Commit 9ef78585 authored by Thomas Markwalder's avatar Thomas Markwalder

[#1,!2] Fix server interpretation of guard record results in DSMM

Added a release note

common/dns.c
    build_dsmm_fwd_add3() -  modified to add a prerequisite when
    ddns-guard-id-must-match is enabled.
parent 787b8c03
......@@ -107,7 +107,15 @@ by Eric Young (eay@cryptsoft.com).
- Bind9 now defaults to requiring python to build. The Makefile for
building Bind9 when bundled with ISC DHCP was modified to turn off
this dependency.
[ISC-Bugs #3,!1 git #cc35f84943df44dac2499f3e16e8aaba7d54191d]
[ISC-Bugs #3,!1 git #cc35f84943df44dac2499f3e16e8aaba7d54191d]
- Corrected a dual-stack mixed-mode issue that occurs when both
ddns-guard-id-must-match and ddns-other-guard-is-dynamic
are enabled and that caused the server to incorrectly interpret
the presence of a guard record belonging to another client as
a case of no guard record at all. Thanks to Fernando Soto
from BlueCat Networks for reporting this issue.
[ISC-Bugs #1, !2 git TBD]
Changes since 4.4.0 (New Features)
- none
......
......@@ -3,7 +3,7 @@
Domain Name Service subroutines. */
/*
* Copyright (c) 2004-2017 by Internet Systems Consortium, Inc. ("ISC")
* Copyright (c) 2004-2019 by Internet Systems Consortium, Inc. ("ISC")
* Copyright (c) 2001-2003 by Internet Software Consortium
*
* This Source Code Form is subject to the terms of the Mozilla Public
......@@ -2047,7 +2047,7 @@ build_dsmm_fwd_add3(dhcp_ddns_cb_t *ddns_cb,
* When we're In Dual Stack Mixed Mode and ddns-other-guard-is-dynamic is ON
* we need only determine if a guard record of the other type exists, to know
* if we can add/replace and address record of our type. In other words,
* the presence of a dynamic entry made belonging to the "other" stack means
* the presence of a dynamic entry belonging to the "other" stack means
* all entries for this name should be dynamic and we overwrite an unguarded
* address record of our type.
*
......@@ -2073,6 +2073,25 @@ build_dsmm_fwd_add3_other(dhcp_ddns_cb_t *ddns_cb,
log_call("build_fwd_add3_other", pname, uname);
#endif
/* Construct the prereq list */
// If ID matching is on, a result of NXRRSET from add2 means
// either there is no guard of my type, or there is but
// it does not match this client. We need to distinguish
// between those two cases here and only allow this add
// if there is no guard of my type.
if (ddns_cb->flags & DDNS_GUARD_ID_MUST_MATCH) {
/* No guard record of my type exists */
result = make_dns_dataset(dns_rdataclass_none,
ddns_cb->dhcid_class,
dataspace, NULL, 0, 0);
if (result != ISC_R_SUCCESS) {
return(result);
}
ISC_LIST_APPEND(pname->list, &dataspace->rdataset, link);
dataspace++;
}
/* A guard record of the other type exists */
result = make_dns_dataset(dns_rdataclass_any,
ddns_cb->other_dhcid_class,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment