[#1912] Improved BIND parsing performance

Added ability to skip selected parts of the configuration by the BIND9 configuration parser.
isc-projects · tomaszmrugalski · Aug 25, 2025 · Sep 1, 2025 · Sep 1, 2025 · Sep 1, 2025
commit 691686b0b3a4d79e526be94525db2cd61f8f061a
diff --git a/backend/appcfg/bind9/addressmatchlist.go b/backend/appcfg/bind9/addressmatchlist.go
@@ -3,9 +3,9 @@ package bind9config
 // Checks if the address match list excludes the specified IP address.
 func (aml *AddressMatchList) ExcludesIPAddress(ipAddress string) bool {
 	for _, element := range aml.Elements {
-		if (element.IPAddress == ipAddress && element.Negation) ||
-			(element.ACLName == "none" && !element.Negation) ||
-			(element.ACLName == "any" && element.Negation) {
+		if (element.IPAddressOrACLName == ipAddress && element.Negation) ||
+			(element.IPAddressOrACLName == "none" && !element.Negation) ||
+			(element.IPAddressOrACLName == "any" && element.Negation) {
 			return true
 		}
 	}

diff --git a/backend/appcfg/bind9/addressmatchlist_test.go b/backend/appcfg/bind9/addressmatchlist_test.go
@@ -10,8 +10,8 @@ import (
 func TestAddressMatchListExcludesIPAddress(t *testing.T) {
 	aml := &AddressMatchList{
 		Elements: []*AddressMatchListElement{
-			{IPAddress: "127.0.0.1", Negation: true},
-			{IPAddress: "::1", Negation: false},
+			{IPAddressOrACLName: "127.0.0.1", Negation: true},
+			{IPAddressOrACLName: "::1", Negation: false},
 		},
 	}
 	require.True(t, aml.ExcludesIPAddress("127.0.0.1"))
@@ -24,7 +24,7 @@ func TestAddressMatchListExcludesIPAddress(t *testing.T) {
 func TestAddressMatchListExcludesIPAddressWithNone(t *testing.T) {
 	aml := &AddressMatchList{
 		Elements: []*AddressMatchListElement{
-			{ACLName: "none"},
+			{IPAddressOrACLName: "none"},
 		},
 	}
 	require.True(t, aml.ExcludesIPAddress("127.0.0.1"))
@@ -37,7 +37,7 @@ func TestAddressMatchListExcludesIPAddressWithNone(t *testing.T) {
 func TestAddressMatchListExcludesIPAddressWithAny(t *testing.T) {
 	aml := &AddressMatchList{
 		Elements: []*AddressMatchListElement{
-			{ACLName: "any"},
+			{IPAddressOrACLName: "any"},
 		},
 	}
 	require.False(t, aml.ExcludesIPAddress("127.0.0.1"))

diff --git a/backend/appcfg/bind9/allowtransfer.go b/backend/appcfg/bind9/allowtransfer.go
@@ -7,6 +7,6 @@ func (at *AllowTransfer) IsDisabled() bool {
 	// By default, the transfer is disabled. It is also disabled when it is none.
 	// If any of the elements is not none, the transfer is enabled.
 	return len(at.AddressMatchList.Elements) == 0 || !slices.ContainsFunc(at.AddressMatchList.Elements, func(ame *AddressMatchListElement) bool {
-		return ame.ACLName != "none"
+		return ame.IPAddressOrACLName != "none"
 	})
 }
diff --git a/backend/appcfg/bind9/allowtransfer_test.go b/backend/appcfg/bind9/allowtransfer_test.go
@@ -22,7 +22,7 @@ func TestAllowTransferIsDisabledNone(t *testing.T) {
 		AddressMatchList: &AddressMatchList{
 			Elements: []*AddressMatchListElement{
 				{
-					ACLName: "none",
+					IPAddressOrACLName: "none",
 				},
 			},
 		},
@@ -37,10 +37,10 @@ func TestAllowTransferIsNotDisabled(t *testing.T) {
 		AddressMatchList: &AddressMatchList{
 			Elements: []*AddressMatchListElement{
 				{
-					ACLName: "none",
+					IPAddressOrACLName: "none",
 				},
 				{
-					IPAddress: "127.0.0.1",
+					IPAddressOrACLName: "127.0.0.1",
 				},
 			},
 		},

diff --git a/backend/appcfg/bind9/config.go b/backend/appcfg/bind9/config.go
@@ -78,9 +78,9 @@ func (c *Config) getKeyFromAddressMatchList(level int, addressMatchList *Address
 		case element.ACL != nil:
 			// Recursively search for a key in the inline ACL.
 			return c.getKeyFromAddressMatchList(level+1, element.ACL.AddressMatchList)
-		case element.ACLName != "":
+		case element.IPAddressOrACLName != "":
 			// Recursively search for a key in the referenced ACL.
-			acl := c.GetACL(element.ACLName)
+			acl := c.GetACL(element.IPAddressOrACLName)
 			if acl != nil {
 				return c.getKeyFromAddressMatchList(level+1, acl.AddressMatchList)
 			}

diff --git a/backend/appcfg/bind9/listenon.go b/backend/appcfg/bind9/listenon.go
@@ -16,7 +16,7 @@ func GetDefaultListenOnClauses() *ListenOnClauses {
 			AddressMatchList: &AddressMatchList{
 				Elements: []*AddressMatchListElement{
 					{
-						IPAddress: "127.0.0.1",
+						IPAddressOrACLName: "127.0.0.1",
 					},
 				},
 			},
@@ -67,8 +67,8 @@ func (l *ListenOn) GetPreferredIPAddress(allowTransferMatchList *AddressMatchLis
 		return "::1"
 	}
 	for _, element := range l.AddressMatchList.Elements {
-		if element.IPAddress != "" && !element.Negation && !allowTransferMatchList.ExcludesIPAddress(element.IPAddress) {
-			return element.IPAddress
+		if element.IPAddressOrACLName != "" && !element.Negation && !allowTransferMatchList.ExcludesIPAddress(element.IPAddressOrACLName) {
+			return element.IPAddressOrACLName
 		}
 	}
 	return ""
@@ -86,7 +86,7 @@ func (l *ListenOn) GetPort() int64 {
 // Checks if the listen-on clause includes the specified IP address.
 func (l *ListenOn) IncludesIPAddress(ipAddress string) bool {
 	for _, element := range l.AddressMatchList.Elements {
-		if element.IPAddress == ipAddress && !element.Negation {
+		if element.IPAddressOrACLName == ipAddress && !element.Negation {
 			return true
 		}
 	}

diff --git a/backend/appcfg/bind9/listenon_test.go b/backend/appcfg/bind9/listenon_test.go
@@ -13,7 +13,7 @@ func TestGetDefaultListenOnClauses(t *testing.T) {
 	listenOnClauses := GetDefaultListenOnClauses()
 	require.Len(t, *listenOnClauses, 1)
 	require.Len(t, (*listenOnClauses)[0].AddressMatchList.Elements, 1)
-	require.Equal(t, "127.0.0.1", (*listenOnClauses)[0].AddressMatchList.Elements[0].IPAddress)
+	require.Equal(t, "127.0.0.1", (*listenOnClauses)[0].AddressMatchList.Elements[0].IPAddressOrACLName)
 	require.Equal(t, int64(53), (*listenOnClauses)[0].GetPort())
 	require.True(t, (*listenOnClauses)[0].IncludesIPAddress("127.0.0.1"))
 	require.False(t, (*listenOnClauses)[0].IncludesIPAddress("0.0.0.0"))
@@ -28,7 +28,7 @@ func TestGetMatchingListenOnDefault(t *testing.T) {
 	require.NotNil(t, listenOn)
 	require.Len(t, *listenOnClauses, 1)
 	require.Len(t, (*listenOnClauses)[0].AddressMatchList.Elements, 1)
-	require.Equal(t, "127.0.0.1", (*listenOnClauses)[0].AddressMatchList.Elements[0].IPAddress)
+	require.Equal(t, "127.0.0.1", (*listenOnClauses)[0].AddressMatchList.Elements[0].IPAddressOrACLName)
 	require.Equal(t, int64(53), listenOn.GetPort())
 }
 
@@ -38,19 +38,19 @@ func TestGetMatchingListenOnMultipleZeroAddress(t *testing.T) {
 	listenOnClauses := ListenOnClauses{
 		&ListenOn{
 			AddressMatchList: &AddressMatchList{
-				Elements: []*AddressMatchListElement{{IPAddress: "192.0.2.1"}},
+				Elements: []*AddressMatchListElement{{IPAddressOrACLName: "192.0.2.1"}},
 			},
 		},
 		&ListenOn{
 			AddressMatchList: &AddressMatchList{
-				Elements: []*AddressMatchListElement{{IPAddress: "0.0.0.0"}},
+				Elements: []*AddressMatchListElement{{IPAddressOrACLName: "0.0.0.0"}},
 			},
 		},
 	}
 	listenOn := listenOnClauses.GetMatchingListenOn(53)
 	require.NotNil(t, listenOn)
 	require.Len(t, listenOn.AddressMatchList.Elements, 1)
-	require.Equal(t, "0.0.0.0", listenOn.AddressMatchList.Elements[0].IPAddress)
+	require.Equal(t, "0.0.0.0", listenOn.AddressMatchList.Elements[0].IPAddressOrACLName)
 	require.Equal(t, int64(53), listenOn.GetPort())
 }
 
@@ -60,19 +60,19 @@ func TestGetMatchingListenOnMultipleLoopbackAddress(t *testing.T) {
 	listenOnClauses := ListenOnClauses{
 		&ListenOn{
 			AddressMatchList: &AddressMatchList{
-				Elements: []*AddressMatchListElement{{IPAddress: "192.0.2.1"}},
+				Elements: []*AddressMatchListElement{{IPAddressOrACLName: "192.0.2.1"}},
 			},
 		},
 		&ListenOn{
 			AddressMatchList: &AddressMatchList{
-				Elements: []*AddressMatchListElement{{IPAddress: "127.0.0.1"}},
+				Elements: []*AddressMatchListElement{{IPAddressOrACLName: "127.0.0.1"}},
 			},
 		},
 	}
 	listenOn := listenOnClauses.GetMatchingListenOn(53)
 	require.NotNil(t, listenOn)
 	require.Len(t, listenOn.AddressMatchList.Elements, 1)
-	require.Equal(t, "127.0.0.1", listenOn.AddressMatchList.Elements[0].IPAddress)
+	require.Equal(t, "127.0.0.1", listenOn.AddressMatchList.Elements[0].IPAddressOrACLName)
 	require.Equal(t, int64(53), listenOn.GetPort())
 }
 
@@ -82,20 +82,20 @@ func TestGetMatchingListenOnMultipleLoopbackAddressPortNumber(t *testing.T) {
 	listenOnClauses := ListenOnClauses{
 		&ListenOn{
 			AddressMatchList: &AddressMatchList{
-				Elements: []*AddressMatchListElement{{IPAddress: "192.0.2.1"}},
+				Elements: []*AddressMatchListElement{{IPAddressOrACLName: "192.0.2.1"}},
 			},
 			Port: storkutil.Ptr(int64(853)),
 		},
 		&ListenOn{
 			AddressMatchList: &AddressMatchList{
-				Elements: []*AddressMatchListElement{{IPAddress: "127.0.0.1"}},
+				Elements: []*AddressMatchListElement{{IPAddressOrACLName: "127.0.0.1"}},
 			},
 		},
 	}
 	listenOn := listenOnClauses.GetMatchingListenOn(853)
 	require.NotNil(t, listenOn)
 	require.Len(t, listenOn.AddressMatchList.Elements, 1)
-	require.Equal(t, "192.0.2.1", listenOn.AddressMatchList.Elements[0].IPAddress)
+	require.Equal(t, "192.0.2.1", listenOn.AddressMatchList.Elements[0].IPAddressOrACLName)
 	require.Equal(t, int64(853), listenOn.GetPort())
 }
 
@@ -105,19 +105,19 @@ func TestGetMatchingListenOnMultipleZeroAddressIPv6(t *testing.T) {
 	listenOnClauses := ListenOnClauses{
 		&ListenOn{
 			AddressMatchList: &AddressMatchList{
-				Elements: []*AddressMatchListElement{{IPAddress: "2001:db8:1::1"}},
+				Elements: []*AddressMatchListElement{{IPAddressOrACLName: "2001:db8:1::1"}},
 			},
 		},
 		&ListenOn{
 			AddressMatchList: &AddressMatchList{
-				Elements: []*AddressMatchListElement{{IPAddress: "::"}},
+				Elements: []*AddressMatchListElement{{IPAddressOrACLName: "::"}},
 			},
 		},
 	}
 	listenOn := listenOnClauses.GetMatchingListenOn(53)
 	require.NotNil(t, listenOn)
 	require.Len(t, listenOn.AddressMatchList.Elements, 1)
-	require.Equal(t, "::", listenOn.AddressMatchList.Elements[0].IPAddress)
+	require.Equal(t, "::", listenOn.AddressMatchList.Elements[0].IPAddressOrACLName)
 	require.Equal(t, int64(53), listenOn.GetPort())
 }
 
@@ -127,19 +127,19 @@ func TestGetMatchingListenOnMultipleLoopbackAddressIPv6(t *testing.T) {
 	listenOnClauses := ListenOnClauses{
 		&ListenOn{
 			AddressMatchList: &AddressMatchList{
-				Elements: []*AddressMatchListElement{{IPAddress: "2001:db8:1::1"}},
+				Elements: []*AddressMatchListElement{{IPAddressOrACLName: "2001:db8:1::1"}},
 			},
 		},
 		&ListenOn{
 			AddressMatchList: &AddressMatchList{
-				Elements: []*AddressMatchListElement{{IPAddress: "::1"}},
+				Elements: []*AddressMatchListElement{{IPAddressOrACLName: "::1"}},
 			},
 		},
 	}
 	listenOn := listenOnClauses.GetMatchingListenOn(53)
 	require.NotNil(t, listenOn)
 	require.Len(t, listenOn.AddressMatchList.Elements, 1)
-	require.Equal(t, "::1", listenOn.AddressMatchList.Elements[0].IPAddress)
+	require.Equal(t, "::1", listenOn.AddressMatchList.Elements[0].IPAddressOrACLName)
 	require.Equal(t, int64(53), listenOn.GetPort())
 }
 
@@ -148,19 +148,19 @@ func TestGetMatchingListenOnMultipleLoopbackAddressPortNumberIPv6(t *testing.T)
 	listenOnClauses := ListenOnClauses{
 		&ListenOn{
 			AddressMatchList: &AddressMatchList{
-				Elements: []*AddressMatchListElement{{IPAddress: "2001:db8:1::1"}},
+				Elements: []*AddressMatchListElement{{IPAddressOrACLName: "2001:db8:1::1"}},
 			},
 			Port: storkutil.Ptr(int64(853)),
 		},
 		&ListenOn{
 			AddressMatchList: &AddressMatchList{
-				Elements: []*AddressMatchListElement{{IPAddress: "::1"}},
+				Elements: []*AddressMatchListElement{{IPAddressOrACLName: "::1"}},
 			},
 		},
 	}
 	listenOn := listenOnClauses.GetMatchingListenOn(853)
 	require.NotNil(t, listenOn)
 	require.Len(t, listenOn.AddressMatchList.Elements, 1)
-	require.Equal(t, "2001:db8:1::1", listenOn.AddressMatchList.Elements[0].IPAddress)
+	require.Equal(t, "2001:db8:1::1", listenOn.AddressMatchList.Elements[0].IPAddressOrACLName)
 	require.Equal(t, int64(853), listenOn.GetPort())
 }