+3935. [bug] "geoip asnum" ACL elements would not match unless
+ the full organization name was specified. They
+ can now match against the AS number alone (e.g.,
+ AS1234). [RT #36945]
+
3934. [bug] Catch bad 'sit-secret' in named-checkconf. Improve
sit-secret documentation. [RT #36980]
};
view one {
- match-clients { geoip domain one.de; };
+ match-clients { geoip asnum "AS100001"; };
zone "example" {
type master;
file "example1.db";
};
view two {
- match-clients { geoip domain two.com; };
+ match-clients { geoip asnum "AS100002"; };
zone "example" {
type master;
file "example2.db";
};
view three {
- match-clients { geoip domain three.com; };
+ match-clients { geoip asnum "AS100003"; };
zone "example" {
type master;
file "example3.db";
};
view four {
- match-clients { geoip domain four.com; };
+ match-clients { geoip asnum "AS100004"; };
zone "example" {
type master;
file "example4.db";
};
view five {
- match-clients { geoip domain five.es; };
+ match-clients { geoip asnum "AS100005"; };
zone "example" {
type master;
file "example5.db";
};
view six {
- match-clients { geoip domain six.it; };
+ match-clients { geoip asnum "AS100006"; };
zone "example" {
type master;
file "example6.db";
};
view seven {
- match-clients { geoip domain seven.org; };
+ match-clients { geoip asnum "AS100007"; };
zone "example" {
type master;
file "example7.db";
};
view one {
- match-clients { geoip netspeed 0; };
+ match-clients { geoip domain one.de; };
zone "example" {
type master;
file "example1.db";
};
view two {
- match-clients { geoip netspeed 1; };
+ match-clients { geoip domain two.com; };
zone "example" {
type master;
file "example2.db";
};
view three {
- match-clients { geoip netspeed 2; };
+ match-clients { geoip domain three.com; };
zone "example" {
type master;
file "example3.db";
};
view four {
- match-clients { geoip netspeed 3; };
+ match-clients { geoip domain four.com; };
zone "example" {
type master;
file "example4.db";
};
};
+view five {
+ match-clients { geoip domain five.es; };
+ zone "example" {
+ type master;
+ file "example5.db";
+ };
+};
+
+view six {
+ match-clients { geoip domain six.it; };
+ zone "example" {
+ type master;
+ file "example6.db";
+ };
+};
+
+view seven {
+ match-clients { geoip domain seven.org; };
+ zone "example" {
+ type master;
+ file "example7.db";
+ };
+};
+
view none {
match-clients { any; };
zone "example" {
/*
- * Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
controls { /* empty */ };
-acl blocking {
- geoip db country country AU;
-};
-
options {
query-source address 10.53.0.2;
notify-source 10.53.0.2;
listen-on-v6 { none; };
recursion no;
geoip-directory "../data";
- blackhole { blocking; };
};
key rndc_key {
controls {
inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; };
};
+
+view one {
+ match-clients { geoip netspeed 0; };
+ zone "example" {
+ type master;
+ file "example1.db";
+ };
+};
+
+view two {
+ match-clients { geoip netspeed 1; };
+ zone "example" {
+ type master;
+ file "example2.db";
+ };
+};
+
+view three {
+ match-clients { geoip netspeed 2; };
+ zone "example" {
+ type master;
+ file "example3.db";
+ };
+};
+
+view four {
+ match-clients { geoip netspeed 3; };
+ zone "example" {
+ type master;
+ file "example4.db";
+ };
+};
+
+view none {
+ match-clients { any; };
+ zone "example" {
+ type master;
+ file "example.db.in";
+ };
+};
controls { /* empty */ };
+acl blocking {
+ geoip db country country AU;
+};
+
options {
query-source address 10.53.0.2;
notify-source 10.53.0.2;
listen-on-v6 { none; };
recursion no;
geoip-directory "../data";
+ blackhole { blocking; };
};
key rndc_key {
controls {
inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; };
};
-
-acl gAU { geoip db country country AU; };
-acl gUS { geoip db country country US; };
-acl gGB { geoip db country country GB; };
-acl gCA { geoip db country country CA; };
-acl gCL { geoip db country country CL; };
-acl gDE { geoip db country country DE; };
-acl gEH { geoip db country country EH; };
-
-view one {
- match-clients { gAU; };
- zone "example" {
- type master;
- file "example1.db";
- };
-};
-
-view two {
- match-clients { gUS; };
- zone "example" {
- type master;
- file "example2.db";
- };
-};
-
-view three {
- match-clients { gGB; };
- zone "example" {
- type master;
- file "example3.db";
- };
-};
-
-view four {
- match-clients { gCA; };
- zone "example" {
- type master;
- file "example4.db";
- };
-};
-
-view five {
- match-clients { gCL; };
- zone "example" {
- type master;
- file "example5.db";
- };
-};
-
-view six {
- match-clients { gDE; };
- zone "example" {
- type master;
- file "example6.db";
- };
-};
-
-view seven {
- match-clients { gEH; };
- zone "example" {
- type master;
- file "example7.db";
- };
-};
-
-view none {
- match-clients { any; };
- zone "example" {
- type master;
- file "example.db.in";
- };
-};
--- /dev/null
+/*
+ * Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+// NS2
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.2;
+ notify-source 10.53.0.2;
+ transfer-source 10.53.0.2;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.2; };
+ listen-on-v6 { none; };
+ recursion no;
+ geoip-directory "../data";
+};
+
+key rndc_key {
+ secret "1234abcd8765";
+ algorithm hmac-sha256;
+};
+
+controls {
+ inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; };
+};
+
+acl gAU { geoip db country country AU; };
+acl gUS { geoip db country country US; };
+acl gGB { geoip db country country GB; };
+acl gCA { geoip db country country CA; };
+acl gCL { geoip db country country CL; };
+acl gDE { geoip db country country DE; };
+acl gEH { geoip db country country EH; };
+
+view one {
+ match-clients { gAU; };
+ zone "example" {
+ type master;
+ file "example1.db";
+ };
+};
+
+view two {
+ match-clients { gUS; };
+ zone "example" {
+ type master;
+ file "example2.db";
+ };
+};
+
+view three {
+ match-clients { gGB; };
+ zone "example" {
+ type master;
+ file "example3.db";
+ };
+};
+
+view four {
+ match-clients { gCA; };
+ zone "example" {
+ type master;
+ file "example4.db";
+ };
+};
+
+view five {
+ match-clients { gCL; };
+ zone "example" {
+ type master;
+ file "example5.db";
+ };
+};
+
+view six {
+ match-clients { gDE; };
+ zone "example" {
+ type master;
+ file "example6.db";
+ };
+};
+
+view seven {
+ match-clients { gEH; };
+ zone "example" {
+ type master;
+ file "example7.db";
+ };
+};
+
+view none {
+ match-clients { any; };
+ zone "example" {
+ type master;
+ file "example.db.in";
+ };
+};
sleep 3
n=`expr $n + 1`
-echo "I:checking GeoIP domain database ($n)"
+echo "I:checking GeoIP asnum database - ASNNNN only ($n)"
ret=0
lret=0
for i in 1 2 3 4 5 6 7; do
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /'
sleep 3
+n=`expr $n + 1`
+echo "I:checking GeoIP domain database ($n)"
+ret=0
+lret=0
+for i in 1 2 3 4 5 6 7; do
+ $DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1
+ j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
+ [ "$i" = "$j" ] || lret=1
+ [ $lret -eq 1 ] && break
+done
+[ $lret -eq 1 ] && ret=1
+[ $ret -eq 0 ] || echo "I:failed"
+status=`expr $status + $ret`
+
+echo "I:reloading server"
+cp -f ns2/named12.conf ns2/named.conf
+$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /'
+sleep 3
+
n=`expr $n + 1`
echo "I:checking GeoIP netspeed database ($n)"
ret=0
status=`expr $status + $ret`
echo "I:reloading server"
-cp -f ns2/named12.conf ns2/named.conf
+cp -f ns2/named13.conf ns2/named.conf
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /'
sleep 3
status=`expr $status + $ret`
echo "I:reloading server"
-cp -f ns2/named13.conf ns2/named.conf
+cp -f ns2/named14.conf ns2/named.conf
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /'
sleep 3
be configured to act as a lightweight resolver daemon using the
<command>lwres</command> statement in <filename>named.conf</filename>.
</para>
-
</sect1>
</chapter>
"isp", "org", "asnum", "domain" and "netspeed".
</para>
<para>
- <replaceable>value</replaceable> is the value to searched for
- within the database. A string may be quoted if it contains
- spaces or other special characters. If this is a "country"
- search and the string is two characters long, then it must be a
- standard ISO-3166-1 two-letter country code, and if it is three
- characters long then it must be an ISO-3166-1 three-letter
- country code; otherwise it is the full name of the country.
- Similarly, if this is a "region" search and the string is
- two characters long, then it must be a standard two-letter state
- or province abbreviation; otherwise it is the full name of the
- state or province.
+ <replaceable>value</replaceable> is the value to search
+ for within the database. A string may be quoted if it
+ contains spaces or other special characters. If this is
+ an "asnum" search, then the leading "ASNNNN" string can be
+ used, otherwise the full description must be used (e.g.
+ "ASNNNN Example Company Name"). If this is a "country"
+ search and the string is two characters long, then it must
+ be a standard ISO-3166-1 two-letter country code, and if it
+ is three characters long then it must be an ISO-3166-1
+ three-letter country code; otherwise it is the full name
+ of the country. Similarly, if this is a "region" search
+ and the string is two characters long, then it must be a
+ standard two-letter state or province abbreviation;
+ otherwise it is the full name of the state or province.
</para>
<para>
The <replaceable>database</replaceable> field indicates which
initial value (minimum) and maximum number of recursive
simultaneous clients for any given query
(<qname,qtype,qclass>) that the server will accept
- before dropping additional clients. <command>named</command> will attempt to
+ before dropping additional clients.
+ <command>named</command> will attempt to
self tune this value and changes will be logged. The
default values are 10 and 100.
</para>
return (ISC_FALSE);
s = name_lookup(db, subtype, ipnum);
- if (s != NULL && strcasecmp(elt->as_string, s) == 0)
- return (ISC_TRUE);
+ if (s != NULL) {
+ size_t l;
+ if (strcasecmp(elt->as_string, s) == 0)
+ return (ISC_TRUE);
+ if (subtype != dns_geoip_as_asnum)
+ break;
+ /*
+ * Just check if the ASNNNN value matches.
+ */
+ l = strlen(elt->as_string);
+ if (l > 0U && strchr(elt->as_string, ' ') == NULL &&
+ strncasecmp(elt->as_string, s, l) == 0 &&
+ s[l] == ' ')
+ return (ISC_TRUE);
+ }
break;
case dns_geoip_netspeed_id:
const char *stype, *search;
dns_geoip_subtype_t subtype;
dns_aclelement_t de;
+ size_t len;
REQUIRE(dep != NULL);
stype = cfg_obj_asstring(cfg_tuple_get(obj, "subtype"));
search = cfg_obj_asstring(cfg_tuple_get(obj, "search"));
+ len = strlen(search);
- if (strcasecmp(stype, "country") == 0 && strlen(search) == 2) {
+ if (len == 0) {
+ cfg_obj_log(obj, lctx, ISC_LOG_ERROR,
+ "zero-length geoip search field");
+ return (ISC_R_FAILURE);
+ }
+
+ if (strcasecmp(stype, "country") == 0 && len == 2) {
/* Two-letter country code */
subtype = dns_geoip_countrycode;
- strncpy(de.geoip_elem.as_string, search, 2);
- } else if (strcasecmp(stype, "country") == 0 && strlen(search) == 3) {
+ strlcpy(de.geoip_elem.as_string, search,
+ sizeof(de.geoip_elem.as_string));
+ } else if (strcasecmp(stype, "country") == 0 && len == 3) {
/* Three-letter country code */
subtype = dns_geoip_countrycode3;
- strncpy(de.geoip_elem.as_string, search, 3);
+ strlcpy(de.geoip_elem.as_string, search,
+ sizeof(de.geoip_elem.as_string));
} else if (strcasecmp(stype, "country") == 0) {
/* Country name */
subtype = dns_geoip_countryname;
- strncpy(de.geoip_elem.as_string, search, 255);
- } else if (strcasecmp(stype, "region") == 0 && strlen(search) == 2) {
+ strlcpy(de.geoip_elem.as_string, search,
+ sizeof(de.geoip_elem.as_string));
+ } else if (strcasecmp(stype, "region") == 0 && len == 2) {
/* Two-letter region code */
subtype = dns_geoip_region;
- strncpy(de.geoip_elem.as_string, search, 2);
+ strlcpy(de.geoip_elem.as_string, search,
+ sizeof(de.geoip_elem.as_string));
} else if (strcasecmp(stype, "region") == 0) {
/* Region name */
subtype = dns_geoip_regionname;
- strncpy(de.geoip_elem.as_string, search, 255);
+ strlcpy(de.geoip_elem.as_string, search,
+ sizeof(de.geoip_elem.as_string));
} else if (strcasecmp(stype, "city") == 0) {
/* City name */
subtype = dns_geoip_city_name;
- strncpy(de.geoip_elem.as_string, search, 255);
- } else if (strcasecmp(stype, "postal") == 0 && strlen(search) < 7) {
+ strlcpy(de.geoip_elem.as_string, search,
+ sizeof(de.geoip_elem.as_string));
+ } else if (strcasecmp(stype, "postal") == 0 && len < 7) {
subtype = dns_geoip_city_postalcode;
- strncpy(de.geoip_elem.as_string, search, 6);
- de.geoip_elem.as_string[6] = '\0';
+ strlcpy(de.geoip_elem.as_string, search,
+ sizeof(de.geoip_elem.as_string));
+ } else if (strcasecmp(stype, "postal") == 0) {
+ cfg_obj_log(obj, lctx, ISC_LOG_ERROR,
+ "geoiop postal code (%s) too long", search);
+ return (ISC_R_FAILURE);
} else if (strcasecmp(stype, "metro") == 0) {
subtype = dns_geoip_city_metrocode;
de.geoip_elem.as_int = atoi(search);
de.geoip_elem.as_int = atoi(search);
} else if (strcasecmp(stype, "tz") == 0) {
subtype = dns_geoip_city_timezonecode;
- strncpy(de.geoip_elem.as_string, search, 255);
- } else if (strcasecmp(stype, "continent") == 0 && strlen(search) == 2) {
+ strlcpy(de.geoip_elem.as_string, search,
+ sizeof(de.geoip_elem.as_string));
+ } else if (strcasecmp(stype, "continent") == 0 && len == 2) {
/* Two-letter continent code */
subtype = dns_geoip_city_continentcode;
- strncpy(de.geoip_elem.as_string, search, 2);
+ strlcpy(de.geoip_elem.as_string, search,
+ sizeof(de.geoip_elem.as_string));
+ } else if (strcasecmp(stype, "continent") == 0) {
+ cfg_obj_log(obj, lctx, ISC_LOG_ERROR,
+ "geoiop continent code (%s) too long", search);
+ return (ISC_R_FAILURE);
} else if (strcasecmp(stype, "isp") == 0) {
subtype = dns_geoip_isp_name;
- strncpy(de.geoip_elem.as_string, search, 255);
+ strlcpy(de.geoip_elem.as_string, search,
+ sizeof(de.geoip_elem.as_string));
} else if (strcasecmp(stype, "asnum") == 0) {
subtype = dns_geoip_as_asnum;
- strncpy(de.geoip_elem.as_string, search, 255);
+ strlcpy(de.geoip_elem.as_string, search,
+ sizeof(de.geoip_elem.as_string));
} else if (strcasecmp(stype, "org") == 0) {
subtype = dns_geoip_org_name;
- strncpy(de.geoip_elem.as_string, search, 255);
+ strlcpy(de.geoip_elem.as_string, search,
+ sizeof(de.geoip_elem.as_string));
} else if (strcasecmp(stype, "domain") == 0) {
subtype = dns_geoip_domain_name;
- strncpy(de.geoip_elem.as_string, search, 255);
+ strlcpy(de.geoip_elem.as_string, search,
+ sizeof(de.geoip_elem.as_string));
} else if (strcasecmp(stype, "netspeed") == 0) {
subtype = dns_geoip_netspeed_id;
de.geoip_elem.as_int = atoi(search);
./bin/tests/system/geoip/geoip.c C 2013
./bin/tests/system/geoip/ns2/example.db.in ZONE 2013
./bin/tests/system/geoip/ns2/named1.conf CONF-C 2013
-./bin/tests/system/geoip/ns2/named10.conf CONF-C 2013
+./bin/tests/system/geoip/ns2/named10.conf CONF-C 2014
./bin/tests/system/geoip/ns2/named11.conf CONF-C 2013
-./bin/tests/system/geoip/ns2/named12.conf CONF-C 2014
+./bin/tests/system/geoip/ns2/named12.conf CONF-C 2013
./bin/tests/system/geoip/ns2/named13.conf CONF-C 2014
+./bin/tests/system/geoip/ns2/named14.conf CONF-C 2014
./bin/tests/system/geoip/ns2/named2.conf CONF-C 2013
./bin/tests/system/geoip/ns2/named3.conf CONF-C 2013
./bin/tests/system/geoip/ns2/named4.conf CONF-C 2013
projects / thirdparty / bind9.git / commitdiff
