Allow the optional filter-aaaa-on-v4 option in view statements to close #20635

diff --git a/CHANGES b/CHANGES
index b42e8b0a40c0b8c77002861985e9fcf10da319ee..ac2b7024dc34cdd69ed0aef1c052267bf18e351c 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+2792.  [func]          Optional filter-aaaa-on-v4 option, if built with
+                       './configure --enable-filter-aaaa', can now be
+                       a view option. [RT #20635]
+
 2791.  [bug]           The installation of isc-config.sh was broken.
                        [RT #20667]
 

diff --git a/bin/named/include/named/server.h b/bin/named/include/named/server.h
index 75416d95a6e60c255119c70aff3a7e46b93ed52a..cafce39e463f16fa0ad0da189fa44f204217ae6f 100644 (file)
--- a/bin/named/include/named/server.h
+++ b/bin/named/include/named/server.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: server.h,v 1.103 2009/10/26 23:14:53 each Exp $ */
+/* $Id: server.h,v 1.104 2009/11/28 15:57:37 vjs Exp $ */
 
 #ifndef NAMED_SERVER_H
 #define NAMED_SERVER_H 1
@@ -115,9 +115,6 @@ struct ns_server {
        dns_name_t              *session_keyname;
        unsigned int            session_keyalg;
        isc_uint16_t            session_keybits;
-#ifdef ALLOW_FILTER_AAAA_ON_V4
-       dns_v4_aaaa_t           v4_aaaa;
-#endif
 };
 
 #define NS_SERVER_MAGIC                        ISC_MAGIC('S','V','E','R')

diff --git a/bin/named/query.c b/bin/named/query.c
index 8f7d40e36bf41285e8a53e0062a77363fe57aaca..a9795a2bd31c7fff7078d3ca2fdfe7495616345f 100644 (file)
--- a/bin/named/query.c
+++ b/bin/named/query.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: query.c,v 1.334 2009/11/25 02:22:05 marka Exp $ */
+/* $Id: query.c,v 1.335 2009/11/28 15:57:36 vjs Exp $ */
 
 /*! \file */
 
@@ -4729,7 +4729,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
                         * Notice the presence of A and AAAAs so
                         * that AAAAs can be hidden from IPv4 clients.
                         */
-                       if (ns_g_server->v4_aaaa != dns_v4_aaaa_ok &&
+                       if (client->view->v4_aaaa != dns_v4_aaaa_ok &&
                            client->peeraddr_valid &&
                            client->peeraddr.type.sa.sa_family == AF_INET) {
                                if (rdataset->type == dns_rdatatype_aaaa)
@@ -4790,7 +4790,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
                 */
                if (have_aaaa && have_a &&
                    (!have_sig || !WANTDNSSEC(client) ||
-                    ns_g_server->v4_aaaa == dns_v4_aaaa_break_dnssec))
+                    client->view->v4_aaaa == dns_v4_aaaa_break_dnssec))
                        client->attributes |= NS_CLIENTATTR_FILTER_AAAA;
 #endif
                if (fname != NULL)
@@ -4863,13 +4863,13 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
                 * so fundamentally wrong, unavoidably inaccurate, and
                 * unneeded that it is best to keep it as short as possible.
                 */
-               if (ns_g_server->v4_aaaa != dns_v4_aaaa_ok &&
+               if (client->view->v4_aaaa != dns_v4_aaaa_ok &&
                    client->peeraddr_valid &&
                    client->peeraddr.type.sa.sa_family == AF_INET &&
                    (!WANTDNSSEC(client) ||
                     sigrdataset == NULL ||
                     !dns_rdataset_isassociated(sigrdataset) ||
-                    ns_g_server->v4_aaaa == dns_v4_aaaa_break_dnssec)) {
+                    client->view->v4_aaaa == dns_v4_aaaa_break_dnssec)) {
                        if (qtype == dns_rdatatype_aaaa) {
                                trdataset = query_newrdataset(client);
                                result = dns_db_findrdataset(db, node, version,

diff --git a/bin/named/server.c b/bin/named/server.c
index 3297dd8f83d082ad19e257236e7b9fc1777b5b06..20d09108bc278ffcbca6bf9a5933be2498e7c718 100644 (file)
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: server.c,v 1.555 2009/11/19 18:52:40 each Exp $ */
+/* $Id: server.c,v 1.556 2009/11/28 15:57:36 vjs Exp $ */
 
 /*! \file */
 
@@ -2092,6 +2092,24 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,
                                        cfg_obj_asuint32(obj),
                                        max_clients_per_query);
 
+#ifdef ALLOW_FILTER_AAAA_ON_V4
+       obj = NULL;
+       result = ns_config_get(maps, "filter-aaaa-on-v4", &obj);
+       INSIST(result == ISC_R_SUCCESS);
+       if (cfg_obj_isboolean(obj)) {
+               if (cfg_obj_asboolean(obj))
+                       view->v4_aaaa = dns_v4_aaaa_filter;
+               else
+                       view->v4_aaaa = dns_v4_aaaa_ok;
+       } else {
+               const char *v4_aaaastr = cfg_obj_asstring(obj);
+               if (strcasecmp(v4_aaaastr, "break-dnssec") == 0)
+                       view->v4_aaaa = dns_v4_aaaa_break_dnssec;
+               else
+                       INSIST(0);
+       }
+
+#endif
        obj = NULL;
        result = ns_config_get(maps, "dnssec-enable", &obj);
        INSIST(result == ISC_R_SUCCESS);
@@ -4361,25 +4379,6 @@ load_configuration(const char *filename, ns_server_t *server,
                server->flushonshutdown = ISC_FALSE;
        }
 
-#ifdef ALLOW_FILTER_AAAA_ON_V4
-       obj = NULL;
-       result = ns_config_get(maps, "filter-aaaa-on-v4", &obj);
-       INSIST(result == ISC_R_SUCCESS);
-       if (cfg_obj_isboolean(obj)) {
-               if (cfg_obj_asboolean(obj))
-                       server->v4_aaaa = dns_v4_aaaa_filter;
-               else
-                       server->v4_aaaa = dns_v4_aaaa_ok;
-       } else {
-               const char *v4_aaaastr = cfg_obj_asstring(obj);
-               if (strcasecmp(v4_aaaastr, "break-dnssec") == 0)
-                       server->v4_aaaa
-                                       = dns_v4_aaaa_break_dnssec;
-               else
-                       INSIST(0);
-       }
-
-#endif
        result = ISC_R_SUCCESS;
 
  cleanup:

diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index 6eb8f804899c451170a9249217a6eda6eb17f0fd..5fe48af79905dfef25238207458793cbebb10731 100644 (file)
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- File: $Id: Bv9ARM-book.xml,v 1.446 2009/11/26 00:20:28 each Exp $ -->
+<!-- File: $Id: Bv9ARM-book.xml,v 1.447 2009/11/28 15:57:37 vjs Exp $ -->
 <book xmlns:xi="http://www.w3.org/2001/XInclude">
   <title>BIND 9 Administrator Reference Manual</title>
 
@@ -6251,6 +6251,10 @@ options {
                   to DNS clients unless they have connections to the IPv6
                   Internet.  This is not recommended unless absolutely
                   necessary.  The default is <userinput>no</userinput>.
+                  The <command>filter-aaaa-on-v4</command> option
+                  may also be specified in <command>view</command> statements
+                  to override the global <command>filter-aaaa-on-v4</command>
+                  option.
                 </para>
                 <para>
                   If <userinput>yes</userinput>,

diff --git a/lib/dns/include/dns/view.h b/lib/dns/include/dns/view.h
index b29d7ba14f8acae5f6baa50e09c221e9d31259c4..ab369ef489b62f9b953cc2795780128a909e3966 100644 (file)
--- a/lib/dns/include/dns/view.h
+++ b/lib/dns/include/dns/view.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: view.h,v 1.119 2009/10/27 22:46:13 each Exp $ */
+/* $Id: view.h,v 1.120 2009/11/28 15:57:37 vjs Exp $ */
 
 #ifndef DNS_VIEW_H
 #define DNS_VIEW_H 1
@@ -153,6 +153,9 @@ struct dns_view {
        dns_name_t *                    dlv;
        dns_fixedname_t                 dlv_fixed;
        isc_uint16_t                    maxudp;
+#ifdef ALLOW_FILTER_AAAA_ON_V4
+       dns_v4_aaaa_t                   v4_aaaa;
+#endif
 
        /*
         * Configurable data for server use only,

diff --git a/lib/dns/view.c b/lib/dns/view.c
index e9185cf8769a5b0fcf3e3a6f556c7f381c016cbb..6850f2f5020277ee825a4f7b3997985d6911726b 100644 (file)
--- a/lib/dns/view.c
+++ b/lib/dns/view.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: view.c,v 1.158 2009/11/12 23:30:36 marka Exp $ */
+/* $Id: view.c,v 1.159 2009/11/28 15:57:37 vjs Exp $ */
 
 /*! \file */
 
@@ -177,6 +177,9 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass,
        view->flush = ISC_FALSE;
        view->dlv = NULL;
        view->maxudp = 0;
+#ifdef ALLOW_FILTER_AAAA_ON_V4
+       view->v4_aaaa = dns_v4_aaaa_ok;
+#endif
        dns_fixedname_init(&view->dlv_fixed);
 
 #ifdef BIND9

diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c
index c38de43203dd0450b3eb6300a55012378ba9eeba..30c02411f1743845ca25ed86442721a1e2d61a07 100644 (file)
--- a/lib/isccfg/namedconf.c
+++ b/lib/isccfg/namedconf.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: namedconf.c,v 1.110 2009/10/26 23:14:54 each Exp $ */
+/* $Id: namedconf.c,v 1.111 2009/11/28 15:57:37 vjs Exp $ */
 
 /*! \file */
 
@@ -877,9 +877,6 @@ options_clauses[] = {
        { "use-ixfr", &cfg_type_boolean, 0 },
        { "version", &cfg_type_qstringornone, 0 },
        { "flush-zones-on-shutdown", &cfg_type_boolean, 0 },
-#ifdef ALLOW_FILTER_AAAA_ON_V4
-       { "filter-aaaa-on-v4", &cfg_type_v4_aaaa, 0 },
-#endif
        { NULL, NULL, 0 }
 };
 
@@ -1049,6 +1046,9 @@ view_clauses[] = {
        { "transfer-format", &cfg_type_transferformat, 0 },
        { "use-queryport-pool", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
        { "zero-no-soa-ttl-cache", &cfg_type_boolean, 0 },
+#ifdef ALLOW_FILTER_AAAA_ON_V4
+       { "filter-aaaa-on-v4", &cfg_type_v4_aaaa, 0 },
+#endif
        { NULL, NULL, 0 }
 };