9.7.0a2 - deny-answer-addresses
JINMEI Tatuya / 神明達哉
jinmei at isc.org
Mon Aug 24 23:49:02 UTC 2009
At Fri, 21 Aug 2009 10:42:31 -0500 (CDT),
"Jeremy C. Reed" <jreed at isc.org> wrote:
> > deny-answer-addresses {
> > 127/8; 192.168/16; 10/8; 172.16/12;
> > } except-from {
> > "zen.spamhaus.org";
> > "dnsbl-1.uceprotect.net";
> > "dnsbl-1.uceprotect.net";
>
> This is repeated, resulting in "already exists" (via the RBT code).
>
> Maybe we can improve the configuration failure logging for this.
How about the patch copied below? With this it would fail like this:
24-Aug-2009 16:46:41.334 /Users/jinmei/src/isc/bind9-current/bin/named/named.conf:22: failed to add dnsbl-1.uceprotect.net for deny-answer-addresses: already exists
24-Aug-2009 16:46:41.334 loading configuration: already exists
24-Aug-2009 16:46:41.334 exiting (due to fatal error)
[1] 6321 exit 1 ./named -c named.conf -g
---
JINMEI, Tatuya
Index: server.c
===================================================================
RCS file: /proj/cvs/prod/bind9/bin/named/server.c,v
retrieving revision 1.540
diff -u -r1.540 server.c
--- server.c 5 Aug 2009 17:35:33 -0000 1.540
+++ server.c 24 Aug 2009 23:47:35 -0000
@@ -431,7 +431,14 @@
* for baz.example.com, which is not the expected result.
* We simply use (void *)1 as the dummy data.
*/
- CHECK(dns_rbt_addname(*rbtp, name, (void *)1));
+ result = dns_rbt_addname(*rbtp, name, (void *)1);
+ if (result != ISC_R_SUCCESS) {
+ cfg_obj_log(nameobj, ns_g_lctx, ISC_LOG_ERROR,
+ "failed to add %s for %s: %s",
+ str, confname, isc_result_totext(result));
+ goto cleanup;
+ }
+
}
return (result);
More information about the bind-users
mailing list