mirror of
https://github.com/NLnetLabs/unbound.git
synced 2024-09-21 14:47:09 +00:00
localzone and localdata configuration setup.
git-svn-id: file:///svn/unbound/trunk@771 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
parent
b9c417481b
commit
416129dedb
@ -92,7 +92,7 @@ morechecks(struct config_file* cfg)
|
||||
int i;
|
||||
struct sockaddr_storage a;
|
||||
socklen_t alen;
|
||||
struct config_acl* acl;
|
||||
struct config_str2list* acl;
|
||||
for(i=0; i<cfg->num_ifs; i++) {
|
||||
if(!ipstrtoaddr(cfg->ifs[i], UNBOUND_DNS_PORT, &a, &alen)) {
|
||||
fatal_exit("cannot parse interface specified as '%s'",
|
||||
@ -107,10 +107,10 @@ morechecks(struct config_file* cfg)
|
||||
}
|
||||
}
|
||||
for(acl=cfg->acls; acl; acl = acl->next) {
|
||||
if(!netblockstrtoaddr(acl->address, UNBOUND_DNS_PORT,
|
||||
&a, &alen, &i)) {
|
||||
if(!netblockstrtoaddr(acl->str, UNBOUND_DNS_PORT, &a, &alen,
|
||||
&i)) {
|
||||
fatal_exit("cannot parse access control address %s %s",
|
||||
acl->address, acl->control);
|
||||
acl->str, acl->str2);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -144,10 +144,10 @@ acl_list_str_cfg(struct acl_list* acl, const char* str, const char* s2,
|
||||
static int
|
||||
read_acl_list(struct acl_list* acl, struct config_file* cfg)
|
||||
{
|
||||
struct config_acl* p;
|
||||
struct config_str2list* p;
|
||||
for(p = cfg->acls; p; p = p->next) {
|
||||
log_assert(p->address && p->control);
|
||||
if(!acl_list_str_cfg(acl, p->address, p->control, 1))
|
||||
log_assert(p->str && p->str2);
|
||||
if(!acl_list_str_cfg(acl, p->str, p->str2, 1))
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
|
@ -1,3 +1,7 @@
|
||||
20 November 2007: Wouter
|
||||
- 0.8 - str2list config support for double string config options.
|
||||
- local-zone and local-data options, config storage and documentation.
|
||||
|
||||
19 November 2007: Wouter
|
||||
- do not downcase NSEC and RRSIG for verification. Follows
|
||||
draft-ietf-dnsext-dnssec-bis-updates-06.txt.
|
||||
|
@ -255,6 +255,35 @@ server:
|
||||
# more slabs reduce lock contention, but fragment memory usage.
|
||||
# key-cache-slabs: 4
|
||||
|
||||
# a number of locally served zones can be configured.
|
||||
# local-zone: <zone> <type>
|
||||
# local-data: "<resource record string>"
|
||||
# o deny serves local data (if any), else, drops queries.
|
||||
# o refuse serves local data (if any), else, replies with error.
|
||||
# o static serves local data, else, nxdomain or nodata answer.
|
||||
# o transparent serves local data, else, resolves normally .
|
||||
# o redirect serves the zone data for any subdomain in the zone.
|
||||
# o nodefault can be used to normally resolve AS112 zones.
|
||||
#
|
||||
# defaults are localhost address, reverse for 127.0.0.1 and ::1
|
||||
# and nxdomain for AS112 zones. If you configure one of these zones
|
||||
# the default content is omitted, or you can omit it with 'nodefault'.
|
||||
#
|
||||
# If you configure local-data without specifying local-zone, by
|
||||
# default a transparent local-zone is created for the data.
|
||||
#
|
||||
# You can add locally served data with
|
||||
# local-zone: "local." static
|
||||
# local-data: "mycomputer.local. IN A 192.0.2.51"
|
||||
#
|
||||
# You can override certain queries with
|
||||
# local-data: "adserver.example.com A 127.0.0.1"
|
||||
#
|
||||
# You can redirect a domain to a fixed address with
|
||||
# (this makes example.com, www.example.com, etc, all go to 192.0.2.3)
|
||||
# local-zone: "example.com" redirect
|
||||
# local-data: "example.com A 192.0.2.3"
|
||||
|
||||
|
||||
# Stub zones.
|
||||
# Create entries like below, to make all queries for 'example.com' and
|
||||
|
@ -321,6 +321,100 @@ Number of bytes size of the key cache. Default is 4 megabytes.
|
||||
Number of slabs in the key cache. Slabs reduce lock contention by threads.
|
||||
Must be set to a power of 2. Setting (close) to the number of cpus is a
|
||||
reasonable guess.
|
||||
.It \fBlocal-zone:\fR <zone> <type>
|
||||
Configure a local zone. The type determines the answer to give if there is
|
||||
no match from local-data. The types are deny, refuse, static, transparent,
|
||||
redirect, nodefault, and are explained below. After that the default settings
|
||||
are listed. Use local-data: to enter data into the local zone. Answers for
|
||||
local zones are authoritative DNS answers.
|
||||
.Bl -tag -width indent
|
||||
.It \fIdeny\fR
|
||||
Do not send an answer, drop the query.
|
||||
If there is a match from local data, the query is answered.
|
||||
.It \fIrefuse\fR
|
||||
Send an error message reply, with rcode REFUSED.
|
||||
If there is a match from local data, the query is answered.
|
||||
.It \fIstatic\fR
|
||||
If there is a match from local data, the query is answered.
|
||||
Otherwise, the query is answered with nodata or nxdomain.
|
||||
For a negative answer a SOA is included in the answer if present
|
||||
as local-data for the zone apex domain.
|
||||
.It \fItransparent\fR
|
||||
If there is a match from local data, the query is answered.
|
||||
Otherwise, the query is resolved normally.
|
||||
If no local-zone is given local-data causes a transparent zone
|
||||
to be created by default.
|
||||
.It \fIredirect\fR
|
||||
The query is answered from the local data for the zone name.
|
||||
There may be no local data beneath the zone name.
|
||||
This answers queries for the zone, and all subdomains of the zone
|
||||
with the local data for the zone.
|
||||
It can be used to redirect a domain to a different address, with
|
||||
local-zone: "example.com." redirect and
|
||||
local-data: "example.com. A 127.0.0.1"
|
||||
queries for www.example.com and www.foo.example.com are redirected.
|
||||
.It \fInodefault\fR
|
||||
Used to turn off default contents for AS112 zones. The other types
|
||||
also turn off default contents for the zone. The 'nodefault' option
|
||||
has no other effect than turning off default contents for the
|
||||
given zone.
|
||||
.El
|
||||
The default zones are localhost, reverse 127.0.0.1 and ::1, and the AS112
|
||||
zones. The AS112 zones are reverse DNS zones for private use and reserved
|
||||
IP addresses for which the servers on the internet cannot provide correct
|
||||
answers. They are configured by default to give nxdomain (no reverse
|
||||
information) answers. The defaults can be turned off by specifying your
|
||||
own local-zone of that name, or using the 'nodefault' type. Below is a
|
||||
list of the default zone contents.
|
||||
.Bl -tag -width indent
|
||||
.It \fIlocalhost\fR
|
||||
The IP4 and IP6 localhost information is given. NS and SOA records are provided
|
||||
for completeness and to satisfy some DNS update tools. Default content:
|
||||
.nf
|
||||
local-zone: "localhost." static
|
||||
local-data: "localhost. 10800 IN NS localhost."
|
||||
local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
|
||||
local-data: "localhost. 10800 IN A 127.0.0.1"
|
||||
local-data: "localhost. 10800 IN AAAA ::1"
|
||||
.fi
|
||||
.It \fIreverse IPv4 loopback\fR
|
||||
Default content:
|
||||
.nf
|
||||
local-zone: "127.in-addr.arpa." static
|
||||
local-data: "127.in-addr.arpa. 10800 IN NS localhost."
|
||||
local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
|
||||
local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."
|
||||
.fi
|
||||
.It \fIreverse IPv6 loopback\fR
|
||||
Default content:
|
||||
.nf
|
||||
local-zone: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." static
|
||||
local-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN NS localhost."
|
||||
local-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
|
||||
local-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN PTR localhost."
|
||||
.fi
|
||||
.It \fIreverse RFC1918 local use zones\fR
|
||||
Reverse data for zones 10.IN-ADDR.ARPA, 16.172.IN-ADDR.ARPA to
|
||||
31.172.IN-ADDR.ARPA, 168.192.IN-ADDR.ARPA.
|
||||
The \fBlocal-zone:\fR is set static and as \fBlocal-data:\fR SOA and NS
|
||||
records are provided.
|
||||
.It \fIreverse RFC3330 IP4 this, link-local, testnet and broadcast\fR
|
||||
Reverse data for zones 0.IN-ADDR.ARPA, 254.169.IN-ADDR.ARPA,
|
||||
2.0.192.IN-ADDR.ARPA, 255.255.255.255.IN-ADDR.ARPA.
|
||||
.It \fIreverse RFC4291 IP6 unspecified\fR
|
||||
Reverse data for zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA.
|
||||
.It \fIreverse RFC4193 IPv6 Locally Assigned Local Addresses\fR
|
||||
Reverse data for zone D.F.IP6.ARPA.
|
||||
.It \fIreverse RFC4291 IPv6 Link Local Addresses\fR
|
||||
Reverse data for zones 8.E.F.IP6.ARPA to B.E.F.IP6.ARPA.
|
||||
.El
|
||||
.\" End of local-zone listing.
|
||||
.It \fBlocal-data:\fR "<resource record string>"
|
||||
Configure local data, which is served in reply to queries for it.
|
||||
The query has to match exactly unless you configure the local-zone as
|
||||
redirect. If not matched exactly, the local-zone type determines
|
||||
further processing. If local-data is configured that is not a subdomain of
|
||||
a local-zone, a transparent local-zone is configured.
|
||||
.El
|
||||
.Ss Stub Zone Options
|
||||
There may be multiple
|
||||
|
@ -127,6 +127,9 @@ config_create()
|
||||
cfg->val_permissive_mode = 0;
|
||||
cfg->key_cache_size = 4 * 1024 * 1024;
|
||||
cfg->key_cache_slabs = 4;
|
||||
cfg->local_zones = NULL;
|
||||
cfg->local_zones_nodefault = NULL;
|
||||
cfg->local_data = NULL;
|
||||
if(!(cfg->module_conf = strdup("validator iterator"))) goto error_exit;
|
||||
if(!(cfg->val_nsec3_key_iterations =
|
||||
strdup("1024 150 2048 500 4096 2500"))) goto error_exit;
|
||||
@ -172,8 +175,7 @@ config_read(struct config_file* cfg, char* filename)
|
||||
return 1;
|
||||
}
|
||||
|
||||
/** delete config strlist */
|
||||
static void
|
||||
void
|
||||
config_delstrlist(struct config_strlist* p)
|
||||
{
|
||||
struct config_strlist *np;
|
||||
@ -185,15 +187,14 @@ config_delstrlist(struct config_strlist* p)
|
||||
}
|
||||
}
|
||||
|
||||
/** delete config acl list */
|
||||
static void
|
||||
config_delacllist(struct config_acl* p)
|
||||
void
|
||||
config_deldblstrlist(struct config_str2list* p)
|
||||
{
|
||||
struct config_acl *np;
|
||||
struct config_str2list *np;
|
||||
while(p) {
|
||||
np = p->next;
|
||||
free(p->address);
|
||||
free(p->control);
|
||||
free(p->str);
|
||||
free(p->str2);
|
||||
free(p);
|
||||
p = np;
|
||||
}
|
||||
@ -246,8 +247,11 @@ config_delete(struct config_file* cfg)
|
||||
config_delstrlist(cfg->trust_anchor_file_list);
|
||||
config_delstrlist(cfg->trusted_keys_file_list);
|
||||
config_delstrlist(cfg->trust_anchor_list);
|
||||
config_delacllist(cfg->acls);
|
||||
config_deldblstrlist(cfg->acls);
|
||||
free(cfg->val_nsec3_key_iterations);
|
||||
config_deldblstrlist(cfg->local_zones);
|
||||
config_delstrlist(cfg->local_zones_nodefault);
|
||||
config_delstrlist(cfg->local_data);
|
||||
free(cfg);
|
||||
}
|
||||
|
||||
@ -297,6 +301,22 @@ cfg_strlist_insert(struct config_strlist** head, char* item)
|
||||
return 1;
|
||||
}
|
||||
|
||||
int
|
||||
cfg_str2list_insert(struct config_str2list** head, char* item, char* i2)
|
||||
{
|
||||
struct config_str2list *s;
|
||||
if(!item || !i2 || !head)
|
||||
return 0;
|
||||
s = (struct config_str2list*)calloc(1, sizeof(struct config_str2list));
|
||||
if(!s)
|
||||
return 0;
|
||||
s->str = item;
|
||||
s->str2 = i2;
|
||||
s->next = *head;
|
||||
*head = s;
|
||||
return 1;
|
||||
}
|
||||
|
||||
uint32_t
|
||||
cfg_convert_timeval(const char* str)
|
||||
{
|
||||
|
@ -43,7 +43,7 @@
|
||||
#define UTIL_CONFIG_FILE_H
|
||||
struct config_stub;
|
||||
struct config_strlist;
|
||||
struct config_acl;
|
||||
struct config_str2list;
|
||||
|
||||
/**
|
||||
* The configuration options.
|
||||
@ -122,7 +122,7 @@ struct config_file {
|
||||
/** list of donotquery addresses, linked list */
|
||||
struct config_strlist* donotqueryaddrs;
|
||||
/** list of access control entries, linked list */
|
||||
struct config_acl* acls;
|
||||
struct config_str2list* acls;
|
||||
/** use default localhost donotqueryaddr entries */
|
||||
int donotquery_localhost;
|
||||
|
||||
@ -186,6 +186,13 @@ struct config_file {
|
||||
/** slabs in the key cache. */
|
||||
size_t key_cache_slabs;
|
||||
|
||||
/** local zones config */
|
||||
struct config_str2list* local_zones;
|
||||
/** local zones nodefault list */
|
||||
struct config_strlist* local_zones_nodefault;
|
||||
/** local data RRs configged */
|
||||
struct config_strlist* local_data;
|
||||
|
||||
/** daemonize, i.e. fork into the background. */
|
||||
int do_daemonize;
|
||||
};
|
||||
@ -215,15 +222,15 @@ struct config_strlist {
|
||||
};
|
||||
|
||||
/**
|
||||
* List of access control options
|
||||
* List of two strings for config options
|
||||
*/
|
||||
struct config_acl {
|
||||
struct config_str2list {
|
||||
/** next item in list */
|
||||
struct config_acl* next;
|
||||
/** ip addr string */
|
||||
char* address;
|
||||
/** control string */
|
||||
char* control;
|
||||
struct config_str2list* next;
|
||||
/** first string */
|
||||
char* str;
|
||||
/** second string */
|
||||
char* str2;
|
||||
};
|
||||
|
||||
/**
|
||||
@ -260,6 +267,27 @@ void config_apply(struct config_file* config);
|
||||
*/
|
||||
int cfg_strlist_insert(struct config_strlist** head, char* item);
|
||||
|
||||
/**
|
||||
* Insert string into str2list.
|
||||
* @param head: pointer to str2list head variable.
|
||||
* @param item: new item. malloced by caller. If NULL the insertion fails.
|
||||
* @param item: 2nd string, malloced by caller. If NULL the insertion fails.
|
||||
* @return: true on success.
|
||||
*/
|
||||
int cfg_str2list_insert(struct config_str2list** head, char* item, char* i2);
|
||||
|
||||
/**
|
||||
* Delete items in config string list.
|
||||
* @param list: list.
|
||||
*/
|
||||
void config_delstrlist(struct config_strlist* list);
|
||||
|
||||
/**
|
||||
* Delete items in config double string list.
|
||||
* @param list: list.
|
||||
*/
|
||||
void config_deldblstrlist(struct config_str2list* list);
|
||||
|
||||
/**
|
||||
* Convert 14digit to time value
|
||||
* @param str: string of 14 digits
|
||||
|
1108
util/configlexer.c
1108
util/configlexer.c
File diff suppressed because it is too large
Load Diff
@ -161,6 +161,8 @@ key-cache-size{COLON} { YDOUT; return VAR_KEY_CACHE_SIZE;}
|
||||
key-cache-slabs{COLON} { YDOUT; return VAR_KEY_CACHE_SLABS;}
|
||||
val-nsec3-keysize-iterations{COLON} { YDOUT; return VAR_VAL_NSEC3_KEYSIZE_ITERATIONS;}
|
||||
use-syslog{COLON} { YDOUT; return VAR_USE_SYSLOG;}
|
||||
local-zone{COLON} { YDOUT; return VAR_LOCAL_ZONE;}
|
||||
local-data{COLON} { YDOUT; return VAR_LOCAL_DATA;}
|
||||
{NEWLINE} { LEXOUT(("NL\n")); cfg_parser->line++;}
|
||||
|
||||
/* Quoted strings. Strip leading and ending quotes */
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -109,7 +109,9 @@
|
||||
VAR_DO_NOT_QUERY_LOCALHOST = 325,
|
||||
VAR_CACHE_MAX_TTL = 326,
|
||||
VAR_HARDEN_DNNSEC_STRIPPED = 327,
|
||||
VAR_ACCESS_CONTROL = 328
|
||||
VAR_ACCESS_CONTROL = 328,
|
||||
VAR_LOCAL_ZONE = 329,
|
||||
VAR_LOCAL_DATA = 330
|
||||
};
|
||||
#endif
|
||||
/* Tokens. */
|
||||
@ -184,6 +186,8 @@
|
||||
#define VAR_CACHE_MAX_TTL 326
|
||||
#define VAR_HARDEN_DNNSEC_STRIPPED 327
|
||||
#define VAR_ACCESS_CONTROL 328
|
||||
#define VAR_LOCAL_ZONE 329
|
||||
#define VAR_LOCAL_DATA 330
|
||||
|
||||
|
||||
|
||||
@ -195,7 +199,7 @@ typedef union YYSTYPE
|
||||
char* str;
|
||||
}
|
||||
/* Line 1489 of yacc.c. */
|
||||
#line 199 "util/configparser.h"
|
||||
#line 203 "util/configparser.h"
|
||||
YYSTYPE;
|
||||
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
|
||||
# define YYSTYPE_IS_DECLARED 1
|
||||
|
@ -87,6 +87,7 @@ extern struct config_parser_state* cfg_parser;
|
||||
%token VAR_VAL_NSEC3_KEYSIZE_ITERATIONS VAR_USE_SYSLOG
|
||||
%token VAR_OUTGOING_INTERFACE VAR_ROOT_HINTS VAR_DO_NOT_QUERY_LOCALHOST
|
||||
%token VAR_CACHE_MAX_TTL VAR_HARDEN_DNNSEC_STRIPPED VAR_ACCESS_CONTROL
|
||||
%token VAR_LOCAL_ZONE VAR_LOCAL_DATA
|
||||
|
||||
%%
|
||||
toplevelvars: /* empty */ | toplevelvars toplevelvar ;
|
||||
@ -124,7 +125,8 @@ content_server: server_num_threads | server_verbosity | server_port |
|
||||
server_trusted_keys_file | server_val_nsec3_keysize_iterations |
|
||||
server_use_syslog | server_outgoing_interface | server_root_hints |
|
||||
server_do_not_query_localhost | server_cache_max_ttl |
|
||||
server_harden_dnssec_stripped | server_access_control
|
||||
server_harden_dnssec_stripped | server_access_control |
|
||||
server_local_zone | server_local_data
|
||||
;
|
||||
stubstart: VAR_STUB_ZONE
|
||||
{
|
||||
@ -582,12 +584,8 @@ server_access_control: VAR_ACCESS_CONTROL STRING STRING
|
||||
yyerror("expected deny, refuse or allow in "
|
||||
"access control action");
|
||||
} else {
|
||||
struct config_acl* n = calloc(1, sizeof(*n));
|
||||
if(!n) fatal_exit("out of memory adding acl");
|
||||
n->address = $2;
|
||||
n->control = $3;
|
||||
n->next = cfg_parser->cfg->acls;
|
||||
cfg_parser->cfg->acls = n;
|
||||
if(!cfg_str2list_insert(&cfg_parser->cfg->acls, $2, $3))
|
||||
fatal_exit("out of memory adding acl");
|
||||
}
|
||||
}
|
||||
;
|
||||
@ -683,6 +681,32 @@ server_key_cache_slabs: VAR_KEY_CACHE_SLABS STRING
|
||||
free($2);
|
||||
}
|
||||
;
|
||||
server_local_zone: VAR_LOCAL_ZONE STRING STRING
|
||||
{
|
||||
OUTYY(("P(server_local_zone:%s %s)\n", $2, $3));
|
||||
if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
|
||||
strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
|
||||
strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0)
|
||||
yyerror("local-zone type: expected static, deny, "
|
||||
"refuse, redirect, transparent or nodefault");
|
||||
else if(strcmp($3, "nodefault")==0) {
|
||||
if(!cfg_strlist_insert(&cfg_parser->cfg->
|
||||
local_zones_nodefault, $2))
|
||||
fatal_exit("out of memory adding local-zone");
|
||||
} else {
|
||||
if(!cfg_str2list_insert(&cfg_parser->cfg->local_zones,
|
||||
$2, $3))
|
||||
fatal_exit("out of memory adding local-zone");
|
||||
}
|
||||
}
|
||||
;
|
||||
server_local_data: VAR_LOCAL_DATA STRING
|
||||
{
|
||||
OUTYY(("P(server_local_data:%s)\n", $2));
|
||||
if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, $2))
|
||||
fatal_exit("out of memory adding local-data");
|
||||
}
|
||||
;
|
||||
stub_name: VAR_NAME STRING
|
||||
{
|
||||
OUTYY(("P(name:%s)\n", $2));
|
||||
|
Loading…
Reference in New Issue
Block a user