From: Michał Kępień Date: Tue, 9 Oct 2018 08:54:51 +0000 (+0200) Subject: Define a default master server list for the root zone X-Git-Tag: v9.13.4~99^2~3 X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=2c69734bcf00feef18eb61fbf48324a4688296c5;p=thirdparty%2Fbind9.git Define a default master server list for the root zone To minimize the effort required to set up IANA root zone mirroring, define a default master server list for the root zone and use it when that zone is to be mirrored and no master server list was explicitly specified. Contents of that list are taken from RFC 7706 and are subject to change in future releases. Since the static get_masters_def() function in bin/named/config.c does exactly what named_zone_configure() in bin/named/zoneconf.c needs to do, make the former non-static and use it in the latter to prevent code duplication. --- diff --git a/bin/named/config.c b/bin/named/config.c index f3c7b39a16e..9ce79bfd574 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -301,6 +301,21 @@ view \"_bind\" chaos {\n\ MANAGED_KEYS "# END MANAGED KEYS\n\ +\n\ +masters " DEFAULT_IANA_ROOT_ZONE_MASTERS " {\n\ + 2001:500:84::b; # b.root-servers.net\n\ + 2001:500:2f::f; # f.root-servers.net\n\ + 2001:7fd::1; # k.root-servers.net\n\ + 2620:0:2830:202::132; # xfr.cjr.dns.icann.org\n\ + 2620:0:2d0:202::132; # xfr.lax.dns.icann.org\n\ + 192.228.79.201; # b.root-servers.net\n\ + 192.33.4.12; # c.root-servers.net\n\ + 192.5.5.241; # f.root-servers.net\n\ + 192.112.36.4; # g.root-servers.net\n\ + 193.0.14.129; # k.root-servers.net\n\ + 192.0.47.132; # xfr.cjr.dns.icann.org\n\ + 192.0.32.132; # xfr.lax.dns.icann.org\n\ +};\n\ "; isc_result_t @@ -555,9 +570,9 @@ named_config_putiplist(isc_mem_t *mctx, isc_sockaddr_t **addrsp, } } -static isc_result_t -get_masters_def(const cfg_obj_t *cctx, const char *name, - const cfg_obj_t **ret) +isc_result_t +named_config_getmastersdef(const cfg_obj_t *cctx, const char *name, + const cfg_obj_t **ret) { isc_result_t result; const cfg_obj_t *masters = NULL; @@ -699,7 +714,8 @@ named_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list, break; if (j < l) continue; - tresult = get_masters_def(config, listname, &list); + tresult = named_config_getmastersdef(config, listname, + &list); if (tresult == ISC_R_NOTFOUND) { cfg_obj_log(addr, named_g_lctx, ISC_LOG_ERROR, "masters \"%s\" not found", listname); diff --git a/bin/named/include/named/config.h b/bin/named/include/named/config.h index ad69a162481..a3e3ae241da 100644 --- a/bin/named/include/named/config.h +++ b/bin/named/include/named/config.h @@ -22,6 +22,8 @@ #include #include +#define DEFAULT_IANA_ROOT_ZONE_MASTERS "_default_iana_root_zone_masters" + isc_result_t named_config_parsedefaults(cfg_parser_t *parser, cfg_obj_t **conf); @@ -57,6 +59,10 @@ void named_config_putiplist(isc_mem_t *mctx, isc_sockaddr_t **addrsp, isc_dscp_t **dscpsp, uint32_t count); +isc_result_t +named_config_getmastersdef(const cfg_obj_t *cctx, const char *name, + const cfg_obj_t **ret); + isc_result_t named_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list, isc_mem_t *mctx, dns_ipkeylist_t *ipkl); diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c index a1f2c5340ed..52264239e09 100644 --- a/bin/named/zoneconf.c +++ b/bin/named/zoneconf.c @@ -1753,6 +1753,18 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, count = 0; obj = NULL; (void)cfg_map_get(zoptions, "masters", &obj); + /* + * Use the built-in master server list if one was not + * explicitly specified and this is a root zone mirror. + */ + if (obj == NULL && ztype == dns_zone_mirror && + dns_name_equal(dns_zone_getorigin(zone), dns_rootname)) + { + result = named_config_getmastersdef(named_g_config, + DEFAULT_IANA_ROOT_ZONE_MASTERS, + &obj); + RETERR(result); + } if (obj != NULL) { dns_ipkeylist_t ipkl; dns_ipkeylist_init(&ipkl); diff --git a/bin/tests/system/checkconf/bad-mirror-explicit-notify-yes.conf b/bin/tests/system/checkconf/bad-mirror-explicit-notify-yes.conf index e0fabdff38c..8d5b28a792f 100644 --- a/bin/tests/system/checkconf/bad-mirror-explicit-notify-yes.conf +++ b/bin/tests/system/checkconf/bad-mirror-explicit-notify-yes.conf @@ -11,6 +11,5 @@ zone "." { type mirror; - masters { 127.0.0.1; }; notify yes; }; diff --git a/bin/tests/system/checkconf/bad-mirror-non-root-zone-without-masters.conf b/bin/tests/system/checkconf/bad-mirror-non-root-zone-without-masters.conf new file mode 100644 index 00000000000..e212bed6ac3 --- /dev/null +++ b/bin/tests/system/checkconf/bad-mirror-non-root-zone-without-masters.conf @@ -0,0 +1,14 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "foo." { + type mirror; +}; diff --git a/bin/tests/system/checkconf/bad-mirror-recursion-no.conf b/bin/tests/system/checkconf/bad-mirror-recursion-no.conf index 4dff2cadfd3..9b02f0dcb76 100644 --- a/bin/tests/system/checkconf/bad-mirror-recursion-no.conf +++ b/bin/tests/system/checkconf/bad-mirror-recursion-no.conf @@ -15,5 +15,4 @@ options { zone "." { type mirror; - masters { 127.0.0.1; }; }; diff --git a/bin/tests/system/checkconf/good-mirror-inherited-notify-yes.conf b/bin/tests/system/checkconf/good-mirror-inherited-notify-yes.conf index 14a29bf7b55..241a77ca0cf 100644 --- a/bin/tests/system/checkconf/good-mirror-inherited-notify-yes.conf +++ b/bin/tests/system/checkconf/good-mirror-inherited-notify-yes.conf @@ -15,5 +15,4 @@ options { zone "." { type mirror; - masters { 127.0.0.1; }; }; diff --git a/bin/tests/system/checkconf/good-mirror-root-zone-without-masters.conf b/bin/tests/system/checkconf/good-mirror-root-zone-without-masters.conf new file mode 100644 index 00000000000..1b7a1cdd6f3 --- /dev/null +++ b/bin/tests/system/checkconf/good-mirror-root-zone-without-masters.conf @@ -0,0 +1,14 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "." { + type mirror; +}; diff --git a/lib/bind9/check.c b/lib/bind9/check.c index 6f4cf798ece..ab944ebd784 100644 --- a/lib/bind9/check.c +++ b/lib/bind9/check.c @@ -2351,10 +2351,12 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions, } /* - * Slave, mirror, and stub zones must have a "masters" field. + * Slave, mirror, and stub zones must have a "masters" field, with one + * exception: when mirroring the root zone, a default, built-in master + * server list is used in the absence of one explicitly specified. */ - if (ztype == CFG_ZONE_SLAVE || ztype == CFG_ZONE_MIRROR || - ztype == CFG_ZONE_STUB) + if (ztype == CFG_ZONE_SLAVE || ztype == CFG_ZONE_STUB || + (ztype == CFG_ZONE_MIRROR && !dns_name_equal(zname, dns_rootname))) { obj = NULL; if (cfg_map_get(zoptions, "masters", &obj) != ISC_R_SUCCESS) { diff --git a/util/copyrights b/util/copyrights index c362e624bd3..9a19e34162a 100644 --- a/util/copyrights +++ b/util/copyrights @@ -599,6 +599,7 @@ ./bin/tests/system/checkconf/bad-maxttlmap.conf CONF-C 2014,2016,2018 ./bin/tests/system/checkconf/bad-mirror-allow-recursion-none.conf CONF-C 2018 ./bin/tests/system/checkconf/bad-mirror-explicit-notify-yes.conf CONF-C 2018 +./bin/tests/system/checkconf/bad-mirror-non-root-zone-without-masters.conf CONF-C 2018 ./bin/tests/system/checkconf/bad-mirror-recursion-no.conf CONF-C 2018 ./bin/tests/system/checkconf/bad-noddns.conf CONF-C 2014,2016,2018 ./bin/tests/system/checkconf/bad-options-also-notify.conf CONF-C 2016,2018 @@ -672,6 +673,7 @@ ./bin/tests/system/checkconf/good-maxcachettl.conf CONF-C 2018 ./bin/tests/system/checkconf/good-maxncachettl.conf CONF-C 2018 ./bin/tests/system/checkconf/good-mirror-inherited-notify-yes.conf CONF-C 2018 +./bin/tests/system/checkconf/good-mirror-root-zone-without-masters.conf CONF-C 2018 ./bin/tests/system/checkconf/good-nested.conf CONF-C 2015,2016,2018 ./bin/tests/system/checkconf/good-options-also-notify.conf CONF-C 2016,2018 ./bin/tests/system/checkconf/good-printtime.conf CONF-C 2016,2018