From: ianmdlvl Date: Fri, 4 Jan 2002 21:50:29 +0000 (+0000) Subject: Order general directives alphabetically. New forbid-addr feature. X-Git-Tag: debian_version_2_2_0~26 X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=chiark-utils.git;a=commitdiff_plain;h=3e6eed8621ad938b6c40b6a85c050811fbceae87 Order general directives alphabetically. New forbid-addr feature. --- diff --git a/scripts/named-conf b/scripts/named-conf index 047e9ea..ce30194 100755 --- a/scripts/named-conf +++ b/scripts/named-conf @@ -84,8 +84,8 @@ $slave_dir= 'slave'; $slave_prefix= ''; $slave_suffix= ''; -use vars qw(@self_ns @self_soa @self_addr); -@self_ns= @self_soa= @self_addr= (); +use vars qw(@self_ns @self_soa @self_addr @forbid_addr); +@self_ns= @self_soa= @self_addr= @forbid_addr= (); use vars qw(%zone_cfg @zone_cfg_list); %zone_cfg= (); @@ -140,6 +140,8 @@ sub read_config ($) { @self_soa= @self if $1 ne '-ns'; } elsif (m/^self\-addr\s+([0-9. \t]+)/) { @self_addr= split /\s+/, $1; + } elsif (m/^forbid\-addr(?:\s+([0-9. \t]+))?/) { + @forbid_addr= defined $1 ? split /\s+/, $1 : (); } elsif (m,^ primary\-dir ([*?]?) \s+ (\S+)/([^/ \t]*) @@ -295,7 +297,7 @@ use vars qw(%delgs); # $delgs{$nameserver_list} = [ $whosaidandwhy ] use vars qw(%auths); # $auths{$nameserver_list} = [ $whosaidandwhy ] use vars qw(%glue); # $glue{$name}{$addr_list} = [ $whosaidandwhy ] use vars qw(%soas); # $soa{"$origin $serial"} = [ $whosaidandwhy ] -use vars qw(%addr_is_ok %warned_glueless %warned_mynameaddr); +use vars qw(%addr_is_ok %warned_glueless %warned_nameaddr); use vars qw($delg_to_us); use vars qw(@to_check); # ($addr,$whyask,$is_auth,$glueless_ok, ...) use vars qw(@to_check_soa); # ($addr,$whyask, ...) @@ -309,7 +311,7 @@ sub zone_check_full () { sub zone_reset() { %delgs= %auths= %glue= %soas= - %warned_glueless= %warned_mynameaddr= + %warned_glueless= %warned_nameaddr= %addr_is_ok= (); $delg_to_us= 0; @to_check= @to_check_soa= (); @@ -400,6 +402,8 @@ sub zone_server_addr ($$$$$) { zone_warning("configured as stealth but we [$addr]". " are published ($name $wwq)") if $cfg->{'s'} =~ m/u/ && grep { $_ eq $addr } @self_addr; + zone_warning("forbidden nameserver address [$addr] $name ($wwq)") + if grep { $_ eq $addr } @forbid_addr; my ($name_is_self, $addr_is_self); $name_is_self= grep { $_ eq $name } @@ -408,11 +412,11 @@ sub zone_server_addr ($$$$$) { @{ $cfg->{'self_addr'} }; if ($name_is_self && !$addr_is_self) { zone_warning("our name $name with wrong address [$addr], (eg) $ww") - unless $warned_mynameaddr{$name}{$addr}++; + unless $warned_nameaddr{$name}{$addr}++; } elsif (!$name_is_self && $addr_is_self) { zone_warning(($is_soa ? "SOA ORIGIN maps to" : "allegedly served by"). " us [$addr] with wrong name $name, (eg) $ww") - unless $warned_mynameaddr{$name}{$addr}++; + unless $warned_nameaddr{$name}{$addr}++; } $delg_to_us=1 if $name_is_self; } diff --git a/scripts/named-conf.8 b/scripts/named-conf.8 index 7756e64..d57c5dc 100644 --- a/scripts/named-conf.8 +++ b/scripts/named-conf.8 @@ -119,35 +119,6 @@ These directives specify general configuration details. They should appear before directives specifying zones, as each will affect only later zone directives. .TP -\fBself\-addr\fP \fIip-address ...\fP -Specifies the list of addresses that this server may be known by in -A records. There is no default. -.TP -\fBself\-ns\fP \fIfqdn ...\fP -Specifies the list of names that this server may be known by in NS -records. There is no default. -.TP -\fBself\-soa\fP \fIfqdn ...\fP -Specifies the list of names that this server may be known by in -the ORIGIN field of SOA records. There is no default. -.TP -.BI self " fqdn ..." -Equivalent to both -.B self\-ns " and " self\-soa -with the same set of names. -.TP -\fBslave\-dir\fP \fIdirectory\fP [[\fIprefix\fP] \fIsuffix\fP] -Specifies the directory in which slave (published and stealth) -zonefiles should be placed. The default -.I directory -is -.BR /var/cache/bind/chiark-slave . -The default -.IR suffix " and " prefix -are empty; they also will be reset to these defaults by a -.B slave\-dir -directive which does not specify them. -.TP \fBdefault\-dir\fP \fIdirectory\fP Makes .I directory @@ -159,6 +130,10 @@ if no .B -C option is specified. .TP +\fBforbid\-addr\fP [\fIip-address ...\fP] +Specifies the list of addresses that are forbidden as any nameserver +for any zone. The default is no such addresses. +.TP \fBoutput\fP \fIformat\fP \fIfilename\fP [\fIformat\fP \fIfilename ...\fP] Arranges that each .I filename @@ -180,6 +155,35 @@ otherwise it is an error for there to be any zones in the configuration before the first .B output directive. +.TP +\fBself\-addr\fP \fIip-address ...\fP +Specifies the list of addresses that this server may be known by in +A records. There is no default. +.TP +\fBself\-ns\fP \fIfqdn ...\fP +Specifies the list of names that this server may be known by in NS +records. There is no default. +.TP +\fBself\-soa\fP \fIfqdn ...\fP +Specifies the list of names that this server may be known by in +the ORIGIN field of SOA records. There is no default. +.TP +.BI self " fqdn ..." +Equivalent to both +.B self\-ns " and " self\-soa +with the same set of names. +.TP +\fBslave\-dir\fP \fIdirectory\fP [[\fIprefix\fP] \fIsuffix\fP] +Specifies the directory in which slave (published and stealth) +zonefiles should be placed. The default +.I directory +is +.BR /var/cache/bind/chiark-slave . +The default +.IR suffix " and " prefix +are empty; they also will be reset to these defaults by a +.B slave\-dir +directive which does not specify them. .SS ZONE DIRECTIVES These directives specify one or more zones. .TP