Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
ISC Open Source Projects
BIND
Commits
e3344054
Commit
e3344054
authored
Dec 08, 2010
by
Mark Andrews
Browse files
2981. [func] Partial DNS64 support (AAAA synthesis). [RT #21991]
parent
b59e6107
Changes
24
Expand all
Hide whitespace changes
Inline
Side-by-side
CHANGES
View file @
e3344054
2981. [func] Partial DNS64 support (AAAA synthesis). [RT #21991]
2980. [bug] named didn't properly handle UPDATES that changed the
TTL of the NSEC3PARAM RRset. [RT #22363]
...
...
bin/named/include/named/query.h
View file @
e3344054
...
...
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: query.h,v 1.4
2
2010/
09/24 08:31:23 tbox
Exp $ */
/* $Id: query.h,v 1.4
3
2010/
12/08 02:46:15 marka
Exp $ */
#ifndef NAMED_QUERY_H
#define NAMED_QUERY_H 1
...
...
@@ -27,6 +27,7 @@
#include <isc/netaddr.h>
#include <dns/types.h>
#include <dns/rdataset.h>
#include <named/types.h>
...
...
@@ -57,6 +58,12 @@ struct ns_query {
isc_bufferlist_t
namebufs
;
ISC_LIST
(
ns_dbversion_t
)
activeversions
;
ISC_LIST
(
ns_dbversion_t
)
freeversions
;
dns_rdataset_t
*
dns64_aaaa
;
dns_rdataset_t
*
dns64_sigaaaa
;
isc_boolean_t
*
dns64_aaaaok
;
unsigned
int
dns64_aaaaoklen
;
unsigned
int
dns64_options
;
unsigned
int
dns64_ttl
;
};
#define NS_QUERYATTR_RECURSIONOK 0x0001
...
...
@@ -73,6 +80,9 @@ struct ns_query {
#define NS_QUERYATTR_NOADDITIONAL 0x0800
#define NS_QUERYATTR_CACHEACLOKVALID 0x1000
#define NS_QUERYATTR_CACHEACLOK 0x2000
#define NS_QUERYATTR_DNS64 0x4000
#define NS_QUERYATTR_DNS64EXCLUDE 0x8000
isc_result_t
ns_query_init
(
ns_client_t
*
client
);
...
...
bin/named/query.c
View file @
e3344054
This diff is collapsed.
Click to expand it.
bin/named/server.c
View file @
e3344054
...
...
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: server.c,v 1.58
7
2010/12/0
2 23:22:41
marka Exp $ */
/* $Id: server.c,v 1.58
8
2010/12/0
8 02:46:15
marka Exp $ */
/*! \file */
...
...
@@ -63,6 +63,7 @@
#ifdef DLZ
#include <dns/dlz.h>
#endif
#include <dns/dns64.h>
#include <dns/forward.h>
#include <dns/journal.h>
#include <dns/keytable.h>
...
...
@@ -1356,6 +1357,7 @@ configure_view(dns_view_t *view, cfg_parser_t* parser,
isc_boolean_t
zero_no_soattl
;
cfg_parser_t
*
newzones_parser
=
NULL
;
cfg_obj_t
*
nzfconf
=
NULL
;
dns_acl_t
*
clients
=
NULL
,
*
mapped
=
NULL
,
*
excluded
=
NULL
;
REQUIRE
(
DNS_VIEW_VALID
(
view
));
...
...
@@ -1618,6 +1620,89 @@ configure_view(dns_view_t *view, cfg_parser_t* parser,
INSIST
(
result
==
ISC_R_SUCCESS
);
zero_no_soattl
=
cfg_obj_asboolean
(
obj
);
obj
=
NULL
;
result
=
ns_config_get
(
maps
,
"dns64"
,
&
obj
);
if
(
result
==
ISC_R_SUCCESS
&&
strcmp
(
view
->
name
,
"_bind"
)
&&
strcmp
(
view
->
name
,
"_meta"
))
{
const
cfg_listelt_t
*
element
;
isc_netaddr_t
na
,
suffix
,
*
sp
;
unsigned
int
prefixlen
;
for
(
element
=
cfg_list_first
(
obj
);
element
!=
NULL
;
element
=
cfg_list_next
(
element
))
{
const
cfg_obj_t
*
map
=
cfg_listelt_value
(
element
);
dns_dns64_t
*
dns64
=
NULL
;
unsigned
int
dns64options
=
0
;
cfg_obj_asnetprefix
(
cfg_map_getname
(
map
),
&
na
,
&
prefixlen
);
obj
=
NULL
;
(
void
)
cfg_map_get
(
map
,
"suffix"
,
&
obj
);
if
(
obj
!=
NULL
)
{
sp
=
&
suffix
;
isc_netaddr_fromsockaddr
(
sp
,
cfg_obj_assockaddr
(
obj
));
}
else
sp
=
NULL
;
clients
=
mapped
=
excluded
=
NULL
;
obj
=
NULL
;
(
void
)
cfg_map_get
(
map
,
"clients"
,
&
obj
);
if
(
obj
!=
NULL
)
{
result
=
cfg_acl_fromconfig
(
obj
,
config
,
ns_g_lctx
,
actx
,
mctx
,
0
,
&
clients
);
if
(
result
!=
ISC_R_SUCCESS
)
goto
cleanup
;
}
obj
=
NULL
;
(
void
)
cfg_map_get
(
map
,
"mapped"
,
&
obj
);
if
(
obj
!=
NULL
)
{
result
=
cfg_acl_fromconfig
(
obj
,
config
,
ns_g_lctx
,
actx
,
mctx
,
0
,
&
mapped
);
if
(
result
!=
ISC_R_SUCCESS
)
goto
cleanup
;
}
obj
=
NULL
;
(
void
)
cfg_map_get
(
map
,
"exclude"
,
&
obj
);
if
(
obj
!=
NULL
)
{
result
=
cfg_acl_fromconfig
(
obj
,
config
,
ns_g_lctx
,
actx
,
mctx
,
0
,
&
excluded
);
if
(
result
!=
ISC_R_SUCCESS
)
goto
cleanup
;
}
obj
=
NULL
;
(
void
)
cfg_map_get
(
map
,
"recursive-only"
,
&
obj
);
if
(
obj
!=
NULL
&&
cfg_obj_asboolean
(
obj
))
dns64options
|=
DNS_DNS64_RECURSIVE_ONLY
;
obj
=
NULL
;
(
void
)
cfg_map_get
(
map
,
"break-dnssec"
,
&
obj
);
if
(
obj
!=
NULL
&&
cfg_obj_asboolean
(
obj
))
dns64options
|=
DNS_DNS64_BREAK_DNSSEC
;
result
=
dns_dns64_create
(
mctx
,
&
na
,
prefixlen
,
sp
,
clients
,
mapped
,
excluded
,
dns64options
,
&
dns64
);
if
(
result
!=
ISC_R_SUCCESS
)
goto
cleanup
;
dns_dns64_append
(
&
view
->
dns64
,
dns64
);
view
->
dns64cnt
++
;
if
(
clients
!=
NULL
)
dns_acl_detach
(
&
clients
);
if
(
mapped
!=
NULL
)
dns_acl_detach
(
&
mapped
);
if
(
excluded
!=
NULL
)
dns_acl_detach
(
&
excluded
);
}
}
obj
=
NULL
;
result
=
ns_config_get
(
maps
,
"dnssec-accept-expired"
,
&
obj
);
INSIST
(
result
==
ISC_R_SUCCESS
);
...
...
@@ -2518,6 +2603,12 @@ configure_view(dns_view_t *view, cfg_parser_t* parser,
result
=
ISC_R_SUCCESS
;
cleanup:
if
(
clients
!=
NULL
)
dns_acl_detach
(
&
clients
);
if
(
mapped
!=
NULL
)
dns_acl_detach
(
&
mapped
);
if
(
excluded
!=
NULL
)
dns_acl_detach
(
&
excluded
);
if
(
ring
!=
NULL
)
dns_tsigkeyring_destroy
(
&
ring
);
if
(
zone
!=
NULL
)
...
...
bin/tests/system/conf.sh.in
View file @
e3344054
...
...
@@ -15,7 +15,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: conf.sh.in,v 1.5
3
2010/12/0
7
02:
53:33
marka Exp $
# $Id: conf.sh.in,v 1.5
4
2010/12/0
8
02:
46:15
marka Exp $
#
# Common configuration data for system tests, to be sourced into
...
...
@@ -53,7 +53,7 @@ JOURNALPRINT=$TOP/bin/tools/named-journalprint
# load on the machine to make it unusable to other users.
# v6synth
SUBDIRS
=
"acl allow_query addzone autosign cacheclean checkconf checknames
dlv @DLZ_SYSTEM_TEST@ dnssec forward glue ixfr limits lwresd
dlv @DLZ_SYSTEM_TEST@
dns64
dnssec forward glue ixfr limits lwresd
masterfile masterformat metadata notify nsupdate pending pkcs11
resolver rrsetorder sortlist smartsign stub tkey unknown upforwd
views xfer xferquota zonechecks"
...
...
bin/tests/system/dns64/clean.sh
0 → 100644
View file @
e3344054
#!/bin/sh
rm
-f
ns1/K
*
rm
-f
ns1/signed.db
*
rm
-f
ns1/dsset-signed.
bin/tests/system/dns64/ns1/example.db
0 → 100644
View file @
e3344054
; Copyright
$TTL 3600
@ SOA ns1 marka.isc.org. 0 0 0 0 1200
@ NS ns1
ns1 A 10.53.0.1
excluded-good-a AAAA 2001:eeee::1
A 1.2.3.4
excluded-bad-a AAAA 2001:eeee::2
A 10.0.0.1
excluded-only AAAA 2001:eeee::3
partially-excluded-good-a AAAA 2001:eeee::1
AAAA 2001::1
A 1.2.3.4
partially-excluded-bad-a AAAA 2001:eeee::2
AAAA 2001::2
A 10.0.0.1
partially-excluded-only AAAA 2001:eeee::3
AAAA 2001::3
a-only A 1.2.3.5
a-and-aaaa AAAA 2001::1
A 1.2.3.6
aaaa-only AAAA 2001::2
a-not-mapped A 10.0.0.2
mx-only MX 10 ns.example.
cname-excluded-good-a CNAME excluded-good-a
cname-excluded-bad-a CNAME excluded-bad-a
cname-excluded-only CNAME excluded-only
cname-partial-excluded-good-a CNAME partial-excluded-good-a
cname-partial-excluded-bad-a CNAME partial-excluded-bad-a
cname-partial-excluded-only CNAME partial-excluded-only
cname-a-only CNAME a-only
cname-a-and-aaaa CNAME a-and-aaaa
cname-aaaa-only CNAME aaaa-only
cname-a-not-mapped CNAME a-not-mapped
cname-mx-only CNAME mx-only
cname-non-existent CNAME non-existent
bin/tests/system/dns64/ns1/named.conf
0 → 100644
View file @
e3344054
/*
*
Copyright
(
C
)
2004
,
2006
,
2007
Internet
Systems
Consortium
,
Inc
. (
"ISC"
)
*
Copyright
(
C
)
2000
,
2001
Internet
Software
Consortium
.
*
*
Permission
to
use
,
copy
,
modify
,
and
/
or
distribute
this
software
for
any
*
purpose
with
or
without
fee
is
hereby
granted
,
provided
that
the
above
*
copyright
notice
and
this
permission
notice
appear
in
all
copies
.
*
*
THE
SOFTWARE
IS
PROVIDED
"AS IS"
AND
ISC
DISCLAIMS
ALL
WARRANTIES
WITH
*
REGARD
TO
THIS
SOFTWARE
INCLUDING
ALL
IMPLIED
WARRANTIES
OF
MERCHANTABILITY
*
AND
FITNESS
.
IN
NO
EVENT
SHALL
ISC
BE
LIABLE
FOR
ANY
SPECIAL
,
DIRECT
,
*
INDIRECT
,
OR
CONSEQUENTIAL
DAMAGES
OR
ANY
DAMAGES
WHATSOEVER
RESULTING
FROM
*
LOSS
OF
USE
,
DATA
OR
PROFITS
,
WHETHER
IN
AN
ACTION
OF
CONTRACT
,
NEGLIGENCE
*
OR
OTHER
TORTIOUS
ACTION
,
ARISING
OUT
OF
OR
IN
CONNECTION
WITH
THE
USE
OR
*
PERFORMANCE
OF
THIS
SOFTWARE
.
*/
/* $
Id
:
named
.
conf
,
v
1
.
2
2010
/
12
/
08
02
:
46
:
15
marka
Exp
$ */
//
NS1
controls
{ /*
empty
*/ };
acl
rfc1918
{
10
/
8
;
192
.
168
/
16
;
172
.
16
/
12
; };
options
{
query
-
source
address
10
.
53
.
0
.
1
;
notify
-
source
10
.
53
.
0
.
1
;
transfer
-
source
10
.
53
.
0
.
1
;
port
5300
;
pid
-
file
"named.pid"
;
listen
-
on
{
10
.
53
.
0
.
1
; };
listen
-
on
-
v6
{
none
; };
allow
-
recursion
{
10
.
53
.
0
.
1
; };
notify
yes
;
dnssec
-
enable
yes
;
dnssec
-
validation
yes
;
dns64
2001
:
bbbb
::/
96
{
clients
{
any
; };
mapped
{ !
rfc1918
;
any
; };
exclude
{
2001
:
eeee
::/
32
;
64
:
FF9B
::/
96
; ::
ffff
:
0000
:
0000
/
96
; };
suffix
::;
recursive
-
only
yes
;
};
};
zone
"."
{
type
master
;
file
"root.db"
;
};
zone
"example"
{
type
master
;
file
"example.db"
;
};
zone
"signed"
{
type
master
;
file
"signed.db.signed"
;
};
//
include
"trusted.conf"
;
bin/tests/system/dns64/ns1/root.db
0 → 100644
View file @
e3344054
; Copyright
$TTL 3600
@ SOA a.root-servers.nil. marka.isc.org. 0 0 0 0 0
@ NS a.root-servers.nil.
a.root-servers.nil. A 10.53.0.1
example NS ns1.example.
ns1.example. A 10.53.0.1
signed NS ns1.example.
ns1.signed. A 10.53.0.1
bin/tests/system/dns64/ns1/sign.sh
0 → 100644
View file @
e3344054
#!/bin/sh -e
#
# Copyright (C) 2004, 2006-2010 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2000-2003 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: sign.sh,v 1.2 2010/12/08 02:46:16 marka Exp $
SYSTEMTESTTOP
=
../..
.
$SYSTEMTESTTOP
/conf.sh
RANDFILE
=
../random.data
zone
=
signed
infile
=
example.db
zonefile
=
signed.db
key1
=
`
$KEYGEN
-q
-r
$RANDFILE
$zone
`
key2
=
`
$KEYGEN
-q
-r
$RANDFILE
-fk
$zone
`
cat
$infile
$key1
.key
$key2
.key
>
$zonefile
$SIGNER
-P
-g
-r
$RANDFILE
-o
$zone
$zonefile
>
/dev/null
bin/tests/system/dns64/ns2/named.conf
0 → 100644
View file @
e3344054
/*
*
Copyright
(
C
)
2010
Internet
Systems
Consortium
,
Inc
. (
"ISC"
)
*
*
Permission
to
use
,
copy
,
modify
,
and
/
or
distribute
this
software
for
any
*
purpose
with
or
without
fee
is
hereby
granted
,
provided
that
the
above
*
copyright
notice
and
this
permission
notice
appear
in
all
copies
.
