+3726. [cleanup] Clarified the error message when attempting
+ to configure more than 32 response-policy zones.
+ [RT #35283]
+
3725. [contrib] Updated zkt and nslint to newest versions,
cleaned up and rearranged the contrib
directory, and added a README.
rpz_obj = cfg_listelt_value(element);
- if (view->rpzs->p.num_zones >= DNS_RPZ_MAX_ZONES)
- return (ISC_R_NOMEMORY);
+ if (view->rpzs->p.num_zones >= DNS_RPZ_MAX_ZONES) {
+ cfg_obj_log(rpz_obj, ns_g_lctx, DNS_RPZ_ERROR_LEVEL,
+ "limit of %d response policy zones exceeded",
+ DNS_RPZ_MAX_ZONES);
+ return (ISC_R_FAILURE);
+ }
new = isc_mem_get(view->rpzs->mctx, sizeof(*new));
if (new == NULL) {
<command>allow-query { localhost; };</command>.
</para>
+ <para>
+ A <command>response-policy</command> option can support
+ multiple policy zones. To maximize performance, a radix
+ tree is used to quickly identify response policy zones
+ containing triggers that match the current query. This
+ imposes an upper limit of 32 on the number of policy zones
+ in a single <command>response-policy</option> option; more
+ than that is a configuration error.
+ </para>
+
<para>
Five policy triggers can be encoded in RPZ records.
<variablelist>
projects / thirdparty / bind9.git / commitdiff
