From: Mark Andrews Date: Mon, 6 Nov 2023 15:10:45 +0000 (+1100) Subject: Add support to set the UL EDNS option in nsupdate X-Git-Tag: v9.19.22~73^2~1 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ac0cec13384114523a6137286a06fbb2b468116d;p=thirdparty%2Fbind9.git Add support to set the UL EDNS option in nsupdate This adds a 'lease' command to nsupdate which sets the UL EDNS option to the desired values. The values are visible via show. --- diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c index 3b77470e49b..7290ab28aa6 100644 --- a/bin/nsupdate/nsupdate.c +++ b/bin/nsupdate/nsupdate.c @@ -102,6 +102,8 @@ #define DNSDEFAULTPORT 53 +#define DEFAULT_EDNS_BUFSIZE 1232 + /* Number of addresses to request from isc_getaddresses() */ #define MAX_SERVERADDRS 4 @@ -175,6 +177,8 @@ static isc_mutex_t answer_lock; static dns_message_t *answer = NULL; static uint32_t default_ttl = 0; static bool default_ttl_set = false; +static uint32_t lease = 0, keylease = 0; +static bool lease_set = false, keylease_set = false; static bool checknames = true; static bool checksvcb = true; static const char *resolvconf = RESOLV_CONF; @@ -1518,6 +1522,90 @@ evaluate_prereq(char *cmdline) { return (make_prereq(cmdline, ispositive, isrrset)); } +static void +updateopt(void) { + isc_result_t result; + dns_ednsopt_t ednsopts[1]; + unsigned char ul[8]; + unsigned int count = 0; + + if (lease_set) { + isc_buffer_t b; + INSIST(count < ARRAY_SIZE(ednsopts)); + ednsopts[count++] = (dns_ednsopt_t){ .code = DNS_OPT_UL, + .length = keylease_set ? 8 + : 4, + .value = ul }; + + isc_buffer_init(&b, ul, sizeof(ul)); + isc_buffer_putuint32(&b, lease); + isc_buffer_putuint32(&b, keylease); + } + + if (count != 0) { + dns_rdataset_t *opt = NULL; + result = dns_message_buildopt(updatemsg, &opt, 0, + DEFAULT_EDNS_BUFSIZE, 0, ednsopts, + count); + check_result(result, "dns_message_buildopt"); + result = dns_message_setopt(updatemsg, opt); + check_result(result, "dns_message_setopt"); + } else { + result = dns_message_setopt(updatemsg, NULL); + check_result(result, "dns_message_setopt"); + } +} + +static uint16_t +evaluate_lease(char *cmdline) { + char *word; + isc_result_t result; + uint32_t value1, value2; + + word = nsu_strsep(&cmdline, " \t\r\n"); + if (word == NULL || *word == 0) { + fprintf(stderr, "could not read ttl\n"); + return (STATUS_SYNTAX); + } + + if (!strcasecmp(word, "none")) { + lease = 0; + lease_set = false; + keylease = 0; + keylease_set = false; + updateopt(); + return (STATUS_MORE); + } + + result = isc_parse_uint32(&value1, word, 10); + if (result != ISC_R_SUCCESS) { + return (STATUS_SYNTAX); + } + + word = nsu_strsep(&cmdline, " \t\r\n"); + if (word == NULL || *word == 0) { + lease = value1; + lease_set = true; + keylease = 0; + keylease_set = false; + updateopt(); + return (STATUS_MORE); + } + + result = isc_parse_uint32(&value2, word, 10); + if (result != ISC_R_SUCCESS) { + return (STATUS_SYNTAX); + } + + lease = value1; + lease_set = true; + keylease = value2; + keylease_set = true; + updateopt(); + + return (STATUS_MORE); +} + static uint16_t evaluate_server(char *cmdline) { char *word, *server; @@ -2222,6 +2310,9 @@ do_next_command(char *cmdline) { if (strcasecmp(word, "add") == 0) { return (update_addordelete(cmdline, false)); } + if (strcasecmp(word, "lease") == 0) { + return (evaluate_lease(cmdline)); + } if (strcasecmp(word, "server") == 0) { return (evaluate_server(cmdline)); } diff --git a/bin/nsupdate/nsupdate.rst b/bin/nsupdate/nsupdate.rst index 88263904ed4..b98d70bbff7 100644 --- a/bin/nsupdate/nsupdate.rst +++ b/bin/nsupdate/nsupdate.rst @@ -323,6 +323,11 @@ The command formats and their meanings are as follows: By default check-svcb processing is on. If check-svcb processing fails, the record is not added to the UPDATE message. +``lease time [keytime]`` + Set the EDNS Update Lease (UL) option to value to ``time`` and + optionally also set the key lease time to ``keytime`` in seconds. + If ``time`` is ``none`` the lease times are cleared. + ``prereq nxdomain domain-name`` This command requires that no resource record of any type exist with the name ``domain-name``.