From 17afd1bcf1f428b31c9fbc9fa97749d0590efaed Mon Sep 17 00:00:00 2001 From: Amitay Isaacs Date: Mon, 20 Oct 2014 16:40:05 +1100 Subject: [PATCH 1/5] s4-dns: Update template variables, change BIND98 --> BIND9_8 This makes it easier to add suport for BIND 9.10. Signed-off-by: Amitay Isaacs Reviewed-by: Matthieu Patou (cherry picked from commit 58334eb58ed2f11c6f212481b6be772d9f182810) Conflicts: python/samba/provision/sambadns.py source4/setup/named.conf.dlz --- source4/setup/named.conf.dlz | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source4/setup/named.conf.dlz b/source4/setup/named.conf.dlz index be20a57..97814f3 100644 --- a/source4/setup/named.conf.dlz +++ b/source4/setup/named.conf.dlz @@ -10,10 +10,10 @@ # Uncomment only single database line, depending on your BIND version # dlz "AD DNS Zone" { - # For BIND 9.8.0 + # For BIND 9.8.x database "dlopen ${MODULESDIR}/bind9/dlz_bind9.so"; - # For BIND 9.9.0 + # For BIND 9.9.x # database "dlopen ${MODULESDIR}/bind9/dlz_bind9_9.so"; }; -- 1.9.3 From f36d6c12d9dc70699094323f7ab749c67ad21aec Mon Sep 17 00:00:00 2001 From: Amitay Isaacs Date: Sun, 19 Oct 2014 12:57:55 +1100 Subject: [PATCH 2/5] s4-dns: Check DLZ_DLOPEN_VERSION for different BIND versions Signed-off-by: Amitay Isaacs Reviewed-by: Matthieu Patou (cherry picked from commit 1e5c14548c8d03f66aaa908654c94f36a94455f2) --- source4/dns_server/dlz_bind9.c | 2 +- source4/dns_server/dlz_minimal.h | 22 +++++++++------------- 2 files changed, 10 insertions(+), 14 deletions(-) diff --git a/source4/dns_server/dlz_bind9.c b/source4/dns_server/dlz_bind9.c index 38b765a..7583540 100644 --- a/source4/dns_server/dlz_bind9.c +++ b/source4/dns_server/dlz_bind9.c @@ -846,7 +846,7 @@ static isc_result_t dlz_lookup_types(struct dlz_bind9_data *state, /* lookup one record */ -#ifdef BIND_VERSION_9_8 +#if DLZ_DLOPEN_VERSION == 1 _PUBLIC_ isc_result_t dlz_lookup(const char *zone, const char *name, void *dbdata, dns_sdlzlookup_t *lookup) #else diff --git a/source4/dns_server/dlz_minimal.h b/source4/dns_server/dlz_minimal.h index 98fb34e..af0d6bc 100644 --- a/source4/dns_server/dlz_minimal.h +++ b/source4/dns_server/dlz_minimal.h @@ -16,25 +16,21 @@ * USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* - This header provides a minimal set of defines and typedefs needed - for building an external DLZ module for bind9. When creating a new - external DLZ driver, please copy this header into your own source - tree. - */ -typedef unsigned int isc_result_t; #ifdef BIND_VERSION_9_8 -typedef bool isc_boolean_t; +#define DLZ_DLOPEN_VERSION 1 +#elif BIND_VERSION_9_9 +#define DLZ_DLOPEN_VERSION 2 #else -typedef int isc_boolean_t; +#error Unsupported BIND version #endif -typedef uint32_t dns_ttl_t; -#ifdef BIND_VERSION_9_8 -#define DLZ_DLOPEN_VERSION 1 +typedef unsigned int isc_result_t; +#if DLZ_DLOPEN_VERSION == 1 +typedef bool isc_boolean_t; #else -#define DLZ_DLOPEN_VERSION 2 +typedef int isc_boolean_t; #endif +typedef uint32_t dns_ttl_t; /* return this in flags to dlz_version() if thread safe */ #define DNS_SDLZFLAG_THREADSAFE 0x00000001U -- 1.9.3 From 2c386c7bccd396ffe3496bba662ba1b9bf14e3ec Mon Sep 17 00:00:00 2001 From: Amitay Isaacs Date: Mon, 20 Oct 2014 15:31:30 +1100 Subject: [PATCH 3/5] s4-dns: Update dlz_minimal.h based on BIND release 9.10 Signed-off-by: Amitay Isaacs Reviewed-by: Matthieu Patou (cherry picked from commit aeb6ad8a9c2713c6c71a2ac4cd355dd1bda6cc51) --- source4/dns_server/dlz_minimal.h | 207 +++++++++++++++++++++++++++++---------- 1 file changed, 153 insertions(+), 54 deletions(-) diff --git a/source4/dns_server/dlz_minimal.h b/source4/dns_server/dlz_minimal.h index af0d6bc..11187f7 100644 --- a/source4/dns_server/dlz_minimal.h +++ b/source4/dns_server/dlz_minimal.h @@ -16,10 +16,20 @@ * USE OR PERFORMANCE OF THIS SOFTWARE. */ +/* This header is updated based on BIND 9.10.1 source. + * contrib/dlz/modules/include/dlz_minimal.h + */ + +#ifndef DLZ_MINIMAL_H +#define DLZ_MINIMAL_H 1 + #ifdef BIND_VERSION_9_8 #define DLZ_DLOPEN_VERSION 1 #elif BIND_VERSION_9_9 #define DLZ_DLOPEN_VERSION 2 +#elif BIND_VERSION_9_10 +#define DLZ_DLOPEN_VERSION 3 +#define DLZ_DLOPEN_AGE 0 #else #error Unsupported BIND version #endif @@ -32,16 +42,23 @@ typedef int isc_boolean_t; #endif typedef uint32_t dns_ttl_t; -/* return this in flags to dlz_version() if thread safe */ +/* return these in flags from dlz_version() */ #define DNS_SDLZFLAG_THREADSAFE 0x00000001U +#define DNS_SDLZFLAG_RELATIVEOWNER 0x00000002U +#define DNS_SDLZFLAG_RELATIVERDATA 0x00000004U /* result codes */ #define ISC_R_SUCCESS 0 #define ISC_R_NOMEMORY 1 #define ISC_R_NOPERM 6 +#define ISC_R_NOSPACE 19 #define ISC_R_NOTFOUND 23 #define ISC_R_FAILURE 25 +#define ISC_R_NOTIMPLEMENTED 27 #define ISC_R_NOMORE 29 +#define ISC_R_INVALIDFILE 30 +#define ISC_R_UNEXPECTED 34 +#define ISC_R_FILENOTFOUND 38 /* boolean values */ #define ISC_TRUE 1 @@ -53,16 +70,51 @@ typedef uint32_t dns_ttl_t; #define ISC_LOG_WARNING (-3) #define ISC_LOG_ERROR (-4) #define ISC_LOG_CRITICAL (-5) +#define ISC_LOG_DEBUG(level) (level) -/* some opaque structures */ +/* opaque structures */ typedef void *dns_sdlzlookup_t; typedef void *dns_sdlzallnodes_t; typedef void *dns_view_t; -typedef void *dns_clientinfomethods_t; -typedef void *dns_clientinfo_t; +typedef void *dns_dlzdb_t; +#if DLZ_DLOPEN_VERSION > 1 /* - * method definitions for callbacks provided by dlopen driver + * Method and type definitions needed for retrieval of client info + * from the caller. + */ +typedef struct isc_sockaddr { + union { + struct sockaddr sa; + struct sockaddr_in sin; + struct sockaddr_in6 sin6; + struct sockaddr_un sunix; + } type; + unsigned int length; + void * link; +} isc_sockaddr_t; + +#define DNS_CLIENTINFO_VERSION 1 +typedef struct dns_clientinfo { + uint16_t version; + void *data; +} dns_clientinfo_t; + +typedef isc_result_t (*dns_clientinfo_sourceip_t)(dns_clientinfo_t *client, + isc_sockaddr_t **addrp); + +#define DNS_CLIENTINFOMETHODS_VERSION 1 +#define DNS_CLIENTINFOMETHODS_AGE 0 + +typedef struct dns_clientinfomethods { + uint16_t version; + uint16_t age; + dns_clientinfo_sourceip_t sourceip; +} dns_clientinfomethods_t; +#endif /* DLZ_DLOPEN_VERSION > 1 */ + +/* + * Method definitions for callbacks provided by the dlopen driver */ typedef void log_t(int level, const char *fmt, ...); @@ -78,103 +130,150 @@ typedef isc_result_t dns_sdlz_putnamedrr_t(dns_sdlzallnodes_t *allnodes, dns_ttl_t ttl, const char *data); +#if DLZ_DLOPEN_VERSION < 3 typedef isc_result_t dns_dlz_writeablezone_t(dns_view_t *view, const char *zone_name); - +#else /* DLZ_DLOPEN_VERSION >= 3 */ +typedef isc_result_t dns_dlz_writeablezone_t(dns_view_t *view, + dns_dlzdb_t *dlzdb, + const char *zone_name); +#endif /* DLZ_DLOPEN_VERSION */ /* - * prototypes for the functions you can include in your driver + * prototypes for the functions you can include in your module */ - /* * dlz_version() is required for all DLZ external drivers. It should - * return DLZ_DLOPEN_VERSION + * return DLZ_DLOPEN_VERSION. 'flags' is updated to indicate capabilities + * of the module. In particular, if the module is thread-safe then it + * sets 'flags' to include DNS_SDLZFLAG_THREADSAFE. Other capability + * flags may be added in the future. */ -int dlz_version(unsigned int *flags); +int +dlz_version(unsigned int *flags); /* * dlz_create() is required for all DLZ external drivers. */ -isc_result_t dlz_create(const char *dlzname, unsigned int argc, const char **argv, void **dbdata, ...); +isc_result_t +dlz_create(const char *dlzname, unsigned int argc, const char *argv[], + void **dbdata, ...); /* * dlz_destroy() is optional, and will be called when the driver is * unloaded if supplied */ -void dlz_destroy(void *dbdata); +void +dlz_destroy(void *dbdata); /* - dlz_findzonedb is required for all DLZ external drivers + * dlz_findzonedb is required for all DLZ external drivers */ -isc_result_t dlz_findzonedb(void *dbdata, const char *name); +#if DLZ_DLOPEN_VERSION < 3 +isc_result_t +dlz_findzonedb(void *dbdata, const char *name); +#else /* DLZ_DLOPEN_VERSION >= 3 */ +isc_result_t +dlz_findzonedb(void *dbdata, const char *name, + dns_clientinfomethods_t *methods, + dns_clientinfo_t *clientinfo); +#endif /* DLZ_DLOPEN_VERSION */ /* - dlz_lookup is required for all DLZ external drivers + * dlz_lookup is required for all DLZ external drivers */ -#ifdef BIND_VERSION_9_8 -isc_result_t dlz_lookup(const char *zone, const char *name, - void *dbdata, dns_sdlzlookup_t *lookup); -#else -isc_result_t dlz_lookup(const char *zone, const char *name, - void *dbdata, dns_sdlzlookup_t *lookup, - dns_clientinfomethods_t *methods, - dns_clientinfo_t *clientinfo); -#endif +#if DLZ_DLOPEN_VERSION == 1 +isc_result_t +dlz_lookup(const char *zone, const char *name, void *dbdata, + dns_sdlzlookup_t *lookup); +#else /* DLZ_DLOPEN_VERSION > 1 */ +isc_result_t +dlz_lookup(const char *zone, const char *name, void *dbdata, + dns_sdlzlookup_t *lookup, + dns_clientinfomethods_t *methods, + dns_clientinfo_t *clientinfo); +#endif /* DLZ_DLOPEN_VERSION */ /* - dlz_allowzonexfr() is optional, and should be supplied if you want - to support zone transfers + * dlz_authority() is optional if dlz_lookup() supplies + * authority information (i.e., SOA, NS) for the dns record */ -isc_result_t dlz_allowzonexfr(void *dbdata, const char *name, const char *client); - +isc_result_t +dlz_authority(const char *zone, void *dbdata, dns_sdlzlookup_t *lookup); /* - dlz_allnodes() is optional, but must be supplied if supply a - dlz_allowzonexfr() function + * dlz_allowzonexfr() is optional, and should be supplied if you want to + * support zone transfers */ -isc_result_t dlz_allnodes(const char *zone, void *dbdata, dns_sdlzallnodes_t *allnodes); +isc_result_t +dlz_allowzonexfr(void *dbdata, const char *name, const char *client); /* - dlz_newversion() is optional. It should be supplied if you want to - support dynamic updates. + * dlz_allnodes() is optional, but must be supplied if supply a + * dlz_allowzonexfr() function */ -isc_result_t dlz_newversion(const char *zone, void *dbdata, void **versionp); +isc_result_t +dlz_allnodes(const char *zone, void *dbdata, dns_sdlzallnodes_t *allnodes); /* - dlz_closeversion() is optional, but must be supplied if you supply - a dlz_newversion() function + * dlz_newversion() is optional. It should be supplied if you want to + * support dynamic updates. */ -void dlz_closeversion(const char *zone, isc_boolean_t commit, void *dbdata, void **versionp); +isc_result_t +dlz_newversion(const char *zone, void *dbdata, void **versionp); + +/* + * dlz_closeversion() is optional, but must be supplied if you supply a + * dlz_newversion() function + */ +void +dlz_closeversion(const char *zone, isc_boolean_t commit, void *dbdata, + void **versionp); /* - dlz_configure() is optional, but must be supplied if you want to - support dynamic updates + * dlz_configure() is optional, but must be supplied if you want to support + * dynamic updates */ -isc_result_t dlz_configure(dns_view_t *view, void *dbdata); +#if DLZ_DLOPEN_VERSION < 3 +isc_result_t +dlz_configure(dns_view_t *view, void *dbdata); +#else /* DLZ_DLOPEN_VERSION >= 3 */ +isc_result_t +dlz_configure(dns_view_t *view, dns_dlzdb_t *dlzdb, void *dbdata); +#endif /* DLZ_DLOPEN_VERSION */ /* - dlz_ssumatch() is optional, but must be supplied if you want to - support dynamic updates + * dlz_ssumatch() is optional, but must be supplied if you want to support + * dynamic updates */ -isc_boolean_t dlz_ssumatch(const char *signer, const char *name, const char *tcpaddr, - const char *type, const char *key, uint32_t keydatalen, uint8_t *keydata, - void *dbdata); +isc_boolean_t +dlz_ssumatch(const char *signer, const char *name, const char *tcpaddr, + const char *type, const char *key, uint32_t keydatalen, + uint8_t *keydata, void *dbdata); /* - dlz_addrdataset() is optional, but must be supplied if you want to - support dynamic updates + * dlz_addrdataset() is optional, but must be supplied if you want to + * support dynamic updates */ -isc_result_t dlz_addrdataset(const char *name, const char *rdatastr, void *dbdata, void *version); +isc_result_t +dlz_addrdataset(const char *name, const char *rdatastr, void *dbdata, + void *version); /* - dlz_subrdataset() is optional, but must be supplied if you want to - support dynamic updates + * dlz_subrdataset() is optional, but must be supplied if you want to + * support dynamic updates */ -isc_result_t dlz_subrdataset(const char *name, const char *rdatastr, void *dbdata, void *version); +isc_result_t +dlz_subrdataset(const char *name, const char *rdatastr, void *dbdata, + void *version); /* - dlz_delrdataset() is optional, but must be supplied if you want to - support dynamic updates + * dlz_delrdataset() is optional, but must be supplied if you want to + * support dynamic updates */ -isc_result_t dlz_delrdataset(const char *name, const char *type, void *dbdata, void *version); +isc_result_t +dlz_delrdataset(const char *name, const char *type, void *dbdata, + void *version); + +#endif /* DLZ_MINIMAL_H */ -- 1.9.3 From b330e5b18a90fdcadd7d14c9f8b47e300fce1469 Mon Sep 17 00:00:00 2001 From: Amitay Isaacs Date: Mon, 20 Oct 2014 16:32:42 +1100 Subject: [PATCH 4/5] s4-dns: Add support for BIND 9.10 Signed-off-by: Amitay Isaacs Reviewed-by: Matthieu Patou Autobuild-User(master): Amitay Isaacs Autobuild-Date(master): Sat Oct 25 05:42:19 CEST 2014 on sn-devel-104 (cherry picked from commit faa3423d1a26eb6103389b234add0f1e8d0dfc08) Conflicts: python/samba/provision/sambadns.py source4/dns_server/dlz_bind9.c source4/setup/named.conf.dlz --- source4/dns_server/dlz_bind9.c | 20 +++++++++++++++++++- source4/dns_server/wscript_build | 10 ++++++++++ source4/setup/named.conf.dlz | 3 +++ 3 files changed, 32 insertions(+), 1 deletion(-) diff --git a/source4/dns_server/dlz_bind9.c b/source4/dns_server/dlz_bind9.c index 7583540..62e6f37 100644 --- a/source4/dns_server/dlz_bind9.c +++ b/source4/dns_server/dlz_bind9.c @@ -785,7 +785,13 @@ static isc_result_t b9_find_name_dn(struct dlz_bind9_data *state, const char *na /* see if we handle a given zone */ +#if DLZ_DLOPEN_VERSION < 3 _PUBLIC_ isc_result_t dlz_findzonedb(void *dbdata, const char *name) +#else +_PUBLIC_ isc_result_t dlz_findzonedb(void *dbdata, const char *name, + dns_clientinfomethods_t *methods, + dns_clientinfo_t *clientinfo) +#endif { struct dlz_bind9_data *state = talloc_get_type_abort(dbdata, struct dlz_bind9_data); return b9_find_zone_dn(state, name, NULL, NULL); @@ -867,7 +873,9 @@ _PUBLIC_ isc_result_t dlz_lookup(const char *zone, const char *name, _PUBLIC_ isc_result_t dlz_allowzonexfr(void *dbdata, const char *name, const char *client) { /* just say yes for all our zones for now */ - return dlz_findzonedb(dbdata, name); + struct dlz_bind9_data *state = talloc_get_type( + dbdata, struct dlz_bind9_data); + return b9_find_zone_dn(state, name, NULL, NULL); } /* @@ -1073,7 +1081,12 @@ static bool b9_has_soa(struct dlz_bind9_data *state, struct ldb_dn *dn, const ch /* configure a writeable zone */ +#if DLZ_DLOPEN_VERSION < 3 _PUBLIC_ isc_result_t dlz_configure(dns_view_t *view, void *dbdata) +#else +_PUBLIC_ isc_result_t dlz_configure(dns_view_t *view, dns_dlzdb_t *dlzdb, + void *dbdata) +#endif { struct dlz_bind9_data *state = talloc_get_type_abort(dbdata, struct dlz_bind9_data); TALLOC_CTX *tmp_ctx; @@ -1132,7 +1145,12 @@ _PUBLIC_ isc_result_t dlz_configure(dns_view_t *view, void *dbdata) if (!b9_has_soa(state, zone_dn, zone)) { continue; } + +#if DLZ_DLOPEN_VERSION < 3 result = state->writeable_zone(view, zone); +#else + result = state->writeable_zone(view, dlzdb, zone); +#endif if (result != ISC_R_SUCCESS) { state->log(ISC_LOG_ERROR, "samba_dlz: Failed to configure zone '%s'", zone); diff --git a/source4/dns_server/wscript_build b/source4/dns_server/wscript_build index a92ab67..803ca62 100644 --- a/source4/dns_server/wscript_build +++ b/source4/dns_server/wscript_build @@ -37,6 +37,16 @@ bld.SAMBA_LIBRARY('dlz_bind9_9', deps='samba-hostconfig samdb-common gensec popt dnsserver_common', enabled=bld.AD_DC_BUILD_IS_ENABLED()) +bld.SAMBA_LIBRARY('dlz_bind9_10', + source='dlz_bind9.c', + cflags='-DBIND_VERSION_9_10', + private_library=True, + link_name='modules/bind9/dlz_bind9_10.so', + realname='dlz_bind9_10.so', + install_path='${MODULESDIR}/bind9', + deps='samba-hostconfig samdb-common gensec popt dnsserver_common', + enabled=bld.AD_DC_BUILD_IS_ENABLED()) + bld.SAMBA_LIBRARY('dlz_bind9_for_torture', source='dlz_bind9.c', cflags='-DBIND_VERSION_9_8', diff --git a/source4/setup/named.conf.dlz b/source4/setup/named.conf.dlz index 97814f3..bf47076 100644 --- a/source4/setup/named.conf.dlz +++ b/source4/setup/named.conf.dlz @@ -15,5 +15,8 @@ dlz "AD DNS Zone" { # For BIND 9.9.x # database "dlopen ${MODULESDIR}/bind9/dlz_bind9_9.so"; + + # For BIND 9.10.x + # database "dlopen ${MODULESDIR}/bind9/dlz_bind9_10.so"; }; -- 1.9.3 From 6be7a2afe26f6b0cf281735f6bb30eea3c3e11bf Mon Sep 17 00:00:00 2001 From: Amitay Isaacs Date: Mon, 3 Nov 2014 11:57:50 +1100 Subject: [PATCH 5/5] s4-dns: dlz-bind: Add trailing '.' to all fqdn strings BIND 9.10.x is strict when sending records via putrr and putnamedrr. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10620 Thanks to Guenter Kukkukk for identifying the problem and resolution. Signed-off-by: Amitay Isaacs Reviewed-by: Guenter Kukkukk Autobuild-User(master): Amitay Isaacs Autobuild-Date(master): Fri Nov 21 06:14:55 CET 2014 on sn-devel-104 (cherry picked from commit b7f6b09a13daaa702aef5a0ab9f458521e4902b1) --- source4/dns_server/dlz_bind9.c | 55 +++++++++++++++++++++++++++++++++-------- source4/torture/dns/dlz_bind9.c | 24 ++++++++++-------- 2 files changed, 59 insertions(+), 20 deletions(-) diff --git a/source4/dns_server/dlz_bind9.c b/source4/dns_server/dlz_bind9.c index 62e6f37..604d4b9 100644 --- a/source4/dns_server/dlz_bind9.c +++ b/source4/dns_server/dlz_bind9.c @@ -103,6 +103,27 @@ static void b9_add_helper(struct dlz_bind9_data *state, const char *helper_name, } /* + * Add a trailing '.' if it's missing + */ +static const char *b9_format_fqdn(TALLOC_CTX *mem_ctx, const char *str) +{ + size_t len; + const char *tmp; + + if (str == NULL || str[0] == '\0') { + return str; + } + + len = strlen(str); + if (str[len-1] != '.') { + tmp = talloc_asprintf(mem_ctx, "%s.", str); + } else { + tmp = str; + } + return tmp; +} + +/* format a record for bind9 */ static bool b9_format(struct dlz_bind9_data *state, @@ -112,6 +133,7 @@ static bool b9_format(struct dlz_bind9_data *state, { uint32_t i; char *tmp; + const char *fqdn; switch (rec->wType) { case DNS_TYPE_A: @@ -126,7 +148,7 @@ static bool b9_format(struct dlz_bind9_data *state, case DNS_TYPE_CNAME: *type = "cname"; - *data = rec->data.cname; + *data = b9_format_fqdn(mem_ctx, rec->data.cname); break; case DNS_TYPE_TXT: @@ -140,23 +162,30 @@ static bool b9_format(struct dlz_bind9_data *state, case DNS_TYPE_PTR: *type = "ptr"; - *data = rec->data.ptr; + *data = b9_format_fqdn(mem_ctx, rec->data.ptr); break; case DNS_TYPE_SRV: *type = "srv"; + fqdn = b9_format_fqdn(mem_ctx, rec->data.srv.nameTarget); + if (fqdn == NULL) { + return false; + } *data = talloc_asprintf(mem_ctx, "%u %u %u %s", rec->data.srv.wPriority, rec->data.srv.wWeight, rec->data.srv.wPort, - rec->data.srv.nameTarget); + fqdn); break; case DNS_TYPE_MX: *type = "mx"; + fqdn = b9_format_fqdn(mem_ctx, rec->data.mx.nameTarget); + if (fqdn == NULL) { + return false; + } *data = talloc_asprintf(mem_ctx, "%u %s", - rec->data.mx.wPriority, - rec->data.mx.nameTarget); + rec->data.mx.wPriority, fqdn); break; case DNS_TYPE_HINFO: @@ -168,7 +197,7 @@ static bool b9_format(struct dlz_bind9_data *state, case DNS_TYPE_NS: *type = "ns"; - *data = rec->data.ns; + *data = b9_format_fqdn(mem_ctx, rec->data.ns); break; case DNS_TYPE_SOA: { @@ -179,8 +208,9 @@ static bool b9_format(struct dlz_bind9_data *state, * point at ourselves. This is how AD DNS servers * force clients to send updates to the right local DC */ - mname = talloc_asprintf(mem_ctx, "%s.%s", - lpcfg_netbios_name(state->lp), lpcfg_dnsdomain(state->lp)); + mname = talloc_asprintf(mem_ctx, "%s.%s.", + lpcfg_netbios_name(state->lp), + lpcfg_dnsdomain(state->lp)); if (mname == NULL) { return false; } @@ -189,11 +219,15 @@ static bool b9_format(struct dlz_bind9_data *state, return false; } + fqdn = b9_format_fqdn(mem_ctx, rec->data.soa.rname); + if (fqdn == NULL) { + return false; + } + state->soa_serial = rec->data.soa.serial; *data = talloc_asprintf(mem_ctx, "%s %s %u %u %u %u %u", - mname, - rec->data.soa.rname, + mname, fqdn, rec->data.soa.serial, rec->data.soa.refresh, rec->data.soa.retry, @@ -950,6 +984,7 @@ _PUBLIC_ isc_result_t dlz_allnodes(const char *zone, void *dbdata, } else { name = talloc_asprintf(el_ctx, "%s.%s", rdn, zone); } + name = b9_format_fqdn(el_ctx, name); if (name == NULL) { talloc_free(tmp_ctx); return ISC_R_NOMEMORY; diff --git a/source4/torture/dns/dlz_bind9.c b/source4/torture/dns/dlz_bind9.c index fa6967d..1b4bca4 100644 --- a/source4/torture/dns/dlz_bind9.c +++ b/source4/torture/dns/dlz_bind9.c @@ -353,7 +353,7 @@ static bool test_dlz_bind9_lookup(struct torture_context *tctx) expected1->records[0].type = "soa"; expected1->records[0].ttl = 3600; expected1->records[0].data = talloc_asprintf(expected1->records, - "%s.%s hostmaster.%s 1 900 600 86400 3600", + "%s.%s. hostmaster.%s. 1 900 600 86400 3600", torture_setting_string(tctx, "host", NULL), lpcfg_dnsdomain(tctx->lp_ctx), lpcfg_dnsdomain(tctx->lp_ctx)); @@ -362,7 +362,7 @@ static bool test_dlz_bind9_lookup(struct torture_context *tctx) expected1->records[1].name = expected1->query_name; expected1->records[1].type = "ns"; expected1->records[1].ttl = 900; - expected1->records[1].data = talloc_asprintf(expected1->records, "%s.%s", + expected1->records[1].data = talloc_asprintf(expected1->records, "%s.%s.", torture_setting_string(tctx, "host", NULL), lpcfg_dnsdomain(tctx->lp_ctx)); torture_assert(tctx, expected1->records[1].data != NULL, "talloc failed"); @@ -471,40 +471,44 @@ static bool test_dlz_bind9_zonedump(struct torture_context *tctx) expected1->num_records); torture_assert(tctx, expected1->records != NULL, "talloc failed"); - expected1->records[0].name = lpcfg_dnsdomain(tctx->lp_ctx); + expected1->records[0].name = talloc_asprintf(expected1->records, + "%s.", lpcfg_dnsdomain(tctx->lp_ctx)); expected1->records[0].type = "soa"; expected1->records[0].ttl = 3600; expected1->records[0].data = talloc_asprintf(expected1->records, - "%s.%s hostmaster.%s 1 900 600 86400 3600", + "%s.%s. hostmaster.%s. 1 900 600 86400 3600", torture_setting_string(tctx, "host", NULL), lpcfg_dnsdomain(tctx->lp_ctx), lpcfg_dnsdomain(tctx->lp_ctx)); torture_assert(tctx, expected1->records[0].data != NULL, "talloc failed"); - expected1->records[1].name = lpcfg_dnsdomain(tctx->lp_ctx); + expected1->records[1].name = talloc_asprintf(expected1->records, + "%s.", lpcfg_dnsdomain(tctx->lp_ctx)); expected1->records[1].type = "ns"; expected1->records[1].ttl = 900; - expected1->records[1].data = talloc_asprintf(expected1->records, "%s.%s", + expected1->records[1].data = talloc_asprintf(expected1->records, "%s.%s.", torture_setting_string(tctx, "host", NULL), lpcfg_dnsdomain(tctx->lp_ctx)); torture_assert(tctx, expected1->records[1].data != NULL, "talloc failed"); - expected1->records[2].name = lpcfg_dnsdomain(tctx->lp_ctx); + expected1->records[2].name = talloc_asprintf(expected1->records, + "%s.", lpcfg_dnsdomain(tctx->lp_ctx)); expected1->records[2].type = "aaaa"; expected1->records[2].ttl = 900; - expected1->records[3].name = lpcfg_dnsdomain(tctx->lp_ctx); + expected1->records[3].name = talloc_asprintf(expected1->records, + "%s.", lpcfg_dnsdomain(tctx->lp_ctx)); expected1->records[3].type = "a"; expected1->records[3].ttl = 900; - expected1->records[4].name = talloc_asprintf(expected1->records, "%s.%s", + expected1->records[4].name = talloc_asprintf(expected1->records, "%s.%s.", torture_setting_string(tctx, "host", NULL), lpcfg_dnsdomain(tctx->lp_ctx)); torture_assert(tctx, expected1->records[4].name != NULL, "unknown host"); expected1->records[4].type = "aaaa"; expected1->records[4].ttl = 900; - expected1->records[5].name = talloc_asprintf(expected1->records, "%s.%s", + expected1->records[5].name = talloc_asprintf(expected1->records, "%s.%s.", torture_setting_string(tctx, "host", NULL), lpcfg_dnsdomain(tctx->lp_ctx)); torture_assert(tctx, expected1->records[5].name != NULL, "unknown host"); -- 1.9.3