getAuth: abort if backend returned wrong SOA for cached domain

author Chris Hofstaedtler <chris.hofstaedtler@deduktiva.com>

Sat, 15 May 2021 22:10:59 +0000 (00:10 +0200)

committer Chris Hofstaedtler <chris.hofstaedtler@deduktiva.com>

Sat, 15 May 2021 22:45:45 +0000 (00:45 +0200)
author Chris Hofstaedtler <chris.hofstaedtler@deduktiva.com>
Sat, 15 May 2021 22:10:59 +0000 (00:10 +0200)
committer Chris Hofstaedtler <chris.hofstaedtler@deduktiva.com>
Sat, 15 May 2021 22:45:45 +0000 (00:45 +0200)
diff --git a/pdns/ueberbackend.cc b/pdns/ueberbackend.cc

index 9dd1bcc6c6a2e96186d6c7e32e8bf93dd9daa65f..d234e689b9567afe597ccec2b6b3c247963a7c8a 100644 (file)
--- a/pdns/ueberbackend.cc
+++ b/pdns/ueberbackend.cc
@@ -366,6 +366,9 @@ bool UeberBackend::getAuth(const DNSName &target, const QType& qtype, SOAData* s
            g_log << Logger::Info << "Backend returned no SOA for domain '" << shorter.toLogString() << "', which it reported as existing " << endl;
            return false;
          }
+        if (zr.dr.d_name != shorter) {
+          throw PDNSException("getAuth() returned an SOA for the wrong zone. Zone '"+zr.dr.d_name.toLogString()+"' is not equal to looked up zone '"+shorter.toLogString()+"'");
+        }
          sd->qname = zr.dr.d_name;
          fillSOAData(zr, *sd);
          // leave database handle in a consistent state
author	Chris Hofstaedtler <chris.hofstaedtler@deduktiva.com>
	Sat, 15 May 2021 22:10:59 +0000 (00:10 +0200)
committer	Chris Hofstaedtler <chris.hofstaedtler@deduktiva.com>
	Sat, 15 May 2021 22:45:45 +0000 (00:45 +0200)