Module Name: src
Committed By: christos
Date: Tue Jul 28 21:17:11 UTC 2009
Modified Files:
src/external/bsd/bind/dist/bin/named: main.c
src/external/bsd/bind/dist/lib/dns: resolver.c
src/external/bsd/bind/dist/lib/isc/alpha/include/isc: atomic.h
Log Message:
merge 9.6.1-P1
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/external/bsd/bind/dist/bin/named/main.c
cvs rdiff -u -r1.2 -r1.3 src/external/bsd/bind/dist/lib/dns/resolver.c
cvs rdiff -u -r1.2 -r1.3 \
src/external/bsd/bind/dist/lib/isc/alpha/include/isc/atomic.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/bind/dist/bin/named/main.c
diff -u src/external/bsd/bind/dist/bin/named/main.c:1.2 src/external/bsd/bind/dist/bin/named/main.c:1.3
--- src/external/bsd/bind/dist/bin/named/main.c:1.2 Sat Apr 11 23:46:07 2009
+++ src/external/bsd/bind/dist/bin/named/main.c Tue Jul 28 17:17:11 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: main.c,v 1.2 2009/04/12 03:46:07 christos Exp $ */
+/* $NetBSD: main.c,v 1.3 2009/07/28 21:17:11 christos Exp $ */
/*
* Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
@@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* Id: main.c,v 1.166.34.2 2009/01/18 23:47:34 tbox Exp */
+/* Id: main.c,v 1.166.34.3 2009/04/03 20:18:59 marka Exp */
/*! \file */
@@ -881,10 +881,10 @@
* strings named.core | grep "named version:"
*/
strlcat(version,
-#if 0
- "named version: BIND " VERSION " (" __DATE__ ")",
-#else
+#if defined(NO_VERSION_DATE) || !defined(__DATE__)
"named version: BIND " VERSION,
+#else
+ "named version: BIND " VERSION " (" __DATE__ ")",
#endif
sizeof(version));
result = isc_file_progname(*argv, program_name, sizeof(program_name));
Index: src/external/bsd/bind/dist/lib/dns/resolver.c
diff -u src/external/bsd/bind/dist/lib/dns/resolver.c:1.2 src/external/bsd/bind/dist/lib/dns/resolver.c:1.3
--- src/external/bsd/bind/dist/lib/dns/resolver.c:1.2 Sat Apr 11 23:46:08 2009
+++ src/external/bsd/bind/dist/lib/dns/resolver.c Tue Jul 28 17:17:11 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: resolver.c,v 1.2 2009/04/12 03:46:08 christos Exp $ */
+/* $NetBSD: resolver.c,v 1.3 2009/07/28 21:17:11 christos Exp $ */
/*
* Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
@@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* Id: resolver.c,v 1.384.14.9 2009/02/27 23:05:22 marka Exp */
+/* Id: resolver.c,v 1.384.14.14 2009/06/02 23:47:13 tbox Exp */
/*! \file */
@@ -474,6 +474,30 @@
}
static isc_boolean_t
+rrsig_fromchildzone(fetchctx_t *fctx, dns_rdataset_t *rdataset) {
+ dns_namereln_t namereln;
+ dns_rdata_rrsig_t rrsig;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ int order;
+ isc_result_t result;
+ unsigned int labels;
+
+ for (result = dns_rdataset_first(rdataset);
+ result == ISC_R_SUCCESS;
+ result = dns_rdataset_next(rdataset)) {
+ dns_rdataset_current(rdataset, &rdata);
+ result = dns_rdata_tostruct(&rdata, &rrsig, NULL);
+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
+ namereln = dns_name_fullcompare(&rrsig.signer, &fctx->domain,
+ &order, &labels);
+ if (namereln == dns_namereln_subdomain)
+ return (ISC_TRUE);
+ dns_rdata_reset(&rdata);
+ }
+ return (ISC_FALSE);
+}
+
+static isc_boolean_t
fix_mustbedelegationornxdomain(dns_message_t *message, fetchctx_t *fctx) {
dns_name_t *name;
dns_name_t *domain = &fctx->domain;
@@ -486,13 +510,43 @@
return (ISC_FALSE);
/*
- * Look for BIND 8 style delegations.
- * Also look for answers to ANY queries where the duplicate NS RRset
- * may have been stripped from the authority section.
+ * A DS RRset can appear anywhere in a zone, even for a delegation-only
+ * zone. So a response to an explicit query for this type should be
+ * excluded from delegation-only fixup.
+ *
+ * SOA, NS, and DNSKEY can only exist at a zone apex, so a postive
+ * response to a query for these types can never violate the
+ * delegation-only assumption: if the query name is below a
+ * zone cut, the response should normally be a referral, which should
+ * be accepted; if the query name is below a zone cut but the server
+ * happens to have authority for the zone of the query name, the
+ * response is a (non-referral) answer. But this does not violate
+ * delegation-only because the query name must be in a different zone
+ * due to the "apex-only" nature of these types. Note that if the
+ * remote server happens to have authority for a child zone of a
+ * delegation-only zone, we may still incorrectly "fix" the response
+ * with NXDOMAIN for queries for other types. Unfortunately it's
+ * generally impossible to differentiate this case from violation of
+ * the delegation-only assumption. Once the resolver learns the
+ * correct zone cut, possibly via a separate query for an "apex-only"
+ * type, queries for other types will be resolved correctly.
+ *
+ * A query for type ANY will be accepted if it hits an exceptional
+ * type above in the answer section as it should be from a child
+ * zone.
+ *
+ * Also accept answers with RRSIG records from the child zone.
+ * Direct queries for RRSIG records should not be answered from
+ * the parent zone.
*/
+
if (message->counts[DNS_SECTION_ANSWER] != 0 &&
(fctx->type == dns_rdatatype_ns ||
- fctx->type == dns_rdatatype_any)) {
+ fctx->type == dns_rdatatype_ds ||
+ fctx->type == dns_rdatatype_soa ||
+ fctx->type == dns_rdatatype_any ||
+ fctx->type == dns_rdatatype_rrsig ||
+ fctx->type == dns_rdatatype_dnskey)) {
result = dns_message_firstname(message, DNS_SECTION_ANSWER);
while (result == ISC_R_SUCCESS) {
name = NULL;
@@ -501,10 +555,32 @@
for (rdataset = ISC_LIST_HEAD(name->list);
rdataset != NULL;
rdataset = ISC_LIST_NEXT(rdataset, link)) {
- type = rdataset->type;
- if (type != dns_rdatatype_ns)
+ if (!dns_name_equal(name, &fctx->name))
continue;
- if (dns_name_issubdomain(name, domain))
+ type = rdataset->type;
+ /*
+ * RRsig from child?
+ */
+ if (type == dns_rdatatype_rrsig &&
+ rrsig_fromchildzone(fctx, rdataset))
+ return (ISC_FALSE);
+ /*
+ * Direct query for apex records or DS.
+ */
+ if (fctx->type == type &&
+ (type == dns_rdatatype_ds ||
+ type == dns_rdatatype_ns ||
+ type == dns_rdatatype_soa ||
+ type == dns_rdatatype_dnskey))
+ return (ISC_FALSE);
+ /*
+ * Indirect query for apex records or DS.
+ */
+ if (fctx->type == dns_rdatatype_any &&
+ (type == dns_rdatatype_ns ||
+ type == dns_rdatatype_ds ||
+ type == dns_rdatatype_soa ||
+ type == dns_rdatatype_dnskey))
return (ISC_FALSE);
}
result = dns_message_nextname(message,
@@ -512,7 +588,14 @@
}
}
- /* Look for referral. */
+ /*
+ * A NODATA response to a DS query?
+ */
+ if (fctx->type == dns_rdatatype_ds &&
+ message->counts[DNS_SECTION_ANSWER] == 0)
+ return (ISC_FALSE);
+
+ /* Look for referral or indication of answer from child zone? */
if (message->counts[DNS_SECTION_AUTHORITY] == 0)
goto munge;
@@ -527,13 +610,37 @@
if (type == dns_rdatatype_soa &&
dns_name_equal(name, domain))
keep_auth = ISC_TRUE;
+
if (type != dns_rdatatype_ns &&
- type != dns_rdatatype_soa)
+ type != dns_rdatatype_soa &&
+ type != dns_rdatatype_rrsig)
continue;
- if (dns_name_equal(name, domain))
- goto munge;
- if (dns_name_issubdomain(name, domain))
+
+ if (type == dns_rdatatype_rrsig) {
+ if (rrsig_fromchildzone(fctx, rdataset))
+ return (ISC_FALSE);
+ else
+ continue;
+ }
+
+ /* NS or SOA records. */
+ if (dns_name_equal(name, domain)) {
+ /*
+ * If a query for ANY causes a negative
+ * response, we can be sure that this is
+ * an empty node. For other type of queries
+ * we cannot differentiate an empty node
+ * from a node that just doesn't have that
+ * type of record. We only accept the former
+ * case.
+ */
+ if (message->counts[DNS_SECTION_ANSWER] == 0 &&
+ fctx->type == dns_rdatatype_any)
+ return (ISC_FALSE);
+ } else if (dns_name_issubdomain(name, domain)) {
+ /* Referral or answer from child zone. */
return (ISC_FALSE);
+ }
}
result = dns_message_nextname(message, DNS_SECTION_AUTHORITY);
}
@@ -4232,53 +4339,53 @@
rdataset->trust = dns_trust_pending;
if (sigrdataset != NULL)
sigrdataset->trust = dns_trust_pending;
- if (!need_validation)
+ if (!need_validation || !ANSWER(rdataset)) {
addedrdataset = ardataset;
- else
- addedrdataset = NULL;
- result = dns_db_addrdataset(fctx->cache, node, NULL,
- now, rdataset, 0,
- addedrdataset);
- if (result == DNS_R_UNCHANGED) {
- result = ISC_R_SUCCESS;
- if (!need_validation &&
- ardataset != NULL &&
- ardataset->type == 0) {
- /*
- * The answer in the cache is better
- * than the answer we found, and is
- * a negative cache entry, so we
- * must set eresult appropriately.
- */
- if (NXDOMAIN(ardataset))
- eresult = DNS_R_NCACHENXDOMAIN;
- else
- eresult = DNS_R_NCACHENXRRSET;
- /*
- * We have a negative response from
- * the cache so don't attempt to
- * add the RRSIG rrset.
- */
- continue;
- }
- }
- if (result != ISC_R_SUCCESS)
- break;
- if (sigrdataset != NULL) {
- if (!need_validation)
- addedrdataset = asigrdataset;
- else
- addedrdataset = NULL;
- result = dns_db_addrdataset(fctx->cache,
- node, NULL, now,
- sigrdataset, 0,
- addedrdataset);
- if (result == DNS_R_UNCHANGED)
+ result = dns_db_addrdataset(fctx->cache, node,
+ NULL, now, rdataset,
+ 0, addedrdataset);
+ if (result == DNS_R_UNCHANGED) {
result = ISC_R_SUCCESS;
+ if (!need_validation &&
+ ardataset != NULL &&
+ ardataset->type == 0) {
+ /*
+ * The answer in the cache is
+ * better than the answer we
+ * found, and is a negative
+ * cache entry, so we must set
+ * eresult appropriately.
+ */
+ if (NXDOMAIN(ardataset))
+ eresult =
+ DNS_R_NCACHENXDOMAIN;
+ else
+ eresult =
+ DNS_R_NCACHENXRRSET;
+ /*
+ * We have a negative response
+ * from the cache so don't
+ * attempt to add the RRSIG
+ * rrset.
+ */
+ continue;
+ }
+ }
if (result != ISC_R_SUCCESS)
break;
- } else if (!ANSWER(rdataset))
- continue;
+ if (sigrdataset != NULL) {
+ addedrdataset = asigrdataset;
+ result = dns_db_addrdataset(fctx->cache,
+ node, NULL, now,
+ sigrdataset, 0,
+ addedrdataset);
+ if (result == DNS_R_UNCHANGED)
+ result = ISC_R_SUCCESS;
+ if (result != ISC_R_SUCCESS)
+ break;
+ } else if (!ANSWER(rdataset))
+ continue;
+ }
if (ANSWER(rdataset) && need_validation) {
if (fctx->type != dns_rdatatype_any &&
Index: src/external/bsd/bind/dist/lib/isc/alpha/include/isc/atomic.h
diff -u src/external/bsd/bind/dist/lib/isc/alpha/include/isc/atomic.h:1.2 src/external/bsd/bind/dist/lib/isc/alpha/include/isc/atomic.h:1.3
--- src/external/bsd/bind/dist/lib/isc/alpha/include/isc/atomic.h:1.2 Sat Apr 11 23:46:08 2009
+++ src/external/bsd/bind/dist/lib/isc/alpha/include/isc/atomic.h Tue Jul 28 17:17:11 2009
@@ -1,7 +1,7 @@
-/* $NetBSD: atomic.h,v 1.2 2009/04/12 03:46:08 christos Exp $ */
+/* $NetBSD: atomic.h,v 1.3 2009/07/28 21:17:11 christos Exp $ */
/*
- * Copyright (C) 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -16,7 +16,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* Id: atomic.h,v 1.5 2007/06/19 23:47:17 tbox Exp */
+/* Id: atomic.h,v 1.5.332.2 2009/04/08 06:47:32 tbox Exp */
/*
* This code was written based on FreeBSD's kernel source whose copyright
@@ -64,16 +64,20 @@
/*
* This routine atomically increments the value stored in 'p' by 'val', and
- * returns the previous value.
+ * returns the previous value. Memory access ordering around this function
+ * can be critical, so we add explicit memory block instructions at the
+ * beginning and the end of it (same for other functions).
*/
static __inline isc_int32_t
isc_atomic_xadd(isc_int32_t *p, isc_int32_t val) {
- return (asm("1:"
+ return (asm("mb;"
+ "1:"
"ldl_l %t0, 0(%a0);" /* load old value */
"mov %t0, %v0;" /* copy the old value */
"addl %t0, %a1, %t0;" /* calculate new value */
"stl_c %t0, 0(%a0);" /* attempt to store */
- "beq %t0, 1b;", /* spin if failed */
+ "beq %t0, 1b;" /* spin if failed */
+ "mb;",
p, val));
}
@@ -82,11 +86,13 @@
*/
static __inline void
isc_atomic_store(isc_int32_t *p, isc_int32_t val) {
- (void)asm("1:"
+ (void)asm("mb;"
+ "1:"
"ldl_l %t0, 0(%a0);" /* load old value */
"mov %a1, %t0;" /* value to store */
"stl_c %t0, 0(%a0);" /* attempt to store */
- "beq %t0, 1b;", /* spin if failed */
+ "beq %t0, 1b;" /* spin if failed */
+ "mb;",
p, val);
}
@@ -98,7 +104,8 @@
static __inline isc_int32_t
isc_atomic_cmpxchg(isc_int32_t *p, isc_int32_t cmpval, isc_int32_t val) {
- return(asm("1:"
+ return(asm("mb;"
+ "1:"
"ldl_l %t0, 0(%a0);" /* load old value */
"mov %t0, %v0;" /* copy the old value */
"cmpeq %t0, %a1, %t0;" /* compare */
@@ -106,7 +113,8 @@
"mov %a2, %t0;" /* value to store */
"stl_c %t0, 0(%a0);" /* attempt to store */
"beq %t0, 1b;" /* if it failed, spin */
- "2:",
+ "2:"
+ "mb;",
p, cmpval, val));
}
#elif defined (ISC_PLATFORM_USEGCCASM)
@@ -115,13 +123,15 @@
isc_int32_t temp, prev;
__asm__ volatile(
+ "mb;"
"1:"
"ldl_l %0, %1;" /* load old value */
"mov %0, %2;" /* copy the old value */
"addl %0, %3, %0;" /* calculate new value */
"stl_c %0, %1;" /* attempt to store */
"beq %0, 1b;" /* spin if failed */
- : "=&r"(temp), "+m"(*p), "=r"(prev)
+ "mb;"
+ : "=&r"(temp), "+m"(*p), "=&r"(prev)
: "r"(val)
: "memory");
@@ -133,11 +143,13 @@
isc_int32_t temp;
__asm__ volatile(
+ "mb;"
"1:"
"ldl_l %0, %1;" /* load old value */
"mov %2, %0;" /* value to store */
"stl_c %0, %1;" /* attempt to store */
"beq %0, 1b;" /* if it failed, spin */
+ "mb;"
: "=&r"(temp), "+m"(*p)
: "r"(val)
: "memory");
@@ -148,6 +160,7 @@
isc_int32_t temp, prev;
__asm__ volatile(
+ "mb;"
"1:"
"ldl_l %0, %1;" /* load old value */
"mov %0, %2;" /* copy the old value */
@@ -157,7 +170,8 @@
"stl_c %0, %1;" /* attempt to store */
"beq %0, 1b;" /* if it failed, spin */
"2:"
- : "=&r"(temp), "+m"(*p), "=r"(prev)
+ "mb;"
+ : "=&r"(temp), "+m"(*p), "=&r"(prev)
: "r"(cmpval), "r"(val)
: "memory");
