|
 |
07bac3 |
From 7e7fc71357309c1646eee51d82ab515472c62346 Mon Sep 17 00:00:00 2001
|
|
|
07bac3 |
From: Evan Hunt <each@isc.org>
|
|
|
07bac3 |
Date: Tue, 20 Jan 2015 16:10:30 -0800
|
|
|
07bac3 |
Subject: [PATCH] add keep-response-order option warning
|
|
|
07bac3 |
|
|
|
07bac3 |
Support keep-response-order ACL on input, but do not take any action
|
|
|
07bac3 |
setting it. Used as backward compatibility after support for pipelining
|
|
|
07bac3 |
and TCP connection reusage were again removed.
|
|
|
07bac3 |
---
|
|
|
07bac3 |
bin/named/config.c | 1 +
|
|
|
07bac3 |
bin/named/server.c | 11 ++++++++++
|
|
|
07bac3 |
bin/tests/named.conf | 3 ++-
|
|
|
07bac3 |
.../checkconf/bad-keep-response-order.conf | 21 +++++++++++++++++++
|
|
|
07bac3 |
bin/tests/system/checkconf/bad-many.conf | 3 ++-
|
|
|
07bac3 |
bin/tests/system/checkconf/good.conf | 3 +++
|
|
|
07bac3 |
lib/bind9/check.c | 4 ++--
|
|
|
07bac3 |
lib/isccfg/namedconf.c | 1 +
|
|
|
07bac3 |
8 files changed, 43 insertions(+), 4 deletions(-)
|
|
|
07bac3 |
create mode 100644 bin/tests/system/checkconf/bad-keep-response-order.conf
|
|
|
07bac3 |
|
|
|
07bac3 |
diff --git a/bin/named/config.c b/bin/named/config.c
|
|
|
07bac3 |
index 22d8a85..515cc4f 100644
|
|
|
07bac3 |
--- a/bin/named/config.c
|
|
|
07bac3 |
+++ b/bin/named/config.c
|
|
|
07bac3 |
@@ -72,6 +72,7 @@ options {\n\
|
|
|
07bac3 |
heartbeat-interval 60;\n\
|
|
|
07bac3 |
host-statistics no;\n\
|
|
|
07bac3 |
interface-interval 60;\n\
|
|
|
07bac3 |
+# keep-response-order {any;};\n\
|
|
|
07bac3 |
listen-on {any;};\n\
|
|
|
07bac3 |
listen-on-v6 {none;};\n\
|
|
|
07bac3 |
match-mapped-addresses no;\n\
|
|
|
07bac3 |
diff --git a/bin/named/server.c b/bin/named/server.c
|
|
|
07bac3 |
index e8f19d3..0ee47af 100644
|
|
|
07bac3 |
--- a/bin/named/server.c
|
|
|
07bac3 |
+++ b/bin/named/server.c
|
|
|
07bac3 |
@@ -4987,6 +4987,7 @@ load_configuration(const char *filename, ns_server_t *server,
|
|
|
07bac3 |
const cfg_obj_t *options;
|
|
|
07bac3 |
const cfg_obj_t *usev4ports, *avoidv4ports, *usev6ports, *avoidv6ports;
|
|
|
07bac3 |
const cfg_obj_t *views;
|
|
|
07bac3 |
+ dns_acl_t *keepresporder=NULL;
|
|
|
07bac3 |
dns_view_t *view = NULL;
|
|
|
07bac3 |
dns_view_t *view_next;
|
|
|
07bac3 |
dns_viewlist_t tmpviewlist;
|
|
|
07bac3 |
@@ -5207,6 +5208,16 @@ load_configuration(const char *filename, ns_server_t *server,
|
|
|
07bac3 |
dns_dispatchmgr_setblackhole(ns_g_dispatchmgr,
|
|
|
07bac3 |
server->blackholeacl);
|
|
|
07bac3 |
|
|
|
07bac3 |
+ CHECK(configure_view_acl(NULL, config, "keep-response-order", NULL,
|
|
|
07bac3 |
+ ns_g_aclconfctx, ns_g_mctx,
|
|
|
07bac3 |
+ &keepresporder));
|
|
|
07bac3 |
+ if (keepresporder != NULL) {
|
|
|
07bac3 |
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
|
|
|
07bac3 |
+ NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
|
|
|
07bac3 |
+ "keep-response-order option is ignored and can be safely removed");
|
|
|
07bac3 |
+ dns_acl_detach(&keepresporder);
|
|
|
07bac3 |
+ }
|
|
|
07bac3 |
+
|
|
|
07bac3 |
obj = NULL;
|
|
|
07bac3 |
result = ns_config_get(maps, "match-mapped-addresses", &obj);
|
|
|
07bac3 |
INSIST(result == ISC_R_SUCCESS);
|
|
|
07bac3 |
diff --git a/bin/tests/named.conf b/bin/tests/named.conf
|
|
|
07bac3 |
index 722d262..5b40045 100644
|
|
|
07bac3 |
--- a/bin/tests/named.conf
|
|
|
07bac3 |
+++ b/bin/tests/named.conf
|
|
|
07bac3 |
@@ -1,5 +1,5 @@
|
|
|
07bac3 |
/*
|
|
|
07bac3 |
- * Copyright (C) 2004, 2007, 2011 Internet Systems Consortium, Inc. ("ISC")
|
|
|
07bac3 |
+ * Copyright (C) 2004, 2007, 2011, 2014 Internet Systems Consortium, Inc. ("ISC")
|
|
|
07bac3 |
* Copyright (C) 1999-2001 Internet Software Consortium.
|
|
|
07bac3 |
*
|
|
|
07bac3 |
* Permission to use, copy, modify, and/or distribute this software for any
|
|
|
07bac3 |
@@ -116,6 +116,7 @@ options {
|
|
|
07bac3 |
allow-transfer { any; };
|
|
|
07bac3 |
allow-recursion { !any; };
|
|
|
07bac3 |
blackhole { 45/24; };
|
|
|
07bac3 |
+ keep-response-order { 46/24; };
|
|
|
07bac3 |
|
|
|
07bac3 |
listen-on {
|
|
|
07bac3 |
10/24;
|
|
|
07bac3 |
diff --git a/bin/tests/system/checkconf/bad-keep-response-order.conf b/bin/tests/system/checkconf/bad-keep-response-order.conf
|
|
|
07bac3 |
new file mode 100644
|
|
|
07bac3 |
index 0000000..24c1f6c
|
|
|
07bac3 |
--- /dev/null
|
|
|
07bac3 |
+++ b/bin/tests/system/checkconf/bad-keep-response-order.conf
|
|
|
07bac3 |
@@ -0,0 +1,21 @@
|
|
|
07bac3 |
+/*
|
|
|
07bac3 |
+ * Copyright (C) 2015 Internet Systems Consortium, Inc. ("ISC")
|
|
|
07bac3 |
+ *
|
|
|
07bac3 |
+ * Permission to use, copy, modify, and/or distribute this software for any
|
|
|
07bac3 |
+ * purpose with or without fee is hereby granted, provided that the above
|
|
|
07bac3 |
+ * copyright notice and this permission notice appear in all copies.
|
|
|
07bac3 |
+ *
|
|
|
07bac3 |
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
|
|
|
07bac3 |
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
|
|
|
07bac3 |
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
|
|
|
07bac3 |
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
|
|
|
07bac3 |
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
|
|
|
07bac3 |
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
|
|
|
07bac3 |
+ * PERFORMANCE OF THIS SOFTWARE.
