dns_zone_setqueryonacl(zone, view->queryonacl);
}
dns_zone_setdialup(zone, dns_dialuptype_no);
+ dns_zone_setcheckdstype(zone, dns_checkdstype_no);
dns_zone_setnotifytype(zone, dns_notifytype_no);
dns_zone_setoption(zone, DNS_ZONEOPT_NOCHECKNS, true);
CHECK(setquerystats(zone, mctx, dns_zonestat_none)); /* XXXMPA */
dns_zone_setoption(zone, ~DNS_ZONEOPT_NOCHECKNS, false);
dns_zone_setoption(zone, DNS_ZONEOPT_NOCHECKNS, true);
+ dns_zone_setcheckdstype(zone, dns_checkdstype_no);
dns_zone_setnotifytype(zone, dns_notifytype_no);
dns_zone_setdialup(zone, dns_dialuptype_no);
dns_zone_setautomatic(zone, true);
dns_zone_setstats(zone, named_g_server->zonestats);
dns_zone_setdbtype(zone, dbtypec, dbtype);
dns_zone_setdialup(zone, dns_dialuptype_no);
+ dns_zone_setcheckdstype(zone, dns_checkdstype_no);
dns_zone_setnotifytype(zone, dns_notifytype_no);
dns_zone_setautomatic(zone, true);
dns_zone_setoption(zone, DNS_ZONEOPT_NOCHECKNS, true);
dns_acl_detach(&none);
dns_zone_setdialup(zone, dns_dialuptype_no);
+ dns_zone_setcheckdstype(zone, dns_checkdstype_no);
dns_zone_setnotifytype(zone, dns_notifytype_no);
dns_zone_setoption(zone, DNS_ZONEOPT_NOCHECKNS, true);
dns_zone_setjournalsize(zone, 0);
const char *filename = NULL;
const char *kaspname = NULL;
const char *dupcheck;
+ dns_checkdstype_t checkdstype = dns_checkdstype_explicit;
dns_notifytype_t notifytype = dns_notifytype_yes;
uint32_t count;
unsigned int dbargc;
dns_zone_setkasp(zone, NULL);
}
+ obj = NULL;
+ result = named_config_get(maps, "checkds", &obj);
+ if (result == ISC_R_SUCCESS) {
+ if (cfg_obj_isboolean(obj)) {
+ if (cfg_obj_asboolean(obj)) {
+ checkdstype = dns_checkdstype_yes;
+ } else {
+ checkdstype = dns_checkdstype_no;
+ }
+ } else {
+ const char *str = cfg_obj_asstring(obj);
+ if (strcasecmp(str, "explicit") == 0) {
+ checkdstype = dns_checkdstype_explicit;
+ } else {
+ UNREACHABLE();
+ }
+ }
+ }
+ if (raw != NULL) {
+ dns_zone_setcheckdstype(raw, dns_checkdstype_no);
+ }
+ dns_zone_setcheckdstype(zone, checkdstype);
+
obj = NULL;
result = named_config_get(maps, "notify", &obj);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+/*
+ * checkds only allowed at zone level
+ */
+
+options {
+ checkds no;
+};
+
+zone dummy {
+ type primary;
+ file "xxxx";
+};
--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+/*
+ * Bad checkds type
+ */
+
+zone dummy {
+ type primary;
+ file "xxxx";
+ checkds foobar;
+};
view "fourth" {
zone "dnssec-test" {
type primary;
+ checkds explicit;
file "dnssec-test.db";
inline-signing yes;
parental-agents {
};
zone "dnssec-inherit" {
type primary;
+ checkds no;
file "dnssec-inherit.db";
inline-signing yes;
};
};
zone "dnssec-view1" {
type primary;
+ checkds yes;
file "dnssec-view41.db";
inline-signing yes;
dnssec-policy "test";
check-srv-cname ( fail | warn | ignore );
check-svcb <boolean>;
check-wildcard <boolean>;
+ checkds ( explicit | <boolean> );
database <string>;
dialup ( notify | notify-passive | passive | refresh | <boolean> );
dlz <string>;
also-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
auto-dnssec ( allow | maintain | off ); // deprecated
check-names ( fail | warn | ignore );
+ checkds ( explicit | <boolean> );
database <string>;
dialup ( notify | notify-passive | passive | refresh | <boolean> );
dlz <string>;
dns_dbtree_nsec3 = 2
} dns_dbtree_t;
+typedef enum {
+ dns_checkdstype_no = 0,
+ dns_checkdstype_yes = 1,
+ dns_checkdstype_explicit = 2
+} dns_checkdstype_t;
+
typedef enum {
dns_notifytype_no = 0,
dns_notifytype_yes = 1,
* Sets zone notify method to "notifytype"
*/
+void
+dns_zone_setcheckdstype(dns_zone_t *zone, dns_checkdstype_t checkdstype);
+/*%<
+ * Sets zone checkds method to "checkdstype"
+ */
+
isc_result_t
dns_zone_forwardupdate(dns_zone_t *zone, dns_message_t *msg,
dns_updatecallback_t callback, void *callback_arg);
dns_remote_t parentals;
dns_dnsseckeylist_t checkds_ok;
+ dns_checkdstype_t checkdstype;
dns_remote_t notify;
dns_notifytype_t notifytype;
.minrefresh = DNS_ZONE_MINREFRESH,
.maxretry = DNS_ZONE_MAXRETRY,
.minretry = DNS_ZONE_MINRETRY,
+ .checkdstype = dns_checkdstype_explicit,
.notifytype = dns_notifytype_yes,
.zero_no_soa_ttl = true,
.check_names = dns_severity_ignore,
UNLOCK_ZONE(zone);
}
+void
+dns_zone_setcheckdstype(dns_zone_t *zone, dns_checkdstype_t checkdstype) {
+ REQUIRE(DNS_ZONE_VALID(zone));
+
+ LOCK_ZONE(zone);
+ zone->checkdstype = checkdstype;
+ UNLOCK_ZONE(zone);
+}
+
isc_result_t
dns_zone_getserial(dns_zone_t *zone, uint32_t *serialp) {
isc_result_t result;
static cfg_type_t cfg_type_bracketed_sockaddrnameportlist;
static cfg_type_t cfg_type_bracketed_sockaddrtlslist;
static cfg_type_t cfg_type_bracketed_http_endpoint_list;
+static cfg_type_t cfg_type_checkdstype;
static cfg_type_t cfg_type_controls;
static cfg_type_t cfg_type_controls_sockaddr;
static cfg_type_t cfg_type_destinationlist;
cfg_doc_tuple, &cfg_rep_tuple, validityinterval_fields
};
+/*%
+ * Checkds type.
+ */
+static const char *checkds_enums[] = { "explicit", NULL };
+static isc_result_t
+parse_checkds_type(cfg_parser_t *pctx, const cfg_type_t *type,
+ cfg_obj_t **ret) {
+ return (cfg_parse_enum_or_other(pctx, type, &cfg_type_boolean, ret));
+}
+static void
+doc_checkds_type(cfg_printer_t *pctx, const cfg_type_t *type) {
+ cfg_doc_enum_or_other(pctx, type, &cfg_type_boolean);
+}
+static cfg_type_t cfg_type_checkdstype = {
+ "checkdstype", parse_checkds_type, cfg_print_ustring,
+ doc_checkds_type, &cfg_rep_string, checkds_enums,
+};
+
/*%
* Clauses that can be found in a 'dnssec-policy' statement.
*/
{ "check-names", &cfg_type_checkmode,
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR |
CFG_ZONE_HINT | CFG_ZONE_STUB },
+ { "checkds", &cfg_type_checkdstype,
+ CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY },
{ "database", &cfg_type_astring,
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR |
CFG_ZONE_STUB },
projects / thirdparty / bind9.git / commitdiff
