From f06dbb43881bdeedb7e91092231c9e426874945f Mon Sep 17 00:00:00 2001 From: ianmdlvl Date: Fri, 21 Sep 2007 22:55:47 +0000 Subject: [PATCH] - do not warn about glueful nameservers in serverless-glueless areas (since these can't cause problems). Thanks to Ben Harris for report and subsequent discussion. --- debian/changelog | 3 +++ scripts/named-conf | 14 ++++++-------- scripts/named-conf.8 | 7 ++++--- 3 files changed, 13 insertions(+), 11 deletions(-) diff --git a/debian/changelog b/debian/changelog index b341378..b819a92 100644 --- a/debian/changelog +++ b/debian/changelog @@ -6,6 +6,9 @@ chiark-utils (4.1.22) unstable; urgency=low - new forbid-slave directive - remove incorrect references to SOA ORIGIN - should be MNAME - allow config file to not exist. Closes: #274528. + - do not warn about glueful nameservers in serverless-glueless + areas (since these can't cause problems). Thanks to Ben Harris + for report and subsequent discussion. * chiark-backup Depends on chiark-utils-bin. Closes: #401611. -- diff --git a/scripts/named-conf b/scripts/named-conf index c9ae98d..fdfa404 100755 --- a/scripts/named-conf +++ b/scripts/named-conf @@ -554,7 +554,7 @@ sub zone_investigate() { sub zone_check_nsrrset ($$$$) { my ($uaddr,$wa, $name_if_auth, $glueless_ok) = @_; - my (@s, $s, $a, %s2g, @glue, $glue, $delgs_or_auths, $wwn, $ww); + my (@s, $s, $a, %s2g, @glue, $glue, $delgs_or_auths, $wwn, $ww, $cg); my ($rcode); $ww= "[$uaddr] $wa"; verbose("checking delegation by $ww"); @@ -589,6 +589,11 @@ sub zone_check_nsrrset ($$$$) { @{ $cfg->{'indirect_glue'} }) and !(grep { has_suffix_of($zone,".$_"); } @{ $cfg->{'indirect_glue'} })); + foreach $cg (@{ $cfg->{'conv_glueless'} }) { + zone_warning("nameserver $s (glueless) in". + " serverless-glueless namespace area $cg", $ww) + if has_suffix_of(".$s",".$cg"); + } ($rcode,@glue)= lookup($s,'a','0',"glueless NS from $ww"); foreach $a (@glue) { $wwn= "glueless NS from $ww"; @@ -605,14 +610,7 @@ sub zone_check_nsrrset ($$$$) { sub zone_ns_name ($$) { my ($name,$ww) = @_; - my ($cg); $delg_to_us=1 if grep { $name eq $_ } @{ $cfg->{'self_ns'} }; - foreach $cg (@{ $cfg->{'conv_glueless'} }) { - zone_warning("nameserver $name in serverless-glueless". - " namespace area $cg", - $ww) - if has_suffix_of(".$name",".$cg"); - } zone_warning("published server, as $name, but configured as stealth", $ww) if $cfg->{'s'} =~ m/u/ && diff --git a/scripts/named-conf.8 b/scripts/named-conf.8 index c72706e..57d5a93 100644 --- a/scripts/named-conf.8 +++ b/scripts/named-conf.8 @@ -181,7 +181,8 @@ to-be-obsoleted slaves. The default is no such addresses. .TP \fBserverless\-glueless\fP \fIdomain ...\fP Specifies a list of domains under which we do not expect to find any -nameservers; for these zones it is OK to find glueless referrals. +nameservers without glue; for these zones it is OK to find glueless +referrals. Each domain listed names a complete subtree of the DNS, starting at the named point. The default is .BR "in\-addr.arpa ip6.arpa ip6.int" . @@ -190,8 +191,8 @@ To avoid indefinitely long or even circularly glueless referrals (which delay or prevent lookups) it is necessary for all sites to effectively implement similar conventions; currently the author believes that only the reverse lookup namespaces are conventionally -devoid of nameservers, and therefore fine to provide glueless -referrals for. See GLUELESSNESS below. +devoid of (glueless) nameservers, and therefore fine to provide +glueless referrals for. See GLUELESSNESS below. .TP \fBallow-\-indirect\-glue\fP \fInameserver-superdomain ...\fP Specifies a list of domains under which we expect to find glueless -- 2.30.2