diff --git a/CHANGES b/CHANGES index 8648e9d870..34f7df49f8 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +6020. [bug] Ensure 'named-checkconf -z' respects the check-wildcard + option when loading a zone. [GL #1905] + 6017. [bug] The view's zone table was not locked when it should have been leading to race conditions when external extensions that manipulate the zone table where in diff --git a/bin/check/named-checkconf.c b/bin/check/named-checkconf.c index 204bd1fffc..6b3616c0a3 100644 --- a/bin/check/named-checkconf.c +++ b/bin/check/named-checkconf.c @@ -403,6 +403,17 @@ configure_zone(const char *vclass, const char *view, const cfg_obj_t *zconfig, zone_options |= DNS_ZONEOPT_CHECKSPF; } + obj = NULL; + if (get_maps(maps, "check-wildcard", &obj)) { + if (cfg_obj_asboolean(obj)) { + zone_options |= DNS_ZONEOPT_CHECKWILDCARD; + } else { + zone_options &= ~DNS_ZONEOPT_CHECKWILDCARD; + } + } else { + zone_options |= DNS_ZONEOPT_CHECKWILDCARD; + } + obj = NULL; if (get_checknames(maps, &obj)) { if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) { diff --git a/bin/tests/system/checkconf/check-wildcard-no.conf b/bin/tests/system/checkconf/check-wildcard-no.conf new file mode 100644 index 0000000000..beb641a9bd --- /dev/null +++ b/bin/tests/system/checkconf/check-wildcard-no.conf @@ -0,0 +1,18 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "check-wildcard" { + type primary; + file "check-wildcard.db"; + check-wildcard no; +}; diff --git a/bin/tests/system/checkconf/check-wildcard.conf b/bin/tests/system/checkconf/check-wildcard.conf new file mode 100644 index 0000000000..263f8b4a65 --- /dev/null +++ b/bin/tests/system/checkconf/check-wildcard.conf @@ -0,0 +1,18 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "check-wildcard" { + type primary; + file "check-wildcard.db"; + check-wildcard yes; +}; diff --git a/bin/tests/system/checkconf/check-wildcard.db b/bin/tests/system/checkconf/check-wildcard.db new file mode 100644 index 0000000000..1db5af00e3 --- /dev/null +++ b/bin/tests/system/checkconf/check-wildcard.db @@ -0,0 +1,23 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 ; 10 minutes +@ IN SOA mname1. . ( + 1 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns2 +ns2 A 10.53.0.2 +; an interior wildcard name +foo.* TXT The owner name contains an interior wildcard diff --git a/bin/tests/system/checkconf/tests.sh b/bin/tests/system/checkconf/tests.sh index 3a6b95f623..ba683f57e2 100644 --- a/bin/tests/system/checkconf/tests.sh +++ b/bin/tests/system/checkconf/tests.sh @@ -624,6 +624,23 @@ $CHECKCONF warn-random-device.conf > checkconf.out$n 2>/dev/null || ret=1 grep "option 'random-device' is obsolete and should be removed" < checkconf.out$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "check that 'check-wildcard no;' succeeds as configured ($n)" +ret=0 +$CHECKCONF -z check-wildcard-no.conf > checkconf.out$n 2>&1 || ret=1 +grep -F "warning: ownername 'foo.*.check-wildcard' contains an non-terminal wildcard" checkconf.out$n > /dev/null && ret=1 +if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "check that 'check-wildcard yes;' warns as configured ($n)" +ret=0 +$CHECKCONF -z check-wildcard.conf > checkconf.out$n 2>&1 || ret=1 +grep -F "warning: ownername 'foo.*.check-wildcard' contains an non-terminal wildcard" checkconf.out$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi +status=`expr $status + $ret` + rmdir keys echo_i "exit status: $status"