Changeset 596


Ignore:
Timestamp:
03/14/14 18:25:37 (10 years ago)
Author:
Kris Deugau
Message:

/trunk

Log and discard out-of-zone records on AXFR import
Warn and discard out-of-zone records on export

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/DNSDB.pm

    r595 r596  
    47634763
    47644764    while (my $rr = $res->axfr_next()) {
     4765
     4766      # Discard out-of-zone records.  After trying for a while to replicate this with
     4767      # *nix-based DNS servers, it appears that only MS DNS is prone to including these
     4768      # in the AXFR data in the first place, and possibly only older versions at that...
     4769      # so it can't be reasonably tested.  Yay Microsoft.
     4770      if ($rr->name !~ /$zone$/i) {
     4771        $warnmsg .= "Discarding out-of-zone record ".$rr->string."\n";
     4772      }
    47654773
    47664774      my $val;
     
    51955203
    51965204        $recsth->execute($revid);
     5205        my $fullzone = _ZONE($tmpzone, 'ZONE', 'r', '.').($tmpzone->{isv6} ? '.ip6.arpa' : '.in-addr.arpa');
     5206
    51975207        while (my ($host, $type, $val, $dist, $weight, $port, $ttl, $recid, $loc, $stamp, $expires, $stampactive)
    51985208                = $recsth->fetchrow_array) {
    51995209          next if $recflags{$recid};
     5210
     5211          # Check for out-of-zone data
     5212          if ($val =~ /\.arpa$/) {
     5213            # val is non-IP
     5214            if ($val !~ /$fullzone$/) {
     5215              warn "Not exporting out-of-zone record $val $typemap{$type} $host, $ttl (zone $tmpzone)\n";
     5216              next;
     5217            }
     5218          } else {
     5219            my $ipval = new NetAddr::IP $val;
     5220            if (!$tmpzone->contains($ipval)) {
     5221              warn "Not exporting out-of-zone record $val $typemap{$type} $host, $ttl (zone $tmpzone)\n";
     5222              next;
     5223            }
     5224          } # is $val a raw .arpa name?
    52005225
    52015226# not sure this is necessary for revzones.
     
    52925317        while (my ($host,$type,$val,$dist,$weight,$port,$ttl,$recid,$loc,$stamp,$expires,$stampactive) = $recsth->fetchrow_array) {
    52935318          next if $recflags{$recid};
     5319
     5320          # Check for out-of-zone data
     5321          if ($host !~ /$dom$/) {
     5322            warn "Not exporting out-of-zone record $host $type $val, $ttl (zone $dom)\n";
     5323            next;
     5324          }
    52945325
    52955326          # Spaces are evil.
Note: See TracChangeset for help on using the changeset viewer.