35 lines
1.2 KiB
Diff
35 lines
1.2 KiB
Diff
From 0313ede6e113f5d61fa8182340a964502c9f1954 Mon Sep 17 00:00:00 2001
|
|
From: Mark Andrews <marka@isc.org>
|
|
Date: Fri, 12 Feb 2021 14:51:28 +1100
|
|
Subject: [PATCH] Address inconsistencies in checking added RRsets
|
|
|
|
loading_addrdataset() rejects SOA RRsets which are not at top of zone.
|
|
addrdataset() should similarly reject such RRsets.
|
|
Conflict: NA
|
|
Reference: https://gitlab.isc.org/isc-projects/bind9/-/commit/0313ede6e113f5d61fa8182340a964502c9f1954
|
|
---
|
|
lib/dns/rbtdb.c | 7 +++++++
|
|
1 file changed, 7 insertions(+)
|
|
|
|
diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
|
|
index 34fc404b2e..9d27a1519f 100644
|
|
--- a/lib/dns/rbtdb.c
|
|
+++ b/lib/dns/rbtdb.c
|
|
@@ -6839,6 +6839,13 @@ addrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
|
|
INSIST(rbtversion == NULL || rbtversion->rbtdb == rbtdb);
|
|
|
|
if (rbtdb->common.methods == &zone_methods) {
|
|
+ /*
|
|
+ * SOA records are only allowed at top of zone.
|
|
+ */
|
|
+ if (rdataset->type == dns_rdatatype_soa &&
|
|
+ node != rbtdb->origin_node) {
|
|
+ return (DNS_R_NOTZONETOP);
|
|
+ }
|
|
RWLOCK(&rbtdb->tree_lock, isc_rwlocktype_read);
|
|
REQUIRE(((rbtnode->nsec == DNS_RBT_NSEC_NSEC3 &&
|
|
(rdataset->type == dns_rdatatype_nsec3 ||
|
|
--
|
|
2.23.0
|
|
|