diff --git a/bin/named/config.c b/bin/named/config.c index f3c7b39a16..9ce79bfd57 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -301,6 +301,21 @@ view \"_bind\" chaos {\n\ MANAGED_KEYS "# END MANAGED KEYS\n\ +\n\ +masters " DEFAULT_IANA_ROOT_ZONE_MASTERS " {\n\ + 2001:500:84::b; # b.root-servers.net\n\ + 2001:500:2f::f; # f.root-servers.net\n\ + 2001:7fd::1; # k.root-servers.net\n\ + 2620:0:2830:202::132; # xfr.cjr.dns.icann.org\n\ + 2620:0:2d0:202::132; # xfr.lax.dns.icann.org\n\ + 192.228.79.201; # b.root-servers.net\n\ + 192.33.4.12; # c.root-servers.net\n\ + 192.5.5.241; # f.root-servers.net\n\ + 192.112.36.4; # g.root-servers.net\n\ + 193.0.14.129; # k.root-servers.net\n\ + 192.0.47.132; # xfr.cjr.dns.icann.org\n\ + 192.0.32.132; # xfr.lax.dns.icann.org\n\ +};\n\ "; isc_result_t @@ -555,9 +570,9 @@ named_config_putiplist(isc_mem_t *mctx, isc_sockaddr_t **addrsp, } } -static isc_result_t -get_masters_def(const cfg_obj_t *cctx, const char *name, - const cfg_obj_t **ret) +isc_result_t +named_config_getmastersdef(const cfg_obj_t *cctx, const char *name, + const cfg_obj_t **ret) { isc_result_t result; const cfg_obj_t *masters = NULL; @@ -699,7 +714,8 @@ named_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list, break; if (j < l) continue; - tresult = get_masters_def(config, listname, &list); + tresult = named_config_getmastersdef(config, listname, + &list); if (tresult == ISC_R_NOTFOUND) { cfg_obj_log(addr, named_g_lctx, ISC_LOG_ERROR, "masters \"%s\" not found", listname); diff --git a/bin/named/include/named/config.h b/bin/named/include/named/config.h index ad69a16248..a3e3ae241d 100644 --- a/bin/named/include/named/config.h +++ b/bin/named/include/named/config.h @@ -22,6 +22,8 @@ #include #include +#define DEFAULT_IANA_ROOT_ZONE_MASTERS "_default_iana_root_zone_masters" + isc_result_t named_config_parsedefaults(cfg_parser_t *parser, cfg_obj_t **conf); @@ -57,6 +59,10 @@ void named_config_putiplist(isc_mem_t *mctx, isc_sockaddr_t **addrsp, isc_dscp_t **dscpsp, uint32_t count); +isc_result_t +named_config_getmastersdef(const cfg_obj_t *cctx, const char *name, + const cfg_obj_t **ret); + isc_result_t named_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list, isc_mem_t *mctx, dns_ipkeylist_t *ipkl); diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c index a1f2c5340e..52264239e0 100644 --- a/bin/named/zoneconf.c +++ b/bin/named/zoneconf.c @@ -1753,6 +1753,18 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, count = 0; obj = NULL; (void)cfg_map_get(zoptions, "masters", &obj); + /* + * Use the built-in master server list if one was not + * explicitly specified and this is a root zone mirror. + */ + if (obj == NULL && ztype == dns_zone_mirror && + dns_name_equal(dns_zone_getorigin(zone), dns_rootname)) + { + result = named_config_getmastersdef(named_g_config, + DEFAULT_IANA_ROOT_ZONE_MASTERS, + &obj); + RETERR(result); + } if (obj != NULL) { dns_ipkeylist_t ipkl; dns_ipkeylist_init(&ipkl); diff --git a/bin/tests/system/checkconf/bad-mirror-explicit-notify-yes.conf b/bin/tests/system/checkconf/bad-mirror-explicit-notify-yes.conf index e0fabdff38..8d5b28a792 100644 --- a/bin/tests/system/checkconf/bad-mirror-explicit-notify-yes.conf +++ b/bin/tests/system/checkconf/bad-mirror-explicit-notify-yes.conf @@ -11,6 +11,5 @@ zone "." { type mirror; - masters { 127.0.0.1; }; notify yes; }; diff --git a/bin/tests/system/checkconf/bad-mirror-non-root-zone-without-masters.conf b/bin/tests/system/checkconf/bad-mirror-non-root-zone-without-masters.conf new file mode 100644 index 0000000000..e212bed6ac --- /dev/null +++ b/bin/tests/system/checkconf/bad-mirror-non-root-zone-without-masters.conf @@ -0,0 +1,14 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "foo." { + type mirror; +}; diff --git a/bin/tests/system/checkconf/bad-mirror-recursion-no.conf b/bin/tests/system/checkconf/bad-mirror-recursion-no.conf index 4dff2cadfd..9b02f0dcb7 100644 --- a/bin/tests/system/checkconf/bad-mirror-recursion-no.conf +++ b/bin/tests/system/checkconf/bad-mirror-recursion-no.conf @@ -15,5 +15,4 @@ options { zone "." { type mirror; - masters { 127.0.0.1; }; }; diff --git a/bin/tests/system/checkconf/good-mirror-inherited-notify-yes.conf b/bin/tests/system/checkconf/good-mirror-inherited-notify-yes.conf index 14a29bf7b5..241a77ca0c 100644 --- a/bin/tests/system/checkconf/good-mirror-inherited-notify-yes.conf +++ b/bin/tests/system/checkconf/good-mirror-inherited-notify-yes.conf @@ -15,5 +15,4 @@ options { zone "." { type mirror; - masters { 127.0.0.1; }; }; diff --git a/bin/tests/system/checkconf/good-mirror-root-zone-without-masters.conf b/bin/tests/system/checkconf/good-mirror-root-zone-without-masters.conf new file mode 100644 index 0000000000..1b7a1cdd6f --- /dev/null +++ b/bin/tests/system/checkconf/good-mirror-root-zone-without-masters.conf @@ -0,0 +1,14 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "." { + type mirror; +}; diff --git a/lib/bind9/check.c b/lib/bind9/check.c index 6f4cf798ec..ab944ebd78 100644 --- a/lib/bind9/check.c +++ b/lib/bind9/check.c @@ -2351,10 +2351,12 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions, } /* - * Slave, mirror, and stub zones must have a "masters" field. + * Slave, mirror, and stub zones must have a "masters" field, with one + * exception: when mirroring the root zone, a default, built-in master + * server list is used in the absence of one explicitly specified. */ - if (ztype == CFG_ZONE_SLAVE || ztype == CFG_ZONE_MIRROR || - ztype == CFG_ZONE_STUB) + if (ztype == CFG_ZONE_SLAVE || ztype == CFG_ZONE_STUB || + (ztype == CFG_ZONE_MIRROR && !dns_name_equal(zname, dns_rootname))) { obj = NULL; if (cfg_map_get(zoptions, "masters", &obj) != ISC_R_SUCCESS) { diff --git a/util/copyrights b/util/copyrights index c362e624bd..9a19e34162 100644 --- a/util/copyrights +++ b/util/copyrights @@ -599,6 +599,7 @@ ./bin/tests/system/checkconf/bad-maxttlmap.conf CONF-C 2014,2016,2018 ./bin/tests/system/checkconf/bad-mirror-allow-recursion-none.conf CONF-C 2018 ./bin/tests/system/checkconf/bad-mirror-explicit-notify-yes.conf CONF-C 2018 +./bin/tests/system/checkconf/bad-mirror-non-root-zone-without-masters.conf CONF-C 2018 ./bin/tests/system/checkconf/bad-mirror-recursion-no.conf CONF-C 2018 ./bin/tests/system/checkconf/bad-noddns.conf CONF-C 2014,2016,2018 ./bin/tests/system/checkconf/bad-options-also-notify.conf CONF-C 2016,2018 @@ -672,6 +673,7 @@ ./bin/tests/system/checkconf/good-maxcachettl.conf CONF-C 2018 ./bin/tests/system/checkconf/good-maxncachettl.conf CONF-C 2018 ./bin/tests/system/checkconf/good-mirror-inherited-notify-yes.conf CONF-C 2018 +./bin/tests/system/checkconf/good-mirror-root-zone-without-masters.conf CONF-C 2018 ./bin/tests/system/checkconf/good-nested.conf CONF-C 2015,2016,2018 ./bin/tests/system/checkconf/good-options-also-notify.conf CONF-C 2016,2018 ./bin/tests/system/checkconf/good-printtime.conf CONF-C 2016,2018