2244. [func] Allow the check of nameserver names against the

                        SOA MNAME field to be disabled by specifying
                        'notify-to-soa yes;'.  [RT #17073]

CHANGES

+2244.	[func]		Allow the check of nameserver names against the
+			SOA MNAME field to be disabled by specifying
+			'notify-to-soa yes;'.  [RT #17073]
+
 2243.	[func]		Configuration files without a newline at the end now
 			parse without error. [RT #17120]
 

bin/named/config.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: config.c,v 1.80 2007/09/13 04:45:18 each Exp $ */
+/* $Id: config.c,v 1.81 2007/09/18 00:22:30 marka Exp $ */
 
 /*! \file */
 
@@ -152,6 +152,7 @@ options {\n\
 	notify yes;\n\
 #	also-notify <none>\n\
 	notify-delay 5;\n\
+	notify-to-soa no;\n\
 	dialup no;\n\
 #	forward <none>\n\
 #	forwarders <none>\n\

bin/named/named.conf.docbook

@@ -17,7 +17,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: named.conf.docbook,v 1.32 2007/08/17 06:10:44 marka Exp $ -->
+<!-- $Id: named.conf.docbook,v 1.33 2007/09/18 00:22:30 marka Exp $ -->
 <refentry>
   <refentryinfo>
     <date>Aug 13, 2004</date>
@@ -295,6 +295,7 @@ options {
 	notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
 	notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
 	notify-delay <replaceable>seconds</replaceable>;
+	notify-to-soa <replaceable>boolean</replaceable>;
 	also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
 		<optional> port <replaceable>integer</replaceable> </optional>; ... };
 	allow-notify { <replaceable>address_match_element</replaceable>; ... };
@@ -451,6 +452,7 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
 	notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
 	notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
 	notify-delay <replaceable>seconds</replaceable>;
+	notify-to-soa <replaceable>boolean</replaceable>;
 	also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
 		<optional> port <replaceable>integer</replaceable> </optional>; ... };
 	allow-notify { <replaceable>address_match_element</replaceable>; ... };
@@ -540,6 +542,7 @@ zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
 	notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
 	notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
 	notify-delay <replaceable>seconds</replaceable>;
+	notify-to-soa <replaceable>boolean</replaceable>;
 	also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
 		<optional> port <replaceable>integer</replaceable> </optional>; ... };
 	allow-notify { <replaceable>address_match_element</replaceable>; ... };

bin/named/zoneconf.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zoneconf.c,v 1.138 2007/09/12 01:09:07 each Exp $ */
+/* $Id: zoneconf.c,v 1.139 2007/09/18 00:22:30 marka Exp $ */
 
 /*% */
 
@@ -544,6 +544,12 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
 		RETERR(dns_zone_setnotifysrc6(zone, cfg_obj_assockaddr(obj)));
 		ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj));
 
+		obj = NULL;
+		result = ns_config_get(maps, "notify-to-soa", &obj);
+		INSIST(result == ISC_R_SUCCESS);
+		dns_zone_setoption(zone, DNS_ZONEOPT_NOTIFYTOSOA,
+				   cfg_obj_asboolean(obj));
+
 		dns_zone_setisself(zone, ns_client_isself, NULL);
 
 		RETERR(configure_zone_acl(zconfig, vconfig, config,

doc/arm/Bv9ARM-book.xml

@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- File: $Id: Bv9ARM-book.xml,v 1.336 2007/09/17 23:15:12 marka Exp $ -->
+<!-- File: $Id: Bv9ARM-book.xml,v 1.337 2007/09/18 00:22:30 marka Exp $ -->
 <book xmlns:xi="http://www.w3.org/2001/XInclude">
   <title>BIND 9 Administrator Reference Manual</title>
 
@@ -4515,6 +4515,7 @@ category notify { null; };
     <optional> notify-delay <replaceable>seconds</replaceable> ; </optional>
     <optional> notify-source (<replaceable>ip4_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
     <optional> notify-source-v6 (<replaceable>ip6_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
+    <optional> notify-to-soa <replaceable>yes_or_no</replaceable> ; </optional>
     <optional> also-notify { <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> ; <optional> <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> ; ... </optional> }; </optional>
     <optional> max-ixfr-log-size <replaceable>number</replaceable>; </optional>
     <optional> max-journal-size <replaceable>size_spec</replaceable>; </optional>
@@ -5299,6 +5300,22 @@ options {
               </listitem>
             </varlistentry>
 
+            <varlistentry>
+              <term><command>notify-to-soa</command></term>
+              <listitem>
+                <para>
+		  If <userinput>yes</userinput> do not check the nameservers
+		  in the NS RRset against the SOA MNAME.  Normally a NOTIFY
+		  message is not sent to the SOA MNAME (SOA ORIGIN) as it is
+		  supposed to contain the name of the ultimate master.
+		  Sometimes, however, a slave is listed as the SOA MNAME in
+		  hidden master configurations and in that case you would
+		  want the ultimate master to still send NOTIFY messages to
+		  all the nameservers listed in the NS RRset.
+                </para>
+              </listitem>
+            </varlistentry>
+
             <varlistentry>
               <term><command>recursion</command></term>
               <listitem>
@@ -8265,6 +8282,7 @@ view "external" {
     <optional> max-transfer-time-out <replaceable>number</replaceable> ; </optional>
     <optional> notify <replaceable>yes_or_no</replaceable> | <replaceable>explicit</replaceable> | <replaceable>master-only</replaceable> ; </optional>
     <optional> notify-delay <replaceable>seconds</replaceable> ; </optional>
+    <optional> notify-to-soa <replaceable>yes_or_no</replaceable>; </optional>
     <optional> pubkey <replaceable>number</replaceable> <replaceable>number</replaceable> <replaceable>number</replaceable> <replaceable>string</replaceable> ; </optional>
     <optional> notify-source (<replaceable>ip4_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
     <optional> notify-source-v6 (<replaceable>ip6_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
@@ -8306,6 +8324,8 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea
     <optional> max-transfer-time-in <replaceable>number</replaceable> ; </optional>
     <optional> max-transfer-time-out <replaceable>number</replaceable> ; </optional>
     <optional> notify <replaceable>yes_or_no</replaceable> | <replaceable>explicit</replaceable> | <replaceable>master-only</replaceable> ; </optional>
+    <optional> notify-delay <replaceable>seconds</replaceable> ; </optional>
+    <optional> notify-to-soa <replaceable>yes_or_no</replaceable>; </optional>
     <optional> pubkey <replaceable>number</replaceable> <replaceable>number</replaceable> <replaceable>number</replaceable> <replaceable>string</replaceable> ; </optional>
     <optional> transfer-source (<replaceable>ip4_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
     <optional> transfer-source-v6 (<replaceable>ip6_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
@@ -8967,6 +8987,17 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea
                 </listitem>
               </varlistentry>
 
+              <varlistentry>
+                <term><command>notify-to-soa</command></term>
+                <listitem>
+                  <para>
+                    See the description of
+                    <command>notify-to-soa</command> in
+		    <xref linkend="boolean_options"/>.
+                  </para>
+                </listitem>
+              </varlistentry>
+
               <varlistentry>
                 <term><command>pubkey</command></term>
                 <listitem>

lib/dns/include/dns/zone.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zone.h,v 1.152 2007/06/18 23:47:42 tbox Exp $ */
+/* $Id: zone.h,v 1.153 2007/09/18 00:22:31 marka Exp $ */
 
 #ifndef DNS_ZONE_H
 #define DNS_ZONE_H 1
@@ -68,6 +68,7 @@ typedef enum {
 #define DNS_ZONEOPT_IGNORESRVCNAME 0x00400000U	/*%< ignore SRV CNAME check */
 #define DNS_ZONEOPT_UPDATECHECKKSK 0x00800000U	/*%< check dnskey KSK flag */
 #define DNS_ZONEOPT_TRYTCPREFRESH 0x01000000U	/*%< try tcp refresh on udp failure */
+#define DNS_ZONEOPT_NOTIFYTOSOA	  0x02000000U	/*%< Notify the SOA MNAME */
 
 #ifndef NOMINUM_PUBLIC
 /*

lib/dns/zone.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zone.c,v 1.468 2007/09/12 01:09:08 each Exp $ */
+/* $Id: zone.c,v 1.469 2007/09/18 00:22:31 marka Exp $ */
 
 /*! \file */
 
@@ -4049,9 +4049,11 @@ zone_notify(dns_zone_t *zone, isc_time_t *now) {
 		RUNTIME_CHECK(result == ISC_R_SUCCESS);
 		dns_rdata_reset(&rdata);
 		/*
-		 * don't notify the master server.
+		 * Don't notify the master server unless explictly
+		 * configured to do so.
 		 */
-		if (dns_name_compare(&master, &ns.name) == 0) {
+		if (!DNS_ZONE_OPTION(zone, DNS_ZONEOPT_NOTIFYTOSOA) &&
+		    dns_name_compare(&master, &ns.name) == 0) {
 			result = dns_rdataset_next(&nsrdset);
 			continue;
 		}

lib/isccfg/namedconf.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: namedconf.c,v 1.76 2007/06/18 23:47:50 tbox Exp $ */
+/* $Id: namedconf.c,v 1.77 2007/09/18 00:22:31 marka Exp $ */
 
 /*! \file */
 
@@ -815,50 +815,51 @@ view_only_clauses[] = {
  */
 static cfg_clausedef_t
 zone_clauses[] = {
+	{ "allow-notify", &cfg_type_bracketed_aml, 0 },
 	{ "allow-query", &cfg_type_bracketed_aml, 0 },
 	{ "allow-query-on", &cfg_type_bracketed_aml, 0 },
 	{ "allow-transfer", &cfg_type_bracketed_aml, 0 },
 	{ "allow-update", &cfg_type_bracketed_aml, 0 },
 	{ "allow-update-forwarding", &cfg_type_bracketed_aml, 0 },
-	{ "allow-notify", &cfg_type_bracketed_aml, 0 },
-	{ "masterfile-format", &cfg_type_masterformat, 0 },
-	{ "notify", &cfg_type_notifytype, 0 },
-	{ "notify-source", &cfg_type_sockaddr4wild, 0 },
-	{ "notify-source-v6", &cfg_type_sockaddr6wild, 0 },
 	{ "also-notify", &cfg_type_portiplist, 0 },
-	{ "notify-delay", &cfg_type_uint32, 0 },
+	{ "alt-transfer-source", &cfg_type_sockaddr4wild, 0 },
+	{ "alt-transfer-source-v6", &cfg_type_sockaddr6wild, 0 },
+	{ "check-integrity", &cfg_type_boolean, 0 },
+	{ "check-mx", &cfg_type_checkmode, 0 },
+	{ "check-mx-cname", &cfg_type_checkmode, 0 },
+	{ "check-sibling", &cfg_type_boolean, 0 },
+	{ "check-srv-cname", &cfg_type_checkmode, 0 },
+	{ "check-wildcard", &cfg_type_boolean, 0 },
 	{ "dialup", &cfg_type_dialuptype, 0 },
 	{ "forward", &cfg_type_forwardtype, 0 },
 	{ "forwarders", &cfg_type_portiplist, 0 },
+	{ "key-directory", &cfg_type_qstring, 0 },
 	{ "maintain-ixfr-base", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
+	{ "masterfile-format", &cfg_type_masterformat, 0 },
 	{ "max-ixfr-log-size", &cfg_type_size, CFG_CLAUSEFLAG_OBSOLETE },
 	{ "max-journal-size", &cfg_type_sizenodefault, 0 },
-	{ "max-transfer-time-in", &cfg_type_uint32, 0 },
-	{ "max-transfer-time-out", &cfg_type_uint32, 0 },
+	{ "max-refresh-time", &cfg_type_uint32, 0 },
+	{ "max-retry-time", &cfg_type_uint32, 0 },
 	{ "max-transfer-idle-in", &cfg_type_uint32, 0 },
 	{ "max-transfer-idle-out", &cfg_type_uint32, 0 },
-	{ "max-retry-time", &cfg_type_uint32, 0 },
-	{ "min-retry-time", &cfg_type_uint32, 0 },
-	{ "max-refresh-time", &cfg_type_uint32, 0 },
+	{ "max-transfer-time-in", &cfg_type_uint32, 0 },
+	{ "max-transfer-time-out", &cfg_type_uint32, 0 },
 	{ "min-refresh-time", &cfg_type_uint32, 0 },
+	{ "min-retry-time", &cfg_type_uint32, 0 },
 	{ "multi-master", &cfg_type_boolean, 0 },
+	{ "notify", &cfg_type_notifytype, 0 },
+	{ "notify-delay", &cfg_type_uint32, 0 },
+	{ "notify-source", &cfg_type_sockaddr4wild, 0 },
+	{ "notify-source-v6", &cfg_type_sockaddr6wild, 0 },
+	{ "notify-to-soa", &cfg_type_boolean, 0 },
 	{ "sig-validity-interval", &cfg_type_uint32, 0 },
 	{ "transfer-source", &cfg_type_sockaddr4wild, 0 },
 	{ "transfer-source-v6", &cfg_type_sockaddr6wild, 0 },
-	{ "alt-transfer-source", &cfg_type_sockaddr4wild, 0 },
-	{ "alt-transfer-source-v6", &cfg_type_sockaddr6wild, 0 },
+	{ "try-tcp-refresh", &cfg_type_boolean, 0 },
+	{ "update-check-ksk", &cfg_type_boolean, 0 },
 	{ "use-alt-transfer-source", &cfg_type_boolean, 0 },
-	{ "zone-statistics", &cfg_type_boolean, 0 },
-	{ "key-directory", &cfg_type_qstring, 0 },
-	{ "check-wildcard", &cfg_type_boolean, 0 },
-	{ "check-integrity", &cfg_type_boolean, 0 },
-	{ "check-mx", &cfg_type_checkmode, 0 },
-	{ "check-mx-cname", &cfg_type_checkmode, 0 },
-	{ "check-srv-cname", &cfg_type_checkmode, 0 },
-	{ "check-sibling", &cfg_type_boolean, 0 },
 	{ "zero-no-soa-ttl", &cfg_type_boolean, 0 },
-	{ "update-check-ksk", &cfg_type_boolean, 0 },
-	{ "try-tcp-refresh", &cfg_type_boolean, 0 },
+	{ "zone-statistics", &cfg_type_boolean, 0 },
 	{ NULL, NULL, 0 }
 };