Index: /trunk/DNSDB.pm =================================================================== --- /trunk/DNSDB.pm (revision 615) +++ /trunk/DNSDB.pm (revision 616) @@ -551,31 +551,46 @@ my %args = @_; + # NS target check - IP addresses not allowed. Must be a more or less well-formed hostname. + if ($args{revrec} eq 'y') { + return ('FAIL', "NS records cannot point directly to an IP address") + if ${$args{host}} =~ /^(?:[\d.]+|[0-9a-fA-F:]+)$/; +##enhance: Look up the passed value to see if it exists. Ooo, fancy. + return ('FAIL', $errstr) if ! _check_hostname_form(${$args{host}}, ${$args{rectype}}, $args{defrec}, $args{revrec}); + } else { + return ('FAIL', "NS records cannot point directly to an IP address") + if ${$args{val}} =~ /^(?:[\d.]+|[0-9a-fA-F:]+)$/; +##enhance: Look up the passed value to see if it exists. Ooo, fancy. + return ('FAIL', $errstr) if ! _check_hostname_form(${$args{val}}, ${$args{rectype}}, $args{defrec}, $args{revrec}); + } + # Check that the target of the record is within the parent. - # Yes, host<->val are mixed up here; can't see a way to avoid it. :( if ($args{defrec} eq 'n') { # Check if IP/address/zone/"subzone" is within the parent if ($args{revrec} eq 'y') { - my $tmpip = NetAddr::IP->new(${$args{val}}); - my $pname = $self->revName($args{id}); - return ('FAIL',"${$args{val}} not within $pname") - unless $self->_ipparent($args{defrec}, $args{revrec}, $args{val}, $args{id}, \$tmpip); - # Sub the returned thing for ZONE? This could get stupid if you have typos... - ${$args{val}} =~ s/ZONE/$tmpip->address/; + # Get the revzone, so we can see if ${$args{val}} is in that zone + my $revzone = new NetAddr::IP $self->revName($args{id}, 'y'); + + # Note the NS record may or may not be for the zone itself, it may be a pointer for a subzone + return ('FAIL', $errstr) if !$self->_inrev($args{val}, $revzone); + + # ${$args{val}} is either a valid IP or a string ending with the .arpa zone name; + # now check if it's a well-formed FQDN +##enhance or ##fixme +# convert well-formed .arpa names to IP addresses to match old "strict" validation design + return ('FAIL', $errstr) if ! _check_hostname_form(${$args{val}}, ${$args{rectype}}, $args{defrec}, $args{revrec}) && + ${$args{val}} =~ /\.arpa$/; } else { + # Forcibly append the domain name if the hostname being added does not end with the current domain name my $pname = $self->domainName($args{id}); - ${$args{host}} = $pname if ${$args{host}} !~ /\.$pname$/; + ${$args{host}} =~ s/\.*$/\.$pname/ if ${$args{host}} !~ /$pname$/; } } else { - # Default reverse NS records should always refer to the implied parent - ${$args{host}} = 'DOMAIN' if $args{revrec} eq 'n'; - ${$args{val}} = 'ZONE' if $args{revrec} eq 'y'; - } - -# Let this lie for now. Needs more magic. -# # Check IP is well-formed, and that it's a v4 address -# return ('FAIL',"A record must be a valid IPv4 address") -# unless $addr && !$addr->{isv6}; -# # coerce IP/value to normalized form for storage -# $$val = $addr->addr; + # Default reverse NS records should always refer to the implied parent. + if ($args{revrec} eq 'y') { + ${$args{val}} = 'ZONE'; + } else { + ${$args{host}} = 'DOMAIN'; + } + } return ('OK','OK');