From: Wouter Wijngaards Date: Mon, 19 Feb 2018 12:13:23 +0000 (+0000) Subject: - local-zone noview can be used to break out of the view to the X-Git-Tag: release-1.7.0rc1~21 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ccf1ff8f02ee1dec61bdbb60faaf3444cf31ffbc;p=thirdparty%2Funbound.git - local-zone noview can be used to break out of the view to the global local zone contents, for queries for that zone. git-svn-id: file:///svn/unbound/trunk@4540 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/doc/Changelog b/doc/Changelog index 1ef8199db..28288d41c 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,6 +1,8 @@ 19 February 2018: Wouter - Fix #3505: Documentation for default local zones references wrong RFC. + - local-zone noview can be used to break out of the view to the + global local zone contents, for queries for that zone. 16 February 2018: Wouter - Fixes for clang static analyzer, the missing ; in diff --git a/doc/example.conf.in b/doc/example.conf.in index aa063683c..e764b50f1 100644 --- a/doc/example.conf.in +++ b/doc/example.conf.in @@ -627,6 +627,7 @@ server: # o inform_deny drops queries and logs client IP address # o always_transparent, always_refuse, always_nxdomain, resolve in # that way but ignore local data for that name. + # o noview breaks out of that view towards global local-zones. # # defaults are localhost address, reverse for 127.0.0.1 and ::1 # and nxdomain for AS112 zones. If you configure one of these zones diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index 2cc02722b..f37477aa4 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -1000,7 +1000,7 @@ address space are not validated. This is usually required whenever Configure a local zone. The type determines the answer to give if there is no match from local\-data. The types are deny, refuse, static, transparent, redirect, nodefault, typetransparent, inform, inform_deny, -always_transparent, always_refuse, always_nxdomain, +always_transparent, always_refuse, always_nxdomain, noview, and are explained below. After that the default settings are listed. Use local\-data: to enter data into the local zone. Answers for local zones are authoritative DNS answers. By default the zones are class IN. @@ -1070,6 +1070,13 @@ Like refuse, but ignores local data and refuses the query. \h'5'\fIalways_nxdomain\fR Like static, but ignores local data and returns nxdomain for the query. .TP 10 +\h'5'\fInoview\fR +Breaks out of that view and moves towards the global local zones for answer +to the query. If the view first is no, it'll resolve normally. If view first +is enabled, it'll break perform that step and check the global answers. +For when the view has view specific overrides but some zone has to be +answered from global local zone contents. +.TP 10 \h'5'\fInodefault\fR Used to turn off default contents for AS112 zones. The other types also turn off default contents for the zone. The 'nodefault' option diff --git a/services/localzone.c b/services/localzone.c index 90106d5c8..af432ab5b 100644 --- a/services/localzone.c +++ b/services/localzone.c @@ -1178,6 +1178,10 @@ void local_zones_print(struct local_zones* zones) log_nametypeclass(0, "always_nxdomain zone", z->name, 0, z->dclass); break; + case local_zone_noview: + log_nametypeclass(0, "noview zone", + z->name, 0, z->dclass); + break; default: log_nametypeclass(0, "badtyped zone", z->name, 0, z->dclass); @@ -1595,6 +1599,10 @@ local_zones_answer(struct local_zones* zones, struct module_env* env, lock_rw_rdlock(&z->lock); lzt = z->type; } + if(lzt == local_zone_noview) { + lock_rw_unlock(&z->lock); + z = NULL; + } if(view->local_zones && !z && !view->isfirst){ lock_rw_unlock(&view->lock); return 0; @@ -1652,6 +1660,7 @@ const char* local_zone_type2str(enum localzone_type t) case local_zone_always_transparent: return "always_transparent"; case local_zone_always_refuse: return "always_refuse"; case local_zone_always_nxdomain: return "always_nxdomain"; + case local_zone_noview: return "noview"; } return "badtyped"; } @@ -1680,6 +1689,8 @@ int local_zone_str2type(const char* type, enum localzone_type* t) *t = local_zone_always_refuse; else if(strcmp(type, "always_nxdomain") == 0) *t = local_zone_always_nxdomain; + else if(strcmp(type, "noview") == 0) + *t = local_zone_noview; else if(strcmp(type, "nodefault") == 0) *t = local_zone_nodefault; else return 0; diff --git a/services/localzone.h b/services/localzone.h index 0a8759268..dd7aa584c 100644 --- a/services/localzone.h +++ b/services/localzone.h @@ -88,7 +88,9 @@ enum localzone_type { /** answer with error, even when there is local data */ local_zone_always_refuse, /** answer with nxdomain, even when there is local data */ - local_zone_always_nxdomain + local_zone_always_nxdomain, + /** answer not from the view, but global or no-answer */ + local_zone_noview }; /**