Commit 9ef78585 authored by Thomas Markwalder's avatar Thomas Markwalder

[#1,!2] Fix server interpretation of guard record results in DSMM

Added a release note

common/dns.c
    build_dsmm_fwd_add3() -  modified to add a prerequisite when
    ddns-guard-id-must-match is enabled.
parent 787b8c03
...@@ -107,7 +107,15 @@ by Eric Young (eay@cryptsoft.com). ...@@ -107,7 +107,15 @@ by Eric Young (eay@cryptsoft.com).
- Bind9 now defaults to requiring python to build. The Makefile for - Bind9 now defaults to requiring python to build. The Makefile for
building Bind9 when bundled with ISC DHCP was modified to turn off building Bind9 when bundled with ISC DHCP was modified to turn off
this dependency. this dependency.
[ISC-Bugs #3,!1 git #cc35f84943df44dac2499f3e16e8aaba7d54191d] [ISC-Bugs #3,!1 git #cc35f84943df44dac2499f3e16e8aaba7d54191d]
- Corrected a dual-stack mixed-mode issue that occurs when both
ddns-guard-id-must-match and ddns-other-guard-is-dynamic
are enabled and that caused the server to incorrectly interpret
the presence of a guard record belonging to another client as
a case of no guard record at all. Thanks to Fernando Soto
from BlueCat Networks for reporting this issue.
[ISC-Bugs #1, !2 git TBD]
Changes since 4.4.0 (New Features) Changes since 4.4.0 (New Features)
- none - none
......
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
Domain Name Service subroutines. */ Domain Name Service subroutines. */
/* /*
* Copyright (c) 2004-2017 by Internet Systems Consortium, Inc. ("ISC") * Copyright (c) 2004-2019 by Internet Systems Consortium, Inc. ("ISC")
* Copyright (c) 2001-2003 by Internet Software Consortium * Copyright (c) 2001-2003 by Internet Software Consortium
* *
* This Source Code Form is subject to the terms of the Mozilla Public * This Source Code Form is subject to the terms of the Mozilla Public
...@@ -2047,7 +2047,7 @@ build_dsmm_fwd_add3(dhcp_ddns_cb_t *ddns_cb, ...@@ -2047,7 +2047,7 @@ build_dsmm_fwd_add3(dhcp_ddns_cb_t *ddns_cb,
* When we're In Dual Stack Mixed Mode and ddns-other-guard-is-dynamic is ON * When we're In Dual Stack Mixed Mode and ddns-other-guard-is-dynamic is ON
* we need only determine if a guard record of the other type exists, to know * we need only determine if a guard record of the other type exists, to know
* if we can add/replace and address record of our type. In other words, * if we can add/replace and address record of our type. In other words,
* the presence of a dynamic entry made belonging to the "other" stack means * the presence of a dynamic entry belonging to the "other" stack means
* all entries for this name should be dynamic and we overwrite an unguarded * all entries for this name should be dynamic and we overwrite an unguarded
* address record of our type. * address record of our type.
* *
...@@ -2073,6 +2073,25 @@ build_dsmm_fwd_add3_other(dhcp_ddns_cb_t *ddns_cb, ...@@ -2073,6 +2073,25 @@ build_dsmm_fwd_add3_other(dhcp_ddns_cb_t *ddns_cb,
log_call("build_fwd_add3_other", pname, uname); log_call("build_fwd_add3_other", pname, uname);
#endif #endif
/* Construct the prereq list */ /* Construct the prereq list */
// If ID matching is on, a result of NXRRSET from add2 means
// either there is no guard of my type, or there is but
// it does not match this client. We need to distinguish
// between those two cases here and only allow this add
// if there is no guard of my type.
if (ddns_cb->flags & DDNS_GUARD_ID_MUST_MATCH) {
/* No guard record of my type exists */
result = make_dns_dataset(dns_rdataclass_none,
ddns_cb->dhcid_class,
dataspace, NULL, 0, 0);
if (result != ISC_R_SUCCESS) {
return(result);
}
ISC_LIST_APPEND(pname->list, &dataspace->rdataset, link);
dataspace++;
}
/* A guard record of the other type exists */ /* A guard record of the other type exists */
result = make_dns_dataset(dns_rdataclass_any, result = make_dns_dataset(dns_rdataclass_any,
ddns_cb->other_dhcid_class, ddns_cb->other_dhcid_class,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment