mirror of
https://github.com/NLnetLabs/unbound.git
synced 2024-09-21 06:37:08 +00:00
- Fix #1344: RFC6761-reserved domains: test. and invalid.
git-svn-id: file:///svn/unbound/trunk@4272 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
parent
316f594fa5
commit
c8189d1018
@ -1,3 +1,6 @@
|
||||
11 July 2017: Wouter
|
||||
- Fix #1344: RFC6761-reserved domains: test. and invalid.
|
||||
|
||||
6 July 2017: Wouter
|
||||
- Fix tests to use .tdir (from Manu Bretelle) instead of .tpkg.
|
||||
- Fix svn hooks for tdir (selected if testcode/mini_tdir.sh exists)..
|
||||
|
@ -563,6 +563,8 @@ server:
|
||||
# local-zone: "127.in-addr.arpa." nodefault
|
||||
# local-zone: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." nodefault
|
||||
# local-zone: "onion." nodefault
|
||||
# local-zone: "test." nodefault
|
||||
# local-zone: "invalid." nodefault
|
||||
# local-zone: "10.in-addr.arpa." nodefault
|
||||
# local-zone: "16.172.in-addr.arpa." nodefault
|
||||
# local-zone: "17.172.in-addr.arpa." nodefault
|
||||
|
@ -1048,13 +1048,13 @@ has no other effect than turning off default contents for the
|
||||
given zone. Use \fInodefault\fR if you use exactly that zone, if you want to
|
||||
use a subzone, use \fItransparent\fR.
|
||||
.P
|
||||
The default zones are localhost, reverse 127.0.0.1 and ::1, the onion and
|
||||
the AS112 zones. The AS112 zones are reverse DNS zones for private use and
|
||||
reserved IP addresses for which the servers on the internet cannot provide
|
||||
correct answers. They are configured by default to give nxdomain (no reverse
|
||||
information) answers. The defaults can be turned off by specifying your
|
||||
own local\-zone of that name, or using the 'nodefault' type. Below is a
|
||||
list of the default zone contents.
|
||||
The default zones are localhost, reverse 127.0.0.1 and ::1, the onion, test,
|
||||
invalid and the AS112 zones. The AS112 zones are reverse DNS zones for
|
||||
private use and reserved IP addresses for which the servers on the internet
|
||||
cannot provide correct answers. They are configured by default to give
|
||||
nxdomain (no reverse information) answers. The defaults can be turned off
|
||||
by specifying your own local\-zone of that name, or using the 'nodefault'
|
||||
type. Below is a list of the default zone contents.
|
||||
.TP 10
|
||||
\h'5'\fIlocalhost\fR
|
||||
The IP4 and IP6 localhost information is given. NS and SOA records are provided
|
||||
@ -1104,6 +1104,24 @@ local\-data: "onion. 10800 IN
|
||||
SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
|
||||
.fi
|
||||
.TP 10
|
||||
\h'5'\fItest (RFC 7686)\fR
|
||||
Default content:
|
||||
.nf
|
||||
local\-zone: "test." static
|
||||
local\-data: "test. 10800 IN NS localhost."
|
||||
local\-data: "test. 10800 IN
|
||||
SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
|
||||
.fi
|
||||
.TP 10
|
||||
\h'5'\fIinvalid (RFC 7686)\fR
|
||||
Default content:
|
||||
.nf
|
||||
local\-zone: "invalid." static
|
||||
local\-data: "invalid. 10800 IN NS localhost."
|
||||
local\-data: "invalid. 10800 IN
|
||||
SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
|
||||
.fi
|
||||
.TP 10
|
||||
\h'5'\fIreverse RFC1918 local use zones\fR
|
||||
Reverse data for zones 10.in\-addr.arpa, 16.172.in\-addr.arpa to
|
||||
31.172.in\-addr.arpa, 168.192.in\-addr.arpa.
|
||||
|
@ -719,9 +719,9 @@ lz_nodefault(struct config_file* cfg, const char* name)
|
||||
return 0;
|
||||
}
|
||||
|
||||
/** enter AS112 default zone */
|
||||
/** enter (AS112) empty default zone */
|
||||
static int
|
||||
add_as112_default(struct local_zones* zones, struct config_file* cfg,
|
||||
add_empty_default(struct local_zones* zones, struct config_file* cfg,
|
||||
const char* name)
|
||||
{
|
||||
struct local_zone* z;
|
||||
@ -816,26 +816,24 @@ int local_zone_enter_defaults(struct local_zones* zones, struct config_file* cfg
|
||||
lock_rw_unlock(&z->lock);
|
||||
}
|
||||
/* onion. zone (RFC 7686) */
|
||||
if(!lz_exists(zones, "onion.") &&
|
||||
!lz_nodefault(cfg, "onion.")) {
|
||||
if(!(z=lz_enter_zone(zones, "onion.", "static",
|
||||
LDNS_RR_CLASS_IN)) ||
|
||||
!lz_enter_rr_into_zone(z,
|
||||
"onion. 10800 IN NS localhost.") ||
|
||||
!lz_enter_rr_into_zone(z,
|
||||
"onion. 10800 IN SOA localhost. nobody.invalid. "
|
||||
"1 3600 1200 604800 10800")) {
|
||||
log_err("out of memory adding default zone");
|
||||
if(z) { lock_rw_unlock(&z->lock); }
|
||||
return 0;
|
||||
}
|
||||
lock_rw_unlock(&z->lock);
|
||||
if(!add_empty_default(zones, cfg, "onion.")) {
|
||||
log_err("out of memory adding default zone");
|
||||
return 0;
|
||||
}
|
||||
/* test. zone (RFC 7686) */
|
||||
if(!add_empty_default(zones, cfg, "test.")) {
|
||||
log_err("out of memory adding default zone");
|
||||
return 0;
|
||||
}
|
||||
/* invalid. zone (RFC 7686) */
|
||||
if(!add_empty_default(zones, cfg, "invalid.")) {
|
||||
log_err("out of memory adding default zone");
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* block AS112 zones, unless asked not to */
|
||||
if(!cfg->unblock_lan_zones) {
|
||||
for(zstr = as112_zones; *zstr; zstr++) {
|
||||
if(!add_as112_default(zones, cfg, *zstr)) {
|
||||
if(!add_empty_default(zones, cfg, *zstr)) {
|
||||
log_err("out of memory adding default zone");
|
||||
return 0;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user