Commit f0fa5ce3 authored by Mark Andrews's avatar Mark Andrews
Browse files

check that bits 64..71 in a dns64 prefix are zero

(cherry picked from commit a7ec7eb6)
parent 31998f2b
......@@ -9,12 +9,13 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
rm -f ns*/named.conf
rm -f ns1/K*
rm -f ns1/signed.db*
rm -f ns1/dsset-signed.
rm -f */named.memstats
rm -f */named.run
rm -f checkconf.out*
rm -f dig.out.*
rm -f ns*/named.lock
rm -f ns*/managed-keys.bind*
rm -f ns*/named.conf
rm -f ns*/named.lock
rm -f ns1/K*
rm -f ns1/dsset-signed.
rm -f ns1/signed.db*
options {
dns64 ::/32 { suffix ::8000:0000:0000:0000; }; /* bits [64..71] MBZ */
};
options {
dns64 ::/32 { suffix ::0100:0000:0000:0000; }; /* bits [64..71] MBZ */
};
options {
dns64 0000:0000:0000:0000:0100:000f::/96 { }; /* bits [64..71] MBZ */
};
options {
dns64 0000:0000:0000:0000:0200:000f::/96 { }; /* bits [64..71] MBZ */
};
options {
dns64 0000:0000:0000:0000:0400:000f::/96 { }; /* bits [64..71] MBZ */
};
options {
dns64 0000:0000:0000:0000:0800:000f::/96 { }; /* bits [64..71] MBZ */
};
options {
dns64 0000:0000:0000:0000:1000:000f::/96 { }; /* bits [64..71] MBZ */
};
options {
dns64 0000:0000:0000:0000:2000:000f::/96 { }; /* bits [64..71] MBZ */
};
options {
dns64 0000:0000:0000:0000:4000:000f::/96 { }; /* bits [64..71] MBZ */
};
options {
dns64 0000:0000:0000:0000:8000:000f::/96 { }; /* bits [64..71] MBZ */
};
......@@ -39,6 +39,19 @@ do
status=`expr $status + $ret`
done
for conf in conf/warn*.conf
do
echo_i "checking that $conf produces a warning ($n)"
ret=0
$CHECKCONF "$conf" > checkconf.out$n || ret=1
l=`wc -l < checkconf.out$n`
grep "warning" checkconf.out$n > /dev/null || ret=1
test $l -ne 0 || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
done
# Check the example. domain
echo_i "checking non-excluded AAAA lookup works ($n)"
......
......@@ -5145,7 +5145,9 @@ options {
</para>
<para>
Compatible IPv6 prefixes have lengths of 32, 40, 48, 56,
64 and 96 as per RFC 6052.
64 and 96 as per RFC 6052. Bits 64..71 inclusive must
be zero with the most significate bit of the prefix in
position 0.
</para>
<para>
Additionally a reverse IP6.ARPA zone will be created for
......
......@@ -530,6 +530,12 @@ check_dns64(cfg_aclconfctx_t *actx, const cfg_obj_t *voptions,
continue;
}
if (na.type.in6.s6_addr[8] != 0) {
cfg_obj_log(map, logctx, ISC_LOG_WARNING,
"warning: invalid prefix, bits [64..71] "
"must be zero");
}
if (prefixlen != 32 && prefixlen != 40 && prefixlen != 48 &&
prefixlen != 56 && prefixlen != 64 && prefixlen != 96) {
cfg_obj_log(map, logctx, ISC_LOG_ERROR,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment