- add unbound-control insecure_add and insecure_remove for the

  administration of negative trust anchors.

git-svn-id: file:///svn/unbound/trunk@2895 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/daemon/remote.c b/daemon/remote.c
index 5dc05c5fa49fcd58dcaf9207b3d1b8c741147494..268c467712142a64c58a7dc9bd7fc92dd462dad7 100644 (file)
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -1663,6 +1663,38 @@ do_stub_remove(SSL* ssl, struct worker* worker, char* args)
        send_ok(ssl);
 }
 
+/** do the insecure_add command */
+static void
+do_insecure_add(SSL* ssl, struct worker* worker, char* arg)
+{
+       size_t nmlen;
+       int nmlabs;
+       uint8_t* nm = NULL;
+       if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs))
+               return;
+       if(!anchors_add_insecure(worker->env.anchors, LDNS_RR_CLASS_IN, nm)) {
+               (void)ssl_printf(ssl, "error out of memory\n");
+               free(nm);
+               return;
+       }
+       free(nm);
+       send_ok(ssl);
+}
+
+/** do the insecure_remove command */
+static void
+do_insecure_remove(SSL* ssl, struct worker* worker, char* arg)
+{
+       size_t nmlen;
+       int nmlabs;
+       uint8_t* nm = NULL;
+       if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs))
+               return;
+       anchors_delete_insecure(worker->env.anchors, LDNS_RR_CLASS_IN, nm);
+       free(nm);
+       send_ok(ssl);
+}
+
 /** do the status command */
 static void
 do_status(SSL* ssl, struct worker* worker)
@@ -2050,6 +2082,16 @@ execute_cmd(struct daemon_remote* rc, SSL* ssl, char* cmd,
                if(rc) distribute_cmd(rc, ssl, cmd);
                do_forward_remove(ssl, worker, skipwhite(p+14));
                return;
+       } else if(cmdcmp(p, "insecure_add", 12)) {
+               /* must always distribute this cmd */
+               if(rc) distribute_cmd(rc, ssl, cmd);
+               do_insecure_add(ssl, worker, skipwhite(p+12));
+               return;
+       } else if(cmdcmp(p, "insecure_remove", 15)) {
+               /* must always distribute this cmd */
+               if(rc) distribute_cmd(rc, ssl, cmd);
+               do_insecure_remove(ssl, worker, skipwhite(p+15));
+               return;
        } else if(cmdcmp(p, "forward", 7)) {
                /* must always distribute this cmd */
                if(rc) distribute_cmd(rc, ssl, cmd);

diff --git a/doc/Changelog b/doc/Changelog
index d2e1728bcf4b21bab86bb35e055415bcbfb2ef01..2b0b80aa01efdfd7e9ff40d045f1db574313be81 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+26 April 2013: Wouter
+       - add unbound-control insecure_add and insecure_remove for the
+         administration of negative trust anchors.
+
 25 April 2013: Wouter
        - Implement max-udp-size config option, default 4096 (thanks
          Daisuke Higashi).

diff --git a/doc/unbound-control.8.in b/doc/unbound-control.8.in
index 299e0d4fdf4f916cc323b36be459cf09d6c8da04..3a9abfc22cc45d3432f63e436b3bc7c3a39083e2 100644 (file)
--- a/doc/unbound-control.8.in
+++ b/doc/unbound-control.8.in
@@ -196,6 +196,14 @@ List the local zones in use.  These are printed one per line with zone type.
 .B list_local_data
 List the local data RRs in use.  The resource records are printed.
 .TP
+.B insecure_add \fIzone
+Add a \fBdomain\-insecure\fR for the given zone, like the statement in unbound.conf.
+Adds to the running unbound without affecting the cache contents (which may
+still be bogus, use \fBflush_zone\fR to remove it), does not affect the config file.
+.TP
+.B insecure_remove \fIzone
+Removes domain\-insecure for the given zone.
+.TP
 .B forward_add \fR[\fI+i\fR] \fIzone addr ...
 Add a new forward zone to running unbound.  With +i option also adds a
 \fIdomain\-insecure\fR for the zone (so it can resolve insecurely if you have

diff --git a/smallapp/unbound-control.c b/smallapp/unbound-control.c
index cc48866c5dbd75e89c5f8241f615efb1d2fbcd21..43a52fd49674337046147d33203861d49abd5b7a 100644 (file)
--- a/smallapp/unbound-control.c
+++ b/smallapp/unbound-control.c
@@ -106,6 +106,8 @@ usage()
        printf("  list_forwards                 list forward-zones in use\n");
        printf("  list_local_zones              list local-zones in use\n");
        printf("  list_local_data               list local-data RRs in use\n");
+       printf("  insecure_add zone             add domain-insecure zone\n");
+       printf("  insecure_remove zone          remove domain-insecure zone\n");
        printf("  forward_add [+i] zone addr..  add forward-zone with servers\n");
        printf("  forward_remove [+i] zone      remove forward zone\n");
        printf("  stub_add [+ip] zone addr..    add stub-zone with servers\n");