case dns_zone_slave:
type = "slave";
break;
+ case dns_zone_mirror:
+ type = "mirror";
+ break;
case dns_zone_stub:
type = "stub";
break;
type = "master";
break;
case dns_zone_slave:
- type = dns_zone_ismirror(zone) ? "mirror" : "slave";
+ type = "slave";
+ break;
+ case dns_zone_mirror:
+ type = "mirror";
break;
case dns_zone_stub:
type = "stub";
* Configure slave functionality.
*/
switch (ztype) {
- case dns_zone_slave:
case dns_zone_mirror:
+ /*
+ * Disable outgoing zone transfers for mirror zones unless they
+ * are explicitly enabled by zone configuration.
+ */
+ obj = NULL;
+ (void)cfg_map_get(zoptions, "allow-transfer", &obj);
+ if (obj == NULL) {
+ dns_acl_t *none;
+ RETERR(dns_acl_none(mctx, &none));
+ dns_zone_setxfracl(zone, none);
+ dns_acl_detach(&none);
+ }
+ /*
+ * Only allow "also-notify".
+ */
+ notifytype = dns_notifytype_explicit;
+ dns_zone_setnotifytype(zone, notifytype);
+ /* FALLTHROUGH */
+ case dns_zone_slave:
case dns_zone_stub:
case dns_zone_redirect:
count = 0;
}
dns_zone_setoption(mayberaw, DNS_ZONEOPT_MULTIMASTER, multi);
- obj = NULL;
- (void)cfg_map_get(zoptions, "mirror", &obj);
- if (obj != NULL) {
- bool mirror = cfg_obj_asboolean(obj);
- dns_zone_setoption(mayberaw, DNS_ZONEOPT_MIRROR,
- mirror);
- if (mirror) {
- /*
- * Disable outgoing zone transfers unless they
- * are explicitly enabled by zone
- * configuration.
- */
- obj = NULL;
- (void)cfg_map_get(zoptions, "allow-transfer",
- &obj);
- if (obj == NULL) {
- dns_acl_t *none;
- RETERR(dns_acl_none(mctx, &none));
- dns_zone_setxfracl(zone, none);
- dns_acl_detach(&none);
- }
- /*
- * Only allow "also-notify".
- */
- notifytype = dns_notifytype_explicit;
- dns_zone_setnotifytype(zone, notifytype);
- }
- }
-
obj = NULL;
result = named_config_get(maps, "max-transfer-time-in", &obj);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
const char *cfilename;
const char *zfilename;
dns_zone_t *raw = NULL;
- bool has_raw, mirror;
+ bool has_raw;
dns_zonetype_t ztype;
zoptions = cfg_tuple_get(zconfig, "options");
return (false);
}
- /*
- * Do not reuse a zone whose "mirror" setting was changed.
- */
- obj = NULL;
- mirror = false;
- (void)cfg_map_get(zoptions, "mirror", &obj);
- if (obj != NULL) {
- mirror = cfg_obj_asboolean(obj);
- }
- if (dns_zone_ismirror(zone) != mirror) {
- dns_zone_log(zone, ISC_LOG_DEBUG(1),
- "not reusable: mirror setting changed");
- return (false);
- }
-
if (zonetype_fromconfig(zoptions) != ztype) {
dns_zone_log(zone, ISC_LOG_DEBUG(1),
"not reusable: type mismatch");
--- /dev/null
+Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+
+See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
+
+This test checks whether zones configured with "type mirror;" behave as
+expected.
+
+ns1 is an authoritative-only server. It only serves the root zone, which is
+mirrored by ns3.
+
+ns2 is an authoritative-only server. It serves a number of zones, some of which
+are delegated to it by ns1 and used in recursive resolution tests aimed at ns3
+while others are only served so that ns3 has a primary server to mirror zones
+from during various tests of the mirror zone implementation.
+
+ns3 is a recursive resolver. It has a number of mirror zones configured. This
+is the only server whose behavior is being examined by this system test.
};
zone "." {
- type slave;
+ type mirror;
masters { 10.53.0.1; };
- mirror yes;
file "root.db.mirror";
};
zone "initially-unavailable" {
- type slave;
+ type mirror;
masters { 10.53.0.2; };
- mirror yes;
file "initially-unavailable.db.mirror";
use-alt-transfer-source no;
};
zone "verify-axfr" {
- type slave;
+ type mirror;
masters { 10.53.0.2; };
- mirror yes;
file "verify-axfr.db.mirror";
};
zone "verify-ixfr" {
- type slave;
+ type mirror;
masters { 10.53.0.2; };
- mirror yes;
file "verify-ixfr.db.mirror";
masterfile-format text;
};
zone "verify-load" {
- type slave;
+ type mirror;
masters { 10.53.0.2; };
- mirror yes;
file "verify-load.db.mirror";
masterfile-format text;
};
zone "verify-reconfig" {
- type slave;
+ type mirror;
masters { 10.53.0.2; };
- mirror yes;
file "verify-reconfig.db.mirror";
masterfile-format text;
};
zone "verify-unsigned" {
- type slave;
+ type mirror;
masters { 10.53.0.2; };
- mirror yes;
file "verify-unsigned.db.mirror";
};
zone "verify-untrusted" {
- type slave;
+ type mirror;
masters { 10.53.0.2; };
- mirror yes;
file "verify-untrusted.db.mirror";
};
( cd ns1 && $SHELL -e sign.sh )
cat ns2/verify-axfr.db.bad.signed > ns2/verify-axfr.db.signed
-cat ns2/verify-ixfr.db.original.signed > ns2/verify-ixfr.db.signed
cat ns2/verify-load.db.bad.signed > ns3/verify-load.db.mirror
-cat ns2/verify-untrusted.db.original.signed > ns2/verify-untrusted.db.signed
status=`expr $status + $ret`
n=`expr $n + 1`
-echo_i "checking that \"rndc reconfig\" properly handles a yes -> no \"mirror\" setting change ($n)"
+echo_i "checking that \"rndc reconfig\" properly handles a mirror -> slave zone type change ($n)"
ret=0
# Sanity check before we start.
$DIG $DIGOPTS @10.53.0.3 +norec verify-reconfig SOA > dig.out.ns3.test$n.1 2>&1 || ret=1
# Reconfigure the zone so that it is no longer a mirror zone.
# (NOTE: Keep the embedded newline in the sed function list below.)
sed '/^zone "verify-reconfig" {$/,/^};$/ {
- s/mirror yes;/mirror no;/
+ s/type mirror;/type slave;/
}' ns3/named.conf > ns3/named.conf.modified
mv ns3/named.conf.modified ns3/named.conf
nextpart ns3/named.run > /dev/null
$RNDCCMD 10.53.0.3 reconfig > /dev/null 2>&1
-# Zones whose "mirror" setting was changed should not be reusable, which means
-# the tested zone should have been reloaded from disk.
+# Zones whose type was changed should not be reusable, which means the tested
+# zone should have been reloaded from disk.
wait_for_load verify-reconfig ${ORIGINAL_SERIAL} ns3/named.run
# Ensure responses sourced from the reconfigured zone have AA=1 and AD=0.
$DIG $DIGOPTS @10.53.0.3 +norec verify-reconfig SOA > dig.out.ns3.test$n.2 2>&1 || ret=1
status=`expr $status + $ret`
n=`expr $n + 1`
-echo_i "checking that \"rndc reconfig\" properly handles a no -> yes \"mirror\" setting change ($n)"
+echo_i "checking that \"rndc reconfig\" properly handles a slave -> mirror zone type change ($n)"
ret=0
# Put an incorrectly signed version of the zone in the zone file used by ns3.
nextpart ns3/named.run > /dev/null
# Reconfigure the zone so that it is a mirror zone again.
# (NOTE: Keep the embedded newline in the sed function list below.)
sed '/^zone "verify-reconfig" {$/,/^};$/ {
- s/mirror no;/mirror yes;/
+ s/type slave;/type mirror;/
}' ns3/named.conf > ns3/named.conf.modified
mv ns3/named.conf.modified ns3/named.conf
$RNDCCMD 10.53.0.3 reconfig > /dev/null 2>&1
DNS_ZONEOPT_CHECKSPF = 1<<27, /*%< check SPF records */
DNS_ZONEOPT_CHECKTTL = 1<<28, /*%< check max-zone-ttl */
DNS_ZONEOPT_AUTOEMPTY = 1<<29, /*%< automatic empty zone */
- DNS_ZONEOPT_MIRROR = 1<<30, /*%< mirror zone */
} dns_zoneopt_t;
/*
* false otherwise.
*/
-bool
-dns_zone_ismirror(const dns_zone_t *zone);
-/*%<
- * Return true if 'zone' is a mirror zone, return false otherwise.
- */
-
isc_result_t
dns_zone_verifydb(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver);
/*%<
dns_zone_isdynamic
dns_zone_isforced
dns_zone_isloaded
-dns_zone_ismirror
dns_zone_keydone
dns_zone_link
dns_zone_load
return (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED));
}
-bool
-dns_zone_ismirror(const dns_zone_t *zone) {
- REQUIRE(DNS_ZONE_VALID(zone));
-
- return (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_MIRROR));
-}
-
isc_result_t
dns_zone_verifydb(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver) {
dns_dbversion_t *version = NULL;
REQUIRE(DNS_ZONE_VALID(zone));
REQUIRE(db != NULL);
- if (!dns_zone_ismirror(zone)) {
+ if (dns_zone_gettype(zone) != dns_zone_mirror) {
return (ISC_R_SUCCESS);
}
* instead of returning a SERVFAIL.
*/
if ((options & DNS_ZTFIND_MIRROR) != 0 &&
- dns_zone_ismirror(dummy) && !dns_zone_isloaded(dummy))
+ dns_zone_gettype(dummy) == dns_zone_mirror &&
+ !dns_zone_isloaded(dummy))
{
result = ISC_R_NOTFOUND;
} else {
{ "min-retry-time", &cfg_type_uint32,
CFG_ZONE_SLAVE | CFG_ZONE_MIRROR | CFG_ZONE_STUB
},
- { "mirror", &cfg_type_boolean,
- CFG_ZONE_SLAVE
- },
{ "multi-master", &cfg_type_boolean,
CFG_ZONE_SLAVE | CFG_ZONE_MIRROR | CFG_ZONE_STUB
},
/*
* Mirror zone data is treated as cache data.
*/
- if (dns_zone_ismirror(zone)) {
+ if (dns_zone_gettype(zone) == dns_zone_mirror) {
return (query_checkcacheaccess(client, name, qtype, options));
}
if (qctx->is_zone) {
qctx->authoritative = true;
if (qctx->zone != NULL) {
- if (dns_zone_ismirror(qctx->zone)) {
+ if (dns_zone_gettype(qctx->zone) == dns_zone_mirror) {
qctx->authoritative = false;
}
if (dns_zone_gettype(qctx->zone) ==
if (USECACHE(qctx->client) &&
(RECURSIONOK(qctx->client) ||
- (qctx->zone != NULL && dns_zone_ismirror(qctx->zone))))
+ (qctx->zone != NULL &&
+ dns_zone_gettype(qctx->zone) == dns_zone_mirror)))
{
/*
* We might have a better answer or delegation in the
./bin/tests/system/metadata/parent.db ZONE 2009,2016,2018
./bin/tests/system/metadata/setup.sh SH 2009,2011,2012,2014,2016,2017,2018
./bin/tests/system/metadata/tests.sh SH 2009,2011,2012,2013,2014,2016,2017,2018
+./bin/tests/system/mirror/README TXT.BRIEF 2018
./bin/tests/system/mirror/clean.sh SH 2018
./bin/tests/system/mirror/ns1/named.conf.in CONF-C 2018
./bin/tests/system/mirror/ns1/root.db.in ZONE 2018
projects / thirdparty / bind9.git / commitdiff
