Commit ac5ed748 authored by Mark Andrews's avatar Mark Andrews
Browse files

3897. [bug] RPZ summary information was not properly being updated

                        after a AXFR resulting in changes sometimes being
                        ignored.  [RT #35885]
parent a1dee90b
3897. [bug] RPZ summary information was not properly being updated
after a AXFR resulting in changes sometimes being
ignored. [RT #35885]
3896. [bug] Address performance issues with DSCP code on some
platforms. [RT #36534]
......
......@@ -20,3 +20,4 @@ rm -f ns3/bl*.db ns*/*switch ns*/empty.db ns*/empty.db.jnl
rm -f ns5/requests ns5/example.db ns5/bl.db ns5/*.perf
rm -f */named.memstats */named.run */named.stats */session.key
rm -f */*.jnl */*.core */*.pid
rm -f */policy2.db
......@@ -14,11 +14,4 @@
$TTL 120
@ SOA . hostmaster.ns.example.tld5. ( 1 3600 1200 604800 60 )
NS ns
NS ns1
NS ns2
NS ns3
ns A 10.53.0.5
ns1 A 10.53.0.5
ns2 A 10.53.0.6
ns3 A 10.53.0.6
NS .
......@@ -83,3 +83,10 @@ zone "policy1" {
allow-update { any; };
allow-transfer { any; };
};
zone "policy2" {
type master;
file "policy2.db";
allow-update { any; };
allow-transfer { any; };
};
; Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
; $Id$
. 120 NS ns.
ns. 120 A 10.53.0.1
/*
* Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
options {
query-source address 10.53.0.7;
notify-source 10.53.0.7;
transfer-source 10.53.0.7;
port 5300;
pid-file "named.pid";
statistics-file "named.stats";
session-keyfile "session.key";
listen-on { 10.53.0.7; };
listen-on-v6 { none; };
response-policy { zone "policy2"; } qname-wait-recurse no;
};
key rndc_key {
secret "1234abcd8765";
algorithm hmac-sha256;
};
controls {
inet 10.53.0.7 port 9953 allow { any; } keys { rndc_key; };
};
include "../trusted.conf";
zone "policy2" {
type slave;
masters { 10.53.0.5; };
file "policy2.db";
allow-transfer { any; };
request-ixfr no; // force axfr on rndc reload
};
......@@ -116,3 +116,4 @@ $PERL -e 'for ($cnt = $val = 1; $cnt <= 3000; ++$cnt) {
cp ns2/bl.tld2.db.in ns2/bl.tld2.db
cp ns5/empty.db.in ns5/empty.db
cp ns5/empty.db.in ns5/policy2.db
......@@ -27,6 +27,7 @@ ns3=$ns.3 # main rewriting resolver
ns4=$ns.4 # another authoritative server that is rewritten
ns5=$ns.5 # another rewriting resolver
ns6=$ns.6 # a forwarding server
ns7=$ns.7 # another rewriting resolver
HAVE_CORE=
SAVE_RESULTS=
......@@ -629,5 +630,12 @@ for i in 1 2 3 4 5; do
nsd $ns5 delete '*.example.com.policy1.' example.com.policy1.
done
echo "I:checking checking that going from a empty policy zone works"
nsd $ns5 add '*.x.servfail.policy2.' x.servfail.policy2.
sleep 1
$RNDCCMD $ns7 reload policy2
$DIG z.x.servfail -p 5300 @$ns7 > dig.out.ns7
grep NXDOMAIN dig.out.ns7 > /dev/null || setret I:failed;
echo "I:exit status: $status"
exit $status
......@@ -248,6 +248,9 @@ dns_rpz_policy2str(dns_rpz_policy_t policy) {
case DNS_RPZ_POLICY_WILDCNAME:
str = "CNAME";
break;
case DNS_RPZ_POLICY_MISS:
str = "MISS";
break;
default:
str = "";
POST(str);
......@@ -1653,6 +1656,7 @@ dns_rpz_ready(dns_rpz_zones_t *rpzs,
load_rpzs->rbt = rbt;
rpzs->total_triggers = load_rpzs->total_triggers;
rpzs->have = load_rpzs->have;
UNLOCK(&rpzs->search_lock);
......
......@@ -1601,6 +1601,8 @@
./bin/tests/system/rpz/ns5/tld5.db ZONE 2013
./bin/tests/system/rpz/ns6/hints ZONE 2014
./bin/tests/system/rpz/ns6/named.conf CONF-C 2014
./bin/tests/system/rpz/ns7/hints ZONE 2014
./bin/tests/system/rpz/ns7/named.conf CONF-C 2014
./bin/tests/system/rpz/prereq.sh SH 2014
./bin/tests/system/rpz/qperf.sh SH 2012,2013
./bin/tests/system/rpz/rpz.c C 2011,2012,2013
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment