From: Colin Vidal Date: Thu, 16 Oct 2025 12:11:37 +0000 (+0200) Subject: move default configuration to common bin/include folder X-Git-Tag: v9.21.15~22^2~15 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=72862c2abc0bc6e87de08918bf21a7fc8fc4b1f7;p=thirdparty%2Fbind9.git move default configuration to common bin/include folder Two programs need to be able to provide the effective configuration: named (through a future rndc command) and named-checkconf (though a future command line switch). In order to calculate the effective configuration from named-checkconf, the default configuration needs to be accessible. The default configuration has now been moved from bin/named/config.c into a common include directory for binaries: bin/include/defaultconfig.h. --- diff --git a/bin/include/defaultconfig.h b/bin/include/defaultconfig.h new file mode 100644 index 00000000000..8e247572607 --- /dev/null +++ b/bin/include/defaultconfig.h @@ -0,0 +1,336 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#pragma once + +/*! \file */ + +#include + +#include + +#define DEFAULT_IANA_ROOT_ZONE_PRIMARIES "_default_iana_root_zone_primaries" + +/*% default configuration */ +constexpr char common_named_defaultconf[] = "\ +options {\n\ + answer-cookie true;\n\ + automatic-interface-scan yes;\n\ +# blackhole {none;};\n\ + cookie-algorithm siphash24;\n\ +# directory \n\ + dnssec-policy \"none\";\n\ + dump-file \"named_dump.db\";\n\ + edns-udp-size 1232;\n" +#if defined(HAVE_GEOIP2) + "\ + geoip-directory \"" MAXMINDDB_PREFIX "/share/GeoIP\";\n" +#elif defined(HAVE_GEOIP2) + "\ + geoip-directory \".\";\n" +#endif /* if defined(HAVE_GEOIP2) */ + "\ + interface-interval 60m;\n\ + listen-on {any;};\n\ + listen-on-v6 {any;};\n\ + match-mapped-addresses no;\n\ + max-ixfr-ratio 100%;\n\ + max-rsa-exponent-size 0; /* no limit */\n\ + max-udp-size 1232;\n\ + memstatistics-file \"named.memstats\";\n\ + nocookie-udp-size 4096;\n\ + notify-rate 20;\n\ + nta-lifetime 3600;\n\ + nta-recheck 300;\n\ +# pid-file \"" NAMED_LOCALSTATEDIR "/run/named/named.pid\"; \n\ + port 53;\n" +#if HAVE_SO_REUSEPORT_LB + "\ + reuseport yes;\n" +#else + "\ + reuseport no;\n" +#endif + "\ + tls-port 853;\n" +#if HAVE_LIBNGHTTP2 + "\ + http-port 80;\n\ + https-port 443;\n\ + http-listener-clients 300;\n\ + http-streams-per-connection 100;\n" +#endif + "\ + prefetch 2 9;\n\ +# querylog ;\n\ + recursing-file \"named.recursing\";\n\ + recursive-clients 1000;\n\ + request-nsid false;\n\ + request-zoneversion false;\n\ + resolver-query-timeout 10;\n\ +# responselog ;\n\ + rrset-order { order cyclic; };\n\ + secroots-file \"named.secroots\";\n\ + send-cookie true;\n\ + serial-query-rate 20;\n\ + server-id none;\n\ + session-keyalg hmac-sha256;\n\ +# session-keyfile \"" NAMED_LOCALSTATEDIR "/run/named/session.key\";\n\ + session-keyname local-ddns;\n\ + startup-notify-rate 20;\n\ + sig0checks-quota 1;\n\ + sig0key-checks-limit 16;\n\ + sig0message-checks-limit 2;\n\ + statistics-file \"named.stats\";\n\ + tcp-advertised-timeout 300;\n\ + tcp-clients 150;\n\ + tcp-idle-timeout 300;\n\ + tcp-initial-timeout 300;\n\ + tcp-keepalive-timeout 300;\n\ + tcp-listen-queue 10;\n\ + tcp-primaries-timeout 150;\n\ + tcp-receive-buffer 0;\n\ + tcp-send-buffer 0;\n\ + transfer-message-size 20480;\n\ + transfers-in 10;\n\ + transfers-out 10;\n\ + transfers-per-ns 2;\n\ + trust-anchor-telemetry yes;\n\ + udp-receive-buffer 0;\n\ + udp-send-buffer 0;\n\ + update-quota 100;\n\ +\n\ + /* view */\n\ + allow-new-zones no;\n\ + allow-notify {none;};\n\ + allow-proxy {none;};\n\ + allow-proxy-on {any;};\n\ + allow-query-cache { localnets; localhost; };\n\ + allow-query-cache-on { any; };\n\ + allow-recursion { localnets; localhost; };\n\ + allow-recursion-on { any; };\n\ + allow-update-forwarding {none;};\n\ + auth-nxdomain false;\n\ + check-dup-records warn;\n\ + check-mx warn;\n\ + check-names primary fail;\n\ + check-names response ignore;\n\ + check-names secondary warn;\n\ + check-spf warn;\n\ + check-svcb yes;\n\ + clients-per-query 10;\n\ + dnssec-accept-expired no;\n\ + dnssec-validation " VALIDATION_DEFAULT "; \n" +#ifdef HAVE_DNSTAP + " dnstap-identity hostname;\n" +#endif /* ifdef HAVE_DNSTAP */ + "\ + fetch-quota-params 100 0.1 0.3 0.7;\n\ + fetches-per-server 0;\n\ + fetches-per-zone 0;\n\ + lame-ttl 0;\n" +#ifdef HAVE_LMDB + " lmdb-mapsize 32M;\n" +#endif /* ifdef HAVE_LMDB */ + " max-cache-size default;\n\ + max-cache-ttl 604800; /* 1 week */\n\ + max-clients-per-query 100;\n\ + max-ncache-ttl 10800; /* 3 hours */\n\ + max-recursion-depth 7;\n\ + max-recursion-queries 50;\n\ + max-query-count 200;\n\ + max-query-restarts 11;\n\ + max-stale-ttl 86400; /* 1 day */\n\ + message-compression yes;\n\ + min-ncache-ttl 0; /* 0 hours */\n\ + min-cache-ttl 0; /* 0 seconds */\n\ + minimal-any false;\n\ + minimal-responses no-auth-recursive;\n\ + notify-source *;\n\ + notify-source-v6 *;\n\ + nsec3-test-zone no;\n\ + parental-source *;\n\ + parental-source-v6 *;\n\ + provide-ixfr true;\n\ + response-padding { none; } block-size 0;\n\ + qname-minimization relaxed;\n\ + query-source address *;\n\ + query-source-v6 address *;\n\ + recursion true;\n\ + request-expire true;\n\ + request-ixfr true;\n\ + request-ixfr-max-diffs 0;\n\ + require-server-cookie no;\n\ + root-key-sentinel yes;\n\ + servfail-ttl 1;\n\ + stale-answer-client-timeout off;\n\ + stale-answer-enable false;\n\ + stale-answer-ttl 30; /* 30 seconds */\n\ + stale-cache-enable false;\n\ + stale-refresh-time 30; /* 30 seconds */\n\ + synth-from-dnssec yes;\n\ +# topology \n\ + transfer-format many-answers;\n\ + resolver-use-dns64 false;\n\ + v6-bias 50;\n\ + zero-no-soa-ttl-cache no;\n\ +\n\ + /* zone */\n\ + allow-query {any;};\n\ + allow-query-on {any;};\n\ + allow-transfer {none;};\n\ +# also-notify \n\ + check-integrity yes;\n\ + check-mx-cname warn;\n\ + check-sibling yes;\n\ + check-srv-cname warn;\n\ + check-wildcard yes;\n\ + dnssec-loadkeys-interval 60;\n\ +# forward \n\ +# forwarders \n\ +# inline-signing no;\n\ + ixfr-from-differences false;\n\ + max-journal-size default;\n\ + max-records 0;\n\ + max-records-per-type 100;\n\ + max-refresh-time 2419200; /* 4 weeks */\n\ + max-retry-time 1209600; /* 2 weeks */\n\ + max-types-per-name 100;\n\ + max-transfer-idle-in 60;\n\ + max-transfer-idle-out 60;\n\ + max-transfer-time-in 120;\n\ + max-transfer-time-out 120;\n\ + min-refresh-time 300;\n\ + min-retry-time 500;\n\ + min-transfer-rate-in 10240 5;\n\ + multi-master no;\n\ + notify yes;\n\ + notify-defer 0;\n\ + notify-delay 5;\n\ + notify-to-soa no;\n\ + provide-zoneversion yes;\n\ + send-report-channel .;\n\ + serial-update-method increment;\n\ + sig-signing-nodes 100;\n\ + sig-signing-signatures 10;\n\ + sig-signing-type 65534;\n\ + transfer-source *;\n\ + transfer-source-v6 *;\n\ + try-tcp-refresh yes; /* BIND 8 compat */\n\ + zero-no-soa-ttl yes;\n\ + zone-statistics terse;\n\ +};\n\ +" + + "#\n\ +# Zones in the \"_bind\" view are NOT counted in the count of zones.\n\ +#\n\ +view \"_bind\" chaos {\n\ + recursion no;\n\ + notify no;\n\ + allow-new-zones no;\n\ + max-cache-size 2M;\n\ + provide-zoneversion no;\n\ +\n\ + # Prevent use of this zone in DNS amplified reflection DoS attacks\n\ + rate-limit {\n\ + responses-per-second 3;\n\ + slip 0;\n\ + min-table-size 10;\n\ + };\n\ +\n\ + zone \"version.bind\" chaos {\n\ + type primary;\n\ + database \"_builtin version\";\n\ + };\n\ +\n\ + zone \"hostname.bind\" chaos {\n\ + type primary;\n\ + database \"_builtin hostname\";\n\ + };\n\ +\n\ + zone \"authors.bind\" chaos {\n\ + type primary;\n\ + database \"_builtin authors\";\n\ + };\n\ +\n\ + zone \"id.server\" chaos {\n\ + type primary;\n\ + database \"_builtin id\";\n\ + };\n\ +};\n\ +" + "#\n\ +# Built-in DNSSEC key and signing policies.\n\ +#\n\ +dnssec-policy \"default\" {\n\ + keys {\n\ + csk key-directory lifetime unlimited algorithm 13;\n\ + };\n\ +\n\ + cdnskey yes;\n\ + cds-digest-types { 2; };\n\ + dnskey-ttl " DNS_KASP_KEY_TTL ";\n\ + inline-signing yes;\n\ + manual-mode no;\n\ + offline-ksk no;\n\ + publish-safety " DNS_KASP_PUBLISH_SAFETY "; \n\ + retire-safety " DNS_KASP_RETIRE_SAFETY "; \n\ + purge-keys " DNS_KASP_PURGE_KEYS "; \n\ + signatures-jitter " DNS_KASP_SIG_JITTER "; \n\ + signatures-refresh " DNS_KASP_SIG_REFRESH "; \n\ + signatures-validity " DNS_KASP_SIG_VALIDITY "; \n\ + signatures-validity-dnskey " DNS_KASP_SIG_VALIDITY_DNSKEY "; \n\ + max-zone-ttl " DNS_KASP_ZONE_MAXTTL "; \n\ + zone-propagation-delay " DNS_KASP_ZONE_PROPDELAY "; \n\ + parent-ds-ttl " DNS_KASP_DS_TTL "; \n\ + parent-propagation-delay " DNS_KASP_PARENT_PROPDELAY "; \n\ +};\n\ +\n\ +dnssec-policy \"insecure\" {\n\ + max-zone-ttl 0; \n\ + keys { };\n\ + inline-signing yes;\n\ + manual-mode no;\n\ +};\n\ +\n\ +" + "#\n\ +# Default trusted key(s), used if \n\ +# \"dnssec-validation auto;\" is set and\n\ +# " NAMED_SYSCONFDIR "/bind.keys doesn't exist).\n\ +#\n\ +# BEGIN TRUST ANCHORS\n" + + /* Imported from bind.keys.h: */ + TRUST_ANCHORS + + "# END TRUST ANCHORS\n\ +\n\ +remote-servers " DEFAULT_IANA_ROOT_ZONE_PRIMARIES " {\n\ + 2801:1b8:10::b; # b.root-servers.net\n\ + 2001:500:2::c; # c.root-servers.net\n\ + 2001:500:2f::f; # f.root-servers.net\n\ + 2001:500:12::d0d; # g.root-servers.net\n\ + 2001:7fd::1; # k.root-servers.net\n\ + 2620:0:2830:202::132; # xfr.cjr.dns.icann.org\n\ + 2620:0:2d0:202::132; # xfr.lax.dns.icann.org\n\ + 170.247.170.2; # b.root-servers.net\n\ + 192.33.4.12; # c.root-servers.net\n\ + 192.5.5.241; # f.root-servers.net\n\ + 192.112.36.4; # g.root-servers.net\n\ + 193.0.14.129; # k.root-servers.net\n\ + 192.0.47.132; # xfr.cjr.dns.icann.org\n\ + 192.0.32.132; # xfr.lax.dns.icann.org\n\ +};\n\ +"; diff --git a/bin/named/config.c b/bin/named/config.c index daaaafc525c..3fd69eaf064 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -14,6 +14,7 @@ /*! \file */ #include +#include #include #include @@ -47,326 +48,13 @@ #include #include -/*% default configuration */ -static char defaultconf[] = "\ -options {\n\ - answer-cookie true;\n\ - automatic-interface-scan yes;\n\ -# blackhole {none;};\n\ - cookie-algorithm siphash24;\n\ -# directory \n\ - dnssec-policy \"none\";\n\ - dump-file \"named_dump.db\";\n\ - edns-udp-size 1232;\n" -#if defined(HAVE_GEOIP2) - "\ - geoip-directory \"" MAXMINDDB_PREFIX "/share/GeoIP\";\n" -#elif defined(HAVE_GEOIP2) - "\ - geoip-directory \".\";\n" -#endif /* if defined(HAVE_GEOIP2) */ - "\ - interface-interval 60m;\n\ - listen-on {any;};\n\ - listen-on-v6 {any;};\n\ - match-mapped-addresses no;\n\ - max-ixfr-ratio 100%;\n\ - max-rsa-exponent-size 0; /* no limit */\n\ - max-udp-size 1232;\n\ - memstatistics-file \"named.memstats\";\n\ - nocookie-udp-size 4096;\n\ - notify-rate 20;\n\ - nta-lifetime 3600;\n\ - nta-recheck 300;\n\ -# pid-file \"" NAMED_LOCALSTATEDIR "/run/named/named.pid\"; \n\ - port 53;\n" -#if HAVE_SO_REUSEPORT_LB - "\ - reuseport yes;\n" -#else - "\ - reuseport no;\n" -#endif - "\ - tls-port 853;\n" -#if HAVE_LIBNGHTTP2 - "\ - http-port 80;\n\ - https-port 443;\n\ - http-listener-clients 300;\n\ - http-streams-per-connection 100;\n" -#endif - "\ - prefetch 2 9;\n\ -# querylog ;\n\ - recursing-file \"named.recursing\";\n\ - recursive-clients 1000;\n\ - request-nsid false;\n\ - request-zoneversion false;\n\ - resolver-query-timeout 10;\n\ -# responselog ;\n\ - rrset-order { order cyclic; };\n\ - secroots-file \"named.secroots\";\n\ - send-cookie true;\n\ - serial-query-rate 20;\n\ - server-id none;\n\ - session-keyalg hmac-sha256;\n\ -# session-keyfile \"" NAMED_LOCALSTATEDIR "/run/named/session.key\";\n\ - session-keyname local-ddns;\n\ - startup-notify-rate 20;\n\ - sig0checks-quota 1;\n\ - sig0key-checks-limit 16;\n\ - sig0message-checks-limit 2;\n\ - statistics-file \"named.stats\";\n\ - tcp-advertised-timeout 300;\n\ - tcp-clients 150;\n\ - tcp-idle-timeout 300;\n\ - tcp-initial-timeout 300;\n\ - tcp-keepalive-timeout 300;\n\ - tcp-listen-queue 10;\n\ - tcp-primaries-timeout 150;\n\ - tcp-receive-buffer 0;\n\ - tcp-send-buffer 0;\n\ - transfer-message-size 20480;\n\ - transfers-in 10;\n\ - transfers-out 10;\n\ - transfers-per-ns 2;\n\ - trust-anchor-telemetry yes;\n\ - udp-receive-buffer 0;\n\ - udp-send-buffer 0;\n\ - update-quota 100;\n\ -\n\ - /* view */\n\ - allow-new-zones no;\n\ - allow-notify {none;};\n\ - allow-proxy {none;};\n\ - allow-proxy-on {any;};\n\ - allow-query-cache { localnets; localhost; };\n\ - allow-query-cache-on { any; };\n\ - allow-recursion { localnets; localhost; };\n\ - allow-recursion-on { any; };\n\ - allow-update-forwarding {none;};\n\ - auth-nxdomain false;\n\ - check-dup-records warn;\n\ - check-mx warn;\n\ - check-names primary fail;\n\ - check-names response ignore;\n\ - check-names secondary warn;\n\ - check-spf warn;\n\ - check-svcb yes;\n\ - clients-per-query 10;\n\ - dnssec-accept-expired no;\n\ - dnssec-validation " VALIDATION_DEFAULT "; \n" -#ifdef HAVE_DNSTAP - " dnstap-identity hostname;\n" -#endif /* ifdef HAVE_DNSTAP */ - "\ - fetch-quota-params 100 0.1 0.3 0.7;\n\ - fetches-per-server 0;\n\ - fetches-per-zone 0;\n\ - lame-ttl 0;\n" -#ifdef HAVE_LMDB - " lmdb-mapsize 32M;\n" -#endif /* ifdef HAVE_LMDB */ - " max-cache-size default;\n\ - max-cache-ttl 604800; /* 1 week */\n\ - max-clients-per-query 100;\n\ - max-ncache-ttl 10800; /* 3 hours */\n\ - max-recursion-depth 7;\n\ - max-recursion-queries 50;\n\ - max-query-count 200;\n\ - max-query-restarts 11;\n\ - max-stale-ttl 86400; /* 1 day */\n\ - message-compression yes;\n\ - min-ncache-ttl 0; /* 0 hours */\n\ - min-cache-ttl 0; /* 0 seconds */\n\ - minimal-any false;\n\ - minimal-responses no-auth-recursive;\n\ - notify-source *;\n\ - notify-source-v6 *;\n\ - nsec3-test-zone no;\n\ - parental-source *;\n\ - parental-source-v6 *;\n\ - provide-ixfr true;\n\ - response-padding { none; } block-size 0;\n\ - qname-minimization relaxed;\n\ - query-source address *;\n\ - query-source-v6 address *;\n\ - recursion true;\n\ - request-expire true;\n\ - request-ixfr true;\n\ - request-ixfr-max-diffs 0;\n\ - require-server-cookie no;\n\ - root-key-sentinel yes;\n\ - servfail-ttl 1;\n\ - stale-answer-client-timeout off;\n\ - stale-answer-enable false;\n\ - stale-answer-ttl 30; /* 30 seconds */\n\ - stale-cache-enable false;\n\ - stale-refresh-time 30; /* 30 seconds */\n\ - synth-from-dnssec yes;\n\ -# topology \n\ - transfer-format many-answers;\n\ - resolver-use-dns64 false;\n\ - v6-bias 50;\n\ - zero-no-soa-ttl-cache no;\n\ -\n\ - /* zone */\n\ - allow-query {any;};\n\ - allow-query-on {any;};\n\ - allow-transfer {none;};\n\ -# also-notify \n\ - check-integrity yes;\n\ - check-mx-cname warn;\n\ - check-sibling yes;\n\ - check-srv-cname warn;\n\ - check-wildcard yes;\n\ - dnssec-loadkeys-interval 60;\n\ -# forward \n\ -# forwarders \n\ -# inline-signing no;\n\ - ixfr-from-differences false;\n\ - max-journal-size default;\n\ - max-records 0;\n\ - max-records-per-type 100;\n\ - max-refresh-time 2419200; /* 4 weeks */\n\ - max-retry-time 1209600; /* 2 weeks */\n\ - max-types-per-name 100;\n\ - max-transfer-idle-in 60;\n\ - max-transfer-idle-out 60;\n\ - max-transfer-time-in 120;\n\ - max-transfer-time-out 120;\n\ - min-refresh-time 300;\n\ - min-retry-time 500;\n\ - min-transfer-rate-in 10240 5;\n\ - multi-master no;\n\ - notify yes;\n\ - notify-defer 0;\n\ - notify-delay 5;\n\ - notify-to-soa no;\n\ - provide-zoneversion yes;\n\ - send-report-channel .;\n\ - serial-update-method increment;\n\ - sig-signing-nodes 100;\n\ - sig-signing-signatures 10;\n\ - sig-signing-type 65534;\n\ - transfer-source *;\n\ - transfer-source-v6 *;\n\ - try-tcp-refresh yes; /* BIND 8 compat */\n\ - zero-no-soa-ttl yes;\n\ - zone-statistics terse;\n\ -};\n\ -" - - "#\n\ -# Zones in the \"_bind\" view are NOT counted in the count of zones.\n\ -#\n\ -view \"_bind\" chaos {\n\ - recursion no;\n\ - notify no;\n\ - allow-new-zones no;\n\ - max-cache-size 2M;\n\ - provide-zoneversion no;\n\ -\n\ - # Prevent use of this zone in DNS amplified reflection DoS attacks\n\ - rate-limit {\n\ - responses-per-second 3;\n\ - slip 0;\n\ - min-table-size 10;\n\ - };\n\ -\n\ - zone \"version.bind\" chaos {\n\ - type primary;\n\ - database \"_builtin version\";\n\ - };\n\ -\n\ - zone \"hostname.bind\" chaos {\n\ - type primary;\n\ - database \"_builtin hostname\";\n\ - };\n\ -\n\ - zone \"authors.bind\" chaos {\n\ - type primary;\n\ - database \"_builtin authors\";\n\ - };\n\ -\n\ - zone \"id.server\" chaos {\n\ - type primary;\n\ - database \"_builtin id\";\n\ - };\n\ -};\n\ -" - "#\n\ -# Built-in DNSSEC key and signing policies.\n\ -#\n\ -dnssec-policy \"default\" {\n\ - keys {\n\ - csk key-directory lifetime unlimited algorithm 13;\n\ - };\n\ -\n\ - cdnskey yes;\n\ - cds-digest-types { 2; };\n\ - dnskey-ttl " DNS_KASP_KEY_TTL ";\n\ - inline-signing yes;\n\ - manual-mode no;\n\ - offline-ksk no;\n\ - publish-safety " DNS_KASP_PUBLISH_SAFETY "; \n\ - retire-safety " DNS_KASP_RETIRE_SAFETY "; \n\ - purge-keys " DNS_KASP_PURGE_KEYS "; \n\ - signatures-jitter " DNS_KASP_SIG_JITTER "; \n\ - signatures-refresh " DNS_KASP_SIG_REFRESH "; \n\ - signatures-validity " DNS_KASP_SIG_VALIDITY "; \n\ - signatures-validity-dnskey " DNS_KASP_SIG_VALIDITY_DNSKEY "; \n\ - max-zone-ttl " DNS_KASP_ZONE_MAXTTL "; \n\ - zone-propagation-delay " DNS_KASP_ZONE_PROPDELAY "; \n\ - parent-ds-ttl " DNS_KASP_DS_TTL "; \n\ - parent-propagation-delay " DNS_KASP_PARENT_PROPDELAY "; \n\ -};\n\ -\n\ -dnssec-policy \"insecure\" {\n\ - max-zone-ttl 0; \n\ - keys { };\n\ - inline-signing yes;\n\ - manual-mode no;\n\ -};\n\ -\n\ -" - "#\n\ -# Default trusted key(s), used if \n\ -# \"dnssec-validation auto;\" is set and\n\ -# " NAMED_SYSCONFDIR "/bind.keys doesn't exist).\n\ -#\n\ -# BEGIN TRUST ANCHORS\n" - - /* Imported from bind.keys.h: */ - TRUST_ANCHORS - - "# END TRUST ANCHORS\n\ -\n\ -remote-servers " DEFAULT_IANA_ROOT_ZONE_PRIMARIES " {\n\ - 2801:1b8:10::b; # b.root-servers.net\n\ - 2001:500:2::c; # c.root-servers.net\n\ - 2001:500:2f::f; # f.root-servers.net\n\ - 2001:500:12::d0d; # g.root-servers.net\n\ - 2001:7fd::1; # k.root-servers.net\n\ - 2620:0:2830:202::132; # xfr.cjr.dns.icann.org\n\ - 2620:0:2d0:202::132; # xfr.lax.dns.icann.org\n\ - 170.247.170.2; # b.root-servers.net\n\ - 192.33.4.12; # c.root-servers.net\n\ - 192.5.5.241; # f.root-servers.net\n\ - 192.112.36.4; # g.root-servers.net\n\ - 193.0.14.129; # k.root-servers.net\n\ - 192.0.47.132; # xfr.cjr.dns.icann.org\n\ - 192.0.32.132; # xfr.lax.dns.icann.org\n\ -};\n\ -"; - isc_result_t named_config_parsedefaults(cfg_obj_t **conf) { isc_buffer_t b; - isc_buffer_init(&b, defaultconf, sizeof(defaultconf) - 1); - isc_buffer_add(&b, sizeof(defaultconf) - 1); + isc_buffer_constinit(&b, common_named_defaultconf, + sizeof(common_named_defaultconf) - 1); + isc_buffer_add(&b, sizeof(common_named_defaultconf) - 1); return cfg_parse_buffer(isc_g_mctx, &b, __FILE__, 0, &cfg_type_namedconf, CFG_PCTX_NODEPRECATED | CFG_PCTX_NOOBSOLETE | @@ -414,11 +102,6 @@ out: return result; } -const char * -named_config_getdefault(void) { - return defaultconf; -} - isc_result_t named_config_get(cfg_obj_t const *const *maps, const char *name, const cfg_obj_t **obj) { diff --git a/bin/named/include/named/config.h b/bin/named/include/named/config.h index 3de19d73f84..4a9415df5a9 100644 --- a/bin/named/include/named/config.h +++ b/bin/named/include/named/config.h @@ -22,17 +22,12 @@ #include -#define DEFAULT_IANA_ROOT_ZONE_PRIMARIES "_default_iana_root_zone_primaries" - isc_result_t named_config_parsedefaults(cfg_obj_t **conf); isc_result_t named_config_parsefile(cfg_obj_t **conf); -const char * -named_config_getdefault(void); - isc_result_t named_config_get(cfg_obj_t const *const *maps, const char *name, const cfg_obj_t **obj); diff --git a/bin/named/main.c b/bin/named/main.c index 5f171385c8e..033ea994d61 100644 --- a/bin/named/main.c +++ b/bin/named/main.c @@ -24,6 +24,8 @@ #include #endif +#include + #include #include #include @@ -832,7 +834,7 @@ parse_command_line(int argc, char *argv[]) { case 'C': printf("# Built-in default values. " "This is NOT the run-time configuration!\n"); - printf("%s", named_config_getdefault()); + printf("%s", common_named_defaultconf); exit(EXIT_SUCCESS); case 'd': named_g_debuglevel = parse_int(isc_commandline_argument, diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c index ae82d76feb8..f1eb90b0d4a 100644 --- a/bin/named/zoneconf.c +++ b/bin/named/zoneconf.c @@ -11,6 +11,7 @@ * information regarding copyright ownership. */ +#include #include #include diff --git a/meson.build b/meson.build index c8c7832164f..d618d074763 100644 --- a/meson.build +++ b/meson.build @@ -1001,6 +1001,9 @@ isccc_inc = include_directories('lib' / 'isccc' / 'include') isccfg_inc = include_directories('lib' / 'isccfg' / 'include') ns_inc = include_directories('lib' / 'ns' / 'include') +# Headers common to several binaries +bin_inc = include_directories('bin' / 'include') + dns_inc_p = [] isc_inc_p = [] @@ -1422,7 +1425,8 @@ executable( 'named-checkconf', named_checkconf_src, export_dynamic: true, - implicit_include_directories: false, + implicit_include_directories: true, + include_directories: [bin_inc], install: true, dependencies: [ libisc_dep, @@ -1548,7 +1552,7 @@ executable( link_args: static_lto_link_args, export_dynamic: true, implicit_include_directories: true, - include_directories: named_inc, + include_directories: [named_inc, bin_inc], install: true, install_dir: sbindir, sources: bind_keys,