From: Ondřej Surý <ondrej@isc.org>
Date: Wed, 29 Apr 2026 14:39:45 +0000 (+0200)
Subject: chg: usr: Document that named-checkzone must not run on untrusted input
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5b164b551fa5714f3b324737e7d549c98bfb34b6;p=thirdparty%2Fbind9.git

chg: usr: Document that named-checkzone must not run on untrusted input

The zone-file parser implements $INCLUDE by opening whatever local
path the zone text names, and fragments of the included file leak
through parser error messages. There is no safe way to validate
untrusted zone text with named-checkzone or named-compilezone, so
the manual pages for both tools now warn against doing so.

Merge branch 'ondrej/named-checkzone-include-path-traversal' into 'main'

See merge request isc-projects/bind9!11901
---

5b164b551fa5714f3b324737e7d549c98bfb34b6