From 1b44c9393eddea3f5f467a6fe15131f318f4e0c3 Mon Sep 17 00:00:00 2001 From: Wouter Wijngaards Date: Tue, 9 Dec 2014 11:29:17 +0000 Subject: [PATCH] - local-zone: example.com inform makes unbound log a message with client IP for queries in that zone. Eg. for finding infected hosts. git-svn-id: file:///svn/unbound/trunk@3292 be551aaa-1e26-0410-a405-d3ace91eadb9 --- daemon/worker.c | 2 +- doc/Changelog | 2 + doc/example.conf.in | 1 + doc/unbound.conf.5.in | 9 +++- libunbound/libworker.c | 6 +-- services/localzone.c | 29 +++++++++++- services/localzone.h | 9 +++- util/configparser.c | 103 +++++++++++++++++++++-------------------- util/configparser.y | 5 +- 9 files changed, 105 insertions(+), 61 deletions(-) diff --git a/daemon/worker.c b/daemon/worker.c index 59ae9dfce..5edc21dd4 100644 --- a/daemon/worker.c +++ b/daemon/worker.c @@ -900,7 +900,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error, goto send_reply; } if(local_zones_answer(worker->daemon->local_zones, &qinfo, &edns, - c->buffer, worker->scratchpad)) { + c->buffer, worker->scratchpad, repinfo)) { regional_free_all(worker->scratchpad); if(sldns_buffer_limit(c->buffer) == 0) { comm_point_drop_reply(repinfo); diff --git a/doc/Changelog b/doc/Changelog index 0100dd55a..3a72bcf80 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,6 +1,8 @@ 9 December 2014: Wouter - svn trunk has 1.5.2 in development. - config.guess and config.sub update from libtoolize. + - local-zone: example.com inform makes unbound log a message with + client IP for queries in that zone. Eg. for finding infected hosts. 8 December 2014: Wouter - Fix CVE-2014-8602: denial of service by making resolver chase diff --git a/doc/example.conf.in b/doc/example.conf.in index 03f6184a4..e4a01d634 100644 --- a/doc/example.conf.in +++ b/doc/example.conf.in @@ -497,6 +497,7 @@ server: # o redirect serves the zone data for any subdomain in the zone. # o nodefault can be used to normally resolve AS112 zones. # o typetransparent resolves normally for other types and other names + # o inform resolves normally, but logs client IP address # # defaults are localhost address, reverse for 127.0.0.1 and ::1 # and nxdomain for AS112 zones. If you configure one of these zones diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index 67ff89b0c..36503815a 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -791,7 +791,7 @@ data leakage about the local network to the upstream DNS servers. .B local\-zone: \fI Configure a local zone. The type determines the answer to give if there is no match from local\-data. The types are deny, refuse, static, -transparent, redirect, nodefault, typetransparent, and are explained +transparent, redirect, nodefault, typetransparent, inform, and are explained below. After that the default settings are listed. Use local\-data: to enter data into the local zone. Answers for local zones are authoritative DNS answers. By default the zones are class IN. @@ -841,6 +841,13 @@ local\-data: "example.com. A 127.0.0.1" queries for www.example.com and www.foo.example.com are redirected, so that users with web browsers cannot access sites with suffix example.com. .TP 10 +\h'5'\fIinform\fR +The query is answered normally. The client IP address (@portnumber) +is printed to the logfile. The log message is: timestamp, unbound-pid, +info: zonename inform IP@port queryname type class. This option can be +used for normal resolution, but machines looking up infected names are +logged, eg. to run antivirus on them. +.TP 10 \h'5'\fInodefault\fR Used to turn off default contents for AS112 zones. The other types also turn off default contents for the zone. The 'nodefault' option diff --git a/libunbound/libworker.c b/libunbound/libworker.c index e388e7956..c72b586ab 100644 --- a/libunbound/libworker.c +++ b/libunbound/libworker.c @@ -606,7 +606,7 @@ int libworker_fg(struct ub_ctx* ctx, struct ctx_query* q) sldns_buffer_write_u16_at(w->back->udp_buff, 0, qid); sldns_buffer_write_u16_at(w->back->udp_buff, 2, qflags); if(local_zones_answer(ctx->local_zones, &qinfo, &edns, - w->back->udp_buff, w->env->scratch)) { + w->back->udp_buff, w->env->scratch, NULL)) { regional_free_all(w->env->scratch); libworker_fillup_fg(q, LDNS_RCODE_NOERROR, w->back->udp_buff, sec_status_insecure, NULL); @@ -676,7 +676,7 @@ int libworker_attach_mesh(struct ub_ctx* ctx, struct ctx_query* q, sldns_buffer_write_u16_at(w->back->udp_buff, 0, qid); sldns_buffer_write_u16_at(w->back->udp_buff, 2, qflags); if(local_zones_answer(ctx->local_zones, &qinfo, &edns, - w->back->udp_buff, w->env->scratch)) { + w->back->udp_buff, w->env->scratch, NULL)) { regional_free_all(w->env->scratch); free(qinfo.qname); libworker_event_done_cb(q, LDNS_RCODE_NOERROR, @@ -796,7 +796,7 @@ handle_newq(struct libworker* w, uint8_t* buf, uint32_t len) sldns_buffer_write_u16_at(w->back->udp_buff, 0, qid); sldns_buffer_write_u16_at(w->back->udp_buff, 2, qflags); if(local_zones_answer(w->ctx->local_zones, &qinfo, &edns, - w->back->udp_buff, w->env->scratch)) { + w->back->udp_buff, w->env->scratch, NULL)) { regional_free_all(w->env->scratch); q->msg_security = sec_status_insecure; add_bg_result(w, q, w->back->udp_buff, UB_NOERROR, NULL); diff --git a/services/localzone.c b/services/localzone.c index d285a127c..57510bd27 100644 --- a/services/localzone.c +++ b/services/localzone.c @@ -48,6 +48,7 @@ #include "util/data/packed_rrset.h" #include "util/data/msgencode.h" #include "util/net_help.h" +#include "util/netevent.h" #include "util/data/msgreply.h" #include "util/data/msgparse.h" @@ -1022,6 +1023,10 @@ void local_zones_print(struct local_zones* zones) log_nametypeclass(0, "static zone", z->name, 0, z->dclass); break; + case local_zone_inform: + log_nametypeclass(0, "inform zone", + z->name, 0, z->dclass); + break; default: log_nametypeclass(0, "badtyped zone", z->name, 0, z->dclass); @@ -1169,9 +1174,25 @@ lz_zone_answer(struct local_zone* z, struct query_info* qinfo, return 0; } +/** print log information for an inform zone query */ +static void +lz_inform_print(struct local_zone* z, struct query_info* qinfo, + struct comm_reply* repinfo) +{ + char ip[128], txt[512]; + char zname[LDNS_MAX_DOMAINLEN+1]; + uint16_t port = ntohs(((struct sockaddr_in*)&repinfo->addr)->sin_port); + dname_str(z->name, zname); + addr_to_str(&repinfo->addr, repinfo->addrlen, ip, sizeof(ip)); + snprintf(txt, sizeof(txt), "%s inform %s@%u", zname, ip, + (unsigned)port); + log_nametypeclass(0, txt, qinfo->qname, qinfo->qtype, qinfo->qclass); +} + int local_zones_answer(struct local_zones* zones, struct query_info* qinfo, - struct edns_data* edns, sldns_buffer* buf, struct regional* temp) + struct edns_data* edns, sldns_buffer* buf, struct regional* temp, + struct comm_reply* repinfo) { /* see if query is covered by a zone, * if so: - try to match (exact) local data @@ -1190,6 +1211,9 @@ local_zones_answer(struct local_zones* zones, struct query_info* qinfo, lock_rw_rdlock(&z->lock); lock_rw_unlock(&zones->lock); + if(z->type == local_zone_inform && repinfo) + lz_inform_print(z, qinfo, repinfo); + if(local_data_answer(z, qinfo, edns, buf, temp, labs, &ld)) { lock_rw_unlock(&z->lock); return 1; @@ -1209,6 +1233,7 @@ const char* local_zone_type2str(enum localzone_type t) case local_zone_typetransparent: return "typetransparent"; case local_zone_static: return "static"; case local_zone_nodefault: return "nodefault"; + case local_zone_inform: return "inform"; } return "badtyped"; } @@ -1227,6 +1252,8 @@ int local_zone_str2type(const char* type, enum localzone_type* t) *t = local_zone_typetransparent; else if(strcmp(type, "redirect") == 0) *t = local_zone_redirect; + else if(strcmp(type, "inform") == 0) + *t = local_zone_inform; else return 0; return 1; } diff --git a/services/localzone.h b/services/localzone.h index 788fbfb3b..29ba8663f 100644 --- a/services/localzone.h +++ b/services/localzone.h @@ -49,6 +49,7 @@ struct config_file; struct edns_data; struct query_info; struct sldns_buffer; +struct comm_reply; /** * Local zone type @@ -70,7 +71,9 @@ enum localzone_type { local_zone_redirect, /** remove default AS112 blocking contents for zone * nodefault is used in config not during service. */ - local_zone_nodefault + local_zone_nodefault, + /** log client address, but no block (transparent) */ + local_zone_inform }; /** @@ -220,12 +223,14 @@ void local_zones_print(struct local_zones* zones); * @param edns: edns info (parsed). * @param buf: buffer with query ID and flags, also for reply. * @param temp: temporary storage region. + * @param repinfo: source address for checks. may be NULL. * @return true if answer is in buffer. false if query is not answered * by authority data. If the reply should be dropped altogether, the return * value is true, but the buffer is cleared (empty). */ int local_zones_answer(struct local_zones* zones, struct query_info* qinfo, - struct edns_data* edns, struct sldns_buffer* buf, struct regional* temp); + struct edns_data* edns, struct sldns_buffer* buf, struct regional* temp, + struct comm_reply* repinfo); /** * Parse the string into localzone type. diff --git a/util/configparser.c b/util/configparser.c index 6285e3f6f..dec876ae3 100644 --- a/util/configparser.c +++ b/util/configparser.c @@ -887,14 +887,14 @@ static const yytype_uint16 yyrline[] = 732, 740, 749, 757, 770, 777, 787, 797, 807, 817, 827, 837, 847, 854, 861, 870, 879, 888, 895, 905, 922, 929, 947, 960, 973, 982, 991, 1000, 1010, 1020, - 1029, 1038, 1045, 1054, 1063, 1072, 1080, 1093, 1101, 1123, - 1130, 1145, 1155, 1165, 1172, 1179, 1188, 1198, 1205, 1212, - 1221, 1231, 1241, 1248, 1255, 1264, 1269, 1270, 1271, 1271, - 1271, 1272, 1272, 1272, 1273, 1275, 1285, 1294, 1301, 1308, - 1315, 1322, 1329, 1334, 1335, 1336, 1336, 1337, 1337, 1338, - 1338, 1339, 1340, 1341, 1342, 1343, 1344, 1346, 1354, 1361, - 1369, 1377, 1384, 1391, 1400, 1409, 1418, 1427, 1436, 1445, - 1450, 1451, 1452, 1454 + 1029, 1038, 1045, 1054, 1063, 1072, 1080, 1093, 1101, 1124, + 1131, 1146, 1156, 1166, 1173, 1180, 1189, 1199, 1206, 1213, + 1222, 1232, 1242, 1249, 1256, 1265, 1270, 1271, 1272, 1272, + 1272, 1273, 1273, 1273, 1274, 1276, 1286, 1295, 1302, 1309, + 1316, 1323, 1330, 1335, 1336, 1337, 1337, 1338, 1338, 1339, + 1339, 1340, 1341, 1342, 1343, 1344, 1345, 1347, 1355, 1362, + 1370, 1378, 1385, 1392, 1401, 1410, 1419, 1428, 1437, 1446, + 1451, 1452, 1453, 1455 }; #endif @@ -3397,10 +3397,11 @@ yyreduce: if(strcmp((yyvsp[(3) - (3)].str), "static")!=0 && strcmp((yyvsp[(3) - (3)].str), "deny")!=0 && strcmp((yyvsp[(3) - (3)].str), "refuse")!=0 && strcmp((yyvsp[(3) - (3)].str), "redirect")!