Remove limit in prefix length in --auth-zone.

baa80ae5 · Simon Kelley · 3e8ed78b · baa80ae5 · baa80ae5 · baa80ae5
Commit baa80ae5 authored May 29, 2013 by Simon Kelley
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 8 deletions

CHANGELOG CHANGELOG +4 -1

man/dnsmasq.8 man/dnsmasq.8 +6 -3

src/auth.c src/auth.c +2 -2

src/option.c src/option.c +0 -2

No files found.
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -43,7 +43,10 @@ version 2.67
 	    Fix option parsing for --dhcp-host, which was generating a
 	    spurious error when all seven possible items were
 	    included. Thanks to Zhiqiang Wang for the bug report.
- 
+
+	    Remove restriction on prefix-length in --auth-zone. Thanks
+	    to Toke Hoiland-Jorgensen for suggesting this.
+
 		
 version 2.66
            Add the ability to act as an authoritative DNS

--- a/man/dnsmasq.8
+++ b/man/dnsmasq.8
@@ -572,13 +572,16 @@ If you use the first DNSSEC mode, validating resolvers in clients,
 this option is not required. Dnsmasq always returns all the data
 needed for a client to do validation itself. 
 .TP
-.B --auth-zone=<domain>[,<subnet>[,<subnet>.....]]
+.B --auth-zone=<domain>[,<subnet>[/<prefix length>][,<subnet>[/<prefix length>].....]]
 Define a DNS zone for which dnsmasq acts as authoritative server. Locally defined DNS records which are in the domain
 will be served, except that A and AAAA records must be in one of the
 specified subnets, or in a subnet corresponding to a constructed DHCP
 range. The subnet(s) are also used to define in-addr.arpa and
-ipv6.arpa domains which are served for reverse-DNS queries. For IPv4
-subnets, the prefix length is limited to the values 8, 16 or 24.
+ipv6.arpa domains which are served for reverse-DNS queries. If not
+specified, the prefix length defaults to 24 for IPv4 and 64 for IPv6.
+For IPv4 subnets, the prefix length should be have the value 8, 16 or 24
+unless you are familiar with RFC 2317 and have arranged the
+in-addr.arpa delegation accordingly. 
 .TP
 .B --auth-soa=<serial>[,<hostmaster>[,<refresh>[,<retry>[,<expiry>]]]]
 Specify fields in the SOA record associated with authoritative

--- a/src/auth.c
+++ b/src/auth.c
@@ -520,10 +520,10 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
 	      in_addr_t a = ntohl(subnet->addr4.s_addr) >> 8;
 	      char *p = name;
 	      
-	      if (subnet->prefixlen == 24)
+	      if (subnet->prefixlen >= 24)
 		p += sprintf(p, "%d.", a & 0xff);
 	      a = a >> 8;
-	      if (subnet->prefixlen != 8)
+	      if (subnet->prefixlen >= 16 )
 		p += sprintf(p, "%d.", a & 0xff);
 	      a = a >> 8;
 	      p += sprintf(p, "%d.in-addr.arpa", a & 0xff);

--- a/src/option.c
+++ b/src/option.c
@@ -1637,8 +1637,6 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 	    
 	    if (inet_pton(AF_INET, arg, &subnet->addr4))
 	      {
-		if ((prefixlen & 0x07) != 0 || prefixlen > 24)
-		  ret_err(_("bad prefix"));
 		subnet->prefixlen = (prefixlen == 0) ? 24 : prefixlen;
 		subnet->is6 = 0;
 	      }