Changeset 622


Ignore:
Timestamp:
04/29/14 14:39:05 (10 years ago)
Author:
Kris Deugau
Message:

/trunk

Commit update to MX record validation for any-record-in-any-zone.
See #53.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/DNSDB.pm

    r621 r622  
    782782  my %args = @_;
    783783
    784 # Not absolutely true but WTF use is an MX record for a reverse zone?
    785   return ('FAIL', 'Reverse zones cannot contain MX records') if $args{revrec} eq 'y';
     784# only for strict type restrictions
     785#  return ('FAIL', 'Reverse zones cannot contain MX records') if $args{revrec} eq 'y';
    786786
    787787  return ('FAIL', "Distance is required for MX records") unless defined(${$args{dist}});
     
    792792  push @{$args{vallist}}, ${$args{dist}};
    793793
    794   # Coerce all hostnames to end in ".DOMAIN" for group/default records,
    795   # or the intended parent domain for live records.
    796   my $pname = ($args{defrec} eq 'y' ? 'DOMAIN' : $self->domainName($args{id}));
    797   ${$args{host}} =~ s/\.*$/\.$pname/ if ${$args{host}} !~ /$pname$/;
    798 
    799 # hmm..  this might work.  except possibly for something pointing to "deadbeef.ca".  <g>
    800 #  if ($type == $reverse_typemap{NS} || $type == $reverse_typemap{MX} || $type == $reverse_typemap{SRV}) {
    801 #    if ($val =~ /^\s*[\da-f:.]+\s*$/) {
    802 #      return ('FAIL',"$val is not a valid IP address") if !$addr;
    803 #    }
    804 #  }
     794  if ($args{revrec} eq 'n') {
     795    # MX target check - IP addresses not allowed.  Must be a more or less well-formed hostname.
     796    return ('FAIL', "MX records cannot point directly to an IP address")
     797      if ${$args{val}} =~ /^(?:[\d.]+|[0-9a-fA-F:]+)$/;
     798
     799    # Coerce all hostnames to end in ".DOMAIN" for group/default records,
     800    # or the intended parent domain for live records.
     801    my $pname = ($args{defrec} eq 'y' ? 'DOMAIN' : $self->domainName($args{id}));
     802    ${$args{host}} =~ s/\.*$/\.$pname/ if ${$args{host}} !~ /$pname$/;
     803  } else {
     804    # MX target check - IP addresses not allowed.  Must be a more or less well-formed hostname.
     805    return ('FAIL', "MX records cannot point directly to an IP address")
     806      if ${$args{val}} =~ /^(?:[\d.]+|[0-9a-fA-F:]+)$/;
     807
     808    # MX records in reverse zones get stricter treatment.  The UI bars adding them in
     809    # reverse record sets, but we "need" to allow editing existing ones.  And we'll allow
     810    # editing them if some loon manually munges one into a default reverse record set.
     811    if ($args{defrec} eq 'n') {
     812      # Get the revzone, so we can see if ${$args{val}} is in that zone
     813      my $revzone = new NetAddr::IP $self->revName($args{id}, 'y');
     814      return ('FAIL', $errstr) if !$self->_inrev($args{val}, $revzone);
     815    }
     816
     817##enhance or ##fixme
     818# convert well-formed .arpa names to IP addresses to match old "strict" validation design
     819    return ('FAIL', $errstr) if ! _check_hostname_form(${$args{val}}, ${$args{rectype}}, $args{defrec}, $args{revrec}) &&
     820      ${$args{val}} =~ /\.arpa$/;
     821
     822##enhance:  Look up the passed value to see if it exists.  Ooo, fancy.
     823    return ('FAIL', $errstr) if ! _check_hostname_form(${$args{host}}, ${$args{rectype}}, $args{defrec}, $args{revrec});
     824
     825  }
    805826
    806827  return ('OK','OK');
Note: See TracChangeset for help on using the changeset viewer.