$slave_prefix= '';
$slave_suffix= '';
-use vars qw(@self_ns @self_soa @self_addr @forbid_addr);
-@self_ns= @self_soa= @self_addr= @forbid_addr= ();
+use vars qw(@self_ns @self_soa @self_addr @forbid_addr @conv_glueless);
+@self_ns= @self_soa= @self_addr= @forbid_addr= @conv_glueless= ();
use vars qw(%zone_cfg @zone_cfg_list);
%zone_cfg= ();
@self= split /\s+/, $2;
@self_ns= @self if $1 ne '-soa';
@self_soa= @self if $1 ne '-ns';
+ } elsif (m/^serverless\-glueless\s+(\S.*\S)/) {
+ @conv_glueless= split /\s+/, $1;
} elsif (m/^self\-addr\s+([0-9. \t]+)/) {
@self_addr= split /\s+/, $1;
} elsif (m/^forbid\-addr(?:\s+([0-9. \t]+))?/) {
if (!@glue) {
zone_warning("glueless NS $s,".($needglue<=1 ? " (eg)" : ""),
$ww)
- unless $glueless_ok || !$needglue;
+ unless $glueless_ok || !$needglue ||
+ grep { has_suffix_of($s,".$_"); } @conv_glueless;
next;
}
$glue= join ' ', sort @glue;
my ($addr,$name,$ww,$wwq,$is_soa) = @_;
$addr_is_ok{$addr}= "$name ($wwq)"
if $is_soa || $cfg->{'s'} =~ m/u/;
+ foreach $cg (@conv_glueless) {
+ next unless has_suffix_of(".$s",".$cg");
+ zone_warning("nameserver [$addr] $name in serverless-glueless".
+ " namespace area $cg",
+ $ww);
+ }
zone_warning("configured as stealth but we [$addr] $name are published",
$ww)
if $cfg->{'s'} =~ m/u/ && grep { $_ eq $addr } @self_addr;
print "D $_[0]\n";
}
+sub has_suffix_of ($$) {
+ my ($whole,$suffix);
+ return 0 if length $while < length $suffix;
+ return 0 if substr($whole, length($whole) - length($suffix)) ne $suffix;
+ return 1;
+}
+
sub lookup ($$$) {
my ($domain,$type,$okrcodes) = @_;
my ($c,$h,@result);
Specifies the list of addresses that are forbidden as any nameserver
for any zone. The default is no such addresses.
.TP
+\fBserverless\-glueless\fP \fIdomain ...\fP
+Specifies a list of domains under which we do not expect to find any
+nameservers; for these zones it is OK to find glueless referrals.
+Each domain listed names a complete subtree of the DNS, starting at
+the named point. The default is
+.BR "in\-addr.arpa ip6.arpa ip6.int" .
+
+To avoid indefinitely long or even circularly glueless referrals
+(which delay or prevent lookups) it is necessary for all sites to
+effectively implement similar conventions; currently the author
+believes that only the reverse lookup namespaces are conventionally
+devoid of nameservers, and therefore fine to provide glueless
+referrals for.
+.TP
\fBoutput\fP \fIformat\fP \fIfilename\fP [\fIformat\fP \fIfilename ...\fP]
Arranges that each
.I filename