upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-03-01 04:50:50 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

A couple of RPZ options were not reconfigured as expected

Browse source 
[bug]	Changes to the RPZ response-policy min-update-interval
	and add-soa options now take effect as expected when
	named is reconfigured. [GL #3740]

(cherry picked from commit d8a3d328db)
This commit is contained in:
Tony Finch 2022-12-14 15:47:03 +00:00 committed by Tony Finch
parent 61c2337a1e
commit 08d0d24d3b
3 changed files with 25 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
CHANGES
View file

@ -1,3 +1,7 @@
6050. [bug] Changes to the RPZ response-policy min-update-interval
and add-soa options now take effect as expected when
named is reconfigured. [GL #3740]
6048. [bug] Fix a log message error in dns_catz_update_from_db(),
where serials with values of 2^31 or larger were logged
incorrectly as negative numbers. [GL #3742]

11
bin/named/server.c
View file

@ -2311,6 +2311,9 @@ configure_rpz_zone(dns_view_t *view, const cfg_listelt_t *element,
} else {
zone->max_policy_ttl = ttl_default;
}
if (*old_rpz_okp && zone->max_policy_ttl != old->max_policy_ttl) {
*old_rpz_okp = false;
}
obj = cfg_tuple_get(rpz_obj, "min-update-interval");
if (cfg_obj_isduration(obj)) {
@ -2318,8 +2321,9 @@ configure_rpz_zone(dns_view_t *view, const cfg_listelt_t *element,
} else {
zone->min_update_interval = minupdateinterval_default;
}
if (*old_rpz_okp && zone->max_policy_ttl != old->max_policy_ttl) {
if (*old_rpz_okp &&
zone->min_update_interval != old->min_update_interval)
{
*old_rpz_okp = false;
}
@ -2422,6 +2426,9 @@ configure_rpz_zone(dns_view_t *view, const cfg_listelt_t *element,
} else {
zone->addsoa = cfg_obj_asboolean(obj);
}
if (*old_rpz_okp && zone->addsoa != old->addsoa) {
*old_rpz_okp = false;
}
return (ISC_R_SUCCESS);
}

13
bin/tests/system/rpz/tests.sh
View file

@ -920,7 +920,18 @@ EOF
if [ native = "$mode" ]; then
t=`expr $t + 1`
echo_i "checking that "add-soa unset" works (${t})"
echo_i "reconfiguring server with 'add-soa no' (${t})"
cp ns3/named.conf ns3/named.conf.tmp
sed -e "s/add-soa yes/add-soa no/g" < ns3/named.conf.tmp > ns3/named.conf
rndc_reconfig ns3 $ns3
echo_i "checking that 'add-soa no' at response-policy level works (${t})"
$DIG walled.tld2 -p ${PORT} +noall +add @$ns3 > dig.out.${t}
grep "^manual-update-rpz\..*SOA" dig.out.${t} > /dev/null && setret "failed"
fi
if [ native = "$mode" ]; then
t=`expr $t + 1`
echo_i "checking that 'add-soa unset' works (${t})"
$DIG walled.tld2 -p ${PORT} +noall +add @$ns8 > dig.out.${t}
grep "^manual-update-rpz\..*SOA" dig.out.${t} > /dev/null || setret "failed"
fi