3873. [protocol] Only warn for SPF without TXT spf record. [RT #36210]

(cherry picked from commit 634f66c659dade56502b55b1bbd514e5cfcae185)

diff --git a/CHANGES b/CHANGES
index 0f16ec9afbb2a1091f3989b79a43e173c6b28682..6fdb5a8c557370c016b0ef6d6fec61e02f32fb7c 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+3873.  [protocol]      Only warn for SPF without TXT spf record. [RT #36210]
+
 3872.  [bug]           Address issues found by static analysis. [RT #36209]
 
 3871.  [bug]           Don't publish an activated key automatically before

diff --git a/bin/tests/system/spf/tests.sh b/bin/tests/system/spf/tests.sh
index 6acd2836a3a25e93cacb77df85f929a47681ceff..3da6e2ec69392b4f71cf20358a1fb5e8c128ef21 100644 (file)
--- a/bin/tests/system/spf/tests.sh
+++ b/bin/tests/system/spf/tests.sh
@@ -24,19 +24,16 @@ echo "I:checking that SPF warnings have been correctly generated ($n)"
 ret=0
 
 grep "zone spf/IN: loaded serial 0" ns1/named.run > /dev/null || ret=1
-grep "'x.spf' found SPF/TXT" ns1/named.run > /dev/null || ret=1
-grep "'y.spf' found SPF/SPF" ns1/named.run > /dev/null || ret=1
-grep "'spf' found SPF/" ns1/named.run > /dev/null && ret=1
+grep "'y.spf' found type SPF" ns1/named.run > /dev/null || ret=1
+grep "'spf' found type SPF" ns1/named.run > /dev/null && ret=1
 
 grep "zone warn/IN: loaded serial 0" ns1/named.run > /dev/null || ret=1
-grep "'x.warn' found SPF/TXT" ns1/named.run > /dev/null || ret=1
-grep "'y.warn' found SPF/SPF" ns1/named.run > /dev/null || ret=1
-grep "'warn' found SPF/" ns1/named.run > /dev/null && ret=1
+grep "'y.warn' found type SPF" ns1/named.run > /dev/null || ret=1
+grep "'warn' found type SPF" ns1/named.run > /dev/null && ret=1
 
 grep "zone nowarn/IN: loaded serial 0" ns1/named.run > /dev/null || ret=1
-grep "'x.nowarn' found SPF/" ns1/named.run > /dev/null && ret=1
-grep "'y.nowarn' found SPF/" ns1/named.run > /dev/null && ret=1
-grep "'nowarn' found SPF/" ns1/named.run > /dev/null && ret=1
+grep "'y.nowarn' found type SPF" ns1/named.run > /dev/null && ret=1
+grep "'nowarn' found type SPF" ns1/named.run > /dev/null && ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 1aeaf1efcd3520bdf9a29f02c3d6b7c1e8581dd2..2a848f7b3e15fbdc344ba9c127c348c37a7eba76 100644 (file)
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -2896,16 +2896,13 @@ integrity_checks(dns_zone_t *zone, dns_db_t *db) {
                dns_rdataset_disassociate(&rdataset);
 
  notxt:
-               if (have_spf != have_txt) {
+               if (have_spf && !have_txt) {
                        char namebuf[DNS_NAME_FORMATSIZE];
-                       const char *found = have_txt ? "TXT" : "SPF";
-                       const char *need = have_txt ? "SPF" : "TXT";
 
                        dns_name_format(name, namebuf, sizeof(namebuf));
-                       dns_zone_log(zone, ISC_LOG_WARNING, "'%s' found SPF/%s "
-                                    "record but no SPF/%s record found, add "
-                                    "matching type %s record", namebuf, found,
-                                    need, need);
+                       dns_zone_log(zone, ISC_LOG_WARNING, "'%s' found type "
+                                    "SPF record but no SPF TXT record found, "
+                                    "add matching type TXT record", namebuf);
                }
 
  next: