From cf63d32d55ffed0e7e1b9eacfecb3e751dc68674 Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Thu, 28 Jul 2011 03:18:17 +0000 Subject: [PATCH] 3136. [func] Add RFC 1918 reverse zones to the list of built-in empty zones switched on by the 'empty-zones-enable' option. [RT #24990] --- CHANGES | 4 +++ bin/named/server.c | 4 +-- bin/tests/system/resolver/ns7/named.conf | 4 ++- bin/tests/system/resolver/tests.sh | 46 +++++++++++++++++++++++- doc/arm/Bv9ARM-book.xml | 4 +-- 5 files changed, 54 insertions(+), 8 deletions(-) diff --git a/CHANGES b/CHANGES index a5e65a2562..b26c348341 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,7 @@ +3136. [func] Add RFC 1918 reverse zones to the list of built-in + empty zones switched on by the 'empty-zones-enable' + option. [RT #24990] + 3135. [port] FreeBSD: workaround broken IPV6_USE_MIN_MTU processing. See http://www.freebsd.org/cgi/query-pr.cgi?pr=158307 [RT #24950] diff --git a/bin/named/server.c b/bin/named/server.c index f13a9f9e7b..c9a9ac6635 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: server.c,v 1.614 2011/07/06 23:47:43 tbox Exp $ */ +/* $Id: server.c,v 1.615 2011/07/28 03:18:17 each Exp $ */ /*! \file */ @@ -222,7 +222,6 @@ static const struct { const char *zone; isc_boolean_t rfc1918; } empty_zones[] = { -#ifdef notyet /* RFC 1918 */ { "10.IN-ADDR.ARPA", ISC_TRUE }, { "16.172.IN-ADDR.ARPA", ISC_TRUE }, @@ -242,7 +241,6 @@ static const struct { { "30.172.IN-ADDR.ARPA", ISC_TRUE }, { "31.172.IN-ADDR.ARPA", ISC_TRUE }, { "168.192.IN-ADDR.ARPA", ISC_TRUE }, -#endif /* RFC 5735 and RFC 5737 */ { "0.IN-ADDR.ARPA", ISC_FALSE }, /* THIS NETWORK */ diff --git a/bin/tests/system/resolver/ns7/named.conf b/bin/tests/system/resolver/ns7/named.conf index 6b55a1a51d..a41afd0ebc 100644 --- a/bin/tests/system/resolver/ns7/named.conf +++ b/bin/tests/system/resolver/ns7/named.conf @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.4 2011/03/13 23:47:36 tbox Exp $ */ +/* $Id: named.conf,v 1.5 2011/07/28 03:18:17 each Exp $ */ // NS4 @@ -29,6 +29,8 @@ options { listen-on { 10.53.0.7; }; listen-on-v6 { none; }; recursion yes; + empty-zones-enable yes; + disable-empty-zone 20.172.in-addr.arpa; }; zone "." { diff --git a/bin/tests/system/resolver/tests.sh b/bin/tests/system/resolver/tests.sh index 3eef901f78..2cfe4a5345 100644 --- a/bin/tests/system/resolver/tests.sh +++ b/bin/tests/system/resolver/tests.sh @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.19 2011/03/13 23:47:35 tbox Exp $ +# $Id: tests.sh,v 1.20 2011/07/28 03:18:17 each Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh @@ -220,6 +220,50 @@ grep "From NS 4" dig.ns7.bar.${n} > /dev/null || ret=1 if [ $ret != 0 ]; then echo "I:failed"; status=1; fi +n=`expr $n + 1` +echo "I:checking empty RFC 1918 reverse zones ($n)" +ret=0 +# Check that "aa" is being set by the resolver for RFC 1918 zones +# except the one that has been deliberately disabled +$DIG @10.53.0.7 -p 5300 -x 10.1.1.1 > dig.ns4.out.1.