Commit 65314b0f authored by Evan Hunt's avatar Evan Hunt

[master] "enable-filter-aaaa" no longer optional

4786.	[func]		The "filter-aaaa-on-v4" and "filter-aaaa-on-v6"
			options are no longer conditionally compiled.
			[RT #46340]
parent 80739779
4786. [func] The "filter-aaaa-on-v4" and "filter-aaaa-on-v6"
options are no longer conditionally compiled.
[RT #46340]
4785. [func] The hmac-md5 algorithm is no longer recommended for
use with RNDC keys. For compatibility reasons, it
it is still the default algorithm in rndc-confgen,
......
......@@ -156,12 +156,10 @@ options {\n\
# fetch-glue <obsolete>;\n\
fetch-quota-params 100 0.1 0.3 0.7;\n\
fetches-per-server 0;\n\
fetches-per-zone 0;\n"
#ifdef ALLOW_FILTER_AAAA
" filter-aaaa-on-v4 no;\n\
fetches-per-zone 0;\n\
filter-aaaa-on-v4 no;\n\
filter-aaaa-on-v6 no;\n\
filter-aaaa { any; };\n"
#endif
#ifdef HAVE_GEOIP
" geoip-use-ecs yes;\n"
#endif
......
......@@ -4874,7 +4874,6 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
dns_quotatype_zone, r);
}
#ifdef ALLOW_FILTER_AAAA
obj = NULL;
result = named_config_get(maps, "filter-aaaa-on-v4", &obj);
INSIST(result == ISC_R_SUCCESS);
......@@ -4909,7 +4908,7 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
CHECK(configure_view_acl(vconfig, config, "filter-aaaa", NULL,
actx, named_g_mctx, &view->aaaa_acl));
#endif
obj = NULL;
result = named_config_get(maps, "prefetch", &obj);
if (result == ISC_R_SUCCESS) {
......
......@@ -36,7 +36,6 @@ usage() {
fprintf(stderr, "args:\n");
fprintf(stderr, " --edns-version\n");
fprintf(stderr, " --enable-dnsrps\n");
fprintf(stderr, " --enable-filter-aaaa\n");
fprintf(stderr, " --gethostname\n");
fprintf(stderr, " --gssapi\n");
fprintf(stderr, " --have-dlopen\n");
......@@ -63,14 +62,6 @@ main(int argc, char **argv) {
#endif
}
if (strcmp(argv[1], "--enable-filter-aaaa") == 0) {
#ifdef ALLOW_FILTER_AAAA
return (0);
#else
return (1);
#endif
}
if (strcmp(argv[1], "--edns-version") == 0) {
#ifdef DNS_EDNS_VERSION
printf("%d\n", DNS_EDNS_VERSION);
......
#!/bin/sh
#
# Copyright (C) 2010, 2012, 2014, 2016 Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
$FEATURETEST --enable-filter-aaaa || {
echo "I:This test requires --enable-filter-aaaa at compile time." >&2
exit 255
}
exit 0
......@@ -141,10 +141,6 @@ int sigwait(const unsigned int *set, int *sig);
/* Use AES for Client Cookie generation */
#undef AES_CC
/* Define to enable the "filter-aaaa-on-v4" and "filter-aaaa-on-v6" options.
*/
#undef ALLOW_FILTER_AAAA
/* define if ATF unit tests are to be built. */
#undef ATF_TEST
......
......@@ -306,10 +306,6 @@ typedef __int64 off_t;
/* Define to the sockaddr length type used by getnameinfo(3). */
#define IRS_GETNAMEINFO_SOCKLEN_T socklen_t
/* Define to enable the "filter-aaaa-on-v4" and "filter-aaaa-on-v6" options.
*/
@ALLOW_FILTER_AAAA@
/* Define to enable "rrset-order fixed" syntax. */
@DNS_RDATASET_FIXED@
......
......@@ -940,6 +940,7 @@ infodir
docdir
oldincludedir
includedir
runstatedir
localstatedir
sharedstatedir
sysconfdir
......@@ -1033,7 +1034,6 @@ enable_dnsrps_dl
with_dnsrps_libname
with_dnsrps_dir
enable_dnsrps
enable_filter_aaaa
enable_dnstap
with_protobuf_c
with_libfstrm
......@@ -1103,6 +1103,7 @@ datadir='${datarootdir}'
sysconfdir='${prefix}/etc'
sharedstatedir='${prefix}/com'
localstatedir='${prefix}/var'
runstatedir='${localstatedir}/run'
includedir='${prefix}/include'
oldincludedir='/usr/include'
docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
......@@ -1355,6 +1356,15 @@ do
| -silent | --silent | --silen | --sile | --sil)
silent=yes ;;
-runstatedir | --runstatedir | --runstatedi | --runstated \
| --runstate | --runstat | --runsta | --runst | --runs \
| --run | --ru | --r)
ac_prev=runstatedir ;;
-runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
| --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
| --run=* | --ru=* | --r=*)
runstatedir=$ac_optarg ;;
-sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
ac_prev=sbindir ;;
-sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
......@@ -1492,7 +1502,7 @@ fi
for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
datadir sysconfdir sharedstatedir localstatedir includedir \
oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
libdir localedir mandir
libdir localedir mandir runstatedir
do
eval ac_val=\$$ac_var
# Remove trailing slashes.
......@@ -1645,6 +1655,7 @@ Fine tuning of the installation directories:
--sysconfdir=DIR read-only single-machine data [PREFIX/etc]
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
--runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
--libdir=DIR object code libraries [EPREFIX/lib]
--includedir=DIR C header files [PREFIX/include]
--oldincludedir=DIR C header files for non-gcc [/usr/include]
......@@ -1719,7 +1730,6 @@ Optional Features:
--disable-rpz-nsdname disable rpz nsdname rules [default=enabled]
--enable-dnsrps-dl DNS Response Policy Service delayed link [default=$librpz_dl]
--enable-dnsrps enable DNS Response Policy Service API
--enable-filter-aaaa enable filtering of AAAA records [default=no]
--enable-dnstap enable dnstap support (requires fstrm, protobuf-c)
--enable-querytrace enable very verbose query trace logging [default=no]
--enable-full-report report values of all configure options
......@@ -11470,7 +11480,6 @@ yes)
test "${enable_fixed_rrset+set}" = set || enable_fixed_rrset=yes
test "${enable_querytrace+set}" = set || enable_querytrace=yes
test "${with_atf+set}" = set || with_atf=yes
test "${enable_filter_aaaa+set}" = set || enable_filter_aaaa=yes
test "${with_dlz_filesystem+set}" = set || with_dlz_filesystem=yes
test "${enable_symtable+set}" = set || enable_symtable=all
test "${enable_warn_error+set}" = set || enable_warn_error=yes
......@@ -20944,28 +20953,6 @@ $as_echo "#define USE_DNSRPS 1" >>confdefs.h
fi
#
# Activate "filter-aaaa-on-v4/v6" or not?
#
# Check whether --enable-filter-aaaa was given.
if test "${enable_filter_aaaa+set}" = set; then :
enableval=$enable_filter_aaaa; enable_filter="$enableval"
else
enable_filter="no"
fi
case "$enable_filter" in
yes)
$as_echo "#define ALLOW_FILTER_AAAA 1" >>confdefs.h
;;
no)
;;
*)
;;
esac
#
# Activate dnstap?
#
......@@ -26238,8 +26225,6 @@ report() {
echo " DNS Response Policy Service interface (--enable-dnsrps)"
test "yes" = "$enable_fixed" && \
echo " Allow 'fixed' rrset-order (--enable-fixed-rrset)"
test "yes" = "$enable_filter" && \
echo " AAAA filtering (--enable-filter-aaaa)"
test "yes" = "$enable_seccomp" && \
echo " Use libseccomp system call filtering (--enable-seccomp)"
test "yes" = "$want_backtrace" && \
......
......@@ -66,7 +66,6 @@ yes)
test "${enable_fixed_rrset+set}" = set || enable_fixed_rrset=yes
test "${enable_querytrace+set}" = set || enable_querytrace=yes
test "${with_atf+set}" = set || with_atf=yes
test "${enable_filter_aaaa+set}" = set || enable_filter_aaaa=yes
test "${with_dlz_filesystem+set}" = set || with_dlz_filesystem=yes
test "${enable_symtable+set}" = set || enable_symtable=all
test "${enable_warn_error+set}" = set || enable_warn_error=yes
......@@ -4413,24 +4412,6 @@ if test "x$enable_dnsrps" != "xno"; then
AC_DEFINE([USE_DNSRPS], [1], [Enable DNS Response Policy Service API])
fi
#
# Activate "filter-aaaa-on-v4/v6" or not?
#
AC_ARG_ENABLE(filter-aaaa,
[ --enable-filter-aaaa enable filtering of AAAA records [[default=no]]],
enable_filter="$enableval",
enable_filter="no")
case "$enable_filter" in
yes)
AC_DEFINE(ALLOW_FILTER_AAAA, 1,
[Define to enable the "filter-aaaa-on-v4" and "filter-aaaa-on-v6" options.])
;;
no)
;;
*)
;;
esac
#
# Activate dnstap?
#
......@@ -5481,8 +5462,6 @@ report() {
echo " DNS Response Policy Service interface (--enable-dnsrps)"
test "yes" = "$enable_fixed" && \
echo " Allow 'fixed' rrset-order (--enable-fixed-rrset)"
test "yes" = "$enable_filter" && \
echo " AAAA filtering (--enable-filter-aaaa)"
test "yes" = "$enable_seccomp" && \
echo " Use libseccomp system call filtering (--enable-seccomp)"
test "yes" = "$want_backtrace" && \
......
......@@ -6714,10 +6714,7 @@ options {
<term><command>filter-aaaa-on-v4</command></term>
<listitem>
<para>
This option is only available when
<acronym>BIND</acronym> 9 is compiled with the
<userinput>--enable-filter-aaaa</userinput> option on the
"configure" command line. It is intended to help the
This option is intended to help the
transition from IPv4 to IPv6 by not giving IPv6 addresses
to DNS clients unless they have connections to the IPv6
Internet. This is not recommended unless absolutely
......
......@@ -693,6 +693,13 @@
catagory.
</para>
</listitem>
<listitem>
<para>
The <command>filter-aaaa-on-v4</command> and
<command>filter-aaaa-on-v6</command> options are no longer
conditionally compiled in <command>named</command>. [RT #46340]
</para>
</listitem>
</itemizedlist>
</section>
......
......@@ -176,9 +176,7 @@ typedef int dns_messagetextflag_t;
additional section. */
#define DNS_MESSAGERENDER_PREFER_AAAA 0x0010 /*%< prefer AAAA records in
additional section. */
#ifdef ALLOW_FILTER_AAAA
#define DNS_MESSAGERENDER_FILTER_AAAA 0x0020 /*%< filter AAAA records */
#endif
typedef struct dns_msgblock dns_msgblock_t;
......
......@@ -1897,7 +1897,6 @@ wrong_priority(dns_rdataset_t *rds, int pass, dns_rdatatype_t preferred_glue) {
return (ISC_TRUE);
}
#ifdef ALLOW_FILTER_AAAA
/*
* Decide whether to not answer with an AAAA record and its RRSIG
*/
......@@ -1939,7 +1938,6 @@ norender_rdataset(const dns_rdataset_t *rdataset, unsigned int options,
return (ISC_TRUE);
}
#endif
static isc_result_t
renderset(dns_rdataset_t *rdataset, const dns_name_t *owner_name,
......@@ -2100,13 +2098,14 @@ dns_message_rendersection(dns_message_t *msg, dns_section_t sectionid,
preferred_glue))
goto next;
#ifdef ALLOW_FILTER_AAAA
/*
* Suppress AAAAs if asked and we are
* not doing DNSSEC or are breaking DNSSEC.
* Say so in the AD bit if we break DNSSEC.
*/
if (norender_rdataset(rdataset, options, sectionid)) {
if (norender_rdataset(rdataset, options,
sectionid))
{
if (sectionid == DNS_SECTION_ANSWER ||
sectionid == DNS_SECTION_AUTHORITY)
msg->flags &= ~DNS_MESSAGEFLAG_AD;
......@@ -2115,7 +2114,6 @@ dns_message_rendersection(dns_message_t *msg, dns_section_t sectionid,
goto next;
}
#endif
st = *(msg->buffer);
count = 0;
......
......@@ -1895,18 +1895,9 @@ view_clauses[] = {
{ "fetch-quota-params", &cfg_type_fetchquota, 0 },
{ "fetches-per-server", &cfg_type_fetchesper, 0 },
{ "fetches-per-zone", &cfg_type_fetchesper, 0 },
#ifdef ALLOW_FILTER_AAAA
{ "filter-aaaa", &cfg_type_bracketed_aml, 0 },
{ "filter-aaaa-on-v4", &cfg_type_filter_aaaa, 0 },
{ "filter-aaaa-on-v6", &cfg_type_filter_aaaa, 0 },
#else
{ "filter-aaaa", &cfg_type_bracketed_aml,
CFG_CLAUSEFLAG_NOTCONFIGURED },
{ "filter-aaaa-on-v4", &cfg_type_filter_aaaa,
CFG_CLAUSEFLAG_NOTCONFIGURED },
{ "filter-aaaa-on-v6", &cfg_type_filter_aaaa,
CFG_CLAUSEFLAG_NOTCONFIGURED },
#endif
{ "glue-cache", &cfg_type_boolean, 0 },
{ "ixfr-from-differences", &cfg_type_ixfrdifftype, 0 },
{ "lame-ttl", &cfg_type_ttlval, 0 },
......
......@@ -1096,7 +1096,6 @@ client_send(ns_client_t *client) {
preferred_glue = DNS_MESSAGERENDER_PREFER_AAAA;
}
#ifdef ALLOW_FILTER_AAAA
/*
* filter-aaaa-on-v4 yes or break-dnssec option to suppress
* AAAA records.
......@@ -1113,7 +1112,6 @@ client_send(ns_client_t *client) {
if (preferred_glue == DNS_MESSAGERENDER_PREFER_AAAA)
preferred_glue = DNS_MESSAGERENDER_PREFER_A;
}
#endif
/*
* Create an OPT for our reply.
......@@ -3033,9 +3031,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
client->interface = NULL;
client->peeraddr_valid = ISC_FALSE;
dns_ecs_init(&client->ecs);
#ifdef ALLOW_FILTER_AAAA
client->filter_aaaa = dns_aaaa_ok;
#endif
client->needshutdown = ISC_TF((client->sctx->options &
NS_SERVER_CLIENTTEST) != 0);
......
......@@ -141,9 +141,7 @@ struct ns_client {
struct in6_pktinfo pktinfo;
isc_dscp_t dscp;
isc_event_t ctlevent;
#ifdef ALLOW_FILTER_AAAA
dns_aaaa_t filter_aaaa;
#endif
/*%
* Information about recent FORMERR response(s), for
* FORMERR loop avoidance. This is separate for each
......@@ -180,10 +178,8 @@ typedef ISC_LIST(ns_client_t) client_list_t;
#define NS_CLIENTATTR_MULTICAST 0x00008 /*%< recv'd from multicast */
#define NS_CLIENTATTR_WANTDNSSEC 0x00010 /*%< include dnssec records */
#define NS_CLIENTATTR_WANTNSID 0x00020 /*%< include nameserver ID */
#ifdef ALLOW_FILTER_AAAA
#define NS_CLIENTATTR_FILTER_AAAA 0x00040 /*%< suppress AAAAs */
#define NS_CLIENTATTR_FILTER_AAAA_RC 0x00080 /*%< recursing for A against AAAA */
#endif
#define NS_CLIENTATTR_WANTAD 0x00100 /*%< want AD in response if possible */
#define NS_CLIENTATTR_WANTCOOKIE 0x00200 /*%< return a COOKIE */
#define NS_CLIENTATTR_HAVECOOKIE 0x00400 /*%< has a valid COOKIE */
......
......@@ -1832,9 +1832,7 @@ query_addadditional(void *arg, const dns_name_t *name, dns_rdatatype_t qtype) {
}
if (qtype == dns_rdatatype_a) {
#ifdef ALLOW_FILTER_AAAA
isc_boolean_t have_a = ISC_FALSE;
#endif
/*
* We now go looking for A and AAAA records, along with
......@@ -1873,9 +1871,7 @@ query_addadditional(void *arg, const dns_name_t *name, dns_rdatatype_t qtype) {
dns_rdataset_disassociate(sigrdataset);
} else if (result == ISC_R_SUCCESS) {
mname = NULL;
#ifdef ALLOW_FILTER_AAAA
have_a = ISC_TRUE;
#endif
if (additionaltype == dns_rdatasetadditional_fromcache &&
(DNS_TRUST_PENDING(rdataset->trust) ||
DNS_TRUST_GLUE(rdataset->trust)) &&
......@@ -1935,14 +1931,12 @@ query_addadditional(void *arg, const dns_name_t *name, dns_rdatatype_t qtype) {
/*
* There's an A; check whether we're filtering AAAA
*/
#ifdef ALLOW_FILTER_AAAA
if (have_a &&
(client->filter_aaaa == dns_aaaa_break_dnssec ||
(client->filter_aaaa == dns_aaaa_filter &&
(!WANTDNSSEC(client) || sigrdataset == NULL ||
!dns_rdataset_isassociated(sigrdataset)))))
goto addname;
#endif
if (additionaltype == dns_rdatasetadditional_fromcache &&
(DNS_TRUST_PENDING(rdataset->trust) ||
DNS_TRUST_GLUE(rdataset->trust)) &&
......@@ -2071,13 +2065,11 @@ query_addrdataset(ns_client_t *client, dns_section_t section,
if (dbversion == NULL)
goto regular;
#ifdef ALLOW_FILTER_AAAA
if (client->filter_aaaa == dns_aaaa_filter ||
client->filter_aaaa == dns_aaaa_break_dnssec)
{
options |= DNS_RDATASETADDGLUE_FILTERAAAA;
}
#endif
result = dns_rdataset_addglue(rdataset, dbversion->version,
options, client->message);
......@@ -4553,7 +4545,6 @@ query_findclosestnsec3(dns_name_t *qname, dns_db_t *db,
return;
}
#ifdef ALLOW_FILTER_AAAA
static isc_boolean_t
is_v4_client(ns_client_t *client) {
if (isc_sockaddr_pf(&client->peeraddr) == AF_INET)
......@@ -4571,7 +4562,6 @@ is_v6_client(ns_client_t *client) {
return (ISC_TRUE);
return (ISC_FALSE);
}
#endif
static isc_uint32_t
dns64_ttl(dns_db_t *db, dns_dbversion_t *version) {
......@@ -6522,7 +6512,6 @@ query_respond_any(query_ctx_t *qctx) {
dns_rdatasetiter_t *rdsiter = NULL;
isc_result_t result;
dns_rdatatype_t onetype = 0; /* type to use for minimal-any */
#ifdef ALLOW_FILTER_AAAA
isc_boolean_t have_aaaa, have_a, have_sig;
/*
......@@ -6533,7 +6522,6 @@ query_respond_any(query_ctx_t *qctx) {
have_aaaa = ISC_FALSE;
have_a = !qctx->authoritative;
have_sig = ISC_FALSE;
#endif
result = dns_db_allrdatasets(qctx->db, qctx->node,
qctx->version, 0, &rdsiter);
......@@ -6561,7 +6549,6 @@ query_respond_any(query_ctx_t *qctx) {
result = dns_rdatasetiter_first(rdsiter);
while (result == ISC_R_SUCCESS) {
dns_rdatasetiter_current(rdsiter, qctx->rdataset);
#ifdef ALLOW_FILTER_AAAA
/*
* Notice the presence of A and AAAAs so
* that AAAAs can be hidden from IPv4 clients.
......@@ -6572,7 +6559,7 @@ query_respond_any(query_ctx_t *qctx) {
else if (qctx->rdataset->type == dns_rdatatype_a)
have_a = ISC_TRUE;
}
#endif
/*
* We found an NS RRset; no need to add one later.
*/
......@@ -6619,10 +6606,8 @@ query_respond_any(query_ctx_t *qctx) {
qctx->rdataset->type == qctx->qtype) &&
qctx->rdataset->type != 0)
{
#ifdef ALLOW_FILTER_AAAA
if (dns_rdatatype_isdnssec(qctx->rdataset->type))
have_sig = ISC_TRUE;
#endif
if (NOQNAME(qctx->rdataset) && WANTDNSSEC(qctx->client))
{
......@@ -6689,7 +6674,6 @@ query_respond_any(query_ctx_t *qctx) {
result = dns_rdatasetiter_next(rdsiter);
}
#ifdef ALLOW_FILTER_AAAA
/*
* Filter AAAAs if there is an A and there is no signature
* or we are supposed to break DNSSEC.
......@@ -6700,7 +6684,7 @@ query_respond_any(query_ctx_t *qctx) {
have_aaaa && have_a &&
(!have_sig || !WANTDNSSEC(qctx->client)))
qctx->client->attributes |= NS_CLIENTATTR_FILTER_AAAA;
#endif
if (qctx->fname != NULL)
dns_message_puttempname(qctx->client->message, &qctx->fname);
......@@ -6813,7 +6797,6 @@ query_getexpire(query_ctx_t *qctx) {
}
}
#ifdef ALLOW_FILTER_AAAA
/*
* Optionally hide AAAAs from IPv4 clients if there is an A.
*
......@@ -6908,7 +6891,6 @@ query_filter_aaaa(query_ctx_t *qctx) {
return (ISC_R_COMPLETE);
}
#endif
/*%
* Build a repsonse for a "normal" query, for a type other than ANY,
......@@ -6947,11 +6929,9 @@ query_respond(query_ctx_t *qctx) {
return (query_done(qctx));
}
#ifdef ALLOW_FILTER_AAAA
result = query_filter_aaaa(qctx);
if (result != ISC_R_COMPLETE)
return (result);
#endif
/*
* Check to see if the AAAA RRset has non-excluded addresses
* in it. If not look for a A RRset.
......@@ -8853,14 +8833,12 @@ query_coveringnsec(query_ctx_t *qctx) {
if (qctx->type == dns_rdatatype_any) { /* XXX not yet */
goto cleanup;
}
#ifdef ALLOW_FILTER_AAAA
if (qctx->client->filter_aaaa != dns_aaaa_ok &&
(qctx->type == dns_rdatatype_a ||
qctx->type == dns_rdatatype_aaaa)) /* XXX not yet */
{
goto cleanup;
}
#endif
if (!ISC_LIST_EMPTY(qctx->client->view->dns64) &&
(qctx->type == dns_rdatatype_a ||
qctx->type == dns_rdatatype_aaaa)) /* XXX not yet */
......@@ -8925,14 +8903,12 @@ query_coveringnsec(query_ctx_t *qctx) {
if (qctx->type == dns_rdatatype_any) { /* XXX not yet */
goto cleanup;
}
#ifdef ALLOW_FILTER_AAAA
if (qctx->client->filter_aaaa != dns_aaaa_ok &&
(qctx->type == dns_rdatatype_a ||
qctx->type == dns_rdatatype_aaaa)) /* XXX not yet */
{
goto cleanup;
}
#endif
if (!ISC_LIST_EMPTY(qctx->client->view->dns64) &&
(qctx->type == dns_rdatatype_a ||
qctx->type == dns_rdatatype_aaaa)) /* XXX not yet */
......@@ -9471,7 +9447,6 @@ query_prepresponse(query_ctx_t *qctx) {
qctx->need_wildcardproof = ISC_TRUE;
}
#ifdef ALLOW_FILTER_AAAA
/*
* The filter-aaaa-on-v4 option should suppress AAAAs for IPv4
* clients if there is an A; filter-aaaa-on-v6 option does the same
......@@ -9495,7 +9470,6 @@ query_prepresponse(query_ctx_t *qctx) {
qctx->client->filter_aaaa = qctx->client->view->v6_aaaa;
}
#endif
if (qctx->type == dns_rdatatype_any) {
return (query_respond_any(qctx));
......
......@@ -219,7 +219,6 @@ my @projectlist = ("..\\bin\\check\\win32\\checkconf.vcxproj",
my %configdefh;
my @substdefh = ("AES_CC",
"ALLOW_FILTER_AAAA",
"CONFIGARGS",
"DNS_RDATASET_FIXED",
"ENABLE_RPZ_NSDNAME",
......@@ -451,7 +450,6 @@ my @help = (
" enable-crypto-rand use crypto provider for random [default=yes]\n",
" enable-openssl-hash use OpenSSL for hash functions [default=yes]\n",
" enable-isc-spnego use SPNEGO from lib/dns [default=yes]\n",
" enable-filter-aaaa enable filtering of AAAA records [default=yes]\n",
" enable-fixed-rrset enable fixed rrset ordering [default=no]\n",
" enable-developer enable developer build settings [default=no]\n",
" enable-querytrace enable very verbose query trace [default=no]\n",
......@@ -496,7 +494,6 @@ my $cryptolib = "";
my $enable_native_pkcs11 = "no";
my $enable_crypto_rand = "yes";
my $enable_openssl_hash = "auto";
my $enable_filter_aaaa = "yes";
my $enable_isc_spnego = "yes";
my $enable_fixed_rrset = "no";
my $enable_developer = "no";
......@@ -717,10 +714,6 @@ sub myenable {
if ($val =~ /^no$/i) {
$enable_isc_spnego = "no";
}
} elsif ($key =~ /^filter-aaaa$/i) {
if ($val =~ /^no$/i) {
$enable_filter_aaaa = "no";
}
} elsif ($key =~ /^fixed-rrset$/i) {
if ($val =~ /^yes$/i) {
$enable_fixed_rrset = "yes";
......@@ -755,7 +748,6 @@ sub myenable {
if ($enable_developer eq "yes") {
$configdefh{"ISC_LIST_CHECKINIT"} = 1;
$enable_filter_aaaa = "yes";
$enable_querytrace = "yes";
# no atf on WIN32
$enable_fixed_rrset = "yes";
......@@ -1005,11 +997,6 @@ if ($verbose) {
} else {
print "isc-spnego: disabled\n";
}
if ($enable_filter_aaaa eq "yes") {
print "filter-aaaa: enabled\n";
} else {
print "filter-aaaa: disabled\n";
}
if ($enable_fixed_rrset eq "yes") {
print "fixed-rrset: enabled\n";
} else {
......@@ -1409,11 +1396,6 @@ if ($enable_native_pkcs11 eq "yes") {
}
}
# enable-filter-aaaa
if ($enable_filter_aaaa eq "yes") {
$configdefh{"ALLOW_FILTER_AAAA"} = 1;
}
# enable-fixed-rrset
if ($enable_fixed_rrset eq "yes") {
$configdefh{"DNS_RDATASET_FIXED"} = 1;
......@@ -3413,7 +3395,6 @@ exit 0;
# --enable-querytrace supported
# --disable-rpz-nsip supported
# --disable-rpz-nsdname supported
# --enable-filter-aaaa supported
# --enable-full-report supported by verbose
# --enable-dnstap not supported (requires libfstrm support on WIN32)
# --enable-seccomp not supported (Linux specific)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment