lib/rules: avoid RPZ overriding the root SOA

author Vladimír Čunát <vladimir.cunat@nic.cz>

Mon, 25 Mar 2024 13:49:36 +0000 (14:49 +0100)

committer Oto Šťáva <oto.stava@nic.cz>

Wed, 27 Mar 2024 08:59:26 +0000 (09:59 +0100)
author Vladimír Čunát <vladimir.cunat@nic.cz>
Mon, 25 Mar 2024 13:49:36 +0000 (14:49 +0100)
committer Oto Šťáva <oto.stava@nic.cz>
Wed, 27 Mar 2024 08:59:26 +0000 (09:59 +0100)
diff --git a/NEWS b/NEWS

index 27c209a22e6b5d35b384e79b7c12eef0e08fe605..c5cf81b4da184d451068b50346f5c712bda7babf 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -15,6 +15,7 @@ Bugfixes
  - fix kresctl http request timeout (!1505)
  - fix RPZ if it contains apex NS record (!1516)
  - fix RPZ if SOA is repated, as usual in AXFR output (!1521)
+- avoid RPZ overriding the root SOA (!1521)
  - fix on 32-bit systems with 64-bit time_t (!1510)
  - fix paths to knot-dns libs if exec_prefix != prefix (!1503)
  
diff --git a/lib/rules/zonefile.c b/lib/rules/zonefile.c

index 6c260d7710b9d277c9b15b1e59629be460c526ef..cfd2bc276676639f8743a15a32a2633d7c4857ff 100644 (file)
--- a/lib/rules/zonefile.c
+++ b/lib/rules/zonefile.c
@@ -144,6 +144,8 @@ static bool owner_relativize(zs_scanner_t *s)
                         apex = d->origin_soa = knot_dname_copy(s->r_owner, d->pool);
         }
         d->seen_record = true;
+       if (s->r_type == KNOT_RRTYPE_SOA)
+               return false; // otherwise we'd insert `. SOA` record
  
         const int labels = knot_dname_in_bailiwick(s->r_owner, apex);
         if (labels < 0) {
author	Vladimír Čunát <vladimir.cunat@nic.cz>
	Mon, 25 Mar 2024 13:49:36 +0000 (14:49 +0100)
committer	Oto Šťáva <oto.stava@nic.cz>
	Wed, 27 Mar 2024 08:59:26 +0000 (09:59 +0100)
NEWS		patch \| blob \| blame \| history
lib/rules/zonefile.c		patch \| blob \| blame \| history