1964. [func] Seperate out MX and SRV to CNAME checks. [RT #15723]

CHANGES

+1964.	[func]		Seperate out MX and SRV to CNAME checks. [RT #15723]
+
 1963.	[port]		Tru64 4.0E doesn't support send() and recv(). 
 			[RT #15586]
 

bin/check/check-tool.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: check-tool.c,v 1.21 2005/09/30 08:25:38 marka Exp $ */
+/* $Id: check-tool.c,v 1.22 2006/01/05 23:45:33 marka Exp $ */
 
 /*! \file */
 
@@ -71,7 +71,9 @@ unsigned int zone_options = DNS_ZONEOPT_CHECKNS |
 			    DNS_ZONEOPT_MANYERRORS |
 			    DNS_ZONEOPT_CHECKNAMES |
 			    DNS_ZONEOPT_CHECKINTEGRITY |
-			    DNS_ZONEOPT_CHECKWILDCARD;
+			    DNS_ZONEOPT_CHECKWILDCARD |
+			    DNS_ZONEOPT_WARNMXCNAME |
+			    DNS_ZONEOPT_WARNSRVCNAME;
 
 /*
  * This needs to match the list in bin/named/log.c.
@@ -128,10 +130,11 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 	case 0:
 		if (strcasecmp(ai->ai_canonname, namebuf) != 0) {
 			dns_zone_log(zone, ISC_LOG_ERROR,
-			             "%s/NS '%s' (out of zone) "
+				     "%s/NS '%s' (out of zone) "
 				     "is a CNAME (illegal)",
 				     ownerbuf, namebuf);
-			answer = ISC_FALSE;
+			/* XXX950 make fatal for 9.5.0 */
+			/* answer = ISC_FALSE; */
 		}
 		break;
 	case EAI_NONAME:
@@ -141,7 +144,8 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 		dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' (out of zone) "
 			     "has no addresses records (A or AAAA)",
 			     ownerbuf, namebuf);
-		return (ISC_FALSE);
+		/* XXX950 make fatal for 9.5.0 */
+		return (ISC_TRUE);
 
 	default:
 		dns_zone_log(zone, ISC_LOG_WARNING,
@@ -175,7 +179,8 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 				     ownerbuf, namebuf,
 				     inet_ntop(AF_INET, rdata.data,
 					       addrbuf, sizeof(addrbuf)));
-			answer = ISC_FALSE;
+			/* XXX950 make fatal for 9.5.0 */
+			/* answer = ISC_FALSE; */
 		}
 		dns_rdata_reset(&rdata);
 		result = dns_rdataset_next(a);
@@ -203,7 +208,8 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 				     ownerbuf, namebuf,
 				     inet_ntop(AF_INET6, rdata.data,
 					       addrbuf, sizeof(addrbuf)));
-			answer = ISC_FALSE;
+			/* XXX950 make fatal for 9.5.0. */
+			/* answer = ISC_FALSE; */
 		}
 		dns_rdata_reset(&rdata);
 		result = dns_rdataset_next(aaaa);
@@ -246,7 +252,8 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 				     ownerbuf, namebuf, type,
 				     inet_ntop(cur->ai_family, ptr,
 					       addrbuf, sizeof(addrbuf)));
-			answer = ISC_FALSE;
+			/* XXX950 make fatal for 9.5.0. */
+			/* answer = ISC_FALSE; */
 		}
 	}
 	freeaddrinfo(ai);
@@ -263,6 +270,8 @@ checkmx(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 	char namebuf[DNS_NAME_FORMATSIZE + 1];
 	char ownerbuf[DNS_NAME_FORMATSIZE];
 	int result;
+	int level = ISC_LOG_ERROR;
+	isc_boolean_t answer = ISC_TRUE;
 
 	memset(&hints, 0, sizeof(hints));
 	hints.ai_flags = AI_CANONNAME;
@@ -282,13 +291,21 @@ checkmx(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 	dns_name_format(name, namebuf, sizeof(namebuf) - 1);
 	switch (result) {
 	case 0:
-		if (strcasecmp(ai->ai_canonname, namebuf) != 0)
-			dns_zone_log(zone, ISC_LOG_WARNING,
-			             "%s/MX '%s' (out of zone) "
-				     "is a CNAME (illegal)",
-				     ownerbuf, namebuf);
+		if (strcasecmp(ai->ai_canonname, namebuf) != 0) {
+			if ((zone_options & DNS_ZONEOPT_WARNMXCNAME) != 0)
+				level = ISC_LOG_WARNING;
+			if ((zone_options & DNS_ZONEOPT_IGNOREMXCNAME) == 0) {
+				dns_zone_log(zone, ISC_LOG_WARNING,
+					     "%s/MX '%s' (out of zone) "
+					     "is a CNAME (illegal)",
+					     ownerbuf, namebuf);
+				if (level == ISC_LOG_ERROR)
+					answer = ISC_FALSE;
+			}
+		}
 		freeaddrinfo(ai);
-		break;
+		return (answer);
+
 	case EAI_NONAME:
 #if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME)
 	case EAI_NODATA:
@@ -296,7 +313,8 @@ checkmx(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 		dns_zone_log(zone, ISC_LOG_ERROR, "%s/MX '%s' (out of zone) "
 			     "has no addresses records (A or AAAA)",
 			     ownerbuf, namebuf);
-		return (ISC_FALSE);
+		/* XXX950 make fatal for 9.5.0. */
+		return (ISC_TRUE);
 
 	default:
 		dns_zone_log(zone, ISC_LOG_WARNING,
@@ -315,6 +333,8 @@ checksrv(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 	char namebuf[DNS_NAME_FORMATSIZE + 1];
 	char ownerbuf[DNS_NAME_FORMATSIZE];
 	int result;
+	int level = ISC_LOG_ERROR;
+	isc_boolean_t answer = ISC_TRUE;
 
 	memset(&hints, 0, sizeof(hints));
 	hints.ai_flags = AI_CANONNAME;
@@ -334,13 +354,21 @@ checksrv(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 	dns_name_format(name, namebuf, sizeof(namebuf) - 1);
 	switch (result) {
 	case 0:
-		if (strcasecmp(ai->ai_canonname, namebuf) != 0)
-			dns_zone_log(zone, ISC_LOG_WARNING,
-			             "%s/SRV '%s' (out of zone) "
-				     "is a CNAME (illegal)",
-				     ownerbuf, namebuf);
+		if (strcasecmp(ai->ai_canonname, namebuf) != 0) {
+			if ((zone_options & DNS_ZONEOPT_WARNSRVCNAME) != 0)
+				level = ISC_LOG_WARNING;
+			if ((zone_options & DNS_ZONEOPT_IGNORESRVCNAME) == 0) {
+				dns_zone_log(zone, level,
+					     "%s/SRV '%s' (out of zone) "
+					     "is a CNAME (illegal)",
+					     ownerbuf, namebuf);
+				if (level == ISC_LOG_ERROR)
+					answer = ISC_FALSE;
+			}
+		}
 		freeaddrinfo(ai);
-		break;
+		return (answer);
+
 	case EAI_NONAME:
 #if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME)
 	case EAI_NODATA:
@@ -348,7 +376,8 @@ checksrv(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 		dns_zone_log(zone, ISC_LOG_ERROR, "%s/SRV '%s' (out of zone) "
 			     "has no addresses records (A or AAAA)",
 			     ownerbuf, namebuf);
-		return (ISC_FALSE);
+		/* XXX950 make fatal for 9.5.0. */
+		return (ISC_TRUE);
 
 	default:
 		dns_zone_log(zone, ISC_LOG_WARNING,

bin/check/named-checkconf.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named-checkconf.c,v 1.39 2005/09/18 07:16:17 marka Exp $ */
+/* $Id: named-checkconf.c,v 1.40 2006/01/05 23:45:33 marka Exp $ */
 
 /*! \file */
 
@@ -225,6 +225,42 @@ configure_zone(const char *vclass, const char *view, cfg_obj_t *zconfig,
 			zone_options &= ~DNS_ZONEOPT_CHECKINTEGRITY;
 	}
 
+	obj = NULL;
+	if (get_maps(maps, "check-mx-cname", &obj)) {
+		if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
+			zone_options |= DNS_ZONEOPT_WARNMXCNAME;
+			zone_options &= ~DNS_ZONEOPT_IGNOREMXCNAME;
+		} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
+			zone_options &= ~DNS_ZONEOPT_WARNMXCNAME;
+			zone_options &= ~DNS_ZONEOPT_IGNOREMXCNAME;
+		} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
+			zone_options |= DNS_ZONEOPT_WARNMXCNAME;
+			zone_options |= DNS_ZONEOPT_IGNOREMXCNAME;
+		} else
+			INSIST(0);
+	} else {
+		zone_options |= DNS_ZONEOPT_WARNMXCNAME;
+		zone_options &= ~DNS_ZONEOPT_IGNOREMXCNAME;
+	}
+
+	obj = NULL;
+	if (get_maps(maps, "check-srv-cname", &obj)) {
+		if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
+			zone_options |= DNS_ZONEOPT_WARNSRVCNAME;
+			zone_options &= ~DNS_ZONEOPT_IGNORESRVCNAME;
+		} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
+			zone_options &= ~DNS_ZONEOPT_WARNSRVCNAME;
+			zone_options &= ~DNS_ZONEOPT_IGNORESRVCNAME;
+		} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
+			zone_options |= DNS_ZONEOPT_WARNSRVCNAME;
+			zone_options |= DNS_ZONEOPT_IGNORESRVCNAME;
+		} else
+			INSIST(0);
+	} else {
+		zone_options |= DNS_ZONEOPT_WARNSRVCNAME;
+		zone_options &= ~DNS_ZONEOPT_IGNORESRVCNAME;
+	}
+
 	obj = NULL;
 	if (get_maps(maps, "check-sibling", &obj)) {
 		if (cfg_obj_asboolean(obj))

bin/check/named-checkzone.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named-checkzone.c,v 1.41 2005/09/18 07:16:17 marka Exp $ */
+/* $Id: named-checkzone.c,v 1.42 2006/01/05 23:45:33 marka Exp $ */
 
 /*! \file */
 
@@ -77,7 +77,8 @@ usage(void) {
 		"[-f inputformat] [-F outputformat] "
 		"[-t directory] [-w directory] [-k (ignore|warn|fail)] "
 		"[-n (ignore|warn|fail)] [-m (ignore|warn|fail)] "
-		"[-i (full|local|none)] [-W (ignore|warn)] "
+		"[-i (full|local|none)] [-M (ignore|warn|fail)] "
+		"[-S (ignore|warn|fail)] [-W (ignore|warn)] "
 		"zonename filename\n", prog_name);
 	exit(1);
 }
@@ -134,8 +135,10 @@ main(int argc, char **argv) {
 				 DNS_ZONEOPT_CHECKWILDCARD);
 	}
 
+#define ARGCMP(X) (strcmp(isc_commandline_argument, X) == 0)
+
 	while ((c = isc_commandline_parse(argc, argv,
-					  "c:df:i:jk:m:n:qst:o:vw:DF:W:"))
+					  "c:df:i:jk:m:n:qst:o:vw:DF:M:S:W:"))
 	       != EOF) {
 		switch (c) {
 		case 'c':
@@ -147,35 +150,31 @@ main(int argc, char **argv) {
 			break;
 
 		case 'i':
-			if (!strcmp(isc_commandline_argument, "full")) {
+			if (ARGCMP("full")) {
 				zone_options |= DNS_ZONEOPT_CHECKINTEGRITY |
 						DNS_ZONEOPT_CHECKSIBLING;
 				docheckmx = ISC_TRUE;
 				docheckns = ISC_TRUE;
 				dochecksrv = ISC_TRUE;
-			} else if (!strcmp(isc_commandline_argument,
-					   "full-sibling")) {
+			} else if (ARGCMP("full-sibling")) {
 				zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
 				zone_options &= ~DNS_ZONEOPT_CHECKSIBLING;
 				docheckmx = ISC_TRUE;
 				docheckns = ISC_TRUE;
 				dochecksrv = ISC_TRUE;
-			} else if (!strcmp(isc_commandline_argument,
-					   "local")) {
+			} else if (ARGCMP("local")) {
 				zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
 				zone_options |= DNS_ZONEOPT_CHECKSIBLING;
 				docheckmx = ISC_FALSE;
 				docheckns = ISC_FALSE;
 				dochecksrv = ISC_FALSE;
-			} else if (!strcmp(isc_commandline_argument,
-					   "local-sibling")) {
+			} else if (ARGCMP("local-sibling")) {
 				zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
 				zone_options &= ~DNS_ZONEOPT_CHECKSIBLING;
 				docheckmx = ISC_FALSE;
 				docheckns = ISC_FALSE;
 				dochecksrv = ISC_FALSE;
-			} else if (!strcmp(isc_commandline_argument,
-					   "none")) {
+			} else if (ARGCMP("none")) {
 				zone_options &= ~DNS_ZONEOPT_CHECKINTEGRITY;
 				zone_options &= ~DNS_ZONEOPT_CHECKSIBLING;
 				docheckmx = ISC_FALSE;
@@ -201,15 +200,13 @@ main(int argc, char **argv) {
 			break;
 
 		case 'k':
-			if (!strcmp(isc_commandline_argument, "warn")) {
+			if (ARGCMP("warn")) {
 				zone_options |= DNS_ZONEOPT_CHECKNAMES;
 				zone_options &= ~DNS_ZONEOPT_CHECKNAMESFAIL;
-			} else if (!strcmp(isc_commandline_argument,
-					   "fail")) {
+			} else if (ARGCMP("fail")) {
 				zone_options |= DNS_ZONEOPT_CHECKNAMES |
 						DNS_ZONEOPT_CHECKNAMESFAIL;
-			} else if (!strcmp(isc_commandline_argument,
-					   "ignore")) {
+			} else if (ARGCMP("ignore")) {
 				zone_options &= ~(DNS_ZONEOPT_CHECKNAMES |
 						  DNS_ZONEOPT_CHECKNAMESFAIL);
 			} else {
@@ -220,13 +217,13 @@ main(int argc, char **argv) {
 			break;
 
 		case 'n':
-			if (!strcmp(isc_commandline_argument, "ignore")) {
+			if (ARGCMP("ignore")) {
 				zone_options &= ~(DNS_ZONEOPT_CHECKNS|
 						  DNS_ZONEOPT_FATALNS);
-			} else if (!strcmp(isc_commandline_argument, "warn")) {
+			} else if (ARGCMP("warn")) {
 				zone_options |= DNS_ZONEOPT_CHECKNS;
 				zone_options &= ~DNS_ZONEOPT_FATALNS;
-			} else if (!strcmp(isc_commandline_argument, "fail")) {
+			} else if (ARGCMP("fail")) {
 				zone_options |= DNS_ZONEOPT_CHECKNS|
 					        DNS_ZONEOPT_FATALNS;
 			} else {
@@ -237,15 +234,13 @@ main(int argc, char **argv) {
 			break;
 
 		case 'm':
-			if (!strcmp(isc_commandline_argument, "warn")) {
+			if (ARGCMP("warn")) {
 				zone_options |= DNS_ZONEOPT_CHECKMX;
 				zone_options &= ~DNS_ZONEOPT_CHECKMXFAIL;
-			} else if (!strcmp(isc_commandline_argument,
-					   "fail")) {
+			} else if (ARGCMP("fail")) {
 				zone_options |= DNS_ZONEOPT_CHECKMX |
 						DNS_ZONEOPT_CHECKMXFAIL;
-			} else if (!strcmp(isc_commandline_argument,
-					   "ignore")) {
+			} else if (ARGCMP("ignore")) {
 				zone_options &= ~(DNS_ZONEOPT_CHECKMX |
 						  DNS_ZONEOPT_CHECKMXFAIL);
 			} else {
@@ -276,10 +271,9 @@ main(int argc, char **argv) {
 			break;
 
 		case 's':
-			if (strcmp(isc_commandline_argument, "full") == 0)
+			if (ARGCMP("full"))
 				outputstyle = &dns_master_style_full;
-			else if (strcmp(isc_commandline_argument,
-					"default") == 0) {
+			else if (ARGCMP("default")) {
 				outputstyle = &dns_master_style_default;
 			} else {
 				fprintf(stderr,
@@ -305,10 +299,44 @@ main(int argc, char **argv) {
 			dumpzone++;
 			break;
 
+		case 'M':
+			if (ARGCMP("fail")) {
+				zone_options &= ~DNS_ZONEOPT_WARNMXCNAME;
+				zone_options &= ~DNS_ZONEOPT_IGNOREMXCNAME;
+			} else if (ARGCMP("warn")) {
+				zone_options |= DNS_ZONEOPT_WARNMXCNAME;
+				zone_options &= ~DNS_ZONEOPT_IGNOREMXCNAME;
+			} else if (ARGCMP("ignore")) {
+				zone_options |= DNS_ZONEOPT_WARNMXCNAME;
+				zone_options |= DNS_ZONEOPT_IGNOREMXCNAME;
+			} else {
+				fprintf(stderr, "invalid argument to -M: %s\n",
+					isc_commandline_argument);
+				exit(1);
+			}
+			break;
+
+		case 'S':
+			if (ARGCMP("fail")) {
+				zone_options &= ~DNS_ZONEOPT_WARNSRVCNAME;
+				zone_options &= ~DNS_ZONEOPT_IGNORESRVCNAME;
+			} else if (ARGCMP("warn")) {
+				zone_options |= DNS_ZONEOPT_WARNSRVCNAME;
+				zone_options &= ~DNS_ZONEOPT_IGNORESRVCNAME;
+			} else if (ARGCMP("ignore")) {
+				zone_options |= DNS_ZONEOPT_WARNSRVCNAME;
+				zone_options |= DNS_ZONEOPT_IGNORESRVCNAME;
+			} else {
+				fprintf(stderr, "invalid argument to -S: %s\n",
+					isc_commandline_argument);
+				exit(1);
+			}
+			break;
+
 		case 'W':
-			if (!strcmp(isc_commandline_argument, "warn"))
+			if (ARGCMP("warn"))
 				zone_options |= DNS_ZONEOPT_CHECKWILDCARD;
-			else if (!strcmp(isc_commandline_argument, "ignore"))
+			else if (ARGCMP("ignore"))
 				zone_options &= ~DNS_ZONEOPT_CHECKWILDCARD;
 			break;
 

bin/check/named-checkzone.docbook

@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: named-checkzone.docbook,v 1.23 2005/08/24 23:53:55 marka Exp $ -->
+<!-- $Id: named-checkzone.docbook,v 1.24 2006/01/05 23:45:33 marka Exp $ -->
 <refentry id="man.named-checkzone">
   <refentryinfo>
     <date>June 13, 2000</date>
@@ -63,9 +63,11 @@
       <arg><option>-i <replaceable class="parameter">mode</replaceable></option></arg>
       <arg><option>-k <replaceable class="parameter">mode</replaceable></option></arg>
       <arg><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
+      <arg><option>-M <replaceable class="parameter">mode</replaceable></option></arg>
       <arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
       <arg><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
       <arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
+      <arg><option>-S <replaceable class="parameter">mode</replaceable></option></arg>
       <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
       <arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
       <arg><option>-D</option></arg>
@@ -80,6 +82,7 @@
       <arg><option>-q</option></arg>
       <arg><option>-v</option></arg>
       <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
+      <arg><option>-C <replaceable class="parameter">mode</replaceable></option></arg>
       <arg><option>-f <replaceable class="parameter">format</replaceable></option></arg>
       <arg><option>-F <replaceable class="parameter">format</replaceable></option></arg>
       <arg><option>-i <replaceable class="parameter">mode</replaceable></option></arg>
@@ -264,6 +267,18 @@
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+	<term>-M <replaceable class="parameter">mode</replaceable></term>
+        <listitem>
+	  <para>
+	    Check if a MX record refers to a CNAME.
+            Possible modes are <command>"fail"</command>,
+            <command>"warn"</command> (default) and
+            <command>"ignore"</command>.
+	  </para>
+        </listitem>
+      </varlistentry>
+
       <varlistentry>
         <term>-n <replaceable class="parameter">mode</replaceable></term>
         <listitem>
@@ -309,6 +324,18 @@
 	</listitem>
       </varlistentry>
 
+      <varlistentry>
+	<term>-S <replaceable class="parameter">mode</replaceable></term>
+        <listitem>
+	  <para>
+	    Check if a SRV record refers to a CNAME.
+            Possible modes are <command>"fail"</command>,
+            <command>"warn"</command> (default) and
+            <command>"ignore"</command>.
+	  </para>
+        </listitem>
+      </varlistentry>
+
       <varlistentry>
         <term>-t <replaceable class="parameter">directory</replaceable></term>
         <listitem>

bin/named/config.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: config.c,v 1.66 2006/01/05 02:19:01 marka Exp $ */
+/* $Id: config.c,v 1.67 2006/01/05 23:45:33 marka Exp $ */
 
 /*! \file */
 
@@ -171,6 +171,8 @@ options {\n\
 	check-wildcard yes;\n\
 	check-sibling yes;\n\
 	check-integrity yes;\n\
+	check-mx-cname warn;\n\
+	check-srv-cname warn;\n\
 	zero-no-soa-ttl yes;\n\
 };\n\
 "

bin/named/named.conf.docbook

@@ -17,7 +17,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: named.conf.docbook,v 1.18 2006/01/05 02:19:01 marka Exp $ -->
+<!-- $Id: named.conf.docbook,v 1.19 2006/01/05 23:45:33 marka Exp $ -->
 <refentry>
   <refentryinfo>
     <date>Aug 13, 2004</date>
@@ -247,7 +247,9 @@ options {
 	check-names ( master | slave | response )
 		( fail | warn | ignore );
 	check-mx ( fail | warn | ignore );
-	integrity-check <replaceable>boolean</replaceable>;
+	check-integrity <replaceable>boolean</replaceable>;
+	check-mx-cname ( fail | warn | ignore );
+	check-srv-cname ( fail | warn | ignore );
 	cache-file <replaceable>quoted_string</replaceable>;
 	suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented
 	preferred-glue <replaceable>string</replaceable>;
@@ -391,7 +393,9 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
 	check-names ( master | slave | response )
 		( fail | warn | ignore );
 	check-mx ( fail | warn | ignore );
-	integrity-check <replaceable>boolean</replaceable>;
+	check-integrity <replaceable>boolean</replaceable>;
+	check-mx-cname ( fail | warn | ignore );
+	check-srv-cname ( fail | warn | ignore );
 	cache-file <replaceable>quoted_string</replaceable>;
 	suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented
 	preferred-glue <replaceable>string</replaceable>;
@@ -490,7 +494,9 @@ zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
 	delegation-only <replaceable>boolean</replaceable>;
 	check-names ( fail | warn | ignore );
 	check-mx ( fail | warn | ignore );
-	integrity-check <replaceable>boolean</replaceable>;
+	check-integrity <replaceable>boolean</replaceable>;
+	check-mx-cname ( fail | warn | ignore );
+	check-srv-cname ( fail | warn | ignore );
 	dialup <replaceable>dialuptype</replaceable>;
 	ixfr-from-differences <replaceable>boolean</replaceable>;
 	journal <replaceable>quoted_string</replaceable>;

bin/named/zoneconf.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zoneconf.c,v 1.127 2006/01/05 03:32:50 marka Exp $ */
+/* $Id: zoneconf.c,v 1.128 2006/01/05 23:45:33 marka Exp $ */
 
