Changeset 606


Ignore:
Timestamp:
04/02/14 16:04:05 (11 years ago)
Author:
Kris Deugau
Message:

/trunk

Commit updates to A record validator to support (ab)use in reverse zones

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/DNSDB.pm

    r605 r606  
    449449  my %args = @_;
    450450
    451   return ('FAIL', 'Reverse zones cannot contain A records') if $args{revrec} eq 'y';
    452 
    453   # Coerce all hostnames to end in ".DOMAIN" for group/default records,
    454   # or the intended parent domain for live records.
    455   my $pname = ($args{defrec} eq 'y' ? 'DOMAIN' : $self->domainName($args{id}));
    456   ${$args{host}} =~ s/\.*$/\.$pname/ if (${$args{host}} ne '@' && ${$args{host}} !~ /$pname$/);
    457 
    458   # Check IP is well-formed, and that it's a v4 address
    459   # Fail on "compact" IPv4 variants, because they are not consistent and predictable.
    460   return ('FAIL',"$typemap{${$args{rectype}}} record must be a valid IPv4 address")
     451# only for strict type restrictions
     452#  return ('FAIL', 'Reverse zones cannot contain A records') if $args{revrec} eq 'y';
     453
     454  if ($args{revrec} eq 'y') {
     455    # Get the revzone, so we can see if ${$args{val}} is in that zone
     456    my $revzone = new NetAddr::IP $self->revName($args{id}, 'y');
     457
     458    # Unlike forward zones, we will not coerce the data into the reverse zone - an A record
     459    # in a reverse zone is already silly enough without appending a mess of 1.2.3.in-addr.arpa
     460    # (or worse, 1.2.3.4.5.6.7.8.ip6.arpa) on the end of the nominal "hostname".
     461    # We're also going to allow the "hostname" to be stored as .arpa or IP, because it won't
     462    # make any more sense either way.
     463    if (${$args{val}} =~ /\.arpa$/) {
     464      # "hostname" could be any syntactically legitimate string, but it must be within the formal
     465      # .arpa zone.  Note we're not validating these for correct reverse-IP values.
     466      # yes, we really need the v6 branch on the end here.
     467      $revzone = _ZONE($revzone, 'ZONE', 'r', '.').($revzone->{isv6} ? '.ip6.arpa' : '.in-addr.arpa');
     468      return ('FAIL', "${$args{val}} not within $revzone")
     469        unless ${$args{val}} =~ /$revzone$/;
     470    } else {
     471      # "hostname" should be a valid IP address.  Normalize formatting if so.
     472      return ('FAIL', "${$args{val}} is not a valid IP address") if !$args{addr};
     473      return ('FAIL', "${$args{val}} is not within $revzone") if !$revzone->contains($args{addr});
     474      (${$args{val}} = $args{addr}) =~ s{/(?:32|128)$}{};
     475    }
     476
     477    # Check IP is well-formed, and that it's a v4 address
     478    # Fail on "compact" IPv4 variants, because they are not consistent and predictable.
     479    return ('FAIL',"A record must be a valid IPv4 address")
     480        unless ${$args{host}} =~ /^\d+\.\d+\.\d+\.\d+$/;
     481    $args{addr} = new NetAddr::IP ${$args{host}};
     482    return ('FAIL',"A record must be a valid IPv4 address")
     483        unless $args{addr} && !$args{addr}->{isv6};
     484    # coerce IP/value to normalized form for storage
     485    ${$args{host}} = $args{addr}->addr;
     486
     487    # I'm just going to ignore the utterly barmy idea of an A record in the *default*
     488    # records for a reverse zone;  it's bad enough to find one in funky legacy data.
     489
     490  } else {
     491    # revrec ne 'y'
     492
     493    # Coerce all hostnames to end in ".DOMAIN" for group/default records,
     494    # or the intended parent domain for live records.
     495    my $pname = ($args{defrec} eq 'y' ? 'DOMAIN' : $self->domainName($args{id}));
     496    ${$args{host}} =~ s/\.*$/\.$pname/ if (${$args{host}} ne '@' && ${$args{host}} !~ /$pname$/);
     497
     498    # Check IP is well-formed, and that it's a v4 address
     499    # Fail on "compact" IPv4 variants, because they are not consistent and predictable.
     500    return ('FAIL',"A record must be a valid IPv4 address")
    461501        unless ${$args{val}} =~ /^\d+\.\d+\.\d+\.\d+$/;
    462   return ('FAIL',"$typemap{${$args{rectype}}} record must be a valid IPv4 address")
     502    return ('FAIL',"A record must be a valid IPv4 address")
    463503        unless $args{addr} && !$args{addr}->{isv6};
    464   # coerce IP/value to normalized form for storage
    465   ${$args{val}} = $args{addr}->addr;
     504    # coerce IP/value to normalized form for storage
     505    ${$args{val}} = $args{addr}->addr;
     506  }
    466507
    467508  return ('OK','OK');
Note: See TracChangeset for help on using the changeset viewer.