mirror of
https://github.com/NLnetLabs/unbound.git
synced 2024-09-21 06:37:08 +00:00
- Add trustanchor.unbound CH TXT that gets a response with a number
of TXT RRs with a string like "example.com. 2345 1234" with the trust anchors and their keytags. git-svn-id: file:///svn/unbound/trunk@4051 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
parent
bf1b3c1166
commit
6c456aa15e
121
daemon/worker.c
121
daemon/worker.c
@ -69,10 +69,12 @@
|
|||||||
#include "iterator/iter_hints.h"
|
#include "iterator/iter_hints.h"
|
||||||
#include "validator/autotrust.h"
|
#include "validator/autotrust.h"
|
||||||
#include "validator/val_anchor.h"
|
#include "validator/val_anchor.h"
|
||||||
|
#include "validator/val_sigcrypt.h"
|
||||||
#include "respip/respip.h"
|
#include "respip/respip.h"
|
||||||
#include "libunbound/context.h"
|
#include "libunbound/context.h"
|
||||||
#include "libunbound/libworker.h"
|
#include "libunbound/libworker.h"
|
||||||
#include "sldns/sbuffer.h"
|
#include "sldns/sbuffer.h"
|
||||||
|
#include "sldns/wire2str.h"
|
||||||
#include "util/shm_side/shm_main.h"
|
#include "util/shm_side/shm_main.h"
|
||||||
|
|
||||||
#ifdef HAVE_SYS_TYPES_H
|
#ifdef HAVE_SYS_TYPES_H
|
||||||
@ -728,36 +730,41 @@ reply_and_prefetch(struct worker* worker, struct query_info* qinfo,
|
|||||||
* Fill CH class answer into buffer. Keeps query.
|
* Fill CH class answer into buffer. Keeps query.
|
||||||
* @param pkt: buffer
|
* @param pkt: buffer
|
||||||
* @param str: string to put into text record (<255).
|
* @param str: string to put into text record (<255).
|
||||||
|
* array of strings, every string becomes a text record.
|
||||||
|
* @param num: number of strings in array.
|
||||||
* @param edns: edns reply information.
|
* @param edns: edns reply information.
|
||||||
* @param worker: worker with scratch region.
|
* @param worker: worker with scratch region.
|
||||||
*/
|
*/
|
||||||
static void
|
static void
|
||||||
chaos_replystr(sldns_buffer* pkt, const char* str, struct edns_data* edns,
|
chaos_replystr(sldns_buffer* pkt, char** str, int num, struct edns_data* edns,
|
||||||
struct worker* worker)
|
struct worker* worker)
|
||||||
{
|
{
|
||||||
size_t len = strlen(str);
|
int i;
|
||||||
unsigned int rd = LDNS_RD_WIRE(sldns_buffer_begin(pkt));
|
unsigned int rd = LDNS_RD_WIRE(sldns_buffer_begin(pkt));
|
||||||
unsigned int cd = LDNS_CD_WIRE(sldns_buffer_begin(pkt));
|
unsigned int cd = LDNS_CD_WIRE(sldns_buffer_begin(pkt));
|
||||||
if(len>255) len=255; /* cap size of TXT record */
|
|
||||||
sldns_buffer_clear(pkt);
|
sldns_buffer_clear(pkt);
|
||||||
sldns_buffer_skip(pkt, (ssize_t)sizeof(uint16_t)); /* skip id */
|
sldns_buffer_skip(pkt, (ssize_t)sizeof(uint16_t)); /* skip id */
|
||||||
sldns_buffer_write_u16(pkt, (uint16_t)(BIT_QR|BIT_RA));
|
sldns_buffer_write_u16(pkt, (uint16_t)(BIT_QR|BIT_RA));
|
||||||
if(rd) LDNS_RD_SET(sldns_buffer_begin(pkt));
|
if(rd) LDNS_RD_SET(sldns_buffer_begin(pkt));
|
||||||
if(cd) LDNS_CD_SET(sldns_buffer_begin(pkt));
|
if(cd) LDNS_CD_SET(sldns_buffer_begin(pkt));
|
||||||
sldns_buffer_write_u16(pkt, 1); /* qdcount */
|
sldns_buffer_write_u16(pkt, 1); /* qdcount */
|
||||||
sldns_buffer_write_u16(pkt, 1); /* ancount */
|
sldns_buffer_write_u16(pkt, (uint16_t)num); /* ancount */
|
||||||
sldns_buffer_write_u16(pkt, 0); /* nscount */
|
sldns_buffer_write_u16(pkt, 0); /* nscount */
|
||||||
sldns_buffer_write_u16(pkt, 0); /* arcount */
|
sldns_buffer_write_u16(pkt, 0); /* arcount */
|
||||||
(void)query_dname_len(pkt); /* skip qname */
|
(void)query_dname_len(pkt); /* skip qname */
|
||||||
sldns_buffer_skip(pkt, (ssize_t)sizeof(uint16_t)); /* skip qtype */
|
sldns_buffer_skip(pkt, (ssize_t)sizeof(uint16_t)); /* skip qtype */
|
||||||
sldns_buffer_skip(pkt, (ssize_t)sizeof(uint16_t)); /* skip qclass */
|
sldns_buffer_skip(pkt, (ssize_t)sizeof(uint16_t)); /* skip qclass */
|
||||||
sldns_buffer_write_u16(pkt, 0xc00c); /* compr ptr to query */
|
for(i=0; i<num; i++) {
|
||||||
sldns_buffer_write_u16(pkt, LDNS_RR_TYPE_TXT);
|
size_t len = strlen(str[i]);
|
||||||
sldns_buffer_write_u16(pkt, LDNS_RR_CLASS_CH);
|
if(len>255) len=255; /* cap size of TXT record */
|
||||||
sldns_buffer_write_u32(pkt, 0); /* TTL */
|
sldns_buffer_write_u16(pkt, 0xc00c); /* compr ptr to query */
|
||||||
sldns_buffer_write_u16(pkt, sizeof(uint8_t) + len);
|
sldns_buffer_write_u16(pkt, LDNS_RR_TYPE_TXT);
|
||||||
sldns_buffer_write_u8(pkt, len);
|
sldns_buffer_write_u16(pkt, LDNS_RR_CLASS_CH);
|
||||||
sldns_buffer_write(pkt, str, len);
|
sldns_buffer_write_u32(pkt, 0); /* TTL */
|
||||||
|
sldns_buffer_write_u16(pkt, sizeof(uint8_t) + len);
|
||||||
|
sldns_buffer_write_u8(pkt, len);
|
||||||
|
sldns_buffer_write(pkt, str[i], len);
|
||||||
|
}
|
||||||
sldns_buffer_flip(pkt);
|
sldns_buffer_flip(pkt);
|
||||||
edns->edns_version = EDNS_ADVERTISED_VERSION;
|
edns->edns_version = EDNS_ADVERTISED_VERSION;
|
||||||
edns->udp_size = EDNS_ADVERTISED_SIZE;
|
edns->udp_size = EDNS_ADVERTISED_SIZE;
|
||||||
@ -768,6 +775,79 @@ chaos_replystr(sldns_buffer* pkt, const char* str, struct edns_data* edns,
|
|||||||
attach_edns_record(pkt, edns);
|
attach_edns_record(pkt, edns);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Create CH class trustanchor answer.
|
||||||
|
* @param pkt: buffer
|
||||||
|
* @param edns: edns reply information.
|
||||||
|
* @param worker: worker with scratch region.
|
||||||
|
*/
|
||||||
|
static void
|
||||||
|
chaos_trustanchor(sldns_buffer* pkt, struct edns_data* edns, struct worker* w)
|
||||||
|
{
|
||||||
|
int max_txt = 16;
|
||||||
|
int max_ids = 32;
|
||||||
|
char* str_array[16];
|
||||||
|
int num = 0;
|
||||||
|
struct trust_anchor* ta;
|
||||||
|
log_info("trustanchor.unbound CH TXT");
|
||||||
|
|
||||||
|
if(!w->env.need_to_validate) {
|
||||||
|
/* no validator module, reply no trustanchors */
|
||||||
|
chaos_replystr(pkt, NULL, 0, edns, w);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* fill the string with contents */
|
||||||
|
lock_basic_lock(&w->env.anchors->lock);
|
||||||
|
RBTREE_FOR(ta, struct trust_anchor*, w->env.anchors->tree) {
|
||||||
|
int numid = 0;
|
||||||
|
char* str = (char*)regional_alloc(w->scratchpad, 255);
|
||||||
|
size_t str_len = 255;
|
||||||
|
if(!str || num == max_txt) continue;
|
||||||
|
lock_basic_lock(&ta->lock);
|
||||||
|
if(ta->numDS == 0 && ta->numDNSKEY == 0) {
|
||||||
|
/* empty, insecure point */
|
||||||
|
lock_basic_unlock(&ta->lock);
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
str_array[num] = str;
|
||||||
|
num++;
|
||||||
|
|
||||||
|
/* spool name of anchor */
|
||||||
|
(void)sldns_wire2str_dname_buf(ta->name, ta->namelen, str, str_len);
|
||||||
|
str_len -= strlen(str); str += strlen(str);
|
||||||
|
/* spool DS */
|
||||||
|
if(ta->numDS != 0 && ta->ds_rrset) {
|
||||||
|
struct packed_rrset_data* d=(struct packed_rrset_data*)
|
||||||
|
ta->ds_rrset->entry.data;
|
||||||
|
size_t i;
|
||||||
|
for(i=0; i<d->count; i++) {
|
||||||
|
uint16_t tag = ds_get_keytag(ta->ds_rrset, i);
|
||||||
|
if(numid++ > max_ids) continue;
|
||||||
|
snprintf(str, str_len, " %u", (unsigned)tag);
|
||||||
|
str_len -= strlen(str); str += strlen(str);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
/* spool DNSKEY */
|
||||||
|
if(ta->numDNSKEY != 0 && ta->dnskey_rrset) {
|
||||||
|
struct packed_rrset_data* d=(struct packed_rrset_data*)
|
||||||
|
ta->dnskey_rrset->entry.data;
|
||||||
|
size_t i;
|
||||||
|
for(i=0; i<d->count; i++) {
|
||||||
|
uint16_t tag = dnskey_calc_keytag(ta->dnskey_rrset, i);
|
||||||
|
if(numid++ > max_ids) continue;
|
||||||
|
snprintf(str, str_len, " %u", (unsigned)tag);
|
||||||
|
str_len -= strlen(str); str += strlen(str);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
log_info("insert string [%d] %s", num, str_array[num-1]);
|
||||||
|
lock_basic_unlock(&ta->lock);
|
||||||
|
}
|
||||||
|
lock_basic_unlock(&w->env.anchors->lock);
|
||||||
|
|
||||||
|
chaos_replystr(pkt, str_array, num, edns, w);
|
||||||
|
regional_free_all(w->scratchpad);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Answer CH class queries.
|
* Answer CH class queries.
|
||||||
* @param w: worker
|
* @param w: worker
|
||||||
@ -794,13 +874,13 @@ answer_chaos(struct worker* w, struct query_info* qinfo,
|
|||||||
char buf[MAXHOSTNAMELEN+1];
|
char buf[MAXHOSTNAMELEN+1];
|
||||||
if (gethostname(buf, MAXHOSTNAMELEN) == 0) {
|
if (gethostname(buf, MAXHOSTNAMELEN) == 0) {
|
||||||
buf[MAXHOSTNAMELEN] = 0;
|
buf[MAXHOSTNAMELEN] = 0;
|
||||||
chaos_replystr(pkt, buf, edns, w);
|
chaos_replystr(pkt, (char**)&buf, 1, edns, w);
|
||||||
} else {
|
} else {
|
||||||
log_err("gethostname: %s", strerror(errno));
|
log_err("gethostname: %s", strerror(errno));
|
||||||
chaos_replystr(pkt, "no hostname", edns, w);
|
chaos_replystr(pkt, (char**)&"no hostname", 1, edns, w);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else chaos_replystr(pkt, cfg->identity, edns, w);
|
else chaos_replystr(pkt, &cfg->identity, 1, edns, w);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
if(query_dname_compare(qinfo->qname,
|
if(query_dname_compare(qinfo->qname,
|
||||||
@ -811,10 +891,19 @@ answer_chaos(struct worker* w, struct query_info* qinfo,
|
|||||||
if(cfg->hide_version)
|
if(cfg->hide_version)
|
||||||
return 0;
|
return 0;
|
||||||
if(cfg->version==NULL || cfg->version[0]==0)
|
if(cfg->version==NULL || cfg->version[0]==0)
|
||||||
chaos_replystr(pkt, PACKAGE_STRING, edns, w);
|
chaos_replystr(pkt, (char**)&PACKAGE_STRING, 1, edns, w);
|
||||||
else chaos_replystr(pkt, cfg->version, edns, w);
|
else chaos_replystr(pkt, (char**)&cfg->version, 1, edns, w);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
if(query_dname_compare(qinfo->qname,
|
||||||
|
(uint8_t*)"\013trustanchor\007unbound") == 0)
|
||||||
|
{
|
||||||
|
if(cfg->hide_trustanchor)
|
||||||
|
return 0;
|
||||||
|
chaos_trustanchor(pkt, edns, w);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,3 +1,9 @@
|
|||||||
|
16 March 2017: Wouter
|
||||||
|
- Fix that SHM is not inited if not enabled.
|
||||||
|
- Add trustanchor.unbound CH TXT that gets a response with a number
|
||||||
|
of TXT RRs with a string like "example.com. 2345 1234" with
|
||||||
|
the trust anchors and their keytags.
|
||||||
|
|
||||||
13 March 2017: Wouter
|
13 March 2017: Wouter
|
||||||
- testbound understands Deckard MATCH rcode question answer commands.
|
- testbound understands Deckard MATCH rcode question answer commands.
|
||||||
- Fix #1235: Fix too long DNAME expansion produces SERVFAIL instead
|
- Fix #1235: Fix too long DNAME expansion produces SERVFAIL instead
|
||||||
|
@ -316,6 +316,9 @@ server:
|
|||||||
|
|
||||||
# enable to not answer version.server and version.bind queries.
|
# enable to not answer version.server and version.bind queries.
|
||||||
# hide-version: no
|
# hide-version: no
|
||||||
|
|
||||||
|
# enable to not answer trustanchor.unbound queries.
|
||||||
|
# hide-trustanchor: no
|
||||||
|
|
||||||
# the identity to report. Leave "" or default to return hostname.
|
# the identity to report. Leave "" or default to return hostname.
|
||||||
# identity: ""
|
# identity: ""
|
||||||
|
@ -596,6 +596,9 @@ If enabled version.server and version.bind queries are refused.
|
|||||||
Set the version to report. If set to "", the default, then the package
|
Set the version to report. If set to "", the default, then the package
|
||||||
version is returned.
|
version is returned.
|
||||||
.TP
|
.TP
|
||||||
|
.B hide\-trustanchor: \fI<yes or no>
|
||||||
|
If enabled trustanchor.unbound queries are refused.
|
||||||
|
.TP
|
||||||
.B target\-fetch\-policy: \fI<"list of numbers">
|
.B target\-fetch\-policy: \fI<"list of numbers">
|
||||||
Set the target fetch policy used by unbound to determine if it should fetch
|
Set the target fetch policy used by unbound to determine if it should fetch
|
||||||
nameserver target addresses opportunistically. The policy is described per
|
nameserver target addresses opportunistically. The policy is described per
|
||||||
|
145
testdata/chaos_trustanchor.rpl
vendored
Normal file
145
testdata/chaos_trustanchor.rpl
vendored
Normal file
@ -0,0 +1,145 @@
|
|||||||
|
; config options
|
||||||
|
; The island of trust is at example.com
|
||||||
|
server:
|
||||||
|
trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
|
||||||
|
hide-trustanchor: no
|
||||||
|
val-override-date: "20070916134226"
|
||||||
|
target-fetch-policy: "0 0 0 0 0"
|
||||||
|
fake-sha1: yes
|
||||||
|
|
||||||
|
stub-zone:
|
||||||
|
name: "."
|
||||||
|
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
|
||||||
|
CONFIG_END
|
||||||
|
|
||||||
|
SCENARIO_BEGIN Test chaos trustanchor query
|
||||||
|
|
||||||
|
; K.ROOT-SERVERS.NET.
|
||||||
|
RANGE_BEGIN 0 100
|
||||||
|
ADDRESS 193.0.14.129
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
. IN NS K.ROOT-SERVERS.NET.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
K.ROOT-SERVERS.NET. IN A 193.0.14.129
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
www.example.com. IN A
|
||||||
|
SECTION AUTHORITY
|
||||||
|
com. IN NS a.gtld-servers.net.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
a.gtld-servers.net. IN A 192.5.6.30
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; a.gtld-servers.net.
|
||||||
|
RANGE_BEGIN 0 100
|
||||||
|
ADDRESS 192.5.6.30
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
com. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
com. IN NS a.gtld-servers.net.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
a.gtld-servers.net. IN A 192.5.6.30
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
www.example.com. IN A
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; ns.example.com.
|
||||||
|
RANGE_BEGIN 0 100
|
||||||
|
ADDRESS 1.2.3.4
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; response to DNSKEY priming query
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN DNSKEY
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
|
||||||
|
example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; response to query of interest
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
www.example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
www.example.com. IN A 10.20.30.40
|
||||||
|
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
STEP 1 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
REPLY RD DO
|
||||||
|
SECTION QUESTION
|
||||||
|
trustanchor.unbound. CH TXT
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; recursion happens here.
|
||||||
|
STEP 10 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all
|
||||||
|
REPLY QR RD RA DO NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
trustanchor.unbound. CH TXT
|
||||||
|
SECTION ANSWER
|
||||||
|
trustanchor.unbound. CH TXT "example.com. 2854"
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
SCENARIO_END
|
@ -189,6 +189,7 @@ config_create(void)
|
|||||||
cfg->unwanted_threshold = 0;
|
cfg->unwanted_threshold = 0;
|
||||||
cfg->hide_identity = 0;
|
cfg->hide_identity = 0;
|
||||||
cfg->hide_version = 0;
|
cfg->hide_version = 0;
|
||||||
|
cfg->hide_trustanchor = 0;
|
||||||
cfg->identity = NULL;
|
cfg->identity = NULL;
|
||||||
cfg->version = NULL;
|
cfg->version = NULL;
|
||||||
cfg->auto_trust_anchor_file_list = NULL;
|
cfg->auto_trust_anchor_file_list = NULL;
|
||||||
@ -437,6 +438,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
|
|||||||
else S_STR("pidfile:", pidfile)
|
else S_STR("pidfile:", pidfile)
|
||||||
else S_YNO("hide-identity:", hide_identity)
|
else S_YNO("hide-identity:", hide_identity)
|
||||||
else S_YNO("hide-version:", hide_version)
|
else S_YNO("hide-version:", hide_version)
|
||||||
|
else S_YNO("hide-trustanchor:", hide_trustanchor)
|
||||||
else S_STR("identity:", identity)
|
else S_STR("identity:", identity)
|
||||||
else S_STR("version:", version)
|
else S_STR("version:", version)
|
||||||
else S_STRLIST("root-hints:", root_hints)
|
else S_STRLIST("root-hints:", root_hints)
|
||||||
@ -759,6 +761,7 @@ config_get_option(struct config_file* cfg, const char* opt,
|
|||||||
else O_STR(opt, "pidfile", pidfile)
|
else O_STR(opt, "pidfile", pidfile)
|
||||||
else O_YNO(opt, "hide-identity", hide_identity)
|
else O_YNO(opt, "hide-identity", hide_identity)
|
||||||
else O_YNO(opt, "hide-version", hide_version)
|
else O_YNO(opt, "hide-version", hide_version)
|
||||||
|
else O_YNO(opt, "hide-trustanchor", hide_trustanchor)
|
||||||
else O_STR(opt, "identity", identity)
|
else O_STR(opt, "identity", identity)
|
||||||
else O_STR(opt, "version", version)
|
else O_STR(opt, "version", version)
|
||||||
else O_STR(opt, "target-fetch-policy", target_fetch_policy)
|
else O_STR(opt, "target-fetch-policy", target_fetch_policy)
|
||||||
|
@ -238,6 +238,8 @@ struct config_file {
|
|||||||
int hide_identity;
|
int hide_identity;
|
||||||
/** do not report version (version.server, version.bind) */
|
/** do not report version (version.server, version.bind) */
|
||||||
int hide_version;
|
int hide_version;
|
||||||
|
/** do not report trustanchor (trustanchor.unbound) */
|
||||||
|
int hide_trustanchor;
|
||||||
/** identity, hostname is returned if "". */
|
/** identity, hostname is returned if "". */
|
||||||
char* identity;
|
char* identity;
|
||||||
/** version, package version returned if "". */
|
/** version, package version returned if "". */
|
||||||
|
2858
util/configlexer.c
2858
util/configlexer.c
File diff suppressed because it is too large
Load Diff
@ -302,6 +302,7 @@ do-not-query-localhost{COLON} { YDVAR(1, VAR_DO_NOT_QUERY_LOCALHOST) }
|
|||||||
access-control{COLON} { YDVAR(2, VAR_ACCESS_CONTROL) }
|
access-control{COLON} { YDVAR(2, VAR_ACCESS_CONTROL) }
|
||||||
hide-identity{COLON} { YDVAR(1, VAR_HIDE_IDENTITY) }
|
hide-identity{COLON} { YDVAR(1, VAR_HIDE_IDENTITY) }
|
||||||
hide-version{COLON} { YDVAR(1, VAR_HIDE_VERSION) }
|
hide-version{COLON} { YDVAR(1, VAR_HIDE_VERSION) }
|
||||||
|
hide-trustanchor{COLON} { YDVAR(1, VAR_HIDE_TRUSTANCHOR) }
|
||||||
identity{COLON} { YDVAR(1, VAR_IDENTITY) }
|
identity{COLON} { YDVAR(1, VAR_IDENTITY) }
|
||||||
version{COLON} { YDVAR(1, VAR_VERSION) }
|
version{COLON} { YDVAR(1, VAR_VERSION) }
|
||||||
module-config{COLON} { YDVAR(1, VAR_MODULE_CONF) }
|
module-config{COLON} { YDVAR(1, VAR_MODULE_CONF) }
|
||||||
|
1656
util/configparser.c
1656
util/configparser.c
File diff suppressed because it is too large
Load Diff
@ -235,9 +235,10 @@ extern int yydebug;
|
|||||||
VAR_FAKE_DSA = 445,
|
VAR_FAKE_DSA = 445,
|
||||||
VAR_FAKE_SHA1 = 446,
|
VAR_FAKE_SHA1 = 446,
|
||||||
VAR_LOG_IDENTITY = 447,
|
VAR_LOG_IDENTITY = 447,
|
||||||
VAR_USE_SYSTEMD = 448,
|
VAR_HIDE_TRUSTANCHOR = 448,
|
||||||
VAR_SHM_ENABLE = 449,
|
VAR_USE_SYSTEMD = 449,
|
||||||
VAR_SHM_KEY = 450
|
VAR_SHM_ENABLE = 450,
|
||||||
|
VAR_SHM_KEY = 451
|
||||||
};
|
};
|
||||||
#endif
|
#endif
|
||||||
/* Tokens. */
|
/* Tokens. */
|
||||||
@ -431,9 +432,10 @@ extern int yydebug;
|
|||||||
#define VAR_FAKE_DSA 445
|
#define VAR_FAKE_DSA 445
|
||||||
#define VAR_FAKE_SHA1 446
|
#define VAR_FAKE_SHA1 446
|
||||||
#define VAR_LOG_IDENTITY 447
|
#define VAR_LOG_IDENTITY 447
|
||||||
#define VAR_USE_SYSTEMD 448
|
#define VAR_HIDE_TRUSTANCHOR 448
|
||||||
#define VAR_SHM_ENABLE 449
|
#define VAR_USE_SYSTEMD 449
|
||||||
