- namedconf.c now has dns64-related options flagged as obsolete.
- lib/dns/dns64.c and lib/dns/include/dns/dns64.h are gone. their
code has been migrated into bin/plugins/dns64.c, with corresponding
nomenclature changes, and some style cleanup.
- dns64-related fields have been removed from the dns_view struct.
- dns64 configuration parsing code has been moved from named into
the plugin module.
- checkconf tests have been removed from the dns64 system test
these will be restored later, when named-checkconf has been
modified to be able to load plugin modules and check their
configuration syntax.
- dns64-related configuration checks have been removed from
lib/bind9/check.c.
- zonemgr is now attached to the view so that modules will be able
to access it.
EXTERN const char * named_g_fuzz_addr INIT(NULL);
EXTERN isc_fuzztype_t named_g_fuzz_type INIT(isc_fuzz_none);
-EXTERN dns_acl_t * named_g_mapped INIT(NULL);
-
#undef EXTERN
#undef INIT
cleanup(void) {
destroy_managers();
- if (named_g_mapped != NULL)
- dns_acl_detach(&named_g_mapped);
-
named_server_destroy(&named_g_server);
named_builtin_deinit();
#include <dns/dispatch.h>
#include <dns/dlz.h>
#include <dns/dnsrps.h>
-#include <dns/dns64.h>
#include <dns/dyndb.h>
#include <dns/events.h>
#include <dns/forward.h>
zclass, origin));
}
-static isc_result_t
-dns64_reverse(dns_view_t *view, isc_mem_t *mctx, isc_netaddr_t *na,
- unsigned int prefixlen, const char *server,
- const char *contact)
-{
- char reverse[48+sizeof("ip6.arpa.")] = { 0 };
- char buf[sizeof("x.x.")];
- const char *dns64_dbtype[4] = { "_dns64", "dns64", ".", "." };
- const char *sep = ": view ";
- const char *viewname = view->name;
- const unsigned char *s6;
- dns_fixedname_t fixed;
- dns_name_t *name;
- dns_zone_t *zone = NULL;
- int dns64_dbtypec = 4;
- isc_buffer_t b;
- isc_result_t result;
-
- REQUIRE(prefixlen == 32 || prefixlen == 40 || prefixlen == 48 ||
- prefixlen == 56 || prefixlen == 64 || prefixlen == 96);
-
- if (!strcmp(viewname, "_default")) {
- sep = "";
- viewname = "";
- }
-
- /*
- * Construct the reverse name of the zone.
- */
- s6 = na->type.in6.s6_addr;
- while (prefixlen > 0) {
- prefixlen -= 8;
- snprintf(buf, sizeof(buf), "%x.%x.", s6[prefixlen/8] & 0xf,
- (s6[prefixlen/8] >> 4) & 0xf);
- strlcat(reverse, buf, sizeof(reverse));
- }
- strlcat(reverse, "ip6.arpa.", sizeof(reverse));
-
- /*
- * Create the actual zone.
- */
- if (server != NULL)
- dns64_dbtype[2] = server;
- if (contact != NULL)
- dns64_dbtype[3] = contact;
- name = dns_fixedname_initname(&fixed);
- isc_buffer_constinit(&b, reverse, strlen(reverse));
- isc_buffer_add(&b, strlen(reverse));
- CHECK(dns_name_fromtext(name, &b, dns_rootname, 0, NULL));
- CHECK(dns_zone_create(&zone, mctx));
- CHECK(dns_zone_setorigin(zone, name));
- dns_zone_setview(zone, view);
- CHECK(dns_zonemgr_managezone(named_g_server->zonemgr, zone));
- dns_zone_setclass(zone, view->rdclass);
- dns_zone_settype(zone, dns_zone_master);
- dns_zone_setstats(zone, named_g_server->zonestats);
- dns_zone_setdbtype(zone, dns64_dbtypec, dns64_dbtype);
- if (view->queryacl != NULL)
- dns_zone_setqueryacl(zone, view->queryacl);
- if (view->queryonacl != NULL)
- dns_zone_setqueryonacl(zone, view->queryonacl);
- dns_zone_setdialup(zone, dns_dialuptype_no);
- dns_zone_setnotifytype(zone, dns_notifytype_no);
- dns_zone_setoption(zone, DNS_ZONEOPT_NOCHECKNS, true);
- CHECK(setquerystats(zone, mctx, dns_zonestat_none)); /* XXXMPA */
- CHECK(dns_view_addzone(view, zone));
- isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
- NAMED_LOGMODULE_SERVER, ISC_LOG_INFO,
- "dns64 reverse zone%s%s: %s", sep,
- viewname, reverse);
-
-cleanup:
- if (zone != NULL)
- dns_zone_detach(&zone);
- return (result);
-}
-
#ifdef USE_DNSRPS
typedef struct conf_dnsrps_ctx conf_dnsrps_ctx_t;
struct conf_dnsrps_ctx {
}
#endif /* HAVE_DNSTAP */
-static isc_result_t
-create_mapped_acl(void) {
- isc_result_t result;
- dns_acl_t *acl = NULL;
- struct in6_addr in6 = IN6ADDR_V4MAPPED_INIT;
- isc_netaddr_t addr;
-
- isc_netaddr_fromin6(&addr, &in6);
-
- result = dns_acl_create(named_g_mctx, 1, &acl);
- if (result != ISC_R_SUCCESS)
- return (result);
-
- result = dns_iptable_addprefix(acl->iptable, &addr, 96, true);
- if (result == ISC_R_SUCCESS)
- dns_acl_attach(acl, &named_g_mapped);
- dns_acl_detach(&acl);
- return (result);
-}
-
#ifdef HAVE_DLOPEN
/*%
* A callback for the cfg_pluginlist_foreach() call in configure_view() below.
bool auto_root = false;
named_cache_t *nsc;
bool zero_no_soattl;
- dns_acl_t *clients = NULL, *mapped = NULL, *excluded = NULL;
unsigned int query_timeout, ndisp;
bool old_rpz_ok = false;
isc_dscp_t dscp4 = -1, dscp6 = -1;
cfgmaps[k++] = config;
cfgmaps[k] = NULL;
+ /*
+ * Set the view's zone manager.
+ */
+ dns_view_setzonemgr(view, named_g_server->zonemgr);
+
/*
* Set the view's port number for outgoing queries.
*/
INSIST(result == ISC_R_SUCCESS);
zero_no_soattl = cfg_obj_asboolean(obj);
- obj = NULL;
- result = named_config_get(maps, "dns64", &obj);
- if (result == ISC_R_SUCCESS && strcmp(view->name, "_bind") &&
- strcmp(view->name, "_meta")) {
- isc_netaddr_t na, suffix, *sp;
- unsigned int prefixlen;
- const char *server, *contact;
- const cfg_obj_t *myobj;
-
- myobj = NULL;
- result = named_config_get(maps, "dns64-server", &myobj);
- if (result == ISC_R_SUCCESS)
- server = cfg_obj_asstring(myobj);
- else
- server = NULL;
-
- myobj = NULL;
- result = named_config_get(maps, "dns64-contact", &myobj);
- if (result == ISC_R_SUCCESS)
- contact = cfg_obj_asstring(myobj);
- else
- contact = NULL;
-
- for (element = cfg_list_first(obj);
- element != NULL;
- element = cfg_list_next(element))
- {
- const cfg_obj_t *map = cfg_listelt_value(element);
- dns_dns64_t *dns64 = NULL;
- unsigned int dns64options = 0;
-
- cfg_obj_asnetprefix(cfg_map_getname(map), &na,
- &prefixlen);
-
- obj = NULL;
- (void)cfg_map_get(map, "suffix", &obj);
- if (obj != NULL) {
- sp = &suffix;
- isc_netaddr_fromsockaddr(sp,
- cfg_obj_assockaddr(obj));
- } else
- sp = NULL;
-
- clients = mapped = excluded = NULL;
- obj = NULL;
- (void)cfg_map_get(map, "clients", &obj);
- if (obj != NULL) {
- result = cfg_acl_fromconfig(obj, config,
- named_g_lctx, actx,
- mctx, 0, &clients);
- if (result != ISC_R_SUCCESS)
- goto cleanup;
- }
- obj = NULL;
- (void)cfg_map_get(map, "mapped", &obj);
- if (obj != NULL) {
- result = cfg_acl_fromconfig(obj, config,
- named_g_lctx, actx,
- mctx, 0, &mapped);
- if (result != ISC_R_SUCCESS)
- goto cleanup;
- }
- obj = NULL;
- (void)cfg_map_get(map, "exclude", &obj);
- if (obj != NULL) {
- result = cfg_acl_fromconfig(obj, config,
- named_g_lctx, actx,
- mctx, 0, &excluded);
- if (result != ISC_R_SUCCESS)
- goto cleanup;
- } else {
- if (named_g_mapped == NULL) {
- result = create_mapped_acl();
- if (result != ISC_R_SUCCESS)
- goto cleanup;
- }
- dns_acl_attach(named_g_mapped, &excluded);
- }
-
- obj = NULL;
- (void)cfg_map_get(map, "recursive-only", &obj);
- if (obj != NULL && cfg_obj_asboolean(obj))
- dns64options |= DNS_DNS64_RECURSIVE_ONLY;
-
- obj = NULL;
- (void)cfg_map_get(map, "break-dnssec", &obj);
- if (obj != NULL && cfg_obj_asboolean(obj))
- dns64options |= DNS_DNS64_BREAK_DNSSEC;
-
- result = dns_dns64_create(mctx, &na, prefixlen, sp,
- clients, mapped, excluded,
- dns64options, &dns64);
- if (result != ISC_R_SUCCESS)
- goto cleanup;
- dns_dns64_append(&view->dns64, dns64);
- view->dns64cnt++;
- result = dns64_reverse(view, mctx, &na, prefixlen,
- server, contact);
- if (result != ISC_R_SUCCESS)
- goto cleanup;
- if (clients != NULL)
- dns_acl_detach(&clients);
- if (mapped != NULL)
- dns_acl_detach(&mapped);
- if (excluded != NULL)
- dns_acl_detach(&excluded);
- }
- }
-
obj = NULL;
result = named_config_get(maps, "dnssec-accept-expired", &obj);
INSIST(result == ISC_R_SUCCESS);
* XXXRTH Hardwired number of tasks.
*/
CHECK(get_view_querysource_dispatch(maps, AF_INET, &dispatch4, &dscp4,
- (ISC_LIST_PREV(view, link) == NULL)));
+ (ISC_LIST_PREV(view, link) == NULL)));
CHECK(get_view_querysource_dispatch(maps, AF_INET6, &dispatch6, &dscp6,
- (ISC_LIST_PREV(view, link) == NULL)));
+ (ISC_LIST_PREV(view, link) == NULL)));
if (dispatch4 == NULL && dispatch6 == NULL) {
UNEXPECTED_ERROR(__FILE__, __LINE__,
"unable to obtain neither an IPv4 nor"
if (ntatable != NULL) {
dns_ntatable_detach(&ntatable);
}
- if (clients != NULL) {
- dns_acl_detach(&clients);
- }
- if (mapped != NULL) {
- dns_acl_detach(&mapped);
- }
- if (excluded != NULL) {
- dns_acl_detach(&excluded);
- }
if (ring != NULL) {
dns_tsigkeyring_detach(&ring);
}
#include <isc/buffer.h>
#include <isc/hash.h>
+#include <isc/lib.h>
#include <isc/list.h>
#include <isc/log.h>
#include <isc/mem.h>
#include <isc/netaddr.h>
+#include <isc/print.h>
#include <isc/region.h>
#include <isc/result.h>
+#include <isc/string.h>
#include <isc/types.h>
#include <isc/util.h>
+#include <isccfg/aclconf.h>
+#include <isccfg/cfg.h>
+#include <isccfg/grammar.h>
+
#include <ns/client.h>
#include <ns/hooks.h>
#include <ns/interfacemgr.h>
#include <ns/types.h>
#include <dns/db.h>
-#include <dns/dns64.h>
#include <dns/message.h>
#include <dns/name.h>
#include <dns/rdataset.h>
#include <dns/result.h>
#include <dns/types.h>
#include <dns/view.h>
+#include <dns/zone.h>
#define CHECK(op) \
do { \
#define SAVE(a, b) do { INSIST(a == NULL); a = b; b = NULL; } while (0)
#define RESTORE(a, b) SAVE(a, b)
+/**
+ ** Types
+ **/
+typedef struct dns64 dns64_t;
+struct dns64 {
+ unsigned char bits[16]; /* prefix + suffix bits */
+ dns_acl_t *clients; /* which clients get mapped
+ * addresses */
+ dns_acl_t *mapped; /* v4 addresses to be mapped */
+ dns_acl_t *excluded; /* v6 addresses that are
+ * treated as not existing */
+ unsigned int prefixlen; /* start of mapped address */
+ unsigned int flags;
+ isc_mem_t *mctx;
+ ISC_LINK(dns64_t) link;
+};
+
+typedef ISC_LIST(dns64_t) dns64list_t;
+
+/*!
+ * Flags for use with dns64_createentry()
+ */
+typedef enum {
+ RECURSIVE_ONLY = 0x01, /* Record only applies to recursive queries */
+ BREAK_DNSSEC = 0x02, /* Synthesize even if it breaks validation */
+} dns64_createflags_t;
+
+/*!
+ * Flags for use with dns64_checkaaaa() and dns64_aaaafroma()
+ */
+typedef enum {
+ RECURSIVE = 0x01, /* Recursive query */
+ DNSSEC = 0x02, /* DNSSEC sensitive query */
+} dns64_flags_t;
+
/*
* Client attribute tests.
*/
#define DNS64EXCLUDE(c) (((c)->query.attributes & \
NS_QUERYATTR_DNS64EXCLUDE) != 0)
+
+/*
+ * Persistent data for use by this module. This will be associated
+ * with client object address in the hash table, and will remain
+ * accessible until the client object is detached.
+ */
+dns_acl_t *dns64_mapped = NULL;
+dns64list_t dns64list;
+unsigned int dns64cnt;
+
+static isc_result_t
+dns64_createentry(isc_mem_t *mctx, const isc_netaddr_t *prefix,
+ unsigned int prefixlen, const isc_netaddr_t *suffix,
+ dns_acl_t *clients, dns_acl_t *mapped, dns_acl_t *excluded,
+ dns64_createflags_t flags, dns64_t **dns64p);
+
+static void
+dns64_destroyentry(dns64_t **dns64p);
+
+static void
+dns64_append(dns64list_t *list, dns64_t *dns64);
+
+static void
+dns64_unlink(dns64list_t *list, dns64_t *dns64);
+
static uint32_t
dns64_ttl(dns_db_t *db, dns_dbversion_t *version);
dns64_filter(query_ctx_t *qctx);
/*
- * Hook registration structures: pointers to these structures will
- * be added to a hook table when this module is registered.
+ * Forward declarations of functions referenced in install_hooks().
*/
static ns_hookresult_t
dns64_qctx_initialize(void *arg, void *cbdata, isc_result_t *resp);
-static ns_hook_t dns64_init = {
- .action = dns64_qctx_initialize,
-};
-
static ns_hookresult_t
dns64_respond_begin(void *arg, void *cbdata, isc_result_t *resp);
-static ns_hook_t dns64_respbegin = {
- .action = dns64_respond_begin,
-};
-
static ns_hookresult_t
dns64_addanswer(void *arg, void *cbdata, isc_result_t *resp);
-static ns_hook_t dns64_addanswerbegin = {
- .action = dns64_addanswer,
-};
-
static ns_hookresult_t
dns64_resume_restored(void *arg, void *cbdata, isc_result_t *resp);
-static ns_hook_t dns64_resumerest = {
- .action = dns64_resume_restored,
-};
-
static ns_hookresult_t
dns64_notfound_recurse(void *arg, void *cbdata, isc_result_t *resp);
-static ns_hook_t dns64_nfrec = {
- .action = dns64_notfound_recurse,
-};
-
static ns_hookresult_t
dns64_delegation_recurse(void *arg, void *cbdata, isc_result_t *resp);
-static ns_hook_t dns64_delrec = {
- .action = dns64_delegation_recurse,
-};
-
static ns_hookresult_t
dns64_nodata_begin(void *arg, void *cbdata, isc_result_t *resp);
-static ns_hook_t dns64_nodata = {
- .action = dns64_nodata_begin,
-};
-
static ns_hookresult_t
dns64_zerottl_recurse(void *arg, void *cbdata, isc_result_t *resp);
-static ns_hook_t dns64_zerottl = {
- .action = dns64_zerottl_recurse,
-};
-
static ns_hookresult_t
dns64_qctx_destroy(void *arg, void *cbdata, isc_result_t *resp);
-static ns_hook_t dns64_destroy = {
- .action = dns64_qctx_destroy,
-};
+
+/*%
+ * Register the functions to be called at each hook point in 'hooktable', using
+ * memory context 'mctx' for allocating copies of stack-allocated structures
+ * passed to ns_hook_add(). Make sure 'inst' will be passed as the 'cbdata'
+ * argument to every callback.
+ */
+static void
+install_hooks(ns_hooktable_t *hooktable, isc_mem_t *mctx) {
+ const ns_hook_t dns64_init = {
+ .action = dns64_qctx_initialize,
+ };
+
+ const ns_hook_t dns64_respbegin = {
+ .action = dns64_respond_begin,
+ };
+
+ const ns_hook_t dns64_addanswerbegin = {
+ .action = dns64_addanswer,
+ };
+
+ const ns_hook_t dns64_resumerest = {
+ .action = dns64_resume_restored,
+ };
+
+ const ns_hook_t dns64_nfrec = {
+ .action = dns64_notfound_recurse,
+ };
+
+ const ns_hook_t dns64_delrec = {
+ .action = dns64_delegation_recurse,
+ };
+
+ const ns_hook_t dns64_nodata = {
+ .action = dns64_nodata_begin,
+ };
+
+ const ns_hook_t dns64_zerottl = {
+ .action = dns64_zerottl_recurse,
+ };
+
+ const ns_hook_t dns64_destroy = {
+ .action = dns64_qctx_destroy,
+ };
+
+ ns_hook_add(hooktable, mctx,
+ NS_QUERY_QCTX_INITIALIZED, &dns64_init);
+ ns_hook_add(hooktable, mctx,
+ NS_QUERY_RESPOND_BEGIN, &dns64_respbegin);
+ ns_hook_add(hooktable, mctx,
+ NS_QUERY_ADDANSWER_BEGIN, &dns64_addanswerbegin);
+ ns_hook_add(hooktable, mctx,
+ NS_QUERY_RESUME_RESTORED, &dns64_resumerest);
+ ns_hook_add(hooktable, mctx,
+ NS_QUERY_NOTFOUND_RECURSE, &dns64_nfrec);
+ ns_hook_add(hooktable, mctx,
+ NS_QUERY_DELEGATION_RECURSE_BEGIN, &dns64_delrec);
+ ns_hook_add(hooktable, mctx,
+ NS_QUERY_NODATA_BEGIN, &dns64_nodata);
+ ns_hook_add(hooktable, mctx,
+ NS_QUERY_ZEROTTL_RECURSE, &dns64_zerottl);
+ ns_hook_add(hooktable, mctx,
+ NS_QUERY_QCTX_DESTROYED, &dns64_destroy);
+
+}
/**
** Support for parsing of parameters and configuration of the module.
**/
+static cfg_clausedef_t
+dns64_clauses[] = {
+ { "break-dnssec", &cfg_type_boolean, 0 },
+ { "clients", &cfg_type_bracketed_aml, 0 },
+ { "exclude", &cfg_type_bracketed_aml, 0 },
+ { "mapped", &cfg_type_bracketed_aml, 0 },
+ { "recursive-only", &cfg_type_boolean, 0 },
+ { "suffix", &cfg_type_netaddr6, 0 },
+ { NULL, NULL, 0 },
+};
+
+static cfg_clausedef_t *
+dns64_clausesets[] = {
+ dns64_clauses,
+ NULL
+};
+
+static cfg_type_t cfg_type_dns64 = {
+ "dns64", cfg_parse_netprefix_map, cfg_print_map,
+ cfg_doc_map, &cfg_rep_map, dns64_clausesets
+};
+
+static cfg_clausedef_t param_clauses[] = {
+ { "dns64", &cfg_type_dns64, CFG_CLAUSEFLAG_MULTI },
+ { "dns64-contact", &cfg_type_astring, 0 },
+ { "dns64-server", &cfg_type_astring, 0 },
+};
+
+static cfg_clausedef_t *param_clausesets[] = {
+ param_clauses,
+ NULL
+};
+
+static cfg_type_t cfg_type_parameters = {
+ "dns64-params", cfg_parse_mapbody, cfg_print_mapbody,
+ cfg_doc_mapbody, &cfg_rep_map, param_clausesets
+};
+
+static isc_result_t
+create_mapped_acl(isc_mem_t *mctx, dns_acl_t **aclp) {
+ isc_result_t result;
+ dns_acl_t *acl = NULL;
+ struct in6_addr in6 = IN6ADDR_V4MAPPED_INIT;
+ isc_netaddr_t addr;
+
+ isc_netaddr_fromin6(&addr, &in6);
+
+ result = dns_acl_create(mctx, 1, &acl);
+ if (result != ISC_R_SUCCESS) {
+ return (result);
+ }
+
+ result = dns_iptable_addprefix(acl->iptable, &addr, 96, true);
+ if (result == ISC_R_SUCCESS) {
+ dns_acl_attach(acl, aclp);
+ }
+
+ dns_acl_detach(&acl);
+ return (result);
+}
+
+static isc_result_t
+dns64_reverse(dns_view_t *view, isc_log_t *lctx, isc_netaddr_t *na,
+ unsigned int prefixlen, const char *server,
+ const char *contact)
+{
+ isc_result_t result;
+ char reverse[48+sizeof("ip6.arpa.")] = { 0 };
+ char buf[sizeof("x.x.")];
+ const char *dns64_dbtype[4] = { "_dns64", "dns64", ".", "." };
+ const unsigned char *s6 = NULL;
+ dns_fixedname_t fixed;
+ dns_name_t *name = NULL;
+ dns_zone_t *zone = NULL;
+ int dns64_dbtypec = 4;
+ isc_buffer_t b;
+
+ REQUIRE(prefixlen == 32 || prefixlen == 40 || prefixlen == 48 ||
+ prefixlen == 56 || prefixlen == 64 || prefixlen == 96);
+
+ /*
+ * Construct the reverse name of the zone.
+ */
+ s6 = na->type.in6.s6_addr;
+ while (prefixlen > 0) {
+ prefixlen -= 8;
+ snprintf(buf, sizeof(buf), "%x.%x.", s6[prefixlen/8] & 0xf,
+ (s6[prefixlen/8] >> 4) & 0xf);
+ strlcat(reverse, buf, sizeof(reverse));
+ }
+ strlcat(reverse, "ip6.arpa.", sizeof(reverse));
+
+ /*
+ * Create the actual zone.
+ */
+ if (server != NULL) {
+ dns64_dbtype[2] = server;
+ }
+
+ if (contact != NULL) {
+ dns64_dbtype[3] = contact;
+ }
+
+ name = dns_fixedname_initname(&fixed);
+ isc_buffer_constinit(&b, reverse, strlen(reverse));
+ isc_buffer_add(&b, strlen(reverse));
+ CHECK(dns_name_fromtext(name, &b, dns_rootname, 0, NULL));
+ CHECK(dns_zonemgr_createzone(view->zonemgr, &zone));
+ CHECK(dns_zone_setorigin(zone, name));
+ dns_zone_setview(zone, view);
+ CHECK(dns_zonemgr_managezone(view->zonemgr, zone));
+ dns_zone_setclass(zone, view->rdclass);
+ dns_zone_settype(zone, dns_zone_master);
+ dns_zone_setdbtype(zone, dns64_dbtypec, dns64_dbtype);
+
+ if (view->queryacl != NULL) {
+ dns_zone_setqueryacl(zone, view->queryacl);
+ }
+ if (view->queryonacl != NULL) {
+ dns_zone_setqueryonacl(zone, view->queryonacl);
+ }
+
+ dns_zone_setdialup(zone, dns_dialuptype_no);
+ dns_zone_setnotifytype(zone, dns_notifytype_no);
+ dns_zone_setoption(zone, DNS_ZONEOPT_NOCHECKNS, true);
+
+ /*
+ * XXX this functionality will need to be restored:
+ *
+ * dns_zone_setstats(zone, server->zonestats);
+ * CHECK(setquerystats(zone, mctx, dns_zonestat_none));
+ */
+
+ CHECK(dns_view_addzone(view, zone));
+ isc_log_write(lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_HOOKS, ISC_LOG_INFO,
+ "dns64 reverse zone (view %s): %s",
+ view->name, reverse);
+
+cleanup:
+ if (zone != NULL) {
+ dns_zone_detach(&zone);
+ }
+
+ return (result);
+}
+
+static isc_result_t
+parse_parameters(const char *parameters, const void *cfg,
+ const char *cfg_file, unsigned long cfg_line,
+ void *actx, isc_mem_t *mctx, isc_log_t *lctx,
+ dns_view_t *view)
+{
+ isc_result_t result = ISC_R_SUCCESS;
+ cfg_parser_t *parser = NULL;
+ cfg_obj_t *param_obj = NULL;
+ dns_acl_t *clients = NULL, *mapped = NULL, *excluded = NULL;
+ const char *server = NULL, *contact = NULL;
+ const cfg_obj_t *dns64_obj = NULL, *obj = NULL;
+ const cfg_listelt_t *element = NULL;
+ isc_buffer_t b;
+
+ CHECK(cfg_parser_create(mctx, lctx, &parser));
+
+ isc_buffer_constinit(&b, parameters, strlen(parameters));
+ isc_buffer_add(&b, strlen(parameters));
+ CHECK(cfg_parse_buffer(parser, &b, cfg_file, cfg_line,
+ &cfg_type_parameters, 0, ¶m_obj));
+
+ CHECK(cfg_map_get(param_obj, "dns64", &dns64_obj));
+
+ result = cfg_map_get(param_obj, "dns64-server", &obj);
+ if (result == ISC_R_SUCCESS) {
+ server = cfg_obj_asstring(obj);
+ }
+
+ obj = NULL;
+ result = cfg_map_get(param_obj, "dns64-contact", &obj);
+ if (result == ISC_R_SUCCESS) {
+ contact = cfg_obj_asstring(obj);
+ }
+
+ for (element = cfg_list_first(dns64_obj);
+ element != NULL;
+ element = cfg_list_next(element))
+ {
+ const cfg_obj_t *map = cfg_listelt_value(element);
+ isc_netaddr_t na, suffix, *sp = NULL;
+ unsigned int prefixlen;
+ dns64_createflags_t dns64options = 0;
+ dns64_t *dns64 = NULL;
+
+ cfg_obj_asnetprefix(cfg_map_getname(map), &na,
+ &prefixlen);
+
+ obj = NULL;
+ (void)cfg_map_get(map, "suffix", &obj);
+ if (obj != NULL) {
+ sp = &suffix;
+ isc_netaddr_fromsockaddr(sp,
+ cfg_obj_assockaddr(obj));
+ }
+
+ clients = mapped = excluded = NULL;
+
+ obj = NULL;
+ (void)cfg_map_get(map, "clients", &obj);
+ if (obj != NULL) {
+ CHECK(cfg_acl_fromconfig(obj,
+ (const cfg_obj_t *) cfg, lctx,
+ (cfg_aclconfctx_t *) actx,
+ mctx, 0, &clients));
+ }
+
+ obj = NULL;
+ (void)cfg_map_get(map, "mapped", &obj);
+ if (obj != NULL) {
+ CHECK(cfg_acl_fromconfig(obj,
+ (const cfg_obj_t *) cfg, lctx,
+ (cfg_aclconfctx_t *) actx,
+ mctx, 0, &mapped));
+ }
+ obj = NULL;
+ (void)cfg_map_get(map, "exclude", &obj);
+ if (obj != NULL) {
+ CHECK(cfg_acl_fromconfig(obj,
+ (const cfg_obj_t *) cfg, lctx,
+ (cfg_aclconfctx_t *) actx,
+ mctx, 0, &excluded));
+ } else {
+ if (dns64_mapped == NULL) {
+ CHECK(create_mapped_acl(mctx, &dns64_mapped));
+ }
+ dns_acl_attach(dns64_mapped, &excluded);
+ }
+
+ obj = NULL;
+ (void)cfg_map_get(map, "recursive-only", &obj);
+ if (obj != NULL && cfg_obj_asboolean(obj)) {
+ dns64options |= RECURSIVE_ONLY;
+ }
+
+ obj = NULL;
+ (void)cfg_map_get(map, "break-dnssec", &obj);
+ if (obj != NULL && cfg_obj_asboolean(obj)) {
+ dns64options |= BREAK_DNSSEC;
+ }
+
+ CHECK(dns64_createentry(mctx, &na, prefixlen, sp,
+ clients, mapped, excluded,
+ dns64options, &dns64));
+
+ dns64_append(&dns64list, dns64);
+ dns64cnt++;
+ CHECK(dns64_reverse(view, lctx, &na, prefixlen,
+ server, contact));
+
+ if (clients != NULL) {
+ dns_acl_detach(&clients);
+ }
+ if (mapped != NULL) {
+ dns_acl_detach(&mapped);
+ }
+ if (excluded != NULL) {
+ dns_acl_detach(&excluded);
+ }
+ }
+
+
+ cleanup:
+ if (clients != NULL) {
+ dns_acl_detach(&clients);
+ }
+ if (mapped != NULL) {
+ dns_acl_detach(&mapped);
+ }
+ if (excluded != NULL) {
+ dns_acl_detach(&excluded);
+ }
+ if (param_obj != NULL) {
+ cfg_obj_destroy(parser, ¶m_obj);
+ }
+ if (parser != NULL) {
+ cfg_parser_destroy(&parser);
+ }
+ return (result);
+}
/**
** Mandatory plugin API functions:
plugin_register(const char *parameters,
const void *cfg, const char *cfg_file, unsigned long cfg_line,
isc_mem_t *mctx, isc_log_t *lctx, void *actx,
- ns_hooktable_t *hooktable, void **instp)
+ dns_view_t *view, void **instp)
{
+ isc_result_t result;
- UNUSED(cfg);
- UNUSED(actx);
UNUSED(instp);
isc_log_write(lctx, NS_LOGCATEGORY_GENERAL,
"module from %s:%lu, %s parameters",
cfg_file, cfg_line, parameters != NULL ? "with" : "no");
- ns_hook_add(hooktable, mctx,
- NS_QUERY_QCTX_INITIALIZED, &dns64_init);
- ns_hook_add(hooktable, mctx,
- NS_QUERY_RESPOND_BEGIN, &dns64_respbegin);
- ns_hook_add(hooktable, mctx,
- NS_QUERY_ADDANSWER_BEGIN, &dns64_addanswerbegin);
- ns_hook_add(hooktable, mctx,
- NS_QUERY_RESUME_RESTORED, &dns64_resumerest);
- ns_hook_add(hooktable, mctx,
- NS_QUERY_NOTFOUND_RECURSE, &dns64_nfrec);
- ns_hook_add(hooktable, mctx,
- NS_QUERY_DELEGATION_RECURSE_BEGIN, &dns64_delrec);
- ns_hook_add(hooktable, mctx,
- NS_QUERY_NODATA_BEGIN, &dns64_nodata);
- ns_hook_add(hooktable, mctx,
- NS_QUERY_ZEROTTL_RECURSE, &dns64_zerottl);
- ns_hook_add(hooktable, mctx,
- NS_QUERY_QCTX_DESTROYED, &dns64_destroy);
+ if (parameters != NULL) {
+ CHECK(parse_parameters(parameters, cfg,
+ cfg_file, cfg_line,
+ actx, mctx, lctx, view));
+ }
+
+ /*
+ * Set hook points in the view's hooktable.
+ */
+ install_hooks(view->hooktable, mctx);
return (ISC_R_SUCCESS);
+
+ cleanup:
+ return (result);
}
isc_result_t
*/
void
plugin_destroy(void **instp) {
+ dns64_t *dns64 = NULL;
+
UNUSED(instp);
- return;
+ for (dns64 = ISC_LIST_HEAD(dns64list);
+ dns64 != NULL;
+ dns64 = ISC_LIST_HEAD(dns64list))
+ {
+ dns64_unlink(&dns64list, dns64);
+ dns64_destroyentry(&dns64);
+ }
+ if (dns64_mapped != NULL) {
+ dns_acl_detach(&dns64_mapped);
+ }
+
+ return;
}
/*
}
/**
- ** DNS64 feature implementation begins here.
+ ** DNS64 data structure implementation starts here
+ **/
+static isc_result_t
+dns64_createentry(isc_mem_t *mctx, const isc_netaddr_t *prefix,
+ unsigned int prefixlen, const isc_netaddr_t *suffix,
+ dns_acl_t *clients, dns_acl_t *mapped, dns_acl_t *excluded,
+ unsigned int flags, dns64_t **dns64p)
+{
+ dns64_t *dns64;
+ unsigned int nbytes = 16;
+
+ REQUIRE(prefix != NULL && prefix->family == AF_INET6);
+ /* Legal prefix lengths from rfc6052.txt. */
+ REQUIRE(prefixlen == 32 || prefixlen == 40 || prefixlen == 48 ||
+ prefixlen == 56 || prefixlen == 64 || prefixlen == 96);
+ REQUIRE(isc_netaddr_prefixok(prefix, prefixlen) == ISC_R_SUCCESS);
+ REQUIRE(dns64p != NULL && *dns64p == NULL);
+
+ if (suffix != NULL) {
+ static const unsigned char zeros[16];
+ REQUIRE(prefix->family == AF_INET6);
+ nbytes = prefixlen / 8 + 4;
+ /* Bits 64-71 are zeros. rfc6052.txt */
+ if (prefixlen >= 32 && prefixlen <= 64) {
+ nbytes++;
+ }
+ REQUIRE(memcmp(suffix->type.in6.s6_addr, zeros, nbytes) == 0);
+ }
+
+ dns64 = isc_mem_get(mctx, sizeof(dns64_t));
+ if (dns64 == NULL) {
+ return (ISC_R_NOMEMORY);
+ }
+ memset(dns64->bits, 0, sizeof(dns64->bits));
+ memmove(dns64->bits, prefix->type.in6.s6_addr, prefixlen / 8);
+ if (suffix != NULL) {
+ memmove(dns64->bits + nbytes, suffix->type.in6.s6_addr + nbytes,
+ 16 - nbytes);
+ }
+ dns64->clients = NULL;
+ if (clients != NULL) {
+ dns_acl_attach(clients, &dns64->clients);
+ }
+ dns64->mapped = NULL;
+ if (mapped != NULL) {
+ dns_acl_attach(mapped, &dns64->mapped);
+ }
+ dns64->excluded = NULL;
+ if (excluded != NULL) {
+ dns_acl_attach(excluded, &dns64->excluded);
+ }
+ dns64->prefixlen = prefixlen;
+ dns64->flags = flags;
+ ISC_LINK_INIT(dns64, link);
+ dns64->mctx = NULL;
+ isc_mem_attach(mctx, &dns64->mctx);
+ *dns64p = dns64;
+ return (ISC_R_SUCCESS);
+}
+
+static void
+dns64_destroyentry(dns64_t **dns64p) {
+ dns64_t *dns64;
+
+ REQUIRE(dns64p != NULL && *dns64p != NULL);
+
+ dns64 = *dns64p;
+ *dns64p = NULL;
+
+ REQUIRE(!ISC_LINK_LINKED(dns64, link));
+
+ if (dns64->clients != NULL) {
+ dns_acl_detach(&dns64->clients);
+ }
+ if (dns64->mapped != NULL) {
+ dns_acl_detach(&dns64->mapped);
+ }
+ if (dns64->excluded != NULL) {
+ dns_acl_detach(&dns64->excluded);
+ }
+ isc_mem_putanddetach(&dns64->mctx, dns64, sizeof(*dns64));
+}
+
+static isc_result_t
+dns64_aaaafroma(const dns64_t *dns64, const isc_netaddr_t *reqaddr,
+ const dns_name_t *reqsigner, const dns_aclenv_t *env,
+ unsigned int flags, unsigned char *a, unsigned char *aaaa)
+{
+ unsigned int nbytes, i;
+ isc_result_t result;
+ int match;
+
+ if ((dns64->flags & RECURSIVE_ONLY) != 0 && (flags & RECURSIVE) == 0) {
+ return (DNS_R_DISALLOWED);
+ }
+
+ if ((dns64->flags & BREAK_DNSSEC) == 0 && (flags & DNSSEC) != 0) {
+ return (DNS_R_DISALLOWED);
+ }
+
+ if (dns64->clients != NULL) {
+ result = dns_acl_match(reqaddr, reqsigner, dns64->clients,
+ env, &match, NULL);
+ if (result != ISC_R_SUCCESS) {
+ return (result);
+ }
+ if (match <= 0) {
+ return (DNS_R_DISALLOWED);
+ }
+ }
+
+ if (dns64->mapped != NULL) {
+ struct in_addr ina;
+ isc_netaddr_t netaddr;
+
+ memmove(&ina.s_addr, a, 4);
+ isc_netaddr_fromin(&netaddr, &ina);
+ result = dns_acl_match(&netaddr, NULL, dns64->mapped,
+ env, &match, NULL);
+ if (result != ISC_R_SUCCESS) {
+ return (result);
+ }
+ if (match <= 0) {
+ return (DNS_R_DISALLOWED);
+ }
+ }
+
+ nbytes = dns64->prefixlen / 8;
+ INSIST(nbytes <= 12);
+ /* Copy prefix. */
+ memmove(aaaa, dns64->bits, nbytes);
+ /* Bits 64-71 are zeros. rfc6052.txt */
+ if (nbytes == 8) {
+ aaaa[nbytes++] = 0;
+ }
+ /* Copy mapped address. */
+ for (i = 0; i < 4U; i++) {
+ aaaa[nbytes++] = a[i];
+ /* Bits 64-71 are zeros. rfc6052.txt */
+ if (nbytes == 8) {
+ aaaa[nbytes++] = 0;
+ }
+ }
+ /* Copy suffix. */
+ memmove(aaaa + nbytes, dns64->bits + nbytes, 16 - nbytes);
+ return (ISC_R_SUCCESS);
+}
+
+static dns64_t *
+dns64_next(dns64_t *dns64) {
+ dns64 = ISC_LIST_NEXT(dns64, link);
+ return (dns64);
+}
+
+static void
+dns64_append(dns64list_t *list, dns64_t *dns64) {
+ ISC_LIST_APPEND(*list, dns64, link);
+}
+
+static void
+dns64_unlink(dns64list_t *list, dns64_t *dns64) {
+ ISC_LIST_UNLINK(*list, dns64, link);
+}
+
+static bool
+dns64_checkaaaa(const dns64_t *dns64, const isc_netaddr_t *reqaddr,
+ const dns_name_t *reqsigner, const dns_aclenv_t *env,
+ unsigned int flags, dns_rdataset_t *rdataset,
+ bool *aaaaok, size_t aaaaoklen)
+{
+ struct in6_addr in6;
+ isc_netaddr_t netaddr;
+ isc_result_t result;
+ int match;
+ bool answer = false;
+ bool found = false;
+ unsigned int i, ok;
+
+ REQUIRE(rdataset != NULL);
+ REQUIRE(rdataset->type == dns_rdatatype_aaaa);
+ REQUIRE(rdataset->rdclass == dns_rdataclass_in);
+ if (aaaaok != NULL) {
+ REQUIRE(aaaaoklen == dns_rdataset_count(rdataset));
+ }
+
+ for (; dns64 != NULL; dns64 = ISC_LIST_NEXT(dns64, link)) {
+ if ((dns64->flags & RECURSIVE_ONLY) != 0 &&
+ (flags & RECURSIVE) == 0)
+ {
+ continue;
+ }
+
+ if ((dns64->flags & BREAK_DNSSEC) == 0 &&
+ (flags & DNSSEC) != 0)
+ {
+ continue;
+ }
+
+ /*
+ * Work out if this dns64 structure applies to this client.
+ */
+ if (dns64->clients != NULL) {
+ result = dns_acl_match(reqaddr, reqsigner,
+ dns64->clients, env,
+ &match, NULL);
+ if (result != ISC_R_SUCCESS) {
+ continue;
+ }
+ if (match <= 0) {
+ continue;
+ }
+ }
+
+ if (!found && aaaaok != NULL) {
+ for (i = 0; i < aaaaoklen; i++) {
+ aaaaok[i] = false;
+ }
+ }
+ found = true;
+
+ /*
+ * If we are not excluding any addresses then any AAAA
+ * will do.
+ */
+ if (dns64->excluded == NULL) {
+ answer = true;
+ if (aaaaok == NULL) {
+ goto done;
+ }
+ for (i = 0; i < aaaaoklen; i++) {
+ aaaaok[i] = true;
+ }
+ goto done;
+ }
+
+ i = 0; ok = 0;
+ for (result = dns_rdataset_first(rdataset);
+ result == ISC_R_SUCCESS;
+ result = dns_rdataset_next(rdataset)) {
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ if (aaaaok == NULL || !aaaaok[i]) {
+
+ dns_rdataset_current(rdataset, &rdata);
+ memmove(&in6.s6_addr, rdata.data, 16);
+ isc_netaddr_fromin6(&netaddr, &in6);
+
+ result = dns_acl_match(&netaddr, NULL,
+ dns64->excluded, env,
+ &match, NULL);
+ if (result == ISC_R_SUCCESS && match <= 0) {
+ answer = true;
+ if (aaaaok == NULL) {
+ goto done;
+ }
+ aaaaok[i] = true;
+ ok++;
+ }
+ } else
+ ok++;
+ i++;
+ }
+ /*
+ * Are all addresses ok?
+ */
+ if (aaaaok != NULL && ok == aaaaoklen) {
+ goto done;
+ }
+ }
+
+ done:
+ if (!found && aaaaok != NULL) {
+ for (i = 0; i < aaaaoklen; i++) {
+ aaaaok[i] = true;
+ }
+ }
+ return (found ? answer : true);
+}
+
+/**
+ ** DNS64 query implementation begins here.
**/
static uint32_t
dns64_ttl(dns_db_t *db, dns_dbversion_t *version) {
dns_rdataset_init(&rdataset);
- result = dns_db_getoriginnode(db, &node);
- if (result != ISC_R_SUCCESS)
- goto cleanup;
+ CHECK(dns_db_getoriginnode(db, &node));
- result = dns_db_findrdataset(db, node, version, dns_rdatatype_soa,
- 0, 0, &rdataset, NULL);
- if (result != ISC_R_SUCCESS)
- goto cleanup;
- result = dns_rdataset_first(&rdataset);
- if (result != ISC_R_SUCCESS)
- goto cleanup;
+ CHECK(dns_db_findrdataset(db, node, version, dns_rdatatype_soa,
+ 0, 0, &rdataset, NULL));
+
+ CHECK(dns_rdataset_first(&rdataset));
dns_rdataset_current(&rdataset, &rdata);
result = dns_rdata_tostruct(&rdata, &soa, NULL);
ttl = ISC_MIN(rdataset.ttl, soa.minimum);
cleanup:
- if (dns_rdataset_isassociated(&rdataset))
+ if (dns_rdataset_isassociated(&rdataset)) {
dns_rdataset_disassociate(&rdataset);
- if (node != NULL)
+ }
+ if (node != NULL) {
dns_db_detachnode(db, &node);
+ }
return (ttl);
}
{
isc_netaddr_t netaddr;
dns_aclenv_t *env = ns_interfacemgr_getaclenv(client->interface->mgr);
- dns_dns64_t *dns64 = ISC_LIST_HEAD(client->view->dns64);
+ dns64_t *dns64 = ISC_LIST_HEAD(dns64list);
unsigned int flags = 0;
unsigned int i, count;
bool *aaaaok;
INSIST(client->dns64_aaaa == NULL);
INSIST(client->dns64_sigaaaa == NULL);
- if (dns64 == NULL)
+ if (dns64 == NULL) {
return (true);
+ }
- if (RECURSIONOK(client))
- flags |= DNS_DNS64_RECURSIVE;
+ if (RECURSIONOK(client)) {
+ flags |= RECURSIVE;
+ }
if (WANTDNSSEC(client) && sigrdataset != NULL &&
dns_rdataset_isassociated(sigrdataset))
- flags |= DNS_DNS64_DNSSEC;
+ flags |= DNSSEC;
count = dns_rdataset_count(rdataset);
aaaaok = isc_mem_get(client->mctx, sizeof(bool) * count);
isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
- if (dns_dns64_aaaaok(dns64, &netaddr, client->signer,
- env, flags, rdataset, aaaaok, count))
+ if (dns64_checkaaaa(dns64, &netaddr, client->signer,
+ env, flags, rdataset, aaaaok, count))
{
for (i = 0; i < count; i++) {
if (aaaaok != NULL && !aaaaok[i]) {
break;
}
}
- if (aaaaok != NULL)
+ if (aaaaok != NULL) {
isc_mem_put(client->mctx, aaaaok,
sizeof(bool) * count);
+ }
return (true);
}
- if (aaaaok != NULL)
+ if (aaaaok != NULL) {
isc_mem_put(client->mctx, aaaaok,
sizeof(bool) * count);
+ }
return (NS_HOOK_CONTINUE);
}
dns64_synth(query_ctx_t *qctx) {
ns_client_t *client = qctx->client;
dns_aclenv_t *env = ns_interfacemgr_getaclenv(client->interface->mgr);
- dns_name_t *name, *mname;
- dns_rdata_t *dns64_rdata;
+ dns_name_t *name = qctx->fname, *mname = NULL;
+ dns_rdata_t *dns64_rdata = NULL;
dns_rdata_t rdata = DNS_RDATA_INIT;
- dns_rdatalist_t *dns64_rdatalist;
- dns_rdataset_t *dns64_rdataset;
- dns_rdataset_t *mrdataset;
- isc_buffer_t *buffer;
+ dns_rdatalist_t *dns64_rdatalist = NULL;
+ dns_rdataset_t *dns64_rdataset = NULL;
+ dns_rdataset_t *mrdataset = NULL;
+ isc_buffer_t *buffer = NULL;
isc_region_t r;
isc_result_t result;
- dns_view_t *view = client->view;
isc_netaddr_t netaddr;
- dns_dns64_t *dns64;
+ dns64_t *dns64 = NULL;
unsigned int flags = 0;
const dns_section_t section = DNS_SECTION_ANSWER;
* will either have been kept or released.
*/
qctx->qtype = qctx->type = dns_rdatatype_aaaa;
-
- name = qctx->fname;
- mname = NULL;
- mrdataset = NULL;
- buffer = NULL;
- dns64_rdata = NULL;
- dns64_rdataset = NULL;
- dns64_rdatalist = NULL;
result = dns_message_findname(client->message, section,
name, dns_rdatatype_aaaa,
qctx->rdataset->covers,
isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
- result = isc_buffer_allocate(client->mctx, &buffer,
- view->dns64cnt * 16 *
- dns_rdataset_count(qctx->rdataset));
- if (result != ISC_R_SUCCESS)
- goto cleanup;
- result = dns_message_gettemprdataset(client->message,
- &dns64_rdataset);
- if (result != ISC_R_SUCCESS)
- goto cleanup;
- result = dns_message_gettemprdatalist(client->message,
- &dns64_rdatalist);
- if (result != ISC_R_SUCCESS)
- goto cleanup;
+ CHECK(isc_buffer_allocate(client->mctx, &buffer,
+ dns64cnt * 16 *
+ dns_rdataset_count(qctx->rdataset)));
+
+ CHECK(dns_message_gettemprdataset(client->message, &dns64_rdataset));
+ CHECK(dns_message_gettemprdatalist(client->message, &dns64_rdatalist));
dns_rdatalist_init(dns64_rdatalist);
dns64_rdatalist->rdclass = dns_rdataclass_in;
dns64_rdatalist->type = dns_rdatatype_aaaa;
- if (client->dns64_ttl != UINT32_MAX)
+ if (client->dns64_ttl != UINT32_MAX) {
dns64_rdatalist->ttl = ISC_MIN(qctx->rdataset->ttl,
client->dns64_ttl);
- else
+ } else {
dns64_rdatalist->ttl = ISC_MIN(qctx->rdataset->ttl, 600);
+ }
- if (RECURSIONOK(client))
- flags |= DNS_DNS64_RECURSIVE;
+ if (RECURSIONOK(client)) {
+ flags |= RECURSIVE;
+ }
/*
- * We use the signatures from the A lookup to set DNS_DNS64_DNSSEC
+ * We use the signatures from the A lookup to set the DNSSEC flag
* as this provides a easy way to see if the answer was signed.
*/
if (WANTDNSSEC(qctx->client) && qctx->sigrdataset != NULL &&
dns_rdataset_isassociated(qctx->sigrdataset))
- flags |= DNS_DNS64_DNSSEC;
+ {
+ flags |= DNSSEC;
+ }
for (result = dns_rdataset_first(qctx->rdataset);
result == ISC_R_SUCCESS;
result = dns_rdataset_next(qctx->rdataset)) {
- for (dns64 = ISC_LIST_HEAD(client->view->dns64);
- dns64 != NULL; dns64 = dns_dns64_next(dns64)) {
+ for (dns64 = ISC_LIST_HEAD(dns64list);
+ dns64 != NULL; dns64 = dns64_next(dns64)) {
dns_rdataset_current(qctx->rdataset, &rdata);
isc_buffer_availableregion(buffer, &r);
INSIST(r.length >= 16);
- result = dns_dns64_aaaafroma(dns64, &netaddr,
- client->signer, env, flags,
- rdata.data, r.base);
+ result = dns64_aaaafroma(dns64, &netaddr,
+ client->signer, env, flags,
+ rdata.data, r.base);
if (result != ISC_R_SUCCESS) {
dns_rdata_reset(&rdata);
continue;
isc_buffer_add(buffer, 16);
isc_buffer_remainingregion(buffer, &r);
isc_buffer_forward(buffer, 16);
- result = dns_message_gettemprdata(client->message,
- &dns64_rdata);
- if (result != ISC_R_SUCCESS)
- goto cleanup;
+ CHECK(dns_message_gettemprdata(client->message,
+ &dns64_rdata));
+
dns_rdata_init(dns64_rdata);
dns_rdata_fromregion(dns64_rdata, dns_rdataclass_in,
dns_rdatatype_aaaa, &r);
dns_rdata_reset(&rdata);
}
}
- if (result != ISC_R_NOMORE)
- goto cleanup;
+ if (result != ISC_R_NOMORE) {
+ CHECK(result);
+ }
- if (ISC_LIST_EMPTY(dns64_rdatalist->rdata))
+ if (ISC_LIST_EMPTY(dns64_rdatalist->rdata)) {
goto cleanup;
+ }
+
+ CHECK(dns_rdatalist_tordataset(dns64_rdatalist, dns64_rdataset));
- result = dns_rdatalist_tordataset(dns64_rdatalist, dns64_rdataset);
- if (result != ISC_R_SUCCESS)
- goto cleanup;
dns_rdataset_setownercase(dns64_rdataset, mname);
client->query.attributes |= NS_QUERYATTR_NOADDITIONAL;
dns64_rdataset->trust = qctx->rdataset->trust;
dns_message_takebuffer(client->message, &buffer);
/*
- * XXX: this functionality will need to be restored
+ * XXX this functionality will need to be restored:
* inc_stats(client, ns_statscounter_dns64);
*/
result = ISC_R_SUCCESS;
cleanup:
- if (buffer != NULL)
+ if (buffer != NULL) {
isc_buffer_free(&buffer);
+ }
- if (dns64_rdata != NULL)
+ if (dns64_rdata != NULL) {
dns_message_puttemprdata(client->message, &dns64_rdata);
+ }
- if (dns64_rdataset != NULL)
+ if (dns64_rdataset != NULL) {
dns_message_puttemprdataset(client->message, &dns64_rdataset);
+ }
if (dns64_rdatalist != NULL) {
for (dns64_rdata = ISC_LIST_HEAD(dns64_rdatalist->rdata);
static void
dns64_filter(query_ctx_t *qctx) {
ns_client_t *client = qctx->client;
- dns_name_t *name, *mname;
- dns_rdata_t *myrdata;
+ dns_name_t *name = qctx->fname, *mname = NULL;
+ dns_rdata_t *myrdata = NULL;
dns_rdata_t rdata = DNS_RDATA_INIT;
- dns_rdatalist_t *myrdatalist;
- dns_rdataset_t *myrdataset;
- isc_buffer_t *buffer;
+ dns_rdatalist_t *myrdatalist = NULL;
+ dns_rdataset_t *myrdataset = NULL;
+ isc_buffer_t *buffer = NULL;
isc_region_t r;
isc_result_t result;
unsigned int i;
INSIST(client->dns64_aaaaoklen ==
dns_rdataset_count(qctx->rdataset));
- name = qctx->fname;
- mname = NULL;
- buffer = NULL;
- myrdata = NULL;
- myrdataset = NULL;
- myrdatalist = NULL;
result = dns_message_findname(client->message, section,
name, dns_rdatatype_aaaa,
qctx->rdataset->covers,
client->query.attributes &= ~NS_QUERYATTR_SECURE;
}
- result = isc_buffer_allocate(client->mctx, &buffer,
- 16 * dns_rdataset_count(qctx->rdataset));
- if (result != ISC_R_SUCCESS)
- goto cleanup;
- result = dns_message_gettemprdataset(client->message, &myrdataset);
- if (result != ISC_R_SUCCESS)
- goto cleanup;
- result = dns_message_gettemprdatalist(client->message, &myrdatalist);
- if (result != ISC_R_SUCCESS)
- goto cleanup;
+ CHECK(isc_buffer_allocate(client->mctx, &buffer,
+ 16 * dns_rdataset_count(qctx->rdataset)));
+ CHECK(dns_message_gettemprdataset(client->message, &myrdataset));
+ CHECK(dns_message_gettemprdatalist(client->message, &myrdatalist));
dns_rdatalist_init(myrdatalist);
myrdatalist->rdclass = dns_rdataclass_in;
result == ISC_R_SUCCESS;
result = dns_rdataset_next(qctx->rdataset))
{
- if (!client->dns64_aaaaok[i++])
+ if (!client->dns64_aaaaok[i++]) {
continue;
+ }
dns_rdataset_current(qctx->rdataset, &rdata);
INSIST(rdata.length == 16);
isc_buffer_putmem(buffer, rdata.data, rdata.length);
isc_buffer_remainingregion(buffer, &r);
isc_buffer_forward(buffer, rdata.length);
- result = dns_message_gettemprdata(client->message, &myrdata);
- if (result != ISC_R_SUCCESS)
- goto cleanup;
+ CHECK(dns_message_gettemprdata(client->message, &myrdata));
dns_rdata_init(myrdata);
dns_rdata_fromregion(myrdata, dns_rdataclass_in,
dns_rdatatype_aaaa, &r);
myrdata = NULL;
dns_rdata_reset(&rdata);
}
- if (result != ISC_R_NOMORE)
- goto cleanup;
+ if (result != ISC_R_NOMORE) {
+ CHECK(result);
+ }
- result = dns_rdatalist_tordataset(myrdatalist, myrdataset);
- if (result != ISC_R_SUCCESS)
- goto cleanup;
+ CHECK(dns_rdatalist_tordataset(myrdatalist, myrdataset));
dns_rdataset_setownercase(myrdataset, name);
client->query.attributes |= NS_QUERYATTR_NOADDITIONAL;
if (mname == name) {
dns_message_takebuffer(client->message, &buffer);
cleanup:
- if (buffer != NULL)
+ if (buffer != NULL) {
isc_buffer_free(&buffer);
+ }
- if (myrdata != NULL)
+ if (myrdata != NULL) {
dns_message_puttemprdata(client->message, &myrdata);
+ }
- if (myrdataset != NULL)
+ if (myrdataset != NULL) {
dns_message_puttemprdataset(client->message, &myrdataset);
+ }
if (myrdatalist != NULL) {
for (myrdata = ISC_LIST_HEAD(myrdatalist->rdata);
INSIST(qctx->client->dns64_aaaaok == NULL);
if (qctx->qtype == dns_rdatatype_aaaa && !qctx->dns64_exclude &&
- !ISC_LIST_EMPTY(qctx->view->dns64) &&
+ !ISC_LIST_EMPTY(dns64list) &&
qctx->client->message->rdclass == dns_rdataclass_in &&
!dns64_aaaaok(qctx->client, qctx->rdataset, qctx->sigrdataset))
{
static ns_hookresult_t
dns64_nodata_begin(void *arg, void *cbdata, isc_result_t *resp) {
query_ctx_t *qctx = (query_ctx_t *) arg;
+ isc_result_t result;
UNUSED(cbdata);
qctx->dns64 = false;
} else if ((qctx->nxresult == DNS_R_NXRRSET ||
qctx->nxresult == DNS_R_NCACHENXRRSET) &&
- !ISC_LIST_EMPTY(qctx->view->dns64) &&
+ !ISC_LIST_EMPTY(dns64list) &&
!qctx->nxrewrite &&
qctx->client->message->rdclass == dns_rdataclass_in &&
qctx->qtype == dns_rdatatype_aaaa)
qctx->client->dns64_ttl = qctx->rdataset->ttl;
break;
}
- if (dns_rdataset_first(qctx->rdataset) == ISC_R_SUCCESS)
+ result = dns_rdataset_first(qctx->rdataset);
+ if (result == ISC_R_SUCCESS) {
qctx->client->dns64_ttl = 0;
+ }
break;
case DNS_R_NXRRSET:
qctx->client->dns64_ttl =
<docinfo>
<copyright>
- <year>2018</year>
+ <year>2019</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
plugin_register(const char *parameters,
const void *cfg, const char *cfg_file, unsigned long cfg_line,
isc_mem_t *mctx, isc_log_t *lctx, void *actx,
- ns_hooktable_t *hooktable, void **instp)
+ dns_view_t *view, void **instp)
{
filter_instance_t *inst = NULL;
isc_result_t result;
/*
* Set hook points in the view's hooktable.
*/
- install_hooks(hooktable, mctx, inst);
+ install_hooks(view->hooktable, mctx, inst);
*instp = inst;
+++ /dev/null
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-options {
- dns64 ::/0 { };
-};
+++ /dev/null
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-options {
- dns64 ::/96 { suffix ::1; };
-};
+++ /dev/null
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-options {
- dns64 ::/96 { suffix 127.0.0.1; };
-};
+++ /dev/null
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-options {
- dns64 ::/129 { };
-};
+++ /dev/null
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-options {
- dns64 ::/129 { };
-};
+++ /dev/null
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-options {
- dns64 :: { };
-};
+++ /dev/null
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-options {
- dns64 FC36:EAFE:F993::/64 {
- exclude { bogusacl; };
- };
-};
+++ /dev/null
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-options {
- dns64 FC36:EAFE:F993::/64 {
- clients { bogusacl; };
- };
-};
+++ /dev/null
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-options {
- dns64 FC36:EAFE:F993::/64 {
- mapped { bogusacl; };
- };
-};
+++ /dev/null
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-acl rfc1918 { 10/8; 192.168/16; 172.16/12; };
-options {
- /* Well Known Prefix */
- dns64 64:FF9B::/96 {
- clients { any; };
- mapped { !rfc1918; any; };
- exclude { ::ffff:0:0/96; };
- };
-};
+++ /dev/null
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-acl rfc1918 { 10/8; 192.168/16; 172.16/12; };
-options {
- /* Well Known Prefix */
- dns64 64:FF9B::/96 {
- mapped { !rfc1918; any; };
- exclude { ::ffff:0:0/96; };
- };
-};
+++ /dev/null
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-acl rfc1918 { 10/8; 192.168/16; 172.16/12; };
-options {
- /* Well Known Prefix */
- dns64 64:FF9B::/96 {
- clients { any; };
- exclude { ::ffff:0:0/96; };
- };
-};
+++ /dev/null
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-acl rfc1918 { 10/8; 192.168/16; 172.16/12; };
-options {
- /* Well Known Prefix */
- dns64 64:FF9B::/96 {
- clients { any; };
- mapped { !rfc1918; any; };
- };
-};
+++ /dev/null
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-acl rfc1918 { 10/8; 192.168/16; 172.16/12; };
-options {
- /* Well Known Prefix */
- dns64 64:FF9B::/96 { };
-};
allow-recursion { 10.53.0.1; };
notify yes;
dnssec-validation yes;
+};
+plugin query "../../../../plugins/lib/dns64.so" {
dns64 2001:bbbb::/96 {
clients { any; };
mapped { !rfc1918; any; };
};
};
-plugin query "../../../../plugins/lib/dns64.so";
-
zone "." {
type master;
file "root.db";
recursion yes;
notify yes;
dnssec-validation yes;
+ response-policy { zone "rpz"; };
+};
+plugin query "../../../../plugins/lib/dns64.so" {
dns64 2001:aaaa::/96 {
clients { 10.53.0.2; };
mapped { !rfc1918; any; };
dns64 2001:64::/64 { clients { 10.53.0.6; }; };
dns64 2001:96::/96 { clients { 10.53.0.7; }; };
-
- response-policy { zone "rpz"; };
};
-plugin query "../../../../plugins/lib/dns64.so";
-
zone "." {
type hint;
file "../../common/root.hint";
notify yes;
dnssec-enable yes;
dnssec-validation yes;
+ response-policy { zone "rpz"; };
+};
+plugin query "../../../../plugins/lib/dns64.so" {
dns64 2001:aaaa::/96 {
clients { none; };
mapped { !rfc1918; any; };
dns64-server "dns64.example.net.";
dns64-contact "hostmaster.example.net.";
-
- response-policy { zone "rpz"; };
};
-plugin query "../../../../plugins/lib/dns64.so";
-
zone "." {
type hint;
file "../../common/root.hint";
DIGOPTS="+tcp +noadd +nosea +nostat +nocmd -p ${PORT}"
-for conf in conf/good*.conf
-do
- echo_i "checking that $conf is accepted ($n)"
- ret=0
- $CHECKCONF "$conf" || ret=1
- n=`expr $n + 1`
- if [ $ret != 0 ]; then echo_i "failed"; fi
- status=`expr $status + $ret`
-done
-
-for conf in conf/bad*.conf
-do
- echo_i "checking that $conf is rejected ($n)"
- ret=0
- $CHECKCONF "$conf" >/dev/null && ret=1
- n=`expr $n + 1`
- if [ $ret != 0 ]; then echo_i "failed"; fi
- status=`expr $status + $ret`
-done
-
# Check the example. domain
echo_i "checking non-excluded AAAA lookup works ($n)"
recursion yes;
dnssec-validation no;
notify yes;
+ minimal-responses no;
+};
+
+plugin query "../../../../plugins/lib/dns64.so" {
dns64 64:ff9b::/96 {
- clients { any; };
- exclude { any; };
- mapped { any; };
+ clients { any; };
+ exclude { any; };
+ mapped { any; };
};
- minimal-responses no;
};
plugin query "../../../../plugins/lib/filter-aaaa.so" {
return (result);
}
-static const unsigned char zeros[16];
-
-static isc_result_t
-check_dns64(cfg_aclconfctx_t *actx, const cfg_obj_t *voptions,
- const cfg_obj_t *config, isc_log_t *logctx, isc_mem_t *mctx)
-{
- isc_result_t result = ISC_R_SUCCESS;
- const cfg_obj_t *dns64 = NULL;
- const cfg_obj_t *options;
- const cfg_listelt_t *element;
- const cfg_obj_t *map, *obj;
- isc_netaddr_t na, sa;
- unsigned int prefixlen;
- int nbytes;
- int i;
-
- static const char *acls[] = { "clients", "exclude", "mapped", NULL};
-
- if (voptions != NULL)
- cfg_map_get(voptions, "dns64", &dns64);
- if (config != NULL && dns64 == NULL) {
- options = NULL;
- cfg_map_get(config, "options", &options);
- if (options != NULL)
- cfg_map_get(options, "dns64", &dns64);
- }
- if (dns64 == NULL)
- return (ISC_R_SUCCESS);
-
- for (element = cfg_list_first(dns64);
- element != NULL;
- element = cfg_list_next(element))
- {
- map = cfg_listelt_value(element);
- obj = cfg_map_getname(map);
-
- cfg_obj_asnetprefix(obj, &na, &prefixlen);
- if (na.family != AF_INET6) {
- cfg_obj_log(map, logctx, ISC_LOG_ERROR,
- "dns64 requires a IPv6 prefix");
- result = ISC_R_FAILURE;
- continue;
- }
-
- if (na.type.in6.s6_addr[8] != 0) {
- cfg_obj_log(map, logctx, ISC_LOG_ERROR,
- "invalid prefix, bits [64..71] must be zero");
- result = ISC_R_FAILURE;
- continue;
- }
-
- if (prefixlen != 32 && prefixlen != 40 && prefixlen != 48 &&
- prefixlen != 56 && prefixlen != 64 && prefixlen != 96) {
- cfg_obj_log(map, logctx, ISC_LOG_ERROR,
- "bad prefix length %u [32/40/48/56/64/96]",
- prefixlen);
- result = ISC_R_FAILURE;
- continue;
- }
-
- for (i = 0; acls[i] != NULL; i++) {
- obj = NULL;
- (void)cfg_map_get(map, acls[i], &obj);
- if (obj != NULL) {
- dns_acl_t *acl = NULL;
- isc_result_t tresult;
-
- tresult = cfg_acl_fromconfig(obj, config,
- logctx, actx,
- mctx, 0, &acl);
- if (acl != NULL)
- dns_acl_detach(&acl);
- if (tresult != ISC_R_SUCCESS)
- result = tresult;
- }
- }
-
- obj = NULL;
- (void)cfg_map_get(map, "suffix", &obj);
- if (obj != NULL) {
- isc_netaddr_fromsockaddr(&sa, cfg_obj_assockaddr(obj));
- if (sa.family != AF_INET6) {
- cfg_obj_log(map, logctx, ISC_LOG_ERROR,
- "dns64 requires a IPv6 suffix");
- result = ISC_R_FAILURE;
- continue;
- }
- nbytes = prefixlen / 8 + 4;
- if (prefixlen <= 64)
- nbytes++;
- if (memcmp(sa.type.in6.s6_addr, zeros, nbytes) != 0) {
- char netaddrbuf[ISC_NETADDR_FORMATSIZE];
- isc_netaddr_format(&sa, netaddrbuf,
- sizeof(netaddrbuf));
- cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
- "bad suffix '%s' leading "
- "%u octets not zeros",
- netaddrbuf, nbytes);
- result = ISC_R_FAILURE;
- }
- }
- }
-
- return (result);
-}
-
#define CHECK_RRL(cond, pat, val1, val2) \
do { \
if (!(cond)) { \
static const char *server_contact[] = {
"empty-server", "empty-contact",
- "dns64-server", "dns64-contact",
NULL
};
result = tresult;
}
- tresult = check_dns64(actx, voptions, config, logctx, mctx);
- if (tresult != ISC_R_SUCCESS) {
- result = tresult;
- }
-
tresult = check_ratelimit(actx, voptions, config, logctx, mctx);
if (tresult != ISC_R_SUCCESS) {
result = tresult;
DNSOBJS = acl.@O@ adb.@O@ badcache.@O@ byaddr.@O@ \
cache.@O@ callbacks.@O@ catz.@O@ clientinfo.@O@ compress.@O@ \
db.@O@ dbiterator.@O@ dbtable.@O@ diff.@O@ dispatch.@O@ \
- dlz.@O@ dns64.@O@ dnsrps.@O@ dnssec.@O@ ds.@O@ dyndb.@O@ \
+ dlz.@O@ dnsrps.@O@ dnssec.@O@ ds.@O@ dyndb.@O@ \
ecs.@O@ fixedname.@O@ forward.@O@ \
ipkeylist.@O@ iptable.@O@ journal.@O@ keydata.@O@ \
keytable.@O@ lib.@O@ log.@O@ lookup.@O@ \
DNSSRCS = acl.c adb.c badcache. byaddr.c \
cache.c callbacks.c clientinfo.c compress.c \
db.c dbiterator.c dbtable.c diff.c dispatch.c \
- dlz.c dns64.c dnsrps.c dnssec.c ds.c dyndb.c \
+ dlz.c dnsrps.c dnssec.c ds.c dyndb.c \
ecs.c fixedname.c forward.c \
ipkeylist.c iptable.c journal.c keydata.c keytable.c lib.c \
log.c lookup.c master.c masterdump.c message.c \
+++ /dev/null
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-#include <stdbool.h>
-
-#include <isc/list.h>
-#include <isc/mem.h>
-#include <isc/netaddr.h>
-#include <isc/string.h>
-#include <isc/util.h>
-
-#include <dns/acl.h>
-#include <dns/dns64.h>
-#include <dns/rdata.h>
-#include <dns/rdataset.h>
-#include <dns/result.h>
-#include <string.h>
-
-struct dns_dns64 {
- unsigned char bits[16]; /*
- * Prefix + suffix bits.
- */
- dns_acl_t * clients; /*
- * Which clients get mapped
- * addresses.
- */
- dns_acl_t * mapped; /*
- * IPv4 addresses to be mapped.
- */
- dns_acl_t * excluded; /*
- * IPv6 addresses that are
- * treated as not existing.
- */
- unsigned int prefixlen; /*
- * Start of mapped address.
- */
- unsigned int flags;
- isc_mem_t * mctx;
- ISC_LINK(dns_dns64_t) link;
-};
-
-isc_result_t
-dns_dns64_create(isc_mem_t *mctx, const isc_netaddr_t *prefix,
- unsigned int prefixlen, const isc_netaddr_t *suffix,
- dns_acl_t *clients, dns_acl_t *mapped, dns_acl_t *excluded,
- unsigned int flags, dns_dns64_t **dns64p)
-{
- dns_dns64_t *dns64;
- unsigned int nbytes = 16;
-
- REQUIRE(prefix != NULL && prefix->family == AF_INET6);
- /* Legal prefix lengths from rfc6052.txt. */
- REQUIRE(prefixlen == 32 || prefixlen == 40 || prefixlen == 48 ||
- prefixlen == 56 || prefixlen == 64 || prefixlen == 96);
- REQUIRE(isc_netaddr_prefixok(prefix, prefixlen) == ISC_R_SUCCESS);
- REQUIRE(dns64p != NULL && *dns64p == NULL);
-
- if (suffix != NULL) {
- static const unsigned char zeros[16];
- REQUIRE(prefix->family == AF_INET6);
- nbytes = prefixlen / 8 + 4;
- /* Bits 64-71 are zeros. rfc6052.txt */
- if (prefixlen >= 32 && prefixlen <= 64)
- nbytes++;
- REQUIRE(memcmp(suffix->type.in6.s6_addr, zeros, nbytes) == 0);
- }
-
- dns64 = isc_mem_get(mctx, sizeof(dns_dns64_t));
- memset(dns64->bits, 0, sizeof(dns64->bits));
- memmove(dns64->bits, prefix->type.in6.s6_addr, prefixlen / 8);
- if (suffix != NULL)
- memmove(dns64->bits + nbytes, suffix->type.in6.s6_addr + nbytes,
- 16 - nbytes);
- dns64->clients = NULL;
- if (clients != NULL)
- dns_acl_attach(clients, &dns64->clients);
- dns64->mapped = NULL;
- if (mapped != NULL)
- dns_acl_attach(mapped, &dns64->mapped);
- dns64->excluded = NULL;
- if (excluded != NULL)
- dns_acl_attach(excluded, &dns64->excluded);
- dns64->prefixlen = prefixlen;
- dns64->flags = flags;
- ISC_LINK_INIT(dns64, link);
- dns64->mctx = NULL;
- isc_mem_attach(mctx, &dns64->mctx);
- *dns64p = dns64;
- return (ISC_R_SUCCESS);
-}
-
-void
-dns_dns64_destroy(dns_dns64_t **dns64p) {
- dns_dns64_t *dns64;
-
- REQUIRE(dns64p != NULL && *dns64p != NULL);
-
- dns64 = *dns64p;
- *dns64p = NULL;
-
- REQUIRE(!ISC_LINK_LINKED(dns64, link));
-
- if (dns64->clients != NULL)
- dns_acl_detach(&dns64->clients);
- if (dns64->mapped != NULL)
- dns_acl_detach(&dns64->mapped);
- if (dns64->excluded != NULL)
- dns_acl_detach(&dns64->excluded);
- isc_mem_putanddetach(&dns64->mctx, dns64, sizeof(*dns64));
-}
-
-isc_result_t
-dns_dns64_aaaafroma(const dns_dns64_t *dns64, const isc_netaddr_t *reqaddr,
- const dns_name_t *reqsigner, const dns_aclenv_t *env,
- unsigned int flags, unsigned char *a, unsigned char *aaaa)
-{
- unsigned int nbytes, i;
- isc_result_t result;
- int match;
-
- if ((dns64->flags & DNS_DNS64_RECURSIVE_ONLY) != 0 &&
- (flags & DNS_DNS64_RECURSIVE) == 0)
- return (DNS_R_DISALLOWED);
-
- if ((dns64->flags & DNS_DNS64_BREAK_DNSSEC) == 0 &&
- (flags & DNS_DNS64_DNSSEC) != 0)
- return (DNS_R_DISALLOWED);
-
- if (dns64->clients != NULL) {
- result = dns_acl_match(reqaddr, reqsigner, dns64->clients,
- env, &match, NULL);
- if (result != ISC_R_SUCCESS)
- return (result);
- if (match <= 0)
- return (DNS_R_DISALLOWED);
- }
-
- if (dns64->mapped != NULL) {
- struct in_addr ina;
- isc_netaddr_t netaddr;
-
- memmove(&ina.s_addr, a, 4);
- isc_netaddr_fromin(&netaddr, &ina);
- result = dns_acl_match(&netaddr, NULL, dns64->mapped,
- env, &match, NULL);
- if (result != ISC_R_SUCCESS)
- return (result);
- if (match <= 0)
- return (DNS_R_DISALLOWED);
- }
-
- nbytes = dns64->prefixlen / 8;
- INSIST(nbytes <= 12);
- /* Copy prefix. */
- memmove(aaaa, dns64->bits, nbytes);
- /* Bits 64-71 are zeros. rfc6052.txt */
- if (nbytes == 8)
- aaaa[nbytes++] = 0;
- /* Copy mapped address. */
- for (i = 0; i < 4U; i++) {
- aaaa[nbytes++] = a[i];
- /* Bits 64-71 are zeros. rfc6052.txt */
- if (nbytes == 8)
- aaaa[nbytes++] = 0;
- }
- /* Copy suffix. */
- memmove(aaaa + nbytes, dns64->bits + nbytes, 16 - nbytes);
- return (ISC_R_SUCCESS);
-}
-
-dns_dns64_t *
-dns_dns64_next(dns_dns64_t *dns64) {
- dns64 = ISC_LIST_NEXT(dns64, link);
- return (dns64);
-}
-
-void
-dns_dns64_append(dns_dns64list_t *list, dns_dns64_t *dns64) {
- ISC_LIST_APPEND(*list, dns64, link);
-}
-
-void
-dns_dns64_unlink(dns_dns64list_t *list, dns_dns64_t *dns64) {
- ISC_LIST_UNLINK(*list, dns64, link);
-}
-
-bool
-dns_dns64_aaaaok(const dns_dns64_t *dns64, const isc_netaddr_t *reqaddr,
- const dns_name_t *reqsigner, const dns_aclenv_t *env,
- unsigned int flags, dns_rdataset_t *rdataset,
- bool *aaaaok, size_t aaaaoklen)
-{
- struct in6_addr in6;
- isc_netaddr_t netaddr;
- isc_result_t result;
- int match;
- bool answer = false;
- bool found = false;
- unsigned int i, ok;
-
- REQUIRE(rdataset != NULL);
- REQUIRE(rdataset->type == dns_rdatatype_aaaa);
- REQUIRE(rdataset->rdclass == dns_rdataclass_in);
- if (aaaaok != NULL)
- REQUIRE(aaaaoklen == dns_rdataset_count(rdataset));
-
- for (;dns64 != NULL; dns64 = ISC_LIST_NEXT(dns64, link)) {
- if ((dns64->flags & DNS_DNS64_RECURSIVE_ONLY) != 0 &&
- (flags & DNS_DNS64_RECURSIVE) == 0)
- continue;
-
- if ((dns64->flags & DNS_DNS64_BREAK_DNSSEC) == 0 &&
- (flags & DNS_DNS64_DNSSEC) != 0)
- continue;
- /*
- * Work out if this dns64 structure applies to this client.
- */
- if (dns64->clients != NULL) {
- result = dns_acl_match(reqaddr, reqsigner,
- dns64->clients, env,
- &match, NULL);
- if (result != ISC_R_SUCCESS)
- continue;
- if (match <= 0)
- continue;
- }
-
- if (!found && aaaaok != NULL) {
- for (i = 0; i < aaaaoklen; i++)
- aaaaok[i] = false;
- }
- found = true;
-
- /*
- * If we are not excluding any addresses then any AAAA
- * will do.
- */
- if (dns64->excluded == NULL) {
- answer = true;
- if (aaaaok == NULL)
- goto done;
- for (i = 0; i < aaaaoklen; i++)
- aaaaok[i] = true;
- goto done;
- }
-
- i = 0; ok = 0;
- for (result = dns_rdataset_first(rdataset);
- result == ISC_R_SUCCESS;
- result = dns_rdataset_next(rdataset)) {
- dns_rdata_t rdata = DNS_RDATA_INIT;
- if (aaaaok == NULL || !aaaaok[i]) {
-
- dns_rdataset_current(rdataset, &rdata);
- memmove(&in6.s6_addr, rdata.data, 16);
- isc_netaddr_fromin6(&netaddr, &in6);
-
- result = dns_acl_match(&netaddr, NULL,
- dns64->excluded, env,
- &match, NULL);
- if (result == ISC_R_SUCCESS && match <= 0) {
- answer = true;
- if (aaaaok == NULL)
- goto done;
- aaaaok[i] = true;
- ok++;
- }
- } else
- ok++;
- i++;
- }
- /*
- * Are all addresses ok?
- */
- if (aaaaok != NULL && ok == aaaaoklen)
- goto done;
- }
-
- done:
- if (!found && aaaaok != NULL) {
- for (i = 0; i < aaaaoklen; i++)
- aaaaok[i] = true;
- }
- return (found ? answer : true);
-}
cache.h callbacks.h catz.h cert.h \
client.h clientinfo.h compress.h \
db.h dbiterator.h dbtable.h diff.h dispatch.h \
- dlz.h dlz_dlopen.h dns64.h dnsrps.h dnssec.h ds.h dsdigest.h \
+ dlz.h dlz_dlopen.h dnsrps.h dnssec.h ds.h dsdigest.h \
dnstap.h dyndb.h ecs.h \
edns.h ecdb.h events.h fixedname.h forward.h geoip.h \
ipkeylist.h iptable.h \
+++ /dev/null
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-
-#ifndef DNS_DNS64_H
-#define DNS_DNS64_H 1
-
-#include <stdbool.h>
-
-#include <isc/lang.h>
-
-#include <dns/types.h>
-
-ISC_LANG_BEGINDECLS
-
-/*
- * dns_dns64_create() flags.
- */
-#define DNS_DNS64_RECURSIVE_ONLY 0x01 /* If set then this record
- * only applies to recursive
- * queries.
- */
-#define DNS_DNS64_BREAK_DNSSEC 0x02 /* If set then still perform
- * DNSSEC synthesis even
- * though the result would
- * fail validation.
- */
-
-/*
- * dns_dns64_aaaaok() and dns_dns64_aaaafroma() flags.
- */
-#define DNS_DNS64_RECURSIVE 0x01 /* Recursive query. */
-#define DNS_DNS64_DNSSEC 0x02 /* DNSSEC sensitive query. */
-
-isc_result_t
-dns_dns64_create(isc_mem_t *mctx, const isc_netaddr_t *prefix,
- unsigned int prefixlen, const isc_netaddr_t *suffix,
- dns_acl_t *client, dns_acl_t *mapped, dns_acl_t *excluded,
- unsigned int flags, dns_dns64_t **dns64);
-/*
- * Create a dns64 record which is used to identify the set of clients
- * it applies to and how to perform the DNS64 synthesis.
- *
- * 'prefix' and 'prefixlen' defined the leading bits of the AAAA records
- * to be synthesised. 'suffix' defines the bits after the A records bits.
- * If suffix is NULL zeros will be used for these bits. 'client' defines
- * for which clients this record applies. If 'client' is NULL then all
- * clients apply. 'mapped' defines which A records are candidated for
- * mapping. If 'mapped' is NULL then all A records will be mapped.
- * 'excluded' defines which AAAA are to be treated as non-existent for the
- * purposed of determining whether to perform syntesis. If 'excluded' is
- * NULL then no AAAA records prevent synthesis.
- *
- * If DNS_DNS64_RECURSIVE_ONLY is set then the record will only match if
- * DNS_DNS64_RECURSIVE is set when calling dns_dns64_aaaaok() and
- * dns_dns64_aaaafroma().
- *
- * If DNS_DNS64_BREAK_DNSSEC is set then the record will still apply if
- * DNS_DNS64_DNSSEC is set when calling dns_dns64_aaaaok() and
- * dns_dns64_aaaafroma() otherwise the record will be ignored.
- *
- * Requires:
- * 'mctx' to be valid.
- * 'prefix' to be valid and the address family to AF_INET6.
- * 'prefixlen' to be one of 32, 40, 48, 56, 72 and 96.
- * the bits not covered by prefixlen in prefix to
- * be zero.
- * 'suffix' to be NULL or the address family be set to AF_INET6
- * and the leading 'prefixlen' + 32 bits of the 'suffix'
- * to be zero. If 'prefixlen' is 40, 48 or 56 then the
- * the leading 'prefixlen' + 40 bits of 'suffix' must be
- * zero.
- * 'client' to be NULL or a valid acl.
- * 'mapped' to be NULL or a valid acl.
- * 'excluded' to be NULL or a valid acl.
- *
- * Returns:
- * ISC_R_SUCCESS
- * ISC_R_NOMEMORY
- */
-
-void
-dns_dns64_destroy(dns_dns64_t **dns64p);
-/*
- * Destroys a dns64 record.
- *
- * Requires the record to not be linked.
- */
-
-isc_result_t
-dns_dns64_aaaafroma(const dns_dns64_t *dns64, const isc_netaddr_t *reqaddr,
- const dns_name_t *reqsigner, const dns_aclenv_t *env,
- unsigned int flags, unsigned char *a, unsigned char *aaaa);
-/*
- * dns_dns64_aaaafroma() determines whether to perform a DNS64 address
- * synthesis from 'a' based on 'dns64', 'reqaddr', 'reqsigner', 'env',
- * 'flags' and 'aaaa'. If synthesis is performed then the result is
- * written to '*aaaa'.
- *
- * The synthesised address will be of the form:
- *
- * <prefix bits><a bits><suffix bits>
- *
- * If <a bits> straddle bits 64-71 of the AAAA record, then 8 zero bits will
- * be inserted at bits 64-71.
- *
- * Requires:
- * 'dns64' to be valid.
- * 'reqaddr' to be valid.
- * 'reqsigner' to be NULL or valid.
- * 'env' to be valid.
- * 'a' to point to a IPv4 address in network order.
- * 'aaaa' to point to a IPv6 address buffer in network order.
- *
- * Returns:
- * ISC_R_SUCCESS if synthesis was performed.
- * DNS_R_DISALLOWED if there is no match.
- */
-
-dns_dns64_t *
-dns_dns64_next(dns_dns64_t *dns64);
-/*
- * Return the next dns64 record in the list.
- */
-
-void
-dns_dns64_append(dns_dns64list_t *list, dns_dns64_t *dns64);
-/*
- * Append the dns64 record to the list.
- */
-
-void
-dns_dns64_unlink(dns_dns64list_t *list, dns_dns64_t *dns64);
-/*
- * Unlink the dns64 record from the list.
- */
-
-bool
-dns_dns64_aaaaok(const dns_dns64_t *dns64, const isc_netaddr_t *reqaddr,
- const dns_name_t *reqsigner, const dns_aclenv_t *env,
- unsigned int flags, dns_rdataset_t *rdataset,
- bool *aaaaok, size_t aaaaoklen);
-/*
- * Determine if there are any non-excluded AAAA records in from the
- * matching dns64 records in the list starting at 'dns64'. If there
- * is a non-exluded address return true. If all addresses are
- * excluded in the matched records return false. If no records
- * match then return true.
- *
- * If aaaaok is defined then dns_dns64_aaaaok() return a array of which
- * addresses in 'rdataset' were deemed to not be exclude by any matching
- * record. If there are no matching records then all entries are set
- * to true.
- *
- * Requires
- * 'rdataset' to be valid and to be for type AAAA and class IN.
- * 'aaaaoklen' must match the number of records in 'rdataset'
- * if 'aaaaok' in non NULL.
- */
-
-ISC_LANG_ENDDECLS
-
-#endif /* DNS_DNS64_H */
uint16_t padding;
dns_acl_t * pad_acl;
unsigned int maxbits;
- dns_dns64list_t dns64;
- unsigned int dns64cnt;
dns_rpz_zones_t *rpzs;
dns_catz_zones_t *catzs;
dns_dlzdblist_t dlz_searched;
dns_dtmsgtype_t dttypes; /* Dnstap message types
to log */
+ dns_zonemgr_t *zonemgr;
+
/* Registered module instances */
void *plugins;
void (*plugins_free)(isc_mem_t *, void **);
*\li 'view' to be valid.
*/
+void
+dns_view_setzonemgr(dns_view_t *view, dns_zonemgr_t *zonemgr);
+/*%<
+ * Set the view's zone manager.
+ *
+ * Requires:
+ *\li 'view' to be valid.
+ */
ISC_LANG_ENDDECLS
#include <dns/db.h>
#include <dns/dispatch.h>
#include <dns/dlz.h>
-#include <dns/dns64.h>
#include <dns/dnssec.h>
#include <dns/events.h>
#include <dns/forward.h>
view->resstats = NULL;
view->resquerystats = NULL;
view->cacheshared = false;
- ISC_LIST_INIT(view->dns64);
- view->dns64cnt = 0;
/*
* Initialize configuration data with default values.
view->hooktable_free = NULL;
isc_mutex_init(&view->new_zone_lock);
+ view->zonemgr = NULL;
result = dns_order_create(view->mctx, &view->order);
if (result != ISC_R_SUCCESS) {
static inline void
destroy(dns_view_t *view) {
- dns_dns64_t *dns64;
dns_dlzdb_t *dlzdb;
REQUIRE(!ISC_LINK_LINKED(view, link));
dns_keytable_detach(&view->secroots_priv);
if (view->ntatable_priv != NULL)
dns_ntatable_detach(&view->ntatable_priv);
- for (dns64 = ISC_LIST_HEAD(view->dns64);
- dns64 != NULL;
- dns64 = ISC_LIST_HEAD(view->dns64)) {
- dns_dns64_unlink(&view->dns64, dns64);
- dns_dns64_destroy(&dns64);
- }
if (view->managed_keys != NULL)
dns_zone_detach(&view->managed_keys);
if (view->redirect != NULL)
isc_refcount_destroy(&view->weakrefs);
isc_mem_free(view->mctx, view->nta_file);
isc_mem_free(view->mctx, view->name);
+ if (view->zonemgr != NULL) {
+ dns_zonemgr_detach(&view->zonemgr);
+ }
if (view->hooktable != NULL && view->hooktable_free != NULL) {
view->hooktable_free(view->mctx, &view->hooktable);
}
dns_zt_setviewrevert(zonetable);
}
}
+
+void
+dns_view_setzonemgr(dns_view_t *view, dns_zonemgr_t *zonemgr) {
+ REQUIRE(DNS_VIEW_VALID(view));
+
+ dns_zonemgr_attach(zonemgr, &view->zonemgr);
+}
dns_dlzregister
dns_dlzstrtoargv
dns_dlzunregister
-dns_dns64_aaaafroma
-dns_dns64_aaaaok
-dns_dns64_append
-dns_dns64_create
-dns_dns64_destroy
-dns_dns64_next
-dns_dns64_unlink
dns_dnssec_findmatchingkeys
dns_dnssec_findzonekeys
dns_dnssec_keyactive
dns_view_setrootdelonly
dns_view_setviewcommit
dns_view_setviewrevert
+dns_view_setzonemgr
dns_view_simplefind
dns_view_thaw
dns_view_untrust
"prefetch", cfg_parse_tuple, cfg_print_tuple, cfg_doc_tuple,
&cfg_rep_tuple, prefetch_fields
};
-/*
- * DNS64.
- */
-static cfg_clausedef_t
-dns64_clauses[] = {
- { "break-dnssec", &cfg_type_boolean, 0 },
- { "clients", &cfg_type_bracketed_aml, 0 },
- { "exclude", &cfg_type_bracketed_aml, 0 },
- { "mapped", &cfg_type_bracketed_aml, 0 },
- { "recursive-only", &cfg_type_boolean, 0 },
- { "suffix", &cfg_type_netaddr6, 0 },
- { NULL, NULL, 0 },
-};
-
-static cfg_clausedef_t *
-dns64_clausesets[] = {
- dns64_clauses,
- NULL
-};
-
-static cfg_type_t cfg_type_dns64 = {
- "dns64", cfg_parse_netprefix_map, cfg_print_map, cfg_doc_map,
- &cfg_rep_map, dns64_clausesets
-};
/*%
* Clauses that can be found within the 'view' statement,
{ "disable-ds-digests", &cfg_type_disabledsdigest,
CFG_CLAUSEFLAG_MULTI },
{ "disable-empty-zone", &cfg_type_astring, CFG_CLAUSEFLAG_MULTI },
- { "dns64", &cfg_type_dns64, CFG_CLAUSEFLAG_MULTI },
- { "dns64-contact", &cfg_type_astring, 0 },
- { "dns64-server", &cfg_type_astring, 0 },
+ { "dns64", &cfg_type_bracketed_text,
+ CFG_CLAUSEFLAG_MULTI|CFG_CLAUSEFLAG_OBSOLETE },
+ { "dns64-contact", &cfg_type_astring, CFG_CLAUSEFLAG_OBSOLETE },
+ { "dns64-server", &cfg_type_astring, CFG_CLAUSEFLAG_OBSOLETE },
#ifdef USE_DNSRPS
{ "dnsrps-enable", &cfg_type_boolean, 0 },
{ "dnsrps-options", &cfg_type_bracketed_text, 0 },
#include <isc/types.h>
#include <dns/view.h>
+#include <dns/zone.h>
#include <ns/hooks.h>
#include <ns/log.h>
#include <ns/query.h>
+#include <ns/server.h>
#define CHECK(op) \
do { \
"registering plugin '%s'", modpath);
CHECK(plugin->register_func(parameters, cfg, cfg_file, cfg_line,
- mctx, lctx, actx, view->hooktable,
+ mctx, lctx, actx, view,
&plugin->inst));
ISC_LIST_APPEND(*(ns_plugins_t *)view->plugins, plugin, link);
ns_plugin_register_t(const char *parameters,
const void *cfg, const char *file, unsigned long line,
isc_mem_t *mctx, isc_log_t *lctx, void *actx,
- ns_hooktable_t *hooktable, void **instp);
+ dns_view_t *view, void **instp);
/*%<
* Called when registering a new plugin.
*
#include <dns/cache.h>
#include <dns/db.h>
#include <dns/dlz.h>
-#include <dns/dns64.h>
#include <dns/dnsrps.h>
#include <dns/dnssec.h>
#include <dns/events.h>
if (qctx->type == dns_rdatatype_any) { /* XXX not yet */
goto cleanup;
}
- if (!ISC_LIST_EMPTY(qctx->view->dns64) &&
- (qctx->type == dns_rdatatype_a ||
- qctx->type == dns_rdatatype_aaaa)) /* XXX not yet */
- {
- goto cleanup;
- }
if (!qctx->resuming && !STALE(qctx->rdataset) &&
qctx->rdataset->ttl == 0 && RECURSIONOK(qctx->client))
{
if (qctx->type == dns_rdatatype_any) { /* XXX not yet */
goto cleanup;
}
- if (!ISC_LIST_EMPTY(qctx->view->dns64) &&
- (qctx->type == dns_rdatatype_a ||
- qctx->type == dns_rdatatype_aaaa)) /* XXX not yet */
- {
- goto cleanup;
- }
/* FALLTHROUGH */
case DNS_R_CNAME:
if (!qctx->resuming && !STALE(&rdataset) &&
ns_plugin_register
ns_plugins_create
ns_plugins_free
+ns_query_addsoa
ns_query_cancel
ns_query_done
ns_query_free
ns_query_init
+ns_query_lookup
+ns_query_ncache
+ns_query_nodata
ns_query_recurse
+ns_query_setorder
ns_query_start
ns_server_attach
ns_server_create
./bin/pkcs11/win32/pk11tokens.vcxproj.filters.in X 2014,2015,2018,2019
./bin/pkcs11/win32/pk11tokens.vcxproj.in X 2014,2015,2016,2017,2018,2019
./bin/pkcs11/win32/pk11tokens.vcxproj.user X 2014,2018,2019
+./bin/plugins/dns64.8 MAN DOCBOOK
+./bin/plugins/dns64.c C 2019
+./bin/plugins/dns64.docbook SGML 2019
+./bin/plugins/dns64.html HTML DOCBOOK
./bin/plugins/filter-aaaa.8 MAN DOCBOOK
./bin/plugins/filter-aaaa.c C 2018,2019
./bin/plugins/filter-aaaa.docbook SGML 2018,2019
./doc/arm/man.ddns-confgen.html X 2009,2010,2011,2012,2013,2014,2015,2016,2017,2018,2019
./doc/arm/man.delv.html X 2014,2015,2016,2017,2018,2019
./doc/arm/man.dig.html X 2005,2006,2007,2008,2009,2010,2011,2012,2013,2014,2015,2016,2017,2018,2019
+./doc/arm/man.dns64.html X 2019
./doc/arm/man.dnssec-cds.html X 2017,2018,2019
./doc/arm/man.dnssec-checkds.html X 2013,2014,2015,2016,2017,2018,2019
./doc/arm/man.dnssec-coverage.html X 2013,2014,2015,2016,2017,2018,2019
./lib/dns/diff.c C 2000,2001,2002,2003,2004,2005,2007,2008,2009,2011,2013,2014,2015,2016,2017,2018,2019
./lib/dns/dispatch.c C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2011,2012,2013,2014,2015,2016,2017,2018,2019
./lib/dns/dlz.c C.PORTION 1999,2000,2001,2005,2007,2009,2010,2011,2012,2013,2015,2016,2018,2019
-./lib/dns/dns64.c C 2010,2011,2014,2016,2017,2018,2019
./lib/dns/dnsrps.c C 2017,2018,2019
./lib/dns/dnssec.c C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2012,2013,2014,2015,2016,2017,2018,2019
./lib/dns/dnstap.c C 2015,2016,2017,2018,2019
./lib/dns/include/dns/dispatch.h C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2011,2012,2013,2014,2015,2016,2017,2018,2019
./lib/dns/include/dns/dlz.h C.PORTION 1999,2000,2001,2005,2006,2007,2009,2010,2011,2012,2013,2016,2018,2019
./lib/dns/include/dns/dlz_dlopen.h C 2011,2012,2013,2016,2017,2018,2019
-./lib/dns/include/dns/dns64.h C 2010,2014,2016,2018,2019
./lib/dns/include/dns/dnsrps.h C 2017,2018,2019
./lib/dns/include/dns/dnssec.h C 1999,2000,2001,2002,2004,2005,2006,2007,2009,2010,2011,2012,2013,2014,2015,2016,2018,2019
./lib/dns/include/dns/dnstap.h C 2015,2016,2017,2018,2019
projects / thirdparty / bind9.git / commitdiff
