From 8d61fb944c24ae1efa558a57ad6a47bcdd9e488d Mon Sep 17 00:00:00 2001
From: Kees Monshouwer <mind04@monshouwer.org>
Date: Fri, 1 Oct 2021 10:33:27 +0200
Subject: [PATCH] auth: fix the SOA check in pdnsutil

---
 pdns/dnsbackend.cc | 38 ++++++++++++++++++++++----------------
 pdns/pdnsutil.cc   | 21 +++++++++++++++------
 2 files changed, 37 insertions(+), 22 deletions(-)

diff --git a/pdns/dnsbackend.cc b/pdns/dnsbackend.cc
index 312c4c8378..e6711e9911 100644
--- a/pdns/dnsbackend.cc
+++ b/pdns/dnsbackend.cc
@@ -246,25 +246,31 @@ bool DNSBackend::getSOA(const DNSName &domain, SOAData &sd)
   S.inc("backend-queries");
 
   DNSResourceRecord rr;
-  rr.auth = true;
-
   int hits=0;
 
-  while(this->get(rr)) {
-    if (rr.qtype != QType::SOA) throw PDNSException("Got non-SOA record when asking for SOA");
-    hits++;
-    fillSOAData(rr.content, sd);
-    sd.domain_id=rr.domain_id;
-    sd.ttl=rr.ttl;
-  }
-
-  if(!hits)
-    return false;
+  sd.db = nullptr;
 
-  sd.qname = domain;
-  sd.db=this;
+  try {
+    while (this->get(rr)) {
+      if (rr.qtype != QType::SOA) {
+        throw PDNSException("Got non-SOA record when asking for SOA, zone: '" + domain.toLogString() + "'");
+      }
+      hits++;
+      sd.qname = domain;
+      sd.ttl = rr.ttl;
+      sd.db = this;
+      sd.domain_id = rr.domain_id;
+      fillSOAData(rr.content, sd);
+    }
+  }
+  catch (const PDNSException& e) {
+    while (this->get(rr)) {
+      ;
+    }
+    throw;
+  }
 
-  return true;
+  return hits;
 }
 
 bool DNSBackend::get(DNSZoneRecord& dzr)
@@ -348,6 +354,6 @@ void fillSOAData(const string &content, SOAData &data)
     data.minimum = pdns_stou(parts.at(6).c_str());
   }
   catch(const std::out_of_range& oor) {
-    throw PDNSException("Out of range exception parsing "+content);
+    throw PDNSException("Out of range exception parsing '" + content + "'");
   }
 }
diff --git a/pdns/pdnsutil.cc b/pdns/pdnsutil.cc
index 93c7859cee..879fb816d1 100644
--- a/pdns/pdnsutil.cc
+++ b/pdns/pdnsutil.cc
@@ -251,7 +251,7 @@ static int checkZone(DNSSECKeeper &dk, UeberBackend &B, const DNSName& zone, con
 
   DomainInfo di;
   try {
-    if (!B.getDomainInfo(zone, di)) {
+    if (!B.getDomainInfo(zone, di, false)) {
       cout << "[Error] Unable to get zone information for zone '" << zone << "'" << endl;
       return 1;
     }
@@ -263,11 +263,20 @@ static int checkZone(DNSSECKeeper &dk, UeberBackend &B, const DNSName& zone, con
   }
 
   SOAData sd;
-  if(!B.getSOAUncached(zone, sd)) {
-    cout<<"[Error] No SOA record present, or active, in zone '"<<zone<<"'"<<endl;
+  try {
+    if (!B.getSOAUncached(zone, sd)) {
+      cout << "[Error] No SOA record present, or active, in zone '" << zone << "'" << endl;
+      numerrors++;
+      cout << "Checked 0 records of '" << zone << "', " << numerrors << " errors, 0 warnings." << endl;
+      return 1;
+    }
+  }
+  catch (const PDNSException& e) {
+    cout << "[Error] SOA lookup failed: " << e.reason << endl;
     numerrors++;
-    cout<<"Checked 0 records of '"<<zone<<"', "<<numerrors<<" errors, 0 warnings."<<endl;
-    return 1;
+    if (!sd.db) {
+      return 1;
+    }
   }
 
   NSEC3PARAMRecordContent ns3pr;
@@ -367,7 +376,7 @@ static int checkZone(DNSSECKeeper &dk, UeberBackend &B, const DNSName& zone, con
       stringtok(parts, rr.content);
 
       if(parts.size() < 7) {
-        cout<<"[Warning] SOA autocomplete is deprecated, missing field(s) in SOA content: "<<rr.qname<<" IN " <<rr.qtype.toString()<< " '" << rr.content<<"'"<<endl;
+        cout << "[Info] SOA autocomplete is deprecated, missing field(s) in SOA content: " << rr.qname << " IN " << rr.qtype.toString() << " '" << rr.content << "'" << endl;
       }
 
       ostringstream o;
-- 
2.47.2