#define VAR_SHM_KEY 450
|
#define VAR_SHM_ENABLE 450
|
||||||
|
#define VAR_SHM_KEY 451
|
||||||
|
|
||||||
/* Value type. */
|
/* Value type. */
|
||||||
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
|
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
|
||||||
@ -444,7 +446,7 @@ union YYSTYPE
|
|||||||
|
|
||||||
char* str;
|
char* str;
|
||||||
|
|
||||||
#line 448 "util/configparser.h" /* yacc.c:1909 */
|
#line 450 "util/configparser.h" /* yacc.c:1909 */
|
||||||
};
|
};
|
||||||
|
|
||||||
typedef union YYSTYPE YYSTYPE;
|
typedef union YYSTYPE YYSTYPE;
|
||||||
|
@ -137,7 +137,7 @@ extern struct config_parser_state* cfg_parser;
|
|||||||
%token VAR_LOCAL_ZONE_OVERRIDE VAR_ACCESS_CONTROL_TAG_ACTION
|
%token VAR_LOCAL_ZONE_OVERRIDE VAR_ACCESS_CONTROL_TAG_ACTION
|
||||||
%token VAR_ACCESS_CONTROL_TAG_DATA VAR_VIEW VAR_ACCESS_CONTROL_VIEW
|
%token VAR_ACCESS_CONTROL_TAG_DATA VAR_VIEW VAR_ACCESS_CONTROL_VIEW
|
||||||
%token VAR_VIEW_FIRST VAR_SERVE_EXPIRED VAR_FAKE_DSA VAR_FAKE_SHA1
|
%token VAR_VIEW_FIRST VAR_SERVE_EXPIRED VAR_FAKE_DSA VAR_FAKE_SHA1
|
||||||
%token VAR_LOG_IDENTITY
|
%token VAR_LOG_IDENTITY VAR_HIDE_TRUSTANCHOR
|
||||||
%token VAR_USE_SYSTEMD VAR_SHM_ENABLE VAR_SHM_KEY
|
%token VAR_USE_SYSTEMD VAR_SHM_ENABLE VAR_SHM_KEY
|
||||||
|
|
||||||
%%
|
%%
|
||||||
@ -218,7 +218,8 @@ content_server: server_num_threads | server_verbosity | server_port |
|
|||||||
server_qname_minimisation_strict | server_serve_expired |
|
server_qname_minimisation_strict | server_serve_expired |
|
||||||
server_fake_dsa | server_log_identity | server_use_systemd |
|
server_fake_dsa | server_log_identity | server_use_systemd |
|
||||||
server_response_ip_tag | server_response_ip | server_response_ip_data |
|
server_response_ip_tag | server_response_ip | server_response_ip_data |
|
||||||
server_shm_enable | server_shm_key | server_fake_sha1
|
server_shm_enable | server_shm_key | server_fake_sha1 |
|
||||||
|
server_hide_trustanchor
|
||||||
;
|
;
|
||||||
stubstart: VAR_STUB_ZONE
|
stubstart: VAR_STUB_ZONE
|
||||||
{
|
{
|
||||||
@ -726,6 +727,15 @@ server_hide_version: VAR_HIDE_VERSION STRING_ARG
|
|||||||
free($2);
|
free($2);
|
||||||
}
|
}
|
||||||
;
|
;
|
||||||
|
server_hide_trustanchor: VAR_HIDE_TRUSTANCHOR STRING_ARG
|
||||||
|
{
|
||||||
|
OUTYY(("P(server_hide_trustanchor:%s)\n", $2));
|
||||||
|
if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
|
||||||
|
yyerror("expected yes or no.");
|
||||||
|
else cfg_parser->cfg->hide_trustanchor = (strcmp($2, "yes")==0);
|
||||||
|
free($2);
|
||||||
|
}
|
||||||
|
;
|
||||||
server_identity: VAR_IDENTITY STRING_ARG
|
server_identity: VAR_IDENTITY STRING_ARG
|
||||||
{
|
{
|
||||||
OUTYY(("P(server_identity:%s)\n", $2));
|
OUTYY(("P(server_identity:%s)\n", $2));
|
||||||
|
@ -89,6 +89,8 @@ int shm_main_init(struct daemon* daemon)
|
|||||||
/* sanitize */
|
/* sanitize */
|
||||||
if(!daemon)
|
if(!daemon)
|
||||||
return 0;
|
return 0;
|
||||||
|
if(!daemon->cfg->shm_enable)
|
||||||
|
return 1;
|
||||||
if(daemon->cfg->stat_interval == 0)
|
if(daemon->cfg->stat_interval == 0)
|
||||||
log_warn("shm-enable is yes but statistics-interval is 0");
|
log_warn("shm-enable is yes but statistics-interval is 0");
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user