recursion no;
notify yes;
dnssec-validation no;
- send-report-channel "rad.example.net";
+ send-report-channel "example.rad";
};
view main in {
zone example.com {
type primary;
file "example.com.db";
- send-report-channel "rad.example.com";
+ send-report-channel "rad.example.net";
};
- zone rad.example.net {
+ zone example.rad {
type primary;
file "rad.db";
log-report-channel yes;
echo_i "check that a Report-Channel EDNS option is added to responses ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.1 example.net >dig.out.test$n
-grep "; Report-Channel: rad.example.net" dig.out.test$n >/dev/null || ret=1
+grep "; Report-Channel: example.rad" dig.out.test$n >/dev/null || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=$((status + ret))
echo_i "check that a zone-level Report-Channel EDNS option is added to responses ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.1 example.com >dig.out.test$n
-grep "; Report-Channel: rad.example.com" dig.out.test$n >/dev/null || ret=1
+grep "; Report-Channel: rad.example.net" dig.out.test$n >/dev/null || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=$((status + ret))
echo_i "check that error report queries are logged and no Report-Channel option is present in the response ($n)"
ret=0
nextpart ns1/named.run >/dev/null
-$DIG $DIGOPTS @10.53.0.1 _er.0.example.1._er.rad.example.net TXT >dig.out.test$n
-nextpart ns1/named.run | grep "dns-reporting-agent '_er.0.example.1._er.rad.example.net/IN'" >/dev/null || ret=1
-grep "; Report-Channel: rad.example.net" dig.out.test$n >/dev/null && ret=1
+$DIG $DIGOPTS @10.53.0.1 _er.0.example.1._er.example.rad TXT >dig.out.test$n
+nextpart ns1/named.run | grep "dns-reporting-agent '_er.0.example.1._er.example.rad/IN'" >/dev/null || ret=1
+grep "; Report-Channel: example.rad" dig.out.test$n >/dev/null && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=$((status + ret))
nextpart ns1/named.run >/dev/null
$DIG $DIGOPTS @10.53.0.1 _er.0.example.1._er.example.com TXT >dig.out.test$n
nextpart ns1/named.run | grep "dns-reporting-agent '_er.0.example.1._er.example.com/IN'" >/dev/null && ret=1
-grep "; Report-Channel: rad.example.com" dig.out.test$n >/dev/null || ret=1
+grep "; Report-Channel: rad.example.net" dig.out.test$n >/dev/null || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=$((status + ret))
--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+zone example.com {
+ type primary;
+ file "example.db";
+
+ /* agent-domain can't be the same as the zone name */
+ send-report-channel example.com;
+};
--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+zone example.com {
+ type primary;
+ file "example.db";
+
+ /* agent-domain can't be the below the zone name */
+ send-report-channel sub.example.com;
+};
There should be an authoritative zone configured to respond to such
queries, with the :any:`log-report-channel` option set to ``yes``.
+ Note that a zone cannot be configured to use itself or any subdomain
+ of itself as an agent-domain.
+
.. namedconf:statement:: stale-answer-ttl
:tags: query
:short: Specifies the time to live (TTL) to be returned on stale answers, in seconds.
}
/*
- * Check send-report-channel.
+ * Check send-report-channel. (Skip for zone level because we
+ * have an additional check in check_zoneconf() for that.)
*/
- obj = NULL;
- (void)cfg_map_get(options, "send-report-channel", &obj);
- if (obj != NULL) {
- str = cfg_obj_asstring(obj);
- tresult = check_name(str);
- if (tresult != ISC_R_SUCCESS) {
- cfg_obj_log(obj, ISC_LOG_ERROR,
- "'%s' is not a valid name", str);
- if (result == ISC_R_SUCCESS) {
- result = tresult;
+ if (optlevel != optlevel_zone) {
+ obj = NULL;
+ (void)cfg_map_get(options, "send-report-channel", &obj);
+ if (obj != NULL) {
+ str = cfg_obj_asstring(obj);
+ tresult = check_name(str);
+ if (tresult != ISC_R_SUCCESS) {
+ cfg_obj_log(obj, ISC_LOG_ERROR,
+ "'%s' is not a valid name", str);
+ if (result == ISC_R_SUCCESS) {
+ result = tresult;
+ }
}
}
}
}
}
+ obj = NULL;
+ (void)cfg_map_get(zoptions, "send-report-channel", &obj);
+ if (obj != NULL) {
+ const char *str = cfg_obj_asstring(obj);
+ dns_fixedname_t fad;
+ dns_name_t *ad = dns_fixedname_initname(&fad);
+
+ tresult = dns_name_fromstring(ad, str, dns_rootname, 0, NULL);
+ if (tresult != ISC_R_SUCCESS) {
+ cfg_obj_log(obj, ISC_LOG_ERROR,
+ "'%s' is not a valid name", str);
+ if (result == ISC_R_SUCCESS) {
+ result = ISC_R_FAILURE;
+ }
+ } else if (dns_name_issubdomain(ad, zname)) {
+ cfg_obj_log(obj, ISC_LOG_ERROR,
+ "send-report-channel '%s' cannot "
+ "be at or below the zone name '%s'",
+ str, znamestr);
+ if (result == ISC_R_SUCCESS) {
+ result = ISC_R_FAILURE;
+ }
+ }
+ }
+
/*
* Warn if key-directory doesn't exist
*/
projects / thirdparty / bind9.git / commitdiff
