From 555137ee1f3665b656207461cb3bdce56d52fc3d Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Tue, 10 Jun 2014 09:29:35 +1000 Subject: [PATCH] 3873. [protocol] Only warn for SPF without TXT spf record. [RT #36210] (cherry picked from commit 634f66c659dade56502b55b1bbd514e5cfcae185) --- CHANGES | 2 ++ bin/tests/system/spf/tests.sh | 15 ++++++--------- lib/dns/zone.c | 11 ++++------- 3 files changed, 12 insertions(+), 16 deletions(-) diff --git a/CHANGES b/CHANGES index 0f16ec9afbb..6fdb5a8c557 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,5 @@ +3873. [protocol] Only warn for SPF without TXT spf record. [RT #36210] + 3872. [bug] Address issues found by static analysis. [RT #36209] 3871. [bug] Don't publish an activated key automatically before diff --git a/bin/tests/system/spf/tests.sh b/bin/tests/system/spf/tests.sh index 6acd2836a3a..3da6e2ec693 100644 --- a/bin/tests/system/spf/tests.sh +++ b/bin/tests/system/spf/tests.sh @@ -24,19 +24,16 @@ echo "I:checking that SPF warnings have been correctly generated ($n)" ret=0 grep "zone spf/IN: loaded serial 0" ns1/named.run > /dev/null || ret=1 -grep "'x.spf' found SPF/TXT" ns1/named.run > /dev/null || ret=1 -grep "'y.spf' found SPF/SPF" ns1/named.run > /dev/null || ret=1 -grep "'spf' found SPF/" ns1/named.run > /dev/null && ret=1 +grep "'y.spf' found type SPF" ns1/named.run > /dev/null || ret=1 +grep "'spf' found type SPF" ns1/named.run > /dev/null && ret=1 grep "zone warn/IN: loaded serial 0" ns1/named.run > /dev/null || ret=1 -grep "'x.warn' found SPF/TXT" ns1/named.run > /dev/null || ret=1 -grep "'y.warn' found SPF/SPF" ns1/named.run > /dev/null || ret=1 -grep "'warn' found SPF/" ns1/named.run > /dev/null && ret=1 +grep "'y.warn' found type SPF" ns1/named.run > /dev/null || ret=1 +grep "'warn' found type SPF" ns1/named.run > /dev/null && ret=1 grep "zone nowarn/IN: loaded serial 0" ns1/named.run > /dev/null || ret=1 -grep "'x.nowarn' found SPF/" ns1/named.run > /dev/null && ret=1 -grep "'y.nowarn' found SPF/" ns1/named.run > /dev/null && ret=1 -grep "'nowarn' found SPF/" ns1/named.run > /dev/null && ret=1 +grep "'y.nowarn' found type SPF" ns1/named.run > /dev/null && ret=1 +grep "'nowarn' found type SPF" ns1/named.run > /dev/null && ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` diff --git a/lib/dns/zone.c b/lib/dns/zone.c index 1aeaf1efcd3..2a848f7b3e1 100644 --- a/lib/dns/zone.c +++ b/lib/dns/zone.c @@ -2896,16 +2896,13 @@ integrity_checks(dns_zone_t *zone, dns_db_t *db) { dns_rdataset_disassociate(&rdataset); notxt: - if (have_spf != have_txt) { + if (have_spf && !have_txt) { char namebuf[DNS_NAME_FORMATSIZE]; - const char *found = have_txt ? "TXT" : "SPF"; - const char *need = have_txt ? "SPF" : "TXT"; dns_name_format(name, namebuf, sizeof(namebuf)); - dns_zone_log(zone, ISC_LOG_WARNING, "'%s' found SPF/%s " - "record but no SPF/%s record found, add " - "matching type %s record", namebuf, found, - need, need); + dns_zone_log(zone, ISC_LOG_WARNING, "'%s' found type " + "SPF record but no SPF TXT record found, " + "add matching type TXT record", namebuf); } next: -- 2.47.3