Hi,
not too long ago two new commands appeared in unbound-control;
insecure_add and insecure_remove, to manage negative trust anchors.
These are great and I want to make use of them, but I could not find a
way to list the current negative trust anchors, which would be a very
useful command as well for what I'm thinking of.
I've attached a patch that adds a list_insecure option; it goes through
the anchors and prints the domain name of each anchor without DS or
DNSKEY records.
Please consider this for inclusion in the next release. Or, if I am
simply blind and such an option did exist already, please ignore this
patch and kindly point me in the right direction :)
Jelte
Index: daemon/remote.c
===================================================================
--- daemon/remote.c (revision 3383)
+++ daemon/remote.c (working copy)
@@ -1892,6 +1892,21 @@
send_ok(ssl);
}
+static void
+do_insecure_list(SSL* ssl, struct worker* worker)
+{
+ char buf[257];
+ struct trust_anchor* a;
+ if(worker->env.anchors) {
+ RBTREE_FOR(a, struct trust_anchor*, worker->env.anchors->tree) {
+ if(a->numDS == 0 && a->numDNSKEY == 0) {
+ dname_str(a->name, buf);
+ ssl_printf(ssl, "%s\n", buf);
+ }
+ }
+ }
+}
+
/** do the status command */
static void
do_status(SSL* ssl, struct worker* worker)
@@ -2312,6 +2327,9 @@
} else if(cmdcmp(p, "list_stubs", 10)) {
do_list_stubs(ssl, worker);
return;
+ } else if(cmdcmp(p, "list_insecure", 13)) {
+ do_insecure_list(ssl, worker);
+ return;
} else if(cmdcmp(p, "list_local_zones", 16)) {
do_list_local_zones(ssl, worker);
return;
Index: doc/unbound-control.8.in
===================================================================
--- doc/unbound-control.8.in (revision 3383)
+++ doc/unbound-control.8.in (working copy)
@@ -197,6 +197,9 @@
.B list_forwards
List the forward zones in use. These are printed zone by zone to the output.
.TP
+.B list_insecure
+List the zones with domain\-insecure.
+.TP
.B list_local_zones
List the local zones in use. These are printed one per line with zone type.
.TP
Index: smallapp/unbound-control.c
===================================================================
--- smallapp/unbound-control.c (revision 3383)
+++ smallapp/unbound-control.c (working copy)
@@ -109,6 +109,7 @@
printf(" get_option opt get option value\n");
printf(" list_stubs list stub-zones and root hints in use\n");
printf(" list_forwards list forward-zones in use\n");
+ printf(" list_insecure list domain-insecure zones\n");
printf(" list_local_zones list local-zones in use\n");
printf(" list_local_data list local-data RRs in use\n");
printf(" insecure_add zone add domain-insecure zone\n");
_______________________________________________
Unbound-users mailing list
[email protected]
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
