Commit a1bc9410 authored by Mark Andrews's avatar Mark Andrews
Browse files

1959. [func] Control the zeroing of the negative response TTL to

                        a soa query.  Defaults "zero-no-soa-ttl yes;" and
                        "zero-no-soa-ttl-cache no;". [RT #15460]
parent 1bc63715
1959. [func] Control the zeroing of the negative response TTL to
a soa query. Defaults "zero-no-soa-ttl yes;" and
"zero-no-soa-ttl-cache no;". [RT #15460]
1958. [bug] Named failed to update the zone's secure state
until the zone was reloaded. [RT #15412]
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: config.c,v 1.65 2006/01/05 00:01:46 marka Exp $ */
/* $Id: config.c,v 1.66 2006/01/05 02:19:01 marka Exp $ */
/*! \file */
......@@ -137,6 +137,7 @@ options {\n\
dnssec-accept-expired no;\n\
clients-per-query 10;\n\
max-clients-per-query 100;\n\
zero-no-soa-ttl-cache no;\n\
"
" /* zone */\n\
......@@ -170,6 +171,7 @@ options {\n\
check-wildcard yes;\n\
check-sibling yes;\n\
check-integrity yes;\n\
zero-no-soa-ttl yes;\n\
};\n\
"
......
......@@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: named.conf.docbook,v 1.17 2006/01/05 00:01:46 marka Exp $ -->
<!-- $Id: named.conf.docbook,v 1.18 2006/01/05 02:19:01 marka Exp $ -->
<refentry>
<refentryinfo>
<date>Aug 13, 2004</date>
......@@ -317,6 +317,8 @@ options {
zone-statistics <replaceable>boolean</replaceable>;
key-directory <replaceable>quoted_string</replaceable>;
zero-no-soa-ttl <replaceable>boolean</replaceable>;
zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete
deallocate-on-exit <replaceable>boolean</replaceable>; // obsolete
......@@ -459,6 +461,8 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
zone-statistics <replaceable>boolean</replaceable>;
key-directory <replaceable>quoted_string</replaceable>;
zero-no-soa-ttl <replaceable>boolean</replaceable>;
zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete
fetch-glue <replaceable>boolean</replaceable>; // obsolete
......@@ -490,6 +494,7 @@ zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
dialup <replaceable>dialuptype</replaceable>;
ixfr-from-differences <replaceable>boolean</replaceable>;
journal <replaceable>quoted_string</replaceable>;
zero-no-soa-ttl <replaceable>boolean</replaceable>;
allow-query { <replaceable>address_match_element</replaceable>; ... };
allow-transfer { <replaceable>address_match_element</replaceable>; ... };
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: query.c,v 1.278 2006/01/04 23:50:24 marka Exp $ */
/* $Id: query.c,v 1.279 2006/01/05 02:19:01 marka Exp $ */
/*! \file */
......@@ -3874,7 +3874,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
* the containing zone of an arbitrary name with a stub
* resolver and not have it cached.
*/
if (qtype == dns_rdatatype_soa)
if (qtype == dns_rdatatype_soa &&
dns_zone_getzeronosoattl(zone))
result = query_addsoa(client, db, version, ISC_TRUE);
else
result = query_addsoa(client, db, version, ISC_FALSE);
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: server.c,v 1.454 2006/01/05 00:01:46 marka Exp $ */
/* $Id: server.c,v 1.455 2006/01/05 02:19:02 marka Exp $ */
/*! \file */
......@@ -1146,6 +1146,11 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
if (lame_ttl > 1800)
lame_ttl = 1800;
dns_resolver_setlamettl(view->resolver, lame_ttl);
obj = NULL;
result = ns_config_get(maps, "zero-no-soa-ttl-cache", &obj);
INSIST(result == ISC_R_SUCCESS);
dns_resolver_setzeronosoattl(view->resolver, cfg_obj_asboolean(obj));
/*
* Set the resolver's EDNS UDP size.
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: zoneconf.c,v 1.125 2005/11/30 03:33:48 marka Exp $ */
/* $Id: zoneconf.c,v 1.126 2006/01/05 02:19:02 marka Exp $ */
/*% */
......@@ -605,6 +605,11 @@ ns_zone_configure(cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_t *zconfig,
INSIST(result == ISC_R_SUCCESS);
dns_zone_setoption(zone, DNS_ZONEOPT_CHECKSIBLING,
cfg_obj_asboolean(obj));
obj = NULL;
result = ns_config_get(maps, "zero-no-soa-ttl", &obj);
INSIST(result == ISC_R_SUCCESS);
dns_zone_setzeronosoattl(zone, cfg_obj_asboolean(obj));
}
/*
......
......@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- File: $Id: Bv9ARM-book.xml,v 1.287 2006/01/05 00:01:46 marka Exp $ -->
<!-- File: $Id: Bv9ARM-book.xml,v 1.288 2006/01/05 02:19:02 marka Exp $ -->
<book xmlns:xi="http://www.w3.org/2001/XInclude">
<title>BIND 9 Administrator Reference Manual</title>
......@@ -4493,6 +4493,8 @@ category notify { null; };
<optional> empty-contact <replaceable>name</replaceable> ; </optional>
<optional> empty-zones-enable <replaceable>yes_or_no</replaceable> ; </optional>
<optional> disable-empty-zone <replaceable>zone_name</replaceable> ; </optional>
<optional> zero-no-soa-ttl <replaceable>yes_or_no</replaceable> ; </optional>
<optional> zero-no-soa-ttl-cache <replaceable>yes_or_no</replaceable> ; </optional>
};
</programlisting>
......@@ -5587,6 +5589,27 @@ options {
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>zero-no-soa-ttl</command><term>
<listitem>
<para>
When returning authoritative negative responses to
SOA queries set the TTL of the SOA recored returned in
the authority section to zero. Default yes.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>zero-no-soa-ttl-cache</command><term>
<listitem>
<para>
When caching a negative response to a SOA query
set the TTL to zero. Default no.
</para>
</listitem>
</varlistentry>
</variablelist>
</sect3>
......@@ -7932,6 +7955,7 @@ view "external" {
<optional> max-retry-time <replaceable>number</replaceable> ; </optional>
<optional> multi-master <replaceable>yes_or_no</replaceable> ; </optional>
<optional> key-directory <replaceable>path_name</replaceable>; </optional>
<optional> zero-no-soa-ttl <replaceable>yes_or_no</replaceable> ; </optional>
}</optional>;
</programlisting>
......@@ -8327,6 +8351,16 @@ view "external" {
</listitem>
</varlistentry>
<varlistentry>
<term><command>zero-no-soa-ttl</command></term>
<listitem>
<para>
See the description of
<command>zero-no-soa-ttl</command> in <xref linkend="boolean_options"/>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>database</command></term>
<listitem>
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: resolver.h,v 1.49 2006/01/05 00:01:46 marka Exp $ */
/* $Id: resolver.h,v 1.50 2006/01/05 02:19:02 marka Exp $ */
#ifndef DNS_RESOLVER_H
#define DNS_RESOLVER_H 1
......@@ -467,6 +467,13 @@ dns_resolver_setclientsperquery(dns_resolver_t *resolver,
void
dns_resolver_getclientsperquery(dns_resolver_t *resolver, isc_uint32_t *cur,
isc_uint32_t *min, isc_uint32_t *max);
isc_boolean_t
dns_resolver_getzeronosoattl(dns_resolver_t *resolver);
void
dns_resolver_setzeronosoattl(dns_resolver_t *resolver, isc_boolean_t state);
ISC_LANG_ENDDECLS
#endif /* DNS_RESOLVER_H */
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: zone.h,v 1.138 2005/10/26 04:35:54 marka Exp $ */
/* $Id: zone.h,v 1.139 2006/01/05 02:19:02 marka Exp $ */
#ifndef DNS_ZONE_H
#define DNS_ZONE_H 1
......@@ -817,9 +817,27 @@ dns_zone_clearxfracl(dns_zone_t *zone);
isc_boolean_t
dns_zone_getupdatedisabled(dns_zone_t *zone);
/*%<
* Return update disabled.
*/
void
dns_zone_setupdatedisabled(dns_zone_t *zone, isc_boolean_t state);
/*%<
* Set update disabled.
*/
isc_boolean_t
dns_zone_getzeronosoattl(dns_zone_t *zone);
/*%<
* Return zero-no-soa-ttl status.
*/
void
dns_zone_setzeronosoattl(dns_zone_t *zone, isc_boolean_t state);
/*%<
* Set zero-no-soa-ttl status.
*/
void
dns_zone_setchecknames(dns_zone_t *zone, dns_severity_t severity);
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: resolver.c,v 1.325 2006/01/05 00:01:46 marka Exp $ */
/* $Id: resolver.c,v 1.326 2006/01/05 02:19:02 marka Exp $ */
/*! \file */
......@@ -316,6 +316,7 @@ struct dns_resolver {
unsigned int spillatmax;
unsigned int spillatmin;
isc_timer_t * spillattimer;
isc_boolean_t zero_no_soa_ttl;
/* Locked by lock. */
unsigned int references;
isc_boolean_t exiting;
......@@ -3300,7 +3301,8 @@ validated(isc_task_t *task, isc_event_t *event) {
*/
ttl = fctx->res->view->maxncachettl;
if (fctx->type == dns_rdatatype_soa &&
covers == dns_rdatatype_any)
covers == dns_rdatatype_any &&
fctx->res->zero_no_soa_ttl)
ttl = 0;
result = ncache_adderesult(fctx->rmessage, fctx->cache, node,
......@@ -5901,6 +5903,7 @@ dns_resolver_create(dns_view_t *view,
res->spillatmin = res->spillat = 10;
res->spillatmax = 100;
res->spillattimer = NULL;
res->zero_no_soa_ttl = ISC_FALSE;
res->nbuckets = ntasks;
res->activebuckets = ntasks;
......@@ -6886,3 +6889,17 @@ dns_resolver_setclientsperquery(dns_resolver_t *resolver, isc_uint32_t min,
resolver->spillatmax = max;
UNLOCK(&resolver->lock);
}
isc_boolean_t
dns_resolver_getzeronosoattl(dns_resolver_t *resolver) {
REQUIRE(VALID_RESOLVER(resolver));
return (resolver->zero_no_soa_ttl);
}
void
dns_resolver_setzeronosoattl(dns_resolver_t *resolver, isc_boolean_t state) {
REQUIRE(VALID_RESOLVER(resolver));
resolver->zero_no_soa_ttl = state;
}
......@@ -492,6 +492,7 @@ dns_resolver_dispatchv6
dns_resolver_freeze
dns_resolver_getlamettl
dns_resolver_getudpsize
dns_resolver_getzeronosoattl
dns_resolver_nrunning
dns_resolver_prime
dns_resolver_reset_algorithms
......@@ -500,6 +501,7 @@ dns_resolver_setclientsperquery
dns_resolver_setlamettl
dns_resolver_setmustbesecure
dns_resolver_setudpsize
dns_resolver_setzeronosoattl
dns_resolver_shutdown
dns_resolver_socketmgr
dns_resolver_taskmgr
......@@ -655,6 +657,7 @@ dns_zone_getview
dns_zone_getxfracl
dns_zone_getxfrsource4
dns_zone_getxfrsource6
dns_zone_getzeronosoattl
dns_zone_iattach
dns_zone_idetach
dns_zone_isforced
......@@ -716,6 +719,7 @@ dns_zone_setview
dns_zone_setxfracl
dns_zone_setxfrsource4
dns_zone_setxfrsource6
dns_zone_setzeronosoattl
dns_zone_unload
dns_zonekey_iszonekey
dns_zonemgr_attach
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: zone.c,v 1.448 2006/01/04 00:37:24 marka Exp $ */
/* $Id: zone.c,v 1.449 2006/01/05 02:19:02 marka Exp $ */
/*! \file */
......@@ -217,6 +217,7 @@ struct dns_zone {
dns_acl_t *query_acl;
dns_acl_t *xfr_acl;
isc_boolean_t update_disabled;
isc_boolean_t zero_no_soa_ttl;
dns_severity_t check_names;
ISC_LIST(dns_notify_t) notifies;
dns_request_t *request;
......@@ -591,6 +592,7 @@ dns_zone_create(dns_zone_t **zonep, isc_mem_t *mctx) {
zone->query_acl = NULL;
zone->xfr_acl = NULL;
zone->update_disabled = ISC_FALSE;
zone->zero_no_soa_ttl = ISC_TRUE;
zone->check_names = dns_severity_ignore;
zone->request = NULL;
zone->lctx = NULL;
......@@ -5686,6 +5688,19 @@ dns_zone_setupdatedisabled(dns_zone_t *zone, isc_boolean_t state) {
zone->update_disabled = state;
}
isc_boolean_t
dns_zone_getzeronosoattl(dns_zone_t *zone) {
REQUIRE(DNS_ZONE_VALID(zone));
return (zone->zero_no_soa_ttl);
}
void
dns_zone_setzeronosoattl(dns_zone_t *zone, isc_boolean_t state) {
REQUIRE(DNS_ZONE_VALID(zone));
zone->zero_no_soa_ttl = state;
}
void
dns_zone_setchecknames(dns_zone_t *zone, dns_severity_t severity) {
......@@ -7620,6 +7635,7 @@ dns_zone_getkeydirectory(dns_zone_t *zone) {
return (zone->keydirectory);
}
unsigned int
dns_zonemgr_getcount(dns_zonemgr_t *zmgr, int state) {
dns_zone_t *zone;
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: namedconf.c,v 1.61 2006/01/05 00:01:46 marka Exp $ */
/* $Id: namedconf.c,v 1.62 2006/01/05 02:19:02 marka Exp $ */
/*! \file */
......@@ -782,6 +782,7 @@ view_clauses[] = {
{ "empty-contact", &cfg_type_astring, 0 },
{ "empty-zones-enable", &cfg_type_boolean, 0 },
{ "disable-empty-zone", &cfg_type_astring, CFG_CLAUSEFLAG_MULTI },
{ "zero-no-soa-ttl-cache", &cfg_type_boolean, 0 },
{ NULL, NULL, 0 }
};
......@@ -840,6 +841,7 @@ zone_clauses[] = {
{ "check-integrity", &cfg_type_boolean, 0 },
{ "check-mx", &cfg_type_checkmode, 0 },
{ "check-sibling", &cfg_type_boolean, 0 },
{ "zero-no-soa-ttl", &cfg_type_boolean, 0 },
{ NULL, NULL, 0 }
};
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment