Commit c631ff56 authored by Mark Andrews's avatar Mark Andrews
Browse files

Updated CHANGES note to include require-server-cookie:

4152.   [func]          Implement DNS COOKIE option.  This replaces the
                        experimental SIT option of BIND 9.10.  The following
                        named.conf directives are available: send-cookie,
                        cookie-secret, cookie-algorithm, nocookie-udp-size
                        and require-server-cookie.  The following dig options
                        are available: +[no]cookie[=value] and +[no]badcookie.
                        [RT #39928]
parent 7c0f238c
...@@ -73,9 +73,10 @@ ...@@ -73,9 +73,10 @@
4152. [func] Implement DNS COOKIE option. This replaces the 4152. [func] Implement DNS COOKIE option. This replaces the
experimental SIT option of BIND 9.10. The following experimental SIT option of BIND 9.10. The following
named.conf directives are available: send-cookie, named.conf directives are available: send-cookie,
cookie-secret, cookie-algorithm and nocookie-udp-size. cookie-secret, cookie-algorithm, nocookie-udp-size
The following dig options are available: and require-server-cookie. The following dig options
+[no]cookie[=value] and +[no]badcookie. [RT #39928] are available: +[no]cookie[=value] and +[no]badcookie.
[RT #39928]
4151. [bug] 'rndc flush' could cause a deadlock. [RT #39835] 4151. [bug] 'rndc flush' could cause a deadlock. [RT #39835]
......
...@@ -183,6 +183,7 @@ options {\n\ ...@@ -183,6 +183,7 @@ options {\n\
nsec3-test-zone no;\n\ nsec3-test-zone no;\n\
allow-new-zones no;\n\ allow-new-zones no;\n\
fetches-per-server 0;\n\ fetches-per-server 0;\n\
require-server-cookie no;\n\
" "
#ifdef HAVE_GEOIP #ifdef HAVE_GEOIP
"\ "\
......
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]> [<!ENTITY mdash "&#8212;">]>
<!-- <!--
- Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
...@@ -133,7 +133,7 @@ server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> ...@@ -133,7 +133,7 @@ server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable>
<title>TRUSTED-KEYS</title> <title>TRUSTED-KEYS</title>
<literallayout> <literallayout>
trusted-keys { trusted-keys {
<replaceable>domain_name</replaceable> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ... <replaceable>domain_name</replaceable> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ...
}; };
</literallayout> </literallayout>
</refsect1> </refsect1>
...@@ -142,7 +142,7 @@ trusted-keys { ...@@ -142,7 +142,7 @@ trusted-keys {
<title>MANAGED-KEYS</title> <title>MANAGED-KEYS</title>
<literallayout> <literallayout>
managed-keys { managed-keys {
<replaceable>domain_name</replaceable> <constant>initial-key</constant> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ... <replaceable>domain_name</replaceable> <constant>initial-key</constant> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ...
}; };
</literallayout> </literallayout>
</refsect1> </refsect1>
...@@ -300,9 +300,9 @@ options { ...@@ -300,9 +300,9 @@ options {
dns64-server <replaceable>string</replaceable>; dns64-server <replaceable>string</replaceable>;
dns64-contact <replaceable>string</replaceable>; dns64-contact <replaceable>string</replaceable>;
dns64 <replaceable>prefix</replaceable> { dns64 <replaceable>prefix</replaceable> {
clients { <replacable>acl</replacable>; }; clients { <replaceable>acl</replaceable>; };
exclude { <replacable>acl</replacable>; }; exclude { <replaceable>acl</replaceable>; };
mapped { <replacable>acl</replacable>; }; mapped { <replaceable>acl</replaceable>; };
break-dnssec <replaceable>boolean</replaceable>; break-dnssec <replaceable>boolean</replaceable>;
recursive-only <replaceable>boolean</replaceable>; recursive-only <replaceable>boolean</replaceable>;
suffix <replaceable>ipv6_address</replaceable>; suffix <replaceable>ipv6_address</replaceable>;
...@@ -378,6 +378,13 @@ options { ...@@ -378,6 +378,13 @@ options {
zero-no-soa-ttl <replaceable>boolean</replaceable>; zero-no-soa-ttl <replaceable>boolean</replaceable>;
zero-no-soa-ttl-cache <replaceable>boolean</replaceable>; zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
dnssec-secure-to-insecure <replaceable>boolean</replaceable>; dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
cookie-algorithm ( <replaceable>aes</replaceable> | <replaceable>sha1</replaceable> | <replaceable>sha256</replaceable> );
cookie-secret <replaceable>string</replaceable>;
require-server-cookie <replaceable>boolean</replaceable>;
send-cookie <replaceable>boolean</replaceable>;
nocookie-udp-size <replaceable>integer</replaceable>;
deny-answer-addresses { deny-answer-addresses {
<replaceable>address_match_list</replaceable> <replaceable>address_match_list</replaceable>
} <optional> except-from { <replaceable>namelist</replaceable> } </optional>; } <optional> except-from { <replaceable>namelist</replaceable> } </optional>;
...@@ -489,9 +496,9 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable> ...@@ -489,9 +496,9 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
dns64-server <replaceable>string</replaceable>; dns64-server <replaceable>string</replaceable>;
dns64-contact <replaceable>string</replaceable>; dns64-contact <replaceable>string</replaceable>;
dns64 <replaceable>prefix</replaceable> { dns64 <replaceable>prefix</replaceable> {
clients { <replacable>acl</replacable>; }; clients { <replaceable>acl</replaceable>; };
exclude { <replacable>acl</replacable>; }; exclude { <replaceable>acl</replaceable>; };
mapped { <replacable>acl</replacable>; }; mapped { <replaceable>acl</replaceable>; };
break-dnssec <replaceable>boolean</replaceable>; break-dnssec <replaceable>boolean</replaceable>;
recursive-only <replaceable>boolean</replaceable>; recursive-only <replaceable>boolean</replaceable>;
suffix <replaceable>ipv6_address</replaceable>; suffix <replaceable>ipv6_address</replaceable>;
...@@ -561,6 +568,10 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable> ...@@ -561,6 +568,10 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
zero-no-soa-ttl-cache <replaceable>boolean</replaceable>; zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
dnssec-secure-to-insecure <replaceable>boolean</replaceable>; dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
require-server-cookie <replaceable>boolean</replaceable>;
send-cookie <replaceable>boolean</replaceable>;
nocookie-udp-size <replaceable>integer</replaceable>;
allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete
fetch-glue <replaceable>boolean</replaceable>; // obsolete fetch-glue <replaceable>boolean</replaceable>; // obsolete
maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
...@@ -604,7 +615,7 @@ zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> ...@@ -604,7 +615,7 @@ zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
update-policy <replaceable>local</replaceable> | <replaceable> { update-policy <replaceable>local</replaceable> | <replaceable> {
( grant | deny ) <replaceable>string</replaceable> ( grant | deny ) <replaceable>string</replaceable>
( name | subdomain | wildcard | self | selfsub | selfwild | ( name | subdomain | wildcard | self | selfsub | selfwild |
krb5-self | ms-self | krb5-subdomain | ms-subdomain | krb5-self | ms-self | krb5-subdomain | ms-subdomain |
tcp-self | zonesub | 6to4-self ) <replaceable>string</replaceable> tcp-self | zonesub | 6to4-self ) <replaceable>string</replaceable>
<replaceable>rrtypelist</replaceable>; <replaceable>rrtypelist</replaceable>;
<optional>...</optional> <optional>...</optional>
...@@ -676,13 +687,13 @@ zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> ...@@ -676,13 +687,13 @@ zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
<refsect1> <refsect1>
<title>SEE ALSO</title> <title>SEE ALSO</title>
<para><citerefentry> <para><citerefentry>
<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum> <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>, </citerefentry>,
<citerefentry> <citerefentry>
<refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum> <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>, </citerefentry>,
<citerefentry> <citerefentry>
<refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum> <refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>, </citerefentry>,
<citetitle>BIND 9 Administrator Reference Manual</citetitle>. <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
</para> </para>
......
...@@ -6973,7 +6973,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) ...@@ -6973,7 +6973,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
goto cleanup; goto cleanup;
} }
} }
} else if (!TCP(client) && WANTCOOKIE(client) && !HAVECOOKIE(client)) { } else if (!TCP(client) && client->view->requireservercookie &&
WANTCOOKIE(client) && !HAVECOOKIE(client)) {
client->message->rcode = dns_rcode_badcookie; client->message->rcode = dns_rcode_badcookie;
goto cleanup; goto cleanup;
} }
......
...@@ -3531,6 +3531,11 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, ...@@ -3531,6 +3531,11 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
INSIST(result == ISC_R_SUCCESS); INSIST(result == ISC_R_SUCCESS);
view->sendcookie = cfg_obj_asboolean(obj); view->sendcookie = cfg_obj_asboolean(obj);
obj = NULL;
result = ns_config_get(maps, "require-server-cookie", &obj);
INSIST(result == ISC_R_SUCCESS);
view->requireservercookie = cfg_obj_asboolean(obj);
obj = NULL; obj = NULL;
result = ns_config_get(maps, "max-clients-per-query", &obj); result = ns_config_get(maps, "max-clients-per-query", &obj);
INSIST(result == ISC_R_SUCCESS); INSIST(result == ISC_R_SUCCESS);
......
/*
* Copyright (C) 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
key rndc_key {
secret "1234abcd8765";
algorithm hmac-sha256;
};
controls {
inet 10.53.0.3 port 9953 allow { any; } keys { rndc_key; };
};
options {
query-source address 10.53.0.3 dscp 1;
notify-source 10.53.0.3 dscp 2;
transfer-source 10.53.0.3 dscp 3;
port 5300;
pid-file "named.pid";
listen-on { 10.53.0.3; };
listen-on-v6 { none; };
recursion yes;
acache-enable yes;
deny-answer-addresses { 192.0.2.0/24; 2001:db8:beef::/48; }
except-from { "example.org"; };
deny-answer-aliases { "example.org"; }
except-from { "goodcname.example.net";
"gooddname.example.net"; };
allow-query {!10.53.0.8; any; };
send-cookie yes;
nocookie-udp-size 512;
require-server-cookie yes;
};
zone "." {
type hint;
file "root.hint";
};
zone "example" {
type master;
file "example.db";
};
; Copyright (C) 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
; $Id: root.hint,v 1.7 2007/06/19 23:47:05 tbox Exp $
$TTL 999999
. IN NS a.root-servers.nil.
a.root-servers.nil. IN A 10.53.0.2
...@@ -113,5 +113,26 @@ grep "10.53.0.2.*\[cookie=" ns1/named_dump.db > /dev/null|| ret=1 ...@@ -113,5 +113,26 @@ grep "10.53.0.2.*\[cookie=" ns1/named_dump.db > /dev/null|| ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret` status=`expr $status + $ret`
n=`expr $n + 1`
echo "I:checking require-server-cookie default (no) ($n)"
ret=0
$DIG +qr +cookie +nobadcookie soa @10.53.0.1 -p 5300 > dig.out.test$n
grep BADCOOKIE dig.out.test$n > /dev/null && ret=1
linecount=`getcookie dig.out.test$n | wc -l`
if [ $linecount != 2 ]; then ret=1; fi
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo "I:checking require-server-cookie yes ($n)"
ret=0
$DIG +qr +cookie +nobadcookie soa @10.53.0.3 -p 5300 > dig.out.test$n
grep BADCOOKIE dig.out.test$n > /dev/null || ret=1
linecount=`getcookie dig.out.test$n | wc -l`
if [ $linecount != 2 ]; then ret=1; fi
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:exit status: $status" echo "I:exit status: $status"
exit $status exit $status
...@@ -4807,6 +4807,7 @@ badresp:1,adberr:0,findfail:0,valfail:0] ...@@ -4807,6 +4807,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
<optional> notify <replaceable>yes_or_no</replaceable> | <replaceable>explicit</replaceable> | <replaceable>master-only</replaceable>; </optional> <optional> notify <replaceable>yes_or_no</replaceable> | <replaceable>explicit</replaceable> | <replaceable>master-only</replaceable>; </optional>
<optional> recursion <replaceable>yes_or_no</replaceable>; </optional> <optional> recursion <replaceable>yes_or_no</replaceable>; </optional>
<optional> send-cookie <replaceable>yes_or_no</replaceable>; </optional> <optional> send-cookie <replaceable>yes_or_no</replaceable>; </optional>
<optional> require-server-cookie <replaceable>yes_or_no</replaceable>; </optional>
<optional> cookie-algorithm <replaceable>secret_string</replaceable>; </optional> <optional> cookie-algorithm <replaceable>secret_string</replaceable>; </optional>
<optional> cookie-secret <replaceable>secret_string</replaceable>; </optional> <optional> cookie-secret <replaceable>secret_string</replaceable>; </optional>
<optional> request-nsid <replaceable>yes_or_no</replaceable>; </optional> <optional> request-nsid <replaceable>yes_or_no</replaceable>; </optional>
...@@ -6464,12 +6465,22 @@ options { ...@@ -6464,12 +6465,22 @@ options {
</varlistentry> </varlistentry>
   
<varlistentry> <varlistentry>
<term><command>request-sit</command></term> <term><command>request-sit</command></term>
<para> <para>
This experimental option is obsolete. This experimental option is obsolete.
</para> </para>
</varlistentry> </varlistentry>
   
<varlistentry>
<term><command>require-server-cookie</command></term>
<para>
Require a valid server cookie before sending a full
response to a UDP request from a cookie aware client.
BADCOOKIE is sent if there is a bad or no existent
server cookie.
</para>
</varlistentry>
<varlistentry> <varlistentry>
<term><command>send-cookie</command></term> <term><command>send-cookie</command></term>
<listitem> <listitem>
...@@ -6498,7 +6509,7 @@ options { ...@@ -6498,7 +6509,7 @@ options {
<listitem> <listitem>
<para> <para>
This experimental option is obsolete. This experimental option is obsolete.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
   
...@@ -8402,16 +8413,16 @@ avoid-v6-udp-ports { 40000; range 50000 60000; }; ...@@ -8402,16 +8413,16 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
will not be accepted, and for each incoming request will not be accepted, and for each incoming request
a previous pending request will also be dropped. a previous pending request will also be dropped.
</para> </para>
<para> <para>
A "soft quota" is also set. When this lower A "soft quota" is also set. When this lower
quota is exceeded, incoming requests are accepted, but quota is exceeded, incoming requests are accepted, but
for each one, a pending request will be dropped. for each one, a pending request will be dropped.
If <option>recursive-clients</option> is greater than If <option>recursive-clients</option> is greater than
1000, the soft quota is set to 1000, the soft quota is set to
<option>recursive-clients</option> minus 100; <option>recursive-clients</option> minus 100;
otherwise it is set to 90% of otherwise it is set to 90% of
<option>recursive-clients</option>. <option>recursive-clients</option>.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
   
...@@ -8520,13 +8531,13 @@ avoid-v6-udp-ports { 40000; range 50000 60000; }; ...@@ -8520,13 +8531,13 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
<listitem> <listitem>
<para> <para>
The maximum number of simultaneous iterative The maximum number of simultaneous iterative
queries that the server will allow to be sent to queries that the server will allow to be sent to
a single upstream name server before blocking a single upstream name server before blocking
additional queries. additional queries.
This value should reflect how many fetches would This value should reflect how many fetches would
normally be sent to any one server in the time it normally be sent to any one server in the time it
would take to resolve them. It should be smaller would take to resolve them. It should be smaller
than <option>recursive-clients</option>. than <option>recursive-clients</option>.
</para> </para>
<para> <para>
Optionally, this value may be followed by the keyword Optionally, this value may be followed by the keyword
...@@ -11191,7 +11202,7 @@ example.com CNAME rpz-tcp-only. ...@@ -11191,7 +11202,7 @@ example.com CNAME rpz-tcp-only.
>http://127.0.0.1:8888/json/v1/tasks</ulink> >http://127.0.0.1:8888/json/v1/tasks</ulink>
(task manager statistics), and (task manager statistics), and
<ulink url="http://127.0.0.1:8888/json/v1/traffic" <ulink url="http://127.0.0.1:8888/json/v1/traffic"
>http://127.0.0.1:8888/json/v1/traffic</ulink> >http://127.0.0.1:8888/json/v1/traffic</ulink>
(traffic sizes). (traffic sizes).
</para> </para>
</sect2> </sect2>
......
...@@ -50,7 +50,7 @@ ...@@ -50,7 +50,7 @@
when parsing certain malformed DNSSEC keys. when parsing certain malformed DNSSEC keys.
</para> </para>
<para> <para>
This flaw was discovered by Hanno B&ouml;ck of the Fuzzing This flaw was discovered by Hanno B&#x96;ck of the Fuzzing
Project, and is disclosed in CVE-2015-5722. [RT #40212] Project, and is disclosed in CVE-2015-5722. [RT #40212]
</para> </para>
</listitem> </listitem>
...@@ -564,21 +564,23 @@ ...@@ -564,21 +564,23 @@
<listitem> <listitem>
<para> <para>
The experimental SIT option (code point 65001) of BIND The experimental SIT option (code point 65001) of BIND
9.10.0 through BIND 9.10.2 has be replace the COOKIE 9.10.0 through BIND 9.10.2 has been replaced with the COOKIE
option (code point 10) and is no longer experimental and option (code point 10). It is no longer experimental, and
is sent by default. is sent by default, by both <command>named</command> and
<command>dig</command>.
</para> </para>
<para> <para>
The SIT related named.conf options have been marked as The SIT-related named.conf options have been marked as
obsolete and are otherwise ignored. obsolete, and are otherwise ignored.
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
When retrying a query via TCP due to the first answer When <command>dig</command> receives a truncated (TC=1)
being truncated, <command>dig</command> will now correctly response or a BADCOOKIE response code from a server, it
send the Server COOKIE returned by the server in the prior will automatically retry the query using the server COOKIE
response. [RT #39047] that was returned by the server in its initial response.
[RT #39047]
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
......
...@@ -127,6 +127,7 @@ struct dns_view { ...@@ -127,6 +127,7 @@ struct dns_view {
isc_boolean_t enablednssec; isc_boolean_t enablednssec;
isc_boolean_t enablevalidation; isc_boolean_t enablevalidation;
isc_boolean_t acceptexpired; isc_boolean_t acceptexpired;
isc_boolean_t requireservercookie;
dns_transfer_format_t transfer_format; dns_transfer_format_t transfer_format;
dns_acl_t * cacheacl; dns_acl_t * cacheacl;
dns_acl_t * cacheonacl; dns_acl_t * cacheonacl;
......
...@@ -234,6 +234,7 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass, ...@@ -234,6 +234,7 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass,
dns_fixedname_init(&view->redirectfixed); dns_fixedname_init(&view->redirectfixed);
view->requestnsid = ISC_FALSE; view->requestnsid = ISC_FALSE;
view->sendcookie = ISC_TRUE; view->sendcookie = ISC_TRUE;
view->requireservercookie = ISC_FALSE;
view->new_zone_file = NULL; view->new_zone_file = NULL;
view->new_zone_config = NULL; view->new_zone_config = NULL;
view->cfg_destroy = NULL; view->cfg_destroy = NULL;
......
...@@ -1602,6 +1602,7 @@ view_clauses[] = { ...@@ -1602,6 +1602,7 @@ view_clauses[] = {
{ "recursion", &cfg_type_boolean, 0 }, { "recursion", &cfg_type_boolean, 0 },
{ "request-sit", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, { "request-sit", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
{ "request-nsid", &cfg_type_boolean, 0 }, { "request-nsid", &cfg_type_boolean, 0 },
{ "require-server-cookie", &cfg_type_boolean, 0 },
{ "resolver-query-timeout", &cfg_type_uint32, 0 }, { "resolver-query-timeout", &cfg_type_uint32, 0 },
{ "rfc2308-type1", &cfg_type_boolean, CFG_CLAUSEFLAG_NYI }, { "rfc2308-type1", &cfg_type_boolean, CFG_CLAUSEFLAG_NYI },
{ "root-delegation-only", &cfg_type_optional_exclude, 0 }, { "root-delegation-only", &cfg_type_optional_exclude, 0 },
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment