From: Nate Baker <nate.baker@logix.com>
Date: Thu, 2 May 2024 00:35:30 +0000 (-0500)
Subject: Allow setting notify_allowed on zones in Recursor API
X-Git-Tag: rec-5.1.0-beta1~19^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8bb07301af347a91ab98dccdf6c357a9a5c0cbbb;p=thirdparty%2Fpdns.git

Allow setting notify_allowed on zones in Recursor API

Closes #14116
---

diff --git a/pdns/recursordist/docs/http-api/zone.rst b/pdns/recursordist/docs/http-api/zone.rst
index e478317da4..456e09f8a9 100644
--- a/pdns/recursordist/docs/http-api/zone.rst
+++ b/pdns/recursordist/docs/http-api/zone.rst
@@ -22,6 +22,7 @@ Comments are per-RRset.
   :property [RRSet] rrsets: RRSets in this zone
   :property [str] servers: For zones of type "Forwarded", addresses to send the queries to
   :property bool recursion_desired: For zones of type "Forwarded", Whether or not the RD bit should be set in the query
+  :property bool notify_allowed: For zones of type "Forwarded", Whether or not to permit incoming NOTIFY to wipe cache for the domain
 
 To properly process new zones, the following conditions must
 be true:
diff --git a/pdns/recursordist/ws-recursor.cc b/pdns/recursordist/ws-recursor.cc
index af2cbfee3e..16253f5729 100644
--- a/pdns/recursordist/ws-recursor.cc
+++ b/pdns/recursordist/ws-recursor.cc
@@ -232,6 +232,7 @@ static void doCreateZone(const Json& document)
   string singleIPTarget = document["single_target_ip"].string_value();
   string kind = toUpper(stringFromJson(document, "kind"));
   bool rdFlag = boolFromJson(document, "recursion_desired");
+  bool notifyAllowed = boolFromJson(document, "notify_allowed", false);
   string confbasename = "zone-" + apiZoneNameToId(zone);
 
   const string yamlAPiZonesFile = ::arg()["api-config-dir"] + "/apizones";
@@ -280,7 +281,7 @@ static void doCreateZone(const Json& document)
       pdns::rust::settings::rec::ForwardZone forward;
       forward.zone = zonename;
       forward.recurse = rdFlag;
-      forward.notify_allowed = false;
+      forward.notify_allowed = notifyAllowed;
       for (const auto& value : document["servers"].array_items()) {
         forward.forwarders.emplace_back(value.string_value());
       }
@@ -308,11 +309,12 @@ static void doCreateZone(const Json& document)
         throw ApiException("Need at least one upstream server when forwarding");
       }
 
+      const string notifyAllowedConfig = notifyAllowed ? "\nallow-notify-for+=" + zonename : "";
       if (rdFlag) {
-        apiWriteConfigFile(confbasename, "forward-zones-recurse+=" + zonename + "=" + serverlist);
+        apiWriteConfigFile(confbasename, "forward-zones-recurse+=" + zonename + "=" + serverlist + notifyAllowedConfig);
       }
       else {
-        apiWriteConfigFile(confbasename, "forward-zones+=" + zonename + "=" + serverlist);
+        apiWriteConfigFile(confbasename, "forward-zones+=" + zonename + "=" + serverlist + notifyAllowedConfig);
       }
     }
   }