Disable ZONEVERSION for built-in chaos and empty zones

2026-06-11 02:09:59 -04:00 · 2024-08-29 13:15:29 +10:00 · 2024-08-29 13:15:29 +10:00 · ed721afa7c
commit ed721afa7c
parent eb77a89dfd
2 changed files with 2 additions and 0 deletions
--- a/bin/named/config.c
+++ b/bin/named/config.c
@ -262,6 +262,7 @@ view \"_bind\" chaos {\n\
 	notify no;\n\
 	allow-new-zones no;\n\
 	max-cache-size 2M;\n\
+	provide-zoneversion no;\n\
 \n\
 	# Prevent use of this zone in DNS amplified reflection DoS attacks\n\
 	rate-limit {\n\
--- a/bin/named/server.c
+++ b/bin/named/server.c
@ -3253,6 +3253,7 @@ create_empty_zone(dns_zone_t *pzone, dns_name_t *name, dns_view_t *view,

 	dns_zone_setoption(zone, ~DNS_ZONEOPT_NOCHECKNS, false);
 	dns_zone_setoption(zone, DNS_ZONEOPT_NOCHECKNS, true);
+	dns_zone_setoption(zone, DNS_ZONEOPT_ZONEVERSION, false);
 	dns_zone_setcheckdstype(zone, dns_checkdstype_no);
 	dns_zone_setnotifytype(zone, dns_notifytype_no);
 	dns_zone_setautomatic(zone, true);