|
|
|
07bac3 |
+ */
|
|
|
07bac3 |
+
|
|
|
07bac3 |
+options {
|
|
|
07bac3 |
+ keep-response-order {
|
|
|
07bac3 |
+ does_not_exist;
|
|
|
07bac3 |
+ };
|
|
|
07bac3 |
+};
|
|
|
07bac3 |
diff --git a/bin/tests/system/checkconf/bad-many.conf b/bin/tests/system/checkconf/bad-many.conf
|
|
|
07bac3 |
index cfc4d02..09add87 100644
|
|
|
07bac3 |
--- a/bin/tests/system/checkconf/bad-many.conf
|
|
|
07bac3 |
+++ b/bin/tests/system/checkconf/bad-many.conf
|
|
|
07bac3 |
@@ -1,5 +1,5 @@
|
|
|
07bac3 |
/*
|
|
|
07bac3 |
- * Copyright (C) 2005, 2012 Internet Systems Consortium, Inc. ("ISC")
|
|
|
07bac3 |
+ * Copyright (C) 2005, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
|
|
|
07bac3 |
*
|
|
|
07bac3 |
* Permission to use, copy, modify, and/or distribute this software for any
|
|
|
07bac3 |
* purpose with or without fee is hereby granted, provided that the above
|
|
|
07bac3 |
@@ -33,6 +33,7 @@ options {
|
|
|
07bac3 |
host-statistics-max 100;
|
|
|
07bac3 |
hostname none;
|
|
|
07bac3 |
interface-interval 30;
|
|
|
07bac3 |
+ keep-response-order { 10.0.0.10/24; };
|
|
|
07bac3 |
listen-on port 90 { any; };
|
|
|
07bac3 |
listen-on port 100 { 127.0.0.1; };
|
|
|
07bac3 |
listen-on-v6 port 53 { none; };
|
|
|
07bac3 |
diff --git a/bin/tests/system/checkconf/good.conf b/bin/tests/system/checkconf/good.conf
|
|
|
07bac3 |
index cf7c745..43b0638 100644
|
|
|
07bac3 |
--- a/bin/tests/system/checkconf/good.conf
|
|
|
07bac3 |
+++ b/bin/tests/system/checkconf/good.conf
|
|
|
07bac3 |
@@ -44,6 +44,9 @@ options {
|
|
|
07bac3 |
host-statistics-max 100;
|
|
|
07bac3 |
hostname none;
|
|
|
07bac3 |
interface-interval 30;
|
|
|
07bac3 |
+ keep-response-order {
|
|
|
07bac3 |
+ 10.0.0.10/24;
|
|
|
07bac3 |
+ };
|
|
|
07bac3 |
listen-on port 90 {
|
|
|
07bac3 |
"any";
|
|
|
07bac3 |
};
|
|
|
07bac3 |
diff --git a/lib/bind9/check.c b/lib/bind9/check.c
|
|
|
07bac3 |
index 00c4b3e..d4803e2 100644
|
|
|
07bac3 |
--- a/lib/bind9/check.c
|
|
|
07bac3 |
+++ b/lib/bind9/check.c
|
|
|
07bac3 |
@@ -403,8 +403,8 @@ check_viewacls(cfg_aclconfctx_t *actx, const cfg_obj_t *voptions,
|
|
|
07bac3 |
|
|
|
07bac3 |
static const char *acls[] = { "allow-query", "allow-query-on",
|
|
|
07bac3 |
"allow-query-cache", "allow-query-cache-on",
|
|
|
07bac3 |
- "blackhole", "match-clients", "match-destinations",
|
|
|
07bac3 |
- "sortlist", "filter-aaaa", NULL };
|
|
|
07bac3 |
+ "blackhole", "keep-response-order", "match-clients",
|
|
|
07bac3 |
+ "match-destinations", "sortlist", "filter-aaaa", NULL };
|
|
|
07bac3 |
|
|
|
07bac3 |
while (acls[i] != NULL) {
|
|
|
07bac3 |
tresult = checkacl(acls[i++], actx, NULL, voptions, config,
|
|
|
07bac3 |
diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c
|
|
|
07bac3 |
index d9b1df1..f357c63 100644
|
|
|
07bac3 |
--- a/lib/isccfg/namedconf.c
|
|
|
07bac3 |
+++ b/lib/isccfg/namedconf.c
|
|
|
07bac3 |
@@ -959,6 +959,7 @@ options_clauses[] = {
|
|
|
07bac3 |
{ "host-statistics-max", &cfg_type_uint32, CFG_CLAUSEFLAG_NOTIMP },
|
|
|
07bac3 |
{ "hostname", &cfg_type_qstringornone, 0 },
|
|
|
07bac3 |
{ "interface-interval", &cfg_type_uint32, 0 },
|
|
|
07bac3 |
+ { "keep-response-order", &cfg_type_bracketed_aml, 0 },
|
|
|
07bac3 |
{ "listen-on", &cfg_type_listenon, CFG_CLAUSEFLAG_MULTI },
|
|
|
07bac3 |
{ "listen-on-v6", &cfg_type_listenon, CFG_CLAUSEFLAG_MULTI },
|
|
|
07bac3 |
{ "managed-keys-directory", &cfg_type_qstring, 0 },
|
|
|
07bac3 |
--
|
|
|
07bac3 |
2.20.1
|
|
|
07bac3 |
|