Commit cfd26204 authored by Evan Hunt's avatar Evan Hunt

2936. [func] Improved configuration syntax and multiple-view

			support for addzone/delzone feature (see change
			#2930).  Removed "new-zone-file" option, replaced
			with "allow-new-zones (yes|no)".  The new-zone-file
			for each view is now created automatically, with
			a filename generated from a hash of the view name.
			It is no longer necessary to "include" the
			new-zone-file in named.conf; this happens
			automatically.  Zones that were not added via
			"rndc addzone" can no longer be removed with
			"rndc delzone". [RT #19447]
parent 7d7cdece
2936. [func] Improved configuration syntax and multiple-view
support for addzone/delzone feature (see change
#2930). Removed "new-zone-file" option, replaced
with "allow-new-zones (yes|no)". The new-zone-file
for each view is now created automatically, with
a filename generated from a hash of the view name.
It is no longer necessary to "include" the
new-zone-file in named.conf; this happens
automatically. Zones that were not added via
"rndc addzone" can no longer be removed with
"rndc delzone". [RT #19447]
2935. [bug] nsupdate: improve 'file not found' error message.
[RT #21871]
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: config.c,v 1.111 2010/06/25 03:24:05 marka Exp $ */
/* $Id: config.c,v 1.112 2010/08/11 18:14:18 each Exp $ */
/*! \file */
......@@ -159,6 +159,7 @@ options {\n\
max-clients-per-query 100;\n\
zero-no-soa-ttl-cache no;\n\
nsec3-test-zone no;\n\
allow-new-zones no;\n\
"
#ifdef ALLOW_FILTER_AAAA_ON_V4
" filter-aaaa-on-v4 no;\n\
......@@ -218,6 +219,7 @@ options {\n\
view \"_bind\" chaos {\n\
recursion no;\n\
notify no;\n\
allow-new-zones no;\n\
\n\
zone \"version.bind\" chaos {\n\
type master;\n\
......
This diff is collapsed.
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: zoneconf.c,v 1.163 2010/07/11 23:46:54 tbox Exp $ */
/* $Id: zoneconf.c,v 1.164 2010/08/11 18:14:18 each Exp $ */
/*% */
......@@ -135,8 +135,11 @@ configure_zone_acl(const cfg_obj_t *zconfig, const cfg_obj_t *vconfig,
}
/* Check for default ACLs that haven't been parsed yet */
if (vconfig != NULL)
maps[i++] = cfg_tuple_get(vconfig, "options");
if (vconfig != NULL) {
const cfg_obj_t *options = cfg_tuple_get(vconfig, "options");
if (options != NULL)
maps[i++] = options;
}
if (config != NULL) {
const cfg_obj_t *options = NULL;
(void)cfg_map_get(config, "options", &options);
......
......@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.32 2009/12/05 23:31:40 each Exp $
# $Id: Makefile.in,v 1.33 2010/08/11 18:14:18 each Exp $
srcdir = @srcdir@
VPATH = @srcdir@
......@@ -28,13 +28,15 @@ CWARNINGS =
DNSLIBS = ../../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
ISCLIBS = ../../../lib/isc/libisc.@A@
ISCCFGLIBS = ../../../lib/isccfg/libisccfg.@A@
DNSDEPLIBS = ../../../lib/dns/libdns.@A@
ISCDEPLIBS = ../../../lib/isc/libisc.@A@
ISCCFGDEPLIBS = ../../../lib/isccfg/libisccfg.@A@
DEPLIBS = ${DNSDEPLIBS} ${ISCDEPLIBS}
DEPLIBS = ${DNSDEPLIBS} ${ISCCFGDEPLIBS} ${ISCDEPLIBS}
LIBS = ${DNSLIBS} ${ISCLIBS} @LIBS@
LIBS = ${DNSLIBS} ${ISCCFGLIBS} ${ISCLIBS} @LIBS@
TLIB = ../../../lib/tests/libt_api.@A@
......
#!/bin/sh
#
# Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: clean.sh,v 1.2 2010/08/11 18:14:18 each Exp $
rm -f dig.out.*
rm -f ns2/named.conf
rm -f */named.memstats
rm -f ns2/*.nzf
rm -f ns2/core*
; Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
; $Id: added.db,v 1.2 2010/08/11 18:14:18 each Exp $
$ORIGIN added.example.
$TTL 300 ; 5 minutes
@ IN SOA mname1. . (
1 ; serial
20 ; refresh (20 seconds)
20 ; retry (20 seconds)
1814400 ; expire (3 weeks)
3600 ; minimum (1 hour)
)
NS ns2
ns2 A 10.53.0.2
MX 10 mail
a A 10.0.0.1
mail A 10.0.0.2
zone previous.example { type master; file "previous.db"; };
/*
* Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named1.conf,v 1.2 2010/08/11 18:14:19 each Exp $ */
controls { /* empty */ };
options {
port 5300;
pid-file "named.pid";
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
allow-query { any; };
recursion no;
allow-new-zones yes;
};
include "../../common/controls.conf";
zone "." {
type hint;
file "../../common/root.hint";
};
zone "normal.example" {
type master;
file "normal.db";
};
/*
* Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named2.conf,v 1.2 2010/08/11 18:14:19 each Exp $ */
controls { /* empty */ };
include "../../common/controls.conf";
options {
port 5300;
pid-file "named.pid";
listen-on { 10.53.0.2; 10.53.0.4; };
listen-on-v6 { none; };
recursion no;
};
view internal {
match-clients { 10.53.0.2; };
allow-new-zones no;
zone "." {
type hint;
file "../../common/root.hint";
};
};
view external {
match-clients { any; };
allow-new-zones yes;
zone "." {
type hint;
file "../../common/root.hint";
};
};
; Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
; $Id: normal.db,v 1.2 2010/08/11 18:14:19 each Exp $
$ORIGIN normal.example.
$TTL 300 ; 5 minutes
@ IN SOA mname1. . (
1 ; serial
20 ; refresh (20 seconds)
20 ; retry (20 seconds)
1814400 ; expire (3 weeks)
3600 ; minimum (1 hour)
)
NS ns2
ns2 A 10.53.0.2
MX 10 mail
a A 10.0.0.1
mail A 10.0.0.2
; Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
; $Id: previous.db,v 1.2 2010/08/11 18:14:19 each Exp $
$ORIGIN previous.example.
$TTL 300 ; 5 minutes
@ IN SOA mname1. . (
1 ; serial
20 ; refresh (20 seconds)
20 ; retry (20 seconds)
1814400 ; expire (3 weeks)
3600 ; minimum (1 hour)
)
NS ns2
ns2 A 10.53.0.2
MX 10 mail
a A 10.0.0.1
mail A 10.0.0.2
#!/bin/sh
#
# Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: setup.sh,v 1.2 2010/08/11 18:14:18 each Exp $
cp -f ns2/named1.conf ns2/named.conf
cp -f ns2/default.nzf.orig ns2/3bf305731dd26307.nzf
#!/bin/sh
#
# Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: tests.sh,v 1.2 2010/08/11 18:14:18 each Exp $
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
DIGOPTS="+tcp +nosea +nostat +nocmd +norec +noques +noauth +noadd +nostats +dnssec -p 5300"
status=0
n=0
echo "I:checking normally loaded zone ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:checking previously added zone ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.2 a.previous.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.previous.example' dig.out.ns2.$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:adding new zone ($n)"
ret=0
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'added.example { type master; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /'
$DIG $DIGOPTS @10.53.0.2 a.added.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.added.example' dig.out.ns2.$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:deleting previously added zone ($n)"
ret=0
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 delzone previous.example 2>&1 | sed 's/^/I:ns2 /'
$DIG $DIGOPTS @10.53.0.2 a.previous.example a > dig.out.ns2.$n
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.previous.example' dig.out.ns2.$n > /dev/null && ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:deleting newly added zone ($n)"
ret=0
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 delzone added.example 2>&1 | sed 's/^/I:ns2 /'
$DIG $DIGOPTS @10.53.0.2 a.added.example a > dig.out.ns2.$n
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.added.example' dig.out.ns2.$n > /dev/null && ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:attempt to delete a normally-loaded zone (should fail) ($n)"
