Define a default master server list for the root zone

To minimize the effort required to set up IANA root zone mirroring, define a default master server list for the root zone and use it when that zone is to be mirrored and no master server list was explicitly specified. Contents of that list are taken from RFC 7706 and are subject to change in future releases. Since the static get_masters_def() function in bin/named/config.c does exactly what named_zone_configure() in bin/named/zoneconf.c needs to do, make the former non-static and use it in the latter to prevent code duplication.
2018-10-09 10:54:51 +02:00
parent 34dc674fed
commit 2c69734bcf
10 changed files with 73 additions and 10 deletions
--- a/bin/named/config.c
+++ b/bin/named/config.c
@@ -301,6 +301,21 @@ view \"_bind\" chaos {\n\
 MANAGED_KEYS

 "# END MANAGED KEYS\n\
+\n\
+masters " DEFAULT_IANA_ROOT_ZONE_MASTERS " {\n\
+	2001:500:84::b;		# b.root-servers.net\n\
+	2001:500:2f::f;		# f.root-servers.net\n\
+	2001:7fd::1;		# k.root-servers.net\n\
+	2620:0:2830:202::132;	# xfr.cjr.dns.icann.org\n\
+	2620:0:2d0:202::132;	# xfr.lax.dns.icann.org\n\
+	192.228.79.201;		# b.root-servers.net\n\
+	192.33.4.12;		# c.root-servers.net\n\
+	192.5.5.241;		# f.root-servers.net\n\
+	192.112.36.4;		# g.root-servers.net\n\
+	193.0.14.129;		# k.root-servers.net\n\
+	192.0.47.132;		# xfr.cjr.dns.icann.org\n\
+	192.0.32.132;		# xfr.lax.dns.icann.org\n\
+};\n\
 ";

 isc_result_t
@@ -555,9 +570,9 @@ named_config_putiplist(isc_mem_t *mctx, isc_sockaddr_t **addrsp,
 	}
 }

-static isc_result_t
-get_masters_def(const cfg_obj_t *cctx, const char *name,
-		const cfg_obj_t **ret)
+isc_result_t
+named_config_getmastersdef(const cfg_obj_t *cctx, const char *name,
+			   const cfg_obj_t **ret)
 {
 	isc_result_t result;
 	const cfg_obj_t *masters = NULL;
@@ -699,7 +714,8 @@ named_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
 					break;
 			if (j < l)
 				continue;
-			tresult = get_masters_def(config, listname, &list);
+			tresult = named_config_getmastersdef(config, listname,
+							     &list);
 			if (tresult == ISC_R_NOTFOUND) {
 				cfg_obj_log(addr, named_g_lctx, ISC_LOG_ERROR,
 				    "masters \"%s\" not found", listname);
--- a/bin/named/include/named/config.h
+++ b/bin/named/include/named/config.h
@@ -22,6 +22,8 @@
 #include <dns/types.h>
 #include <dns/zone.h>

+#define DEFAULT_IANA_ROOT_ZONE_MASTERS "_default_iana_root_zone_masters"
+
 isc_result_t
 named_config_parsedefaults(cfg_parser_t *parser, cfg_obj_t **conf);

@@ -57,6 +59,10 @@ void
 named_config_putiplist(isc_mem_t *mctx, isc_sockaddr_t **addrsp,
 		    isc_dscp_t **dscpsp, uint32_t count);

+isc_result_t
+named_config_getmastersdef(const cfg_obj_t *cctx, const char *name,
+			   const cfg_obj_t **ret);
+
 isc_result_t
 named_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
 			  isc_mem_t *mctx, dns_ipkeylist_t *ipkl);
--- a/bin/named/zoneconf.c
+++ b/bin/named/zoneconf.c
@@ -1753,6 +1753,18 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
 		count = 0;
 		obj = NULL;
 		(void)cfg_map_get(zoptions, "masters", &obj);
+		/*
+		 * Use the built-in master server list if one was not
+		 * explicitly specified and this is a root zone mirror.
+		 */
+		if (obj == NULL && ztype == dns_zone_mirror &&
+		    dns_name_equal(dns_zone_getorigin(zone), dns_rootname))
+		{
+			result = named_config_getmastersdef(named_g_config,
+						DEFAULT_IANA_ROOT_ZONE_MASTERS,
+						&obj);
+			RETERR(result);
+		}
 		if (obj != NULL) {
 			dns_ipkeylist_t ipkl;
 			dns_ipkeylist_init(&ipkl);
--- a/bin/tests/system/checkconf/bad-mirror-explicit-notify-yes.conf
+++ b/bin/tests/system/checkconf/bad-mirror-explicit-notify-yes.conf
@@ -11,6 +11,5 @@

 zone "." {
 	type mirror;
-	masters { 127.0.0.1; };
 	notify yes;
 };
--- a/bin/tests/system/checkconf/bad-mirror-non-root-zone-without-masters.conf
+++ b/bin/tests/system/checkconf/bad-mirror-non-root-zone-without-masters.conf
@@ -0,0 +1,14 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+zone "foo." {
+	type mirror;
+};
--- a/bin/tests/system/checkconf/bad-mirror-recursion-no.conf
+++ b/bin/tests/system/checkconf/bad-mirror-recursion-no.conf
@@ -15,5 +15,4 @@ options {

 zone "." {
 	type mirror;
-	masters { 127.0.0.1; };
 };
--- a/bin/tests/system/checkconf/good-mirror-inherited-notify-yes.conf
+++ b/bin/tests/system/checkconf/good-mirror-inherited-notify-yes.conf
@@ -15,5 +15,4 @@ options {

 zone "." {
 	type mirror;
-	masters { 127.0.0.1; };
 };
--- a/bin/tests/system/checkconf/good-mirror-root-zone-without-masters.conf
+++ b/bin/tests/system/checkconf/good-mirror-root-zone-without-masters.conf
@@ -0,0 +1,14 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+zone "." {
+	type mirror;
+};
--- a/lib/bind9/check.c
+++ b/lib/bind9/check.c
@@ -2351,10 +2351,12 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
 	}

 	/*
-	 * Slave, mirror, and stub zones must have a "masters" field.
+	 * Slave, mirror, and stub zones must have a "masters" field, with one
+	 * exception: when mirroring the root zone, a default, built-in master
+	 * server list is used in the absence of one explicitly specified.
 	 */
-	if (ztype == CFG_ZONE_SLAVE || ztype == CFG_ZONE_MIRROR ||
-	    ztype == CFG_ZONE_STUB)
+	if (ztype == CFG_ZONE_SLAVE || ztype == CFG_ZONE_STUB ||
+	    (ztype == CFG_ZONE_MIRROR && !dns_name_equal(zname, dns_rootname)))
 	{
 		obj = NULL;
 		if (cfg_map_get(zoptions, "masters", &obj) != ISC_R_SUCCESS) {
--- a/util/copyrights
+++ b/util/copyrights
@@ -599,6 +599,7 @@
 ./bin/tests/system/checkconf/bad-maxttlmap.conf	CONF-C	2014,2016,2018
 ./bin/tests/system/checkconf/bad-mirror-allow-recursion-none.conf	CONF-C	2018
 ./bin/tests/system/checkconf/bad-mirror-explicit-notify-yes.conf	CONF-C	2018
+./bin/tests/system/checkconf/bad-mirror-non-root-zone-without-masters.conf	CONF-C	2018
 ./bin/tests/system/checkconf/bad-mirror-recursion-no.conf	CONF-C	2018
 ./bin/tests/system/checkconf/bad-noddns.conf	CONF-C	2014,2016,2018
 ./bin/tests/system/checkconf/bad-options-also-notify.conf	CONF-C	2016,2018
@@ -672,6 +673,7 @@
 ./bin/tests/system/checkconf/good-maxcachettl.conf	CONF-C	2018
 ./bin/tests/system/checkconf/good-maxncachettl.conf	CONF-C	2018
 ./bin/tests/system/checkconf/good-mirror-inherited-notify-yes.conf	CONF-C	2018
+./bin/tests/system/checkconf/good-mirror-root-zone-without-masters.conf	CONF-C	2018
 ./bin/tests/system/checkconf/good-nested.conf	CONF-C	2015,2016,2018
 ./bin/tests/system/checkconf/good-options-also-notify.conf	CONF-C	2016,2018
 ./bin/tests/system/checkconf/good-printtime.conf	CONF-C	2016,2018