 /*% */
 
@@ -342,6 +342,7 @@ ns_zone_configure(cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_t *zconfig,
 	isc_boolean_t alt;
 	dns_view_t *view;
 	isc_boolean_t check = ISC_FALSE, fail = ISC_FALSE;
+	isc_boolean_t warn = ISC_FALSE, ignore = ISC_FALSE;
 	isc_boolean_t ixfrdiff;
 	dns_masterformat_t masterformat;
 
@@ -682,6 +683,36 @@ ns_zone_configure(cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_t *zconfig,
 		INSIST(obj != NULL);
 		dns_zone_setoption(zone, DNS_ZONEOPT_CHECKINTEGRITY, 
 				   cfg_obj_asboolean(obj));
+
+		obj = NULL;
+		result = ns_config_get(maps, "check-mx-cname", &obj);
+		INSIST(obj != NULL);
+		if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
+			warn = ISC_TRUE;
+			ignore = ISC_FALSE;
+		} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
+			warn = ignore = ISC_FALSE;
+		} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
+			warn = ignore = ISC_TRUE;
+		} else
+			INSIST(0);
+		dns_zone_setoption(zone, DNS_ZONEOPT_WARNMXCNAME, warn);
+		dns_zone_setoption(zone, DNS_ZONEOPT_IGNOREMXCNAME, ignore);
+
+		obj = NULL;
+		result = ns_config_get(maps, "check-srv-cname", &obj);
+		INSIST(obj != NULL);
+		if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
+			warn = ISC_TRUE;
+			ignore = ISC_FALSE;
+		} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
+			warn = ignore = ISC_FALSE;
+		} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
+			warn = ignore = ISC_TRUE;
+		} else
+			INSIST(0);
+		dns_zone_setoption(zone, DNS_ZONEOPT_WARNSRVCNAME, warn);
+		dns_zone_setoption(zone, DNS_ZONEOPT_IGNORESRVCNAME, ignore);
 	}
 
 	/*

doc/arm/Bv9ARM-book.xml

@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- File: $Id: Bv9ARM-book.xml,v 1.289 2006/01/05 11:52:32 marka Exp $ -->
+<!-- File: $Id: Bv9ARM-book.xml,v 1.290 2006/01/05 23:45:33 marka Exp $ -->
 <book xmlns:xi="http://www.w3.org/2001/XInclude">
   <title>BIND 9 Administrator Reference Manual</title>
 
@@ -4402,6 +4402,8 @@ category notify { null; };
     <optional> check-mx ( <replaceable>warn</replaceable> | <replaceable>fail</replaceable> | <replaceable>ignore</replaceable> ); </optional>
     <optional> check-wildcard <replaceable>yes_or_no</replaceable>; </optional>
     <optional> check-integrity <replaceable>yes_or_no</replaceable>; </optional>
+    <optional> check-mx-cname ( <replaceable>warn</replaceable> | <replaceable>fail</replaceable> | <replaceable>ignore</replaceable> ); </optional>
+    <optional> check-srv-cname ( <replaceable>warn</replaceable> | <replaceable>fail</replaceable> | <replaceable>ignore</replaceable> ); </optional>
     <optional> check-sibling <replaceable>yes_or_no</replaceable>; </optional>
     <optional> allow-notify { <replaceable>address_match_list</replaceable> }; </optional>
     <optional> allow-query { <replaceable>address_match_list</replaceable> }; </optional>
@@ -5580,6 +5582,28 @@ options {
 	      </listitem>
 	    </varlistentry>
 
+	    <varlistentry>
+	      <term><command>check-mx-cname</command></term>
+	      <listitem>
+		<para>
+		  If <command>check-integrity</command> is set then
+		  fail, warn or ignore MX records that refer
+		  to CNAMES.  The default is to <command>warn</command>.
+		</para>
+	      </listitem>
+	    </varlistentry>
+
+	    <varlistentry>
+	      <term><command>check-srv-cname</command></term>
+	      <listitem>
+		<para>
+		  If <command>check-integrity</command> is set then
+		  fail, warn or ignore SRV records that refer
+		  to CNAMES.  The default is to <command>warn</command>.
+		</para>
+	      </listitem>
+	    </varlistentry>
+
 	    <varlistentry>
 	      <term><command>check-sibling</command></term>