Vendor import of BIND 9.8.2

author: dougb <dougb@FreeBSD.org> 2012-04-04 23:11:25 +0000
committer: dougb <dougb@FreeBSD.org> 2012-04-04 23:11:25 +0000
commit: 309194c14377fe6e83d03ca2cf69219aa50f2741 (patch)
tree: d6eb268f26af23cc29cceb581dd5468a2cfef052 /lib/bind9
parent: e7368209f011bd054ff8564bb9ac0e4a32c6dcdd (diff)
download: FreeBSD-src-309194c14377fe6e83d03ca2cf69219aa50f2741.zip
FreeBSD-src-309194c14377fe6e83d03ca2cf69219aa50f2741.tar.gz
10 files changed, 63 insertions, 26 deletions
diff --git a/lib/bind9/Makefile.in b/lib/bind9/Makefile.in
index ffc2ad9..35c4022 100644
--- a/lib/bind9/Makefile.in
+++ b/lib/bind9/Makefile.in
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.14 2009-12-05 23:31:40 each Exp $
+# $Id: Makefile.in,v 1.14 2009/12/05 23:31:40 each Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
diff --git a/lib/bind9/api b/lib/bind9/api
index 26a5fba..74bc338 100644
--- a/lib/bind9/api
+++ b/lib/bind9/api
@@ -1,3 +1,8 @@
+# LIBINTERFACE ranges
+# 9.6: 50-59, 110-119
+# 9.7: 60-79
+# 9.8: 80-89
+# 9.9: 90-109
 LIBINTERFACE = 80
-LIBREVISION = 3
+LIBREVISION = 4
 LIBAGE = 0
diff --git a/lib/bind9/check.c b/lib/bind9/check.c
index 6711f28..695a230 100644
--- a/lib/bind9/check.c
+++ b/lib/bind9/check.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2011  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2012  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2001-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: check.c,v 1.125.14.6 2011-06-17 07:04:31 each Exp $ */
+/* $Id$ */
 
 /*! \file */
 
@@ -671,8 +671,17 @@ typedef struct {
 	unsigned int max;
 } intervaltable;
 
+typedef enum {
+	optlevel_config,
+	optlevel_options,
+	optlevel_view,
+	optlevel_zone
+} optlevel_t;
+
 static isc_result_t
-check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx) {
+check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx,
+	      optlevel_t optlevel)
+{
 	isc_result_t result = ISC_R_SUCCESS;
 	isc_result_t tresult;
 	unsigned int i;
@@ -844,19 +853,23 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx) {
 		     element = cfg_list_next(element))
 		{
 			const char *dlv;
-			const cfg_obj_t *anchor;
+			const cfg_obj_t *dlvobj, *anchor;
 
 			obj = cfg_listelt_value(element);
 
-			dlv = cfg_obj_asstring(cfg_tuple_get(obj, "domain"));
 			anchor = cfg_tuple_get(obj, "trust-anchor");
+			dlvobj = cfg_tuple_get(obj, "domain");
+			dlv = cfg_obj_asstring(dlvobj);
 
 			/*
-			 * If domain is "auto" and trust anchor is missing,
-			 * skip remaining tests
+			 * If domain is "auto" or "no" and trust anchor
+			 * is missing, skip remaining tests
 			 */
-			if (!strcmp(dlv, "auto") && cfg_obj_isvoid(anchor))
-				continue;
+			if (cfg_obj_isvoid(anchor)) {
+				if (!strcasecmp(dlv, "no") ||
+				    !strcasecmp(dlv, "auto"))
+					continue;
+			}
 
 			isc_buffer_init(&b, dlv, strlen(dlv));
 			isc_buffer_add(&b, strlen(dlv));
@@ -908,8 +921,8 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx) {
 			} else {
 				cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
 					"dnssec-lookaside requires "
-					"either 'auto' or a domain and "
-					"trust anchor");
+					"either 'auto' or 'no', or a "
+					"domain and trust anchor");
 				if (result == ISC_R_SUCCESS)
 					result = ISC_R_FAILURE;
 			}
@@ -920,6 +933,21 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx) {
 	}
 
 	/*
+	 * Check auto-dnssec at the view/options level
+	 */
+	obj = NULL;
+	(void)cfg_map_get(options, "auto-dnssec", &obj);
+	if (obj != NULL) {
+		const char *arg = cfg_obj_asstring(obj);
+		if (optlevel != optlevel_zone && strcasecmp(arg, "off") != 0) {
+			cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
+				    "auto-dnssec may only be activated at the "
+				    "zone level");
+			result = ISC_R_FAILURE;
+		}
+	}
+
+	/*
 	 * Check dnssec-must-be-secure.
 	 */
 	obj = NULL;
@@ -1644,7 +1672,7 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
 	/*
 	 * Check various options.
 	 */
-	tresult = check_options(zoptions, logctx, mctx);
+	tresult = check_options(zoptions, logctx, mctx, optlevel_zone);
 	if (tresult != ISC_R_SUCCESS)
 		result = tresult;
 
@@ -2101,7 +2129,7 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
 	 * Check that all zone statements are syntactically correct and
 	 * there are no duplicate zones.
 	 */
-	tresult = isc_symtab_create(mctx, 100, freekey, mctx,
+	tresult = isc_symtab_create(mctx, 1000, freekey, mctx,
 				    ISC_FALSE, &symtab);
 	if (tresult != ISC_R_SUCCESS)
 		return (ISC_R_NOMEMORY);
@@ -2165,7 +2193,7 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
 	 * Check that all key statements are syntactically correct and
 	 * there are no duplicate keys.
 	 */
-	tresult = isc_symtab_create(mctx, 100, freekey, mctx,
+	tresult = isc_symtab_create(mctx, 1000, freekey, mctx,
 				    ISC_FALSE, &symtab);
 	if (tresult != ISC_R_SUCCESS)
 		return (ISC_R_NOMEMORY);
@@ -2277,13 +2305,16 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
 				result = tresult;
 		}
 	}
+
 	/*
 	 * Check options.
 	 */
 	if (voptions != NULL)
-		tresult = check_options(voptions, logctx, mctx);
+		tresult = check_options(voptions, logctx, mctx,
+					optlevel_view);
 	else
-		tresult = check_options(config, logctx, mctx);
+		tresult = check_options(config, logctx, mctx,
+					optlevel_config);
 	if (tresult != ISC_R_SUCCESS)
 		result = tresult;
 
@@ -2574,7 +2605,8 @@ bind9_check_namedconf(const cfg_obj_t *config, isc_log_t *logctx,
 	(void)cfg_map_get(config, "options", &options);
 
 	if (options != NULL &&
-	    check_options(options, logctx, mctx) != ISC_R_SUCCESS)
+	    check_options(options, logctx, mctx,
+			  optlevel_options) != ISC_R_SUCCESS)
 		result = ISC_R_FAILURE;
 
 	if (bind9_check_logging(config, logctx, mctx) != ISC_R_SUCCESS)
diff --git a/lib/bind9/getaddresses.c b/lib/bind9/getaddresses.c
index 70af7a1..a75e14e 100644
--- a/lib/bind9/getaddresses.c
+++ b/lib/bind9/getaddresses.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: getaddresses.c,v 1.22 2007-06-19 23:47:16 tbox Exp $ */
+/* $Id: getaddresses.c,v 1.22 2007/06/19 23:47:16 tbox Exp $ */
 
 /*! \file */
 
diff --git a/lib/bind9/include/Makefile.in b/lib/bind9/include/Makefile.in
index f2d8caa..65eecb0 100644
--- a/lib/bind9/include/Makefile.in
+++ b/lib/bind9/include/Makefile.in
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.4 2007-06-19 23:47:16 tbox Exp $
+# $Id: Makefile.in,v 1.4 2007/06/19 23:47:16 tbox Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
diff --git a/lib/bind9/include/bind9/Makefile.in b/lib/bind9/include/bind9/Makefile.in
index a6a2683..8abfaf6 100644
--- a/lib/bind9/include/bind9/Makefile.in
+++ b/lib/bind9/include/bind9/Makefile.in
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.8 2007-06-19 23:47:16 tbox Exp $
+# $Id: Makefile.in,v 1.8 2007/06/19 23:47:16 tbox Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
diff --git a/lib/bind9/include/bind9/check.h b/lib/bind9/include/bind9/check.h
index 89cf57f..1647568 100644
--- a/lib/bind9/include/bind9/check.h
+++ b/lib/bind9/include/bind9/check.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: check.h,v 1.9 2007-06-19 23:47:16 tbox Exp $ */
+/* $Id: check.h,v 1.9 2007/06/19 23:47:16 tbox Exp $ */
 
 #ifndef BIND9_CHECK_H
 #define BIND9_CHECK_H 1
diff --git a/lib/bind9/include/bind9/getaddresses.h b/lib/bind9/include/bind9/getaddresses.h
index 9ad8045..01aa67a 100644
--- a/lib/bind9/include/bind9/getaddresses.h
+++ b/lib/bind9/include/bind9/getaddresses.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: getaddresses.h,v 1.11 2009-01-17 23:47:42 tbox Exp $ */
+/* $Id: getaddresses.h,v 1.11 2009/01/17 23:47:42 tbox Exp $ */
 
 #ifndef BIND9_GETADDRESSES_H
 #define BIND9_GETADDRESSES_H 1
diff --git a/lib/bind9/include/bind9/version.h b/lib/bind9/include/bind9/version.h
index d4c8468..5b08b7c 100644
--- a/lib/bind9/include/bind9/version.h
+++ b/lib/bind9/include/bind9/version.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: version.h,v 1.9 2007-06-19 23:47:16 tbox Exp $ */
+/* $Id: version.h,v 1.9 2007/06/19 23:47:16 tbox Exp $ */
 
 /*! \file bind9/version.h */
 
diff --git a/lib/bind9/version.c b/lib/bind9/version.c
index 46b7b6b..d5934cc 100644
--- a/lib/bind9/version.c
+++ b/lib/bind9/version.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: version.c,v 1.8 2007-06-19 23:47:16 tbox Exp $ */
+/* $Id: version.c,v 1.8 2007/06/19 23:47:16 tbox Exp $ */
 
 /*! \file */
author	dougb <dougb@FreeBSD.org>	2012-04-04 23:11:25 +0000
committer	dougb <dougb@FreeBSD.org>	2012-04-04 23:11:25 +0000
commit	309194c14377fe6e83d03ca2cf69219aa50f2741 (patch)
tree	d6eb268f26af23cc29cceb581dd5468a2cfef052 /lib/bind9
parent	e7368209f011bd054ff8564bb9ac0e4a32c6dcdd (diff)
download	FreeBSD-src-309194c14377fe6e83d03ca2cf69219aa50f2741.zip FreeBSD-src-309194c14377fe6e83d03ca2cf69219aa50f2741.tar.gz