From: Pieter Lexis Date: Tue, 21 Aug 2018 09:40:40 +0000 (+0200) Subject: Remove out-of-zone-additional-processing X-Git-Tag: auth-4.2.0-alpha1~25^2~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=75676790cfc66e381c17e7625f3b482718ec1c58;p=thirdparty%2Fpdns.git Remove out-of-zone-additional-processing Closes #6461 --- diff --git a/docs/appendices/FAQ.rst b/docs/appendices/FAQ.rst index 6abf0ac6df..cc2c4b21c5 100644 --- a/docs/appendices/FAQ.rst +++ b/docs/appendices/FAQ.rst @@ -37,12 +37,8 @@ Operational The ADDITIONAL is section different than BIND's answer, why? ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -My server is not answering with a verbose "ADDITIONAL SECTION" that includes A records for the namservers of the domain queried -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The PowerDNS Authoritative Server by default does not 'trust' other zones in its own database. -You may want to add :ref:`setting-out-of-zone-additional-processing` to ``yes`` in your configuration to tell it to do so. -If the domain your nameservers are in are known to the backend they will now be included in the additional section. PowerDNS does not give authoritative answers, how come? ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/docs/settings.rst b/docs/settings.rst index 0c6e3c8560..441cd33681 100644 --- a/docs/settings.rst +++ b/docs/settings.rst @@ -1107,6 +1107,9 @@ To notify all IP addresses apart from the 192.168.0.0/24 subnet use the followin ``out-of-zone-additional-processing`` ------------------------------------- +.. versionchanged:: 4.2.0 + This setting has been removed. + - Boolean - Default: yes diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc index 3cdfd32b7e..cd75fd223a 100644 --- a/pdns/common_startup.cc +++ b/pdns/common_startup.cc @@ -150,7 +150,6 @@ void declareArguments() ::arg().set("webserver-password","Password required for accessing the webserver")=""; ::arg().set("webserver-allow-from","Webserver/API access is only allowed from these subnets")="127.0.0.1,::1"; - ::arg().setSwitch("out-of-zone-additional-processing","Do out of zone additional processing")="yes"; ::arg().setSwitch("do-ipv6-additional-processing", "Do AAAA additional processing")="yes"; ::arg().setSwitch("query-logging","Hint backends that queries should be logged")="no"; diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc index 415e283430..48a0784f54 100644 --- a/pdns/packethandler.cc +++ b/pdns/packethandler.cc @@ -457,18 +457,17 @@ int PacketHandler::doAdditionalProcessingAndDropAA(DNSPacket *p, DNSPacket *r, c lookup = getRR(i->dr)->getNS(); else continue; + B.lookup(QType(d_doIPv6AdditionalProcessing ? QType::ANY : QType::A), lookup, p); while(B.get(rr)) { if(rr.dr.d_type != QType::A && rr.dr.d_type!=QType::AAAA) continue; - if(rr.domain_id!=i->domain_id && ::arg()["out-of-zone-additional-processing"]=="no") { - DLOG(g_log<dr.d_name<<" ("<domain_id || !rr.dr.d_name.isPartOf(soadata.qname)) { + // FIXME we might still pass on the record if it is occluded and the + // backend does not report a different ID continue; // not adding out-of-zone additional data } - - if(rr.auth && !rr.dr.d_name.isPartOf(soadata.qname)) // don't sign out of zone data using the main key - rr.auth=false; rr.dr.d_place=DNSResourceRecord::ADDITIONAL; toAdd.push_back(rr); }