diff --git a/CHANGES b/CHANGES
index f6ace16749..4c230798db 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+5195. [bug] "allow-update" and "allow-update-forwarding" were
+ treated as configuration errors if used at the
+ options or view level. [GL #913]
+
5194. [bug] Enforce non empty ZOMEMD hash. [GL #899]
5193. [bug] EID and NIMLOC failed to do multi-line output
diff --git a/bin/named/server.c b/bin/named/server.c
index 6c77f779d4..5ec13dba0c 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -5021,8 +5021,9 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
/*
* Configure default allow-update and allow-update-forwarding ACLs,
- * so they can be inherited by zones. (Note these cannot be set at
- * options/view level.)
+ * so they can be inherited by zones. (XXX: These are not
+ * read from the options/view level here. However, they may be
+ * read from there in zoneconf.c:configure_zone_acl() later.)
*/
if (view->updateacl == NULL) {
CHECK(configure_view_acl(NULL, NULL, named_g_config,
diff --git a/bin/tests/system/checkconf/bad-allow-update-forwarding-view.conf b/bin/tests/system/checkconf/good-allow-update-forwarding-view.conf
similarity index 97%
rename from bin/tests/system/checkconf/bad-allow-update-forwarding-view.conf
rename to bin/tests/system/checkconf/good-allow-update-forwarding-view.conf
index 47f34950ad..0c2aeb8ddb 100644
--- a/bin/tests/system/checkconf/bad-allow-update-forwarding-view.conf
+++ b/bin/tests/system/checkconf/good-allow-update-forwarding-view.conf
@@ -9,6 +9,6 @@
* information regarding copyright ownership.
*/
-view {
+view one {
allow-update-forwarding { any; };
};
diff --git a/bin/tests/system/checkconf/bad-allow-update-forwarding.conf b/bin/tests/system/checkconf/good-allow-update-forwarding.conf
similarity index 100%
rename from bin/tests/system/checkconf/bad-allow-update-forwarding.conf
rename to bin/tests/system/checkconf/good-allow-update-forwarding.conf
diff --git a/bin/tests/system/checkconf/bad-allow-update-view.conf b/bin/tests/system/checkconf/good-allow-update-view.conf
similarity index 97%
rename from bin/tests/system/checkconf/bad-allow-update-view.conf
rename to bin/tests/system/checkconf/good-allow-update-view.conf
index 22c4361e1e..a893b9a2c5 100644
--- a/bin/tests/system/checkconf/bad-allow-update-view.conf
+++ b/bin/tests/system/checkconf/good-allow-update-view.conf
@@ -9,6 +9,6 @@
* information regarding copyright ownership.
*/
-view {
+view one {
allow-update { any; };
};
diff --git a/bin/tests/system/checkconf/bad-allow-update.conf b/bin/tests/system/checkconf/good-allow-update.conf
similarity index 100%
rename from bin/tests/system/checkconf/bad-allow-update.conf
rename to bin/tests/system/checkconf/good-allow-update.conf
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index 33d7499f0e..9213ef588b 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -7051,15 +7051,21 @@ options {
When set in the zone statement for
a master zone, specifies which hosts are allowed to
submit Dynamic DNS updates to that zone. The default
- is to deny updates from all hosts. This can only
- be set at the zone level, not in
- options or view.
+ is to deny updates from all hosts.
Note that allowing updates based on the
requestor's IP address is insecure; see
for details.
+
+ In general this option should only be set at the
+ zone level. While a default
+ value can be set at the options or
+ view level and inherited by zones,
+ this could lead to some zones unintentionally allowing
+ updates.
+
@@ -7072,9 +7078,7 @@ options {
submit Dynamic DNS updates and have them be forwarded
to the master. The default is
{ none; }, which means that no
- update forwarding will be performed. This can only be
- set at the zone level, not in
- options or view.
+ update forwarding will be performed.
To enable update forwarding, specify
@@ -7092,6 +7096,14 @@ options {
on insecure IP-address-based access control; see
for more details.
+
+ In general this option should only be set at the
+ zone level. While a default
+ value can be set at the options or
+ view level and inherited by zones,
+ this can lead to some zones unintentionally forwarding
+ updates.
+
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index 7be7509651..37ff53a7ac 100644
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -112,8 +112,13 @@
Bug Fixes
-
- None.
+
+ The allow-update and
+ allow-update-forwarding options were
+ inadvertently treated as configuration errors when used at the
+ options or view level.
+ This has now been corrected.
+ [GL #913]
diff --git a/lib/bind9/check.c b/lib/bind9/check.c
index 215e767de0..9dac1afc91 100644
--- a/lib/bind9/check.c
+++ b/lib/bind9/check.c
@@ -484,43 +484,6 @@ check_viewacls(cfg_aclconfctx_t *actx, const cfg_obj_t *voptions,
return (result);
}
-static isc_result_t
-check_non_viewacls(const cfg_obj_t *voptions, const cfg_obj_t *config,
- isc_log_t *logctx)
-{
- const cfg_obj_t *aclobj = NULL;
- const cfg_obj_t *options;
- const char *where = NULL;
- int i;
-
- static const char *acls[] = {
- "allow-update", "allow-update-forwarding", NULL
- };
-
- for (i = 0; acls[i] != NULL; i++) {
- if (voptions != NULL && aclobj == NULL) {
- cfg_map_get(voptions, acls[i], &aclobj);
- where = "view";
- }
- if (config != NULL && aclobj == NULL) {
- options = NULL;
- cfg_map_get(config, "options", &options);
- if (options != NULL) {
- cfg_map_get(options, acls[i], &aclobj);
- where = "options";
- }
- }
- if (aclobj != NULL) {
- cfg_obj_log(aclobj, logctx, ISC_LOG_ERROR,
- "'%s' can only be set per-zone, "
- "not in '%s'", acls[i], where);
- return (ISC_R_FAILURE);
- }
- }
-
- return (ISC_R_SUCCESS);
-}
-
static const unsigned char zeros[16];
static isc_result_t
@@ -3740,11 +3703,6 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
if (tresult != ISC_R_SUCCESS)
result = tresult;
- tresult = check_non_viewacls(voptions, config, logctx);
- if (tresult != ISC_R_SUCCESS) {
- result = tresult;
- }
-
tresult = check_recursionacls(actx, voptions, viewname,
config, logctx, mctx);
if (tresult != ISC_R_SUCCESS)