lib/rules: warn about non-CNAME wildcards in RPZ

author Vladimír Čunát <vladimir.cunat@nic.cz>

Tue, 26 Aug 2025 08:49:12 +0000 (10:49 +0200)

committer Vladimír Čunát <vladimir.cunat@nic.cz>

Mon, 27 Apr 2026 11:14:04 +0000 (13:14 +0200)
author Vladimír Čunát <vladimir.cunat@nic.cz>
Tue, 26 Aug 2025 08:49:12 +0000 (10:49 +0200)
committer Vladimír Čunát <vladimir.cunat@nic.cz>
Mon, 27 Apr 2026 11:14:04 +0000 (13:14 +0200)
diff --git a/lib/rules/zonefile.c b/lib/rules/zonefile.c

index f27180ed74bea33c12f506ed2930c2325d93a8e1..feb0c58e3c03d81c605a28c1c6987a3d3c84c94b 100644 (file)
--- a/lib/rules/zonefile.c
+++ b/lib/rules/zonefile.c
@@ -32,6 +32,17 @@ typedef struct {
  /// Process scanned RR of other types, gather RRsets in a map.
  static void rr_scan2trie(zs_scanner_t *s, const struct kr_rule_zonefile_config *c)
  {
+       // Warn if a wildcard.
+       static bool warned = false;
+       if (!warned && s->r_owner[0] == '\1' && s->r_owner[1] == '*') {
+               KR_DNAME_GET_STR(owner_str, s->r_owner);
+               kr_log_warning(RULES,
+                       "configured a non-CNAME wildcard, which is not supported yet ('%s'); "
+                       "reporting this type of issue only once per reload\n",
+                       owner_str);
+               warned = true;
+       }
+
         s_data_t *s_data = s->process.data;
         uint8_t key_data[KEY_MAXLEN];
         knot_rrset_t rrs_for_key = {
author	Vladimír Čunát <vladimir.cunat@nic.cz>
	Tue, 26 Aug 2025 08:49:12 +0000 (10:49 +0200)
committer	Vladimír Čunát <vladimir.cunat@nic.cz>
	Mon, 27 Apr 2026 11:14:04 +0000 (13:14 +0200)