makes :program:`named-checkzone` useful for checking zone files before
configuring them into a name server.
+.. warning::
+
+ :program:`named-checkzone` must not be run on zone text from an
+ untrusted source. Zone files may contain ``$INCLUDE`` directives,
+ which cause the parser to read arbitrary files readable by the
+ invoking user; fragments of those files can leak through parser
+ error messages. Run the tool only on zone text whose author you
+ trust, or under a dedicated unprivileged user with no access to
+ sensitive files.
+
Options
~~~~~~~
ensure that the zone compiles with the default requirements of
:iscman:`named`.
+.. warning::
+
+ :program:`named-compilezone` must not be run on zone text from an
+ untrusted source. Zone files may contain ``$INCLUDE`` directives,
+ which cause the parser to read arbitrary files readable by the
+ invoking user; fragments of those files can leak through parser
+ error messages. Run the tool only on zone text whose author you
+ trust, or under a dedicated unprivileged user with no access to
+ sensitive files.
+
Options
~~~~~~~
#define DNS_MASTER_MANYERRORS \
0x00000002 /*%< Continue processing on errors. \
*/
-#define DNS_MASTER_NOINCLUDE 0x00000004 /*%< Disallow $INCLUDE directives. */
#define DNS_MASTER_ZONE 0x00000008 /*%< Loading a zone master file. */
#define DNS_MASTER_HINT 0x00000010 /*%< Loading a hint master file. */
#define DNS_MASTER_SECONDARY 0x00000020 /*%< Secondary master file. */
0)
{
COMMITALL;
- if ((lctx->options & DNS_MASTER_NOINCLUDE) != 0)
- {
- (callbacks->error)(callbacks,
- "%s: %s:%lu: "
- "$INCLUDE not "
- "allowed",
- "dns_master_load",
- source, line);
- result = DNS_R_REFUSED;
- goto insist_and_cleanup;
- }
if (ttl_offset != 0) {
(callbacks->error)(callbacks,
"%s: %s:%lu: "
projects / thirdparty / bind9.git / commitdiff
