static isc_result_t
configure_rpz(dns_view_t *view, dns_view_t *pview, const cfg_obj_t *rpz_obj,
- bool *old_rpz_okp) {
+ bool *old_rpz_okp, bool first_time) {
const cfg_obj_t *zonelist = NULL;
const cfg_obj_t *sub_obj = NULL;
bool recursive_only_default, add_soa_default;
}
nsdname_on = nsdname_enabled ? DNS_RPZ_ALL_ZBITS : 0;
- result = dns_rpz_new_zones(view, &view->rpzs);
+ result = dns_rpz_new_zones(view, &view->rpzs, first_time);
if (result != ISC_R_SUCCESS) {
return result;
}
}
if (*old_rpz_okp) {
+ /* Discard the newly created rpzs. */
dns_rpz_zones_shutdown(view->rpzs);
dns_rpz_zones_detach(&view->rpzs);
+
+ /*
+ * We are reusing the old rpzs, so it can no longer be its
+ * first time.
+ */
+ pview->rpzs->first_time = false;
+
+ /* Reuse rpzs from the old view. */
dns_rpz_zones_attach(pview->rpzs, &view->rpzs);
dns_rpz_zones_detach(&pview->rpzs);
} else if (old != NULL && pview != NULL) {
cfg_obj_t *vconfig, named_cachelist_t *cachelist,
named_cachelist_t *oldcachelist, dns_kasplist_t *kasplist,
dns_keystorelist_t *keystores, const cfg_obj_t *bindkeys,
- isc_mem_t *mctx, cfg_aclconfctx_t *actx, bool need_hints) {
+ isc_mem_t *mctx, cfg_aclconfctx_t *actx, bool need_hints,
+ bool first_time) {
const cfg_obj_t *maps[4];
const cfg_obj_t *cfgmaps[3];
const cfg_obj_t *optionmaps[3];
if (view->rdclass == dns_rdataclass_in && need_hints &&
named_config_get(maps, "response-policy", &obj) == ISC_R_SUCCESS)
{
- CHECK(configure_rpz(view, NULL, obj, &old_rpz_ok));
+ CHECK(configure_rpz(view, NULL, obj, &old_rpz_ok, first_time));
rpz_configured = true;
}
* done previously in the "correct" order.
*/
result2 = configure_rpz(pview, view, obj,
- &old_rpz_ok);
+ &old_rpz_ok,
+ first_time);
if (result2 != ISC_R_SUCCESS) {
isc_log_write(NAMED_LOGCATEGORY_GENERAL,
NAMED_LOGMODULE_SERVER,
goto cleanup_cachelist;
}
- result = configure_view(view, &viewlist, config, vconfig,
- &cachelist, &server->cachelist,
- &server->kasplist,
- &server->keystorelist, bindkeys,
- isc_g_mctx, named_g_aclconfctx, true);
+ result = configure_view(
+ view, &viewlist, config, vconfig, &cachelist,
+ &server->cachelist, &server->kasplist,
+ &server->keystorelist, bindkeys, isc_g_mctx,
+ named_g_aclconfctx, true, first_time);
if (result != ISC_R_SUCCESS) {
dns_view_detach(&view);
goto cleanup_cachelist;
if (result != ISC_R_SUCCESS) {
goto cleanup_cachelist;
}
- result = configure_view(view, &viewlist, config, NULL,
- &cachelist, &server->cachelist,
- &server->kasplist,
- &server->keystorelist, bindkeys,
- isc_g_mctx, named_g_aclconfctx, true);
+ result = configure_view(
+ view, &viewlist, config, NULL, &cachelist,
+ &server->cachelist, &server->kasplist,
+ &server->keystorelist, bindkeys, isc_g_mctx,
+ named_g_aclconfctx, true, first_time);
if (result != ISC_R_SUCCESS) {
dns_view_detach(&view);
goto cleanup_cachelist;
goto cleanup_cachelist;
}
- result = configure_view(view, &viewlist, config, vconfig,
- &cachelist, &server->cachelist,
- &server->kasplist,
- &server->keystorelist, bindkeys,
- isc_g_mctx, named_g_aclconfctx, false);
+ result = configure_view(
+ view, &viewlist, config, vconfig, &cachelist,
+ &server->cachelist, &server->kasplist,
+ &server->keystorelist, bindkeys, isc_g_mctx,
+ named_g_aclconfctx, false, first_time);
if (result != ISC_R_SUCCESS) {
dns_view_detach(&view);
goto cleanup_cachelist;
projects / thirdparty / bind9.git / commitdiff
