X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=chiark-utils.git;a=blobdiff_plain;f=scripts%2Fnamed-conf;h=378119183362b3c2c013fba3d172150866ef6e9d;hp=054ba0f96920e0e69c82eec619c5c3294e79696f;hb=861bcfb80879271bfd728b73277e15ffa86419ac;hpb=b04f7c34c3862490d8068e72311f5c50427abb0c

diff --git a/scripts/named-conf b/scripts/named-conf
index 054ba0f..3781191 100755
--- a/scripts/named-conf
+++ b/scripts/named-conf
@@ -8,7 +8,7 @@ use POSIX;
 use vars qw($quis
 	    $mode $doall
 	    $etcfile $where
-	    $debug $needglue $localonly $verbosity);
+	    $debug $needglue $localonly $repeat $verbosity);
 
 $quis= $0; $quis =~ s,.*/,,;
 
@@ -77,7 +77,7 @@ usage: named-conf-regen [options] -f|-y|-n|<zone>...\n".
 " -l --localonly full checks only on zones which we primary\n".
 " -q --quiet     no output for OK zones\n".
 " -r --repeat    repeat warnings for all sources of imperfect data\n".
-" -v --verbose   extra verbose info about each zone\n"
+" -v --verbose   extra verbose info about each zone\n".
 " -C|--config <DIR/FILE  use FILE as default config and DIR as default dir\n";
 }
 
@@ -92,8 +92,8 @@ $slave_dir= 'slave';
 $slave_prefix= '';
 $slave_suffix= '';
 
-use vars qw(@self_ns @self_soa @self_addr @forbid_addr);
-@self_ns= @self_soa= @self_addr= @forbid_addr= ();
+use vars qw(@self_ns @self_soa @self_addr @forbid_addr @conv_glueless);
+@self_ns= @self_soa= @self_addr= @forbid_addr= @conv_glueless= ();
 
 use vars qw(%zone_cfg @zone_cfg_list);
 %zone_cfg= ();
@@ -146,6 +146,8 @@ sub read_config ($) {
 	    @self= split /\s+/, $2;
 	    @self_ns= @self if $1 ne '-soa';
 	    @self_soa= @self if $1 ne '-ns';
+	} elsif (m/^serverless\-glueless\s+(\S.*\S)/) {
+	    @conv_glueless= split /\s+/, $1;
 	} elsif (m/^self\-addr\s+([0-9. \t]+)/) {
 	    @self_addr= split /\s+/, $1;
 	} elsif (m/^forbid\-addr(?:\s+([0-9. \t]+))?/) {
@@ -263,6 +265,7 @@ sub process_zones (@) {
     local ($zone,$cfg);
 
     foreach $zone (@zones) {
+	zone_reset();
 	$cfg= $zone_cfg{$zone} || {
 	    'style_p' => 'foreign',
 	    's' => 'f',
@@ -289,13 +292,22 @@ sub process_zones (@) {
 	if $warnings;
 }
 
+use vars qw(%delgs); # $delgs{$nameserver_list} = [ $whosaidandwhy ]
+use vars qw(%auths); # $auths{$nameserver_list} = [ $whosaidandwhy ]
+use vars qw(%glue);  # $glue{$name}{$addr_list} = [ $whosaidandwhy ]
+use vars qw(%soas);  # $soa{"$origin $serial"} = [ $whosaidandwhy ]
+use vars qw(%addr_is_ok %warned);
+use vars qw($delg_to_us);
+use vars qw(@to_check); # ($addr,$whyask,$is_auth,$glueless_ok, ...)
+use vars qw(@to_check_soa); # ($addr,$whyask, ...)
+
 sub zone_warning ($$) {
     my ($w,$o) = @_;
     my ($wk);
 
     $wk= $w;
     $wk =~ s/,.*// if !$repeat;
-    return 0 if $$warned{$w}{$wk}++;
+    return 0 if $warned{$w}{$wk}++;
 
     $w =~ s/\n$//;
     $w =~ s,\n, // ,g;
@@ -309,17 +321,7 @@ sub zone_warnmore ($) {
     print STDERR "$zone:  $_[0]\n" or die $!;
 }
 
-use vars qw(%delgs); # $delgs{$nameserver_list} = [ $whosaidandwhy ]
-use vars qw(%auths); # $auths{$nameserver_list} = [ $whosaidandwhy ]
-use vars qw(%glue);  # $glue{$name}{$addr_list} = [ $whosaidandwhy ]
-use vars qw(%soas);  # $soa{"$origin $serial"} = [ $whosaidandwhy ]
-use vars qw(%addr_is_ok %warned);
-use vars qw($delg_to_us);
-use vars qw(@to_check); # ($addr,$whyask,$is_auth,$glueless_ok, ...)
-use vars qw(@to_check_soa); # ($addr,$whyask, ...)
-
 sub zone_check_full () {
-    zone_reset();
     zone_investigate();
     zone_consistency();
     zone_servers_ok();
@@ -365,7 +367,7 @@ sub zone_investigate() {
 	    zone_check_nsrrset($addr, $wa, $is_auth, $glueless_ok);
 	} elsif (($addr,$wa,@to_check_soa) = @to_check_soa) {
 	    next if $soa_checked{$addr}++;
-	    zone_check_soa($addr, $wa, "NS [$uaddr]");
+	    zone_check_soa($addr, $wa, "NS [$addr]");
 	} else {
 	    last;
 	}
@@ -400,7 +402,8 @@ sub zone_check_nsrrset ($$$$) {
 	if (!@glue) {
 	    zone_warning("glueless NS $s,".($needglue<=1 ? " (eg)" : ""),
 			 $ww)
-		unless $glueless_ok || !$needglue;
+		unless $glueless_ok || !$needglue ||
+		       grep { has_suffix_of($s,".$_"); } @conv_glueless;
 	    next;
 	}
 	$glue= join ' ', sort @glue;
@@ -413,8 +416,15 @@ sub zone_check_nsrrset ($$$$) {
 
 sub zone_server_addr ($$$$$) {
     my ($addr,$name,$ww,$wwq,$is_soa) = @_;
+    my ($cg);
     $addr_is_ok{$addr}= "$name ($wwq)"
 	if $is_soa || $cfg->{'s'} =~ m/u/;
+    foreach $cg (@conv_glueless) {
+	next unless has_suffix_of(".$name",".$cg");
+	zone_warning("nameserver [$addr] $name in serverless-glueless".
+		     " namespace area $cg",
+		     $ww);
+    }
     zone_warning("configured as stealth but we [$addr] $name are published",
 		 $ww)
 	if $cfg->{'s'} =~ m/u/ && grep { $_ eq $addr } @self_addr;
@@ -438,9 +448,10 @@ sub zone_server_addr ($$$$$) {
 
 sub zone_check_soa ($$$) {
     my ($uaddr,$wa,$waq) = @_;
-    my ($lame,$origin,$got,$rcode,@soa_addrs,$soa_addr,$wwn);
-    verbose("checking service at $wwq");
+    my ($lame,$origin,$got,$rcode,@soa_addrs,$soa_addr,$ww,$wwn);
+    verbose("checking service at [$uaddr] $waq");
     $lame= 'dead or lame';
+    $ww= "[$uaddr] $wa";
     dig(sub {
 	if ($dig_type eq 'flags:') {
 	    $lame= $dig_rdata =~ m/ aa / ? '' : 'lame';
@@ -456,8 +467,8 @@ sub zone_check_soa ($$$) {
     if ($lame) { zone_warning("$lame server [$uaddr]",$wa); return; }
     push @{ $soas{$got} }, $ww;
     ($rcode,@soa_addrs)= lookup($origin,'a','0');
+    $wwn= "SOA ORIGIN from $ww";
     foreach $soa_addr (@soa_addrs) {
-	$wwn= "SOA ORIGIN from $ww";
 	zone_server_addr($soa_addr,$origin,$wwn,"SOA [$uaddr]",1);
 	push @to_check, $soa_addr, "$origin, $wwn";
     }
@@ -519,7 +530,6 @@ sub zone_consistency_set ($%) {
 }
 
 sub zone_check_local () {
-    zone_reset();
     zone_servers_simplefind();
     zone_servers_ok();
 }
@@ -621,6 +631,13 @@ sub debug_trace ($) {
     print "D $_[0]\n";
 }
 
+sub has_suffix_of ($$) {
+    my ($whole,$suffix);
+    return 0 if length $whole < length $suffix;
+    return 0 if substr($whole, length($whole) - length($suffix)) ne $suffix;
+    return 1;
+}
+
 sub lookup ($$$) {
     my ($domain,$type,$okrcodes) = @_;
     my ($c,$h,@result);