For ForwardZones it was only processed if reading from a forward_zones_file.
possiblyConvertForwardsandAuths(includeDir, apiDir, log);
}
+static void addToAllowNotifyFor(Recursorsettings& settings, const rust::Vec<::pdns::rust::settings::rec::ForwardZone>& vec)
+{
+ for (const auto& item : vec) {
+ if (item.notify_allowed) {
+ settings.incoming.allow_notify_for.emplace_back(item.zone);
+ }
+ }
+}
+
pdns::settings::rec::YamlSettingsStatus pdns::settings::rec::readYamlSettings(const std::string& configname, const std::string& includeDirOnCommandLine, Recursorsettings& settings, std::string& msg, Logr::log_t log)
{
auto file = ifstream(configname);
for (const auto& yamlfile : yamlFiles) {
mergeYamlSubFile(yamlfile, yamlstruct, false, log);
}
+ // Add the zones with notify_allowed to allow_notify_for. For a forward_zones_file that will be
+ // taken care of elsewhere. One drawback: the zones will be shown in allow_notify_for if you
+ // run --config, while they aren't actually there in any config file.
+ addToAllowNotifyFor(yamlstruct, yamlstruct.recursor.forward_zones);
+ addToAllowNotifyFor(yamlstruct, yamlstruct.recursor.forward_zones_recurse);
yamlstruct.validate();
settings = std::move(yamlstruct);
return YamlSettingsStatus::OK;
- Socket Address
- ...
recurse: Boolean, default false
- allow_notify: Boolean, default false
+ allow_notify: Boolean, default false
An example of a ``forward_zones`` entry, which consists of a sequence of `Forward Zone`_ entries:
If this forwarded zone is signed, instead of adding NTA, add the DS record to the :ref:`setting-lua-config-file`.
See the :doc:`dnssec` information.
''',
+ 'versionchanged' : ('5.2.0', 'Zones having ``notify_allowed`` set will be added to :ref:`setting-yaml-incoming.allow_notify_for`.')
},
{
'name' : 'forward_zones_file',
_wsPassword = 'secretpassword'
_apiKey = 'secretapikey'
_config_template = """
- disable-packetcache=yes
- auth-zones=example=configs/%s/example.zone
- allow-notify-from=127.0.0.1
- allow-notify-for=example
- quiet=no
- loglevel=9
- webserver=yes
- webserver-port=%d
- webserver-address=127.0.0.1
- webserver-password=%s
- api-key=%s
- """ % (_confdir, _wsPort, _wsPassword, _apiKey)
+packetcache:
+ disable: true
+recursor:
+ auth_zones:
+ - zone: example
+ file: configs/%s/example.zone
+incoming:
+ allow_notify_from: [127.0.0.1]
+ allow_notify_for: ['example']
+logging:
+ quiet: false
+ loglevel: 9
+webservice:
+ webserver: true
+ port: %d
+ address: 127.0.0.1
+ password: %s
+ api_key: %s
+""" % (_confdir, _wsPort, _wsPassword, _apiKey)
@classmethod
def generateRecursorConfig(cls, confdir):
e 3600 IN A 192.0.2.42
f 3600 IN CNAME f ; CNAME loop: dirty trick to get a ServFail in an authzone
""".format(soa=cls._SOA))
- super(NotifyTest, cls).generateRecursorConfig(confdir)
+ super(NotifyTest, cls).generateRecursorYamlConfig(confdir)
def checkRecordCacheMetrics(self, expectedHits, expectedMisses):
headers = {'x-api-key': self._apiKey}
projects / thirdparty / pdns.git / commitdiff