*
*
THE
SOFTWARE
IS
PROVIDED
"AS IS"
AND
ISC
DISCLAIMS
ALL
WARRANTIES
WITH
*
REGARD
TO
THIS
SOFTWARE
INCLUDING
ALL
IMPLIED
WARRANTIES
OF
MERCHANTABILITY
*
AND
FITNESS
.
IN
NO
EVENT
SHALL
ISC
BE
LIABLE
FOR
ANY
SPECIAL
,
DIRECT
,
*
INDIRECT
,
OR
CONSEQUENTIAL
DAMAGES
OR
ANY
DAMAGES
WHATSOEVER
RESULTING
FROM
*
LOSS
OF
USE
,
DATA
OR
PROFITS
,
WHETHER
IN
AN
ACTION
OF
CONTRACT
,
NEGLIGENCE
*
OR
OTHER
TORTIOUS
ACTION
,
ARISING
OUT
OF
OR
IN
CONNECTION
WITH
THE
USE
OR
*
PERFORMANCE
OF
THIS
SOFTWARE
.
*/
/* $
Id
:
named
.
conf
,
v
1
.
2
2010
/
12
/
08
02
:
46
:
16
marka
Exp
$ */
//
NS2
controls
{ /*
empty
*/ };
acl
rfc1918
{
10
/
8
;
192
.
168
/
16
;
172
.
16
/
12
; };
options
{
query
-
source
address
10
.
53
.
0
.
2
;
notify
-
source
10
.
53
.
0
.
2
;
transfer
-
source
10
.
53
.
0
.
2
;
port
5300
;
pid
-
file
"named.pid"
;
listen
-
on
{
10
.
53
.
0
.
2
; };
listen
-
on
-
v6
{
none
; };
recursion
yes
;
notify
yes
;
dnssec
-
enable
yes
;
dnssec
-
validation
yes
;
dns64
2001
:
aaaa
::/
96
{
clients
{
10
.
53
.
0
.
2
; };
mapped
{ !
rfc1918
;
any
; };
exclude
{
2001
:
eeee
::/
32
;
64
:
FF9B
::/
96
; ::
ffff
:
0000
:
0000
/
96
; };
suffix
::;
};
dns64
64
:
FF9B
::/
96
{
clients
{
10
.
53
.
0
.
1
; };
mapped
{ !
192
.
228
.
79
.
201
; !
rfc1918
;
any
; };
exclude
{
64
:
FF9B
::/
96
; ::
ffff
:
0000
:
0000
/
96
; };
suffix
::;
};
};
zone
"."
{
type
hint
;
file
"../../common/root.hint"
;
};
bin/tests/system/dns64/setup.sh
0 → 100644
View file @
e3344054
#!/bin/sh -e
#
# Copyright (C) 2004, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2000, 2001 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: setup.sh,v 1.2 2010/12/08 02:46:15 marka Exp $
../../../tools/genrandom 400 random.data
sh clean.sh
cd
ns1
&&
sh sign.sh
bin/tests/system/dns64/tests.sh
0 → 100644
View file @
e3344054
This diff is collapsed.
Click to expand it.
doc/arm/Bv9ARM-book.xml
View file @
e3344054
...
...
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- File: $Id: Bv9ARM-book.xml,v 1.46
5
2010/
09/21 19:47:57 ebersman
Exp $ -->
<!-- File: $Id: Bv9ARM-book.xml,v 1.46
6
2010/
12/08 02:46:16 marka
Exp $ -->
<book xmlns:xi="http://www.w3.org/2001/XInclude">
<title>BIND 9 Administrator Reference Manual</title>
...
...
@@ -5120,6 +5120,14 @@ badresp:1,adberr:0,findfail:0,valfail:0]
<optional> match-mapped-addresses <replaceable>yes_or_no</replaceable>; </optional>
<optional> filter-aaaa-on-v4 ( <replaceable>yes_or_no</replaceable> | <replaceable>break-dnssec</replaceable> ); </optional>
<optional> filter-aaaa { <replaceable>address_match_list</replaceable> }; </optional>
<optional> dns64 <replaceable>IPv6-prefix</replaceable> {
<optional> clients { <replaceable>address_match_list</replaceable> }; </optional>
<optional> mapped { <replaceable>address_match_list</replaceable> }; </optional>
<optional> exclude { <replaceable>address_match_list</replaceable> }; </optional>
<optional> suffix IPv6-address; </optional>
<optional> recursion-only <replaceable>yes_or_no</replaceable>; </optional>
<optional> break-dnssec <replaceable>yes_or_no</replaceable>; </optional>
}; </optional>;
<optional> preferred-glue ( <replaceable>A</replaceable> | <replaceable>AAAA</replaceable> | <replaceable>NONE</replaceable> ); </optional>
<optional> edns-udp-size <replaceable>number</replaceable>; </optional>
<optional> max-udp-size <replaceable>number</replaceable>; </optional>
...
...
@@ -5710,6 +5718,63 @@ options {
</listitem>
</varlistentry>
<varlistentry>
<term><command>dns64</command></term>
<listitem>
<para>
This directive instructs <command>named</command> to
return mapped IPv4 addresses to AAAA queries when
there are no AAAA records. It is intended to be
used in conjunction with a NAT64. Each
<command>dns64</command> defines one DNS64 prefix.
Multiple DNS64 prefixes can be defined.
</para>
<para>
Compatible IPv6 prefixes have lengths of 32, 40, 48, 56,
64 and 96 as per RFC 6052.
</para>
<para>
Each <command>dns64</command> supports a optional
<command>clients</command> acl which defines which clients
see this directive. If not defined it defaults to
<userinput>any;</userinput>.
</para>
<para>
Each <command>dns64</command> supports a optional
<command>mapped</command> acl which selects which
IPv4 addresses are to be mapped are in the corresponding
A RRset. If not defined it defaults to
<userinput>any;</userinput>.
</para>
<para>
Each <command>dns64</command> supports a optional
<command>exclude</command> acl which selects which
IPv6 addresses will be ignored for the purposes
of determining if dns64 is to be applied. Any
non matching address will prevent any further
DNS64 processing from occuring for this client.
</para>
<para>
A optional <command>suffix</command> can also
be defined to set the bits trailing the mapped
IPv4 address bits. By default these bits are
set to <userinput>::</userinput>. The bits
matching the prefix and mapped IPv4 address
must be zero.
</para>
<programlisting>
acl rfc1918 { 10/8; 192.168/16; 172.16/12; };
dns64 64:FF9B::/96 {
clients { any; };
mapped { !rfc1918; any; };
exclude { 64:FF9B::/96; ::ffff:0000:0000/96; };
suffix ::;
};
</programlisting>
</listitem>
</varlistentry>
</variablelist>
<sect3 id="boolean_options">
...
...
doc/misc/options
View file @
e3344054
...
...
@@ -100,6 +100,14 @@ options {
directory <quoted_string>;
disable-algorithms <string> { <string>; ... };
disable-empty-zone <string>;
dns64 <netprefix> {
break-dnssec <boolean>;
clients { <address_match_element>; ... };
exclude { <address_match_element>; ... };
mapped { <address_match_element>; ... };
recursive-only <boolean>;
suffix <ipv6_address>;
};
dnssec-accept-expired <boolean>;
dnssec-dnskey-kskonly <boolean>;
dnssec-enable <boolean>;
...
...
@@ -303,6 +311,14 @@ view <string> <optional_class> {
dlz <string> {
database <string>;
};
dns64 <netprefix> {
break-dnssec <boolean>;
clients { <address_match_element>; ... };
exclude { <address_match_element>; ... };
mapped { <address_match_element>; ... };
recursive-only <boolean>;
suffix <ipv6_address>;
};
dnssec-accept-expired <boolean>;
dnssec-dnskey-kskonly <boolean>;
dnssec-enable <boolean>;
...
...
lib/bind9/check.c
View file @
e3344054
...
...
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: check.c,v 1.12
0
2010/
08/11 18:14:19 each
Exp $ */
/* $Id: check.c,v 1.12
1
2010/
12/08 02:46:16 marka
Exp $ */
/*! \file */
...
...
@@ -418,6 +418,106 @@ check_viewacls(cfg_aclconfctx_t *actx, const cfg_obj_t *voptions,
return
(
result
);
}
static
const
unsigned
char
zeros
[
16
];
static
isc_result_t
check_dns64
(
cfg_aclconfctx_t
*
actx
,
const
cfg_obj_t
*
voptions
,
const
cfg_obj_t
*
config
,
isc_log_t
*
logctx
,
isc_mem_t
*
mctx
)
{
isc_result_t
result
=
ISC_R_SUCCESS
;
const
cfg_obj_t
*
dns64
=
NULL
;
const
cfg_obj_t
*
options
;
const
cfg_listelt_t
*
element
;
const
cfg_obj_t
*
map
,
*
obj
;
isc_netaddr_t
na
,
sa
;
unsigned
int
prefixlen
;
int
nbytes
;
int
i
;
static
const
char
*
acls
[]
=
{
"client"
,
"exclude"
,
"mapped"
,
NULL
};
if
(
voptions
!=
NULL
)
cfg_map_get
(
voptions
,
"dns64"
,
&
dns64
);
if
(
config
!=
NULL
&&
dns64
==
NULL
)
{
options
=
NULL
;
cfg_map_get
(
config
,
"options"
,
&
options
);
if
(
options
!=
NULL
)
cfg_map_get
(
options
,
"dns64"
,
&
dns64
);
}
if
(
dns64
==
NULL
)
return
(
ISC_R_SUCCESS
);
for
(
element
=
cfg_list_first
(
dns64
);
element
!=
NULL
;
element
=
cfg_list_next
(
element
))
{
map
=
cfg_listelt_value
(
element
);
obj
=
cfg_map_getname
(
map
);
cfg_obj_asnetprefix
(
obj
,
&
na
,
&
prefixlen
);
if
(
na
.
family
!=
AF_INET6
)
{
cfg_obj_log
(
map
,
logctx
,
ISC_LOG_ERROR
,
"dns64 requires a IPv6 prefix"
);
result
=
ISC_R_FAILURE
;
continue
;
}
if
(
prefixlen
!=
32
&&
prefixlen
!=
40
&&
prefixlen
!=
48
&&
prefixlen
!=
56
&&
prefixlen
!=
64
&&
prefixlen
!=
96
)
{
cfg_obj_log
(
map
,
logctx
,
ISC_LOG_ERROR
,
"bad prefix length %u [32/40/48/56/64/96]"
,
prefixlen
);
result
=
ISC_R_FAILURE
;
continue
;
}
for
(
i
=
0
;
acls
[
i
]
!=
NULL
;
i
++
)
{
obj
=
NULL
;
(
void
)
cfg_map_get
(
map
,
acls
[
i
],
&
obj
);
if
(
obj
!=
NULL
)
{
dns_acl_t
*
acl
=
NULL
;
isc_result_t
tresult
;
tresult
=
cfg_acl_fromconfig
(
obj
,
config
,