diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c index f939281bf3..e150449962 100644 --- a/bin/nsupdate/nsupdate.c +++ b/bin/nsupdate/nsupdate.c @@ -186,6 +186,7 @@ static dns_message_t *answer = NULL; static uint32_t default_ttl = 0; static bool default_ttl_set = false; static bool checknames = true; +static bool checksvcb = true; static const char *resolvconf = RESOLV_CONF; bool done = false; @@ -2020,6 +2021,15 @@ parseclass: } } + if (!isdelete && checksvcb && rdata->type == dns_rdatatype_svcb) { + result = dns_rdata_checksvcb(name, rdata); + if (result != ISC_R_SUCCESS) { + fprintf(stderr, "check-svcb failed: %s\n", + isc_result_totext(result)); + goto failure; + } + } + if (!isdelete && rdata->type == dns_rdatatype_nsec3param) { dns_rdata_nsec3param_t nsec3param; @@ -2106,6 +2116,32 @@ evaluate_checknames(char *cmdline) { return (STATUS_MORE); } +static uint16_t +evaluate_checksvcb(char *cmdline) { + char *word; + + ddebug("evaluate_checksvcb()"); + word = nsu_strsep(&cmdline, " \t\r\n"); + if (word == NULL || *word == 0) { + fprintf(stderr, "could not read check-svcb directive\n"); + return (STATUS_SYNTAX); + } + if (strcasecmp(word, "yes") == 0 || strcasecmp(word, "true") == 0 || + strcasecmp(word, "on") == 0) + { + checksvcb = true; + } else if (strcasecmp(word, "no") == 0 || + strcasecmp(word, "false") == 0 || + strcasecmp(word, "off") == 0) + { + checksvcb = false; + } else { + fprintf(stderr, "incorrect check-svcb directive: %s\n", word); + return (STATUS_SYNTAX); + } + return (STATUS_MORE); +} + static void setzone(dns_name_t *zonename) { isc_result_t result; @@ -2265,6 +2301,10 @@ do_next_command(char *cmdline) { strcasecmp(word, "checknames") == 0) { return (evaluate_checknames(cmdline)); } + if (strcasecmp(word, "check-svcb") == 0 || + strcasecmp(word, "checksvcb") == 0) { + return (evaluate_checksvcb(cmdline)); + } if (strcasecmp(word, "gsstsig") == 0) { #if HAVE_GSSAPI usegsstsig = true; diff --git a/bin/nsupdate/nsupdate.rst b/bin/nsupdate/nsupdate.rst index d2f21fd2c5..cc1aa39faf 100644 --- a/bin/nsupdate/nsupdate.rst +++ b/bin/nsupdate/nsupdate.rst @@ -310,6 +310,12 @@ The command formats and their meanings are as follows: By default check-names processing is on. If check-names processing fails, the record is not added to the UPDATE message. +``check-svbc [boolean]`` + This command turns on or off check-svcb processing on records to be added. + Check-svcb has no effect on prerequisites or records to be deleted. + By default check-svcb processing is on. If check-svcb processing + fails, the record is not added to the UPDATE message. + ``prereq nxdomain domain-name`` This command requires that no resource record of any type exist with the name ``domain-name``. diff --git a/doc/man/nsupdate.1in b/doc/man/nsupdate.1in index 4fc6406912..28f38930ae 100644 --- a/doc/man/nsupdate.1in +++ b/doc/man/nsupdate.1in @@ -349,6 +349,12 @@ Check\-names has no effect on prerequisites or records to be deleted. By default check\-names processing is on. If check\-names processing fails, the record is not added to the UPDATE message. .TP +.B \fBcheck\-svbc [boolean]\fP +This command turns on or off check\-svcb processing on records to be added. +Check\-svcb has no effect on prerequisites or records to be deleted. +By default check\-svcb processing is on. If check\-svcb processing +fails, the record is not added to the UPDATE message. +.TP .B \fBprereq nxdomain domain\-name\fP This command requires that no resource record of any type exist with the name \fBdomain\-name\fP\&.