${n} || ret=1 +grep 'flags: qr aa rd ra;' dig.ns4.out.1.${n} > /dev/null || ret=1 +$DIG @10.53.0.7 -p 5300 -x 192.168.1.1 > dig.ns4.out.2.${n} || ret=1 +grep 'flags: qr aa rd ra;' dig.ns4.out.2.${n} > /dev/null || ret=1 +$DIG @10.53.0.7 -p 5300 -x 172.16.1.1 > dig.ns4.out.3.${n} || ret=1 +grep 'flags: qr aa rd ra;' dig.ns4.out.3.${n} > /dev/null || ret=1 +$DIG @10.53.0.7 -p 5300 -x 172.17.1.1 > dig.ns4.out.4.${n} || ret=1 +grep 'flags: qr aa rd ra;' dig.ns4.out.4.${n} > /dev/null || ret=1 +$DIG @10.53.0.7 -p 5300 -x 172.18.1.1 > dig.ns4.out.5.${n} || ret=1 +grep 'flags: qr aa rd ra;' dig.ns4.out.5.${n} > /dev/null || ret=1 +$DIG @10.53.0.7 -p 5300 -x 172.19.1.1 > dig.ns4.out.6.${n} || ret=1 +grep 'flags: qr aa rd ra;' dig.ns4.out.6.${n} > /dev/null || ret=1 +$DIG @10.53.0.7 -p 5300 -x 172.21.1.1 > dig.ns4.out.7.${n} || ret=1 +grep 'flags: qr aa rd ra;' dig.ns4.out.7.${n} > /dev/null || ret=1 +$DIG @10.53.0.7 -p 5300 -x 172.22.1.1 > dig.ns4.out.8.${n} || ret=1 +grep 'flags: qr aa rd ra;' dig.ns4.out.8.${n} > /dev/null || ret=1 +$DIG @10.53.0.7 -p 5300 -x 172.23.1.1 > dig.ns4.out.9.${n} || ret=1 +grep 'flags: qr aa rd ra;' dig.ns4.out.9.${n} > /dev/null || ret=1 +$DIG @10.53.0.7 -p 5300 -x 172.24.1.1 > dig.ns4.out.11.${n} || ret=1 +grep 'flags: qr aa rd ra;' dig.ns4.out.11.${n} > /dev/null || ret=1 +$DIG @10.53.0.7 -p 5300 -x 172.25.1.1 > dig.ns4.out.12.${n} || ret=1 +grep 'flags: qr aa rd ra;' dig.ns4.out.12.${n} > /dev/null || ret=1 +$DIG @10.53.0.7 -p 5300 -x 172.26.1.1 > dig.ns4.out.13.${n} || ret=1 +grep 'flags: qr aa rd ra;' dig.ns4.out.13.${n} > /dev/null || ret=1 +$DIG @10.53.0.7 -p 5300 -x 172.27.1.1 > dig.ns4.out.14.${n} || ret=1 +grep 'flags: qr aa rd ra;' dig.ns4.out.14.${n} > /dev/null || ret=1 +$DIG @10.53.0.7 -p 5300 -x 172.28.1.1 > dig.ns4.out.15.${n} || ret=1 +grep 'flags: qr aa rd ra;' dig.ns4.out.15.${n} > /dev/null || ret=1 +$DIG @10.53.0.7 -p 5300 -x 172.29.1.1 > dig.ns4.out.16.${n} || ret=1 +grep 'flags: qr aa rd ra;' dig.ns4.out.16.${n} > /dev/null || ret=1 +$DIG @10.53.0.7 -p 5300 -x 172.30.1.1 > dig.ns4.out.17.${n} || ret=1 +grep 'flags: qr aa rd ra;' dig.ns4.out.17.${n} > /dev/null || ret=1 +$DIG @10.53.0.7 -p 5300 -x 172.31.1.1 > dig.ns4.out.18.${n} || ret=1 +grep 'flags: qr aa rd ra;' dig.ns4.out.18.${n} > /dev/null || ret=1 +# but this one should NOT be authoritative +$DIG @10.53.0.7 -p 5300 -x 172.20.1.1 > dig.ns4.out.19.${n} || ret=1 +grep 'flags: qr rd ra;' dig.ns4.out.19.${n} > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; status=1; fi + echo "I:exit status: $status" exit $status diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml index 5b62fb9012..59b73e4f83 100644 --- a/doc/arm/Bv9ARM-book.xml +++ b/doc/arm/Bv9ARM-book.xml @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> - + BIND 9 Administrator Reference Manual @@ -8950,7 +8950,6 @@ avoid-v6-udp-ports { 40000; range 50000 60000; }; The current list of empty zones is: - 0.IN-ADDR.ARPA 127.IN-ADDR.ARPA 254.169.IN-ADDR.ARPA