git.ipfire.org Git - thirdparty/bind9.git/commit

author	Evan Hunt <each@isc.org>
	Wed, 4 Mar 2026 21:24:52 +0000 (13:24 -0800)
committer	Evan Hunt <each@isc.org>
	Wed, 6 May 2026 04:05:37 +0000 (21:05 -0700)
commit	bec30ad70d17e36241df9da259bb2ac85b3c3435
tree	637794cbc55806202d8935bffc1dd80784c3077d	tree \| snapshot
parent	e577560f65dbc6109fca8a597d16568a1cd8987c	commit \| diff

Disable UPDATE and NOTIFY for non-IN classes

Return NOTIMP for UPDATE and NOTIFY requests received for views with a
class other than IN. Only QUERY is now supported for non-IN views such
as CHAOS.

When running dns dns_rdata_tostruct() with types that are only defined
for class IN, ensure that the class is correct before proceeding.

Add an assertion that any zone being updated is of class IN. (Note
that previously, a DLZ zone could have its class value set incorrectly
to NONE; this has been fixed.)

This addresses YWH-PGM40640-70 and YWH-PGM40640-73 (as well as any
similar problems that might have occurred in the future) by minimizing
the code paths that can be reached by rdata classes other than IN, so it
is safe for the implementation to assume that rdatatypes that are only
defined for class IN, such as SVCB or WKS, have been parsed and
validated, and not accepted as unknown/opaque data.

Fixes: isc-projects/bind9#5777
Fixes: isc-projects/bind9#5779
(cherry picked from commit 9ae24c32bec16c0f64225ef04f34670018bf0765)
(cherry picked from commit a2ca2408b3ff031c426c5dc785f550c9d30bf4aa)

bin/named/server.c		diff \| blob \| blame \| history
lib/dns/adb.c		diff \| blob \| blame \| history
lib/ns/client.c		diff \| blob \| blame \| history
lib/ns/update.c		diff \| blob \| blame \| history