From 080e68c9adee644e6923e3d6f4ad3cd4102efea7 Mon Sep 17 00:00:00 2001 From: ianmdlvl Date: Mon, 31 Dec 2001 20:09:17 +0000 Subject: [PATCH] Manual improvements. Check that we are delegated to if we want to be. --- scripts/named-conf | 7 +++++++ scripts/named-conf.8 | 21 +++++++++------------ 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/scripts/named-conf b/scripts/named-conf index 359c61c..a6d7df8 100755 --- a/scripts/named-conf +++ b/scripts/named-conf @@ -269,6 +269,7 @@ use vars qw(%auths); # $auths{$nameserver_list} = [ $whosaidandwhy ] use vars qw(%glue); # $glue{$name}{$addr_list} = [ $whosaidandwhy ] use vars qw(%soas); # $soa{"$origin $serial"} = [ $whosaidandwhy ] use vars qw(%addr_is_ok %warned_glueless %warned_mynameaddr); +use vars qw($delg_to_us); use vars qw(@to_check); # ($addr,$whyask,$is_auth,$glueless_ok, ...) use vars qw(@to_check_soa); # ($addr,$whyask, ...) @@ -283,6 +284,7 @@ sub zone_reset() { %delgs= %auths= %glue= %soas= %warned_glueless= %warned_mynameaddr= %addr_is_ok= (); + $delg_to_us= 0; @to_check= @to_check_soa= (); } @@ -385,6 +387,7 @@ sub zone_server_addr ($$$$$) { " us [$addr] with wrong name $name, (eg) $ww") unless $warned_mynameaddr{$name}{$addr}++; } + $delg_to_us=1 if $name_is_self; } sub zone_check_soa ($$$) { @@ -449,6 +452,10 @@ sub zone_servers_ok () { } } } + if ($cfg->{'s'} =~ m/s/ && !$delg_to_us) { + zone_warnmore("we are supposedly published secondary,". + " but not listed as a nameserver"); + } } sub zone_consistency_set ($%) { diff --git a/scripts/named-conf.8 b/scripts/named-conf.8 index 5b15469..d4639f2 100644 --- a/scripts/named-conf.8 +++ b/scripts/named-conf.8 @@ -50,7 +50,7 @@ Checks even zones known to be broken. Ie, ignores the .B ? zone style modifier in the configuration. .TP -\fB\-C\fP|\-\-config \fIconfig\-file\fP +.BR \-C | \-\-config " \fIconfig\-file\fP" Use .I config\-file instead of @@ -115,7 +115,7 @@ These directives specify general configuration details. They should appear before directives specifying zones, as each will affect only later zone directives. .TP -\fBself\-addr\fP \fIfqdn ...\fP +\fBself\-addr\fP \fIip-address ...\fP Specifies the list of addresses that this server may be known by in A records. There is no default. .TP @@ -254,15 +254,12 @@ always give the same addresses. Origin server's data: The set of nameservers in the origin server's version of the zone should be a superset of those in the delegations. -Our zone configuration: For -.B primary -zones, the SOA origin should be one of the names specified with -.BR self\-soa " (or " self ). For -.B published -zones, the address should be that of the SOA origin. For -.B stealth -zones, the address should be that of the SOA origin or one of the -published nameservers. +Our zone configuration: For primary zones, the SOA origin should be +one of the names specified with +.BR self\-soa " (or " self ). +For published zones, the address should be that of the SOA origin. +For stealth zones, the address should be that of the SOA origin or one +of the published nameservers. .SH SECURITY chiark\-named\-conf is supposed to be resistant to malicious data in the DNS. It is not resistant to malicious data in its own options, @@ -308,7 +305,7 @@ will affect the operation of chiark\-named\-conf. Avoid messing with these if possible. .LP .B PATH -Used to find subprograms such as +is used to find subprograms such as .BR dig " and " adnshost . .SH BUGS The determination of the parent zone for each zone to be checked, and -- 2.30.2