From: Uwe Kleine-König Date: Wed, 18 Dec 2024 11:21:24 +0000 (+0100) Subject: pdnsutil {add-record,delete-rrset}: Require NAME to be absolute X-Git-Tag: rec-5.4.0-alpha0~33^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f979a674c9bc4cb21e8400dd4a76418fc7d56d5e;p=thirdparty%2Fpdns.git pdnsutil {add-record,delete-rrset}: Require NAME to be absolute Note this is an incompatible change because calls like pdnsutil --config-dir=configs/auth add-record example.net . NS 1.2.3.4 which added the NS record to the zone's apex before and is an error now. Note that also "@" isn't interpreted any more as "at the apex". Adapt the test suite and docs accordingly to use absolute names. Closes: https://github.com/PowerDNS/pdns/issues/8595 --- diff --git a/docs/guides/basic-database.rst b/docs/guides/basic-database.rst index aa24dcf9e1..9bf15919b6 100644 --- a/docs/guides/basic-database.rst +++ b/docs/guides/basic-database.rst @@ -67,10 +67,10 @@ Now, let's add a zone and some records:: $ sudo -u pdns pdnsutil create-zone example.com ns1.example.com Creating empty zone 'example.com' Also adding one NS record - $ sudo -u pdns pdnsutil add-record example.com '' MX '25 mail.example.com' + $ sudo -u pdns pdnsutil add-record example.com example.com MX '25 mail.example.com' New rrset: example.com. 3005 IN MX 25 mail.example.com - $ sudo -u pdns pdnsutil add-record example.com. www A 192.0.2.1 + $ sudo -u pdns pdnsutil add-record example.com www.example.com A 192.0.2.1 New rrset: www.example.com. 3005 IN A 192.0.2.1 diff --git a/docs/manpages/pdnsutil.1.rst b/docs/manpages/pdnsutil.1.rst index ff854479b0..1f081d7709 100644 --- a/docs/manpages/pdnsutil.1.rst +++ b/docs/manpages/pdnsutil.1.rst @@ -246,6 +246,7 @@ add-record *ZONE* *NAME* *TYPE* [*TTL*] *CONTENT* Add one or more records of *NAME* and *TYPE* to *ZONE* with *CONTENT* and optional *TTL*. If *TTL* is not set, the configured *default-ttl* will be used. + *NAME* must be absolute. add-autoprimary *IP* *NAMESERVER* [*ACCOUNT*] @@ -290,6 +291,7 @@ clear-zone *ZONE* delete-rrset *ZONE* *NAME* *TYPE* Delete named RRSET from zone. + *NAME* must be absolute. delete-zone *ZONE* diff --git a/pdns/pdnsutil.cc b/pdns/pdnsutil.cc index 6579d1b3ff..8d5e91c394 100644 --- a/pdns/pdnsutil.cc +++ b/pdns/pdnsutil.cc @@ -1758,11 +1758,10 @@ static int addOrReplaceRecord(bool isAdd, const vector& cmds) { DNSResourceRecord rr; vector newrrs; ZoneName zone(cmds.at(1)); - DNSName name; - if (cmds.at(2) == "@") - name=zone.operator const DNSName&(); - else - name = DNSName(cmds.at(2)) + zone.operator const DNSName&(); + DNSName name = DNSName(cmds.at(2)); + if (!name.isPartOf(zone)) { + throw PDNSException("Name \"" + name.toString() + "\" to add is not part of zone \"" + zone.toString() + "\"."); + } UtilBackend B; //NOLINT(readability-identifier-length) DomainInfo di; @@ -1933,11 +1932,10 @@ static int deleteRRSet(const std::string& zone_, const std::string& name_, const throw PDNSException("Operation on a secondary zone is not allowed unless --force"); } - DNSName name; - if(name_=="@") - name=zone.operator const DNSName&(); - else - name=DNSName(name_)+zone.operator const DNSName&(); + DNSName name = DNSName(name_); + if (!name.isPartOf(zone)) { + throw PDNSException("Name \"" + name.toString() + "\" to remove is not part of zone \"" + zone.toString() + "\"."); + } QType qt(QType::chartocode(type_.c_str())); di.backend->startTransaction(zone, UnknownDomainID); diff --git a/regression-tests.auth-py/test_GSSTSIG.py b/regression-tests.auth-py/test_GSSTSIG.py index 78e6d3b1ef..a8c73964c8 100644 --- a/regression-tests.auth-py/test_GSSTSIG.py +++ b/regression-tests.auth-py/test_GSSTSIG.py @@ -63,9 +63,9 @@ dnsupdate-require-tsig=no os.system("$PDNSUTIL --config-dir=configs/auth create-zone noacceptor.net") os.system("$PDNSUTIL --config-dir=configs/auth create-zone wrongacceptor.net") - os.system("$PDNSUTIL --config-dir=configs/auth add-record example.net . SOA 3600 'ns1.example.net otto.example.net 2022010403 10800 3600 604800 3600'") - os.system("$PDNSUTIL --config-dir=configs/auth add-record noacceptor.net . SOA 3600 'ns1.noacceptor.net otto.example.net 2022010403 10800 3600 604800 3600'") - os.system("$PDNSUTIL --config-dir=configs/auth add-record wrongacceptor.net . SOA 3600 'ns1.wrongacceptor.net otto.example.net 2022010403 10800 3600 604800 3600'") + os.system("$PDNSUTIL --config-dir=configs/auth add-record example.net example.net SOA 3600 'ns1.example.net otto.example.net 2022010403 10800 3600 604800 3600'") + os.system("$PDNSUTIL --config-dir=configs/auth add-record noacceptor.net noacceptor.net SOA 3600 'ns1.noacceptor.net otto.example.net 2022010403 10800 3600 604800 3600'") + os.system("$PDNSUTIL --config-dir=configs/auth add-record wrongacceptor.net wrongacceptor.net SOA 3600 'ns1.wrongacceptor.net otto.example.net 2022010403 10800 3600 604800 3600'") os.system("$PDNSUTIL --config-dir=configs/auth set-meta example.net GSS-ACCEPTOR-PRINCIPAL DNS/ns1.example.net@EXAMPLE.COM") os.system("$PDNSUTIL --config-dir=configs/auth set-meta wrongacceptor.net GSS-ACCEPTOR-PRINCIPAL DNS/ns1.example.net@EXAMPLE.COM") diff --git a/regression-tests/backends/lmdb-master b/regression-tests/backends/lmdb-master index 6cdc3b482c..a5a3c0204f 100644 --- a/regression-tests/backends/lmdb-master +++ b/regression-tests/backends/lmdb-master @@ -94,16 +94,16 @@ __EOF__ $RUNWRAPPER_PDNSUTIL $PDNSUTIL --config-dir=. --config-name=lmdb create-zone example.com..$variant $RUNWRAPPER_PDNSUTIL $PDNSUTIL --config-dir=. --config-name=lmdb list-all-zones $RUNWRAPPER_PDNSUTIL $PDNSUTIL --config-dir=. --config-name=lmdb show-zone example.com..$variant - $RUNWRAPPER_PDNSUTIL $PDNSUTIL --config-dir=. --config-name=lmdb add-record example.com..$variant '' TXT '"hello from the '$variant' variant"' - $RUNWRAPPER_PDNSUTIL $PDNSUTIL --config-dir=. --config-name=lmdb add-record example.com..$variant cname CNAME target.example.org - $RUNWRAPPER_PDNSUTIL $PDNSUTIL --config-dir=. --config-name=lmdb add-record example.com..$variant cname-nxd CNAME nxd.example.org + $RUNWRAPPER_PDNSUTIL $PDNSUTIL --config-dir=. --config-name=lmdb add-record example.com..$variant example.com TXT '"hello from the '$variant' variant"' + $RUNWRAPPER_PDNSUTIL $PDNSUTIL --config-dir=. --config-name=lmdb add-record example.com..$variant cname.example.com CNAME target.example.org + $RUNWRAPPER_PDNSUTIL $PDNSUTIL --config-dir=. --config-name=lmdb add-record example.com..$variant cname-nxd.example.com CNAME nxd.example.org done $RUNWRAPPER_PDNSUTIL $PDNSUTIL --config-dir=. --config-name=lmdb view-add-zone view1 example.com..foo $RUNWRAPPER_PDNSUTIL $PDNSUTIL --config-dir=. --config-name=lmdb view-add-zone view2 example.com..bar $RUNWRAPPER_PDNSUTIL $PDNSUTIL --config-dir=. --config-name=lmdb create-zone example.org..foo - $RUNWRAPPER_PDNSUTIL $PDNSUTIL --config-dir=. --config-name=lmdb add-record example.org..foo target TXT '"hello from target..foo"' + $RUNWRAPPER_PDNSUTIL $PDNSUTIL --config-dir=. --config-name=lmdb add-record example.org..foo target.example.org TXT '"hello from target..foo"' $RUNWRAPPER_PDNSUTIL $PDNSUTIL --config-dir=. --config-name=lmdb view-add-zone view1 example.org..foo $RUNWRAPPER_PDNSUTIL $PDNSUTIL --config-dir=. --config-name=lmdb set-network 192.0.2.0/24 view1 diff --git a/regression-tests/tests/pdnsutil-zone-handling/command b/regression-tests/tests/pdnsutil-zone-handling/command index 9aa474e6e6..64137237d6 100755 --- a/regression-tests/tests/pdnsutil-zone-handling/command +++ b/regression-tests/tests/pdnsutil-zone-handling/command @@ -15,21 +15,21 @@ $PDNSUTIL --config-dir=. --config-name=$backend "$@" 2>&1 | egrep -v 'destructor ZONE=bug.less pdnsutil_wrapper zone create ${ZONE} > /dev/null -pdnsutil_wrapper record add ${ZONE} cname CNAME host -pdnsutil_wrapper record add ${ZONE} host A 127.0.0.1 +pdnsutil_wrapper record add ${ZONE} cname.${ZONE} CNAME host +pdnsutil_wrapper record add ${ZONE} host.${ZONE} A 127.0.0.1 # Duplicate records should be omitted -pdnsutil_wrapper record add ${ZONE} host2 A 127.0.0.2 127.0.0.2 +pdnsutil_wrapper record add ${ZONE} host2.${ZONE} A 127.0.0.2 127.0.0.2 # Can't add non-CNAME record to a CNAME record -pdnsutil_wrapper record add ${ZONE} cname A 127.0.0.1 +pdnsutil_wrapper record add ${ZONE} cname.${ZONE} A 127.0.0.1 # Can't add CNAME record if other records exist -pdnsutil_wrapper record add ${ZONE} host CNAME host2 +pdnsutil_wrapper record add ${ZONE} host.${ZONE} CNAME host2 # Adding existing record should ignore duplicates -pdnsutil_wrapper record add ${ZONE} host2 A 127.0.0.2 127.0.0.3 | LC_ALL=C sort +pdnsutil_wrapper record add ${ZONE} host2.${ZONE} A 127.0.0.2 127.0.0.3 | LC_ALL=C sort # Deleting rrset with ANY should delete all entries regardless of their type -pdnsutil_wrapper record add ${ZONE} no A 1.2.3.4 -pdnsutil_wrapper record add ${ZONE} no TXT '"insert your favorite zen quote here"' -pdnsutil_wrapper rrset delete ${ZONE} no ANY +pdnsutil_wrapper record add ${ZONE} no.${ZONE} A 1.2.3.4 +pdnsutil_wrapper record add ${ZONE} no.${ZONE} TXT '"insert your favorite zen quote here"' +pdnsutil_wrapper rrset delete ${ZONE} no.${ZONE} ANY # Display zone contents for final verification pdnsutil_wrapper zone list ${ZONE} | LC_ALL=C sort diff --git a/regression-tests/tests/zone-variants/command b/regression-tests/tests/zone-variants/command index aaef1e75ce..570e26d437 100755 --- a/regression-tests/tests/zone-variants/command +++ b/regression-tests/tests/zone-variants/command @@ -19,5 +19,5 @@ pdnsutil_wrapper show-zone . pdnsutil_wrapper list-all-zones | LC_ALL=C sort -pdnsutil_wrapper add-record example.com..variant1 uniquename A 1.2.3.4 +pdnsutil_wrapper add-record example.com..variant1 uniquename.example.com A 1.2.3.4 pdnsutil_wrapper backend-lookup $backend uniquename.example.com..variant1