$slave_prefix= '';
$slave_suffix= '';
-use vars qw(@self_ns @self_soa @self_addr);
-@self_ns= @self_soa= @self_addr= ();
+use vars qw(@self_ns @self_soa @self_addr @forbid_addr);
+@self_ns= @self_soa= @self_addr= @forbid_addr= ();
use vars qw(%zone_cfg @zone_cfg_list);
%zone_cfg= ();
@self_soa= @self if $1 ne '-ns';
} elsif (m/^self\-addr\s+([0-9. \t]+)/) {
@self_addr= split /\s+/, $1;
+ } elsif (m/^forbid\-addr(?:\s+([0-9. \t]+))?/) {
+ @forbid_addr= defined $1 ? split /\s+/, $1 : ();
} elsif (m,^
primary\-dir ([*?]?)
\s+ (\S+)/([^/ \t]*)
use vars qw(%auths); # $auths{$nameserver_list} = [ $whosaidandwhy ]
use vars qw(%glue); # $glue{$name}{$addr_list} = [ $whosaidandwhy ]
use vars qw(%soas); # $soa{"$origin $serial"} = [ $whosaidandwhy ]
-use vars qw(%addr_is_ok %warned_glueless %warned_mynameaddr);
+use vars qw(%addr_is_ok %warned_glueless %warned_nameaddr);
use vars qw($delg_to_us);
use vars qw(@to_check); # ($addr,$whyask,$is_auth,$glueless_ok, ...)
use vars qw(@to_check_soa); # ($addr,$whyask, ...)
sub zone_reset() {
%delgs= %auths= %glue= %soas=
- %warned_glueless= %warned_mynameaddr=
+ %warned_glueless= %warned_nameaddr=
%addr_is_ok= ();
$delg_to_us= 0;
@to_check= @to_check_soa= ();
zone_warning("configured as stealth but we [$addr]".
" are published ($name $wwq)")
if $cfg->{'s'} =~ m/u/ && grep { $_ eq $addr } @self_addr;
+ zone_warning("forbidden nameserver address [$addr] $name ($wwq)")
+ if grep { $_ eq $addr } @forbid_addr;
my ($name_is_self, $addr_is_self);
$name_is_self= grep { $_ eq $name }
@{ $cfg->{'self_addr'} };
if ($name_is_self && !$addr_is_self) {
zone_warning("our name $name with wrong address [$addr], (eg) $ww")
- unless $warned_mynameaddr{$name}{$addr}++;
+ unless $warned_nameaddr{$name}{$addr}++;
} elsif (!$name_is_self && $addr_is_self) {
zone_warning(($is_soa ? "SOA ORIGIN maps to" : "allegedly served by").
" us [$addr] with wrong name $name, (eg) $ww")
- unless $warned_mynameaddr{$name}{$addr}++;
+ unless $warned_nameaddr{$name}{$addr}++;
}
$delg_to_us=1 if $name_is_self;
}