- new forbid-slave directive
- remove incorrect references to SOA ORIGIN - should be MNAME
- allow config file to not exist. Closes: #274528.
+ - do not warn about glueful nameservers in serverless-glueless
+ areas (since these can't cause problems). Thanks to Ben Harris
+ for report and subsequent discussion.
* chiark-backup Depends on chiark-utils-bin. Closes: #401611.
--
sub zone_check_nsrrset ($$$$) {
my ($uaddr,$wa, $name_if_auth, $glueless_ok) = @_;
- my (@s, $s, $a, %s2g, @glue, $glue, $delgs_or_auths, $wwn, $ww);
+ my (@s, $s, $a, %s2g, @glue, $glue, $delgs_or_auths, $wwn, $ww, $cg);
my ($rcode);
$ww= "[$uaddr] $wa";
verbose("checking delegation by $ww");
@{ $cfg->{'indirect_glue'} }) and
!(grep { has_suffix_of($zone,".$_"); }
@{ $cfg->{'indirect_glue'} }));
+ foreach $cg (@{ $cfg->{'conv_glueless'} }) {
+ zone_warning("nameserver $s (glueless) in".
+ " serverless-glueless namespace area $cg", $ww)
+ if has_suffix_of(".$s",".$cg");
+ }
($rcode,@glue)= lookup($s,'a','0',"glueless NS from $ww");
foreach $a (@glue) {
$wwn= "glueless NS from $ww";
sub zone_ns_name ($$) {
my ($name,$ww) = @_;
- my ($cg);
$delg_to_us=1 if grep { $name eq $_ } @{ $cfg->{'self_ns'} };
- foreach $cg (@{ $cfg->{'conv_glueless'} }) {
- zone_warning("nameserver $name in serverless-glueless".
- " namespace area $cg",
- $ww)
- if has_suffix_of(".$name",".$cg");
- }
zone_warning("published server, as $name, but configured as stealth",
$ww)
if $cfg->{'s'} =~ m/u/ &&
.TP
\fBserverless\-glueless\fP \fIdomain ...\fP
Specifies a list of domains under which we do not expect to find any
-nameservers; for these zones it is OK to find glueless referrals.
+nameservers without glue; for these zones it is OK to find glueless
+referrals.
Each domain listed names a complete subtree of the DNS, starting at
the named point. The default is
.BR "in\-addr.arpa ip6.arpa ip6.int" .
(which delay or prevent lookups) it is necessary for all sites to
effectively implement similar conventions; currently the author
believes that only the reverse lookup namespaces are conventionally
-devoid of nameservers, and therefore fine to provide glueless
-referrals for. See GLUELESSNESS below.
+devoid of (glueless) nameservers, and therefore fine to provide
+glueless referrals for. See GLUELESSNESS below.
.TP
\fBallow-\-indirect\-glue\fP \fInameserver-superdomain ...\fP
Specifies a list of domains under which we expect to find glueless