<command>zone</command> Statement Grammar

Prev1.2. Organization of This Document

In this document, In this document, Section 1 introduces the basic and BIND concepts. concepts. Section 2 describes resource requirements for running BIND in various - environments. Information in Section 3 is - task-oriented in its presentation and is organized functionally, to aid in the process of installing the BIND 9 software. The task-oriented section is followed by - Section 4, which contains more advanced concepts that the system administrator may need for implementing certain options. Section 5 describes the BIND 9 lightweight - resolver. The contents of Section 6 are organized as in a reference manual to aid in the ongoing - maintenance of the software. Section 7 addresses security considerations, and - Section 8 contains troubleshooting help. The main body of the document is followed by several - Appendices which contain useful reference - information, such as a Bibliography and historic information related to

To describe:

BIND consists of a consists of a nameserver (or "daemon") called /etc/services. -The resolver is a set of routines residing in a system library that provides the interface that programs can use to access the domain name services.
A nameserver (NS) is a program that stores information about -named resources and responds to queries from programs called resolvers which act as client processes. The basic function of an NS is to provide information about network objects by answering queries.
zones, each starting at a domain and extending down to the leaf domains or to domains where other zones start. Zones usually represent administrative boundaries. For example, -a domain name for a host at the company Example, Inc. would be:
To properly operate a nameserver, it is important to understand -the difference between a zone and a and a domain.
For instance, consider the DNS tree is a tree is a domain, -even if it is terminal, that is, has no , that is, has no subdomains. Every subdomain is a domain and every domain except the root is also a subdomain. The terminology is not intuitive and we suggest @@ -747,29 +822,44 @@ >named.conf file specify zones, not domains. When you ask some other site if it is willing -to be a slave server for your domain, you are actually asking for slave service for some collection of zones.
Each zone will have one Each zone will have one primary master (also -called primary) server which loads the zone contents from some local file edited by humans or perhaps generated mechanically from some other local file which is edited by humans. -There there will be some number of slave (also -called secondary) servers, which load the zone contents using the protocol (that is, the secondary servers will contact the primary and fetch the zone data using TCP). This set of servers — the primary and all of its secondaries — should be -listed in the NS records in the parent zone and will constitute a delegation. This set of servers must also be listed in the zone file itself, usually under the @ name which indicates the name which indicates the top level or or root of the current zone. You can list servers in the zone's top-level @.
Any servers listed in the NS records must be configured as Any servers listed in the NS records must be configured as authoritative for the zone. A server is authoritative for a zone when it has been configured to answer questions for that zone with authority, which @@ -838,17 +940,26 @@ >DNS server can be master for some zones and slave for others or can be only a master, or only a slave, or can serve no zones -and just answer queries via its cache. Master -servers are often also called primaries and -slave servers are often also called secondaries. Both master/primary and slave/secondary servers are authoritative for a zone.
1.4.3.1. Master Server
The The primary master server is the ultimate source of information about a domain. The primary master is an authoritative server configured to be the source of zone transfer for one or more @@ -883,13 +997,19 @@ >1.4.3.2. Slave Server
A A slave server, also called a , also called a secondary server, is an authoritative server that uses zone transfers from the primary master server to retrieve the zone data. Optionally, the slave server obtains zone data from a cache on disk. Slave servers @@ -905,9 +1025,12 @@ >1.4.3.3. Caching Only Server
Some servers are Some servers are caching only servers. This means that the server caches the information that it receives and uses it until the data expires. A caching only server is a server @@ -925,15 +1048,21 @@ >
Instead of interacting with the nameservers for the root and -other domains, a forwarding server always forwards queries it cannot satisfy from its authoritative data or cache to a fixed list of other servers. The forwarded queries are also known -as recursive queries, the same type as a client would send to a server. There may be one or more servers forwarded to, and they are queried in turn until the list is exhausted or an answer @@ -969,9 +1098,12 @@ >1.4.3.5. Stealth Server
A A stealth server is a server that answers authoritatively for a zone, but is not listed in that zone's NS records. Stealth servers can be used as a way to centralize distribution @@ -990,6 +1122,7 @@ >

We use the style:

PrevBIND Resource Requirements

Home

Prev

PrevNameserver Configuration

Home

Prev

PrevAdvanced Concepts

Home

Prev statement.
Updating of secure zones (zones using DNSSEC) is modelled - after the simple-secure-update proposal, a work in progress in the DNS Extensions working group of the IETF. (See rndc halt is is not sufficient). Wait for the server to exit, - then remove the zone's
Setting up different views, or visibility, of DNS space to -internal and external resolvers is usually referred to as a Split DNS setup. There are several reasons an organization would want to set up its DNS this way.
Here is an example of a split DNS setup:
Let's say a company named Let's say a company named Example, Inc. (example.com) has several corporate sites that have an internal network with reserved Internet Protocol (IP) space and an external demilitarized zone (DMZ), or "outside" section of a network, that is available to the public.
Example, Inc. wants its internal clients to be able to resolve external hostnames and to exchange mail with people on the outside. The company also wants its internal resolvers @@ -325,9 +346,12 @@ >, site2.example.com,, site1.internal
In order for all this to work properly, internal clients will -need to be configured to query only the internal nameservers for DNS queries. This could also be enforced via selective filtering on the network.
If everything has been set properly, If everything has been set properly, Example, Inc.'s internal clients will now be able to:
4.4.1. Generate Shared Keys for Each Pair of Hosts
A shared secret is generated to be shared between A shared secret is generated to be shared between host1 and and host2. An arbitrary key name is chosen: "host1-host2.". The key name must be the same on both hosts.
4.4.3. Informing the Servers of the Key's ExistenceImagine Imagine host1 and and host 2 are both servers. The following is added to each server's named.conf file -for host1, if the IP address of , if the IP address of host2 is 10.1.2.3: If If host1 sends a message that is a request -to that address, the message will be signed with the specified key. host1 will expect any responses to signed messages to be signed with the same key. A similar statement must be present in A similar statement must be present in host2's -configuration file (with host1's address) for 's address) for host2 to -sign request messages to host1. Cryptographic authentication of DNS information is possible - through the DNS Security (DNSSEC) extensions, defined in RFC 2535. This section describes the creation and use of DNSSEC signed zones. BIND 9 supports the new - "bitstring" format used in the ip6.arpa domain, as well as the older, deprecated "nibble" format used in - the ip6.int domain. Bitstring labels can start and end on any bit boundary, rather than on a multiple of 4 bits as in the nibble - format. They also use ip6.arpa rather than - ip6.int. To replicate the previous example using bitstrings:

PrevThe BIND 9 Lightweight Resolver

Home

Prev

PrevBIND 9 Configuration Reference

Home

Prev

6.3. Zone File

PhraseAll log output goes to one or more All log output goes to one or more channels; you can make as many of them as you want.

Next
delegation-only	Delegation only. Logs queries that have have +been forced to NXDOMAIN as the result of a delegation-only zone or +a delegation-only in a stub or forward +zone declartation. +

6.2.11. lwres6.2.12. lwres6.2.13. options6.2.14. options This option is obsolete. It was used in This option is obsolete. It was used in This option is obsolete. This option is obsolete. If you need to disable IXFR to a particular server or servers see the information on the 6.2.14.2. Forwarding 6.2.14.4. Interfaces 6.2.14.5. Query Address 6.2.14.7. Resource Limits 6.2.14.8. Periodic Task Intervals Sets the number of seconds to cache a lame server indication. 0 disables caching. (This is -NOTNOT recommended.) Default is 6.2.17. trusted-keys6.2.18. trusted-keys6.2.19. view6.2.20. view] [{ - type ( master | slave | hint | stub | forward ) ; + type ( master | slave | hint | stub | forward | delegation-only ) ; [ allow-notify { ] [ delegation-only yes_or_no ; ] + [ file 6.2.22. zone6.2.22.1. Zone Types delegation-only This is used to enforce the delegation only +status of infrastructure zones (e.g. COM, NET, ORG). Any answer that +is received without a explicit or implict delegation in the authority +section will be treated as NXDOMAIN. This does not apply to the zone +apex. This SHOULD NOT be applied to leaf zones. 6.2.22.2. Class 6.2.22.3. Zone Options delegation-only The flag only applies to forward and stub zones. If set +to yes then the zone will also be treated as if it +is also a delegation-only type zone. + + 6.3. Zone File 6.3.1.1. Resource Records The following are The following are types of valid RRs (some of these listed, although not obsolete, are experimental (x) or historical (h) and no longer in general use): The following The following classes of resource records are currently valid in the DNS: RDATA is the type-dependent or class-dependent data that describes the resource: 6.3.1.2. Textual expression of RRs 6.3.2. Discussion of MX Records must have an associated A record — CNAME is not sufficient. 6.3.4. Inverse Mapping in IPv4 Reverse name resolution (that is, translation from IP address -to name) is achieved by means of the in-addr.arpa domain and PTR records. Entries in the in-addr.arpa domain are made in least-to-most significant order, read left to right. This is the @@ -10917,7 +11039,7 @@ > 6.3.5. Other Zone File Directives 6.3.5.1. The $ORIGIN6.3.5.2. The $INCLUDE6.3.5.3. The $TTL6.3.6. BIND PrevBIND 9 Security Considerations Home Next Prev7.2. chrootIt is a It is a good idea to use ACLs, and to control access to your server. Limiting access to your server by outside parties can help prevent spoofing and DoS attacks against @@ -172,9 +178,12 @@ unless recursion has been previously disabled.For more information on how to use ACLs to protect your server, -see the AUSCERT advisory at 7.2. chrootOn UNIX servers, it is possible to run BIND in a in a chrooted environment (7.2.1. The chroot7.2.2. Using the setuid Next PrevTroubleshootingHome Next Prev8.1. Common Problems 8.2. Incrementing and Changing the Serial Number 8.3. Where Can I Get Help? 8.1. Common Problems 8.1.1. It's not working; how can I figure out what's wrong? 8.2. Incrementing and Changing the Serial Number 8.3. Where Can I Get Help? Next PrevAppendicesHome Next PrevA.1. Acknowledgements A.3. General DNSA.1. Acknowledgements A.1.1. A Brief History of the DNSA.2.1.1. HS = hesiod A.2.1.2. CH = chaos A.3. General DNSDNS to facilitate -scalable Internet routing. There are three types of addresses: Unicast, -an identifier for a single interface; Anycast, -an identifier for a set of interfaces; and Multicast, an identifier for a set of interfaces. Here we describe the global Unicast address scheme. For more information, see RFC 2374. The The Public Topology is provided by the -upstream provider or ISP, and (roughly) corresponds to the IPv4 network section -of the address range. The Site Topology is where you can subnet this space, much the same as subnetting an -IPv4 /16 network into /24 subnets. The Interface Identifier is the address of an individual interface on a given network. (With IPv6, addresses belong to interfaces rather than machines.) . Bibliography Standards [RFC974] [RFC1034] [RFC1035] Proposed Standards [RFC2181] [RFC2308] [RFC1995] [RFC1996] [RFC2136] [RFC2845] Proposed Standards Still Under Development [RFC1886] [RFC2065] [RFC2137] Other Important RFCs About DNS Implementation [RFC1535] [RFC1536] [RFC1982] Resource Record Types [RFC1183] [RFC1706] [RFC2168] [RFC1876] [RFC2052] [RFC2163] [RFC2230] DNS and the Internet [RFC1101] [RFC1123] [RFC1591] [RFC2317] DNS Operations [RFC1537] [RFC1912] [RFC1912] [RFC2010] [RFC2219] Other DNS-related RFCs [RFC1464] [RFC1713] [RFC1794] [RFC2240] [RFC2345] [RFC2352] Obsolete and Unimplemented Experimental RRs [RFC1712] A.4.3. Other Documents About BINDBibliography PrevHome 6.2.11. lwres 6.2.12. lwres 6.2.13. options 6.2.14. options 6.2.17. trusted-keys 6.2.18. trusted-keys 6.2.19. view 6.2.20. view 6.2.22. zone 6.3. Zone File 6.3.2. Discussion of MX Records 6.3.4. Inverse Mapping in IPv4 6.3.5. Other Zone File Directives 6.3.6. BIND 7.2. chroot7.2.1. The chroot 7.2.2. Using the setuid8.1. Common Problems 8.1.1. It's not working; how can I figure out what's wrong? 8.2. Incrementing and Changing the Serial Number 8.3. Where Can I Get Help? A.1. Acknowledgements A.1.1. A Brief History of the DNS A.3. General DNS A.4.3. Other Documents About BIND Next @@ -292,6 +292,7 @@ %token L_DATABASE %token L_DEALLOC_ON_EXIT %token L_DEBUG +%token L_DELEGATION_ONLY %token L_DEFAULT %token L_DENY %token L_DIALUP @@ -4976,6 +4977,10 @@ { $$ = dns_c_zone_forward; } + | L_DELEGATION_ONLY + { + $$ = dns_c_zone_delegationonly; + } ; @@ -6121,6 +6126,7 @@ { "deallocate-on-exit", L_DEALLOC_ON_EXIT }, { "debug", L_DEBUG }, { "default", L_DEFAULT }, + { "delegation-only", L_DELEGATION_ONLY }, { "deny", L_DENY }, { "dialup", L_DIALUP }, { "directory", L_DIRECTORY }, diff -u -r bind-9.1.3/lib/dns/config/confzone.c bind-9.1.3-P1/lib/dns/config/confzone.c --- bind-9.1.3/lib/dns/config/confzone.c Tue Jul 3 18:40:15 2001 +++ bind-9.1.3-P1/lib/dns/config/confzone.c Wed Sep 17 09:37:54 2003 @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. / -/ $Id: confzone.c,v 1.72.2.5 2001/03/13 02:40:20 bwelling Exp $ / +/ $Id: confzone.c,v 1.72.2.5.10.1 2003/09/17 07:19:50 tale Exp $ / #include @@ -95,20 +95,26 @@ #define TZ_MIN_REFRESH_TIME_BIT 12 #define TZ_MAX_REFRESH_TIME_BIT 13 #define TZ_STATISTICS_BIT 14 - +#define TZ_DELEGATION_ONLY_BIT 15 / * Bit positions in the dns_c_forwardzone_t structure setflags field. / #define FZ_CHECK_NAME_BIT 0 #define FZ_FORWARD_BIT 1 - +#define FZ_DELEGATION_ONLY_BIT 2 / * Bit positions in the dns_c_hintzone_t structure setflags field. / #define HZ_CHECK_NAME_BIT 0 +/ + * Bit positions in the dns_c_delegationonlyzone_t structure setflags field. + / +#define DZ_CHECK_NAME_BIT 0 + + static void master_zone_init(dns_c_masterzone_t mzone); @@ -120,6 +126,8 @@ hint_zone_init(dns_c_hintzone_t hzone); static void forward_zone_init(dns_c_forwardzone_t fzone); +static void +delegationonly_zone_init(dns_c_delegationonlyzone_t *dzone); static isc_result_t zone_delete(dns_c_zone_t **zone); static isc_result_t master_zone_clear(isc_mem_t mem, @@ -143,6 +151,8 @@ dns_c_hintzone_t hzone); static void forward_zone_print(FILE fp, int indent, dns_c_forwardzone_t fzone); +static void delegationonly_zone_print(FILE fp, int indent, + dns_c_delegationonlyzone_t dzone); static isc_result_t set_iplist_field(isc_mem_t *mem, dns_c_iplist_t **dest, dns_c_iplist_t src, @@ -173,6 +183,27 @@ return (NULL); } +static const char +zonetype_totext(dns_c_zonetype_t ztype) { + switch (ztype) { + case dns_c_zone_master: + return "master"; + case dns_c_zone_slave: + return "slave"; + case dns_c_zone_stub: + return "stub"; + case dns_c_zone_forward: + return "forward"; + case dns_c_zone_hint: + return "hint"; + case dns_c_zone_delegationonly: + return "delegation-only"; + default: + INSIST(0); + } + return (NULL); +}; + isc_result_t dns_c_zonelist_new(isc_mem_t *mem, dns_c_zonelist_t **zlist) { dns_c_zonelist_t list; @@ -488,6 +519,10 @@ case dns_c_zone_forward: forward_zone_init(&newzone->u.fzone); break; + + case dns_c_zone_delegationonly: + delegationonly_zone_init(&newzone->u.dzone); + break; } zone = newzone; @@ -554,37 +589,35 @@ } fprintf(fp, " {\n"); + dns_c_printtabs(fp, indent + 1); + fprintf(fp, "type %s;\n", zonetype_totext(zone->ztype)); switch (zone->ztype) { case dns_c_zone_master: - dns_c_printtabs(fp, indent + 1); - fprintf(fp, "type master;\n"); master_zone_print(fp, indent + 1, &zone->u.mzone); break; case dns_c_zone_slave: - dns_c_printtabs(fp, indent + 1); - fprintf(fp, "type slave;\n"); slave_zone_print(fp, indent + 1, &zone->u.szone); break; case dns_c_zone_stub: - dns_c_printtabs(fp, indent + 1); - fprintf(fp, "type stub;\n"); stub_zone_print(fp, indent + 1, &zone->u.tzone); break; case dns_c_zone_hint: - dns_c_printtabs(fp, indent + 1); - fprintf(fp, "type hint;\n"); hint_zone_print(fp, indent + 1, &zone->u.hzone); break; case dns_c_zone_forward: - dns_c_printtabs(fp, indent + 1); - fprintf(fp, "type forward;\n"); forward_zone_print(fp, indent + 1, &zone->u.fzone); break; + + case dns_c_zone_delegationonly: + delegationonly_zone_print(fp, indent + 1, &zone->u.dzone); + break; + default: + INSIST(0); } if (zone->database != NULL) { @@ -691,6 +724,7 @@ checknameserror, zone->name); if (zone->ztype != dns_c_zone_forward && + zone->ztype != dns_c_zone_delegationonly && dns_c_zone_getpubkeylist(zone, &pklist) == ISC_R_SUCCESS) isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_WARNING, @@ -774,6 +808,9 @@ break; case dns_c_zone_hint: + /* + * XXXDCL why does this block set p but then fail silently? + / #if 1 p = zone->u.hzone.pubkeylist; #else @@ -784,9 +821,11 @@ return (ISC_R_FAILURE); case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a pubkey field"); + "%s zones do not have a pubkey field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -831,9 +870,11 @@ break; case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a file field"); + "%s zones do not have a file field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -883,9 +924,11 @@ break; case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a file field"); + "%s zones do not have a file field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -943,6 +986,12 @@ bits = &zone->u.fzone.setflags; bit = FZ_CHECK_NAME_BIT; break; + + case dns_c_zone_delegationonly: + p = &zone->u.dzone.check_names; + bits = &zone->u.dzone.setflags; + bit = DZ_CHECK_NAME_BIT; + break; } if (DNS_C_CHECKBIT(bit, bits)) { @@ -1002,6 +1051,11 @@ bits = &zone->u.fzone.setflags; bit = FZ_CHECK_NAME_BIT; break; + case dns_c_zone_delegationonly: + p = &zone->u.dzone.check_names; + bits = &zone->u.dzone.setflags; + bit = DZ_CHECK_NAME_BIT; + break; } if (DNS_C_CHECKBIT(bit, bits)) { @@ -1014,6 +1068,99 @@ return (res); } +/ + * + / + +isc_result_t +dns_c_zone_setdelegationonly(dns_c_zone_t zone, isc_boolean_t only) { + dns_c_setbits_t bits = NULL; + int bit = 0; + isc_result_t res; + + REQUIRE(DNS_C_ZONE_VALID(zone)); + + switch (zone->ztype) { + case dns_c_zone_stub: + bits = &zone->u.tzone.setflags; + bit = TZ_DELEGATION_ONLY_BIT; + break; + + case dns_c_zone_forward: + bits = &zone->u.fzone.setflags; + bit = FZ_DELEGATION_ONLY_BIT; + break; + + case dns_c_zone_master: + case dns_c_zone_slave: + case dns_c_zone_hint: + case dns_c_zone_delegationonly: + isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, + DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, + "%s zones do not have a delegation-only option", + zonetype_totext(zone->ztype)); + return (ISC_R_FAILURE); + } + + if (DNS_C_CHECKBIT(bit, bits)) { + res = ISC_R_EXISTS; + } else { + res = ISC_R_SUCCESS; + } + + if (only) + DNS_C_SETBIT(bit, bits); + else + DNS_C_CLEARBIT(bit, bits); + + return (res); +} + +/ + * + / + +isc_result_t +dns_c_zone_getdelegationonly(dns_c_zone_t zone, isc_boolean_t retval) { + dns_c_setbits_t bits = NULL; + int bit = 0; + isc_result_t res; + + REQUIRE(DNS_C_ZONE_VALID(zone)); + + switch (zone->ztype) { + case dns_c_zone_stub: + bits = &zone->u.tzone.setflags; + bit = TZ_DELEGATION_ONLY_BIT; + break; + + case dns_c_zone_forward: + bits = &zone->u.fzone.setflags; + bit = FZ_DELEGATION_ONLY_BIT; + break; + + case dns_c_zone_master: + case dns_c_zone_slave: + case dns_c_zone_hint: + case dns_c_zone_delegationonly: + isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, + DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, + "%s zones do not have a delegation-only option", + zonetype_totext(zone->ztype)); + return (ISC_R_FAILURE); + } + + if (DNS_C_CHECKBIT(bit, bits)) { + retval = ISC_TRUE; + res = ISC_R_EXISTS; + } else { + retval = ISC_FALSE; + res = ISC_R_NOTFOUND; + } + + return (res); +} + /* * @@ -1045,17 +1192,13 @@ break; case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have " - "an allow_update_forwarding field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have an " - "allow_update_forwarding field"); + "%s zones do not have an " + "allow_update_forwarding field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -1099,17 +1242,13 @@ break; case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have an " - "allow_update_forwarding field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have an " - "allow_update_forwarding field"); + "%s zones do not have an " + "allow_update_forwarding field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -1140,29 +1279,15 @@ p = &zone->u.mzone.ssuauth; break; - case dns_c_zone_slave: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "slave zones do not have an ssuauth field"); - break; - case dns_c_zone_stub: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "stub zones do not have an ssuauth field"); - break; - case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have an ssuauth field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_slave: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have an " - "ssuauth field"); + "%s zones do not have an ssuauth field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -1192,29 +1317,16 @@ break; case dns_c_zone_slave: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "slave zones do not have an ssuauth field"); - break; - case dns_c_zone_stub: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "stub zones do not have an ssuauth field"); - break; - case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have an ssuauth field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have an " - "ssuauth field"); + "%s zones do not have an ssuauth field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); + } if (p != NULL) { @@ -1252,23 +1364,15 @@ break; case dns_c_zone_stub: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "stub zones do not have an allow_notify field"); - return (ISC_R_FAILURE); - case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have an allow_notify field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have an " - "allow_notify field"); + "%s zones do not have an allow_notify field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); + } existed = (p != NULL ? ISC_TRUE : ISC_FALSE); @@ -1307,22 +1411,13 @@ break; case dns_c_zone_stub: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "stub zones do not have an allow_notify field"); - return (ISC_R_FAILURE); - case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have an allow_notify field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have an " - "allow_notify field"); + "%s zones do not have an allow_notify field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -1362,16 +1457,12 @@ break; case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have an allow_query field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have an " - "allow_query field"); + "%s zones do not have an allow_query field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -1413,16 +1504,12 @@ break; case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have an allow_query field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have an " - "allow_query field"); + "%s zones do not have an allow_query field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -1467,17 +1554,13 @@ break; case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have an " - "allow_transfer field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have an " - "allow_transfer field"); + "%s zones do not have an " + "allow_transfer field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -1519,17 +1602,13 @@ break; case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have an " - "allow_transfer field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have an " - "allow_transfer field"); + "%s zones do not have an " + "allow_transfer field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -1574,14 +1653,12 @@ DNS_C_SETBIT(TZ_STATISTICS_BIT, &zone->u.tzone.setflags); break; case dns_c_zone_forward: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a statistics field"); - return (ISC_R_FAILURE); case dns_c_zone_hint: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a statistics field"); + "%s zones do not have a statistics field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } return (existed ? ISC_R_EXISTS : ISC_R_SUCCESS); @@ -1626,15 +1703,12 @@ break; case dns_c_zone_forward: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a statistics field"); - return (ISC_R_FAILURE); - case dns_c_zone_hint: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a statistics field"); + "%s zones do not have a statistics field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -1696,15 +1770,12 @@ break; case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a dialup field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a dialup field"); + "%s zones do not have a dialup field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -1752,15 +1823,12 @@ break; case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a dialup field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a dialup field"); + "%s zones do not have a dialup field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -1794,21 +1862,12 @@ break; case dns_c_zone_stub: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "stub zones do not have a notify field"); - return (ISC_R_FAILURE); - case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a notify field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a notify field"); + "stub zones do not have a notify field"); return (ISC_R_FAILURE); } @@ -1844,21 +1903,12 @@ break; case dns_c_zone_stub: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "stub zones do not have a notify field"); - return (ISC_R_FAILURE); - case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a notify field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a notify field"); + "stub zones do not have a notify field"); return (ISC_R_FAILURE); } @@ -1899,21 +1949,13 @@ break; case dns_c_zone_stub: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "stub zones do not have a also_notify field"); - return (ISC_R_FAILURE); - case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a also_notify field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a also_notify field"); + "%s zones do not have a also_notify field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -1949,21 +1991,13 @@ break; case dns_c_zone_stub: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "stub zones do not have a also_notify field"); - return (ISC_R_FAILURE); - case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a also_notify field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a also_notify field"); + "%s zones do not have a also_notify field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -2005,24 +2039,13 @@ break; case dns_c_zone_stub: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "stub zones do not have a " - "maintain-xfer-base field"); - return (ISC_R_FAILURE); - case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a " - "maintain-xfer-base field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a " - "maintain-xfer-base field"); + "%s zones do not have a maint-xfer-base field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -2058,24 +2081,13 @@ break; case dns_c_zone_stub: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "stub zones do not have a " - "maint_ixfr_base field"); - return (ISC_R_FAILURE); - case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a " - "maint_ixfr_base field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a " - "maint_ixfr_base field"); + "%s zones do not have a maint_xfer_base field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -2112,21 +2124,13 @@ break; case dns_c_zone_stub: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "stub zones do not have an ixfr_base field"); - return (ISC_R_FAILURE); - case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have an ixfr_base field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have an ixfr-base field"); + "%s zones do not have an ixfer_base field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -2168,21 +2172,13 @@ break; case dns_c_zone_stub: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "stub zones do not have an ixfr_base field"); - return (ISC_R_FAILURE); - case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have an ixfr_base field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have an ixfr_base field"); + "%s zones do not have an ixfer_base field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -2219,21 +2215,13 @@ break; case dns_c_zone_stub: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "stub zones do not have an ixfr_tmp field"); - return (ISC_R_FAILURE); - case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have an ixfr_tmp field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have an ixfr_tmp field"); + "%s zones do not have an ixfer_tmp field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -2274,22 +2262,14 @@ p = zone->u.szone.ixfr_tmp; break; - case dns_c_zone_stub: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "stub zones do not have an ixfr_tmp field"); - return (ISC_R_FAILURE); - - case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have an ixfr_tmp field"); - return (ISC_R_FAILURE); - + case dns_c_zone_stub: + case dns_c_zone_hint: case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have an ixfr_tmp field"); + "%s zones do not have an ixfer_tmp field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -2333,6 +2313,9 @@ break; case dns_c_zone_hint: + / + * XXXDCL why does this set p and then fail silently? + / #if 1 p = &zone->u.hzone.pubkeylist; #else @@ -2343,9 +2326,11 @@ return (ISC_R_FAILURE); case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a pubkey field"); + "%s zones do not have a pubkey field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -2395,16 +2380,12 @@ break; case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a master_port field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a " - "master_port field"); + "%s zones do not have a master-port field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -2452,16 +2433,12 @@ break; case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a master_port field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a " - "master_port field"); + "%s zones do not have a master-port field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -2509,15 +2486,12 @@ break; case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a master_ips field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a master_ips field"); + "%s zones do not have a master_ips field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -2562,15 +2536,12 @@ break; case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a master_ips field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a master_ips field"); + "%s zones do not have a master_ips field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -2611,17 +2582,12 @@ break; case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a " - "transfer_source field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a " - "transfer_source field"); + "%s zones do not have a transfer_source field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -2675,17 +2641,12 @@ break; case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a " - "transfer_source field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a " - "transfer_source field"); + "%s zones do not have a transfer_source field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -2729,17 +2690,13 @@ break; case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a " - "transfer_source_v6 field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a " - "transfer_source_v6 field"); + "%s zones do not have a " + "transfer_source_v6 field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -2793,17 +2750,13 @@ break; case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a " - "transfer_source_v6 field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a " - "transfer_source_v6 field"); + "%s zones do not have a " + "transfer_source_v6 field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -2837,24 +2790,13 @@ break; case dns_c_zone_stub: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "stub zones do not have a " - "notify_source field"); - return (ISC_R_FAILURE); - case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a " - "notify_source field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a " - "notify_source field"); + "%s zones do not have a notify_source field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -2897,24 +2839,13 @@ break; case dns_c_zone_stub: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "stub zones do not have a " - "notify_source field"); - return (ISC_R_FAILURE); - case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a " - "notify_source field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a " - "notify_source field"); + "%s zones do not have a notify_source field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -2950,24 +2881,13 @@ break; case dns_c_zone_stub: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "stub zones do not have a " - "notify_source_v6 field"); - return (ISC_R_FAILURE); - case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a " - "notify_source_v6 field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a " - "notify_source_v6 field"); + "%s zones do not have a notify_source_v6 field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -3010,24 +2930,13 @@ break; case dns_c_zone_stub: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "stub zones do not have a " - "notify_source_v6 field"); - return (ISC_R_FAILURE); - case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a " - "notify_source_v6 field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a " - "notify_source_v6 field"); + "%s zones do not have a notify_source_v6 field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -3070,17 +2979,13 @@ break; case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a " - "max_trans_time_in field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a " - "max_trans_time_in field"); + "%s zones do not have a " + "max_trans_time_in field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -3128,17 +3033,13 @@ break; case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a " - "max_trans_time_in field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a " - "max_trans_time_in field"); + "%s zones do not have a " + "max_trans_time_in field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -3174,24 +3075,14 @@ break; case dns_c_zone_stub: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "stub zones do not have a " - "max_trans_time_out field"); - return (ISC_R_FAILURE); - case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a " - "max_trans_time_out field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a " - "max_trans_time_out field"); + "%s zones do not have a " + "max_trans_time_out field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -3232,24 +3123,14 @@ break; case dns_c_zone_stub: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "stub zones do not have a " - "max_trans_time_out field"); - return (ISC_R_FAILURE); - case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a " - "max_trans_time_out field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a " - "max_trans_time_out field"); + "%s zones do not have a " + "max_trans_time_out field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -3292,17 +3173,13 @@ break; case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a " - "max_trans_idle_in field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a " - "max_trans_idle_in field"); + "%s zones do not have a " + "max_trans_idle_in field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -3350,17 +3227,13 @@ break; case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a " - "max_trans_idle_in field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a " - "max_trans_idle_in field"); + "%s zones do not have a " + "max_trans_idle_in field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -3396,24 +3269,14 @@ break; case dns_c_zone_stub: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "stub zones do not have a " - "max_trans_idle_out field"); - return (ISC_R_FAILURE); - case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a " - "max_trans_idle_out field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a " - "max_trans_idle_out field"); + "%s zones do not have a " + "max_trans_idle_out field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -3455,24 +3318,14 @@ break; case dns_c_zone_stub: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "stub zones do not have a " - "max_trans_idle_out field"); - return (ISC_R_FAILURE); - case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a " - "max_trans_idle_out field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a " - "max_trans_idle_out field"); + "%s zones do not have a " + "max_trans_idle_out field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -3500,31 +3353,15 @@ break; case dns_c_zone_slave: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "slave zones do not have a " - "sig_valid_interval field"); - return (ISC_R_FAILURE); - case dns_c_zone_stub: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "stub zones do not have a " - "sig_valid_interval field"); - return (ISC_R_FAILURE); - case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a " - "sig_valid_interval field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a " - "sig_valid_interval field"); + "%s zones do not have a " + "sig_valid_interval field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -3556,31 +3393,15 @@ case dns_c_zone_slave: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "slave zones do not have a " - "sig_valid_interval field"); - return (ISC_R_FAILURE); - case dns_c_zone_stub: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "stub zones do not have a " - "sig_valid_interval field"); - return (ISC_R_FAILURE); - case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a " - "sig_valid_interval field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a " - "sig_valid_interval field"); + "%s zones do not have a " + "sig_valid_interval field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -3620,17 +3441,12 @@ break; case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a " - "min_retry_time field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a " - "min_retry_time field"); + "%s zones do not have a min_retry_time field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -3682,17 +3498,12 @@ break; case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a " - "min_retry_time field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a " - "min_retry_time field"); + "%s zones do not have a min_retry_time field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -3732,17 +3543,12 @@ break; case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a " - "max_retry_time field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a " - "max_retry_time field"); + "%s zones do not have a max_retry_time field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -3794,17 +3600,12 @@ break; case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a " - "max_retry_time field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a " - "max_retry_time field"); + "%s zones do not have a max_retry_time field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -3844,17 +3645,12 @@ break; case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a " - "min_refresh_time field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a " - "min_refresh_time field"); + "%s zones do not have a min_refresh_time field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -3906,17 +3702,12 @@ break; case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a " - "min_refresh_time