85 lines
3.0 KiB
Diff
85 lines
3.0 KiB
Diff
From a5d65815bc9812f7b55664d564f9592765c88e6d Mon Sep 17 00:00:00 2001
|
|
From: Tony Finch <fanf@isc.org>
|
|
Date: Tue, 15 Mar 2022 17:57:43 +0000
|
|
Subject: [PATCH] Log "not authoritative for update zone" more clearly
|
|
|
|
Ensure the update zone name is mentioned in the NOTAUTH error message
|
|
in the server log, so that it is easier to track down problematic
|
|
update clients. There are two cases: either the update zone is
|
|
unrelated to any of the server's zones (previously no zone was
|
|
mentioned); or the update zone is a subdomain of one or more of the
|
|
server's zones (previously the name of the irrelevant parent zone was
|
|
misleadingly logged).
|
|
|
|
Closes #3209
|
|
|
|
(cherry picked from commit 84c4eb02e7a4599acfb5d2abc0e62e7d64fd1bd6)
|
|
Conflict: delete CHANGES
|
|
Reference: https://gitlab.isc.org/isc-projects/bind9/-/commit/a5d65815bc9812f7b55664d564f9592765c88e6d
|
|
---
|
|
bin/tests/system/nsupdate/tests.sh | 26 ++++++++++++++++++++++++++
|
|
lib/ns/update.c | 10 +++++++++-
|
|
3 files changed, 40 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh
|
|
index b3cb85aada..e4f96eb126 100755
|
|
--- a/bin/tests/system/nsupdate/tests.sh
|
|
+++ b/bin/tests/system/nsupdate/tests.sh
|
|
@@ -83,6 +83,32 @@ digcomp knowngood.ns1.before dig.out.ns1 || ret=1
|
|
digcomp knowngood.ns1.before dig.out.ns2 || ret=1
|
|
[ $ret = 0 ] || { echo_i "failed"; status=1; }
|
|
|
|
+ret=0
|
|
+echo_i "ensure an unrelated zone is mentioned in its NOTAUTH log"
|
|
+$NSUPDATE -k ns1/ddns.key > nsupdate.out 2>&1 << END && ret=1
|
|
+server 10.53.0.1 ${PORT}
|
|
+zone unconfigured.test
|
|
+update add unconfigured.test 600 IN A 10.53.0.1
|
|
+send
|
|
+END
|
|
+grep NOTAUTH nsupdate.out > /dev/null 2>&1 || ret=1
|
|
+grep ' unconfigured.test: not authoritative' ns1/named.run \
|
|
+ > /dev/null 2>&1 || ret=1
|
|
+[ $ret = 0 ] || { echo_i "failed"; status=1; }
|
|
+
|
|
+ret=0
|
|
+echo_i "ensure a subdomain is mentioned in its NOTAUTH log"
|
|
+$NSUPDATE -k ns1/ddns.key > nsupdate.out 2>&1 << END && ret=1
|
|
+server 10.53.0.1 ${PORT}
|
|
+zone sub.sub.example.nil
|
|
+update add sub.sub.sub.example.nil 600 IN A 10.53.0.1
|
|
+send
|
|
+END
|
|
+grep NOTAUTH nsupdate.out > /dev/null 2>&1 || ret=1
|
|
+grep ' sub.sub.example.nil: not authoritative' ns1/named.run \
|
|
+ > /dev/null 2>&1 || ret=1
|
|
+[ $ret = 0 ] || { echo_i "failed"; status=1; }
|
|
+
|
|
ret=0
|
|
echo_i "updating zone"
|
|
# nsupdate will print a ">" prompt to stdout as it gets each input line.
|
|
diff --git a/lib/ns/update.c b/lib/ns/update.c
|
|
index 9ab13e3301..067ff990bd 100644
|
|
--- a/lib/ns/update.c
|
|
+++ b/lib/ns/update.c
|
|
@@ -1631,7 +1631,15 @@ ns_update_start(ns_client_t *client, isc_nmhandle_t *handle,
|
|
|
|
result = dns_zt_find(client->view->zonetable, zonename, 0, NULL, &zone);
|
|
if (result != ISC_R_SUCCESS) {
|
|
- FAILC(DNS_R_NOTAUTH, "not authoritative for update zone");
|
|
+ /*
|
|
+ * If we found a zone that is a parent of the update zonename,
|
|
+ * detach it so it isn't mentioned in log - it is irrelevant.
|
|
+ */
|
|
+ if (zone != NULL) {
|
|
+ dns_zone_detach(&zone);
|
|
+ }
|
|
+ FAILN(DNS_R_NOTAUTH, zonename,
|
|
+ "not authoritative for update zone");
|
|
}
|
|
|
|
/*
|
|
--
|
|
2.27.0
|
|
|