Address inconsistencies in checking added RRsets

author Mark Andrews <marka@isc.org>

Fri, 12 Feb 2021 03:51:28 +0000 (14:51 +1100)

committer Michał Kępień <michal@isc.org>

Thu, 8 Apr 2021 11:16:15 +0000 (13:16 +0200)
author Mark Andrews <marka@isc.org>
Fri, 12 Feb 2021 03:51:28 +0000 (14:51 +1100)
committer Michał Kępień <michal@isc.org>
Thu, 8 Apr 2021 11:16:15 +0000 (13:16 +0200)
diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c

index a18fcceaa53a14f60091cd0f96ef8fd663375bd4..3706821b43b091d1f2906af56ddd48db34bdfbd3 100644 (file)
--- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c
@@ -6768,6 +6768,13 @@ addrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
         INSIST(rbtversion == NULL || rbtversion->rbtdb == rbtdb);
  
         if (rbtdb->common.methods == &zone_methods) {
+               /*
+                * SOA records are only allowed at top of zone.
+                */
+               if (rdataset->type == dns_rdatatype_soa &&
+                   node != rbtdb->origin_node) {
+                       return (DNS_R_NOTZONETOP);
+               }
                 RWLOCK(&rbtdb->tree_lock, isc_rwlocktype_read);
                 REQUIRE(((rbtnode->nsec == DNS_RBT_NSEC_NSEC3 &&
                           (rdataset->type == dns_rdatatype_nsec3 ||
author	Mark Andrews <marka@isc.org>
	Fri, 12 Feb 2021 03:51:28 +0000 (14:51 +1100)
committer	Michał Kępień <michal@isc.org>
	Thu, 8 Apr 2021 11:16:15 +0000 (13:16 +0200)