9.7.0a2 - deny-answer-addresses

JINMEI Tatuya / 神明達哉 jinmei at isc.org
Mon Aug 24 23:49:02 UTC 2009


At Fri, 21 Aug 2009 10:42:31 -0500 (CDT),
"Jeremy C. Reed" <jreed at isc.org> wrote:

> >   deny-answer-addresses {
> >       127/8; 192.168/16; 10/8; 172.16/12;
> >   } except-from {
> >       "zen.spamhaus.org";
> >       "dnsbl-1.uceprotect.net";
> >       "dnsbl-1.uceprotect.net";
> 
> This is repeated, resulting in "already exists" (via the RBT code).
> 
> Maybe we can improve the configuration failure logging for this.

How about the patch copied below?  With this it would fail like this:

24-Aug-2009 16:46:41.334 /Users/jinmei/src/isc/bind9-current/bin/named/named.conf:22: failed to add dnsbl-1.uceprotect.net for deny-answer-addresses: already exists
24-Aug-2009 16:46:41.334 loading configuration: already exists
24-Aug-2009 16:46:41.334 exiting (due to fatal error)
[1]    6321 exit 1     ./named -c named.conf -g

---
JINMEI, Tatuya

Index: server.c
===================================================================
RCS file: /proj/cvs/prod/bind9/bin/named/server.c,v
retrieving revision 1.540
diff -u -r1.540 server.c
--- server.c	5 Aug 2009 17:35:33 -0000	1.540
+++ server.c	24 Aug 2009 23:47:35 -0000
@@ -431,7 +431,14 @@
 		 * for baz.example.com, which is not the expected result.
 		 * We simply use (void *)1 as the dummy data.
 		 */
-		CHECK(dns_rbt_addname(*rbtp, name, (void *)1));
+		result = dns_rbt_addname(*rbtp, name, (void *)1);
+		if (result != ISC_R_SUCCESS) {
+			cfg_obj_log(nameobj, ns_g_lctx, ISC_LOG_ERROR,
+				    "failed to add %s for %s: %s",
+				    str, confname, isc_result_totext(result));
+			goto cleanup;
+		}
+		
 	}
 
 	return (result);



More information about the bind-users mailing list