Check that catz member zone is not a configured forward zone

When processing a catalog zone member zone make sure that there is no
configured pre-existing forward zone with that name.

Refactor the `dns_fwdtable_find()` function to not alter the
`DNS_R_PARTIALMATCH` result (coming from `dns_rbt_findname()`) into
`DNS_R_SUCCESS`, so that now the caller can differentiate partial
and exact matches. Patch the calling sites to expect and process
the new return value.

diff --git a/bin/named/server.c b/bin/named/server.c
index ca25b073bac8dadc7bec5467fb6bdc491707d1d7..6054f8925d571d6c7015bacc3a14daae01dc4185 100644 (file)
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -2639,6 +2639,8 @@ static void
 catz_addmodzone_taskaction(isc_task_t *task, isc_event_t *event0) {
        catz_chgzone_event_t *ev = (catz_chgzone_event_t *)event0;
        isc_result_t result;
+       dns_forwarders_t *dnsforwarders = NULL;
+       dns_name_t *name = NULL;
        isc_buffer_t namebuf;
        isc_buffer_t *confbuf;
        char nameb[DNS_NAME_FORMATSIZE];
@@ -2657,12 +2659,26 @@ catz_addmodzone_taskaction(isc_task_t *task, isc_event_t *event0) {
                goto cleanup;
        }
 
+       name = dns_catz_entry_getname(ev->entry);
+
        isc_buffer_init(&namebuf, nameb, DNS_NAME_FORMATSIZE);
-       dns_name_totext(dns_catz_entry_getname(ev->entry), true, &namebuf);
+       dns_name_totext(name, true, &namebuf);
        isc_buffer_putuint8(&namebuf, 0);
 
-       result = dns_zt_find(ev->view->zonetable,
-                            dns_catz_entry_getname(ev->entry), 0, NULL, &zone);
+       result = dns_fwdtable_find(ev->view->fwdtable, name, NULL,
+                                  &dnsforwarders);
+       if (result == ISC_R_SUCCESS &&
+           dnsforwarders->fwdpolicy == dns_fwdpolicy_only) {
+               isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
+                             NAMED_LOGMODULE_SERVER, ISC_LOG_WARNING,
+                             "catz: catz_addmodzone_taskaction: "
+                             "zone '%s' will not be processed because of the "
+                             "explicitly configured forwarding for that zone",
+                             nameb);
+               goto cleanup;
+       }
+
+       result = dns_zt_find(ev->view->zonetable, name, 0, NULL, &zone);
 
        if (ev->mod) {
                dns_catz_zone_t *parentcatz;
@@ -2799,8 +2815,7 @@ catz_addmodzone_taskaction(isc_task_t *task, isc_event_t *event0) {
        }
 
        /* Is it there yet? */
-       CHECK(dns_zt_find(ev->view->zonetable,
-                         dns_catz_entry_getname(ev->entry), 0, NULL, &zone));
+       CHECK(dns_zt_find(ev->view->zonetable, name, 0, NULL, &zone));
 
        /*
         * Load the zone from the master file.  If this fails, we'll
@@ -5784,8 +5799,10 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config,
                         */
                        result = dns_fwdtable_find(view->fwdtable, name, NULL,
                                                   &dnsforwarders);
-                       if (result == ISC_R_SUCCESS &&
-                           dnsforwarders->fwdpolicy == dns_fwdpolicy_only) {
+                       if ((result == ISC_R_SUCCESS ||
+                            result == DNS_R_PARTIALMATCH) &&
+                           dnsforwarders->fwdpolicy == dns_fwdpolicy_only)
+                       {
                                continue;
                        }
 
@@ -5870,8 +5887,10 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config,
                         */
                        result = dns_fwdtable_find(view->fwdtable, name, NULL,
                                                   &dnsforwarders);
-                       if (result == ISC_R_SUCCESS &&
-                           dnsforwarders->fwdpolicy == dns_fwdpolicy_only) {
+                       if ((result == ISC_R_SUCCESS ||
+                            result == DNS_R_PARTIALMATCH) &&
+                           dnsforwarders->fwdpolicy == dns_fwdpolicy_only)
+                       {
                                continue;
                        }
 

diff --git a/lib/dns/forward.c b/lib/dns/forward.c
index 72cb20e3d219ec8bab2f805262285ca2e9455efc..cd4959a76dacb6d3a1a5d79f4a2bfd66b72e73fd 100644 (file)
--- a/lib/dns/forward.c
+++ b/lib/dns/forward.c
@@ -176,13 +176,8 @@ dns_fwdtable_find(dns_fwdtable_t *fwdtable, const dns_name_t *name,
        REQUIRE(VALID_FWDTABLE(fwdtable));
 
        RWLOCK(&fwdtable->rwlock, isc_rwlocktype_read);
-
        result = dns_rbt_findname(fwdtable->table, name, 0, foundname,
                                  (void **)forwardersp);
-       if (result == DNS_R_PARTIALMATCH) {
-               result = ISC_R_SUCCESS;
-       }
-
        RWUNLOCK(&fwdtable->rwlock, isc_rwlocktype_read);
 
        return (result);

diff --git a/lib/dns/include/dns/forward.h b/lib/dns/include/dns/forward.h
index a6000ae044c38f42f084f54bf5d786d855780af2..b78d400f18e1cc98ea254e5fd9d24da8db6c7190 100644 (file)
--- a/lib/dns/include/dns/forward.h
+++ b/lib/dns/include/dns/forward.h
@@ -102,8 +102,10 @@ dns_fwdtable_find(dns_fwdtable_t *fwdtable, const dns_name_t *name,
  * \li foundname to be NULL or a valid name with buffer.
  *
  * Returns:
- * \li #ISC_R_SUCCESS
- * \li #ISC_R_NOTFOUND
+ * \li #ISC_R_SUCCESS         Success
+ * \li #DNS_R_PARTIALMATCH    Superdomain found with data
+ * \li #ISC_R_NOTFOUND        No match
+ * \li #ISC_R_NOSPACE         Concatenating nodes to form foundname failed
  */
 
 void

diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index f8d5d12f72d5db392b3ade94bae5842dd8c723d1..cd8ccd5f83606a825cca11860d798970a0e01130 100644 (file)
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -3593,7 +3593,7 @@ fctx_getaddresses(fetchctx_t *fctx, bool badcache) {
                domain = dns_fixedname_initname(&fixed);
                result = dns_fwdtable_find(res->view->fwdtable, name, domain,
                                           &forwarders);
-               if (result == ISC_R_SUCCESS) {
+               if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH) {
                        fwd = ISC_LIST_HEAD(forwarders->fwdrs);
                        fctx->fwdpolicy = forwarders->fwdpolicy;
                        dns_name_copy(domain, fctx->fwdname);
@@ -4783,7 +4783,7 @@ fctx_create(dns_resolver_t *res, const dns_name_t *name, dns_rdatatype_t type,
                /* Find the forwarder for this name. */
                result = dns_fwdtable_find(fctx->res->view->fwdtable, fwdname,
                                           fname, &forwarders);
-               if (result == ISC_R_SUCCESS) {
+               if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH) {
                        fctx->fwdpolicy = forwarders->fwdpolicy;
                        dns_name_copy(fname, fctx->fwdname);
                }
@@ -6840,7 +6840,7 @@ name_external(const dns_name_t *name, dns_rdatatype_t type, fetchctx_t *fctx) {
                /*
                 * See if the forwarder declaration is better.
                 */
-               if (result == ISC_R_SUCCESS) {
+               if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH) {
                        return (!dns_name_equal(fname, fctx->fwdname));
                }
 
@@ -6849,7 +6849,7 @@ name_external(const dns_name_t *name, dns_rdatatype_t type, fetchctx_t *fctx) {
                 * changed: play it safe and don't cache.
                 */
                return (true);
-       } else if (result == ISC_R_SUCCESS &&
+       } else if ((result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH) &&
                   forwarders->fwdpolicy == dns_fwdpolicy_only &&
                   !ISC_LIST_EMPTY(forwarders->fwdrs))
        {