From: Diego Fronza Date: Thu, 5 Nov 2020 16:07:47 +0000 (-0300) Subject: Warn if 'stale-refresh-time' < 30 (default) X-Git-Tag: v9.17.7~5^2~10 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5e47a13fd05b6e146ad5a89f2f23701d950a608d;p=thirdparty%2Fbind9.git Warn if 'stale-refresh-time' < 30 (default) RFC 8767 recommends that attempts to refresh to be done no more frequently than every 30 seconds. Added check into named-checkconf, which will warn if values below the default are found in configuration. BIND will also log the warning during loading of configuration in the same fashion. --- diff --git a/bin/tests/system/checkconf/servestale.stale-refresh-time.0.conf b/bin/tests/system/checkconf/servestale.stale-refresh-time.0.conf new file mode 100644 index 00000000000..2e58140c2a9 --- /dev/null +++ b/bin/tests/system/checkconf/servestale.stale-refresh-time.0.conf @@ -0,0 +1,14 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + stale-refresh-time 0; +}; diff --git a/bin/tests/system/checkconf/servestale.stale-refresh-time.29.conf b/bin/tests/system/checkconf/servestale.stale-refresh-time.29.conf new file mode 100644 index 00000000000..92fe8dcf8c0 --- /dev/null +++ b/bin/tests/system/checkconf/servestale.stale-refresh-time.29.conf @@ -0,0 +1,14 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + stale-refresh-time 29; +}; diff --git a/bin/tests/system/checkconf/tests.sh b/bin/tests/system/checkconf/tests.sh index d8e6db714e5..244c226469c 100644 --- a/bin/tests/system/checkconf/tests.sh +++ b/bin/tests/system/checkconf/tests.sh @@ -139,6 +139,19 @@ grep '.*' < checkconf.out$n.2 > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` +n=`expr $n + 1` +echo_i "checking named-checkconf servestale warnings ($n)" +ret=0 +$CHECKCONF servestale.stale-refresh-time.0.conf > checkconf.out$n.1 2>&1 +grep "'stale-refresh-time' should either be 0 or otherwise 30 seconds or higher" < checkconf.out$n.1 > /dev/null && ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` +ret=0 +$CHECKCONF servestale.stale-refresh-time.29.conf > checkconf.out$n.1 2>&1 +grep "'stale-refresh-time' should either be 0 or otherwise 30 seconds or higher" < checkconf.out$n.1 > /dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` + n=`expr $n + 1` echo_i "range checking fields that do not allow zero ($n)" ret=0 diff --git a/lib/bind9/check.c b/lib/bind9/check.c index fde3ec12bbb..e1b986bc14d 100644 --- a/lib/bind9/check.c +++ b/lib/bind9/check.c @@ -1662,6 +1662,17 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, } } + obj = NULL; + (void)cfg_map_get(options, "stale-refresh-time", &obj); + if (obj != NULL) { + uint32_t refresh_time = cfg_obj_asduration(obj); + if (refresh_time > 0 && refresh_time < 30) { + cfg_obj_log(obj, logctx, ISC_LOG_WARNING, + "'stale-refresh-time' should either be 0 " + "or otherwise 30 seconds or higher"); + } + } + return (result); }