Order general directives alphabetically. New forbid-addr feature.

diff --git a/scripts/named-conf b/scripts/named-conf
index 047e9ea2da5c1e3982e149aa2ce675418f4aaa01..ce3019444f6a8e14d50cb88d442c69dcbb098830 100755 (executable)
--- a/scripts/named-conf
+++ b/scripts/named-conf
@@ -84,8 +84,8 @@ $slave_dir= 'slave';
 $slave_prefix= '';
 $slave_suffix= '';
 
-use vars qw(@self_ns @self_soa @self_addr);
-@self_ns= @self_soa= @self_addr= ();
+use vars qw(@self_ns @self_soa @self_addr @forbid_addr);
+@self_ns= @self_soa= @self_addr= @forbid_addr= ();
 
 use vars qw(%zone_cfg @zone_cfg_list);
 %zone_cfg= ();
@@ -140,6 +140,8 @@ sub read_config ($) {
            @self_soa= @self if $1 ne '-ns';
        } elsif (m/^self\-addr\s+([0-9. \t]+)/) {
            @self_addr= split /\s+/, $1;
+       } elsif (m/^forbid\-addr(?:\s+([0-9. \t]+))?/) {
+           @forbid_addr= defined $1 ? split /\s+/, $1 : ();
        } elsif (m,^
                 primary\-dir ([*?]?)
                 \s+ (\S+)/([^/ \t]*)
@@ -295,7 +297,7 @@ use vars qw(%delgs); # $delgs{$nameserver_list} = [ $whosaidandwhy ]
 use vars qw(%auths); # $auths{$nameserver_list} = [ $whosaidandwhy ]
 use vars qw(%glue);  # $glue{$name}{$addr_list} = [ $whosaidandwhy ]
 use vars qw(%soas);  # $soa{"$origin $serial"} = [ $whosaidandwhy ]
-use vars qw(%addr_is_ok %warned_glueless %warned_mynameaddr);
+use vars qw(%addr_is_ok %warned_glueless %warned_nameaddr);
 use vars qw($delg_to_us);
 use vars qw(@to_check); # ($addr,$whyask,$is_auth,$glueless_ok, ...)
 use vars qw(@to_check_soa); # ($addr,$whyask, ...)
@@ -309,7 +311,7 @@ sub zone_check_full () {
 
 sub zone_reset() {
     %delgs= %auths= %glue= %soas=
-       %warned_glueless= %warned_mynameaddr=
+       %warned_glueless= %warned_nameaddr=
            %addr_is_ok= ();
     $delg_to_us= 0;
     @to_check= @to_check_soa= ();
@@ -400,6 +402,8 @@ sub zone_server_addr ($$$$$) {
     zone_warning("configured as stealth but we [$addr]".
                 " are published ($name $wwq)")
        if $cfg->{'s'} =~ m/u/ && grep { $_ eq $addr } @self_addr;
+    zone_warning("forbidden nameserver address [$addr] $name ($wwq)")
+       if grep { $_ eq $addr } @forbid_addr;
 
     my ($name_is_self, $addr_is_self);
     $name_is_self= grep { $_ eq $name }
@@ -408,11 +412,11 @@ sub zone_server_addr ($$$$$) {
         @{ $cfg->{'self_addr'} };
     if ($name_is_self && !$addr_is_self) {
        zone_warning("our name $name with wrong address [$addr], (eg) $ww")
-           unless $warned_mynameaddr{$name}{$addr}++;
+           unless $warned_nameaddr{$name}{$addr}++;
     } elsif (!$name_is_self && $addr_is_self) {
        zone_warning(($is_soa ? "SOA ORIGIN maps to" : "allegedly served by").
                     " us [$addr] with wrong name $name, (eg) $ww")
-           unless $warned_mynameaddr{$name}{$addr}++;
+           unless $warned_nameaddr{$name}{$addr}++;
     }
     $delg_to_us=1 if $name_is_self;
 }

diff --git a/scripts/named-conf.8 b/scripts/named-conf.8
index 7756e642f9f327ecc18311f93c2ba42009bb8e0a..d57c5dcc8069f2e97a84ae794b8a718fad9fa5bf 100644 (file)
--- a/scripts/named-conf.8
+++ b/scripts/named-conf.8
@@ -119,35 +119,6 @@ These directives specify general configuration details.  They should
 appear before directives specifying zones, as each will affect only
 later zone directives.
 .TP
-\fBself\-addr\fP \fIip-address ...\fP
-Specifies the list of addresses that this server may be known by in
-A records.  There is no default.
-.TP
-\fBself\-ns\fP \fIfqdn ...\fP
-Specifies the list of names that this server may be known by in NS
-records.  There is no default.
-.TP
-\fBself\-soa\fP \fIfqdn ...\fP
-Specifies the list of names that this server may be known by in
-the ORIGIN field of SOA records.  There is no default.
-.TP
-.BI self " fqdn ..."
-Equivalent to both
-.B self\-ns " and " self\-soa
-with the same set of names.
-.TP
-\fBslave\-dir\fP \fIdirectory\fP [[\fIprefix\fP] \fIsuffix\fP]
-Specifies the directory in which slave (published and stealth)
-zonefiles should be placed.  The default
-.I directory
-is
-.BR /var/cache/bind/chiark-slave .
-The default
-.IR suffix " and " prefix
-are empty; they also will be reset to these defaults by a
-.B slave\-dir
-directive which does not specify them.
-.TP
 \fBdefault\-dir\fP \fIdirectory\fP
 Makes
 .I directory
@@ -159,6 +130,10 @@ if no
 .B -C
 option is specified.
 .TP
+\fBforbid\-addr\fP [\fIip-address ...\fP]
+Specifies the list of addresses that are forbidden as any nameserver
+for any zone.  The default is no such addresses.
+.TP
 \fBoutput\fP \fIformat\fP \fIfilename\fP [\fIformat\fP \fIfilename ...\fP]
 Arranges that each
 .I filename
@@ -180,6 +155,35 @@ otherwise it is an error for there to be any zones in the
 configuration before the first
 .B output
 directive.
+.TP
+\fBself\-addr\fP \fIip-address ...\fP
+Specifies the list of addresses that this server may be known by in
+A records.  There is no default.
+.TP
+\fBself\-ns\fP \fIfqdn ...\fP
+Specifies the list of names that this server may be known by in NS
+records.  There is no default.
+.TP
+\fBself\-soa\fP \fIfqdn ...\fP
+Specifies the list of names that this server may be known by in
+the ORIGIN field of SOA records.  There is no default.
+.TP
+.BI self " fqdn ..."
+Equivalent to both
+.B self\-ns " and " self\-soa
+with the same set of names.
+.TP
+\fBslave\-dir\fP \fIdirectory\fP [[\fIprefix\fP] \fIsuffix\fP]
+Specifies the directory in which slave (published and stealth)
+zonefiles should be placed.  The default
+.I directory
+is
+.BR /var/cache/bind/chiark-slave .
+The default
+.IR suffix " and " prefix
+are empty; they also will be reset to these defaults by a
+.B slave\-dir
+directive which does not specify them.
 .SS ZONE DIRECTIVES
 These directives specify one or more zones.
 .TP