field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a " - "min_refresh_time field"); + "%s zones do not have a min_refresh_time field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -3956,17 +3747,12 @@ break; case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a " - "max_refresh_time field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a " - "max_refresh_time field"); + "%s zones do not have a max_refresh_time field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -4018,17 +3804,12 @@ break; case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a " - "max_refresh_time field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a " - "max_refresh_time field"); + "%s zones do not have a max_refresh_time field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -4062,22 +3843,13 @@ break; case dns_c_zone_stub: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "stub zones do not have a max-ixfr-log field"); - return (ISC_R_FAILURE); - case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a max-ixfr-log field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a " - "max-ixfr-log field"); + "%s zones do not have a max_ixfr_log field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -4122,22 +3894,13 @@ break; case dns_c_zone_stub: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "stub zones do not have a max_ixfr_log field"); - return (ISC_R_FAILURE); - case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a max_ixfr_log field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have a " - "max_ixfr_log field"); + "%s zones do not have a max_ixfr_log field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -4185,9 +3948,11 @@ break; case dns_c_zone_hint: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a forward field"); + "%s zones do not have a forward field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); case dns_c_zone_forward: @@ -4242,9 +4007,11 @@ break; case dns_c_zone_hint: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a forward field"); + "%s zones do not have a forward field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); case dns_c_zone_forward: @@ -4294,9 +4061,11 @@ break; case dns_c_zone_hint: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a forwarders field"); + "%s zones do not have a forwarders field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); case dns_c_zone_forward: @@ -4354,9 +4123,11 @@ break; case dns_c_zone_hint: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have a forwarders field"); + "%s zones do not have a forwarders field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); case dns_c_zone_forward: @@ -4403,16 +4174,12 @@ break; case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have an allow_update field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have an " - "allow_update field"); + "%s zones do not have an allow_update field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -4454,16 +4221,12 @@ break; case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have an allow_update field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have an " - "allow_update field"); + "%s zones do not have an allow_update field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -4502,16 +4265,12 @@ break; case dns_c_zone_hint: - isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, - DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "hint zones do not have an allow_update field"); - return (ISC_R_FAILURE); - case dns_c_zone_forward: + case dns_c_zone_delegationonly: isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG, DNS_LOGMODULE_CONFIG, ISC_LOG_CRITICAL, - "forward zones do not have an " - "allow_update field"); + "%s zones do not have an allow_update field", + zonetype_totext(zone->ztype)); return (ISC_R_FAILURE); } @@ -5343,6 +5102,22 @@ } } +/ + * + / + +static void +delegationonly_zone_print(FILE fp, int indent, + dns_c_delegationonlyzone_t dzone) { + REQUIRE(dzone != NULL); + + if (DNS_C_CHECKBIT(DZ_CHECK_NAME_BIT, &dzone->setflags)) { + dns_c_printtabs(fp, indent); + fprintf(fp, "check-names %s;\n", + dns_c_nameseverity2string(dzone->check_names, + ISC_TRUE)); + } +} / * @@ -5440,6 +5215,14 @@ memset(&fzone->setflags, 0x0, sizeof (fzone->setflags)); } +/* + * + / +static void +delegationonly_zone_init(dns_c_delegationonlyzone_t dzone) { + REQUIRE(dzone != NULL); + memset(&dzone->setflags, 0x0, sizeof(dzone->setflags)); +} /* * @@ -5488,6 +5271,10 @@ case dns_c_zone_forward: res = forward_zone_clear(z->mem, &z->u.fzone); break; + + case dns_c_zone_delegationonly: + /* Nothing. / + break; } z->magic = 0; @@ -5748,4 +5535,3 @@ return (res); } - diff -u -r bind-9.1.3/lib/dns/include/dns/confcommon.h bind-9.1.3-P1/lib/dns/include/dns/confcommon.h --- bind-9.1.3/lib/dns/include/dns/confcommon.h Tue Jul 3 18:41:06 2001 +++ bind-9.1.3-P1/lib/dns/include/dns/confcommon.h Wed Sep 17 09:40:12 2003 @@ -15,7 +15,7 @@ WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. / -/ $Id: confcommon.h,v 1.31.4.1 2001/01/09 22:45:13 bwelling Exp $ / +/ $Id: confcommon.h,v 1.31.4.1.10.1 2003/09/17 07:19:50 tale Exp $ / #ifndef DNS_CONFCOMMON_H #define DNS_CONFCOMMON_H 1 @@ -141,7 +141,8 @@ dns_c_zone_slave, dns_c_zone_hint, dns_c_zone_stub, - dns_c_zone_forward + dns_c_zone_forward, + dns_c_zone_delegationonly } dns_c_zonetype_t; diff -u -r bind-9.1.3/lib/dns/include/dns/confzone.h bind-9.1.3-P1/lib/dns/include/dns/confzone.h --- bind-9.1.3/lib/dns/include/dns/confzone.h Tue Jul 3 18:41:09 2001 +++ bind-9.1.3-P1/lib/dns/include/dns/confzone.h Wed Sep 17 09:40:17 2003 @@ -15,7 +15,7 @@ WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. / -/ $Id: confzone.h,v 1.50.2.1 2001/01/09 22:45:28 bwelling Exp $ / +/ $Id: confzone.h,v 1.50.2.1.10.1 2003/09/17 07:19:50 tale Exp $ / #ifndef DNS_CONFZONE_H #define DNS_CONFZONE_H 1 @@ -76,11 +76,10 @@ typedef struct dns_c_stub_zone dns_c_stubzone_t; typedef struct dns_c_forward_zone dns_c_forwardzone_t; typedef struct dns_c_hint_zone dns_c_hintzone_t; +typedef struct dns_c_delegationonlyzone dns_c_delegationonlyzone_t; typedef struct dns_c_zone dns_c_zone_t; typedef struct dns_c_zonelem dns_c_zonelem_t; - - struct dns_c_zonelem { dns_c_zone_t thezone; ISC_LINK(dns_c_zonelem_t) next; @@ -214,6 +213,12 @@ dns_c_setbits_t setflags; }; +struct dns_c_delegationonlyzone { + dns_severity_t check_names; + dns_c_setbits_t setflags; +}; + + struct dns_c_zone { isc_int32_t magic; @@ -235,6 +240,7 @@ dns_c_stubzone_t tzone; dns_c_forwardzone_t fzone; dns_c_hintzone_t hzone; + dns_c_delegationonlyzone_t dzone; } u; }; @@ -299,6 +305,11 @@ dns_severity_t severity); isc_result_t dns_c_zone_getchecknames(dns_c_zone_t zone, dns_severity_t retval); + +isc_result_t dns_c_zone_setdelegationonly(dns_c_zone_t zone, + isc_boolean_t only); +isc_result_t dns_c_zone_getdelegationonly(dns_c_zone_t zone, + isc_boolean_t retval); isc_result_t dns_c_zone_setallowupdateforwarding(dns_c_zone_t zone, diff -u -r bind-9.1.3/lib/dns/include/dns/log.h bind-9.1.3-P1/lib/dns/include/dns/log.h --- bind-9.1.3/lib/dns/include/dns/log.h Tue Jul 3 18:41:12 2001 +++ bind-9.1.3-P1/lib/dns/include/dns/log.h Wed Sep 17 09:40:24 2003 @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. / -/ $Id: log.h,v 1.26.4.2 2001/01/11 20:06:59 bwelling Exp $ / +/ $Id: log.h,v 1.26.4.2.10.1 2003/09/17 07:19:51 tale Exp $ / / Principal Authors: DCL / @@ -39,6 +39,7 @@ #define DNS_LOGCATEGORY_XFER_OUT (&dns_categories[7]) #define DNS_LOGCATEGORY_DISPATCH (&dns_categories[8]) #define DNS_LOGCATEGORY_LAME_SERVERS (&dns_categories[9]) +#define DNS_LOGCATEGORY_DELEGATION_ONLY (&dns_categories[10]) / Backwards compatibility. / #define DNS_LOGCATEGORY_GENERAL ISC_LOGCATEGORY_GENERAL diff -u -r bind-9.1.3/lib/dns/include/dns/view.h bind-9.1.3-P1/lib/dns/include/dns/view.h --- bind-9.1.3/lib/dns/include/dns/view.h Tue Jul 3 18:41:20 2001 +++ bind-9.1.3-P1/lib/dns/include/dns/view.h Wed Sep 17 09:40:42 2003 @@ -15,7 +15,7 @@ WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. / -/ $Id: view.h,v 1.61.2.1 2001/01/09 22:46:28 bwelling Exp $ / +/ $Id: view.h,v 1.61.2.1.10.1 2003/09/17 07:19:51 tale Exp $ / #ifndef DNS_VIEW_H #define DNS_VIEW_H 1 @@ -115,6 +115,7 @@ dns_ttl_t maxncachettl; in_port_t dstport; char cachefile; + dns_namelist_t * delonly; /* * Configurable data for server use only, @@ -680,6 +681,35 @@ * ISC_R_IGNORE No cachefile was specified. * others An error occurred (see dns_master_dump) / + +isc_result_t +dns_view_adddelegationonly(dns_view_t view, dns_name_t name); +/ + * Add the given name to the delegation only table. + * + * Requires: + * 'view' is valid. + * 'name' is valid. + * + * Returns: + * ISC_R_SUCCESS + * ISC_R_NOMEMORY + / + +isc_boolean_t +dns_view_isdelegationonly(dns_view_t view, dns_name_t name); +/ + * Check if 'name' is in the delegation only table. + * + * Requires: + * 'view' is valid. + * 'name' is valid. + * + * Returns: + * ISC_TRUE if the name is is the table. + * ISC_FALSE othewise. + / + ISC_LANG_ENDDECLS diff -u -r bind-9.1.3/lib/dns/log.c bind-9.1.3-P1/lib/dns/log.c --- bind-9.1.3/lib/dns/log.c Tue Jul 3 18:40:28 2001 +++ bind-9.1.3-P1/lib/dns/log.c Wed Sep 17 09:39:10 2003 @@ -15,7 +15,7 @@ WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. / -/ $Id: log.c,v 1.29.4.2 2001/01/11 20:06:56 bwelling Exp $ / +/ $Id: log.c,v 1.29.4.2.10.1 2003/09/17 07:19:47 tale Exp $ / / Principal Authors: DCL / @@ -40,6 +40,7 @@ { "xfer-out", 0 }, { "dispatch", 0 }, { "lame-servers", 0 }, + { "delegation-only", 0 }, { NULL, 0 } }; diff -u -r bind-9.1.3/lib/dns/ncache.c bind-9.1.3-P1/lib/dns/ncache.c --- bind-9.1.3/lib/dns/ncache.c Tue Jul 3 18:40:36 2001 +++ bind-9.1.3-P1/lib/dns/ncache.c Wed Sep 17 09:39:24 2003 @@ -15,7 +15,7 @@ WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. / -/ $Id: ncache.c,v 1.23.4.1 2001/01/09 22:43:52 bwelling Exp $ / +/ $Id: ncache.c,v 1.23.4.1.10.1 2003/09/17 07:19:47 tale Exp $ / #include @@ -121,7 +121,10 @@ ttl = maxttl; trust = 0xffff; isc_buffer_init(&buffer, data, sizeof(data)); - result = dns_message_firstname(message, DNS_SECTION_AUTHORITY); + if (message->counts[DNS_SECTION_AUTHORITY]) + result = dns_message_firstname(message, DNS_SECTION_AUTHORITY); + else + result = ISC_R_NOMORE; while (result == ISC_R_SUCCESS) { name = NULL; dns_message_currentname(message, DNS_SECTION_AUTHORITY, diff -u -r bind-9.1.3/lib/dns/resolver.c bind-9.1.3-P1/lib/dns/resolver.c --- bind-9.1.3/lib/dns/resolver.c Tue Jul 3 18:40:51 2001 +++ bind-9.1.3-P1/lib/dns/resolver.c Wed Sep 17 09:39:47 2003 @@ -15,7 +15,7 @@ WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. / -/ $Id: resolver.c,v 1.187.2.10 2001/05/29 23:07:33 bwelling Exp $ / +/ $Id: resolver.c,v 1.187.2.10.6.1 2003/09/17 07:19:48 tale Exp $ / #include @@ -294,6 +294,53 @@ dns_rdataset_t ardataset, isc_result_t eresultp); +static isc_boolean_t +fix_mustbedelegationornxdomain(dns_message_t message, dns_name_t domain) { + + dns_name_t name; + dns_rdataset_t rdataset; + dns_rdatatype_t type; + isc_result_t result; + isc_boolean_t keep_auth = ISC_FALSE; + + if (message->rcode == dns_rcode_nxdomain) + return (ISC_FALSE); + + / Look for referral. / + if (message->counts[DNS_SECTION_AUTHORITY] == 0) + goto munge; + + result = dns_message_firstname(message, DNS_SECTION_AUTHORITY); + while (result == ISC_R_SUCCESS) { + name = NULL; + dns_message_currentname(message, DNS_SECTION_AUTHORITY, + &name); + for (rdataset = ISC_LIST_HEAD(name->list); + rdataset != NULL; + rdataset = ISC_LIST_NEXT(rdataset, link)) { + type = rdataset->type; + if (type == dns_rdatatype_soa && + dns_name_equal(name, domain)) + keep_auth = ISC_TRUE; + if (type != dns_rdatatype_ns) + continue; + if (dns_name_equal(name, domain)) + goto munge; + if (dns_name_issubdomain(name, domain)) + return (ISC_FALSE); + } + result = dns_message_nextname(message, DNS_SECTION_AUTHORITY); + } + + munge: + message->rcode = dns_rcode_nxdomain; + message->counts[DNS_SECTION_ANSWER] = 0; + if (!keep_auth) + message->counts[DNS_SECTION_AUTHORITY] = 0; + message->counts[DNS_SECTION_ADDITIONAL] = 0; + return (ISC_TRUE); +} + static inline isc_result_t fctx_starttimer(fetchctx_t fctx) { /* @@ -4225,6 +4272,24 @@ broken_server = ISC_TRUE; keep_trying = ISC_TRUE; goto done; + } + + /* + * Enforce delegations only zones like NET and COM. + / + if (dns_view_isdelegationonly(fctx->res->view, &fctx->domain) && + !dns_name_equal(&fctx->domain, &fctx->name) && + fix_mustbedelegationornxdomain(message, &fctx->domain)) { + char namebuf[DNS_NAME_FORMATSIZE]; + char domainbuf[DNS_NAME_FORMATSIZE]; + + dns_name_format(&fctx->name, namebuf, sizeof(namebuf)); + dns_name_format(&fctx->domain, domainbuf, sizeof(domainbuf)); + + isc_log_write(dns_lctx, DNS_LOGCATEGORY_DELEGATION_ONLY, + DNS_LOGMODULE_RESOLVER, ISC_LOG_NOTICE, + "enforced delegation-only for '%s' (%s)", + domainbuf, namebuf); } / diff -u -r bind-9.1.3/lib/dns/view.c bind-9.1.3-P1/lib/dns/view.c --- bind-9.1.3/lib/dns/view.c Tue Jul 3 18:40:57 2001 +++ bind-9.1.3-P1/lib/dns/view.c Wed Sep 17 09:39:57 2003 @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. / -/ $Id: view.c,v 1.89.2.1 2001/01/09 22:44:28 bwelling Exp $ / +/ $Id: view.c,v 1.89.2.1.10.1 2003/09/17 07:19:49 tale Exp $ / #include @@ -45,6 +45,8 @@ #define ADBSHUTDOWN(v) (((v)->attributes & DNS_VIEWATTR_ADBSHUTDOWN) != 0) #define REQSHUTDOWN(v) (((v)->attributes & DNS_VIEWATTR_REQSHUTDOWN) != 0) +#define DNS_VIEW_DELONLYHASH 111 + static void resolver_shutdown(isc_task_t task, isc_event_t event); static void adb_shutdown(isc_task_t task, isc_event_t event); static void req_shutdown(isc_task_t task, isc_event_t event); @@ -146,6 +148,7 @@ if (result != ISC_R_SUCCESS) goto cleanup_fwdtable; view->peers = NULL; + view->delonly = NULL; / * Initialize configuration data with default values. @@ -255,6 +258,23 @@ dns_acl_detach(&view->sortlist); if (view->cachefile != NULL) isc_mem_free(view->mctx, view->cachefile); + if (view->delonly != NULL) { + dns_name_t name; + int i; + + for (i = 0; i < DNS_VIEW_DELONLYHASH; i++) { + name = ISC_LIST_HEAD(view->delonly[i]); + while (name != NULL) { + ISC_LIST_UNLINK(view->delonly[i], name, link); + dns_name_free(name, view->mctx); + isc_mem_put(view->mctx, name, sizeof(name)); + name = ISC_LIST_HEAD(view->delonly[i]); + } + } + isc_mem_put(view->mctx, view->delonly, sizeof(dns_namelist_t) * + DNS_VIEW_DELONLYHASH); + view->delonly = NULL; + } dns_keytable_detach(&view->trustedkeys); dns_keytable_detach(&view->secroots); dns_fwdtable_destroy(&view->fwdtable); @@ -1123,4 +1143,58 @@ dns_adb_dump(view->adb, fp); #endif return (ISC_R_SUCCESS); +} + +isc_result_t +dns_view_adddelegationonly(dns_view_t view, dns_name_t name) { + isc_result_t result; + dns_name_t new; + isc_uint32_t hash; + + REQUIRE(DNS_VIEW_VALID(view)); + + if (view->delonly == NULL) { + view->delonly = isc_mem_get(view->mctx, + sizeof(dns_namelist_t) + DNS_VIEW_DELONLYHASH); + if (view->delonly == NULL) + return (ISC_R_NOMEMORY); + for (hash = 0; hash < DNS_VIEW_DELONLYHASH; hash++) + ISC_LIST_INIT(view->delonly[hash]); + } + hash = dns_name_hash(name, ISC_FALSE) % DNS_VIEW_DELONLYHASH; + new = ISC_LIST_HEAD(view->delonly[hash]); + while (new != NULL && !dns_name_equal(new, name)) + new = ISC_LIST_NEXT(new, link); + if (new != NULL) + return (ISC_R_SUCCESS); + new = isc_mem_get(view->mctx, sizeof(new)); + if (new == NULL) + return (ISC_R_NOMEMORY); + dns_name_init(new, NULL); + result = dns_name_dup(name, view->mctx, new); + if (result == ISC_R_SUCCESS) + ISC_LIST_APPEND(view->delonly[hash], new, link); + else + isc_mem_put(view->mctx, new, sizeof(new)); + return (result); +} + +isc_result_t +dns_view_isdelegationonly(dns_view_t view, dns_name_t name) { + dns_name_t *new; + isc_uint32_t hash; + + REQUIRE(DNS_VIEW_VALID(view)); + + if (view->delonly == NULL) + return (ISC_FALSE); + + hash = dns_name_hash(name, ISC_FALSE) % DNS_VIEW_DELONLYHASH; + new = ISC_LIST_HEAD(view->delonly[hash]); + while (new != NULL && !dns_name_equal(new, name)) + new = ISC_LIST_NEXT(new, link); + if (new == NULL) + return (ISC_FALSE); + return (ISC_TRUE); } diff -u -r bind-9.1.3/version bind-9.1.3-P1/version --- bind-9.1.3/version Mon Jul 2 21:33:10 2001 +++ bind-9.1.3-P1/version Wed Sep 17 08:19:55 2003 @@ -1,4 +1,4 @@ -# $Id: version,v 1.18.4.19 2001/07/02 21:33:10 gson Exp $ +# $Id: version,v 1.18.4.19.6.1 2003/09/17 08:19:55 marka Exp $ # # This file must follow /bin/sh rules. It is imported directly via # configure. @@ -6,5 +6,5 @@ MAJORVER=9 MINORVER=1 PATCHVER=3 -RELEASETYPE= -RELEASEVER= +RELEASETYPE=-P +RELEASEVER=1

6.2.14.2. Forwarding

6.2.14.4. Interfaces

6.2.14.5. Query Address

6.2.14.7. Resource Limits

6.2.14.8. Periodic Task Intervals

6.2.22.1. Zone Types

6.2.22.2. Class

6.2.22.3. Zone Options

6.3. Zone File

6.3.1.1. Resource Records

6.3.1.2. Textual expression of RRs

6.3.2. Discussion of MX Records

6.3.4. Inverse Mapping in IPv4

6.3.5. Other Zone File Directives

7.2. chrootOn UNIX servers, it is possible to run BIND in a in a chrooted* environment (*7.2.1. The chroot
7.2.2. Using the setuid

7.2.1. The chroot
7.2.2. Using the setuid

7.2.2. Using the setuid

8.1. Common Problems

8.1.1. It's not working; how can I figure out what's wrong?

8.2. Incrementing and Changing the Serial Number

8.3. Where Can I Get Help?

A.1. Acknowledgements

A.1.1. A Brief History of the DNS
A.2.1.1. HS = hesiod

A.2.1.1. HS = hesiod

A.2.1.2. CH = chaos

Bibliography

Standards

Proposed Standards

Proposed Standards Still Under Development

Other Important RFCs About DNS Implementation

Resource Record Types

DNS and the Internet

DNS Operations

Other DNS-related RFCs

Obsolete and Unimplemented Experimental RRs

Bibliography