...
 
Commits (2)
......@@ -19,9 +19,6 @@ Setting Description
named-checkzone
-DNS_RUN_PID_DIR=0 Create default PID files in ${localstatedir}/run
rather than ${localstatedir}/run/named/
Increase the maximum number of configurable
-DNS_RPZ_MAX_ZONES=64 response policy zones from 32 to 64; this is the
highest possible setting
Disable the use of inline functions to implement
-DISC_BUFFER_USEINLINE=0 the isc_buffer API: this reduces performance but
may be useful when debugging
......
......@@ -23,6 +23,5 @@ Some of these settings are:
|`-DCHECK_SIBLING=0`|Don't check sibling glue in `named-checkzone`|
|`-DCHECK_LOCAL=0`|Don't check out-of-zone addresses in `named-checkzone`|
|`-DNS_RUN_PID_DIR=0`|Create default PID files in `${localstatedir}/run` rather than `${localstatedir}/run/named/`|
|`-DNS_RPZ_MAX_ZONES=64`|Increase the maximum number of configurable response policy zones from 32 to 64; this is the highest possible setting|
|`-DISC_BUFFER_USEINLINE=0`|Disable the use of inline functions to implement the `isc_buffer` API: this reduces performance but may be useful when debugging |
|`-DISC_HEAP_CHECK`|Test heap consistency after every heap operation; used when debugging|
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
# common configuration
include "named.conf.header";
view "recursive" {
zone "." {
type hint;
file "root.hint";
};
# policy configuration to be tested
response-policy {
zone "max1";
zone "max2";
zone "max3";
zone "max4";
zone "max5";
zone "max6";
zone "max7";
zone "max8";
zone "max9";
zone "max10";
zone "max11";
zone "max12";
zone "max13";
zone "max14";
zone "max15";
zone "max16";
zone "max17";
zone "max18";
zone "max19";
zone "max20";
zone "max21";
zone "max22";
zone "max23";
zone "max24";
zone "max25";
zone "max26";
zone "max27";
zone "max28";
zone "max29";
zone "max30";
zone "max31";
zone "max32";
zone "max33";
zone "max34";
zone "max35";
zone "max36";
zone "max37";
zone "max38";
zone "max39";
zone "max40";
zone "max41";
zone "max42";
zone "max43";
zone "max44";
zone "max45";
zone "max46";
zone "max47";
zone "max48";
zone "max49";
zone "max50";
zone "max51";
zone "max52";
zone "max53";
zone "max54";
zone "max55";
zone "max56";
zone "max57";
zone "max58";
zone "max59";
zone "max60";
zone "max61";
zone "max62";
zone "max63";
zone "max64";
} qname-wait-recurse no
nsdname-enable yes
nsip-enable yes;
# policy zones to be tested
zone "max1" { type master; file "db.max1.local"; };
zone "max2" { type master; file "db.max2.local"; };
zone "max3" { type master; file "db.max3.local"; };
zone "max4" { type master; file "db.max4.local"; };
zone "max5" { type master; file "db.max5.local"; };
zone "max6" { type master; file "db.max6.local"; };
zone "max7" { type master; file "db.max7.local"; };
zone "max8" { type master; file "db.max8.local"; };
zone "max9" { type master; file "db.max9.local"; };
zone "max10" { type master; file "db.max10.local"; };
zone "max11" { type master; file "db.max11.local"; };
zone "max12" { type master; file "db.max12.local"; };
zone "max13" { type master; file "db.max13.local"; };
zone "max14" { type master; file "db.max14.local"; };
zone "max15" { type master; file "db.max15.local"; };
zone "max16" { type master; file "db.max16.local"; };
zone "max17" { type master; file "db.max17.local"; };
zone "max18" { type master; file "db.max18.local"; };
zone "max19" { type master; file "db.max19.local"; };
zone "max20" { type master; file "db.max20.local"; };
zone "max21" { type master; file "db.max21.local"; };
zone "max22" { type master; file "db.max22.local"; };
zone "max23" { type master; file "db.max23.local"; };
zone "max24" { type master; file "db.max24.local"; };
zone "max25" { type master; file "db.max25.local"; };
zone "max26" { type master; file "db.max26.local"; };
zone "max27" { type master; file "db.max27.local"; };
zone "max28" { type master; file "db.max28.local"; };
zone "max29" { type master; file "db.max29.local"; };
zone "max30" { type master; file "db.max30.local"; };
zone "max31" { type master; file "db.max31.local"; };
zone "max32" { type master; file "db.max32.local"; };
zone "max33" { type master; file "db.max33.local"; };
zone "max34" { type master; file "db.max34.local"; };
zone "max35" { type master; file "db.max35.local"; };
zone "max36" { type master; file "db.max36.local"; };
zone "max37" { type master; file "db.max37.local"; };
zone "max38" { type master; file "db.max38.local"; };
zone "max39" { type master; file "db.max39.local"; };
zone "max40" { type master; file "db.max40.local"; };
zone "max41" { type master; file "db.max41.local"; };
zone "max42" { type master; file "db.max42.local"; };
zone "max43" { type master; file "db.max43.local"; };
zone "max44" { type master; file "db.max44.local"; };
zone "max45" { type master; file "db.max45.local"; };
zone "max46" { type master; file "db.max46.local"; };
zone "max47" { type master; file "db.max47.local"; };
zone "max48" { type master; file "db.max48.local"; };
zone "max49" { type master; file "db.max49.local"; };
zone "max50" { type master; file "db.max50.local"; };
zone "max51" { type master; file "db.max51.local"; };
zone "max52" { type master; file "db.max52.local"; };
zone "max53" { type master; file "db.max53.local"; };
zone "max54" { type master; file "db.max54.local"; };
zone "max55" { type master; file "db.max55.local"; };
zone "max56" { type master; file "db.max56.local"; };
zone "max57" { type master; file "db.max57.local"; };
zone "max58" { type master; file "db.max58.local"; };
zone "max59" { type master; file "db.max59.local"; };
zone "max60" { type master; file "db.max60.local"; };
zone "max61" { type master; file "db.max61.local"; };
zone "max62" { type master; file "db.max62.local"; };
zone "max63" { type master; file "db.max63.local"; };
zone "max64" { type master; file "db.max64.local"; };
};
......@@ -47,6 +47,24 @@ copy_setports ns3/named2.conf.in ns3/named2.conf
copy_setports ns4/named.conf.in ns4/named.conf
# setup policy zones for a 64-zone test
i=1
while test $i -le 64
do
echo "\$TTL 60" > ns2/db.max$i.local
echo "@ IN SOA root.ns ns 1996072700 3600 1800 86400 60" >> ns2/db.max$i.local
echo " NS ns" >> ns2/db.max$i.local
echo "ns A 127.0.0.1" >> ns2/db.max$i.local
j=1
while test $j -le $i
do
echo "name$j A 10.53.0.$i" >> ns2/db.max$i.local
j=`expr $j + 1`
done
i=`expr $i + 1`
done
# decide whether to test DNSRPS
$SHELL ../rpz/ckdnsrps.sh $TEST_DNSRPS $DEBUG
test -z "`grep 'dnsrps-enable yes' dnsrps.conf`" && TEST_DNSRPS=
......
......@@ -346,6 +346,22 @@ do
}
fi
# Check maximum number of RPZ zones (64)
t=`expr $t + 1`
echo_i "testing maximum number of RPZ zones (${t})"
add_test_marker 10.53.0.2
run_server max
i=1
while test $i -le 64
do
$DIG $DIGOPTS name$i a @10.53.0.2 -p ${PORT} -b 10.53.0.1 > dig.out.${t}.${i}
grep "^name$i.[ ]*[0-9]*[ ]*IN[ ]*A[ ]*10.53.0.$i" dig.out.${t}.${i} > /dev/null 2>&1 || {
echo_i "test $t failed: didn't get expected answer from policy zone $i"
status=1
}
i=`expr $i + 1`
done
# Check CLIENT-IP behavior
t=`expr $t + 1`
echo_i "testing CLIENT-IP behavior (${t})"
......
......@@ -76,15 +76,12 @@ typedef enum {
typedef isc_uint8_t dns_rpz_num_t;
#define DNS_RPZ_MAX_ZONES 32
#if DNS_RPZ_MAX_ZONES > 32
# if DNS_RPZ_MAX_ZONES > 64
# error "rpz zone bit masks must fit in a word"
# endif
#define DNS_RPZ_MAX_ZONES 64
/*
* Type dns_rpz_zbits_t must be an unsigned int wide enough to contain
* at least DNS_RPZ_MAX_ZONES bits.
*/
typedef isc_uint64_t dns_rpz_zbits_t;
#else
typedef isc_uint32_t dns_rpz_zbits_t;
#endif
#define DNS_RPZ_ALL_ZBITS ((dns_rpz_zbits_t)-1)
......
......@@ -283,12 +283,10 @@ zbit_to_num(dns_rpz_zbits_t zbit) {
REQUIRE(zbit != 0);
rpz_num = 0;
#if DNS_RPZ_MAX_ZONES > 32
if ((zbit & 0xffffffff00000000L) != 0) {
if ((zbit & 0xffffffff00000000ULL) != 0) {
zbit >>= 32;
rpz_num += 32;
}
#endif
if ((zbit & 0xffff0000) != 0) {
zbit >>= 16;
rpz_num += 16;
......@@ -505,9 +503,7 @@ fix_qname_skip_recurse(dns_rpz_zones_t *rpzs) {
req_mask |= req_mask >> 4;
req_mask |= req_mask >> 8;
req_mask |= req_mask >> 16;
#if DNS_RPZ_MAX_ZONES > 32
req_mask |= req_mask >> 32;
#endif
/*
* There's no point in skipping recursion for a later
......