Commit aed7eb0c authored by Mark Andrews's avatar Mark Andrews

Merge branch '1159-bits-65-72-of-the-dns64-prefix-are-supposed-to-be-zero' into 'master'

Resolve "Bits 64..71 of the dns64 prefix are supposed to be zero"

Closes #1159

See merge request !2193
parents 06d8b107 d95ae93d
5273. [bug] Check that bits [64..71] of a dns64 prefix are zero.
[GL #1159]
5272. [cleanup] Remove isc-config.sh script as the BIND 9 libraries
are now purely internal. [GL #1123]
......
options {
dns64 0000:0000:0000:0000:0100:000f::/96 { }; /* bits [64..71] MBZ */
};
options {
dns64 0000:0000:0000:0000:0200:000f::/96 { }; /* bits [64..71] MBZ */
};
options {
dns64 0000:0000:0000:0000:0400:000f::/96 { }; /* bits [64..71] MBZ */
};
options {
dns64 0000:0000:0000:0000:0800:000f::/96 { }; /* bits [64..71] MBZ */
};
options {
dns64 0000:0000:0000:0000:1000:000f::/96 { }; /* bits [64..71] MBZ */
};
options {
dns64 0000:0000:0000:0000:2000:000f::/96 { }; /* bits [64..71] MBZ */
};
options {
dns64 0000:0000:0000:0000:4000:000f::/96 { }; /* bits [64..71] MBZ */
};
options {
dns64 0000:0000:0000:0000:8000:000f::/96 { }; /* bits [64..71] MBZ */
};
options {
dns64 ::/32 { suffix ::8000:0000:0000:0000; }; /* bits [64..71] MBZ */
};
options {
dns64 ::/32 { suffix ::0100:0000:0000:0000; }; /* bits [64..71] MBZ */
};
......@@ -5148,7 +5148,9 @@ options {
</para>
<para>
Compatible IPv6 prefixes have lengths of 32, 40, 48, 56,
64 and 96 as per RFC 6052.
64 and 96 as per RFC 6052. Bits 64..71 inclusive must
be zero with the most significate bit of the prefix in
position 0.
</para>
<para>
Additionally a reverse IP6.ARPA zone will be created for
......
......@@ -526,6 +526,13 @@ check_dns64(cfg_aclconfctx_t *actx, const cfg_obj_t *voptions,
continue;
}
if (na.type.in6.s6_addr[8] != 0) {
cfg_obj_log(map, logctx, ISC_LOG_ERROR,
"invalid prefix, bits [64..71] must be zero");
result = ISC_R_FAILURE;
continue;
}
if (prefixlen != 32 && prefixlen != 40 && prefixlen != 48 &&
prefixlen != 56 && prefixlen != 64 && prefixlen != 96) {
cfg_obj_log(map, logctx, ISC_LOG_ERROR,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment