From 15b79e92594ed8daecf0599e4a47cdb4fb5a25b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Tue, 7 Oct 2025 16:21:19 +0200 Subject: [PATCH] Support also setting limits from named-checkconf -z Consider configurable limits when setting limits from configuration file. This avoid reporting issues when enabled by default check of configuration is run on reload or restart of named. Resolves: RHEL-61936 --- bind-9.11-d-max-records-checkconf.patch | 61 +++++++++++++++++++++++++ bind.spec | 3 ++ 2 files changed, 64 insertions(+) create mode 100644 bind-9.11-d-max-records-checkconf.patch diff --git a/bind-9.11-d-max-records-checkconf.patch b/bind-9.11-d-max-records-checkconf.patch new file mode 100644 index 0000000..2e46765 --- /dev/null +++ b/bind-9.11-d-max-records-checkconf.patch @@ -0,0 +1,61 @@ +From 83f283c3aeae99570c9e4c20f10e92ba565fc4be Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= +Date: Tue, 7 Oct 2025 16:18:03 +0200 +Subject: [PATCH] Implement settings limits also in named-checkconf + +Read and parse max-records-per-type and max-types-per-name options in +case -z parameter is passed. +--- + bin/check/named-checkconf.c | 27 +++++++++++++++++++++++++-- + 1 file changed, 25 insertions(+), 2 deletions(-) + +diff --git a/bin/check/named-checkconf.c b/bin/check/named-checkconf.c +index e5afd52..42ef76c 100644 +--- a/bin/check/named-checkconf.c ++++ b/bin/check/named-checkconf.c +@@ -415,6 +415,24 @@ configure_zone(const char *vclass, const char *view, + return (result); + } + ++/* Red Hat 9.11 specific extension. */ ++static void ++configure_maxrecords(const cfg_obj_t *voptions) ++{ ++ cfg_obj_t *obj; ++ isc_result_t result; ++ ++ obj = NULL; ++ result = cfg_map_get(voptions, "max-records-per-type", &obj); ++ if (result == ISC_R_SUCCESS) ++ dns_db_setmaxrrperset(cfg_obj_asuint32(obj)); ++ ++ obj = NULL; ++ result = cfg_map_get(voptions, "max-types-per-name", &obj); ++ if (result == ISC_R_SUCCESS) ++ dns_db_setmaxtypepername(cfg_obj_asuint32(obj)); ++} ++ + /*% configure a view */ + static isc_result_t + configure_view(const char *vclass, const char *view, const cfg_obj_t *config, +@@ -431,10 +449,15 @@ configure_view(const char *vclass, const char *view, const cfg_obj_t *config, + voptions = cfg_tuple_get(vconfig, "options"); + + zonelist = NULL; +- if (voptions != NULL) ++ if (voptions != NULL) { + (void)cfg_map_get(voptions, "zone", &zonelist); +- else ++ configure_maxrecords(voptions); ++ } else { + (void)cfg_map_get(config, "zone", &zonelist); ++ tresult = cfg_map_get(config, "options", &voptions); ++ if (tresult == ISC_R_SUCCESS) ++ configure_maxrecords(voptions); ++ } + + for (element = cfg_list_first(zonelist); + element != NULL; +-- +2.51.0 + diff --git a/bind.spec b/bind.spec index 0227960..88a2ccd 100644 --- a/bind.spec +++ b/bind.spec @@ -203,6 +203,7 @@ Patch210: bind-9.18-CVE-2024-11187.patch # RH downstream, adds limits configurable from file Patch211: bind-9.11-d-max-records-per-type.patch Patch212: bind-9.11-d-max-types-per-name.patch +Patch213: bind-9.11-d-max-records-checkconf.patch # SDB patches Patch11: bind-9.3.2b2-sdbsrc.patch @@ -630,6 +631,7 @@ are used for building ISC DHCP. %patch -P 210 -p1 -b .CVE-2024-11187 %patch -P 211 -p1 -b .records-per-type %patch -P 212 -p1 -b .types-per-name +%patch -P 213 -p1 -b .records-checkconf mkdir lib/dns/tests/testdata/dstrandom cp -a %{SOURCE50} lib/dns/tests/testdata/dstrandom/random.data @@ -1685,6 +1687,7 @@ rm -rf ${RPM_BUILD_ROOT} * Thu Jul 10 2025 Petr Menšík - 32:9.11.36-16.5 - Add support for max-records-per-type and max-types-per-name options (RHEL-61936) +- Support reading of new options also in named-checkconf -z, v2 * Thu Feb 06 2025 Petr Menšík - 32:9.11.36-16.4 - Change patches applying to use -P parameter