Index: /trunk/DNSDB.pm
===================================================================
--- /trunk/DNSDB.pm	(revision 617)
+++ /trunk/DNSDB.pm	(revision 618)
@@ -604,13 +604,38 @@
   my %args = @_;
 
-# Not really true, but these are only useful for delegating smaller-than-/24 IP blocks.
-# This is fundamentally a messy operation and should really just be taken care of by the
-# export process, not manual maintenance of the necessary records.
-  return ('FAIL', 'Reverse zones cannot contain CNAME records') if $args{revrec} eq 'y';
-
-  # Coerce all hostnames to end in ".DOMAIN" for group/default records,
-  # or the intended parent domain for live records.
-  my $pname = ($args{defrec} eq 'y' ? 'DOMAIN' : $self->domainName($args{id}));
-  ${$args{host}} =~ s/\.*$/\.$pname/ if ${$args{host}} !~ /$pname$/;
+  # CNAMEs in reverse zones shouldn't be handled manually, they should be generated on
+  # export by use of the "delegation" type.  For the masochistic, and those importing
+  # legacy data from $deity-knows-where, we'll support them.
+
+  if ($args{revrec} eq 'y') {
+    # CNAME target check - IP addresses not allowed.  Must be a more or less well-formed hostname.
+    return ('FAIL', "CNAME records cannot point directly to an IP address")
+      if ${$args{host}} =~ /^(?:[\d.]+|[0-9a-fA-F:]+)$/;
+
+    if ($args{defrec} eq 'n') {
+      # Get the revzone, so we can see if ${$args{val}} is in that zone
+      my $revzone = new NetAddr::IP $self->revName($args{id}, 'y');
+      return ('FAIL', $errstr) if !$self->_inrev($args{val}, $revzone);
+    }
+
+##enhance or ##fixme
+# convert well-formed .arpa names to IP addresses to match old "strict" validation design
+    return ('FAIL', $errstr) if ! _check_hostname_form(${$args{val}}, ${$args{rectype}}, $args{defrec}, $args{revrec}) &&
+      ${$args{val}} =~ /\.arpa$/;
+
+##enhance:  Look up the passed value to see if it exists.  Ooo, fancy.
+    return ('FAIL', $errstr) if ! _check_hostname_form(${$args{host}}, ${$args{rectype}}, $args{defrec}, $args{revrec});
+  } else {
+    # CNAME target check - IP addresses not allowed.  Must be a more or less well-formed hostname.
+    return ('FAIL', "CNAME records cannot point directly to an IP address")
+      if ${$args{val}} =~ /^(?:[\d.]+|[0-9a-fA-F:]+)$/;
+
+    # Forcibly append the domain name if the hostname being added does not end with the current domain name
+    my $pname = ($args{defrec} eq 'y' ? 'DOMAIN' : $self->domainName($args{id}));
+    ${$args{host}} =~ s/\.*$/\.$pname/ if ${$args{host}} !~ /$pname$/;
+
+##enhance:  Look up the passed value to see if it exists.  Ooo, fancy.
+    return ('FAIL', $errstr) if ! _check_hostname_form(${$args{val}}, ${$args{rectype}}, $args{defrec}, $args{revrec});
+  }
 
   return ('OK','OK');