From: Mark Andrews <marka@isc.org>
Date: Thu, 29 Aug 2024 03:15:29 +0000 (+1000)
Subject: Disable ZONEVERSION for built-in chaos and empty zones
X-Git-Tag: v9.21.7~34^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ed721afa7c76fee4822f4c9d79ec5d204448af4b;p=thirdparty%2Fbind9.git

Disable ZONEVERSION for built-in chaos and empty zones
---

diff --git a/bin/named/config.c b/bin/named/config.c
index ade302bd741..c3bc87b0abf 100644
--- a/bin/named/config.c
+++ b/bin/named/config.c
@@ -262,6 +262,7 @@ view \"_bind\" chaos {\n\
 	notify no;\n\
 	allow-new-zones no;\n\
 	max-cache-size 2M;\n\
+	provide-zoneversion no;\n\
 \n\
 	# Prevent use of this zone in DNS amplified reflection DoS attacks\n\
 	rate-limit {\n\
diff --git a/bin/named/server.c b/bin/named/server.c
index d271c153cf2..f57a7276541 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -3253,6 +3253,7 @@ create_empty_zone(dns_zone_t *pzone, dns_name_t *name, dns_view_t *view,
 
 	dns_zone_setoption(zone, ~DNS_ZONEOPT_NOCHECKNS, false);
 	dns_zone_setoption(zone, DNS_ZONEOPT_NOCHECKNS, true);
+	dns_zone_setoption(zone, DNS_ZONEOPT_ZONEVERSION, false);
 	dns_zone_setcheckdstype(zone, dns_checkdstype_no);
 	dns_zone_setnotifytype(zone, dns_notifytype_no);
 	dns_zone_setautomatic(zone, true);