Commit Diff
Diff:
3cc2dadd676b7512f7384c0308bfcb5ef3c92a0a
688eebd567cd1be3952d3db8570e6f2786b27ffc
Commit:
688eebd567cd1be3952d3db8570e6f2786b27ffc
Tree:
9b8820e3b97373406fdce8747b2e1dde5e751c7b
Author:
pjp <pjp@delphinusdns.org>
Committer:
pjp <pjp@delphinusdns.org>
Date:
Thu Jun 27 04:20:26 2019 UTC
Message:
fix usage case of using no TSIG key (NOKEY) in axfr, this fixes a crash. in example8.conf replace notify "" {} with mzone's take out old domain that doesn't belong to me much longer. tested this example8 on a non-configured slave nsd.
blob - cecfba2f8252f4df650ae3aa10bdd045396f71d7
blob + 1c80cb63b4852c6b9ad2fe0217a29185455cfba1
--- axfr.c
+++ axfr.c
@@ -27,7 +27,7 @@
*/
/*
- * $Id: axfr.c,v 1.31 2019/06/26 12:45:23 pjp Exp $
+ * $Id: axfr.c,v 1.32 2019/06/27 04:20:26 pjp Exp $
*/
#include <sys/types.h>
@@ -1747,7 +1747,7 @@ check_notifyreply(struct dns_header *dh, struct questi
question->hdr->namelen == notnp->domainlen &&
memcmp(question->hdr->name, notnp->domain, notnp->domainlen) == 0) {
- if (tsig && question->tsig.tsigverified != 1) {
+ if (notnp->usetsig && question->tsig.tsigverified != 1) {
dolog(LOG_ERR, "tsig'ed notify answer was not validated from \"%s\", errorcode = 0x%02x\n", address, question->tsig.tsigerrorcode);
return -1;
}
blob - a1ef6181086a10f645433e3667086bab22f7e24b
blob + f994ea474f0106472a38ccb05589dedec3ab6d96
--- examples/example8.conf
+++ examples/example8.conf
@@ -9,30 +9,38 @@ options "cool stuff" {
ratelimit-pps 6;
- port 53;
+ port 2053;
;fork 2;
log;
;dnssec;
}
-axfrport "53";
+axfrport "10053";
axfr-for "these hosts" {
127.0.0.1;
::1;
- ;192.168.0.0/16;
+ 192.168.0.0/16;
}
-notify "these hosts" {
- 192.168.34.1;
- 192.168.35.1;
- ::1;
+mzone "centroid.eu" {
+ zonename "centroid.eu";
+ notifydest 192.168.177.1 NOKEY;
+
}
+mzone "ipv6.centroid.eu" {
+ zonename "ipv6.centroid.eu";
+ notifydest 192.168.177.1 NOKEY;
+}
+mzone "reverse dns" {
+ zonename "0.4.7.0.f.0.6.a.0.1.0.0.2.ip6.arpa";
+ notifydest 192.168.177.1 NOKEY;
+}
zone "centroid.eu" {
- centroid.eu,soa,3600,uranus.centroid.eu.,pjp.solarscale.de.,2014051701,3600,1800,7200,3600
+ centroid.eu,soa,3600,uranus.centroid.eu.,pjp.solarscale.de.,2019062701,3600,1800,7200,3600
centroid.eu,ns,3600,proteus.solarscale.de.
centroid.eu,ns,3600,uranus.centroid.eu.
centroid.eu,ns,3600,dione.solarscale.de.
@@ -84,55 +92,8 @@ zone "ipv6.centroid.eu" {
ipv6.centroid.eu,aaaa,3600,2001:a60:f074::8
www.ipv6.centroid.eu,aaaa,3600,2001:a60:f074::8
}
-zone "ipv6.solarscale.de" {
- ipv6.solarscale.de,soa,3600,proteus.solarscale.de.,pjp.solarscale.de.,1234896563,3600,1800,7200,3600
- ipv6.solarscale.de,ns,3600,proteus.solarscale.de.
- ipv6.solarscale.de,ns,3600,uranus.centroid.eu.
- ipv6.solarscale.de,aaaa,3600,2001:a60:f074::8
- www.ipv6.solarscale.de,aaaa,3600,2001:a60:f074::8
-}
zone "reverse dns" {
0.4.7.0.f.0.6.a.0.1.0.0.2.ip6.arpa.,soa,3600,proteus.solarscale.de.,pjp.solarscale.de.,1234896562,3600,1800,7200,3600
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.7.0.f.0.6.a.0.1.0.0.2.ip6.arpa.,ptr,3600,uranus.centroid.eu.
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.7.0.f.0.6.a.0.1.0.0.2.ip6.arpa.,ptr,3600,setebos.centroid.eu.
}
-
-; keep root hints disabled until we have a working resolver, even then it
-; should be REFUSED to 3rd parties, disabled after watching a reflection attack
-;zone "root hints" {
-; .,hint,3600000,A.ROOT-SERVERS.NET.
-; A.ROOT-SERVERS.NET.,a,3600000,198.41.0.4
-; A.ROOT-SERVERS.NET.,aaaa,3600000,2001:503:BA3E::2:30
-; .,hint,3600000,B.ROOT-SERVERS.NET.
-; B.ROOT-SERVERS.NET.,a,3600000,192.228.79.201
-; .,hint,3600000,C.ROOT-SERVERS.NET.
-; C.ROOT-SERVERS.NET.,a,3600000,192.33.4.12
-; .,hint,3600000,D.ROOT-SERVERS.NET.
-; D.ROOT-SERVERS.NET.,a,3600000,199.7.91.13
-; D.ROOT-SERVERS.NET.,aaaa,3600000,2001:500:2D::D
-; .,hint,3600000,E.ROOT-SERVERS.NET.
-; E.ROOT-SERVERS.NET.,a,3600000,192.203.230.10
-; .,hint,3600000,F.ROOT-SERVERS.NET.
-; F.ROOT-SERVERS.NET.,a,3600000,192.5.5.241
-; F.ROOT-SERVERS.NET.,aaaa,3600000,2001:500:2f::f
-; .,hint,3600000,G.ROOT-SERVERS.NET.
-; G.ROOT-SERVERS.NET.,a,3600000,192.112.36.4
-; .,hint,3600000,H.ROOT-SERVERS.NET.
-; H.ROOT-SERVERS.NET.,a,3600000,128.63.2.53
-; H.ROOT-SERVERS.NET.,aaaa,3600000,2001:500:1::803f:235
-; .,hint,3600000,I.ROOT-SERVERS.NET.
-; I.ROOT-SERVERS.NET.,a,3600000,192.36.148.17
-; .,hint,3600000,J.ROOT-SERVERS.NET.
-; J.ROOT-SERVERS.NET.,a,3600000,192.58.128.30
-; J.ROOT-SERVERS.NET.,aaaa,3600000,2001:503:C27::2:30
-; .,hint,3600000,K.ROOT-SERVERS.NET.
-; K.ROOT-SERVERS.NET.,a,3600000,193.0.14.129
-; K.ROOT-SERVERS.NET.,aaaa,3600000,2001:7fd::1
-; .,hint,3600000,L.ROOT-SERVERS.NET.
-; L.ROOT-SERVERS.NET.,a,3600000,199.7.83.42
-; L.ROOT-SERVERS.NET.,aaaa,3600000,2001:500:3::42
-; .,hint,3600000,M.ROOT-SERVERS.NET.
-; M.ROOT-SERVERS.NET.,a,3600000,202.12.27.33
-; M.ROOT-SERVERS.NET.,aaaa,3600000,2001:dc3::35
-;}
-;
repomaster@centroid.eu