BIND 10 #2564: MasterLoader needs to perform minimal validation for SOA
BIND 10 Development
do-not-reply at isc.org
Fri Dec 14 22:25:24 UTC 2012
#2564: MasterLoader needs to perform minimal validation for SOA
-------------------------------------+-------------------------------------
Reporter: | Owner:
jinmei | Status: new
Type: task | Milestone: Next-Sprint-
Priority: | Proposed
medium | Keywords:
Component: | Sensitive: 0
Unclassified | Sub-Project: DNS
CVSS Scoring: | Estimated Difficulty: 0
Defect Severity: N/A | Total Hours: 0
Feature Depending on Ticket: |
loadzone-ng |
Add Hours to Ticket: 0 |
Internal?: 0 |
-------------------------------------+-------------------------------------
It should do something equivalent to the following BIND 9 code:
{{{#!c
if (type == dns_rdatatype_soa &&
(lctx->options & DNS_MASTER_ZONE) != 0 &&
dns_name_compare(ictx->current, lctx->top) != 0) {
char namebuf[DNS_NAME_FORMATSIZE];
dns_name_format(ictx->current, namebuf,
sizeof(namebuf));
(*callbacks->error)(callbacks, "%s:%lu: SOA "
"record not at top of zone
(%s)",
source, line, namebuf);
result = DNS_R_NOTZONETOP;
if (MANYERRS(lctx, result)) {
SETRESULT(lctx, result);
read_till_eol = ISC_TRUE;
target = target_ft;
continue;
} else if (result != ISC_R_SUCCESS)
goto insist_and_cleanup;
}
}}}
i.e., reject "example.com/SOA" for the example.org zone.
I intended to do it in #2377, but #2377 didn't address it. Note that
there's no other point that we can do this effectively, unless we
require expensive whole-zone search in the post-load validation phase
by default.
As the BIND 9 code shows, we should also introduce a loader option
that allows to skip this check.
--
Ticket URL: <http://bind10.isc.org/ticket/2564>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list