From: Colin Vidal <colin@isc.org>
Date: Tue, 3 Jun 2025 14:12:59 +0000 (+0200)
Subject: initialize queryonacl dns_view_t property
X-Git-Tag: v9.21.9~4^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=48dc763949016991adf8cd5886a006176e83042f;p=thirdparty%2Fbind9.git

initialize queryonacl dns_view_t property

A dns_view_t has a queryonacl property, which is supposed to hold the
ACL matching the configuration "allow-query-on". However the code
parsing this configuration ACL was missing (or removed by mistake?),
hence this property was always NULL. The ACL was still built but
individually for each zone (which checks if the property exists in the
zone definition, view definition, and finally options definition).

It now create the ACL instance at the view level, enabling zones to
share the same (identical) ACL instead of having their own copies.
---

diff --git a/bin/named/server.c b/bin/named/server.c
index cccd1924052..949059f801e 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -4885,6 +4885,10 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config,
 	CHECK(configure_view_acl(vconfig, config, NULL, "allow-query-cache-on",
 				 NULL, actx, named_g_mctx, &view->cacheonacl));
 
+	CHECK(configure_view_acl(vconfig, config, named_g_config,
+				 "allow-query-on", NULL, actx, named_g_mctx,
+				 &view->queryonacl));
+
 	CHECK(configure_view_acl(vconfig, config, named_g_config, "allow-proxy",
 				 NULL, actx, named_g_mctx, &view->proxyacl));