=0 && strcmp((yyvsp[(3) - (3)].str), "transparent")!=0 && strcmp((yyvsp[(3) - (3)].str), "nodefault")!=0 - && strcmp((yyvsp[(3) - (3)].str), "typetransparent")!=0) + && strcmp((yyvsp[(3) - (3)].str), "typetransparent")!=0 && + strcmp((yyvsp[(3) - (3)].str), "inform")!=0) yyerror("local-zone type: expected static, deny, " "refuse, redirect, transparent, " - "typetransparent or nodefault"); + "typetransparent, inform or nodefault"); else if(strcmp((yyvsp[(3) - (3)].str), "nodefault")==0) { if(!cfg_strlist_insert(&cfg_parser->cfg-> local_zones_nodefault, (yyvsp[(2) - (3)].str))) @@ -3416,7 +3417,7 @@ yyreduce: case 229: /* Line 1792 of yacc.c */ -#line 1124 "./util/configparser.y" +#line 1125 "./util/configparser.y" { OUTYY(("P(server_local_data:%s)\n", (yyvsp[(2) - (2)].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, (yyvsp[(2) - (2)].str))) @@ -3426,7 +3427,7 @@ yyreduce: case 230: /* Line 1792 of yacc.c */ -#line 1131 "./util/configparser.y" +#line 1132 "./util/configparser.y" { char* ptr; OUTYY(("P(server_local_data_ptr:%s)\n", (yyvsp[(2) - (2)].str))); @@ -3444,7 +3445,7 @@ yyreduce: case 231: /* Line 1792 of yacc.c */ -#line 1146 "./util/configparser.y" +#line 1147 "./util/configparser.y" { OUTYY(("P(server_minimal_responses:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -3457,7 +3458,7 @@ yyreduce: case 232: /* Line 1792 of yacc.c */ -#line 1156 "./util/configparser.y" +#line 1157 "./util/configparser.y" { OUTYY(("P(server_rrset_roundrobin:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -3470,7 +3471,7 @@ yyreduce: case 233: /* Line 1792 of yacc.c */ -#line 1166 "./util/configparser.y" +#line 1167 "./util/configparser.y" { OUTYY(("P(server_max_udp_size:%s)\n", (yyvsp[(2) - (2)].str))); cfg_parser->cfg->max_udp_size = atoi((yyvsp[(2) - (2)].str)); @@ -3480,7 +3481,7 @@ yyreduce: case 234: /* Line 1792 of yacc.c */ -#line 1173 "./util/configparser.y" +#line 1174 "./util/configparser.y" { OUTYY(("P(dns64_prefix:%s)\n", (yyvsp[(2) - (2)].str))); free(cfg_parser->cfg->dns64_prefix); @@ -3490,7 +3491,7 @@ yyreduce: case 235: /* Line 1792 of yacc.c */ -#line 1180 "./util/configparser.y" +#line 1181 "./util/configparser.y" { OUTYY(("P(server_dns64_synthall:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -3502,7 +3503,7 @@ yyreduce: case 236: /* Line 1792 of yacc.c */ -#line 1189 "./util/configparser.y" +#line 1190 "./util/configparser.y" { OUTYY(("P(name:%s)\n", (yyvsp[(2) - (2)].str))); if(cfg_parser->cfg->stubs->name) @@ -3515,7 +3516,7 @@ yyreduce: case 237: /* Line 1792 of yacc.c */ -#line 1199 "./util/configparser.y" +#line 1200 "./util/configparser.y" { OUTYY(("P(stub-host:%s)\n", (yyvsp[(2) - (2)].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, (yyvsp[(2) - (2)].str))) @@ -3525,7 +3526,7 @@ yyreduce: case 238: /* Line 1792 of yacc.c */ -#line 1206 "./util/configparser.y" +#line 1207 "./util/configparser.y" { OUTYY(("P(stub-addr:%s)\n", (yyvsp[(2) - (2)].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, (yyvsp[(2) - (2)].str))) @@ -3535,7 +3536,7 @@ yyreduce: case 239: /* Line 1792 of yacc.c */ -#line 1213 "./util/configparser.y" +#line 1214 "./util/configparser.y" { OUTYY(("P(stub-first:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -3547,7 +3548,7 @@ yyreduce: case 240: /* Line 1792 of yacc.c */ -#line 1222 "./util/configparser.y" +#line 1223 "./util/configparser.y" { OUTYY(("P(stub-prime:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -3560,7 +3561,7 @@ yyreduce: case 241: /* Line 1792 of yacc.c */ -#line 1232 "./util/configparser.y" +#line 1233 "./util/configparser.y" { OUTYY(("P(name:%s)\n", (yyvsp[(2) - (2)].str))); if(cfg_parser->cfg->forwards->name) @@ -3573,7 +3574,7 @@ yyreduce: case 242: /* Line 1792 of yacc.c */ -#line 1242 "./util/configparser.y" +#line 1243 "./util/configparser.y" { OUTYY(("P(forward-host:%s)\n", (yyvsp[(2) - (2)].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, (yyvsp[(2) - (2)].str))) @@ -3583,7 +3584,7 @@ yyreduce: case 243: /* Line 1792 of yacc.c */ -#line 1249 "./util/configparser.y" +#line 1250 "./util/configparser.y" { OUTYY(("P(forward-addr:%s)\n", (yyvsp[(2) - (2)].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, (yyvsp[(2) - (2)].str))) @@ -3593,7 +3594,7 @@ yyreduce: case 244: /* Line 1792 of yacc.c */ -#line 1256 "./util/configparser.y" +#line 1257 "./util/configparser.y" { OUTYY(("P(forward-first:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -3605,7 +3606,7 @@ yyreduce: case 245: /* Line 1792 of yacc.c */ -#line 1265 "./util/configparser.y" +#line 1266 "./util/configparser.y" { OUTYY(("\nP(remote-control:)\n")); } @@ -3613,7 +3614,7 @@ yyreduce: case 255: /* Line 1792 of yacc.c */ -#line 1276 "./util/configparser.y" +#line 1277 "./util/configparser.y" { OUTYY(("P(control_enable:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -3626,7 +3627,7 @@ yyreduce: case 256: /* Line 1792 of yacc.c */ -#line 1286 "./util/configparser.y" +#line 1287 "./util/configparser.y" { OUTYY(("P(control_port:%s)\n", (yyvsp[(2) - (2)].str))); if(atoi((yyvsp[(2) - (2)].str)) == 0) @@ -3638,7 +3639,7 @@ yyreduce: case 257: /* Line 1792 of yacc.c */ -#line 1295 "./util/configparser.y" +#line 1296 "./util/configparser.y" { OUTYY(("P(control_interface:%s)\n", (yyvsp[(2) - (2)].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->control_ifs, (yyvsp[(2) - (2)].str))) @@ -3648,7 +3649,7 @@ yyreduce: case 258: /* Line 1792 of yacc.c */ -#line 1302 "./util/configparser.y" +#line 1303 "./util/configparser.y" { OUTYY(("P(rc_server_key_file:%s)\n", (yyvsp[(2) - (2)].str))); free(cfg_parser->cfg->server_key_file); @@ -3658,7 +3659,7 @@ yyreduce: case 259: /* Line 1792 of yacc.c */ -#line 1309 "./util/configparser.y" +#line 1310 "./util/configparser.y" { OUTYY(("P(rc_server_cert_file:%s)\n", (yyvsp[(2) - (2)].str))); free(cfg_parser->cfg->server_cert_file); @@ -3668,7 +3669,7 @@ yyreduce: case 260: /* Line 1792 of yacc.c */ -#line 1316 "./util/configparser.y" +#line 1317 "./util/configparser.y" { OUTYY(("P(rc_control_key_file:%s)\n", (yyvsp[(2) - (2)].str))); free(cfg_parser->cfg->control_key_file); @@ -3678,7 +3679,7 @@ yyreduce: case 261: /* Line 1792 of yacc.c */ -#line 1323 "./util/configparser.y" +#line 1324 "./util/configparser.y" { OUTYY(("P(rc_control_cert_file:%s)\n", (yyvsp[(2) - (2)].str))); free(cfg_parser->cfg->control_cert_file); @@ -3688,7 +3689,7 @@ yyreduce: case 262: /* Line 1792 of yacc.c */ -#line 1330 "./util/configparser.y" +#line 1331 "./util/configparser.y" { OUTYY(("\nP(dnstap:)\n")); } @@ -3696,7 +3697,7 @@ yyreduce: case 277: /* Line 1792 of yacc.c */ -#line 1347 "./util/configparser.y" +#line 1348 "./util/configparser.y" { OUTYY(("P(dt_dnstap_enable:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -3707,7 +3708,7 @@ yyreduce: case 278: /* Line 1792 of yacc.c */ -#line 1355 "./util/configparser.y" +#line 1356 "./util/configparser.y" { OUTYY(("P(dt_dnstap_socket_path:%s)\n", (yyvsp[(2) - (2)].str))); free(cfg_parser->cfg->dnstap_socket_path); @@ -3717,7 +3718,7 @@ yyreduce: case 279: /* Line 1792 of yacc.c */ -#line 1362 "./util/configparser.y" +#line 1363 "./util/configparser.y" { OUTYY(("P(dt_dnstap_send_identity:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -3728,7 +3729,7 @@ yyreduce: case 280: /* Line 1792 of yacc.c */ -#line 1370 "./util/configparser.y" +#line 1371 "./util/configparser.y" { OUTYY(("P(dt_dnstap_send_version:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -3739,7 +3740,7 @@ yyreduce: case 281: /* Line 1792 of yacc.c */ -#line 1378 "./util/configparser.y" +#line 1379 "./util/configparser.y" { OUTYY(("P(dt_dnstap_identity:%s)\n", (yyvsp[(2) - (2)].str))); free(cfg_parser->cfg->dnstap_identity); @@ -3749,7 +3750,7 @@ yyreduce: case 282: /* Line 1792 of yacc.c */ -#line 1385 "./util/configparser.y" +#line 1386 "./util/configparser.y" { OUTYY(("P(dt_dnstap_version:%s)\n", (yyvsp[(2) - (2)].str))); free(cfg_parser->cfg->dnstap_version); @@ -3759,7 +3760,7 @@ yyreduce: case 283: /* Line 1792 of yacc.c */ -#line 1392 "./util/configparser.y" +#line 1393 "./util/configparser.y" { OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -3771,7 +3772,7 @@ yyreduce: case 284: /* Line 1792 of yacc.c */ -#line 1401 "./util/configparser.y" +#line 1402 "./util/configparser.y" { OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -3783,7 +3784,7 @@ yyreduce: case 285: /* Line 1792 of yacc.c */ -#line 1410 "./util/configparser.y" +#line 1411 "./util/configparser.y" { OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -3795,7 +3796,7 @@ yyreduce: case 286: /* Line 1792 of yacc.c */ -#line 1419 "./util/configparser.y" +#line 1420 "./util/configparser.y" { OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -3807,7 +3808,7 @@ yyreduce: case 287: /* Line 1792 of yacc.c */ -#line 1428 "./util/configparser.y" +#line 1429 "./util/configparser.y" { OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -3819,7 +3820,7 @@ yyreduce: case 288: /* Line 1792 of yacc.c */ -#line 1437 "./util/configparser.y" +#line 1438 "./util/configparser.y" { OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -3831,7 +3832,7 @@ yyreduce: case 289: /* Line 1792 of yacc.c */ -#line 1446 "./util/configparser.y" +#line 1447 "./util/configparser.y" { OUTYY(("\nP(python:)\n")); } @@ -3839,7 +3840,7 @@ yyreduce: case 293: /* Line 1792 of yacc.c */ -#line 1455 "./util/configparser.y" +#line 1456 "./util/configparser.y" { OUTYY(("P(python-script:%s)\n", (yyvsp[(2) - (2)].str))); free(cfg_parser->cfg->python_script); @@ -3849,7 +3850,7 @@ yyreduce: /* Line 1792 of yacc.c */ -#line 3853 "util/configparser.c" +#line 3854 "util/configparser.c" default: break; } /* User semantic actions sometimes alter yychar, and that requires @@ -4081,7 +4082,7 @@ yyreturn: /* Line 2055 of yacc.c */ -#line 1460 "./util/configparser.y" +#line 1461 "./util/configparser.y" /* parse helper routines could be here */ diff --git a/util/configparser.y b/util/configparser.y index 7a92d9ee7..05f0c6cf3 100644 --- a/util/configparser.y +++ b/util/configparser.y @@ -1104,10 +1104,11 @@ server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 && strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 && strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0 - && strcmp($3, "typetransparent")!=0) + && strcmp($3, "typetransparent")!=0 && + strcmp($3, "inform")!=0) yyerror("local-zone type: expected static, deny, " "refuse, redirect, transparent, " - "typetransparent or nodefault"); + "typetransparent, inform or nodefault"); else if(strcmp($3, "nodefault")==0) { if(!cfg_strlist_insert(&cfg_parser->cfg-> local_zones_nodefault, $2)) -- 2.47.2