Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
ISC Open Source Projects
BIND
Commits
91dca0f8
Commit
91dca0f8
authored
Mar 19, 2019
by
Evan Hunt
Browse files
don't fail when allow-update{,-forwarding} is used globally
parent
11c862ef
Changes
7
Hide whitespace changes
Inline
Side-by-side
bin/named/server.c
View file @
91dca0f8
...
...
@@ -5074,8 +5074,9 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
/*
* Configure default allow-update and allow-update-forwarding ACLs,
* so they can be inherited by zones. (Note these cannot be set at
* options/view level.)
* so they can be inherited by zones. (XXX: These are not
* read from the options/view level here. However, they may be
* read from there in zoneconf.c:configure_zone_acl() later.)
*/
if
(
view
->
updateacl
==
NULL
)
{
CHECK
(
configure_view_acl
(
NULL
,
NULL
,
named_g_config
,
...
...
bin/tests/system/checkconf/
ba
d-allow-update-forwarding-view.conf
→
bin/tests/system/checkconf/
goo
d-allow-update-forwarding-view.conf
View file @
91dca0f8
...
...
@@ -9,6 +9,6 @@
*
information
regarding
copyright
ownership
.
*/
view
{
view
one
{
allow
-
update
-
forwarding
{
any
; };
};
bin/tests/system/checkconf/
ba
d-allow-update-forwarding.conf
→
bin/tests/system/checkconf/
goo
d-allow-update-forwarding.conf
View file @
91dca0f8
File moved
bin/tests/system/checkconf/
ba
d-allow-update-view.conf
→
bin/tests/system/checkconf/
goo
d-allow-update-view.conf
View file @
91dca0f8
...
...
@@ -9,6 +9,6 @@
*
information
regarding
copyright
ownership
.
*/
view
{
view
one
{
allow
-
update
{
any
; };
};
bin/tests/system/checkconf/
ba
d-allow-update.conf
→
bin/tests/system/checkconf/
goo
d-allow-update.conf
View file @
91dca0f8
File moved
doc/arm/Bv9ARM-book.xml
View file @
91dca0f8
...
...
@@ -7025,15 +7025,21 @@ options {
When set in the <command>zone</command> statement for
a master zone, specifies which hosts are allowed to
submit Dynamic DNS updates to that zone. The default
is to deny updates from all hosts. This can only
be set at the <command>zone</command> level, not in
<command>options</command> or <command>view</command>.
is to deny updates from all hosts.
</para>
<para>
Note that allowing updates based on the
requestor's IP address is insecure; see
<xref linkend="dynamic_update_security"/> for details.
</para>
<para>
In general this option should only be set at the
<command>zone</command> level. While a default
value can be set at the <command>options</command> or
<command>view</command> level and inherited by zones,
this could lead to some zones unintentionally allowing
updates.
</para>
</listitem>
</varlistentry>
...
...
@@ -7046,9 +7052,7 @@ options {
submit Dynamic DNS updates and have them be forwarded
to the master. The default is
<userinput>{ none; }</userinput>, which means that no
update forwarding will be performed. This can only be
set at the <command>zone</command> level, not in
<command>options</command> or <command>view</command>.
update forwarding will be performed.
</para>
<para>
To enable update forwarding, specify
...
...
@@ -7066,6 +7070,14 @@ options {
on insecure IP-address-based access control; see
<xref linkend="dynamic_update_security"/> for more details.
</para>
<para>
In general this option should only be set at the
<command>zone</command> level. While a default
value can be set at the <command>options</command> or
<command>view</command> level and inherited by zones,
this can lead to some zones unintentionally forwarding
updates.
</para>
</listitem>
</varlistentry>
...
...
lib/bind9/check.c
View file @
91dca0f8
...
...
@@ -482,43 +482,6 @@ check_viewacls(cfg_aclconfctx_t *actx, const cfg_obj_t *voptions,
return
(
result
);
}
static
isc_result_t
check_non_viewacls
(
const
cfg_obj_t
*
voptions
,
const
cfg_obj_t
*
config
,
isc_log_t
*
logctx
)
{
const
cfg_obj_t
*
aclobj
=
NULL
;
const
cfg_obj_t
*
options
;
const
char
*
where
=
NULL
;
int
i
;
static
const
char
*
acls
[]
=
{
"allow-update"
,
"allow-update-forwarding"
,
NULL
};
for
(
i
=
0
;
acls
[
i
]
!=
NULL
;
i
++
)
{
if
(
voptions
!=
NULL
&&
aclobj
==
NULL
)
{
cfg_map_get
(
voptions
,
acls
[
i
],
&
aclobj
);
where
=
"view"
;
}
if
(
config
!=
NULL
&&
aclobj
==
NULL
)
{
options
=
NULL
;
cfg_map_get
(
config
,
"options"
,
&
options
);
if
(
options
!=
NULL
)
{
cfg_map_get
(
options
,
acls
[
i
],
&
aclobj
);
where
=
"options"
;
}
}
if
(
aclobj
!=
NULL
)
{
cfg_obj_log
(
aclobj
,
logctx
,
ISC_LOG_ERROR
,
"'%s' can only be set per-zone, "
"not in '%s'"
,
acls
[
i
],
where
);
return
(
ISC_R_FAILURE
);
}
}
return
(
ISC_R_SUCCESS
);
}
static
const
unsigned
char
zeros
[
16
];
static
isc_result_t
...
...
@@ -3702,11 +3665,6 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
if
(
tresult
!=
ISC_R_SUCCESS
)
result
=
tresult
;
tresult
=
check_non_viewacls
(
voptions
,
config
,
logctx
);
if
(
tresult
!=
ISC_R_SUCCESS
)
{
result
=
tresult
;
}
tresult
=
check_recursionacls
(
actx
,
voptions
,
viewname
,
config
,
logctx
,
mctx
);
if
(
tresult
!=
ISC_R_SUCCESS
)
...
...
Evan Hunt
@each
mentioned in commit
dde35a8e
·
Mar 22, 2019
mentioned in commit
dde35a8e
mentioned in commit dde35a8edf6a506b18727cc9469bf9b78c2f76e9
Toggle commit list
Matthijs Mekking
🏡
@matthijs
mentioned in issue
#2127 (closed)
·
Sep 10, 2020
mentioned in issue
#2127 (closed)
mentioned in issue #2127
Toggle commit list
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment