From: Wouter Wijngaards Date: Thu, 22 Nov 2007 09:30:44 +0000 (+0000) Subject: defaults. X-Git-Tag: release-0.8~13 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6b0cf42b32807817589f67f8a77daa3b48a90753;p=thirdparty%2Funbound.git defaults. git-svn-id: file:///svn/unbound/trunk@774 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/checkconf/unbound-checkconf.c b/checkconf/unbound-checkconf.c index df1938042..59e90b125 100644 --- a/checkconf/unbound-checkconf.c +++ b/checkconf/unbound-checkconf.c @@ -50,6 +50,7 @@ #include "util/regional.h" #include "iterator/iterator.h" #include "validator/validator.h" +#include "services/localzone.h" #include /** Give checkconf usage, and exit (1). */ @@ -93,6 +94,7 @@ morechecks(struct config_file* cfg) struct sockaddr_storage a; socklen_t alen; struct config_str2list* acl; + struct local_zones* zs; for(i=0; inum_ifs; i++) { if(!ipstrtoaddr(cfg->ifs[i], UNBOUND_DNS_PORT, &a, &alen)) { fatal_exit("cannot parse interface specified as '%s'", @@ -140,7 +142,7 @@ morechecks(struct config_file* cfg) if(strcmp(cfg->module_conf, "iterator") != 0 && strcmp(cfg->module_conf, "validator iterator") != 0) { - fatal_exit("module conf %s is not known to work", + fatal_exit("module conf '%s' is not known to work", cfg->module_conf); } @@ -150,6 +152,13 @@ morechecks(struct config_file* cfg) fatal_exit("user '%s' does not exist.", cfg->username); endpwent(); } + + if(!(zs = local_zones_create())) + fatal_exit("out of memory"); + if(!local_zones_apply_cfg(zs, cfg)) + fatal_exit("failed local-zone, local-data configuration"); + local_zones_print(zs); /* @@@ DEBUG */ + local_zones_delete(zs); } /** check config file */ diff --git a/daemon/daemon.c b/daemon/daemon.c index 5314aa01f..0d6ad4b26 100644 --- a/daemon/daemon.c +++ b/daemon/daemon.c @@ -50,6 +50,7 @@ #include "services/listen_dnsport.h" #include "services/cache/rrset.h" #include "services/cache/infra.h" +#include "services/localzone.h" #include "util/module.h" #include "iterator/iterator.h" #include "validator/validator.h" @@ -406,6 +407,10 @@ daemon_fork(struct daemon* daemon) log_assert(daemon); if(!acl_list_apply_cfg(daemon->acl, daemon->cfg)) fatal_exit("Could not setup access control list"); + if(!(daemon->local_zones = local_zones_create())) + fatal_exit("Could not create local zones: out of memory"); + if(!local_zones_apply_cfg(daemon->local_zones, daemon->cfg)) + fatal_exit("Could not set up local zones"); /* setup modules */ daemon_setup_modules(daemon); @@ -452,6 +457,8 @@ daemon_cleanup(struct daemon* daemon) * The infra cache is kept, the timing and edns info is still valid */ slabhash_clear(&daemon->env->rrset_cache->table); slabhash_clear(daemon->env->msg_cache); + local_zones_delete(daemon->local_zones); + daemon->local_zones = NULL; /* key cache is cleared by module desetup during next daemon_init() */ for(i=0; inum; i++) worker_delete(daemon->workers[i]); diff --git a/daemon/daemon.h b/daemon/daemon.h index 8d6f06d56..37bc219b5 100644 --- a/daemon/daemon.h +++ b/daemon/daemon.h @@ -51,6 +51,7 @@ struct slabhash; struct module_env; struct rrset_cache; struct acl_list; +struct local_zones; /** * Structure holding worker list. @@ -81,6 +82,8 @@ struct daemon { struct module_func_block** modfunc; /** access control, which client IPs are allowed to connect */ struct acl_list* acl; + /** local authority zones */ + struct local_zones* local_zones; }; /** diff --git a/doc/Changelog b/doc/Changelog index 1b081c9c4..22207fce3 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,8 @@ +22 November 2007: Wouter + - noted EDNS in-the-middle dropping trouble as a TODO. + At this point theoretical, no user trouble has been reported. + - added all default AS112 zones. + 21 November 2007: Wouter - local zone internal data setup. diff --git a/doc/TODO b/doc/TODO index be871918e..124802664 100644 --- a/doc/TODO +++ b/doc/TODO @@ -57,3 +57,4 @@ o use privilege separation, to change privilege options during reload securely o check if for PowerDNS(2.9.21) CNAME in Answer section & rcode=NXDOMAIN needs to be fixed up to be rcode=NOERROR? o On Windows use CryptGenRandom() to get random seed for arc4random. +o Think about intermediate firewalls dropping EDNS UDP & handling that. diff --git a/services/localzone.c b/services/localzone.c index 205177117..fa849dfb4 100644 --- a/services/localzone.c +++ b/services/localzone.c @@ -392,7 +392,7 @@ lz_enter_rr_into_zone(struct local_zone* z, ldns_buffer* buf, log_err("out of memory adding local data"); return 0; } - node->node.key = &node; + node->node.key = node; node->name = regional_alloc_init(z->region, key.name, key.namelen); if(!node->name) { @@ -496,6 +496,27 @@ lz_nodefault(struct config_file* cfg, const char* name) return 0; } +/** enter AS112 default zone */ +static int +add_as112_default(struct local_zones* zones, struct config_file* cfg, + ldns_buffer* buf, char* name) +{ + struct local_zone* z; + char str[1024]; /* known long enough */ + if(lz_exists(zones, name) || lz_nodefault(cfg, name)) + return 1; /* do not enter default content */ + if(!(z=lz_enter_zone(zones, name, "static", LDNS_RR_CLASS_IN))) + return 0; + snprintf(str, sizeof(str), "%s 10800 IN SOA localhost. " + "nobody.invalid. 1 3600 1200 604800 10800", name); + if(!lz_enter_rr_into_zone(z, buf, str)) + return 0; + snprintf(str, sizeof(str), "%s 10800 IN NS localhost. ", name); + if(!lz_enter_rr_into_zone(z, buf, str)) + return 0; + return 1; +} + /** enter default zones */ static int lz_enter_defaults(struct local_zones* zones, struct config_file* cfg, @@ -521,8 +542,70 @@ lz_enter_defaults(struct local_zones* zones, struct config_file* cfg, return 0; } } - /* @@@ TODO other zones */ - return 0; + /* reverse ip4 zone */ + if(!lz_exists(zones, "127.in-addr.arpa.") && + !lz_nodefault(cfg, "127.in-addr.arpa.")) { + if(!(z=lz_enter_zone(zones, "127.in-addr.arpa.", "static", + LDNS_RR_CLASS_IN)) || + !lz_enter_rr_into_zone(z, buf, + "127.in-addr.arpa. 10800 IN NS localhost.") || + !lz_enter_rr_into_zone(z, buf, + "127.in-addr.arpa. 10800 IN SOA localhost. " + "nobody.invalid. 1 3600 1200 604800 10800") || + !lz_enter_rr_into_zone(z, buf, + "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost.")) { + log_err("out of memory adding default zone"); + return 0; + } + } + /* reverse ip6 zone */ + if(!lz_exists(zones, "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.") && + !lz_nodefault(cfg, "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.")) { + if(!(z=lz_enter_zone(zones, "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.", "static", + LDNS_RR_CLASS_IN)) || + !lz_enter_rr_into_zone(z, buf, + "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN NS localhost.") || + !lz_enter_rr_into_zone(z, buf, + "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN SOA localhost. " + "nobody.invalid. 1 3600 1200 604800 10800") || + !lz_enter_rr_into_zone(z, buf, + "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN PTR localhost.")) { + log_err("out of memory adding default zone"); + return 0; + } + } + if ( !add_as112_default(zones, cfg, buf, "10.in-addr.arpa") || + !add_as112_default(zones, cfg, buf, "16.172.in-addr.arpa") || + !add_as112_default(zones, cfg, buf, "17.172.in-addr.arpa") || + !add_as112_default(zones, cfg, buf, "18.172.in-addr.arpa") || + !add_as112_default(zones, cfg, buf, "19.172.in-addr.arpa") || + !add_as112_default(zones, cfg, buf, "20.172.in-addr.arpa") || + !add_as112_default(zones, cfg, buf, "21.172.in-addr.arpa") || + !add_as112_default(zones, cfg, buf, "22.172.in-addr.arpa") || + !add_as112_default(zones, cfg, buf, "23.172.in-addr.arpa") || + !add_as112_default(zones, cfg, buf, "24.172.in-addr.arpa") || + !add_as112_default(zones, cfg, buf, "25.172.in-addr.arpa") || + !add_as112_default(zones, cfg, buf, "26.172.in-addr.arpa") || + !add_as112_default(zones, cfg, buf, "27.172.in-addr.arpa") || + !add_as112_default(zones, cfg, buf, "28.172.in-addr.arpa") || + !add_as112_default(zones, cfg, buf, "29.172.in-addr.arpa") || + !add_as112_default(zones, cfg, buf, "30.172.in-addr.arpa") || + !add_as112_default(zones, cfg, buf, "31.172.in-addr.arpa") || + !add_as112_default(zones, cfg, buf, "168.192.in-addr.arpa") || + !add_as112_default(zones, cfg, buf, "0.in-addr.arpa") || + !add_as112_default(zones, cfg, buf, "254.169.in-addr.arpa") || + !add_as112_default(zones, cfg, buf, "2.0.192.in-addr.arpa") || + !add_as112_default(zones, cfg, buf, "255.255.255.255.in-addr.arpa") || + !add_as112_default(zones, cfg, buf, "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.") || + !add_as112_default(zones, cfg, buf, "d.f.ip6.arpa.") || + !add_as112_default(zones, cfg, buf, "8.e.f.ip6.arpa.") || + !add_as112_default(zones, cfg, buf, "9.e.f.ip6.arpa.") || + !add_as112_default(zones, cfg, buf, "a.e.f.ip6.arpa.") || + !add_as112_default(zones, cfg, buf, "b.e.f.ip6.arpa.")) { + log_err("out of memory adding default zone"); + return 0; + } + return 1; } /** setup parent pointers, so that a lookup can be done for closest match */ @@ -625,7 +708,7 @@ lz_setup_implicit(struct local_zones* zones, struct config_file* cfg) /* restart to setup other class */ return lz_setup_implicit(zones, cfg); } - return 0; + return 1; } /** enter auth data */ @@ -745,21 +828,27 @@ void local_zones_print(struct local_zones* zones) case local_zone_deny: log_nametypeclass(0, "deny zone", z->name, 0, z->dclass); + break; case local_zone_refuse: log_nametypeclass(0, "refuse zone", z->name, 0, z->dclass); + break; case local_zone_redirect: log_nametypeclass(0, "redirect zone", z->name, 0, z->dclass); + break; case local_zone_transparent: log_nametypeclass(0, "transparent zone", z->name, 0, z->dclass); + break; case local_zone_static: log_nametypeclass(0, "static zone", z->name, 0, z->dclass); + break; default: log_nametypeclass(0, "badtyped zone", z->name, 0, z->dclass); + break; } local_zone_out(z); }