From 8aa7601a428cd8d9a7160cbadee6dff52233ef7d Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Wed, 9 Nov 2022 09:50:32 +0000
Subject: [PATCH] named-checkzone -z ignored the check-wildcard option

Lookup and set the wildcard option according to the configuration
settings.  The default is on as per bin/named/config.c.

(cherry picked from commit dfc5c1e018e1cd1219987fb7d910acbdbb11f035)
---
 CHANGES                     |  3 +++
 bin/check/named-checkconf.c | 11 +++++++++++
 2 files changed, 14 insertions(+)

diff --git a/CHANGES b/CHANGES
index a10c97f58e..4786f37a66 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+6020.	[bug]		Ensure 'named-checkconf -z' respects the check-wildcard
+			option when loading a zone.  [GL #1905]
+
 6017.	[bug]		The view's zone table was not locked when it should
 			have been leading to race conditions when external
 			extensions that manipulate the zone table where in
diff --git a/bin/check/named-checkconf.c b/bin/check/named-checkconf.c
index 8fcfafa038..9e54d343d9 100644
--- a/bin/check/named-checkconf.c
+++ b/bin/check/named-checkconf.c
@@ -403,6 +403,17 @@ configure_zone(const char *vclass, const char *view, const cfg_obj_t *zconfig,
 		zone_options |= DNS_ZONEOPT_CHECKSPF;
 	}
 
+	obj = NULL;
+	if (get_maps(maps, "check-wildcard", &obj)) {
+		if (cfg_obj_asboolean(obj)) {
+			zone_options |= DNS_ZONEOPT_CHECKWILDCARD;
+		} else {
+			zone_options &= ~DNS_ZONEOPT_CHECKWILDCARD;
+		}
+	} else {
+		zone_options |= DNS_ZONEOPT_CHECKWILDCARD;
+	}
+
 	obj = NULL;
 	if (get_checknames(maps, &obj)) {
 		if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {