listen-on-v6 {any;};\n\
# lock-file \"" NAMED_LOCALSTATEDIR "/run/named/named.lock\";\n\
match-mapped-addresses no;\n\
+ max-ixfr-ratio 100%;\n\
max-rsa-exponent-size 0; /* no limit */\n\
max-udp-size 4096;\n\
memstatistics-file \"named.memstats\";\n\
ixfrdiff);
}
+ obj = NULL;
+ result = named_config_get(maps, "max-ixfr-ratio", &obj);
+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
+ if (cfg_obj_isstring(obj)) {
+ dns_zone_setixfrratio(zone, 0);
+ } else {
+ dns_zone_setixfrratio(zone, cfg_obj_aspercentage(obj));
+ }
+
obj = NULL;
result = named_config_get(maps, "request-expire", &obj);
INSIST(result == ISC_R_SUCCESS);
--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+zone example {
+ type master;
+ masterfile-format map;
+ file "example.db";
+ max-ixfr-ratio 0.9;
+};
--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+zone example {
+ type master;
+ masterfile-format map;
+ file "example.db";
+ max-ixfr-ratio 0%;
+};
--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+zone example {
+ type master;
+ masterfile-format map;
+ file "example.db";
+ max-ixfr-ratio 50%;
+};
--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+zone example {
+ type master;
+ masterfile-format map;
+ file "example.db";
+ max-ixfr-ratio unlimited;
+};
"corp";
};
dnssec-policy "test";
+ max-ixfr-ratio 90%;
transfer-source 0.0.0.0 dscp 63;
zone-statistics none;
};
type master;
file "xxx";
update-policy local;
+ max-ixfr-ratio 20%;
notify-source 10.10.10.10 port 53 dscp 55;
};
zone "clone" {
type master;
file "yyy";
+ max-ixfr-ratio unlimited;
};
dnssec-validation auto;
zone-statistics terse;
[ -s good-kasp.conf.in ] || ret=1
$CHECKCONF -p good-kasp.conf.in | grep -v '^good-kasp.conf.in:' > good-kasp.conf.out 2>&1 || ret=1
cmp good-kasp.conf.in good-kasp.conf.out || ret=1
-
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
+n=`expr $n + 1`
+echo_i "check that max-ixfr-ratio 100% generates a warning ($n)"
+ret=0
+$CHECKCONF warn-maxratio1.conf > checkconf.out$n 2>/dev/null || ret=1
+grep "exceeds 100%" < checkconf.out$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
+status=`expr $status + $ret`
+
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1
--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+zone example {
+ type master;
+ masterfile-format map;
+ file "example.db";
+ max-ixfr-ratio 101%;
+};
type slave;
file "mytest.db";
masters { 10.53.0.3; };
+ max-ixfr-ratio unlimited;
};
zone "sub.test" IN {
type slave;
}
}
+ obj = NULL;
+ (void)cfg_map_get(options, "max-ixfr-ratio", &obj);
+ if (obj != NULL && cfg_obj_ispercentage(obj)) {
+ uint32_t percent = cfg_obj_aspercentage(obj);
+ if (percent == 0) {
+ cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
+ "'ixfr-max-ratio' must be a nonzero "
+ "percentage or 'unlimited')");
+ if (result == ISC_R_SUCCESS) {
+ result = ISC_R_RANGE;
+ }
+ } else if (percent > 100) {
+ cfg_obj_log(obj, logctx, ISC_LOG_WARNING,
+ "'ixfr-max-ratio %d%%' exceeds 100%%",
+ percent);
+ }
+ }
+
return (result);
}
* \li 'zone' to be valid.
*/
+uint32_t
+dns_zone_getixfrratio(dns_zone_t *zone);
+/*%
+ * Returns the zone's current IXFR ratio.
+ *
+ * Requires:
+ * \li 'zone' to be valid.
+ */
+
+void
+dns_zone_setixfrratio(dns_zone_t *zone, uint32_t ratio);
+/*%
+ * Sets the ratio of IXFR size to zone size above which we use an AXFR
+ * response, expressed as a percentage. Cannot exceed 100.
+ *
+ * Requires:
+ * \li 'zone' to be valid.
+ */
+
void
dns_zone_setserialupdatemethod(dns_zone_t *zone, dns_updatemethod_t method);
/*%
dns_zone_getidlein
dns_zone_getidleout
dns_zone_getincludes
+dns_zone_getixfrratio
dns_zone_getjournal
dns_zone_getjournalsize
dns_zone_getkasp
dns_zone_setidlein
dns_zone_setidleout
dns_zone_setisself
+dns_zone_setixfrratio
dns_zone_setjournal
dns_zone_setjournalsize
dns_zone_setkasp
* whether ixfr is requested
*/
bool requestixfr;
+ uint32_t ixfr_ratio;
/*%
* whether EDNS EXPIRE is requested
zone->sourceserial = 0;
zone->sourceserialset = false;
zone->requestixfr = true;
+ zone->ixfr_ratio = 100;
zone->requestexpire = true;
ISC_LIST_INIT(zone->rss_events);
ISC_LIST_INIT(zone->rss_post);
return (zone->requestixfr);
}
+void
+dns_zone_setixfrratio(dns_zone_t *zone, uint32_t ratio) {
+ REQUIRE(DNS_ZONE_VALID(zone));
+ zone->ixfr_ratio = ratio;
+}
+
+uint32_t
+dns_zone_getixfrratio(dns_zone_t *zone) {
+ REQUIRE(DNS_ZONE_VALID(zone));
+ return (zone->ixfr_ratio);
+}
+
void
dns_zone_setrequestexpire(dns_zone_t *zone, bool flag) {
REQUIRE(DNS_ZONE_VALID(zone));
static cfg_type_t cfg_type_dyndb;
static cfg_type_t cfg_type_plugin;
static cfg_type_t cfg_type_ixfrdifftype;
+static cfg_type_t cfg_type_ixfrratio;
static cfg_type_t cfg_type_key;
static cfg_type_t cfg_type_logfile;
static cfg_type_t cfg_type_logging;
CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR | CFG_ZONE_STUB |
CFG_ZONE_REDIRECT },
{ "max-ixfr-log-size", &cfg_type_size, CFG_CLAUSEFLAG_ANCIENT },
+ { "max-ixfr-ratio", &cfg_type_ixfrratio,
+ CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR },
{ "max-journal-size", &cfg_type_size,
CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR },
{ "max-records", &cfg_type_uint32,
doc_parse_size_or_percent, &cfg_rep_string, sizeorpercent_enums
};
+/*%
+ * An IXFR size ratio: percentage, or "unlimited".
+ */
+
+static isc_result_t
+parse_ixfrratio(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
+ return (cfg_parse_enum_or_other(pctx, type, &cfg_type_percentage, ret));
+}
+
+static void
+doc_ixfrratio(cfg_printer_t *pctx, const cfg_type_t *type) {
+ UNUSED(type);
+ cfg_print_cstr(pctx, "( unlimited | ");
+ cfg_doc_terminal(pctx, &cfg_type_percentage);
+ cfg_print_cstr(pctx, " )");
+}
+
+static const char *ixfrratio_enums[] = { "unlimited", NULL };
+static cfg_type_t cfg_type_ixfrratio = { "ixfr_ratio", parse_ixfrratio,
+ NULL, doc_ixfrratio,
+ NULL, ixfrratio_enums };
+
/*%
* optional_keyvalue
*/
projects / thirdparty / bind9.git / commitdiff
