]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
report when NTAs added to multiple views
authorEvan Hunt <each@isc.org>
Wed, 15 Aug 2018 19:29:17 +0000 (12:29 -0700)
committerEvan Hunt <each@isc.org>
Mon, 10 Sep 2018 19:02:49 +0000 (12:02 -0700)
- the text returned by "rndc nta" when adding NTAs to multiple views
  was incorrectly terminated after the first line, so users only saw
  on NTA added unless they checked the logs.

bin/named/server.c
bin/tests/system/rndc/clean.sh
bin/tests/system/rndc/ns3/named.conf.in
bin/tests/system/rndc/tests.sh

index 602023c914ab09bbc3a8e61a5f8b98b45d16aad1..926dcf03d0e00fb65b6207a29c8b7c4677f655a7 100644 (file)
@@ -938,7 +938,8 @@ configure_view_dnsseckeys(dns_view_t *view, const cfg_obj_t *vconfig,
 
        /* We don't need trust anchors for the _bind view */
        if (strcmp(view->name, "_bind") == 0 &&
-           view->rdclass == dns_rdataclass_chaos) {
+           view->rdclass == dns_rdataclass_chaos)
+       {
                return (ISC_R_SUCCESS);
        }
 
@@ -14344,18 +14345,23 @@ named_server_nta(named_server_t *server, isc_lex_t *lex,
             view != NULL;
             view = ISC_LIST_NEXT(view, link))
        {
-               if (viewname != NULL &&
-                   strcmp(view->name, viewname) != 0)
+               static bool first = true;
+
+               if (viewname != NULL && strcmp(view->name, viewname) != 0) {
                        continue;
+               }
 
-               if (view->nta_lifetime == 0)
+               if (view->nta_lifetime == 0) {
                        continue;
+               }
 
-               if (!ttlset)
+               if (!ttlset) {
                        ntattl = view->nta_lifetime;
+               }
 
-               if (ntatable != NULL)
+               if (ntatable != NULL) {
                        dns_ntatable_detach(&ntatable);
+               }
 
                result = dns_view_getntatable(view, &ntatable);
                if (result == ISC_R_NOTFOUND) {
@@ -14378,6 +14384,11 @@ named_server_nta(named_server_t *server, isc_lex_t *lex,
                        isc_time_set(&t, when, 0);
                        isc_time_formattimestamp(&t, tbuf, sizeof(tbuf));
 
+                       if (!first) {
+                               CHECK(putstr(text, "\n"));
+                       }
+                       first = false;
+
                        CHECK(putstr(text, "Negative trust anchor added: "));
                        CHECK(putstr(text, namebuf));
                        CHECK(putstr(text, "/"));
@@ -14392,6 +14403,11 @@ named_server_nta(named_server_t *server, isc_lex_t *lex,
                } else {
                        CHECK(dns_ntatable_delete(ntatable, ntaname));
 
+                       if (!first) {
+                               CHECK(putstr(text, "\n"));
+                       }
+                       first = false;
+
                        CHECK(putstr(text, "Negative trust anchor removed: "));
                        CHECK(putstr(text, namebuf));
                        CHECK(putstr(text, "/"));
@@ -14411,11 +14427,10 @@ named_server_nta(named_server_t *server, isc_lex_t *lex,
                                      "for view '%s': %s",
                                      view->name, isc_result_totext(result));
                }
-
-               CHECK(putnull(text));
-
        }
 
+       CHECK(putnull(text));
+
  cleanup:
        if (msg != NULL) {
                (void) putstr(text, msg);
index 65393720bdbecb28ef1c09c5a90cd503392ae433..8609ce42116e8a1817f8dbdbce1158ba178a45c5 100644 (file)
@@ -25,3 +25,4 @@ rm -f nsupdate.out.*.test*
 rm -f python.out.*.test*
 rm -f rndc.out.*.test*
 rm -f ns*/managed-keys.bind* ns*/*.mkeys*
+rm -f ns*/*.nta
index e8dbfc4aeb9656d4401ea2bbaf8ce517ff092ce3..dd3529559e02729cdb96ed59232a336c82f3393b 100644 (file)
@@ -14,7 +14,6 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.3; };
        listen-on-v6 { none; };
-       recursion no;
 };
 
 key rndc_key {
@@ -31,8 +30,17 @@ controls {
        inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
 };
 
+view all {
+       match-clients { any; };
+
+       recursion no;
+
+       zone "." {
+               type hint;
+               file "../../common/root.hint";
+       };
+};
 
-zone "." {
-       type hint;
-       file "../../common/root.hint";
+view none {
+       match-clients { none; };
 };
index 488ee841a62952a160106af3b372aeb80f71bcbb..ae27ef1abf903678d6ca5a25d2b20c7e174bfcf8 100644 (file)
@@ -656,5 +656,14 @@ grep "address family not supported" rndc.out.1.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
+n=`expr $n + 1`
+echo_i "check rndc nta reports adding to multiple views ($n)"
+ret=0
+$RNDCCMD 10.53.0.3 nta test.com > rndc.out.test$n 2>&1 || ret=1
+lines=`cat rndc.out.test$n | wc -l`
+[ ${lines:-0} -eq 2 ] || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1