Index: head/dns/bind911/files/extrapatch-bind-min-override-ttl =================================================================== --- head/dns/bind911/files/extrapatch-bind-min-override-ttl (revision 523624) +++ head/dns/bind911/files/extrapatch-bind-min-override-ttl (revision 523625) @@ -1,73 +1,76 @@ +- Add the min-cache-ttl config knob. +- Add the override-cache-ttl config knob. + --- bin/named/config.c.orig 2019-12-12 05:17:55 UTC +++ bin/named/config.c @@ -182,6 +182,8 @@ options {\n\ " max-acache-size 16M;\n\ max-cache-size 90%;\n\ max-cache-ttl 604800; /* 1 week */\n\ + min-cache-ttl 0; /* no minimal, zero is allowed */\n\ + override-cache-ttl 0; /* do not override */\n\ max-clients-per-query 100;\n\ max-ncache-ttl 10800; /* 3 hours */\n\ max-recursion-depth 7;\n\ --- bin/named/server.c.orig 2019-12-12 05:17:55 UTC +++ bin/named/server.c @@ -3720,6 +3720,16 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewl } obj = NULL; + result = ns_config_get(maps, "override-cache-ttl", &obj); + INSIST(result == ISC_R_SUCCESS); + view->overridecachettl = cfg_obj_asuint32(obj); + + obj = NULL; + result = ns_config_get(maps, "min-cache-ttl", &obj); + INSIST(result == ISC_R_SUCCESS); + view->mincachettl = cfg_obj_asuint32(obj); + + obj = NULL; result = ns_config_get(maps, "max-cache-ttl", &obj); INSIST(result == ISC_R_SUCCESS); view->maxcachettl = cfg_obj_asuint32(obj); --- lib/dns/include/dns/view.h.orig 2019-12-12 05:17:55 UTC +++ lib/dns/include/dns/view.h @@ -152,6 +152,8 @@ struct dns_view { bool requestnsid; bool sendcookie; dns_ttl_t maxcachettl; + dns_ttl_t mincachettl; + dns_ttl_t overridecachettl; dns_ttl_t maxncachettl; uint32_t nta_lifetime; uint32_t nta_recheck; --- lib/dns/resolver.c.orig 2019-12-12 05:17:55 UTC +++ lib/dns/resolver.c @@ -5529,6 +5529,18 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adb } /* + * Enforce the configure cache TTL override. + */ + if (res->view->overridecachettl) + rdataset->ttl = res->view->overridecachettl; + + /* + * Enforce the configure minimum cache TTL. + */ + if (rdataset->ttl < res->view->mincachettl) + rdataset->ttl = res->view->mincachettl; + + /* * Enforce the configure maximum cache TTL. */ if (rdataset->ttl > res->view->maxcachettl) { --- lib/isccfg/namedconf.c.orig 2019-12-12 05:17:55 UTC +++ lib/isccfg/namedconf.c @@ -1773,6 +1773,8 @@ view_clauses[] = { #endif { "max-acache-size", &cfg_type_sizenodefault, 0 }, { "max-cache-size", &cfg_type_sizeorpercent, 0 }, + { "override-cache-ttl", &cfg_type_uint32, 0 }, + { "min-cache-ttl", &cfg_type_uint32, 0 }, { "max-cache-ttl", &cfg_type_uint32, 0 }, { "max-clients-per-query", &cfg_type_uint32, 0 }, { "max-ncache-ttl", &cfg_type_uint32, 0 }, Index: head/dns/bind911/files/patch-bin_tests_system_dlzexternal_Makefile.in =================================================================== --- head/dns/bind911/files/patch-bin_tests_system_dlzexternal_Makefile.in (revision 523624) +++ head/dns/bind911/files/patch-bin_tests_system_dlzexternal_Makefile.in (revision 523625) @@ -1,11 +1,13 @@ +BIND9 seems to be abusing LDFLAGS here, and it breaks our linker. + --- bin/tests/system/dlzexternal/Makefile.in.orig 2018-06-10 06:06:33 UTC +++ bin/tests/system/dlzexternal/Makefile.in @@ -34,7 +34,7 @@ OBJS = @BIND9_MAKE_RULES@ CFLAGS = @CFLAGS@ @SO_CFLAGS@ -SO_LDFLAGS = @LDFLAGS@ @SO_LDFLAGS@ +SO_LDFLAGS = @SO_LDFLAGS@ driver.@SO@: ${SO_OBJS} ${LIBTOOL_MODE_LINK} @SO_LD@ ${SO_LDFLAGS} -o $@ driver.@O@ Index: head/dns/bind911/files/patch-configure =================================================================== --- head/dns/bind911/files/patch-configure (revision 523624) +++ head/dns/bind911/files/patch-configure (revision 523625) @@ -1,90 +1,94 @@ +- Axe the kerberos/gssapi discovery code to make sure it uses the correct + libraries. +- Cleanup the BDB discovery code to find more recent versions. + --- configure.orig 2019-12-12 05:17:55 UTC +++ configure @@ -15646,27 +15646,9 @@ done # problems start to show up. saved_libs="$LIBS" for TRY_LIBS in \ - "-lgssapi_krb5" \ - "-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err" \ - "-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lresolv" \ - "-lgssapi" \ - "-lgssapi -lkrb5 -ldes -lcrypt -lasn1 -lroken -lcom_err" \ - "-lgssapi -lkrb5 -lcrypto -lcrypt -lasn1 -lroken -lcom_err" \ - "-lgssapi -lkrb5 -lgssapi_krb5 -lcrypto -lcrypt -lasn1 -lroken -lcom_err" \ - "-lgssapi -lkrb5 -lhx509 -lcrypto -lcrypt -lasn1 -lroken -lcom_err" \ - "-lgss -lkrb5" + "$($KRB5CONFIG gssapi --libs)"; \ do - # Note that this does not include $saved_libs, because - # on FreeBSD machines this configure script has added - # -L/usr/local/lib to LIBS, which can make the - # -lgssapi_krb5 test succeed with shared libraries even - # when you are trying to build with KTH in /usr/lib. - if test "/usr" = "$use_gssapi" - then - LIBS="$TRY_LIBS" - else - LIBS="-L$use_gssapi/lib $TRY_LIBS" - fi + LIBS="$TRY_LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5 $as_echo_n "checking linking as $TRY_LIBS... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -15709,47 +15691,7 @@ $as_echo "no" >&6; } ;; no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;; esac - # - # XXXDCL Major kludge. Tries to cope with KTH in /usr/lib - # but MIT in /usr/local/lib and trying to build with KTH. - # /usr/local/lib can end up earlier on the link lines. - # Like most kludges, this one is not only inelegant it - # is also likely to be the wrong thing to do at least as - # many times as it is the right thing. Something better - # needs to be done. - # - if test "/usr" = "$use_gssapi" -a \ - -f /usr/local/lib/libkrb5.a; then - FIX_KTH_VS_MIT=yes - fi - - case "$FIX_KTH_VS_MIT" in - yes) - case "$enable_static_linking" in - yes) gssapi_lib_suffix=".a" ;; - *) gssapi_lib_suffix=".so" ;; - esac - - for lib in $LIBS; do - case $lib in - -L*) - ;; - -l*) - new_lib=`echo $lib | - sed -e s%^-l%$use_gssapi/lib/lib% \ - -e s%$%$gssapi_lib_suffix%` - NEW_LIBS="$NEW_LIBS $new_lib" - ;; - *) - as_fn_error $? "KTH vs MIT Kerberos confusion!" "$LINENO" 5 - ;; - esac - done - LIBS="$NEW_LIBS" - ;; - esac - - DST_GSSAPI_INC="-I$use_gssapi/include" + DST_GSSAPI_INC="$($KRB5CONFIG gssapi --cflags)" DNS_GSSAPI_LIBS="$LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5 @@ -24683,7 +24625,7 @@ $as_echo "" >&6; } # Check other locations for includes. # Order is important (sigh). - bdb_incdirs="/db53 /db51 /db48 /db47 /db46 /db45 /db44 /db43 /db42 /db41 /db4 /db" + bdb_incdirs="/db6 /db5 /db48" # include a blank element first for d in "" $bdb_incdirs do Index: head/dns/bind914/files/extrapatch-bind-min-override-ttl =================================================================== --- head/dns/bind914/files/extrapatch-bind-min-override-ttl (revision 523624) +++ head/dns/bind914/files/extrapatch-bind-min-override-ttl (revision 523625) @@ -1,59 +1,61 @@ +- Add the override-cache-ttl config knob. + --- bin/named/config.c.orig 2019-12-12 06:12:17 UTC +++ bin/named/config.c @@ -181,6 +181,7 @@ options {\n\ notify-source *;\n\ notify-source-v6 *;\n\ nsec3-test-zone no;\n\ + override-cache-ttl 0; /* do not override */\n\ provide-ixfr true;\n\ qname-minimization relaxed;\n\ query-source address *;\n\ --- bin/named/server.c.orig 2019-12-12 06:12:17 UTC +++ bin/named/server.c @@ -4244,6 +4244,11 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewl } obj = NULL; + result = named_config_get(maps, "override-cache-ttl", &obj); + INSIST(result == ISC_R_SUCCESS); + view->overridecachettl = cfg_obj_asuint32(obj); + + obj = NULL; result = named_config_get(maps, "max-cache-ttl", &obj); INSIST(result == ISC_R_SUCCESS); view->maxcachettl = cfg_obj_asuint32(obj); --- lib/dns/include/dns/view.h.orig 2019-12-12 06:12:17 UTC +++ lib/dns/include/dns/view.h @@ -153,6 +153,7 @@ struct dns_view { bool requestnsid; bool sendcookie; dns_ttl_t maxcachettl; + dns_ttl_t overridecachettl; dns_ttl_t maxncachettl; dns_ttl_t mincachettl; dns_ttl_t minncachettl; --- lib/dns/resolver.c.orig 2019-12-12 06:12:17 UTC +++ lib/dns/resolver.c @@ -6101,6 +6101,12 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adb } /* + * Enforce the configure cache TTL override. + */ + if (res->view->overridecachettl) + rdataset->ttl = res->view->overridecachettl; + + /* * Enforce the configure maximum cache TTL. */ if (rdataset->ttl > res->view->maxcachettl) { --- lib/isccfg/namedconf.c.orig 2019-12-12 06:12:17 UTC +++ lib/isccfg/namedconf.c @@ -1901,6 +1901,7 @@ view_clauses[] = { #endif { "max-acache-size", &cfg_type_sizenodefault, CFG_CLAUSEFLAG_OBSOLETE }, { "max-cache-size", &cfg_type_sizeorpercent, 0 }, + { "override-cache-ttl", &cfg_type_ttlval, 0 }, { "max-cache-ttl", &cfg_type_ttlval, 0 }, { "max-clients-per-query", &cfg_type_uint32, 0 }, { "max-ncache-ttl", &cfg_type_ttlval, 0 }, Index: head/dns/bind914/files/patch-bin_tests_system_dlzexternal_Makefile.in =================================================================== --- head/dns/bind914/files/patch-bin_tests_system_dlzexternal_Makefile.in (revision 523624) +++ head/dns/bind914/files/patch-bin_tests_system_dlzexternal_Makefile.in (revision 523625) @@ -1,11 +1,13 @@ +BIND9 seems to be abusing LDFLAGS here, and it breaks our linker. + --- bin/tests/system/dlzexternal/Makefile.in.orig 2018-02-26 06:30:28 UTC +++ bin/tests/system/dlzexternal/Makefile.in @@ -34,7 +34,7 @@ OBJS = @BIND9_MAKE_RULES@ CFLAGS = @CFLAGS@ @SO_CFLAGS@ -SO_LDFLAGS = @LDFLAGS@ @SO_LDFLAGS@ +SO_LDFLAGS = @SO_LDFLAGS@ driver.@SO@: ${SO_OBJS} ${LIBTOOL_MODE_LINK} @SO_LD@ ${SO_LDFLAGS} -o $@ driver.@O@ Index: head/dns/bind914/files/patch-configure =================================================================== --- head/dns/bind914/files/patch-configure (revision 523624) +++ head/dns/bind914/files/patch-configure (revision 523625) @@ -1,90 +1,94 @@ +- Axe the kerberos/gssapi discovery code to make sure it uses the correct + libraries. +- Cleanup the BDB discovery code to find more recent versions. + --- configure.orig 2019-12-12 06:12:17 UTC +++ configure @@ -16854,27 +16854,9 @@ done # problems start to show up. saved_libs="$LIBS" for TRY_LIBS in \ - "-lgssapi_krb5" \ - "-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err" \ - "-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lresolv" \ - "-lgssapi" \ - "-lgssapi -lkrb5 -ldes -lcrypt -lasn1 -lroken -lcom_err" \ - "-lgssapi -lkrb5 -lcrypt -lasn1 -lroken -lcom_err" \ - "-lgssapi -lkrb5 -lgssapi_krb5 -lcrypt -lasn1 -lroken -lcom_err" \ - "-lgssapi -lkrb5 -lhx509 -lcrypt -lasn1 -lroken -lcom_err" \ - "-lgss -lkrb5" + "$($KRB5CONFIG gssapi --libs)"; \ do - # Note that this does not include $saved_libs, because - # on FreeBSD machines this configure script has added - # -L/usr/local/lib to LIBS, which can make the - # -lgssapi_krb5 test succeed with shared libraries even - # when you are trying to build with KTH in /usr/lib. - if test "/usr" = "$use_gssapi" - then - LIBS="$TRY_LIBS $ISC_OPENSSL_LIBS" - else - LIBS="-L$use_gssapi/lib $TRY_LIBS $ISC_OPENSSL_LIBS" - fi + LIBS="$TRY_LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5 $as_echo_n "checking linking as $TRY_LIBS... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -16917,47 +16899,7 @@ $as_echo "no" >&6; } ;; no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;; esac - # - # XXXDCL Major kludge. Tries to cope with KTH in /usr/lib - # but MIT in /usr/local/lib and trying to build with KTH. - # /usr/local/lib can end up earlier on the link lines. - # Like most kludges, this one is not only inelegant it - # is also likely to be the wrong thing to do at least as - # many times as it is the right thing. Something better - # needs to be done. - # - if test "/usr" = "$use_gssapi" -a \ - -f /usr/local/lib/libkrb5.a; then - FIX_KTH_VS_MIT=yes - fi - - case "$FIX_KTH_VS_MIT" in - yes) - case "$enable_static_linking" in - yes) gssapi_lib_suffix=".a" ;; - *) gssapi_lib_suffix=".so" ;; - esac - - for lib in $LIBS; do - case $lib in - -L*) - ;; - -l*) - new_lib=`echo $lib | - sed -e s%^-l%$use_gssapi/lib/lib% \ - -e s%$%$gssapi_lib_suffix%` - NEW_LIBS="$NEW_LIBS $new_lib" - ;; - *) - as_fn_error $? "KTH vs MIT Kerberos confusion!" "$LINENO" 5 - ;; - esac - done - LIBS="$NEW_LIBS" - ;; - esac - - DST_GSSAPI_INC="-I$use_gssapi/include" + DST_GSSAPI_INC="$($KRB5CONFIG gssapi --cflags)" DNS_GSSAPI_LIBS="$LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5 @@ -21375,7 +21317,7 @@ $as_echo "" >&6; } # Check other locations for includes. # Order is important (sigh). - bdb_incdirs="/db53 /db51 /db48 /db47 /db46 /db45 /db44 /db43 /db42 /db41 /db4 /db" + bdb_incdirs="/db6 /db5 /db48" # include a blank element first for d in "" $bdb_incdirs do