require-server-cookie no;\n\
root-key-sentinel yes;\n\
servfail-ttl 1;\n\
-# sortlist <none>\n\
stale-answer-client-timeout off;\n\
stale-answer-enable false;\n\
stale-answer-ttl 30; /* 30 seconds */\n\
return result;
}
-/*%
- * Configure a sortlist at '*aclp'. Essentially the same as
- * configure_view_acl() except it calls cfg_acl_fromconfig with a
- * nest_level value of 2.
- */
-static isc_result_t
-configure_view_sortlist(const cfg_obj_t *vconfig, const cfg_obj_t *config,
- cfg_aclconfctx_t *actx, isc_mem_t *mctx,
- dns_acl_t **aclp) {
- isc_result_t result;
- const cfg_obj_t *maps[3];
- const cfg_obj_t *aclobj = NULL;
- int i = 0;
-
- if (*aclp != NULL) {
- dns_acl_detach(aclp);
- }
- if (vconfig != NULL) {
- maps[i++] = cfg_tuple_get(vconfig, "options");
- }
- if (config != NULL) {
- const cfg_obj_t *options = NULL;
- (void)cfg_map_get(config, "options", &options);
- if (options != NULL) {
- maps[i++] = options;
- }
- }
- maps[i] = NULL;
-
- (void)named_config_get(maps, "sortlist", &aclobj);
- if (aclobj == NULL) {
- return ISC_R_SUCCESS;
- }
-
- /*
- * Use a nest level of 3 for the "top level" of the sortlist;
- * this means each entry in the top three levels will be stored
- * as lists of separate, nested ACLs, rather than merged together
- * into IP tables as is usually done with ACLs.
- */
- result = cfg_acl_fromconfig(aclobj, config, actx, mctx, 3, aclp);
-
- return result;
-}
-
static isc_result_t
configure_view_nametable(const cfg_obj_t *vconfig, const cfg_obj_t *config,
const char *confname, const char *conftuplename,
"except-from", named_g_mctx,
&view->answernames_exclude));
- /*
- * Configure sortlist, if set
- */
- CHECK(configure_view_sortlist(vconfig, config, actx, named_g_mctx,
- &view->sortlist));
-
/*
* Configure default allow-update and allow-update-forwarding ACLs,
* so they can be inherited by zones. (XXX: These are not
sfcache \
shutdown \
smartsign \
- sortlist \
spf \
staticstub \
statistics \
options {
dnssec-validation yes;
max-zone-ttl 600;
-
- sortlist { };
};
trust-anchors {
ret=0
$CHECKCONF deprecated.conf >checkconf.out$n.1 2>&1 || ret=1
grep "option 'max-zone-ttl' is deprecated" <checkconf.out$n.1 >/dev/null || ret=1
-grep "option 'sortlist' is deprecated" <checkconf.out$n.1 >/dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status + ret))
# set -i to ignore deprecate warnings
+++ /dev/null
-; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-;
-; SPDX-License-Identifier: MPL-2.0
-;
-; This Source Code Form is subject to the terms of the Mozilla Public
-; License, v. 2.0. If a copy of the MPL was not distributed with this
-; file, you can obtain one at https://mozilla.org/MPL/2.0/.
-;
-; See the COPYRIGHT file distributed with this work for additional
-; information regarding copyright ownership.
-
-$TTL 300 ; 5 minutes
-@ IN SOA ns1.example. hostmaster.example. (
- 2000042795 ; serial
- 20 ; refresh (20 seconds)
- 20 ; retry (20 seconds)
- 1814400 ; expire (3 weeks)
- 3600 ; minimum (1 hour)
- )
-example. NS ns1.example.
-ns1.example. A 10.53.0.1
-
-; Let's see what the sortlist picks out of this...
-a A 1.1.1.1
-a A 1.1.1.5
-a A 1.1.1.2
-a A 192.168.3.1
-a A 1.1.1.3
-a A 192.168.1.1
-a A 1.1.1.4
-
-b A 10.53.0.1
-b A 10.53.0.2
-b A 10.53.0.3
-b A 10.53.0.4
-b A 10.53.0.5
-
+++ /dev/null
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * SPDX-License-Identifier: MPL-2.0
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-options {
- query-source address 10.53.0.1;
- notify-source 10.53.0.1;
- transfer-source 10.53.0.1;
- port @PORT@;
- pid-file "named.pid";
- listen-on { 10.53.0.1; };
- listen-on-v6 { none; };
- recursion no;
- dnssec-validation no;
- notify yes;
-
- sortlist {
- { 10.53.0.1; // IF 10.53.0.1
- {
- !1.1.1.4; !1.1.1.2; !1.1.1.3; !1.1.1.1; // sort these last,
- 192.168.3/24; // this first
- { 192.168.2/24; 192.168.1/24; }; }; }; // and these next
- { { 10.53.0.2; 10.53.0.3; }; }; // Prefer self
- 10.53.0.4; // BIND 8 compat
- { 10.53.0.5; 10.53.0.5; }; // BIND 8 compat
- };
-};
-
-zone "." {
- type primary;
- file "root.db";
-};
-
-zone "example" {
- type primary;
- file "example.db";
-};
+++ /dev/null
-; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-;
-; SPDX-License-Identifier: MPL-2.0
-;
-; This Source Code Form is subject to the terms of the Mozilla Public
-; License, v. 2.0. If a copy of the MPL was not distributed with this
-; file, you can obtain one at https://mozilla.org/MPL/2.0/.
-;
-; See the COPYRIGHT file distributed with this work for additional
-; information regarding copyright ownership.
-
-$TTL 300
-. IN SOA gson.nominum.com. a.root.servers.nil. (
- 2000042100 ; serial
- 600 ; refresh
- 600 ; retry
- 1200 ; expire
- 600 ; minimum
- )
-. NS a.root-servers.nil.
-a.root-servers.nil. A 10.53.0.1
-
-example. NS ns2.example.
-ns2.example. A 10.53.0.2
+++ /dev/null
-#!/bin/sh
-
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-#
-# SPDX-License-Identifier: MPL-2.0
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, you can obtain one at https://mozilla.org/MPL/2.0/.
-#
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
-
-. ../conf.sh
-
-copy_setports ns1/named.conf.in ns1/named.conf
+++ /dev/null
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-#
-# SPDX-License-Identifier: MPL-2.0
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, you can obtain one at https://mozilla.org/MPL/2.0/.
-#
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
-
-import dns.message
-
-import pytest
-
-import isctest
-
-
-def test_sortlist():
- """Test two-element sortlist statement"""
- msg = dns.message.make_query("a.example.", "A")
- resp = isctest.query.tcp(msg, "10.53.0.1", source="10.53.0.1")
- sortlist = [
- "192.168.3.1",
- "192.168.1.1",
- "1.1.1.5",
- "1.1.1.1",
- "1.1.1.3",
- "1.1.1.2",
- "1.1.1.4",
- ]
- rrset = dns.rrset.from_text_list("a.example.", 300, "IN", "A", sortlist)
- assert len(resp.answer) == 1
- assert resp.answer[0] == rrset
- assert list(resp.answer[0].items) == list(rrset.items)
-
-
-@pytest.mark.parametrize(
- "source_ip,possible_results",
- [
- ("10.53.0.2", ["10.53.0.2", "10.53.0.3"]),
- ("10.53.0.3", ["10.53.0.2", "10.53.0.3"]),
- ("10.53.0.4", ["10.53.0.4"]),
- ("10.53.0.5", ["10.53.0.5"]),
- ],
-)
-def test_sortlist_compat(possible_results, source_ip):
- """Test one-element sortlist statement and undocumented BIND 8 features"""
- msg = dns.message.make_query("b.example.", "A")
- resp = isctest.query.tcp(msg, "10.53.0.1", source=source_ip)
- assert (
- resp.answer[0][0].to_text() in possible_results
- ), f"{possible_results} not found"
Address match lists are primarily used to determine access control for
various server operations. They are also used in the :any:`listen-on` and
-:any:`sortlist` statements. The elements which constitute an address match
+:any:`listen-on-v6` statements. The elements which constitute an address match
list can be any of the following:
- :term:`ip_address`: an IP address (IPv4 or IPv6)
key is found, and therefore may be somewhat slower.
The interpretation of a match depends on whether the list is being used
-for access control, defining :any:`listen-on` ports, or in a :any:`sortlist`,
-and whether the element was negated.
+for access control or for defining :any:`listen-on` ports, and whether
+the element was negated.
When used as an access control list, a non-negated match allows access
and a negated match denies access. If there is no match, access is
gone away. For convenience, TTL-style time-unit suffixes may be used to
specify the value. It also accepts ISO 8601 duration formats.
-The :any:`sortlist` Statement
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-The response to a DNS query may consist of multiple resource records
-(RRs) forming a resource record set (RRset). The name server
-normally returns the RRs within the RRset in an indeterminate order (but
-see the :any:`rrset-order` statement in :ref:`rrset_ordering`). The client resolver code should
-rearrange the RRs as appropriate: that is, using any addresses on the
-local net in preference to other addresses. However, not all resolvers
-can do this or are correctly configured. When a client is using a local
-server, the sorting can be performed in the server, based on the
-client's address. This only requires configuring the name servers, not
-all the clients.
-
-.. namedconf:statement:: sortlist
- :tags: query, deprecated
- :short: Controls the ordering of RRs returned to the client, based on the client's IP address.
-
- This option is deprecated and will be removed in a future release.
-
- The :any:`sortlist` statement (see below) takes an :term:`address_match_list` and
- interprets it in a special way. Each top-level statement in the :any:`sortlist`
- must itself be an explicit :term:`address_match_list` with one or two elements. The
- first element (which may be an IP address, an IP prefix, an ACL name, or a nested
- :term:`address_match_list`) of each top-level list is checked against the source
- address of the query until a match is found. When the addresses in the first
- element overlap, the first rule to match is selected.
-
- Once the source address of the query has been matched, if the top-level
- statement contains only one element, the actual primitive element that
- matched the source address is used to select the address in the response
- to move to the beginning of the response. If the statement is a list of
- two elements, then the second element is interpreted as a topology
- preference list. Each top-level element is assigned a distance, and the
- address in the response with the minimum distance is moved to the
- beginning of the response.
-
- In the following example, any queries received from any of the addresses
- of the host itself get responses preferring addresses on any of the
- locally connected networks. Next most preferred are addresses on the
- 192.168.1/24 network, and after that either the 192.168.2/24 or
- 192.168.3/24 network, with no preference shown between these two
- networks. Queries received from a host on the 192.168.1/24 network
- prefer other addresses on that network to the 192.168.2/24 and
- 192.168.3/24 networks. Queries received from a host on the 192.168.4/24
- or the 192.168.5/24 network only prefer other addresses on their
- directly connected networks.
-
-::
-
- sortlist {
- // IF the local host
- // THEN first fit on the following nets
- { localhost;
- { localnets;
- 192.168.1/24;
- { 192.168.2/24; 192.168.3/24; }; }; };
- // IF on class C 192.168.1 THEN use .1, or .2 or .3
- { 192.168.1/24;
- { 192.168.1/24;
- { 192.168.2/24; 192.168.3/24; }; }; };
- // IF on class C 192.168.2 THEN use .2, or .1 or .3
- { 192.168.2/24;
- { 192.168.2/24;
- { 192.168.1/24; 192.168.3/24; }; }; };
- // IF on class C 192.168.3 THEN use .3, or .1 or .2
- { 192.168.3/24;
- { 192.168.3/24;
- { 192.168.1/24; 192.168.2/24; }; }; };
- // IF .4 or .5 THEN prefer that net
- { { 192.168.4/24; 192.168.5/24; };
- };
- };
-
-The following example illustrates reasonable behavior for the local host
-and hosts on directly connected networks. Responses sent to queries from the
-local host favor any of the directly connected networks. Responses
-sent to queries from any other hosts on a directly connected network
-prefer addresses on that same network. Responses to other queries
-are not sorted.
-
-::
-
- sortlist {
- { localhost; localnets; };
- { localnets; };
- };
-
.. _rrset_ordering:
RRset Ordering
:short: Defines the order in which equal RRs (RRsets) are returned.
The :any:`rrset-order` statement permits configuration of the ordering of
- the records in a multiple-record response. See also:
- :any:`sortlist`.
+ the records in a multiple-record response.
Each rule in an :any:`rrset-order` statement is defined as follows:
servers, resolvers, or other parts of the DNS. However, sorting of
multiple RRs is permitted for optimization purposes: for example, to
specify that a particular nearby server be tried first. See
-:any:`sortlist` and :ref:`rrset_ordering`.
+:ref:`rrset_ordering`.
The components of a Resource Record are:
sig-validity-interval <integer> [ <integer> ]; // obsolete
sig0checks-quota <integer>; // experimental
sig0checks-quota-exempt { <address_match_element>; ... }; // experimental
- sortlist { <address_match_element>; ... }; // deprecated
stale-answer-client-timeout ( disabled | off | <integer> );
stale-answer-enable <boolean>;
stale-answer-ttl <duration>;
sig-signing-signatures <integer>;
sig-signing-type <integer>;
sig-validity-interval <integer> [ <integer> ]; // obsolete
- sortlist { <address_match_element>; ... }; // deprecated
stale-answer-client-timeout ( disabled | off | <integer> );
stale-answer-enable <boolean>;
stale-answer-ttl <duration>;
interface - interval 1002;
statistics - interval 1003;
- topology {
- 10 / 8;
-
- !1.2.3 / 24;
-
- {
- 1.2 / 16;
- 3 / 8;
- };
- };
-
- sortlist {
- 10 / 8;
- 11 / 8;
- };
-
tkey - domain "foo.com";
tkey - dhkey "xyz" 666;
const dns_acl_t *acl, dns_aclenv_t *env, int *match,
const dns_aclelement_t **matchelt);
/*%<
- * General, low-level ACL matching. This is expected to
- * be useful even for weird stuff like the topology and sortlist statements.
+ * General, low-level ACL matching.
*
* Match the address 'reqaddr', and optionally the key name 'reqsigner',
* against 'acl'. 'reqsigner' may be NULL.
typedef struct dns_msgblock dns_msgblock_t;
-struct dns_sortlist_arg {
- dns_aclenv_t *env;
- dns_acl_t *acl;
- const dns_aclelement_t *element;
-};
-
typedef struct dns_minttl {
bool is_set;
dns_ttl_t ttl;
*/
isc_stdtime_t fuzztime;
- dns_rdatasetorderfunc_t order;
- dns_sortlist_arg_t order_arg;
-
dns_indent_t indent;
dns_minttl_t minttl[DNS_SECTION_MAX];
* a pointer to a region which refers the dns message.
*/
-void
-dns_message_setsortorder(dns_message_t *msg, dns_rdatasetorderfunc_t order,
- dns_aclenv_t *env, dns_acl_t *acl,
- const dns_aclelement_t *element);
-/*%<
- * Define the order in which RR sets get rendered by
- * dns_message_rendersection() to be the ascending order
- * defined by the integer value returned by 'order' when
- * given each RR and a ns_sortlist_arg_t constructed from 'env',
- * 'acl', and 'element' as arguments.
- *
- * If 'order' is NULL, a default order is used.
- *
- * Requires:
- *\li msg be a valid message.
- *\li If 'env' is NULL, 'order' must be NULL.
- *\li If 'env' is not NULL, 'order' must not be NULL and at least one of
- * 'acl' and 'element' must also not be NULL.
- */
-
void
dns_message_settimeadjust(dns_message_t *msg, int timeadjust);
/*%<
* dns_name_towire().
*/
-isc_result_t
-dns_rdataset_towiresorted(dns_rdataset_t *rdataset,
- const dns_name_t *owner_name, dns_compress_t *cctx,
- isc_buffer_t *target, dns_rdatasetorderfunc_t order,
- const void *order_arg, unsigned int options,
- unsigned int *countp);
-/*%<
- * Like dns_rdataset_towire(), but sorting the rdatasets according to
- * the integer value returned by 'order' when called with the rdataset
- * and 'order_arg' as arguments.
- *
- * Requires:
- *\li All the requirements of dns_rdataset_towire(), and
- * that order_arg is NULL if and only if order is NULL.
- */
-
isc_result_t
dns_rdataset_towirepartial(dns_rdataset_t *rdataset,
const dns_name_t *owner_name, dns_compress_t *cctx,
- isc_buffer_t *target, dns_rdatasetorderfunc_t order,
- const void *order_arg, unsigned int options,
+ isc_buffer_t *target, unsigned int options,
unsigned int *countp, void **state);
/*%<
- * Like dns_rdataset_towiresorted() except that a partial rdataset
- * may be written.
+ * Like dns_rdataset_towire() except that a partial rdataset may be written.
*
* Requires:
*\li All the requirements of dns_rdataset_towiresorted().
typedef struct dns_skr dns_skr_t;
typedef struct dns_slabheader dns_slabheader_t;
typedef ISC_LIST(dns_slabheader_t) dns_slabheaderlist_t;
-typedef struct dns_sortlist_arg dns_sortlist_arg_t;
typedef struct dns_ssurule dns_ssurule_t;
typedef struct dns_ssutable dns_ssutable_t;
typedef struct dns_stats dns_stats_t;
dns_acl_t *queryonacl;
dns_acl_t *recursionacl;
dns_acl_t *recursiononacl;
- dns_acl_t *sortlist;
dns_acl_t *notifyacl;
dns_acl_t *transferacl;
dns_acl_t *updateacl;
m->tcp_continuation = 0;
m->verified_sig = 0;
m->verify_attempted = 0;
- m->order = NULL;
- m->order_arg.env = NULL;
- m->order_arg.acl = NULL;
- m->order_arg.element = NULL;
m->query.base = NULL;
m->query.length = 0;
m->free_query = 0;
dynbuf = next_dynbuf;
}
- if (msg->order_arg.env != NULL) {
- dns_aclenv_detach(&msg->order_arg.env);
- }
- if (msg->order_arg.acl != NULL) {
- dns_acl_detach(&msg->order_arg.acl);
- }
-
/*
* Set other bits to normal default values.
*/
0 &&
(rdataset->attributes & DNS_RDATASETATTR_RENDERED) == 0)
{
- const void *order_arg = &msg->order_arg;
st = *(msg->buffer);
count = 0;
if (partial) {
result = dns_rdataset_towirepartial(
rdataset, name, msg->cctx, msg->buffer,
- msg->order, order_arg, rd_options,
- &count, NULL);
+ rd_options, &count, NULL);
} else {
- result = dns_rdataset_towiresorted(
+ result = dns_rdataset_towire(
rdataset, name, msg->cctx, msg->buffer,
- msg->order, order_arg, rd_options,
- &count);
+ rd_options, &count);
}
total += count;
if (partial && result == ISC_R_NOSPACE) {
if (partial) {
result = dns_rdataset_towirepartial(
rdataset, name, msg->cctx,
- msg->buffer, msg->order,
- &msg->order_arg, rd_options,
- &count, NULL);
+ msg->buffer, rd_options, &count,
+ NULL);
} else {
- result = dns_rdataset_towiresorted(
+ result = dns_rdataset_towire(
rdataset, name, msg->cctx,
- msg->buffer, msg->order,
- &msg->order_arg, rd_options,
+ msg->buffer, rd_options,
&count);
}
return &msg->saved;
}
-void
-dns_message_setsortorder(dns_message_t *msg, dns_rdatasetorderfunc_t order,
- dns_aclenv_t *env, dns_acl_t *acl,
- const dns_aclelement_t *elem) {
- REQUIRE(DNS_MESSAGE_VALID(msg));
- REQUIRE((order == NULL) == (env == NULL));
- REQUIRE(env == NULL || (acl != NULL || elem != NULL));
-
- msg->order = order;
- if (env != NULL) {
- dns_aclenv_attach(env, &msg->order_arg.env);
- }
- if (acl != NULL) {
- dns_acl_attach(acl, &msg->order_arg.acl);
- }
- msg->order_arg.element = elem;
-}
-
void
dns_message_settimeadjust(dns_message_t *msg, int timeadjust) {
REQUIRE(DNS_MESSAGE_VALID(msg));
dns_rdata_t *rdata;
};
-static int
-towire_compare(const void *av, const void *bv) {
- const struct towire_sort *a = (const struct towire_sort *)av;
- const struct towire_sort *b = (const struct towire_sort *)bv;
- return a->key - b->key;
-}
-
static void
swap_rdata(dns_rdata_t *in, unsigned int a, unsigned int b) {
dns_rdata_t rdata = in[a];
}
static isc_result_t
-towiresorted(dns_rdataset_t *rdataset, const dns_name_t *owner_name,
- dns_compress_t *cctx, isc_buffer_t *target,
- dns_rdatasetorderfunc_t order, const void *order_arg, bool partial,
- unsigned int options, unsigned int *countp,
- void **state ISC_ATTR_UNUSED) {
+towire(dns_rdataset_t *rdataset, const dns_name_t *owner_name,
+ dns_compress_t *cctx, isc_buffer_t *target, bool partial,
+ unsigned int options, unsigned int *countp,
+ void **state ISC_ATTR_UNUSED) {
isc_region_t r;
isc_result_t result;
unsigned int i, count = 0, added;
isc_buffer_t savedbuffer, rdlen, rrbuffer;
unsigned int headlen;
bool question = false;
- bool shuffle = false, sort = false;
+ bool shuffle = false;
bool want_random, want_cyclic;
dns_rdata_t in_fixed[MAX_SHUFFLE];
dns_rdata_t *in = in_fixed;
}
/*
- * Do we want to sort and/or shuffle this answer?
+ * Do we want to shuffle this answer?
*/
if (!question && count > 1 && rdataset->type != dns_rdatatype_rrsig) {
- if (order != NULL) {
- sort = true;
- }
if (want_random || want_cyclic) {
shuffle = true;
}
}
- if (shuffle || sort) {
+ if (shuffle) {
if (count > MAX_SHUFFLE) {
in = isc_mem_cget(cctx->mctx, count, sizeof(*in));
out = isc_mem_cget(cctx->mctx, count, sizeof(*out));
if (in == NULL || out == NULL) {
- shuffle = sort = false;
+ shuffle = false;
}
}
}
- if (shuffle || sort) {
+ if (shuffle) {
uint32_t seed = 0;
unsigned int j = 0;
swap_rdata(in, j, j + seed % (count - j));
}
- out[i].key = (sort) ? (*order)(&in[j], order_arg) : 0;
+ out[i].key = 0;
out[i].rdata = &in[j];
if (++j == count) {
j = 0;
}
}
- /*
- * Sortlist order.
- */
- if (sort) {
- qsort(out, count, sizeof(out[0]), towire_compare);
- }
}
savedbuffer = *target;
/*
* Copy out the rdata
*/
- if (shuffle || sort) {
+ if (shuffle) {
rdata = *(out[i].rdata);
} else {
dns_rdata_reset(&rdata);
added++;
}
- if (shuffle || sort) {
+ if (shuffle) {
i++;
if (i == count) {
result = ISC_R_NOMORE;
return result;
}
-isc_result_t
-dns_rdataset_towiresorted(dns_rdataset_t *rdataset,
- const dns_name_t *owner_name, dns_compress_t *cctx,
- isc_buffer_t *target, dns_rdatasetorderfunc_t order,
- const void *order_arg, unsigned int options,
- unsigned int *countp) {
- return towiresorted(rdataset, owner_name, cctx, target, order,
- order_arg, false, options, countp, NULL);
-}
-
isc_result_t
dns_rdataset_towirepartial(dns_rdataset_t *rdataset,
const dns_name_t *owner_name, dns_compress_t *cctx,
- isc_buffer_t *target, dns_rdatasetorderfunc_t order,
- const void *order_arg, unsigned int options,
+ isc_buffer_t *target, unsigned int options,
unsigned int *countp, void **state) {
REQUIRE(state == NULL); /* XXX remove when implemented */
- return towiresorted(rdataset, owner_name, cctx, target, order,
- order_arg, true, options, countp, state);
+ return towire(rdataset, owner_name, cctx, target, true, options, countp,
+ state);
}
isc_result_t
dns_rdataset_towire(dns_rdataset_t *rdataset, const dns_name_t *owner_name,
dns_compress_t *cctx, isc_buffer_t *target,
unsigned int options, unsigned int *countp) {
- return towiresorted(rdataset, owner_name, cctx, target, NULL, NULL,
- false, options, countp, NULL);
+ return towire(rdataset, owner_name, cctx, target, false, options,
+ countp, NULL);
}
isc_result_t
if (view->recursiononacl != NULL) {
dns_acl_detach(&view->recursiononacl);
}
- if (view->sortlist != NULL) {
- dns_acl_detach(&view->sortlist);
- }
if (view->transferacl != NULL) {
dns_acl_detach(&view->transferacl);
}
/*
* If we're nesting ACLs, put the nested
* ACL onto the elements list; otherwise
- * merge it into *this* ACL. We nest ACLs
- * in two cases: 1) sortlist, 2) if the
- * nested ACL contains negated members.
+ * merge it into *this* ACL. We nest the
+ * ACL if it contains negated members.
*/
if (inneracl != NULL) {
dns_acl_detach(&inneracl);
/*
* This should only be reached for localhost, localnets
* and keyname elements, and nested ACLs if nest_level is
- * nonzero (i.e., in sortlists).
+ * nonzero.
*/
if (de->nestedacl != NULL &&
de->type != dns_aclelementtype_nestedacl)
isc_result_t result = ISC_R_SUCCESS, tresult;
int i = 0;
- static const char *acls[] = { "allow-proxy",
- "allow-proxy-on",
- "allow-query",
- "allow-query-on",
- "allow-query-cache",
- "allow-query-cache-on",
- "blackhole",
- "match-clients",
- "match-destinations",
- "sortlist",
- NULL };
+ static const char *acls[] = {
+ "allow-proxy", "allow-proxy-on",
+ "allow-query", "allow-query-on",
+ "allow-query-cache", "allow-query-cache-on",
+ "blackhole", "match-clients",
+ "match-destinations", NULL
+ };
while (acls[i] != NULL) {
tresult = checkacl(acls[i++], actx, NULL, voptions, config,
{ "rrset-order", &cfg_type_rrsetorder, 0 },
{ "send-cookie", &cfg_type_boolean, 0 },
{ "servfail-ttl", &cfg_type_duration, 0 },
- { "sortlist", &cfg_type_bracketed_aml, CFG_CLAUSEFLAG_DEPRECATED },
+ { "sortlist", &cfg_type_bracketed_aml, CFG_CLAUSEFLAG_ANCIENT },
{ "stale-answer-enable", &cfg_type_boolean, 0 },
{ "stale-answer-client-timeout", &cfg_type_staleanswerclienttimeout,
0 },
include/ns/notify.h \
include/ns/query.h \
include/ns/server.h \
- include/ns/sortlist.h \
include/ns/stats.h \
include/ns/types.h \
include/ns/update.h \
probes.d \
query.c \
server.c \
- sortlist.c \
stats.c \
update.c \
xfrout.c
+++ /dev/null
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * SPDX-License-Identifier: MPL-2.0
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-#pragma once
-
-/*! \file */
-
-#include <isc/types.h>
-
-#include <dns/acl.h>
-#include <dns/types.h>
-
-/*%
- * Type for callback functions that rank addresses.
- */
-typedef int (*dns_addressorderfunc_t)(const isc_netaddr_t *address,
- const void *arg);
-
-/*%
- * Return value type for setup_sortlist.
- */
-typedef enum {
- NS_SORTLISTTYPE_NONE,
- NS_SORTLISTTYPE_1ELEMENT,
- NS_SORTLISTTYPE_2ELEMENT
-} ns_sortlisttype_t;
-
-ns_sortlisttype_t
-ns_sortlist_setup(dns_acl_t *acl, dns_aclenv_t *env, isc_netaddr_t *clientaddr,
- void **argp);
-/*%<
- * Find the sortlist statement in 'acl' (for ACL environment 'env')
- * that applies to 'clientaddr', if any.
- *
- * If a 1-element sortlist item applies, return NS_SORTLISTTYPE_1ELEMENT and
- * make '*argp' point to the matching subelement.
- *
- * If a 2-element sortlist item applies, return NS_SORTLISTTYPE_2ELEMENT and
- * make '*argp' point to ACL that forms the second element.
- *
- * If no sortlist item applies, return NS_SORTLISTTYPE_NONE and set '*argp'
- * to NULL.
- */
-
-int
-ns_sortlist_addrorder1(const isc_netaddr_t *addr, const void *arg);
-/*%<
- * Find the sort order of 'addr' in 'arg', the matching element
- * of a 1-element top-level sortlist statement.
- */
-
-int
-ns_sortlist_addrorder2(const isc_netaddr_t *addr, const void *arg);
-/*%<
- * Find the sort order of 'addr' in 'arg', a topology-like
- * ACL forming the second element in a 2-element top-level
- * sortlist statement.
- */
#include <ns/hooks.h>
#include <ns/interfacemgr.h>
#include <ns/server.h>
-#include <ns/sortlist.h>
#include <ns/stats.h>
#include <ns/xfrout.h>
return true;
}
-/*
- * Extract a network address from the RDATA of an A or AAAA
- * record.
- *
- * Returns:
- * ISC_R_SUCCESS
- * ISC_R_NOTIMPLEMENTED The rdata is not a known address type.
- */
-static isc_result_t
-rdata_tonetaddr(const dns_rdata_t *rdata, isc_netaddr_t *netaddr) {
- struct in_addr ina;
- struct in6_addr in6a;
-
- switch (rdata->type) {
- case dns_rdatatype_a:
- INSIST(rdata->length == 4);
- memmove(&ina.s_addr, rdata->data, 4);
- isc_netaddr_fromin(netaddr, &ina);
- return ISC_R_SUCCESS;
- case dns_rdatatype_aaaa:
- INSIST(rdata->length == 16);
- memmove(in6a.s6_addr, rdata->data, 16);
- isc_netaddr_fromin6(netaddr, &in6a);
- return ISC_R_SUCCESS;
- default:
- return ISC_R_NOTIMPLEMENTED;
- }
-}
-
static unsigned char inaddr10_offsets[] = { 0, 3, 11, 16 };
static unsigned char inaddr172_offsets[] = { 0, 3, 7, 15, 20 };
static unsigned char inaddr192_offsets[] = { 0, 4, 8, 16, 21 };
}
}
-/*
- * Find the sort order of 'rdata' in the topology-like
- * ACL forming the second element in a 2-element top-level
- * sortlist statement.
- */
-static int
-query_sortlist_order_2element(const dns_rdata_t *rdata, const void *arg) {
- isc_netaddr_t netaddr;
-
- if (rdata_tonetaddr(rdata, &netaddr) != ISC_R_SUCCESS) {
- return INT_MAX;
- }
- return ns_sortlist_addrorder2(&netaddr, arg);
-}
-
-/*
- * Find the sort order of 'rdata' in the matching element
- * of a 1-element top-level sortlist statement.
- */
-static int
-query_sortlist_order_1element(const dns_rdata_t *rdata, const void *arg) {
- isc_netaddr_t netaddr;
-
- if (rdata_tonetaddr(rdata, &netaddr) != ISC_R_SUCCESS) {
- return INT_MAX;
- }
- return ns_sortlist_addrorder1(&netaddr, arg);
-}
-
-/*
- * Find the sortlist statement that applies to 'client' and set up
- * the sortlist info in in client->message appropriately.
- */
-static void
-query_setup_sortlist(query_ctx_t *qctx) {
- isc_netaddr_t netaddr;
- ns_client_t *client = qctx->client;
- dns_aclenv_t *env = client->manager->aclenv;
- dns_acl_t *acl = NULL;
- dns_aclelement_t *elt = NULL;
- void *order_arg = NULL;
-
- isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
- switch (ns_sortlist_setup(client->view->sortlist, env, &netaddr,
- &order_arg))
- {
- case NS_SORTLISTTYPE_1ELEMENT:
- elt = order_arg;
- dns_message_setsortorder(client->message,
- query_sortlist_order_1element, env,
- NULL, elt);
- break;
- case NS_SORTLISTTYPE_2ELEMENT:
- acl = order_arg;
- dns_message_setsortorder(client->message,
- query_sortlist_order_2element, env,
- acl, NULL);
- dns_acl_detach(&acl);
- break;
- case NS_SORTLISTTYPE_NONE:
- break;
- default:
- UNREACHABLE();
- }
-}
-
/*
* When sending a referral, if the answer to the question is
* in the glue, sort it to the start of the additional section.
}
/*
- * We are done. Set up sortlist data for the message
- * rendering code, sort the answer to the front of the
+ * We are done. Sort the answer to the front of the
* additional section if necessary, make a final tweak
* to the AA bit if the auth-nxdomain config option
* says so, then render and send the response.
*/
- query_setup_sortlist(qctx);
query_glueanswer(qctx);
if (qctx->client->message->rcode == dns_rcode_nxdomain &&
+++ /dev/null
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * SPDX-License-Identifier: MPL-2.0
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-/*! \file */
-
-#include <isc/mem.h>
-#include <isc/result.h>
-#include <isc/util.h>
-
-#include <dns/acl.h>
-#include <dns/message.h>
-
-#include <ns/server.h>
-#include <ns/sortlist.h>
-
-ns_sortlisttype_t
-ns_sortlist_setup(dns_acl_t *acl, dns_aclenv_t *env, isc_netaddr_t *clientaddr,
- void **argp) {
- if (acl == NULL) {
- goto dont_sort;
- }
-
- for (size_t i = 0; i < acl->length; i++) {
- /*
- * 'e' refers to the current 'top level statement'
- * in the sortlist (see ARM).
- */
- dns_aclelement_t *e = &acl->elements[i];
- dns_aclelement_t *try_elt;
- dns_aclelement_t *order_elt = NULL;
- dns_aclelement_t *matched_elt = NULL;
-
- if (e->type == dns_aclelementtype_nestedacl) {
- dns_acl_t *inner = e->nestedacl;
-
- if (inner->length == 0) {
- try_elt = e;
- } else if (inner->length > 2) {
- goto dont_sort;
- } else if (inner->elements[0].negative) {
- goto dont_sort;
- } else {
- try_elt = &inner->elements[0];
- if (inner->length == 2) {
- order_elt = &inner->elements[1];
- }
- }
- } else {
- /*
- * BIND 8 allows bare elements at the top level
- * as an undocumented feature.
- */
- try_elt = e;
- }
-
- if (!dns_aclelement_match(
- clientaddr, NULL, try_elt, env,
- (const dns_aclelement_t **)&matched_elt))
- {
- continue;
- }
-
- if (order_elt == NULL) {
- INSIST(matched_elt != NULL);
- *argp = matched_elt;
- return NS_SORTLISTTYPE_1ELEMENT;
- }
-
- if (order_elt->type == dns_aclelementtype_nestedacl) {
- dns_acl_t *inner = NULL;
- dns_acl_attach(order_elt->nestedacl, &inner);
- *argp = inner;
- return NS_SORTLISTTYPE_2ELEMENT;
- }
-
- if (order_elt->type == dns_aclelementtype_localhost) {
- rcu_read_lock();
- dns_acl_t *inner = rcu_dereference(env->localhost);
- if (inner != NULL) {
- *argp = dns_acl_ref(inner);
- rcu_read_unlock();
- return NS_SORTLISTTYPE_2ELEMENT;
- }
- rcu_read_unlock();
- }
-
- if (order_elt->type == dns_aclelementtype_localnets) {
- rcu_read_lock();
- dns_acl_t *inner = rcu_dereference(env->localhost);
- if (inner != NULL) {
- *argp = dns_acl_ref(inner);
- rcu_read_unlock();
- return NS_SORTLISTTYPE_2ELEMENT;
- }
- rcu_read_unlock();
- }
-
- /*
- * BIND 8 allows a bare IP prefix as
- * the 2nd element of a 2-element
- * sortlist statement.
- */
- *argp = order_elt;
- return NS_SORTLISTTYPE_1ELEMENT;
- }
-
-dont_sort:
- *argp = NULL;
- return NS_SORTLISTTYPE_NONE;
-}
-
-int
-ns_sortlist_addrorder2(const isc_netaddr_t *addr, const void *arg) {
- const dns_sortlist_arg_t *sla = (const dns_sortlist_arg_t *)arg;
- dns_aclenv_t *env = sla->env;
- const dns_acl_t *sortacl = sla->acl;
- int match;
-
- (void)dns_acl_match(addr, NULL, sortacl, env, &match, NULL);
- if (match > 0) {
- return match;
- } else if (match < 0) {
- return INT_MAX - (-match);
- } else {
- return INT_MAX / 2;
- }
-}
-
-int
-ns_sortlist_addrorder1(const isc_netaddr_t *addr, const void *arg) {
- const dns_sortlist_arg_t *sla = (const dns_sortlist_arg_t *)arg;
- dns_aclenv_t *env = sla->env;
- const dns_aclelement_t *element = sla->element;
-
- if (dns_aclelement_match(addr, NULL, element, env, NULL)) {
- return 0;
- }
-
- return INT_MAX;
-}
result = ns_test_qctx_create(&qctx_params, &qctx);
INSIST(result == ISC_R_SUCCESS);
- isc_sockaddr_any(&qctx->client->peeraddr); /* for sortlist */
qctx->client->sendcb = send_noop;
/* Load a zone. it should have ns.foo/A */
projects / thirdparty / bind9.git / commitdiff
