Commit 997c2c51 authored by Mark Andrews's avatar Mark Andrews

3636. [bug] Automatic empty zones now behave better with

                        forward only "zones" beneath them. [RT #34583]
parent 33d6c4a0
3637. [bug] 'allow-query-on' was checking the source address
rather than the destination address. [RT #34590]
3636. [bug] Automatic empty zones now behave better with
forward only "zones" beneath them. [RT #34583]
......
......@@ -797,7 +797,7 @@ query_validatezonedb(ns_client_t *client, dns_name_t *name,
if (queryonacl == NULL)
queryonacl = client->view->queryonacl;
result = ns_client_checkaclsilent(client, NULL,
result = ns_client_checkaclsilent(client, &client->destaddr,
queryonacl, ISC_TRUE);
if ((options & DNS_GETDB_NOLOG) == 0 &&
result != ISC_R_SUCCESS)
......
/*
* Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named1.conf,v 1.2 2008/01/10 01:10:01 marka Exp $ */
controls { /* empty */ };
options {
query-source address 10.53.0.2;
notify-source 10.53.0.2;
transfer-source 10.53.0.2;
port 5300;
pid-file "named.pid";
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
recursion no;
notify yes;
ixfr-from-differences yes;
check-integrity no;
allow-query-on { 10.53.0.2; };
};
include "../../common/controls.conf";
key one {
algorithm hmac-md5;
secret "1234abcd8765";
};
key two {
algorithm hmac-md5;
secret "1234abcd8765";
};
zone "." {
type hint;
file "../../common/root.hint";
};
zone "example" {
type master;
file "example.db";
};
zone "tsigzone" {
type master;
file "tsigzone.db";
allow-transfer { !key one; any; };
};
......@@ -140,5 +140,14 @@ $DIG $DIGOPTS tsigzone. \
@10.53.0.2 -b 10.53.0.3 axfr -y one:1234abcd8765 -p 5300 > dig.out
grep "^;" dig.out > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; }
echo "I:testing allow-query-on ACL processing"
cp -f ns2/named5.conf ns2/named.conf
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /'
sleep 5
t=`expr $t + 1`
$DIG +tcp soa example. \
@10.53.0.2 -b 10.53.0.3 -p 5300 > dig.out
grep "status: NOERROR" dig.out > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; }
echo "I:exit status: $status"
exit $status
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment