Index: trunk/DNSDB.pm =================================================================== --- trunk/DNSDB.pm (revision 595) +++ trunk/DNSDB.pm (revision 596) @@ -4763,4 +4763,12 @@ while (my $rr = $res->axfr_next()) { + + # Discard out-of-zone records. After trying for a while to replicate this with + # *nix-based DNS servers, it appears that only MS DNS is prone to including these + # in the AXFR data in the first place, and possibly only older versions at that... + # so it can't be reasonably tested. Yay Microsoft. + if ($rr->name !~ /$zone$/i) { + $warnmsg .= "Discarding out-of-zone record ".$rr->string."\n"; + } my $val; @@ -5195,7 +5203,24 @@ $recsth->execute($revid); + my $fullzone = _ZONE($tmpzone, 'ZONE', 'r', '.').($tmpzone->{isv6} ? '.ip6.arpa' : '.in-addr.arpa'); + while (my ($host, $type, $val, $dist, $weight, $port, $ttl, $recid, $loc, $stamp, $expires, $stampactive) = $recsth->fetchrow_array) { next if $recflags{$recid}; + + # Check for out-of-zone data + if ($val =~ /\.arpa$/) { + # val is non-IP + if ($val !~ /$fullzone$/) { + warn "Not exporting out-of-zone record $val $typemap{$type} $host, $ttl (zone $tmpzone)\n"; + next; + } + } else { + my $ipval = new NetAddr::IP $val; + if (!$tmpzone->contains($ipval)) { + warn "Not exporting out-of-zone record $val $typemap{$type} $host, $ttl (zone $tmpzone)\n"; + next; + } + } # is $val a raw .arpa name? # not sure this is necessary for revzones. @@ -5292,4 +5317,10 @@ while (my ($host,$type,$val,$dist,$weight,$port,$ttl,$recid,$loc,$stamp,$expires,$stampactive) = $recsth->fetchrow_array) { next if $recflags{$recid}; + + # Check for out-of-zone data + if ($host !~ /$dom$/) { + warn "Not exporting out-of-zone record $host $type $val, $ttl (zone $dom)\n"; + next; + } # Spaces are evil.