Commit e8ae8858 authored by Ondrej Sury's avatar Ondrej Sury

New upstream version 9.14.1

parent addfe651
--- 9.14.1 released ---
5201. [bug] Fix a possible deadlock in RPZ update code. [GL #973]
5200. [security] tcp-clients settings could be exceeded in some cases,
which could lead to exhaustion of file descriptors.
(CVE-2018-5743) [GL #615]
5199. [security] In certain configurations, named could crash
if nxdomain-redirect was in use and a redirected
query resulted in an NXDOMAIN from the cache.
(CVE-2019-6467) [GL #880]
5198. [bug] If a fetch context was being shut down and, at the same
time, we returned from qname minimization, an INSIST
could be hit. [GL #966]
5197. [bug] dig could die in best effort mode on multiple SIG(0)
records. Similarly on multiple OPT and multiple TSIG
records. [GL #920]
5196. [bug] make install failed with --with-dlopen=no. [GL #955]
5195. [bug] "allow-update" and "allow-update-forwarding" were
treated as configuration errors if used at the
options or view level. [GL #913]
5194. [bug] Enforce non empty ZOMEMD hash. [GL #899]
5193. [bug] EID and NIMLOC failed to do multi-line output
correctly. [GL #899]
5189. [cleanup] Remove revoked root DNSKEY from bind.keys. [GL #945]
5187. [test] Set time zone before running any tests in dnstap_test.
[GL #940]
5186. [cleanup] More dnssec-keygen manual tidying. [GL !1678]
5184. [bug] Missing unlocks in sdlz.c. [GL #936]
5183. [bug] Reinitialize ECS data before reusing client
structures. [GL #881]
--- 9.14.0 released ---
--- 9.14.0rc3 released ---
......@@ -5,6 +49,23 @@
5182. [bug] Fix a high-load race/crash in handling of
isc_socket_close() in resolver. [GL #834]
5180. [bug] delv now honors the operating system's preferred
ephemeral port range. [GL #925]
5179. [cleanup] Replace some vague type declarations with the more
specific dns_secalg_t and dns_dsdigest_t.
Thanks to Tony Finch. [GL !1498]
5178. [bug] Handle EDQUOT (disk quota) and ENOSPC (disk full)
errors when writing files. [GL #902]
5177. [func] Add the ability to specify in named.conf whether a
response-policy zone's SOA record should be added
to the additional section (add-soa yes/no). [GL #865]
5167. [bug] nxdomain-redirect could sometimes lookup the wrong
redirect name. [GL #892]
--- 9.14.0rc2 released ---
5176. [tests] Remove a dependency on libxml in statschannel system
......
......@@ -143,6 +143,11 @@ addition to OpenSSL, BIND now requires support for IPv6, threads, and
standard atomic operations provided by the C compiler. Non-threaded builds
are no longer supported.
BIND 9.14.1
BIND 9.14.1 is a maintenance release, and addresses security
vulnerabilities disclosed in CVE-2018-5743 and CVE-2019-6467.
Building BIND
Minimally, BIND requires a UNIX or Linux system with an ANSI C compiler,
......
......@@ -160,6 +160,11 @@ of supported platforms. In addition to OpenSSL, BIND now requires
support for IPv6, threads, and standard atomic operations provided
by the C compiler. Non-threaded builds are no longer supported.
#### BIND 9.14.1
BIND 9.14.1 is a maintenance release, and addresses security
vulnerabilities disclosed in CVE-2018-5743 and CVE-2019-6467.
### <a name="build"/> Building BIND
Minimally, BIND requires a UNIX or Linux system with an ANSI C compiler,
......
......@@ -86,7 +86,7 @@ static dns_rdataclass_t rdclass = dns_rdataclass_in;
* List of digest types used by ds_from_cdnskey(), filled in by add_dtype()
* from -a arguments. The size of the array is an arbitrary limit.
*/
static uint8_t dtype[8];
static dns_dsdigest_t dtype[8];
static const char *startstr = NULL; /* from which we derive notbefore */
static isc_stdtime_t notbefore = 0; /* restrict sig inception times */
......@@ -129,7 +129,7 @@ static int nkey; /* number of child zone DNSKEY records */
typedef struct keyinfo {
dns_rdata_t rdata;
dst_key_t *dst;
uint8_t algo;
dns_secalg_t algo;
dns_keytag_t tag;
} keyinfo_t;
......@@ -614,12 +614,12 @@ free_keytable(keyinfo_t **keytable_p) {
* otherwise the key algorithm. This is used by the signature coverage
* check functions below.
*/
static uint8_t *
static dns_secalg_t *
matching_sigs(keyinfo_t *keytbl, dns_rdataset_t *rdataset,
dns_rdataset_t *sigset)
{
isc_result_t result;
uint8_t *algo;
dns_secalg_t *algo;
int i;
algo = isc_mem_get(mctx, nkey);
......@@ -702,7 +702,7 @@ matching_sigs(keyinfo_t *keytbl, dns_rdataset_t *rdataset,
* fetched from the child zone, any working signature is enough.
*/
static bool
signed_loose(uint8_t *algo) {
signed_loose(dns_secalg_t *algo) {
bool ok = false;
int i;
for (i = 0; i < nkey; i++) {
......@@ -721,7 +721,7 @@ signed_loose(uint8_t *algo) {
* RRset.
*/
static bool
signed_strict(dns_rdataset_t *dsset, uint8_t *algo) {
signed_strict(dns_rdataset_t *dsset, dns_secalg_t *algo) {
isc_result_t result;
bool all_ok = true;
......@@ -844,14 +844,14 @@ ds_from_cdnskey(dns_rdatalist_t *dslist, isc_buffer_t *buf,
*/
static int
cmp_dtype(const void *ap, const void *bp) {
int a = *(const uint8_t *)ap;
int b = *(const uint8_t *)bp;
int a = *(const dns_dsdigest_t *)ap;
int b = *(const dns_dsdigest_t *)bp;
return (a - b);
}
static void
add_dtype(const char *dn) {
uint8_t dt;
dns_dsdigest_t dt;
unsigned i, n;
dt = strtodsdigest(dn);
......@@ -936,7 +936,7 @@ consistent_digests(dns_rdataset_t *dsset) {
dns_rdata_t *arrdata;
dns_rdata_ds_t *ds;
dns_keytag_t key_tag;
uint8_t algorithm;
dns_secalg_t algorithm;
bool match;
int i, j, n, d;
......
......@@ -235,7 +235,7 @@ logkey(dns_rdata_t *rdata)
}
static void
emit(unsigned int dtype, bool showall, char *lookaside,
emit(dns_dsdigest_t dtype, bool showall, char *lookaside,
bool cds, dns_rdata_t *rdata)
{
isc_result_t result;
......@@ -350,7 +350,7 @@ main(int argc, char **argv) {
char *lookaside = NULL;
char *endp;
int ch;
unsigned int dtype = DNS_DSDIGEST_SHA1;
dns_dsdigest_t dtype = DNS_DSDIGEST_SHA1;
bool cds = false;
bool both = true;
bool usekeyset = false;
......
......@@ -308,17 +308,18 @@ contains the private key\&.
.PP
The
\&.key
file contains a DNS KEY record that can be inserted into a zone file (directly or with a $INCLUDE statement)\&.
file contains a DNSKEY or KEY record\&. When a zone is being signed by
\fBnamed\fR
or
\fBdnssec\-signzone\fR\fB\-S\fR, DNSKEY records are included automatically\&. In other cases, the
\&.key
file can be inserted into a zone file manually or with a
\fB$INCLUDE\fR
statement\&.
.PP
The
\&.private
file contains algorithm\-specific fields\&. For obvious security reasons, this file does not have general read permission\&.
.PP
Both
\&.key
and
\&.private
files are generated for symmetric cryptography algorithms such as HMAC\-MD5, even though the public and private key are equivalent\&.
.SH "EXAMPLE"
.PP
To generate an ECDSAP256SHA256 zone\-signing key for the zone
......
......@@ -571,10 +571,12 @@
key.
</para>
<para>
The <filename>.key</filename> file contains a DNS KEY record
that
can be inserted into a zone file (directly or with a $INCLUDE
statement).
The <filename>.key</filename> file contains a DNSKEY or KEY record.
When a zone is being signed by <command>named</command>
or <command>dnssec-signzone</command> <option>-S</option>, DNSKEY
records are included automatically. In other cases,
the <filename>.key</filename> file can be inserted into a zone file
manually or with a <userinput>$INCLUDE</userinput> statement.
</para>
<para>
The <filename>.private</filename> file contains
......@@ -582,11 +584,6 @@
fields. For obvious security reasons, this file does not have
general read permission.
</para>
<para>
Both <filename>.key</filename> and <filename>.private</filename>
files are generated for symmetric cryptography algorithms such as
HMAC-MD5, even though the public and private key are equivalent.
</para>
</refsection>
<refsection><info><title>EXAMPLE</title></info>
......
......@@ -462,10 +462,12 @@
key.
</p>
<p>
The <code class="filename">.key</code> file contains a DNS KEY record
that
can be inserted into a zone file (directly or with a $INCLUDE
statement).
The <code class="filename">.key</code> file contains a DNSKEY or KEY record.
When a zone is being signed by <span class="command"><strong>named</strong></span>
or <span class="command"><strong>dnssec-signzone</strong></span> <code class="option">-S</code>, DNSKEY
records are included automatically. In other cases,
the <code class="filename">.key</code> file can be inserted into a zone file
manually or with a <strong class="userinput"><code>$INCLUDE</code></strong> statement.
</p>
<p>
The <code class="filename">.private</code> file contains
......@@ -473,11 +475,6 @@
fields. For obvious security reasons, this file does not have
general read permission.
</p>
<p>
Both <code class="filename">.key</code> and <code class="filename">.private</code>
files are generated for symmetric cryptography algorithms such as
HMAC-MD5, even though the public and private key are equivalent.
</p>
</div>
<div class="refsection">
......
......@@ -2115,6 +2115,7 @@ configure_rpz_name2(dns_view_t *view, const cfg_obj_t *obj, dns_name_t *name,
static isc_result_t
configure_rpz_zone(dns_view_t *view, const cfg_listelt_t *element,
bool recursive_only_default,
bool add_soa_default,
dns_ttl_t ttl_default,
uint32_t minupdateinterval_default,
const dns_rpz_zone_t *old,
......@@ -2259,6 +2260,13 @@ configure_rpz_zone(dns_view_t *view, const cfg_listelt_t *element,
!dns_name_equal(&old->cname, &zone->cname)))
*old_rpz_okp = false;
obj = cfg_tuple_get(rpz_obj, "add-soa");
if (cfg_obj_isvoid(obj)) {
zone->addsoa = add_soa_default;
} else {
zone->addsoa = cfg_obj_asboolean(obj);
}
return (ISC_R_SUCCESS);
}
......@@ -2271,7 +2279,7 @@ configure_rpz(dns_view_t *view, const cfg_obj_t **maps,
char *rps_cstr;
size_t rps_cstr_size;
const cfg_obj_t *sub_obj;
bool recursive_only_default;
bool recursive_only_default, add_soa_default;
bool nsip_enabled, nsdname_enabled;
dns_rpz_zbits_t nsip_on, nsdname_on;
dns_ttl_t ttl_default;
......@@ -2367,6 +2375,13 @@ configure_rpz(dns_view_t *view, const cfg_obj_t **maps,
recursive_only_default = true;
}
sub_obj = cfg_tuple_get(rpz_obj, "add-soa");
if (!cfg_obj_isvoid(sub_obj) && !cfg_obj_asboolean(sub_obj)) {
add_soa_default = false;
} else {
add_soa_default = true;
}
sub_obj = cfg_tuple_get(rpz_obj, "break-dnssec");
if (!cfg_obj_isvoid(sub_obj) && cfg_obj_asboolean(sub_obj)) {
zones->p.break_dnssec = true;
......@@ -2429,6 +2444,7 @@ configure_rpz(dns_view_t *view, const cfg_obj_t **maps,
}
result = configure_rpz_zone(view, zone_element,
recursive_only_default,
add_soa_default,
ttl_default,
minupdateinterval_default,
old_zone, old_rpz_okp);
......@@ -5005,8 +5021,9 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
/*
* Configure default allow-update and allow-update-forwarding ACLs,
* so they can be inherited by zones. (Note these cannot be set at
* options/view level.)
* so they can be inherited by zones. (XXX: These are not
* read from the options/view level here. However, they may be
* read from there in zoneconf.c:configure_zone_acl() later.)
*/
if (view->updateacl == NULL) {
CHECK(configure_view_acl(NULL, NULL, named_g_config,
......@@ -11465,13 +11482,13 @@ named_server_status(named_server_t *server, isc_buffer_t **text) {
? "ON" : "OFF");
CHECK(putstr(text, line));
snprintf(line, sizeof(line), "recursive clients: %d/%d/%d\n",
snprintf(line, sizeof(line), "recursive clients: %u/%u/%u\n",
isc_quota_getused(&server->sctx->recursionquota),
isc_quota_getsoft(&server->sctx->recursionquota),
isc_quota_getmax(&server->sctx->recursionquota));
CHECK(putstr(text, line));
snprintf(line, sizeof(line), "tcp clients: %d/%d\n",
snprintf(line, sizeof(line), "tcp clients: %u/%u\n",
isc_quota_getused(&server->sctx->tcpquota),
isc_quota_getmax(&server->sctx->tcpquota));
CHECK(putstr(text, line));
......@@ -14676,13 +14693,13 @@ named_server_nta(named_server_t *server, isc_lex_t *lex,
"added NTA '%s' (%d sec) in view '%s'",
namebuf, ntattl, view->name);
} else {
bool removed;
bool wasremoved;
result = dns_ntatable_delete(ntatable, ntaname);
if (result == ISC_R_SUCCESS) {
removed = true;
wasremoved = true;
} else if (result == ISC_R_NOTFOUND) {
removed = false;
wasremoved = false;
} else {
goto cleanup;
}
......@@ -14693,13 +14710,13 @@ named_server_nta(named_server_t *server, isc_lex_t *lex,
first = false;
CHECK(putstr(text, "Negative trust anchor "));
CHECK(putstr(text, removed ? "removed: "
: "not found: "));
CHECK(putstr(text, wasremoved ? "removed: "
: "not found: "));
CHECK(putstr(text, namebuf));
CHECK(putstr(text, "/"));
CHECK(putstr(text, view->name));
if (removed) {
if (wasremoved) {
isc_log_write(named_g_lctx,
NAMED_LOGCATEGORY_GENERAL,
NAMED_LOGMODULE_SERVER,
......
......@@ -25,6 +25,7 @@ NSLIBS = ../../lib/ns/libns.@A@
LIBS =
SO_TARGETS = lib/filter-aaaa.@SO@
SO_INSTALL = filter-aaaa.@SO@
TARGETS = @SO_TARGETS@
SO_OBJS = filter-aaaa.@O@
......@@ -62,9 +63,15 @@ installdirs:
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${plugindir}
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
install:: filter-aaaa.@SO@ installdirs
${LIBTOOL_MODE_INSTALL} ${INSTALL_LIBRARY} filter-aaaa.@SO@ \
${DESTDIR}${plugindir}
install:: @SO_TARGETS@ installdirs
for i in ${SO_INSTALL} ; \
do \
if test -f $$i ; \
then \
${LIBTOOL_MODE_INSTALL} ${INSTALL_LIBRARY} $$i \
${DESTDIR}${plugindir}; \
fi \
done
${INSTALL_DATA} ${srcdir}/filter-aaaa.8 ${DESTDIR}${mandir}/man8
uninstall::
......
......@@ -1404,8 +1404,12 @@ for i in 0 1 2 3 4 5 6 7 8 9; do
$DIG $DIGOPTS delzsk.example NSEC3PARAM @10.53.0.3 > dig.out.ns3.1.test$n 2>&1 || ret=1
grep "NSEC3PARAM.*12345678" dig.out.ns3.1.test$n > /dev/null 2>&1
if [ $? -eq 0 ]; then
_ret=0
break
$RNDCCMD 10.53.0.3 signing -list delzsk.example > signing.out.2.test$n 2>&1
grep "Creating NSEC3 chain " signing.out.2.test$n > /dev/null 2>&1
if [ $? -ne 0 ]; then
_ret=0
break
fi
fi
sleep 1
done
......@@ -1420,10 +1424,10 @@ $SETTIME -D now-1h $file > settime.out.test$n 2>&1 || ret=1
$RNDCCMD 10.53.0.3 loadkeys delzsk.example 2>&1 | sed 's/^/ns3 /' | cat_i
for i in 0 1 2 3 4 5 6 7 8 9; do
_ret=1
$RNDCCMD 10.53.0.3 signing -list delzsk.example > signing.out.2.test$n 2>&1
grep "Signing " signing.out.2.test$n > /dev/null 2>&1
$RNDCCMD 10.53.0.3 signing -list delzsk.example > signing.out.3.test$n 2>&1
grep "Signing " signing.out.3.test$n > /dev/null 2>&1
if [ $? -ne 0 ]; then
if [ `cat signing.out.2.test$n | wc -l` -eq 2 ]; then
if [ `grep "Done signing " signing.out.3.test$n | wc -l` -eq 2 ]; then
_ret=0
break
fi
......
......@@ -9,6 +9,6 @@
* information regarding copyright ownership.
*/
view {
view one {
allow-update-forwarding { any; };
};
......@@ -9,6 +9,6 @@
* information regarding copyright ownership.
*/
view {
view one {
allow-update { any; };
};
......@@ -32,6 +32,6 @@ cat $infile $keyname1.key $keyname2.key >$zonefile
$SIGNER -l $dlvzone -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
$CHECKZONE -q -D -i none druz druz.pre |
sed '/IN DNSKEY/s/\([a-z0-9A-Z/]\{10\}\)[a-z0-9A-Z/]\{16\}/\1XXXXXXXXXXXXXXXX/'> druz.signed
sed '/IN DNSKEY/s/\([a-z0-9A-Z+/]\{10\}\)[a-z0-9A-Z+/]\{16\}/\1XXXXXXXXXXXXXXXX/'> druz.signed
echo_i "signed $zone"
......@@ -40,6 +40,13 @@
goto failure; \
} while (0)
#define loginfo(...) \
({ if ((state != NULL) && (state->log != NULL)) \
state->log(ISC_LOG_INFO, __VA_ARGS__); })
#define logerr(...) \
({ if ((state != NULL) && (state->log != NULL)) \
state->log(ISC_LOG_ERROR, __VA_ARGS__); })
/* For this simple example, use fixed sized strings */
struct record {
char name[100];
......@@ -109,9 +116,7 @@ add_name(struct dlz_example_data *state, struct record *list,
i = first_empty;
}
if (i == MAX_RECORDS) {
if (state->log != NULL)
state->log(ISC_LOG_ERROR,
"dlz_example: out of record space");
logerr("dlz_example: out of record space");
return (ISC_R_FAILURE);
}
......@@ -244,9 +249,7 @@ dlz_create(const char *dlzname, unsigned int argc, char *argv[],
va_end(ap);
if (argc < 2 || argv[1][0] == '\0') {
if (state->log != NULL)
state->log(ISC_LOG_ERROR,
"dlz_example: please specify a zone name");
logerr("dlz_example: please specify a zone name");
dlz_destroy(state);
return (ISC_R_FAILURE);
}
......@@ -282,9 +285,7 @@ dlz_create(const char *dlzname, unsigned int argc, char *argv[],
add_name(state, &state->current[0], state->zone_name,
"a", 1800, "10.53.0.1");
if (state->log != NULL)
state->log(ISC_LOG_INFO, "dlz_example: started for zone %s",
state->zone_name);
loginfo("dlz_example: started for zone %s", state->zone_name);
*dbdata = state;
return (ISC_R_SUCCESS);
......@@ -302,10 +303,7 @@ void
dlz_destroy(void *dbdata) {
struct dlz_example_data *state = (struct dlz_example_data *)dbdata;
if (state->log != NULL)
state->log(ISC_LOG_INFO,
"dlz_example: shutting down zone %s",
state->zone_name);
loginfo("dlz_example: shutting down zone %s", state->zone_name);
free(state->zone_name);
free(state);
}
......@@ -333,10 +331,8 @@ dlz_findzonedb(void *dbdata, const char *name,
fmt_address(src, addrbuf, sizeof(addrbuf));
}
state->log(ISC_LOG_INFO,
"dlz_example: dlz_findzonedb called with name '%s' "
"in zone DB '%s' from %s",
name, state->zone_name, addrbuf);
loginfo("dlz_example: dlz_findzonedb called with name '%s' "
"in zone DB '%s' from %s", name, state->zone_name, addrbuf);
/*
* Returning ISC_R_NOTFOUND will cause the query logic to
......@@ -436,7 +432,7 @@ dlz_lookup(const char *zone, const char *name, void *dbdata,
count = 1;
memcpy(last, full_name, size + 1);
}
state->log(ISC_LOG_INFO, "lookup #%d for %s", count, full_name);
loginfo("lookup #%d for %s", count, full_name);
/*
* If we need to know the database version (as set in
......@@ -456,10 +452,9 @@ dlz_lookup(const char *zone, const char *name, void *dbdata,
if (clientinfo != NULL &&
clientinfo->version >= DNS_CLIENTINFO_VERSION) {
dbversion = clientinfo->dbversion;
if (dbversion != NULL && *(bool *)dbversion)
state->log(ISC_LOG_INFO,
"dlz_example: lookup against live "
"transaction");
if (dbversion != NULL && *(bool *)dbversion) {
loginfo("dlz_example: lookup against live transaction");
}
}
if (strcmp(name, "source-addr") == 0) {
......@@ -474,8 +469,7 @@ dlz_lookup(const char *zone, const char *name, void *dbdata,
fmt_address(src, buf, sizeof(buf));
}
state->log(ISC_LOG_INFO,
"dlz_example: lookup connection from %s", buf);
loginfo("dlz_example: lookup connection from %s", buf);
found = true;
result = state->putrr(lookup, "TXT", 0, buf);
......@@ -536,10 +530,15 @@ dlz_lookup(const char *zone, const char *name, void *dbdata,
*/
isc_result_t
dlz_allowzonexfr(void *dbdata, const char *name, const char *client) {
struct dlz_example_data *state = (struct dlz_example_data *)dbdata;
isc_result_t result;
loginfo("dlz_example: dlz_allowzonexfr called for %s", name);
result = dlz_findzonedb(dbdata, name, NULL, NULL);
if (result != ISC_R_SUCCESS) {
loginfo("dlz_example: findzonedb returned %s",
isc_result_totext(result));
return (result);
}
......@@ -548,9 +547,12 @@ dlz_allowzonexfr(void *dbdata, const char *name, const char *client) {
* is effective.
*/
if (strcmp(client, "10.53.0.5") == 0) {
loginfo("dlz_example: disallow transfer to 10.53.0.5");
return (ISC_R_NOPERM);
}
loginfo("dlz_example: transfer allowed for %s", name);
return (ISC_R_SUCCESS);
}
......@@ -592,10 +594,8 @@ dlz_newversion(const char *zone, void *dbdata, void **versionp) {
struct dlz_example_data *state = (struct dlz_example_data *)dbdata;
if (state->transaction_started) {
if (state->log != NULL)
state->log(ISC_LOG_INFO,
"dlz_example: transaction already "
"started for zone %s", zone);
loginfo("dlz_example: transaction already started for zone %s",
zone);
return (ISC_R_FAILURE);
}
......@@ -615,9 +615,8 @@ dlz_closeversion(const char *zone, bool commit,
struct dlz_example_data *state = (struct dlz_example_data *)dbdata;
if (!state->transaction_started) {
if (state->log != NULL)
state->log(ISC_LOG_INFO, "dlz_example: transaction not "
"started for zone %s", zone);
loginfo("dlz_example: transaction not started for zone %s",
zone);
*versionp = NULL;
return;
}
......@@ -628,9 +627,7 @@ dlz_closeversion(const char *zone, bool commit,
if (commit) {
int i;
if (state->log != NULL)
state->log(ISC_LOG_INFO, "dlz_example: committing "
"transaction on zone %s", zone);
loginfo("dlz_example: committing transaction on zone %s", zone);
for (i = 0; i < MAX_RECORDS; i++) {
if (strlen(state->deletes[i].name) > 0U) {
(void)del_name(state, &state->current[0],
......@@ -650,9 +647,7 @@ dlz_closeversion(const char *zone, bool commit,
}
}
} else {
if (state->log != NULL)
state->log(ISC_LOG_INFO, "dlz_example: cancelling "
"transaction on zone %s", zone);
loginfo("dlz_example: cancelling transaction on zone %s", zone);
}
memset(state->adds, 0, sizeof(state->adds));
memset(state->deletes, 0, sizeof(state->deletes));
......@@ -667,27 +662,21 @@ dlz_configure(dns_view_t *view, dns_dlzdb_t *dlzdb, void *dbdata) {
struct dlz_example_data *state = (struct dlz_example_data *)dbdata;
isc_result_t result;
if (state->log != NULL)
state->log(ISC_LOG_INFO, "dlz_example: starting configure");
loginfo("dlz_example: starting configure");
if (state->writeable_zone == NULL) {
if (state->log != NULL)
state->log(ISC_LOG_INFO, "dlz_example: no "
"writeable_zone method available");
loginfo("dlz_example: no writeable_zone method available");
return (ISC_R_FAILURE);
}
result = state->writeable_zone(view, dlzdb, state->zone_name);
if (result != ISC_R_SUCCESS) {
if (state->log != NULL)
state->log(ISC_LOG_ERROR, "dlz_example: failed to "
"configure zone %s", state->zone_name);
loginfo("dlz_example: failed to configure zone %s",
state->zone_name);
return (result);
}
if (state->log != NULL)
state->log(ISC_LOG_INFO, "dlz_example: configured writeable "
"zone %s", state->zone_name);
loginfo("dlz_example: configured writeable zone %s", state->zone_name);
return (ISC_R_SUCCESS);
}
......@@ -708,14 +697,11 @@ dlz_ssumatch(const char *signer, const char *name, const char *tcpaddr,
UNUSED(keydata);
if (strncmp(name, "deny.", 5) == 0) {
if (state->log != NULL)
state->log(ISC_LOG_INFO, "dlz_example: denying update "
"of name=%s by %s", name, signer);
loginfo("dlz_example: denying update of name=%s by %s",
name, signer);
return (false);
}
if (state->log != NULL)
state->log(ISC_LOG_INFO, "dlz_example: allowing update of "