/Makefile lib/isc/$thread_dir/include/Makefile lib/isc/$thread_dir/include/isc/Makefile lib/isc/Makefile lib/isc/include/Makefile lib/isc/include/isc/Makefile lib/isc/include/isc/platform.h lib/isc/include/pk11/Makefile lib/isc/include/pkcs11/Makefile lib/isc/tests/Makefile lib/isc/nls/Makefile lib/isc/unix/Makefile lib/isc/unix/include/Makefile lib/isc/unix/include/isc/Makefile lib/isc/unix/include/pkcs11/Makefile lib/isccc/Makefile lib/isccc/include/Makefile lib/isccc/include/isccc/Makefile lib/isccfg/Makefile lib/isccfg/include/Makefile lib/isccfg/include/isccfg/Makefile lib/lwres/Makefile lib/lwres/include/Makefile lib/lwres/include/lwres/Makefile lib/lwres/include/lwres/netdb.h lib/lwres/include/lwres/platform.h lib/lwres/man/Makefile lib/lwres/unix/Makefile lib/lwres/unix/include/Makefile lib/lwres/unix/include/lwres/Makefile lib/tests/Makefile lib/tests/include/Makefile lib/tests/include/tests/Makefile lib/samples/Makefile lib/samples/Makefile-postinstall unit/Makefile unit/unittest.sh"
#
......@@ -22677,7 +22677,6 @@ do
"bin/tests/system/dlz/prereq.sh") CONFIG_FILES="$CONFIG_FILES bin/tests/system/dlz/prereq.sh" ;;
"bin/tests/system/dlzexternal/Makefile") CONFIG_FILES="$CONFIG_FILES bin/tests/system/dlzexternal/Makefile" ;;
"bin/tests/system/dlzexternal/ns1/named.conf") CONFIG_FILES="$CONFIG_FILES bin/tests/system/dlzexternal/ns1/named.conf" ;;
"bin/tests/system/dlzredir/prereq.sh") CONFIG_FILES="$CONFIG_FILES bin/tests/system/dlzredir/prereq.sh" ;;
"bin/tests/system/filter-aaaa/Makefile") CONFIG_FILES="$CONFIG_FILES bin/tests/system/filter-aaaa/Makefile" ;;
"bin/tests/system/geoip/Makefile") CONFIG_FILES="$CONFIG_FILES bin/tests/system/geoip/Makefile" ;;
"bin/tests/system/inline/checkdsa.sh") CONFIG_FILES="$CONFIG_FILES bin/tests/system/inline/checkdsa.sh" ;;
......
......@@ -4475,7 +4475,6 @@ AC_CONFIG_FILES([
bin/tests/system/dlz/prereq.sh
bin/tests/system/dlzexternal/Makefile
bin/tests/system/dlzexternal/ns1/named.conf
bin/tests/system/dlzredir/prereq.sh
bin/tests/system/filter-aaaa/Makefile
bin/tests/system/geoip/Makefile
bin/tests/system/inline/checkdsa.sh
......
......@@ -242,6 +242,7 @@ struct dns_db {
#define DNS_DBFIND_COVERINGNSEC 0x0040
#define DNS_DBFIND_FORCENSEC3 0x0080
#define DNS_DBFIND_ADDITIONALOK 0x0100
#define DNS_DBFIND_NOZONECUT 0x0200
/*@}*/
/*@{*/
......@@ -784,6 +785,15 @@ dns_db_findext(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
* \li If the #DNS_DBFIND_NOWILD option is set, then wildcard matching will
* be disabled. This option is only meaningful for zone databases.
*
* \li If the #DNS_DBFIND_NOZONECUT option is set, the database is
* assumed to contain no zone cuts above 'name'. An implementation
* may therefore choose to search for a match beginning at 'name'
* rather than walking down the tree to check check for delegations.
* If #DNS_DBFIND_NOWILD is not set, wildcard matching will be
* attempted at each node starting at the direct ancestor of 'name'
* and working up to the zone origin. This option is only meaningful
* when querying redirect zones.
*
* \li If the #DNS_DBFIND_FORCENSEC option is set, the database is assumed to
* have NSEC records, and these will be returned when appropriate. This
* is only necessary when querying a database that was not secure
......@@ -795,7 +805,7 @@ dns_db_findext(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
* that it is correct. This only affects answers returned from the
* cache.
*
* \li In the #DNS_DBFIND_FORCENSEC3 option is set, then we are looking
* \li If the #DNS_DBFIND_FORCENSEC3 option is set, then we are looking
* in the NSEC3 tree and not the main tree. Without this option being
* set NSEC3 records will not be found.
*
......
......@@ -186,8 +186,13 @@ typedef struct sdlz_rdatasetiter {
#endif
/*
* Forward references. Try to keep these to a minimum.
* Forward references.
*/
static isc_result_t getnodedata(dns_db_t *db, dns_name_t *name,
isc_boolean_t create, unsigned int options,
dns_clientinfomethods_t *methods,
dns_clientinfo_t *clientinfo,
dns_dbnode_t **nodep);
static void list_tordataset(dns_rdatalist_t *rdatalist,
dns_db_t *db, dns_dbnode_t *node,
......@@ -536,9 +541,9 @@ destroynode(dns_sdlznode_t *node) {
}
static isc_result_t
findnodeext(dns_db_t *db, dns_name_t *name, isc_boolean_t create,
dns_clientinfomethods_t *methods, dns_clientinfo_t *clientinfo,
dns_dbnode_t **nodep)
getnodedata(dns_db_t *db, dns_name_t *name, isc_boolean_t create,
unsigned int options, dns_clientinfomethods_t *methods,
dns_clientinfo_t *clientinfo, dns_dbnode_t **nodep)
{
dns_sdlz_db_t *sdlz = (dns_sdlz_db_t *)db;
dns_sdlznode_t *node = NULL;
......@@ -563,7 +568,7 @@ findnodeext(dns_db_t *db, dns_name_t *name, isc_boolean_t create,
unsigned int labels;
labels = dns_name_countlabels(name) -
dns_name_countlabels(&db->origin);
dns_name_countlabels(&sdlz->common.origin);
dns_name_init(&relname, NULL);
dns_name_getlabelsequence(name, 0, labels, &relname);
result = dns_name_totext(&relname, ISC_TRUE, &b);
......@@ -601,14 +606,53 @@ findnodeext(dns_db_t *db, dns_name_t *name, isc_boolean_t create,
methods, clientinfo);
/*
* if the host (namestr) was not found, try to lookup a
* "wildcard" host.
* If the name was not found and DNS_DBFIND_NOWILD is not
* set, then we try to find a wildcard entry.
*
* If DNS_DBFIND_NOZONECUT is set and there are multiple
* levels between the host and the zone origin, we also look
* for wildcards at each level.
*/
if (result == ISC_R_NOTFOUND && !create)
result = sdlz->dlzimp->methods->lookup(zonestr, "*",
if (result == ISC_R_NOTFOUND && !create &&
(options & DNS_DBFIND_NOWILD) == 0)
{
unsigned int i, dlabels, nlabels;
nlabels = dns_name_countlabels(name);
dlabels = nlabels - dns_name_countlabels(&sdlz->common.origin);
for (i = 0; i < dlabels; i++) {
char wildstr[DNS_NAME_MAXTEXT + 1];
dns_fixedname_t fixed;
dns_name_t *wild;
dns_fixedname_init(&fixed);
if (i == dlabels)
wild = dns_wildcardname;
else {
wild = dns_fixedname_name(&fixed);
dns_name_getlabelsequence(name, i + 1,
dlabels - i - 1,
wild);
result = dns_name_concatenate(dns_wildcardname,
wild, wild, NULL);
if (result != ISC_R_SUCCESS)
return (result);
}
isc_buffer_init(&b, wildstr, sizeof(wildstr));
result = dns_name_totext(wild, ISC_TRUE, &b);
if (result != ISC_R_SUCCESS)
return (result);
isc_buffer_putuint8(&b, 0);
result = sdlz->dlzimp->methods->lookup(zonestr, wildstr,
sdlz->dlzimp->driverarg,
sdlz->dbdata, node,