Commit dc6da18c authored by Mark Andrews's avatar Mark Andrews
Browse files

1964. [func] Seperate out MX and SRV to CNAME checks. [RT #15723]

parent 1eb1e1e8
1964. [func] Seperate out MX and SRV to CNAME checks. [RT #15723]
1963. [port] Tru64 4.0E doesn't support send() and recv().
[RT #15586]
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: check-tool.c,v 1.21 2005/09/30 08:25:38 marka Exp $ */
/* $Id: check-tool.c,v 1.22 2006/01/05 23:45:33 marka Exp $ */
/*! \file */
......@@ -71,7 +71,9 @@ unsigned int zone_options = DNS_ZONEOPT_CHECKNS |
DNS_ZONEOPT_MANYERRORS |
DNS_ZONEOPT_CHECKNAMES |
DNS_ZONEOPT_CHECKINTEGRITY |
DNS_ZONEOPT_CHECKWILDCARD;
DNS_ZONEOPT_CHECKWILDCARD |
DNS_ZONEOPT_WARNMXCNAME |
DNS_ZONEOPT_WARNSRVCNAME;
/*
* This needs to match the list in bin/named/log.c.
......@@ -128,10 +130,11 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
case 0:
if (strcasecmp(ai->ai_canonname, namebuf) != 0) {
dns_zone_log(zone, ISC_LOG_ERROR,
"%s/NS '%s' (out of zone) "
"%s/NS '%s' (out of zone) "
"is a CNAME (illegal)",
ownerbuf, namebuf);
answer = ISC_FALSE;
/* XXX950 make fatal for 9.5.0 */
/* answer = ISC_FALSE; */
}
break;
case EAI_NONAME:
......@@ -141,7 +144,8 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' (out of zone) "
"has no addresses records (A or AAAA)",
ownerbuf, namebuf);
return (ISC_FALSE);
/* XXX950 make fatal for 9.5.0 */
return (ISC_TRUE);
default:
dns_zone_log(zone, ISC_LOG_WARNING,
......@@ -175,7 +179,8 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
ownerbuf, namebuf,
inet_ntop(AF_INET, rdata.data,
addrbuf, sizeof(addrbuf)));
answer = ISC_FALSE;
/* XXX950 make fatal for 9.5.0 */
/* answer = ISC_FALSE; */
}
dns_rdata_reset(&rdata);
result = dns_rdataset_next(a);
......@@ -203,7 +208,8 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
ownerbuf, namebuf,
inet_ntop(AF_INET6, rdata.data,
addrbuf, sizeof(addrbuf)));
answer = ISC_FALSE;
/* XXX950 make fatal for 9.5.0. */
/* answer = ISC_FALSE; */
}
dns_rdata_reset(&rdata);
result = dns_rdataset_next(aaaa);
......@@ -246,7 +252,8 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
ownerbuf, namebuf, type,
inet_ntop(cur->ai_family, ptr,
addrbuf, sizeof(addrbuf)));
answer = ISC_FALSE;
/* XXX950 make fatal for 9.5.0. */
/* answer = ISC_FALSE; */
}
}
freeaddrinfo(ai);
......@@ -263,6 +270,8 @@ checkmx(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
char namebuf[DNS_NAME_FORMATSIZE + 1];
char ownerbuf[DNS_NAME_FORMATSIZE];
int result;
int level = ISC_LOG_ERROR;
isc_boolean_t answer = ISC_TRUE;
memset(&hints, 0, sizeof(hints));
hints.ai_flags = AI_CANONNAME;
......@@ -282,13 +291,21 @@ checkmx(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
dns_name_format(name, namebuf, sizeof(namebuf) - 1);
switch (result) {
case 0:
if (strcasecmp(ai->ai_canonname, namebuf) != 0)
dns_zone_log(zone, ISC_LOG_WARNING,
"%s/MX '%s' (out of zone) "
"is a CNAME (illegal)",
ownerbuf, namebuf);
if (strcasecmp(ai->ai_canonname, namebuf) != 0) {
if ((zone_options & DNS_ZONEOPT_WARNMXCNAME) != 0)
level = ISC_LOG_WARNING;
if ((zone_options & DNS_ZONEOPT_IGNOREMXCNAME) == 0) {
dns_zone_log(zone, ISC_LOG_WARNING,
"%s/MX '%s' (out of zone) "
"is a CNAME (illegal)",
ownerbuf, namebuf);
if (level == ISC_LOG_ERROR)
answer = ISC_FALSE;
}
}
freeaddrinfo(ai);
break;
return (answer);
case EAI_NONAME:
#if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME)
case EAI_NODATA:
......@@ -296,7 +313,8 @@ checkmx(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
dns_zone_log(zone, ISC_LOG_ERROR, "%s/MX '%s' (out of zone) "
"has no addresses records (A or AAAA)",
ownerbuf, namebuf);
return (ISC_FALSE);
/* XXX950 make fatal for 9.5.0. */
return (ISC_TRUE);
default:
dns_zone_log(zone, ISC_LOG_WARNING,
......@@ -315,6 +333,8 @@ checksrv(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
char namebuf[DNS_NAME_FORMATSIZE + 1];
char ownerbuf[DNS_NAME_FORMATSIZE];
int result;
int level = ISC_LOG_ERROR;
isc_boolean_t answer = ISC_TRUE;
memset(&hints, 0, sizeof(hints));
hints.ai_flags = AI_CANONNAME;
......@@ -334,13 +354,21 @@ checksrv(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
dns_name_format(name, namebuf, sizeof(namebuf) - 1);
switch (result) {
case 0:
if (strcasecmp(ai->ai_canonname, namebuf) != 0)
dns_zone_log(zone, ISC_LOG_WARNING,
"%s/SRV '%s' (out of zone) "
"is a CNAME (illegal)",
ownerbuf, namebuf);
if (strcasecmp(ai->ai_canonname, namebuf) != 0) {
if ((zone_options & DNS_ZONEOPT_WARNSRVCNAME) != 0)
level = ISC_LOG_WARNING;
if ((zone_options & DNS_ZONEOPT_IGNORESRVCNAME) == 0) {
dns_zone_log(zone, level,
"%s/SRV '%s' (out of zone) "
"is a CNAME (illegal)",
ownerbuf, namebuf);
if (level == ISC_LOG_ERROR)
answer = ISC_FALSE;
}
}
freeaddrinfo(ai);
break;
return (answer);
case EAI_NONAME:
#if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME)
case EAI_NODATA:
......@@ -348,7 +376,8 @@ checksrv(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
dns_zone_log(zone, ISC_LOG_ERROR, "%s/SRV '%s' (out of zone) "
"has no addresses records (A or AAAA)",
ownerbuf, namebuf);
return (ISC_FALSE);
/* XXX950 make fatal for 9.5.0. */
return (ISC_TRUE);
default:
dns_zone_log(zone, ISC_LOG_WARNING,
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named-checkconf.c,v 1.39 2005/09/18 07:16:17 marka Exp $ */
/* $Id: named-checkconf.c,v 1.40 2006/01/05 23:45:33 marka Exp $ */
/*! \file */
......@@ -225,6 +225,42 @@ configure_zone(const char *vclass, const char *view, cfg_obj_t *zconfig,
zone_options &= ~DNS_ZONEOPT_CHECKINTEGRITY;
}
obj = NULL;
if (get_maps(maps, "check-mx-cname", &obj)) {
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
zone_options |= DNS_ZONEOPT_WARNMXCNAME;
zone_options &= ~DNS_ZONEOPT_IGNOREMXCNAME;
} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
zone_options &= ~DNS_ZONEOPT_WARNMXCNAME;
zone_options &= ~DNS_ZONEOPT_IGNOREMXCNAME;
} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
zone_options |= DNS_ZONEOPT_WARNMXCNAME;
zone_options |= DNS_ZONEOPT_IGNOREMXCNAME;
} else
INSIST(0);
} else {
zone_options |= DNS_ZONEOPT_WARNMXCNAME;
zone_options &= ~DNS_ZONEOPT_IGNOREMXCNAME;
}
obj = NULL;
if (get_maps(maps, "check-srv-cname", &obj)) {
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
zone_options |= DNS_ZONEOPT_WARNSRVCNAME;
zone_options &= ~DNS_ZONEOPT_IGNORESRVCNAME;
} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
zone_options &= ~DNS_ZONEOPT_WARNSRVCNAME;
zone_options &= ~DNS_ZONEOPT_IGNORESRVCNAME;
} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
zone_options |= DNS_ZONEOPT_WARNSRVCNAME;
zone_options |= DNS_ZONEOPT_IGNORESRVCNAME;
} else
INSIST(0);
} else {
zone_options |= DNS_ZONEOPT_WARNSRVCNAME;
zone_options &= ~DNS_ZONEOPT_IGNORESRVCNAME;
}
obj = NULL;
if (get_maps(maps, "check-sibling", &obj)) {
if (cfg_obj_asboolean(obj))
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named-checkzone.c,v 1.41 2005/09/18 07:16:17 marka Exp $ */
/* $Id: named-checkzone.c,v 1.42 2006/01/05 23:45:33 marka Exp $ */
/*! \file */
......@@ -77,7 +77,8 @@ usage(void) {
"[-f inputformat] [-F outputformat] "
"[-t directory] [-w directory] [-k (ignore|warn|fail)] "
"[-n (ignore|warn|fail)] [-m (ignore|warn|fail)] "
"[-i (full|local|none)] [-W (ignore|warn)] "
"[-i (full|local|none)] [-M (ignore|warn|fail)] "
"[-S (ignore|warn|fail)] [-W (ignore|warn)] "
"zonename filename\n", prog_name);
exit(1);
}
......@@ -134,8 +135,10 @@ main(int argc, char **argv) {
DNS_ZONEOPT_CHECKWILDCARD);
}
#define ARGCMP(X) (strcmp(isc_commandline_argument, X) == 0)
while ((c = isc_commandline_parse(argc, argv,
"c:df:i:jk:m:n:qst:o:vw:DF:W:"))
"c:df:i:jk:m:n:qst:o:vw:DF:M:S:W:"))
!= EOF) {
switch (c) {
case 'c':
......@@ -147,35 +150,31 @@ main(int argc, char **argv) {
break;
case 'i':
if (!strcmp(isc_commandline_argument, "full")) {
if (ARGCMP("full")) {
zone_options |= DNS_ZONEOPT_CHECKINTEGRITY |
DNS_ZONEOPT_CHECKSIBLING;
docheckmx = ISC_TRUE;
docheckns = ISC_TRUE;
dochecksrv = ISC_TRUE;
} else if (!strcmp(isc_commandline_argument,
"full-sibling")) {
} else if (ARGCMP("full-sibling")) {
zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
zone_options &= ~DNS_ZONEOPT_CHECKSIBLING;
docheckmx = ISC_TRUE;
docheckns = ISC_TRUE;
dochecksrv = ISC_TRUE;
} else if (!strcmp(isc_commandline_argument,
"local")) {
} else if (ARGCMP("local")) {
zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
zone_options |= DNS_ZONEOPT_CHECKSIBLING;
docheckmx = ISC_FALSE;
docheckns = ISC_FALSE;
dochecksrv = ISC_FALSE;
} else if (!strcmp(isc_commandline_argument,
"local-sibling")) {
} else if (ARGCMP("local-sibling")) {
zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
zone_options &= ~DNS_ZONEOPT_CHECKSIBLING;
docheckmx = ISC_FALSE;
docheckns = ISC_FALSE;
dochecksrv = ISC_FALSE;
} else if (!strcmp(isc_commandline_argument,
"none")) {
} else if (ARGCMP("none")) {
zone_options &= ~DNS_ZONEOPT_CHECKINTEGRITY;
zone_options &= ~DNS_ZONEOPT_CHECKSIBLING;
docheckmx = ISC_FALSE;
......@@ -201,15 +200,13 @@ main(int argc, char **argv) {
break;
case 'k':
if (!strcmp(isc_commandline_argument, "warn")) {
if (ARGCMP("warn")) {
zone_options |= DNS_ZONEOPT_CHECKNAMES;
zone_options &= ~DNS_ZONEOPT_CHECKNAMESFAIL;
} else if (!strcmp(isc_commandline_argument,
"fail")) {
} else if (ARGCMP("fail")) {
zone_options |= DNS_ZONEOPT_CHECKNAMES |
DNS_ZONEOPT_CHECKNAMESFAIL;
} else if (!strcmp(isc_commandline_argument,
"ignore")) {
} else if (ARGCMP("ignore")) {
zone_options &= ~(DNS_ZONEOPT_CHECKNAMES |
DNS_ZONEOPT_CHECKNAMESFAIL);
} else {
......@@ -220,13 +217,13 @@ main(int argc, char **argv) {
break;
case 'n':
if (!strcmp(isc_commandline_argument, "ignore")) {
if (ARGCMP("ignore")) {
zone_options &= ~(DNS_ZONEOPT_CHECKNS|
DNS_ZONEOPT_FATALNS);
} else if (!strcmp(isc_commandline_argument, "warn")) {
} else if (ARGCMP("warn")) {
zone_options |= DNS_ZONEOPT_CHECKNS;
zone_options &= ~DNS_ZONEOPT_FATALNS;
} else if (!strcmp(isc_commandline_argument, "fail")) {
} else if (ARGCMP("fail")) {
zone_options |= DNS_ZONEOPT_CHECKNS|
DNS_ZONEOPT_FATALNS;
} else {
......@@ -237,15 +234,13 @@ main(int argc, char **argv) {
break;
case 'm':
if (!strcmp(isc_commandline_argument, "warn")) {
if (ARGCMP("warn")) {
zone_options |= DNS_ZONEOPT_CHECKMX;
zone_options &= ~DNS_ZONEOPT_CHECKMXFAIL;
} else if (!strcmp(isc_commandline_argument,
"fail")) {
} else if (ARGCMP("fail")) {
zone_options |= DNS_ZONEOPT_CHECKMX |
DNS_ZONEOPT_CHECKMXFAIL;
} else if (!strcmp(isc_commandline_argument,
"ignore")) {
} else if (ARGCMP("ignore")) {
zone_options &= ~(DNS_ZONEOPT_CHECKMX |
DNS_ZONEOPT_CHECKMXFAIL);
} else {
......@@ -276,10 +271,9 @@ main(int argc, char **argv) {
break;
case 's':
if (strcmp(isc_commandline_argument, "full") == 0)
if (ARGCMP("full"))
outputstyle = &dns_master_style_full;
else if (strcmp(isc_commandline_argument,
"default") == 0) {
else if (ARGCMP("default")) {
outputstyle = &dns_master_style_default;
} else {
fprintf(stderr,
......@@ -305,10 +299,44 @@ main(int argc, char **argv) {
dumpzone++;
break;
case 'M':
if (ARGCMP("fail")) {
zone_options &= ~DNS_ZONEOPT_WARNMXCNAME;
zone_options &= ~DNS_ZONEOPT_IGNOREMXCNAME;
} else if (ARGCMP("warn")) {
zone_options |= DNS_ZONEOPT_WARNMXCNAME;
zone_options &= ~DNS_ZONEOPT_IGNOREMXCNAME;
} else if (ARGCMP("ignore")) {
zone_options |= DNS_ZONEOPT_WARNMXCNAME;
zone_options |= DNS_ZONEOPT_IGNOREMXCNAME;
} else {
fprintf(stderr, "invalid argument to -M: %s\n",
isc_commandline_argument);
exit(1);
}
break;
case 'S':
if (ARGCMP("fail")) {
zone_options &= ~DNS_ZONEOPT_WARNSRVCNAME;
zone_options &= ~DNS_ZONEOPT_IGNORESRVCNAME;
} else if (ARGCMP("warn")) {
zone_options |= DNS_ZONEOPT_WARNSRVCNAME;
zone_options &= ~DNS_ZONEOPT_IGNORESRVCNAME;
} else if (ARGCMP("ignore")) {
zone_options |= DNS_ZONEOPT_WARNSRVCNAME;
zone_options |= DNS_ZONEOPT_IGNORESRVCNAME;
} else {
fprintf(stderr, "invalid argument to -S: %s\n",
isc_commandline_argument);
exit(1);
}
break;
case 'W':
if (!strcmp(isc_commandline_argument, "warn"))
if (ARGCMP("warn"))
zone_options |= DNS_ZONEOPT_CHECKWILDCARD;
else if (!strcmp(isc_commandline_argument, "ignore"))
else if (ARGCMP("ignore"))
zone_options &= ~DNS_ZONEOPT_CHECKWILDCARD;
break;
......
......@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: named-checkzone.docbook,v 1.23 2005/08/24 23:53:55 marka Exp $ -->
<!-- $Id: named-checkzone.docbook,v 1.24 2006/01/05 23:45:33 marka Exp $ -->
<refentry id="man.named-checkzone">
<refentryinfo>
<date>June 13, 2000</date>
......@@ -63,9 +63,11 @@
<arg><option>-i <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-k <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-M <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
<arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
<arg><option>-S <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
<arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
<arg><option>-D</option></arg>
......@@ -80,6 +82,7 @@
<arg><option>-q</option></arg>
<arg><option>-v</option></arg>
<arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
<arg><option>-C <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-f <replaceable class="parameter">format</replaceable></option></arg>
<arg><option>-F <replaceable class="parameter">format</replaceable></option></arg>
<arg><option>-i <replaceable class="parameter">mode</replaceable></option></arg>
......@@ -264,6 +267,18 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-M <replaceable class="parameter">mode</replaceable></term>
<listitem>
<para>
Check if a MX record refers to a CNAME.
Possible modes are <command>"fail"</command>,
<command>"warn"</command> (default) and
<command>"ignore"</command>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-n <replaceable class="parameter">mode</replaceable></term>
<listitem>
......@@ -309,6 +324,18 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-S <replaceable class="parameter">mode</replaceable></term>
<listitem>
<para>
Check if a SRV record refers to a CNAME.
Possible modes are <command>"fail"</command>,
<command>"warn"</command> (default) and
<command>"ignore"</command>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-t <replaceable class="parameter">directory</replaceable></term>
<listitem>
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: config.c,v 1.66 2006/01/05 02:19:01 marka Exp $ */
/* $Id: config.c,v 1.67 2006/01/05 23:45:33 marka Exp $ */
/*! \file */
......@@ -171,6 +171,8 @@ options {\n\
check-wildcard yes;\n\
check-sibling yes;\n\
check-integrity yes;\n\
check-mx-cname warn;\n\
check-srv-cname warn;\n\
zero-no-soa-ttl yes;\n\
};\n\
"
......
......@@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: named.conf.docbook,v 1.18 2006/01/05 02:19:01 marka Exp $ -->
<!-- $Id: named.conf.docbook,v 1.19 2006/01/05 23:45:33 marka Exp $ -->
<refentry>
<refentryinfo>
<date>Aug 13, 2004</date>
......@@ -247,7 +247,9 @@ options {
check-names ( master | slave | response )
( fail | warn | ignore );
check-mx ( fail | warn | ignore );
integrity-check <replaceable>boolean</replaceable>;
check-integrity <replaceable>boolean</replaceable>;
check-mx-cname ( fail | warn | ignore );
check-srv-cname ( fail | warn | ignore );
cache-file <replaceable>quoted_string</replaceable>;
suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented
preferred-glue <replaceable>string</replaceable>;
......@@ -391,7 +393,9 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
check-names ( master | slave | response )
( fail | warn | ignore );
check-mx ( fail | warn | ignore );
integrity-check <replaceable>boolean</replaceable>;
check-integrity <replaceable>boolean</replaceable>;
check-mx-cname ( fail | warn | ignore );
check-srv-cname ( fail | warn | ignore );
cache-file <replaceable>quoted_string</replaceable>;
suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented
preferred-glue <replaceable>string</replaceable>;
......@@ -490,7 +494,9 @@ zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
delegation-only <replaceable>boolean</replaceable>;
check-names ( fail | warn | ignore );
check-mx ( fail | warn | ignore );
integrity-check <replaceable>boolean</replaceable>;
check-integrity <replaceable>boolean</replaceable>;
check-mx-cname ( fail | warn | ignore );
check-srv-cname ( fail | warn | ignore );
dialup <replaceable>dialuptype</replaceable>;
ixfr-from-differences <replaceable>boolean</replaceable>;
journal <replaceable>quoted_string</replaceable>;
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: zoneconf.c,v 1.127 2006/01/05 03:32:50 marka Exp $ */
/* $Id: zoneconf.c,v 1.128 2006/01/05 23:45:33 marka Exp $ */
/*% */
......@@ -342,6 +342,7 @@ ns_zone_configure(cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_t *zconfig,
isc_boolean_t alt;
dns_view_t *view;
isc_boolean_t check = ISC_FALSE, fail = ISC_FALSE;
isc_boolean_t warn = ISC_FALSE, ignore = ISC_FALSE;
isc_boolean_t ixfrdiff;
dns_masterformat_t masterformat;
......@@ -682,6 +683,36 @@ ns_zone_configure(cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_t *zconfig,
INSIST(obj != NULL);
dns_zone_setoption(zone, DNS_ZONEOPT_CHECKINTEGRITY,
cfg_obj_asboolean(obj));
obj = NULL;
result = ns_config_get(maps, "check-mx-cname", &obj);
INSIST(obj != NULL);
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
warn = ISC_TRUE;
ignore = ISC_FALSE;
} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
warn = ignore = ISC_FALSE;
} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
warn = ignore = ISC_TRUE;
} else
INSIST(0);
dns_zone_setoption(zone, DNS_ZONEOPT_WARNMXCNAME, warn);
dns_zone_setoption(zone, DNS_ZONEOPT_IGNOREMXCNAME, ignore);
obj = NULL;
result = ns_config_get(maps, "check-srv-cname", &obj);
INSIST(obj != NULL);
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
warn = ISC_TRUE;
ignore = ISC_FALSE;
} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
warn = ignore = ISC_FALSE;
} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
warn = ignore = ISC_TRUE;
} else
INSIST(0);
dns_zone_setoption(zone, DNS_ZONEOPT_WARNSRVCNAME, warn);
dns_zone_setoption(zone, DNS_ZONEOPT_IGNORESRVCNAME, ignore);
}
/*
......
......@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- File: $Id: Bv9ARM-book.xml,v 1.289 2006/01/05 11:52:32 marka Exp $ -->
<!-- File: $Id: Bv9ARM-book.xml,v 1.290 2006/01/05 23:45:33 marka Exp $ -->
<book xmlns:xi="http://www.w3.org/2001/XInclude">
<title>BIND 9 Administrator Reference Manual</title>
......@@ -4402,6 +4402,8 @@ category notify { null; };
<optional> check-mx ( <replaceable>warn</replaceable> | <replaceable>fail</replaceable> | <replaceable>ignore</replaceable> ); </optional>
<optional> check-wildcard <replaceable>yes_or_no</replaceable>; </optional>
<optional> check-integrity <replaceable>yes_or_no</replaceable>; </optional>
<optional> check-mx-cname ( <replaceable>warn</replaceable> | <replaceable>fail</replaceable> | <replaceable>ignore</replaceable> ); </optional>
<optional> check-srv-cname ( <replaceable>warn</replaceable> | <replaceable>fail</replaceable> | <replaceable>ignore</replaceable> ); </optional>
<optional> check-sibling <replaceable>yes_or_no</replaceable>; </optional>
<optional> allow-notify { <replaceable>address_match_list</replaceable> }; </optional>
<optional> allow-query { <replaceable>address_match_list</replaceable> }; </optional>
......@@ -5580,6 +5582,28 @@ options {
</listitem>
</varlistentry>
<varlistentry>
<term><command>check-mx-cname</command></term>
<listitem>
<para>
If <command>check-integrity</command> is set then
fail, warn or ignore MX records that refer
to CNAMES. The default is to <command>warn</command>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>check-srv-cname</command></term>
<listitem>
<para>
If <command>check-integrity</command> is set then
fail, warn or ignore SRV records that refer
to CNAMES. The default is to <command>warn</command>.
</para>
</listitem>
</varlistentry>