From 0564f85c86d30e8d913649ceca44da017e79bcd0 Mon Sep 17 00:00:00 2001 From: ianmdlvl Date: Fri, 4 Jan 2002 22:40:24 +0000 Subject: [PATCH] serverless-glueless --- scripts/named-conf | 22 +++++++++++++++++++--- scripts/named-conf.8 | 14 ++++++++++++++ 2 files changed, 33 insertions(+), 3 deletions(-) diff --git a/scripts/named-conf b/scripts/named-conf index 054ba0f..26b5ea7 100755 --- a/scripts/named-conf +++ b/scripts/named-conf @@ -92,8 +92,8 @@ $slave_dir= 'slave'; $slave_prefix= ''; $slave_suffix= ''; -use vars qw(@self_ns @self_soa @self_addr @forbid_addr); -@self_ns= @self_soa= @self_addr= @forbid_addr= (); +use vars qw(@self_ns @self_soa @self_addr @forbid_addr @conv_glueless); +@self_ns= @self_soa= @self_addr= @forbid_addr= @conv_glueless= (); use vars qw(%zone_cfg @zone_cfg_list); %zone_cfg= (); @@ -146,6 +146,8 @@ sub read_config ($) { @self= split /\s+/, $2; @self_ns= @self if $1 ne '-soa'; @self_soa= @self if $1 ne '-ns'; + } elsif (m/^serverless\-glueless\s+(\S.*\S)/) { + @conv_glueless= split /\s+/, $1; } elsif (m/^self\-addr\s+([0-9. \t]+)/) { @self_addr= split /\s+/, $1; } elsif (m/^forbid\-addr(?:\s+([0-9. \t]+))?/) { @@ -400,7 +402,8 @@ sub zone_check_nsrrset ($$$$) { if (!@glue) { zone_warning("glueless NS $s,".($needglue<=1 ? " (eg)" : ""), $ww) - unless $glueless_ok || !$needglue; + unless $glueless_ok || !$needglue || + grep { has_suffix_of($s,".$_"); } @conv_glueless; next; } $glue= join ' ', sort @glue; @@ -415,6 +418,12 @@ sub zone_server_addr ($$$$$) { my ($addr,$name,$ww,$wwq,$is_soa) = @_; $addr_is_ok{$addr}= "$name ($wwq)" if $is_soa || $cfg->{'s'} =~ m/u/; + foreach $cg (@conv_glueless) { + next unless has_suffix_of(".$s",".$cg"); + zone_warning("nameserver [$addr] $name in serverless-glueless". + " namespace area $cg", + $ww); + } zone_warning("configured as stealth but we [$addr] $name are published", $ww) if $cfg->{'s'} =~ m/u/ && grep { $_ eq $addr } @self_addr; @@ -621,6 +630,13 @@ sub debug_trace ($) { print "D $_[0]\n"; } +sub has_suffix_of ($$) { + my ($whole,$suffix); + return 0 if length $while < length $suffix; + return 0 if substr($whole, length($whole) - length($suffix)) ne $suffix; + return 1; +} + sub lookup ($$$) { my ($domain,$type,$okrcodes) = @_; my ($c,$h,@result); diff --git a/scripts/named-conf.8 b/scripts/named-conf.8 index d788708..2316c9d 100644 --- a/scripts/named-conf.8 +++ b/scripts/named-conf.8 @@ -134,6 +134,20 @@ option is specified. Specifies the list of addresses that are forbidden as any nameserver for any zone. The default is no such addresses. .TP +\fBserverless\-glueless\fP \fIdomain ...\fP +Specifies a list of domains under which we do not expect to find any +nameservers; for these zones it is OK to find glueless referrals. +Each domain listed names a complete subtree of the DNS, starting at +the named point. The default is +.BR "in\-addr.arpa ip6.arpa ip6.int" . + +To avoid indefinitely long or even circularly glueless referrals +(which delay or prevent lookups) it is necessary for all sites to +effectively implement similar conventions; currently the author +believes that only the reverse lookup namespaces are conventionally +devoid of nameservers, and therefore fine to provide glueless +referrals for. +.TP \fBoutput\fP \fIformat\fP \fIfilename\fP [\fIformat\fP \fIfilename ...\fP] Arranges that each .I filename -- 2.30.2