why the new complaints about inherited owner?

Mark Andrews marka at isc.org
Wed Nov 26 01:59:53 UTC 2014


In message <156EB0AC-6774-4B0E-AACE-1CB4BAAB90D1 at netconsonance.com>, Jo Rhett writes:
> On Nov 25, 2014, at 3:51 AM, Mark Andrews <marka at isc.org> wrote:
> > In message <1DAC056D-B368-48D0-BC6A-4349AD86FB64 at netconsonance.com>, Jo Rhett writes:
> >> Googling for information on this log message I can find only the
> >> source code changes. Why exactly is this bad?
> >>
> >> ov 25 03:07:15 geode named[4173]: domain.include:2: record with
> >> inherited owner (netconsonance.com) immediately after $ORIGIN (netconsonance.com)
> >>
> >> Zone file has the totally bog-standard SOA followed by NS records.
> >> Like every record in which multiple RRs are done for the same name, the NS
> >> entries are inherited. This is not only bog-standard, but it=92s still shown
> >> in the latest BIND book from O=92Reilly.  So if this is now Bad(tm) can we
> >> post something about why it is bad, and what the recommended practice is?
> >
> > Because usually it is a error.  $ORIGIN sets "@" not the current owner
> > name.
> >
> > $ORIGIN netconsonance.com
> > 	SOA ...
> > 	NS ...
> >
> > $ORIGIN netconsonance.com
> > @	SOA ...
> > @	NS ...
>
>
> There's actually no $ORIGIN statement in these zone files. It's sending
> this error in response to
>
> @ IN SOA ...
>
>     IN NS ...
>
>     IN NS ...
>
>     IN MX ...

ictx->origin_changed wasn't being properly set on include push.
All "$INCLUDE file origin" wasn't properly handled.

diff --git a/lib/dns/master.c b/lib/dns/master.c
index 3f46c8b..da79c90 100644
--- a/lib/dns/master.c
+++ b/lib/dns/master.c
@@ -526,6 +526,7 @@ incctx_create(isc_mem_t *mctx, dns_name_t *origin, dns_incctx_t **ictxp) {
        ictx->drop = ISC_FALSE;
        ictx->glue_line = 0;
        ictx->current_line = 0;
+       ictx->origin_changed = ISC_TRUE;
 
        *ictxp = ictx;
        return (ISC_R_SUCCESS);
@@ -1125,7 +1126,6 @@ load_text(dns_loadctx_t *lctx) {
                                line = isc_lex_getsourceline(lctx->lex);
                                source = isc_lex_getsourcename(lctx->lex);
                                ictx = lctx->inc;
-                               EXPECTEOL;
                                continue;
                        }
                        done = ISC_TRUE;
@@ -1215,7 +1215,6 @@ load_text(dns_loadctx_t *lctx) {
                                    token.type == isc_tokentype_eof) {
                                        if (token.type == isc_tokentype_eof)
                                                WARNUNEXPECTEDEOF(lctx->lex);
-                                       isc_lex_ungettoken(lctx->lex, &token);
                                        /*
                                         * No origin field.
                                         */
@@ -1434,6 +1433,7 @@ load_text(dns_loadctx_t *lctx) {
                        }
                        if (finish_include) {
                                finish_include = ISC_FALSE;
+                               EXPECTEOL;
                                result = pushfile(include_file, new_name, lctx);
                                if (MANYERRS(lctx, result)) {
                                        SETRESULT(lctx, result);
@@ -1444,6 +1444,7 @@ load_text(dns_loadctx_t *lctx) {
                                        goto insist_and_cleanup;
                                }
                                ictx = lctx->inc;
+                               ictx->origin_changed = ISC_TRUE;
                                source = isc_lex_getsourcename(lctx->lex);
                                line = isc_lex_getsourceline(lctx->lex);
                                POST(line);
@@ -2075,6 +2076,11 @@ pushfile(const char *master_file, dns_name_t *origin, dns_loadctx_t *lctx) {
        if (result != ISC_R_SUCCESS)
                return (result);
 
+       /*
+        * Push origin_changed.
+        */
+       new->origin_changed = ictx->origin_changed;
+
        /* Set current domain. */
        if (ictx->glue != NULL || ictx->current != NULL) {
                for (new_in_use = 0; new_in_use < NBUFS; new_in_use++)


> This above is not only perfectly bog-standard, but it is shown this way
> in RFC1035 and not obsoleted yet by any succeeding standard.
> http://tools.ietf.org/html/rfc1035

There is a difference between "legal" and "safe".

"if (a = b)" is legal C but it is not safe C.

Most of the time this should have been "if (a == b)"

> --
> Jo Rhett
> +1 (415) 999-1798
> Skype: jorhett
> Net Consonance : net philanthropy to improve open source and internet
> projects.
>

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org


More information about the bind-workers mailing list