+3876. [bug] Improve efficiency of DLZ redirect zones by
+ suppressing unnecessary database lookups. [RT #35835]
+
3875. [cleanup] Clarify log message when unable to read private
key files. [RT #24702]
* Lookup the requested data in the redirect zone.
*/
result = dns_db_findext(db, client->query.qname, dbversion->version,
- qtype, 0, client->now, &node, found, &cm, &ci,
- &trdataset, NULL);
+ qtype, DNS_DBFIND_NOZONECUT, client->now,
+ &node, found, &cm, &ci, &trdataset, NULL);
if (result != ISC_R_SUCCESS) {
if (dns_rdataset_isassociated(&trdataset))
dns_rdataset_disassociate(&trdataset);
# v6synth
SUBDIRS="acl additional allow_query addzone autosign builtin
cacheclean case checkconf @CHECKDS@ checknames checkzone
- @COVERAGE@ database dlv dlvauto dlz dlzexternal dlzredir
+ @COVERAGE@ database dlv dlvauto dlz dlzexternal
dname dns64 dnssec dsdigest dscp ecdsa emptyzones filter-aaaa
formerr forward geoip glue gost ixfr inline limits logfileconfig
lwresd masterfile masterformat metadata notify nsupdate pending
isc_sockaddr_t *src;
char full_name[256];
char buf[512];
+ static char last[256] = { 0 };
+ static int count = 0;
int i;
UNUSED(zone);
if (strcmp(name, "@") == 0) {
strncpy(full_name, state->zone_name, 255);
full_name[255] = '\0';
- } else
+ } else if (strcmp(state->zone_name, ".") == 0)
+ snprintf(full_name, 255, "%s.", name);
+ else
snprintf(full_name, 255, "%s.%s", name, state->zone_name);
+ /*
+ * For test purposes, log all calls to dlz_lookup()
+ */
+ if (strncasecmp(full_name, last, 255) == 0)
+ count++;
+ else {
+ count = 1;
+ strncpy(last, full_name, 255);
+ }
+ state->log(ISC_LOG_INFO, "lookup #%d for %s", count, full_name);
+
/*
* If we need to know the database version (as set in
* the 'newversion' dlz function) we can pick it up from the
if (dbversion != NULL && *(isc_boolean_t *)dbversion)
state->log(ISC_LOG_INFO,
"dlz_example: lookup against live "
- "transaction\n");
+ "transaction");
}
if (strcmp(name, "source-addr") == 0) {
}
state->log(ISC_LOG_INFO,
- "dlz_example: lookup connection from %s\n", buf);
+ "dlz_example: lookup connection from %s", buf);
found = ISC_TRUE;
result = state->putrr(lookup, "TXT", 0, buf);
return (result);
}
+ /* Tests for DLZ redirection zones */
+ if (strcmp(name, "*") == 0 && strcmp(zone, ".") == 0) {
+ result = state->putrr(lookup, "A", 0, "100.100.100.2");
+ found = ISC_TRUE;
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ }
+
+ if (strcmp(name, "long.name.is.not.there") == 0 &&
+ strcmp(zone, ".") == 0)
+ {
+ result = state->putrr(lookup, "A", 0, "100.100.100.3");
+ found = ISC_TRUE;
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ }
+
+ /* Answer from current records */
for (i = 0; i < MAX_RECORDS; i++) {
if (strcasecmp(state->current[i].name, full_name) == 0) {
found = ISC_TRUE;
/*
- * Copyright (C) 2011-2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2011-2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
search no;
};
+dlz redzone {
+ database "dlopen ../driver.so .";
+ search no;
+};
+
zone zone.nil {
type master;
dlz unsearched2;
};
+
+zone "." {
+ type redirect;
+ dlz redzone;
+};
+
+zone "." {
+ type master;
+ file "root.db";
+};
-; Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
. $SYSTEMTESTTOP/conf.sh
status=0
+n=0
DIGOPTS="@10.53.0.1 -p 5300"
+newtest() {
+ n=`expr $n + 1`
+ echo "${1} (${n})"
+ ret=0
+}
+
test_update() {
host="$1"
type="$2"
send
EOF
- echo "I:testing update for $host $type $cmd $comment"
+ newtest "I:testing update for $host $type $cmd${comment:+ }$comment"
$NSUPDATE -k ns1/ddns.key ns1/update.txt > /dev/null 2>&1 || {
[ "$should_fail" ] || \
echo "I:update failed for $host $type $cmd"
return 0
}
-ret=0
-
test_update testdc1.example.nil. A "86400 A 10.53.0.10" "10.53.0.10" || ret=1
status=`expr $status + $ret`
test_update deny.example.nil. TXT "86400 TXT helloworld" "helloworld" should_fail && ret=1
status=`expr $status + $ret`
-echo "I:testing prerequisites are checked correctly"
-ret=0
+newtest "I:testing prerequisites are checked correctly"
cat > ns1/update.txt << EOF
server 10.53.0.1 5300
prereq nxdomain testdc3.example.nil
[ "$ret" -eq 0 ] || echo "I:failed"
status=`expr $status + $ret`
-echo "I:testing passing client info into DLZ driver"
-ret=0
+newtest "I:testing passing client info into DLZ driver"
out=`$DIG $DIGOPTS +short -t txt -q source-addr.example.nil | grep -v '^;'`
addr=`eval echo "$out" | cut -f1 -d'#'`
[ "$addr" = "10.53.0.1" ] || ret=1
[ "$ret" -eq 0 ] || echo "I:failed"
status=`expr $status + $ret`
-ret=0
-echo "I:testing DLZ driver is cleaned up on reload"
+newtest "I:testing DLZ driver is cleaned up on reload"
$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 reload 2>&1 | sed 's/^/I:ns1 /'
for i in 0 1 2 3 4 5 6 7 8 9; do
ret=0
[ "$ret" -eq 0 ] || echo "I:failed"
status=`expr $status + $ret`
-ret=0
-echo "I:testing multiple DLZ drivers"
+newtest "I:testing multiple DLZ drivers"
test_update testdc1.alternate.nil. A "86400 A 10.53.0.10" "10.53.0.10" || ret=1
status=`expr $status + $ret`
-ret=0
-echo "I:testing AXFR from DLZ drivers"
-$DIG $DIGOPTS +noall +answer axfr example.nil > dig.out.ns1.1
-n=`cat dig.out.ns1.1 | wc -l`
-[ "$n" -eq 4 ] || ret=1
-$DIG $DIGOPTS +noall +answer axfr alternate.nil > dig.out.ns1.2
-n=`cat dig.out.ns1.2 | wc -l`
-[ "$n" -eq 5 ] || ret=1
+newtest "I:testing AXFR from DLZ drivers"
+$DIG $DIGOPTS +noall +answer axfr example.nil > dig.out.ns1.test$n
+lines=`cat dig.out.ns1.test$n | wc -l`
+[ ${lines:-0} -eq 4 ] || ret=1
+$DIG $DIGOPTS +noall +answer axfr alternate.nil > dig.out.ns1.test$n
+lines=`cat dig.out.ns1.test$n | wc -l`
+[ ${lines:-0} -eq 5 ] || ret=1
[ "$ret" -eq 0 ] || echo "I:failed"
status=`expr $status + $ret`
-ret=0
-echo "I:testing unsearched/unregistered DLZ zone is not found"
-$DIG $DIGOPTS +noall +answer ns other.nil > dig.out.ns1.3
-grep "3600.IN.NS.other.nil." dig.out.ns1.3 > /dev/null && ret=1
+newtest "I:testing unsearched/unregistered DLZ zone is not found"
+$DIG $DIGOPTS +noall +answer ns other.nil > dig.out.ns1.test$n
+grep "3600.IN.NS.other.nil." dig.out.ns1.test$n > /dev/null && ret=1
[ "$ret" -eq 0 ] || echo "I:failed"
status=`expr $status + $ret`
-ret=0
-echo "I:testing unsearched/registered DLZ zone is found"
-$DIG $DIGOPTS +noall +answer ns zone.nil > dig.out.ns1.4
-grep "3600.IN.NS.zone.nil." dig.out.ns1.4 > /dev/null || ret=1
+newtest "I:testing unsearched/registered DLZ zone is found"
+$DIG $DIGOPTS +noall +answer ns zone.nil > dig.out.ns1.test$n
+grep "3600.IN.NS.zone.nil." dig.out.ns1.test$n > /dev/null || ret=1
[ "$ret" -eq 0 ] || echo "I:failed"
status=`expr $status + $ret`
-ret=0
-echo "I:testing unsearched/registered DLZ zone is found"
-$DIG $DIGOPTS +noall +answer ns zone.nil > dig.out.ns1.5
-grep "3600.IN.NS.zone.nil." dig.out.ns1.5 > /dev/null || ret=1
+newtest "I:testing unsearched/registered DLZ zone is found"
+$DIG $DIGOPTS +noall +answer ns zone.nil > dig.out.ns1.test$n
+grep "3600.IN.NS.zone.nil." dig.out.ns1.test$n > /dev/null || ret=1
[ "$ret" -eq 0 ] || echo "I:failed"
status=`expr $status + $ret`
-ret=0
-echo "I:testing correct behavior with findzone returning ISC_R_NOMORE"
+newtest "I:testing correct behavior with findzone returning ISC_R_NOMORE"
$DIG $DIGOPTS +noall a test.example.com > /dev/null 2>&1 || ret=1
# we should only find one logged lookup per searched DLZ database
lines=`grep "dlz_findzonedb.*test\.example\.com.*example.nil" ns1/named.run | wc -l`
[ "$ret" -eq 0 ] || echo "I:failed"
status=`expr $status + $ret`
-ret=0
-echo "I:testing findzone can return different results per client"
+newtest "I:testing findzone can return different results per client"
$DIG $DIGOPTS -b 10.53.0.1 +noall a test.example.net > /dev/null 2>&1 || ret=1
# we should only find one logged lookup per searched DLZ database
lines=`grep "dlz_findzonedb.*example\.net.*example.nil" ns1/named.run | wc -l`
[ "$ret" -eq 0 ] || echo "I:failed"
status=`expr $status + $ret`
-ret=0
-echo "I:testing zone returning oversized data"
-$DIG $DIGOPTS txt too-long.example.nil > dig.out.ns1.6 2>&1 || ret=1
-grep "status: SERVFAIL" dig.out.ns1.6 > /dev/null || ret=1
+newtest "I:testing zone returning oversized data"
+$DIG $DIGOPTS txt too-long.example.nil > dig.out.ns1.test$n 2>&1 || ret=1
+grep "status: SERVFAIL" dig.out.ns1.test$n > /dev/null || ret=1
[ "$ret" -eq 0 ] || echo "I:failed"
status=`expr $status + $ret`
-ret=0
-echo "I:testing zone returning oversized data at zone origin"
-$DIG $DIGOPTS txt bigcname.domain > dig.out.ns1.7 2>&1 || ret=1
-grep "status: SERVFAIL" dig.out.ns1.7 > /dev/null || ret=1
+newtest "I:testing zone returning oversized data at zone origin"
+$DIG $DIGOPTS txt bigcname.domain > dig.out.ns1.test$n 2>&1 || ret=1
+grep "status: SERVFAIL" dig.out.ns1.test$n > /dev/null || ret=1
[ "$ret" -eq 0 ] || echo "I:failed"
status=`expr $status + $ret`
+newtest "I:checking redirected lookup for nonexistent name"
+$DIG $DIGOPTS @10.53.0.1 unexists a > dig.out.ns1.test$n || ret=1
+grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
+grep "^unexists.*A.*100.100.100.2" dig.out.ns1.test$n > /dev/null || ret=1
+grep "flags:[^;]* aa[ ;]" dig.out.ns1.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+newtest "I:checking redirected lookup for a long nonexistent name"
+$DIG $DIGOPTS @10.53.0.1 long.name.is.not.there a > dig.out.ns1.test$n || ret=1
+grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
+grep "^long.name.*A.*100.100.100.3" dig.out.ns1.test$n > /dev/null || ret=1
+grep "flags:[^;]* aa[ ;]" dig.out.ns1.test$n > /dev/null || ret=1
+lookups=`grep "lookup #.*\.not\.there" ns1/named.run | wc -l`
+[ "$lookups" -eq 1 ] || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
exit $status
+++ /dev/null
-#!/bin/sh
-#
-# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
-#
-# Permission to use, copy, modify, and/or distribute this software for any
-# purpose with or without fee is hereby granted, provided that the above
-# copyright notice and this permission notice appear in all copies.
-#
-# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-# PERFORMANCE OF THIS SOFTWARE.
-
-# $Id: clean.sh,v 1.2 2010/08/16 04:46:15 marka Exp $
-
-rm -f dig.out.*
-rm -f */named.memstats
-rm -f */named.run
+++ /dev/null
-Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
-See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
-
-$Id: NS=10=example.com.=,v 1.1 2010/08/16 04:46:15 marka Exp $
-
-The contents of this file is not read by the filesystem driver.
-This is the file for "NS 10 example.com.".
+++ /dev/null
-Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
-See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
-
-$Id: NS=10=example.com.=,v 1.1 2010/08/16 04:46:15 marka Exp $
-
-The contents of this file is not read by the filesystem driver.
-This is the file for "NS 10 example.com.".
+++ /dev/null
-Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
-See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
-
-$Id: SOA=10=ns.example.com.=root.example.com.=2010062900=0=0=0=10=,v 1.1 2010/08/16 04:46:15 marka Exp $
-
-The contents of this file is not read by the filesystem driver.
-This is the file for "SOA 10 ns.example.com. root.example.com. 2010062900 0 0 0 10".
+++ /dev/null
-/*
- * Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id: named.conf,v 1.2 2010/08/16 04:46:15 marka Exp $ */
-
-controls { /* empty */ };
-
-options {
- query-source address 10.53.0.1;
- notify-source 10.53.0.1;
- transfer-source 10.53.0.1;
- port 5300;
- pid-file "named.pid";
- listen-on { 10.53.0.1; };
- listen-on-v6 { none; };
- recursion no;
-};
-
-dlz fszone {
- database "filesystem dns-root/ dns.d xfr.d 0 =";
- search no;
-};
-
-zone "." {
- type redirect;
- dlz fszone;
-};
-
-zone "." {
- type master;
- file "root.db";
-};
+++ /dev/null
-#!/bin/sh
-#
-# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
-#
-# Permission to use, copy, modify, and/or distribute this software for any
-# purpose with or without fee is hereby granted, provided that the above
-# copyright notice and this permission notice appear in all copies.
-#
-# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-# PERFORMANCE OF THIS SOFTWARE.
-
-# $Id: prereq.sh.in,v 1.2 2011/04/19 22:30:52 each Exp $
-
-TOP=${SYSTEMTESTTOP:=.}/../../../..
-
-if [ "@DLZ_SYSTEM_TEST@" != "filesystem" ]; then
- echo "I:DLZ filesystem driver not supported"
- exit 255
-fi
-exit 0
+++ /dev/null
-#!/bin/sh
-#
-# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
-#
-# Permission to use, copy, modify, and/or distribute this software for any
-# purpose with or without fee is hereby granted, provided that the above
-# copyright notice and this permission notice appear in all copies.
-#
-# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-# PERFORMANCE OF THIS SOFTWARE.
-
-# $Id: tests.sh,v 1.4 2011/04/19 23:47:52 tbox Exp $
-
-SYSTEMTESTTOP=..
-. $SYSTEMTESTTOP/conf.sh
-
-status=0
-n=0
-
-rm -f dig.out.*
-
-DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p 5300"
-
-echo "I:checking query for existing name ($n)"
-ret=0
-$DIG $DIGOPTS @10.53.0.1 exists a > dig.out.ns1.test$n || ret=1
-grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
-grep "exists.*A.*10.10.10.10" dig.out.ns1.test$n > /dev/null || ret=1
-grep "flags:[^;]* aa[ ;]" dig.out.ns1.test$n > /dev/null || ret=1
-n=`expr $n + 1`
-if [ $ret != 0 ]; then echo "I:failed"; fi
-status=`expr $status + $ret`
-
-echo "I:checking query for nonexistent name ($n)"
-ret=0
-$DIG $DIGOPTS @10.53.0.1 unexists a > dig.out.ns1.test$n || ret=1
-grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
-grep "unexists.*A.*100.100.100.2" dig.out.ns1.test$n > /dev/null || ret=1
-grep "flags:[^;]* aa[ ;]" dig.out.ns1.test$n > /dev/null || ret=1
-n=`expr $n + 1`
-if [ $ret != 0 ]; then echo "I:failed"; fi
-status=`expr $status + $ret`
-
-echo "I:exit status: $status"
-exit $status
# elsewhere if there's a good reason for doing so.
#
-ac_config_files="$ac_config_files make/Makefile make/mkdep Makefile bin/Makefile bin/check/Makefile bin/confgen/Makefile bin/confgen/unix/Makefile bin/delv/Makefile bin/dig/Makefile bin/dnssec/Makefile bin/named/Makefile bin/named/unix/Makefile bin/nsupdate/Makefile bin/pkcs11/Makefile bin/python/Makefile bin/python/dnssec-checkds.py bin/python/dnssec-coverage.py bin/rndc/Makefile bin/tests/Makefile bin/tests/atomic/Makefile bin/tests/db/Makefile bin/tests/dst/Makefile bin/tests/dst/Kdh.+002+18602.key bin/tests/dst/Kdh.+002+18602.private bin/tests/dst/Kdh.+002+48957.key bin/tests/dst/Kdh.+002+48957.private bin/tests/dst/Ktest.+001+00002.key bin/tests/dst/Ktest.+001+54622.key bin/tests/dst/Ktest.+001+54622.private bin/tests/dst/Ktest.+003+23616.key bin/tests/dst/Ktest.+003+23616.private bin/tests/dst/Ktest.+003+49667.key bin/tests/dst/dst_2_data bin/tests/dst/t2_data_1 bin/tests/dst/t2_data_2 bin/tests/dst/t2_dsasig bin/tests/dst/t2_rsasig bin/tests/hashes/Makefile bin/tests/headerdep_test.sh bin/tests/master/Makefile bin/tests/mem/Makefile bin/tests/names/Makefile bin/tests/net/Makefile bin/tests/pkcs11/Makefile bin/tests/pkcs11/benchmarks/Makefile bin/tests/rbt/Makefile bin/tests/resolver/Makefile bin/tests/sockaddr/Makefile bin/tests/system/Makefile bin/tests/system/conf.sh bin/tests/system/dlz/prereq.sh bin/tests/system/dlzexternal/Makefile bin/tests/system/dlzexternal/ns1/named.conf bin/tests/system/dlzredir/prereq.sh bin/tests/system/filter-aaaa/Makefile bin/tests/system/geoip/Makefile bin/tests/system/inline/checkdsa.sh bin/tests/system/lwresd/Makefile bin/tests/system/sit/prereq.sh bin/tests/system/rpz/Makefile bin/tests/system/rsabigexponent/Makefile bin/tests/system/tkey/Makefile bin/tests/system/tsiggss/Makefile bin/tests/tasks/Makefile bin/tests/timers/Makefile bin/tests/virtual-time/Makefile bin/tests/virtual-time/conf.sh bin/tools/Makefile contrib/scripts/check-secure-delegation.pl contrib/scripts/zone-edit.sh doc/Makefile doc/arm/Makefile doc/doxygen/Doxyfile doc/doxygen/Makefile doc/doxygen/doxygen-input-filter doc/misc/Makefile doc/xsl/Makefile doc/xsl/isc-docbook-chunk.xsl doc/xsl/isc-docbook-html.xsl doc/xsl/isc-docbook-latex.xsl doc/xsl/isc-manpage.xsl isc-config.sh lib/Makefile lib/bind9/Makefile lib/bind9/include/Makefile lib/bind9/include/bind9/Makefile lib/dns/Makefile lib/dns/include/Makefile lib/dns/include/dns/Makefile lib/dns/include/dst/Makefile lib/dns/tests/Makefile lib/irs/Makefile lib/irs/include/Makefile lib/irs/include/irs/Makefile lib/irs/include/irs/netdb.h lib/irs/include/irs/platform.h lib/isc/$arch/Makefile lib/isc/$arch/include/Makefile lib/isc/$arch/include/isc/Makefile lib/isc/$thread_dir/Makefile lib/isc/$thread_dir/include/Makefile lib/isc/$thread_dir/include/isc/Makefile lib/isc/Makefile lib/isc/include/Makefile lib/isc/include/isc/Makefile lib/isc/include/isc/platform.h lib/isc/include/pk11/Makefile lib/isc/include/pkcs11/Makefile lib/isc/tests/Makefile lib/isc/nls/Makefile lib/isc/unix/Makefile lib/isc/unix/include/Makefile lib/isc/unix/include/isc/Makefile lib/isc/unix/include/pkcs11/Makefile lib/isccc/Makefile lib/isccc/include/Makefile lib/isccc/include/isccc/Makefile lib/isccfg/Makefile lib/isccfg/include/Makefile lib/isccfg/include/isccfg/Makefile lib/lwres/Makefile lib/lwres/include/Makefile lib/lwres/include/lwres/Makefile lib/lwres/include/lwres/netdb.h lib/lwres/include/lwres/platform.h lib/lwres/man/Makefile lib/lwres/unix/Makefile lib/lwres/unix/include/Makefile lib/lwres/unix/include/lwres/Makefile lib/tests/Makefile lib/tests/include/Makefile lib/tests/include/tests/Makefile lib/samples/Makefile lib/samples/Makefile-postinstall unit/Makefile unit/unittest.sh"
+ac_config_files="$ac_config_files make/Makefile make/mkdep Makefile bin/Makefile bin/check/Makefile bin/confgen/Makefile bin/confgen/unix/Makefile bin/delv/Makefile bin/dig/Makefile bin/dnssec/Makefile bin/named/Makefile bin/named/unix/Makefile bin/nsupdate/Makefile bin/pkcs11/Makefile bin/python/Makefile bin/python/dnssec-checkds.py bin/python/dnssec-coverage.py bin/rndc/Makefile bin/tests/Makefile bin/tests/atomic/Makefile bin/tests/db/Makefile bin/tests/dst/Makefile bin/tests/dst/Kdh.+002+18602.key bin/tests/dst/Kdh.+002+18602.private bin/tests/dst/Kdh.+002+48957.key bin/tests/dst/Kdh.+002+48957.private bin/tests/dst/Ktest.+001+00002.key bin/tests/dst/Ktest.+001+54622.key bin/tests/dst/Ktest.+001+54622.private bin/tests/dst/Ktest.+003+23616.key bin/tests/dst/Ktest.+003+23616.private bin/tests/dst/Ktest.+003+49667.key bin/tests/dst/dst_2_data bin/tests/dst/t2_data_1 bin/tests/dst/t2_data_2 bin/tests/dst/t2_dsasig bin/tests/dst/t2_rsasig bin/tests/hashes/Makefile bin/tests/headerdep_test.sh bin/tests/master/Makefile bin/tests/mem/Makefile bin/tests/names/Makefile bin/tests/net/Makefile bin/tests/pkcs11/Makefile bin/tests/pkcs11/benchmarks/Makefile bin/tests/rbt/Makefile bin/tests/resolver/Makefile bin/tests/sockaddr/Makefile bin/tests/system/Makefile bin/tests/system/conf.sh bin/tests/system/dlz/prereq.sh bin/tests/system/dlzexternal/Makefile bin/tests/system/dlzexternal/ns1/named.conf bin/tests/system/filter-aaaa/Makefile bin/tests/system/geoip/Makefile bin/tests/system/inline/checkdsa.sh bin/tests/system/lwresd/Makefile bin/tests/system/sit/prereq.sh bin/tests/system/rpz/Makefile bin/tests/system/rsabigexponent/Makefile bin/tests/system/tkey/Makefile bin/tests/system/tsiggss/Makefile bin/tests/tasks/Makefile bin/tests/timers/Makefile bin/tests/virtual-time/Makefile bin/tests/virtual-time/conf.sh bin/tools/Makefile contrib/scripts/check-secure-delegation.pl contrib/scripts/zone-edit.sh doc/Makefile doc/arm/Makefile doc/doxygen/Doxyfile doc/doxygen/Makefile doc/doxygen/doxygen-input-filter doc/misc/Makefile doc/xsl/Makefile doc/xsl/isc-docbook-chunk.xsl doc/xsl/isc-docbook-html.xsl doc/xsl/isc-docbook-latex.xsl doc/xsl/isc-manpage.xsl isc-config.sh lib/Makefile lib/bind9/Makefile lib/bind9/include/Makefile lib/bind9/include/bind9/Makefile lib/dns/Makefile lib/dns/include/Makefile lib/dns/include/dns/Makefile lib/dns/include/dst/Makefile lib/dns/tests/Makefile lib/irs/Makefile lib/irs/include/Makefile lib/irs/include/irs/Makefile lib/irs/include/irs/netdb.h lib/irs/include/irs/platform.h lib/isc/$arch/Makefile lib/isc/$arch/include/Makefile lib/isc/$arch/include/isc/Makefile lib/isc/$thread_dir/Makefile lib/isc/$thread_dir/include/Makefile lib/isc/$thread_dir/include/isc/Makefile lib/isc/Makefile lib/isc/include/Makefile lib/isc/include/isc/Makefile lib/isc/include/isc/platform.h lib/isc/include/pk11/Makefile lib/isc/include/pkcs11/Makefile lib/isc/tests/Makefile lib/isc/nls/Makefile lib/isc/unix/Makefile lib/isc/unix/include/Makefile lib/isc/unix/include/isc/Makefile lib/isc/unix/include/pkcs11/Makefile lib/isccc/Makefile lib/isccc/include/Makefile lib/isccc/include/isccc/Makefile lib/isccfg/Makefile lib/isccfg/include/Makefile lib/isccfg/include/isccfg/Makefile lib/lwres/Makefile lib/lwres/include/Makefile lib/lwres/include/lwres/Makefile lib/lwres/include/lwres/netdb.h lib/lwres/include/lwres/platform.h lib/lwres/man/Makefile lib/lwres/unix/Makefile lib/lwres/unix/include/Makefile lib/lwres/unix/include/lwres/Makefile lib/tests/Makefile lib/tests/include/Makefile lib/tests/include/tests/Makefile lib/samples/Makefile lib/samples/Makefile-postinstall unit/Makefile unit/unittest.sh"
#
"bin/tests/system/dlz/prereq.sh") CONFIG_FILES="$CONFIG_FILES bin/tests/system/dlz/prereq.sh" ;;
"bin/tests/system/dlzexternal/Makefile") CONFIG_FILES="$CONFIG_FILES bin/tests/system/dlzexternal/Makefile" ;;
"bin/tests/system/dlzexternal/ns1/named.conf") CONFIG_FILES="$CONFIG_FILES bin/tests/system/dlzexternal/ns1/named.conf" ;;
- "bin/tests/system/dlzredir/prereq.sh") CONFIG_FILES="$CONFIG_FILES bin/tests/system/dlzredir/prereq.sh" ;;
"bin/tests/system/filter-aaaa/Makefile") CONFIG_FILES="$CONFIG_FILES bin/tests/system/filter-aaaa/Makefile" ;;
"bin/tests/system/geoip/Makefile") CONFIG_FILES="$CONFIG_FILES bin/tests/system/geoip/Makefile" ;;
"bin/tests/system/inline/checkdsa.sh") CONFIG_FILES="$CONFIG_FILES bin/tests/system/inline/checkdsa.sh" ;;
bin/tests/system/dlz/prereq.sh
bin/tests/system/dlzexternal/Makefile
bin/tests/system/dlzexternal/ns1/named.conf
- bin/tests/system/dlzredir/prereq.sh
bin/tests/system/filter-aaaa/Makefile
bin/tests/system/geoip/Makefile
bin/tests/system/inline/checkdsa.sh
#define DNS_DBFIND_COVERINGNSEC 0x0040
#define DNS_DBFIND_FORCENSEC3 0x0080
#define DNS_DBFIND_ADDITIONALOK 0x0100
+#define DNS_DBFIND_NOZONECUT 0x0200
/*@}*/
/*@{*/
* \li If the #DNS_DBFIND_NOWILD option is set, then wildcard matching will
* be disabled. This option is only meaningful for zone databases.
*
+ * \li If the #DNS_DBFIND_NOZONECUT option is set, the database is
+ * assumed to contain no zone cuts above 'name'. An implementation
+ * may therefore choose to search for a match beginning at 'name'
+ * rather than walking down the tree to check check for delegations.
+ * If #DNS_DBFIND_NOWILD is not set, wildcard matching will be
+ * attempted at each node starting at the direct ancestor of 'name'
+ * and working up to the zone origin. This option is only meaningful
+ * when querying redirect zones.
+ *
* \li If the #DNS_DBFIND_FORCENSEC option is set, the database is assumed to
* have NSEC records, and these will be returned when appropriate. This
* is only necessary when querying a database that was not secure
* that it is correct. This only affects answers returned from the
* cache.
*
- * \li In the #DNS_DBFIND_FORCENSEC3 option is set, then we are looking
+ * \li If the #DNS_DBFIND_FORCENSEC3 option is set, then we are looking
* in the NSEC3 tree and not the main tree. Without this option being
* set NSEC3 records will not be found.
*
#endif
/*
- * Forward references. Try to keep these to a minimum.
+ * Forward references.
*/
+static isc_result_t getnodedata(dns_db_t *db, dns_name_t *name,
+ isc_boolean_t create, unsigned int options,
+ dns_clientinfomethods_t *methods,
+ dns_clientinfo_t *clientinfo,
+ dns_dbnode_t **nodep);
static void list_tordataset(dns_rdatalist_t *rdatalist,
dns_db_t *db, dns_dbnode_t *node,
}
static isc_result_t
-findnodeext(dns_db_t *db, dns_name_t *name, isc_boolean_t create,
- dns_clientinfomethods_t *methods, dns_clientinfo_t *clientinfo,
- dns_dbnode_t **nodep)
+getnodedata(dns_db_t *db, dns_name_t *name, isc_boolean_t create,
+ unsigned int options, dns_clientinfomethods_t *methods,
+ dns_clientinfo_t *clientinfo, dns_dbnode_t **nodep)
{
dns_sdlz_db_t *sdlz = (dns_sdlz_db_t *)db;
dns_sdlznode_t *node = NULL;
unsigned int labels;
labels = dns_name_countlabels(name) -
- dns_name_countlabels(&db->origin);
+ dns_name_countlabels(&sdlz->common.origin);
dns_name_init(&relname, NULL);
dns_name_getlabelsequence(name, 0, labels, &relname);
result = dns_name_totext(&relname, ISC_TRUE, &b);
methods, clientinfo);
/*
- * if the host (namestr) was not found, try to lookup a
- * "wildcard" host.
+ * If the name was not found and DNS_DBFIND_NOWILD is not
+ * set, then we try to find a wildcard entry.
+ *
+ * If DNS_DBFIND_NOZONECUT is set and there are multiple
+ * levels between the host and the zone origin, we also look
+ * for wildcards at each level.
*/
- if (result == ISC_R_NOTFOUND && !create)
- result = sdlz->dlzimp->methods->lookup(zonestr, "*",
+ if (result == ISC_R_NOTFOUND && !create &&
+ (options & DNS_DBFIND_NOWILD) == 0)
+ {
+ unsigned int i, dlabels, nlabels;
+
+ nlabels = dns_name_countlabels(name);
+ dlabels = nlabels - dns_name_countlabels(&sdlz->common.origin);
+ for (i = 0; i < dlabels; i++) {
+ char wildstr[DNS_NAME_MAXTEXT + 1];
+ dns_fixedname_t fixed;
+ dns_name_t *wild;
+
+ dns_fixedname_init(&fixed);
+ if (i == dlabels)
+ wild = dns_wildcardname;
+ else {
+ wild = dns_fixedname_name(&fixed);
+ dns_name_getlabelsequence(name, i + 1,
+ dlabels - i - 1,
+ wild);
+ result = dns_name_concatenate(dns_wildcardname,
+ wild, wild, NULL);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ }
+
+ isc_buffer_init(&b, wildstr, sizeof(wildstr));
+ result = dns_name_totext(wild, ISC_TRUE, &b);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ isc_buffer_putuint8(&b, 0);
+
+ result = sdlz->dlzimp->methods->lookup(zonestr, wildstr,
sdlz->dlzimp->driverarg,
sdlz->dbdata, node,
methods, clientinfo);
+ if (result == ISC_R_SUCCESS)
+ break;
+ }
+ }
MAYBE_UNLOCK(sdlz->dlzimp);
return (ISC_R_SUCCESS);
}
+static isc_result_t
+findnodeext(dns_db_t *db, dns_name_t *name, isc_boolean_t create,
+ dns_clientinfomethods_t *methods, dns_clientinfo_t *clientinfo,
+ dns_dbnode_t **nodep)
+{
+ return (getnodedata(db, name, create, 0, methods, clientinfo, nodep));
+}
+
static isc_result_t
findnode(dns_db_t *db, dns_name_t *name, isc_boolean_t create,
dns_dbnode_t **nodep)
{
- return (findnodeext(db, name, create, NULL, NULL, nodep));
+ return (getnodedata(db, name, create, 0, NULL, NULL, nodep));
}
static isc_result_t
version == (void*)&sdlz->dummy_version ||
version == sdlz->future_version);
- UNUSED(options);
UNUSED(sdlz);
if (!dns_name_issubdomain(name, &db->origin))
result = DNS_R_NXDOMAIN;
+ /*
+ * If we're not walking down searching for zone
+ * cuts, we can cut straight to the chase
+ */
+ if ((options & DNS_DBFIND_NOZONECUT) != 0) {
+ i = nlabels;
+ goto search;
+ }
+
for (i = olabels; i <= nlabels; i++) {
+ search:
/*
* Look up the next label.
*/
dns_name_getlabelsequence(name, nlabels - i, i, xname);
- result = findnodeext(db, xname, ISC_FALSE,
+ result = getnodedata(db, xname, ISC_FALSE, options,
methods, clientinfo, &node);
if (result == ISC_R_NOTFOUND) {
result = DNS_R_NXDOMAIN;
/*
* Look for an NS at the current label, unless this is the
- * origin or glue is ok.
+ * origin, glue is ok, or there are known to be no zone cuts.
*/
- if (i != olabels && (options & DNS_DBFIND_GLUEOK) == 0) {
+ if (i != olabels && (options & DNS_DBFIND_GLUEOK) == 0 &&
+ (options & DNS_DBFIND_NOZONECUT) == 0)
+ {
result = findrdataset(db, node, version,
dns_rdatatype_ns, 0, now,
rdataset, sigrdataset);
- if (result == ISC_R_SUCCESS) {
- if (i == nlabels && type == dns_rdatatype_any)
- {
- result = DNS_R_ZONECUT;
- dns_rdataset_disassociate(rdataset);
- if (sigrdataset != NULL &&
- dns_rdataset_isassociated
- (sigrdataset)) {
- dns_rdataset_disassociate
- (sigrdataset);
- }
- } else
- result = DNS_R_DELEGATION;
+
+ if (result == ISC_R_SUCCESS &&
+ i == nlabels && type == dns_rdatatype_any)
+ {
+ result = DNS_R_ZONECUT;
+ dns_rdataset_disassociate(rdataset);
+ if (sigrdataset != NULL &&
+ dns_rdataset_isassociated(sigrdataset))
+ dns_rdataset_disassociate(sigrdataset);
+ break;
+ } else if (result == ISC_R_SUCCESS) {
+ result = DNS_R_DELEGATION;
break;
}
}
if (sdlz->dlzimp->methods->newversion == NULL)
return (ISC_R_NOTIMPLEMENTED);
- result = findnodeext(db, &sdlz->common.origin, ISC_FALSE,
- NULL, NULL, nodep);
+ result = getnodedata(db, &sdlz->common.origin, ISC_FALSE,
+ 0, NULL, NULL, nodep);
if (result != ISC_R_SUCCESS)
sdlz_log(ISC_LOG_ERROR, "sdlz getoriginnode failed: %s",
isc_result_totext(result));
./bin/tests/system/dlzexternal/driver.c C 2011,2012,2013,2014
./bin/tests/system/dlzexternal/driver.h C 2011
./bin/tests/system/dlzexternal/ns1/.gitignore X 2012
-./bin/tests/system/dlzexternal/ns1/named.conf.in CONF-C 2011,2012,2013
+./bin/tests/system/dlzexternal/ns1/named.conf.in CONF-C 2011,2012,2013,2014
+./bin/tests/system/dlzexternal/ns1/root.db ZONE 2014
./bin/tests/system/dlzexternal/prereq.sh SH 2010,2011,2012,2014
./bin/tests/system/dlzexternal/setup.sh SH 2010,2012,2014
./bin/tests/system/dlzexternal/tests.sh SH 2010,2011,2012,2013,2014
-./bin/tests/system/dlzredir/.gitignore X 2012
-./bin/tests/system/dlzredir/clean.sh SH 2012
-./bin/tests/system/dlzredir/ns1/dns-root/dns.d/-/A=10=100.100.100.2= X 2012
-./bin/tests/system/dlzredir/ns1/dns-root/dns.d/@/NS=10=root.= X 2012
-./bin/tests/system/dlzredir/ns1/dns-root/dns.d/@/SOA=10=ns.root.=root.root.=2012051500=0=0=0=10= X 2012
-./bin/tests/system/dlzredir/ns1/named.conf CONF-C 2012
-./bin/tests/system/dlzredir/ns1/root.db ZONE 2012
-./bin/tests/system/dlzredir/prereq.sh.in SH 2012
-./bin/tests/system/dlzredir/tests.sh SH 2012
./bin/tests/system/dname/clean.sh SH 2011,2012
./bin/tests/system/dname/ns1/named.conf CONF-C 2011
./bin/tests/system/dname/ns1/root.db ZONE 2011
projects / thirdparty / bind9.git / commitdiff
