Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-7-0]: src Pull up following revision(s) (requested by snj in tick...
details: https://anonhg.NetBSD.org/src/rev/2db60f23d832
branches: netbsd-7-0
changeset: 801288:2db60f23d832
user: sborrill <sborrill%NetBSD.org@localhost>
date: Mon Feb 20 16:27:13 2017 +0000
description:
Pull up following revision(s) (requested by snj in ticket #1363):
doc/3RDPARTY: patch
external/bsd/bind/Makefile.inc: up to 1.25 via patch
external/bsd/bind/dist/CHANGES: up to 1.25
external/bsd/bind/dist/README: up to 1.13
external/bsd/bind/dist/bin/named/query.c: up to 1.23
external/bsd/bind/dist/bin/tests/system/dname/ans3/ans.pl: up to 1.1.1.1
external/bsd/bind/dist/bin/tests/system/dname/ns1/root.db: up to 1.1.1.3
external/bsd/bind/dist/bin/tests/system/dname/tests.sh: up to 1.1.1.5
external/bsd/bind/dist/config.guess: up to 1.2
external/bsd/bind/dist/config.sub: up to 1.2
external/bsd/bind/dist/contrib/dnsperf-2.1.0.0-1/config.guess: up to 1.2
external/bsd/bind/dist/contrib/dnsperf-2.1.0.0-1/config.sub: up to 1.2
external/bsd/bind/dist/contrib/idn/idnkit-1.0-src/config.guess: up to 1.2
external/bsd/bind/dist/contrib/idn/idnkit-1.0-src/config.sub: up to 1.2
external/bsd/bind/dist/contrib/nslint-3.0a2/config.guess: up to 1.2
external/bsd/bind/dist/contrib/nslint-3.0a2/config.sub: up to 1.2
external/bsd/bind/dist/doc/arm/Bv9ARM.ch01.html: up to 1.1.1.23
external/bsd/bind/dist/doc/arm/Bv9ARM.ch02.html: up to 1.1.1.20
external/bsd/bind/dist/doc/arm/Bv9ARM.ch03.html: up to 1.1.1.25
external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html: up to 1.13
external/bsd/bind/dist/doc/arm/Bv9ARM.ch05.html: up to 1.1.1.26
external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html: up to 1.13
external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html: up to 1.13
external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html: up to 1.13
external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html: up to 1.13
external/bsd/bind/dist/doc/arm/Bv9ARM.ch10.html: up to 1.1.1.22
external/bsd/bind/dist/doc/arm/Bv9ARM.ch11.html: up to 1.1.1.11
external/bsd/bind/dist/doc/arm/Bv9ARM.ch12.html: up to 1.1.1.11
external/bsd/bind/dist/doc/arm/Bv9ARM.ch13.html: up to 1.1.1.11
external/bsd/bind/dist/doc/arm/Bv9ARM.html: up to 1.13
external/bsd/bind/dist/doc/arm/Bv9ARM.pdf: up to 1.18
external/bsd/bind/dist/doc/arm/man.arpaname.html: up to 1.13
external/bsd/bind/dist/doc/arm/man.ddns-confgen.html: up to 1.13
external/bsd/bind/dist/doc/arm/man.delv.html: up to 1.13
external/bsd/bind/dist/doc/arm/man.dig.html: up to 1.13
external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html: up to 1.13
external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html: up to 1.13
external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html: up to 1.13
external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html: up to 1.13
external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html: up to 1.13
external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html: up to 1.13
external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html: up to 1.13
external/bsd/bind/dist/doc/arm/man.dnssec-settime.html: up to 1.13
external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html: up to 1.13
external/bsd/bind/dist/doc/arm/man.dnssec-verify.html: up to 1.13
external/bsd/bind/dist/doc/arm/man.genrandom.html: up to 1.13
external/bsd/bind/dist/doc/arm/man.host.html: up to 1.13
external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html: up to 1.13
external/bsd/bind/dist/doc/arm/man.lwresd.html: up to 1.1.1.5
external/bsd/bind/dist/doc/arm/man.named-checkconf.html: up to 1.13
external/bsd/bind/dist/doc/arm/man.named-checkzone.html: up to 1.13
external/bsd/bind/dist/doc/arm/man.named-journalprint.html: up to 1.13
external/bsd/bind/dist/doc/arm/man.named-rrchecker.html: up to 1.13
external/bsd/bind/dist/doc/arm/man.named.conf.html: up to 1.1.1.5
external/bsd/bind/dist/doc/arm/man.named.html: up to 1.13
external/bsd/bind/dist/doc/arm/man.nsec3hash.html: up to 1.13
external/bsd/bind/dist/doc/arm/man.nsupdate.html: up to 1.13
external/bsd/bind/dist/doc/arm/man.rndc-confgen.html: up to 1.13
external/bsd/bind/dist/doc/arm/man.rndc.conf.html: up to 1.13
external/bsd/bind/dist/doc/arm/man.rndc.html: up to 1.13
external/bsd/bind/dist/doc/arm/notes.html: up to 1.1.1.11
external/bsd/bind/dist/doc/arm/notes.pdf: up to 1.1.1.11
external/bsd/bind/dist/doc/arm/notes.xml: up to 1.1.1.11
external/bsd/bind/dist/lib/dns/api: up to 1.13
external/bsd/bind/dist/lib/dns/message.c: up to 1.22
external/bsd/bind/dist/lib/dns/rdataset.c: up to 1.9
external/bsd/bind/dist/lib/dns/resolver.c: up to 1.29
external/bsd/bind/dist/srcid: up to 1.19
external/bsd/bind/dist/unit/atf-src/admin/config.guess: up to 1.2
external/bsd/bind/dist/unit/atf-src/admin/config.sub: up to 1.2
external/bsd/bind/dist/version: up to 1.23
external/bsd/bind/include/isc/platform.h: up to 1.22 via patch
Update BIND to 9.10.4-P6, fixing CVE-2017-3135.
diffstat:
doc/3RDPARTY | 6 +-
external/bsd/bind/Makefile.inc | 6 +-
external/bsd/bind/Makefile.inc.orig | 131 +
external/bsd/bind/dist/CHANGES | 8 +
external/bsd/bind/dist/README | 6 +
external/bsd/bind/dist/bin/named/query.c | 63 +-
external/bsd/bind/dist/bin/tests/system/dname/ans3/ans.pl | 95 +
external/bsd/bind/dist/bin/tests/system/dname/ns1/root.db | 5 +-
external/bsd/bind/dist/bin/tests/system/dname/tests.sh | 25 +-
external/bsd/bind/dist/config.guess | 330 +-
external/bsd/bind/dist/config.sub | 89 +-
external/bsd/bind/dist/contrib/dnsperf-2.1.0.0-1/config.guess | 1341 ++++----
external/bsd/bind/dist/contrib/dnsperf-2.1.0.0-1/config.sub | 517 ++-
external/bsd/bind/dist/contrib/idn/idnkit-1.0-src/config.guess | 1521 +++++----
external/bsd/bind/dist/contrib/idn/idnkit-1.0-src/config.sub | 761 +++-
external/bsd/bind/dist/contrib/nslint-3.0a2/config.guess | 1363 ++++----
external/bsd/bind/dist/contrib/nslint-3.0a2/config.sub | 576 ++-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch01.html | 2 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch02.html | 2 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch03.html | 2 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html | 2 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch05.html | 2 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html | 2 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html | 2 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html | 2 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html | 69 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch10.html | 2 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch11.html | 2 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch12.html | 2 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch13.html | 2 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.html | 6 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.pdf | Bin
external/bsd/bind/dist/doc/arm/man.arpaname.html | 2 +-
external/bsd/bind/dist/doc/arm/man.ddns-confgen.html | 2 +-
external/bsd/bind/dist/doc/arm/man.delv.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dig.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-settime.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html | 2 +-
external/bsd/bind/dist/doc/arm/man.dnssec-verify.html | 2 +-
external/bsd/bind/dist/doc/arm/man.genrandom.html | 2 +-
external/bsd/bind/dist/doc/arm/man.host.html | 2 +-
external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html | 2 +-
external/bsd/bind/dist/doc/arm/man.lwresd.html | 2 +-
external/bsd/bind/dist/doc/arm/man.named-checkconf.html | 2 +-
external/bsd/bind/dist/doc/arm/man.named-checkzone.html | 2 +-
external/bsd/bind/dist/doc/arm/man.named-journalprint.html | 2 +-
external/bsd/bind/dist/doc/arm/man.named-rrchecker.html | 2 +-
external/bsd/bind/dist/doc/arm/man.named.conf.html | 2 +-
external/bsd/bind/dist/doc/arm/man.named.html | 2 +-
external/bsd/bind/dist/doc/arm/man.nsec3hash.html | 2 +-
external/bsd/bind/dist/doc/arm/man.nsupdate.html | 2 +-
external/bsd/bind/dist/doc/arm/man.rndc-confgen.html | 2 +-
external/bsd/bind/dist/doc/arm/man.rndc.conf.html | 2 +-
external/bsd/bind/dist/doc/arm/man.rndc.html | 2 +-
external/bsd/bind/dist/doc/arm/notes.html | 65 +-
external/bsd/bind/dist/doc/arm/notes.pdf | Bin
external/bsd/bind/dist/doc/arm/notes.xml | 68 +-
external/bsd/bind/dist/lib/dns/api | 2 +-
external/bsd/bind/dist/lib/dns/message.c | 8 +-
external/bsd/bind/dist/lib/dns/rdataset.c | 3 +-
external/bsd/bind/dist/lib/dns/resolver.c | 152 +-
external/bsd/bind/dist/srcid | 2 +-
external/bsd/bind/dist/unit/atf-src/admin/config.guess | 700 ++--
external/bsd/bind/dist/unit/atf-src/admin/config.sub | 352 +-
external/bsd/bind/dist/version | 2 +-
external/bsd/bind/include/isc/platform.h.orig | 417 ++
73 files changed, 5410 insertions(+), 3361 deletions(-)
diffs (truncated from 14416 to 300 lines):
diff -r 2977735cd148 -r 2db60f23d832 doc/3RDPARTY
--- a/doc/3RDPARTY Sun Feb 19 05:03:40 2017 +0000
+++ b/doc/3RDPARTY Mon Feb 20 16:27:13 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: 3RDPARTY,v 1.1145.2.18.2.14 2017/02/19 04:59:44 snj Exp $
+# $NetBSD: 3RDPARTY,v 1.1145.2.18.2.15 2017/02/20 16:27:13 sborrill Exp $
#
# This file contains a list of the software that has been integrated into
# NetBSD where we are not the primary maintainer.
@@ -113,8 +113,8 @@
bc includes dc, both of which are in the NetBSD tree.
Package: bind [named and utils]
-Version: 9.10.4-P5
-Current Vers: 9.10.4-P5
+Version: 9.10.4-P6
+Current Vers: 9.10.4-P6
Maintainer: Paul Vixie <vixie%vix.com@localhost>
Archive Site: ftp://ftp.isc.org/isc/bind9/
Home Page: http://www.isc.org/software/bind/
diff -r 2977735cd148 -r 2db60f23d832 external/bsd/bind/Makefile.inc
--- a/external/bsd/bind/Makefile.inc Sun Feb 19 05:03:40 2017 +0000
+++ b/external/bsd/bind/Makefile.inc Mon Feb 20 16:27:13 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.inc,v 1.21.2.1.2.3 2017/01/16 11:56:42 martin Exp $
+# $NetBSD: Makefile.inc,v 1.21.2.1.2.4 2017/02/20 16:27:13 sborrill Exp $
.if !defined(BIND9_MAKEFILE_INC)
BIND9_MAKEFILE_INC=yes
@@ -98,9 +98,9 @@
.if ${MKKERBEROS} != "no"
.if !defined (LIB) || empty(LIB)
LDADD+= -lgssapi -lheimntlm -lkrb5 -lhx509 -lheimbase \
- -lcom_err -lroken -lasn1 -lwind
+ -lcom_err -lroken -lasn1 -lwind -lsqlite3
DPADD+= ${LIBGSSAPI} ${LIBKRB5} ${LIBHX509} ${LIBHEIMNTLM} ${LIBHEIMBASE} \
- ${LIBCOM_ERR} ${LIBROKEN} ${LIBASN1} ${LIBWIND}
+ ${LIBCOM_ERR} ${LIBROKEN} ${LIBASN1} ${LIBWIND} ${LIBSQLITE3}
.else
.for L in gssapi krb5 hx509 heimntlm heimbase com_err roken asn1 wind
LIBDPLIBS+= $L ${NETBSDSRCDIR}/crypto/external/bsd/heimdal/lib/lib$L
diff -r 2977735cd148 -r 2db60f23d832 external/bsd/bind/Makefile.inc.orig
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/external/bsd/bind/Makefile.inc.orig Mon Feb 20 16:27:13 2017 +0000
@@ -0,0 +1,131 @@
+# $NetBSD: Makefile.inc.orig,v 1.1.2.1 2017/02/20 16:27:13 sborrill Exp $
+
+.if !defined(BIND9_MAKEFILE_INC)
+BIND9_MAKEFILE_INC=yes
+
+#NAMED_DEBUG=1
+
+USE_FORT?= yes # network client/server
+
+WARNS?= 1
+
+CWARNFLAGS.clang+= -Wno-unused-value -Wno-parentheses
+
+.include <bsd.own.mk>
+
+.if ${MKCRYPTO} == "no"
+NAMED_USE_OPENSSL?=no
+.else
+NAMED_USE_OPENSSL?=yes
+.endif
+
+.if exists(${NETBSDSRCDIR}/sys/sys/atomic.h)
+NAMED_USE_PTHREADS?=yes
+.else
+NAMED_USE_PTHREADS?=no
+.endif
+
+IDIST= ${NETBSDSRCDIR}/external/bsd/bind/dist
+BIND_SRCDIR= ${NETBSDSRCDIR}/external/bsd/bind
+BIND_HTMLDIR= /usr/share/doc/reference/ref8/bind9
+
+VERSIONFILE=${IDIST}/version
+.include "${VERSIONFILE}"
+
+VERSION=${MAJORVER}.${MINORVER}.${PATCHVER}${RELEASETYPE}${RELEASEVER}
+SYSCONFDIR=/etc
+LOCALSTATEDIR=/var
+
+CPPFLAGS+=-I${BIND_SRCDIR}/include \
+ -I${IDIST} \
+ -I${IDIST}/lib/dns/include \
+ -I${IDIST}/lib/isc/include -I${IDIST}/lib/isc/unix/include \
+ -I${IDIST}/lib/bind9/include \
+ -I${IDIST}/lib/isccfg/include \
+ -I${IDIST}/lib/isccc/include \
+ -I${IDIST}/lib/lwres/include -I${IDIST}/lib/lwres/unix/include \
+ -DNS_LOCALSTATEDIR=\"${LOCALSTATEDIR}\" \
+ -DNS_SYSCONFDIR=\"${SYSCONFDIR}\" \
+ -DSESSION_KEYFILE=\"${LOCALSTATEDIR}/run/named/session.key\" \
+ -DVERSION=\"${VERSION}\" -DBIND9
+
+.if (${USE_INET6} != "no")
+CPPFLAGS+= -DWANT_IPV6
+CPPFLAGS+= -DALLOW_FILTER_AAAA
+.endif
+
+.if defined(HAVE_GCC)
+COPTS+= -Wno-pointer-sign
+.endif
+
+.if defined(NAMED_DEBUG)
+DBG=-g3 -gstabs
+.endif
+
+.if !defined(LIB) || empty(LIB)
+# NOTE: the order of these libraries is important...
+.if defined(NAMED_DEBUG)
+LDADD+= -lbind9_g -llwres_g -lisccfg_g -ldns_g -lisccc_g -lisc_g
+.else
+LDADD+= -lbind9 -llwres -lisccfg -ldns -lisccc -lisc
+DPADD+= ${LIBBIND9} ${LIBDNS} ${LIBLWRES}
+DPADD+= ${LIBISCCFG} ${LIBISCCC} ${LIBISC}
+.endif
+.else
+CPPFLAGS+= -DLIBINTERFACE=${LIBINTERFACE} \
+ -DLIBREVISION=${LIBREVISION} -DLIBAGE=${LIBAGE}
+.endif
+#CPPFLAGS+= -DUSE_MEMIMPREGISTER -DUSE_APPIMPREGISTER -DUSE_SOCKETIMPREGISTER \
+# -DUSE_TIMERIMPREGISTER
+
+.if ${NAMED_USE_PTHREADS} == "yes"
+# XXX: Not ready yet
+# CPPFLAGS+= -DISC_PLATFORM_USE_NATIVE_RWLOCKS
+CPPFLAGS+= -DISC_PLATFORM_USETHREADS
+.if !defined (LIB) || empty(LIB)
+LDADD+= -lpthread
+DPADD+= ${LIBPTHREAD}
+.else
+LIBDPLIBS+= pthread ${NETBSDSRCDIR}/lib/libpthread
+.endif
+.endif
+
+.if ${NAMED_USE_OPENSSL} == "yes"
+CPPFLAGS+=-DOPENSSL -DUSE_ISC_SPNEGO -DHAVE_OPENSSL_GOST -DAES_SIT
+.if ${MKKERBEROS} != "no"
+CPPFLAGS+=-DGSSAPI
+.endif
+.if ${MKKERBEROS} != "no"
+.if !defined (LIB) || empty(LIB)
+LDADD+= -lgssapi -lheimntlm -lkrb5 -lhx509 -lheimbase \
+ -lcom_err -lroken -lasn1 -lwind -lsqlite3
+DPADD+= ${LIBGSSAPI} ${LIBKRB5} ${LIBHX509} ${LIBHEIMNTLM} ${LIBHEIMBASE} \
+ ${LIBCOM_ERR} ${LIBROKEN} ${LIBASN1} ${LIBWIND} ${LIBSQLITE3}
+.else
+.for L in gssapi krb5 hx509 heimntlm heimbase com_err roken asn1 wind
+LIBDPLIBS+= $L ${NETBSDSRCDIR}/crypto/external/bsd/heimdal/lib/lib$L
+.endfor
+.endif
+.endif
+.if !defined (LIB) || empty(LIB)
+LDADD+= -lcrypto -lcrypt
+DPADD+= ${LIBCRYPTO} ${LIBCRYPT}
+.else
+.if exists(${NETBSDSRCDIR}/crypto/external/bsd/openssl/lib/libcrypto)
+LIBDPLIBS+= crypto ${NETBSDSRCDIR}/crypto/external/bsd/openssl/lib/libcrypto
+.else
+LIBDPLIBS+= crypto ${NETBSDSRCDIR}/lib/libcrypto
+.endif
+.endif
+.endif
+
+.if ${NAMED_USE_PTHREADS} == "yes"
+CPPFLAGS+=-DISC_PLATFORM_USETHREADS -I${IDIST}/lib/isc/pthreads/include
+.else
+CPPFLAGS+=-I${IDIST}/lib/isc/nothreads/include
+.endif
+
+.if exists(${.PARSEDIR}/../Makefile.inc)
+.include "${.PARSEDIR}/../Makefile.inc"
+.endif
+.endif
diff -r 2977735cd148 -r 2db60f23d832 external/bsd/bind/dist/CHANGES
--- a/external/bsd/bind/dist/CHANGES Sun Feb 19 05:03:40 2017 +0000
+++ b/external/bsd/bind/dist/CHANGES Mon Feb 20 16:27:13 2017 +0000
@@ -1,3 +1,11 @@
+ --- 9.10.4-P6 released ---
+
+4558. [bug] Synthesised CNAME before matching DNAME was still
+ being cached when it should have been. [RT #44318]
+
+4557. [security] Combining dns64 and rpz can result in dereferencing
+ a NULL pointer (read). (CVE-2017-3135) [RT#44434]
+
--- 9.10.4-P5 released ---
4530. [bug] Change 4489 broke the handling of CNAME -> DNAME
diff -r 2977735cd148 -r 2db60f23d832 external/bsd/bind/dist/README
--- a/external/bsd/bind/dist/README Sun Feb 19 05:03:40 2017 +0000
+++ b/external/bsd/bind/dist/README Mon Feb 20 16:27:13 2017 +0000
@@ -51,6 +51,12 @@
For up-to-date release notes and errata, see
http://www.isc.org/software/bind9/releasenotes
+BIND 9.10.4-P6
+
+ This version contains a fix for CVE-2017-3135, and a bug fix
+ for a regression in CNAME/DNAME caching that was introduced
+ in an earlier security release.
+
BIND 9.10.4-P5
This version contains fixes for CVE-2016-9131, CVE-2016-9147,
diff -r 2977735cd148 -r 2db60f23d832 external/bsd/bind/dist/bin/named/query.c
--- a/external/bsd/bind/dist/bin/named/query.c Sun Feb 19 05:03:40 2017 +0000
+++ b/external/bsd/bind/dist/bin/named/query.c Mon Feb 20 16:27:13 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: query.c,v 1.16.2.3.2.2 2016/10/14 11:42:29 martin Exp $ */
+/* $NetBSD: query.c,v 1.16.2.3.2.3 2017/02/20 16:27:13 sborrill Exp $ */
/*
* Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC")
@@ -6245,7 +6245,7 @@
dns_rpz_st_t *rpz_st;
isc_boolean_t resuming;
int line = -1;
- isc_boolean_t dns64_exclude, dns64;
+ isc_boolean_t dns64_exclude, dns64, rpz;
isc_boolean_t nxrewrite = ISC_FALSE;
isc_boolean_t redirected = ISC_FALSE;
dns_clientinfomethods_t cm;
@@ -6258,6 +6258,7 @@
char mbuf[BUFSIZ];
char qbuf[DNS_NAME_FORMATSIZE];
#endif
+ dns_name_t *rpzqname;
CTRACE(ISC_LOG_DEBUG(3), "query_find");
@@ -6283,7 +6284,7 @@
zone = NULL;
need_wildcardproof = ISC_FALSE;
empty_wild = ISC_FALSE;
- dns64_exclude = dns64 = ISC_FALSE;
+ dns64_exclude = dns64 = rpz = ISC_FALSE;
options = 0;
resuming = ISC_FALSE;
is_zone = ISC_FALSE;
@@ -6473,6 +6474,7 @@
authoritative = ISC_FALSE;
version = NULL;
need_wildcardproof = ISC_FALSE;
+ rpz = ISC_FALSE;
if (client->view->checknames &&
!dns_rdata_checkowner(client->query.qname,
@@ -6614,11 +6616,29 @@
}
/*
- * Now look for an answer in the database.
- */
- result = dns_db_findext(db, client->query.qname, version, type,
+ * Now look for an answer in the database. If this is a dns64
+ * AAAA lookup on a rpz database adjust the qname.
+ */
+ if (dns64 && rpz)
+ rpzqname = client->query.rpz_st->p_name;
+ else
+ rpzqname = client->query.qname;
+
+ result = dns_db_findext(db, rpzqname, version, type,
client->query.dboptions, client->now,
&node, fname, &cm, &ci, rdataset, sigrdataset);
+ /*
+ * Fixup fname and sigrdataset.
+ */
+ if (dns64 && rpz) {
+ isc_result_t rresult;
+
+ rresult = dns_name_copy(client->query.qname, fname, NULL);
+ RUNTIME_CHECK(rresult == ISC_R_SUCCESS);
+ if (sigrdataset != NULL &&
+ dns_rdataset_isassociated(sigrdataset))
+ dns_rdataset_disassociate(sigrdataset);
+ }
if (!is_zone)
dns_cache_updatestats(client->view->cache, result);
@@ -6848,10 +6868,12 @@
case DNS_RPZ_POLICY_NXDOMAIN:
result = DNS_R_NXDOMAIN;
nxrewrite = ISC_TRUE;
+ rpz = ISC_TRUE;
break;
case DNS_RPZ_POLICY_NODATA:
result = DNS_R_NXRRSET;
nxrewrite = ISC_TRUE;
+ rpz = ISC_TRUE;
break;
case DNS_RPZ_POLICY_RECORD:
result = rpz_st->m.result;
@@ -6871,6 +6893,7 @@
rdataset->ttl = ISC_MIN(rdataset->ttl,
rpz_st->m.ttl);
}
Home |
Main Index |
Thread Index |
Old Index