ret=0
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 delzone normal.example 2>&1 | sed 's/^/I:ns2 /'
$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:reconfiguring server with multiple views"
rm -f ns2/named.conf
cp -f ns2/named2.conf ns2/named.conf
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reconfig 2>&1 | sed 's/^/I:ns2 /'
sleep 5
echo "I:adding new zone to external view ($n)"
ret=0
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'added.example in external { type master; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /'
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.int.$n || ret=1
$DIG $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.int.$n > /dev/null || ret=1
grep 'status: NOERROR' dig.out.ns2.ext.$n > /dev/null || ret=1
grep '^a.added.example' dig.out.ns2.ext.$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:deleting newly added zone ($n)"
ret=0
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 delzone 'added.example in external' 2>&1 | sed 's/^/I:ns2 /'
$DIG $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.added.example' dig.out.ns2.$n > /dev/null && ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:attempting to add zone to internal view (should fail) ($n)"
ret=0
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'added.example in internal { type master; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /'
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:exit status: $status"
exit $status
......@@ -15,7 +15,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: conf.sh.in,v 1.49 2010/06/11 01:57:36 marka Exp $
# $Id: conf.sh.in,v 1.50 2010/08/11 18:14:18 each Exp $
#
# Common configuration data for system tests, to be sourced into
......@@ -51,9 +51,9 @@ PK11DEL="$TOP/bin/pkcs11/pkcs11-destroy -s 0 -p 1234"
# The "stress" test is not run by default since it creates enough
# load on the machine to make it unusable to other users.
# v6synth
SUBDIRS="acl autosign cacheclean checkconf checknames dlv dnssec forward glue
ixfr limits lwresd masterfile masterformat metadata notify nsupdate
pending pkcs11 resolver rrsetorder sortlist smartsign stub tkey
SUBDIRS="acl addzone autosign cacheclean checkconf checknames dlv dnssec
forward glue ixfr limits lwresd masterfile masterformat metadata notify
nsupdate pending pkcs11 resolver rrsetorder sortlist smartsign stub tkey
unknown upforwd views xfer xferquota zonechecks"
# PERL will be an empty string if no perl interpreter was found.
......
......@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- File: $Id: Bv9ARM-book.xml,v 1.460 2010/07/09 05:13:15 each Exp $ -->
<!-- File: $Id: Bv9ARM-book.xml,v 1.461 2010/08/11 18:14:19 each Exp $ -->
<book xmlns:xi="http://www.w3.org/2001/XInclude">
<title>BIND 9 Administrator Reference Manual</title>
......@@ -1431,6 +1431,65 @@ zone "eng.example.com" {
</listitem>
</varlistentry>
<varlistentry>
<term><userinput>addzone
<replaceable>zone</replaceable>
<optional><replaceable>class</replaceable>
<optional><replaceable>view</replaceable></optional></optional>
<replaceable>configuration</replaceable>
</userinput></term>
<listitem>
<para>
Add a zone while the server is running. This
command requires the
<command>allow-new-zones</command> option to be set
to <userinput>yes</userinput>. The
<replaceable>configuration</replaceable> string
specified on the command line is the zone
configuration text that would ordinarily be
placed in <filename>named.conf</filename>.
</para>
<para>
The configuration is saved in a file called
<filename><replaceable>hash</replaceable>.nzf</filename>,
where <replaceable>hash</replaceable> is a
cryptographic hash generated from the name of
the view. When <command>named</command> is
restarted, the file will be loaded into the view
configuration, so that zones that were added
can persist after a restart.
</para>
<para>
This sample <command>addzone</command> command
would add the zone <literal>example.com</literal>
to the default view:
</para>
<para>
<prompt>$ </prompt><userinput>rndc addzone example.com '{ type master; file "example.com.db"; };'</userinput>
</para>
<para>
(Note the brackets and semi-colon around the zone
configuration text.)
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><userinput>delzone
<replaceable>zone</replaceable>
<optional><replaceable>class</replaceable>
<optional><replaceable>view</replaceable></optional></optional>
</userinput></term>
<listitem>
<para>
Delete a zone while the server is running.
Only zones that were originally added via
<command>rndc addzone</command> can be deleted
in this matter.
</para>
</listitem>
</varlistentry>
</variablelist>
<para>
......@@ -4935,6 +4994,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
<optional> check-mx-cname ( <replaceable>warn</replaceable> | <replaceable>fail</replaceable> | <replaceable>ignore</replaceable> ); </optional>
<optional> check-srv-cname ( <replaceable>warn</replaceable> | <replaceable>fail</replaceable> | <replaceable>ignore</replaceable> ); </optional>
<optional> check-sibling <replaceable>yes_or_no</replaceable>; </optional>
<optional> allow-new-zones { <replaceable>yes_or_no</replaceable> }; </optional>
<optional> allow-notify { <replaceable>address_match_list</replaceable> }; </optional>
<optional> allow-query { <replaceable>address_match_list</replaceable> }; </optional>
<optional> allow-query-on { <replaceable>address_match_list</replaceable> }; </optional>
......@@ -5628,6 +5688,18 @@ options {
<variablelist>
<varlistentry>
<term><command>allow-new-zones</command></term>
<listitem>
<para>
If <userinput>yes</userinput>, then zones can be
added at runtime via <command>rndc addzone</command>
or deleted via <command>rndc delzone</command>.
The default is <userinput>no</userinput>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>auth-nxdomain</command></term>
<listitem>
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: check.c,v 1.119 2010/06/26 05:30:30 marka Exp $ */
/* $Id: check.c,v 1.120 2010/08/11 18:14:19 each Exp $ */
/*! \file */
......@@ -2101,7 +2101,7 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
if (tresult != ISC_R_SUCCESS)
result = tresult;
cfg_aclconfctx_destroy(&actx);
cfg_aclconfctx_clear(&actx);
return (result);
}
......@@ -2346,7 +2346,7 @@ bind9_check_controls(const cfg_obj_t *config, isc_log_t *logctx,
result = tresult;
}
}
cfg_aclconfctx_destroy(&actx);
cfg_aclconfctx_clear(&actx);
return (result);
}
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: view.h,v 1.125 2010/07/11 00:12:57 each Exp $ */
/* $Id: view.h,v 1.126 2010/08/11 18:14:19 each Exp $ */
#ifndef DNS_VIEW_H
#define DNS_VIEW_H 1
......@@ -176,6 +176,14 @@ struct dns_view {
dns_viewlist_t * viewlist;
dns_zone_t * managed_keys;
#ifdef BIND9
/* File in which to store configuration for newly added zones */
char * new_zone_file;
void * new_zone_config;
void (*cfg_destroy)(void **);
#endif
};
#define DNS_VIEW_MAGIC ISC_MAGIC('V','i','e','w')
......@@ -994,4 +1002,25 @@ dns_view_untrust(dns_view_t *view, dns_name_t *keyname,
* \li 'dnskey' is valid.
*/
void
dns_view_setnewzones(dns_view_t *view, isc_boolean_t allow, void *cfgctx,
void (*cfg_destroy)(void **));
/*%<
* Set whether or not to allow zones to be created or deleted at runtime.
*
* If 'allow' is ISC_TRUE, determines the filename into which new zone
* configuration will be written. Preserves the configuration context
* (a pointer to which is passed in 'cfgctx') for use when parsing new
* zone configuration. 'cfg_destroy' points to a callback routine to
* destroy the configuration context when the view is destroyed. (This
* roundabout method is used in order to avoid libdns having a dependency
* on libisccfg and libbind9.)
*
* If 'allow' is ISC_FALSE, removes any existing references to
* configuration context and frees any memory.
*
* Requires: