1400. [bug] Block the addition of wildcard NS records by IXFR

or UPDATE. [RT #3502] developer: marka reveiwer: ogud
2026-06-14 22:49:59 -04:00 · 2002-11-12 20:16:30 +00:00 · 2002-11-12 20:16:30 +00:00 · 59ab128c97
commit 59ab128c97
parent 37977368dc
3 changed files with 16 additions and 2 deletions
--- a/3
+++ b/3
@ -1,3 +1,6 @@
+1400.	[bug]		Block the addition of wildcard NS records by IXFR
+			or UPDATE. [RT #3502]
+
 1399.	[bug]		Use serial number arithmetic when testing SIG
 			timestamps. [RT #4268]

--- a/bin/named/update.c
+++ b/bin/named/update.c
@ -15,7 +15,7 @@
 * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: update.c,v 1.101 2002/08/29 05:40:07 marka Exp $ */
+/* $Id: update.c,v 1.102 2002/11/12 20:16:30 marka Exp $ */

 #include <config.h>

@ -2321,6 +2321,14 @@ update_action(isc_task_t *task, isc_event_t *event) {
 					   typebuf);
 				continue;
 			}
+			if (rdata.type == dns_rdatatype_ns &&
+			    dns_name_iswildcard(name)) {
+				update_log(client, zone,
+					   LOGLEVEL_PROTOCOL,
+					   "attempt to add wildcard NS record"
+					   "ignored");
+				continue;
+			}
 			if (rdata.type == dns_rdatatype_cname) {
 				CHECK(cname_incompatible_rrset_exists(db, ver,
 								      name,
--- a/lib/dns/xfrin.c
+++ b/lib/dns/xfrin.c
@ -15,7 +15,7 @@
 * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: xfrin.c,v 1.130 2002/09/24 01:04:03 marka Exp $ */
+/* $Id: xfrin.c,v 1.131 2002/11/12 20:16:30 marka Exp $ */

 #include <config.h>

@ -510,6 +510,9 @@ xfr_rr(dns_xfrin_ctx_t *xfr, dns_name_t *name, isc_uint32_t ttl,
 				goto redo;
 			}
 		}
+		if (rdata->type == dns_rdatatype_ns &&
+		    dns_name_iswildcard(name))
+			FAIL(DNS_R_INVALIDNS);
 		CHECK(ixfr_putdata(xfr, DNS_DIFFOP_ADD, name, ttl, rdata));
 		break;