Check that catz member zone is not a configured forward zone

When processing a catalog zone member zone make sure that there is no configured pre-existing forward zone with that name. Refactor the `dns_fwdtable_find()` function to not alter the `DNS_R_PARTIALMATCH` result (coming from `dns_rbt_findname()`) into `DNS_R_SUCCESS`, so that now the caller can differentiate partial and exact matches. Patch the calling sites to expect and process the new return value.
2025-08-29 13:38:26 +00:00 · 2022-05-03 22:24:32 +00:00 · 2022-05-03 22:24:32 +00:00 · 2aff264fb1
commit 2aff264fb1
parent 5712f97c24
4 changed files with 36 additions and 20 deletions
--- a/bin/named/server.c
+++ b/bin/named/server.c
@ -2639,6 +2639,8 @@ static void
 catz_addmodzone_taskaction(isc_task_t *task, isc_event_t *event0) {
 	catz_chgzone_event_t *ev = (catz_chgzone_event_t *)event0;
 	isc_result_t result;
 	dns_forwarders_t *dnsforwarders = NULL;
 	dns_name_t *name = NULL;
 	isc_buffer_t namebuf;
 	isc_buffer_t *confbuf;
 	char nameb[DNS_NAME_FORMATSIZE];
@ -2657,12 +2659,26 @@ catz_addmodzone_taskaction(isc_task_t *task, isc_event_t *event0) {
 		goto cleanup;
 	}
 	name = dns_catz_entry_getname(ev->entry);
 	isc_buffer_init(&namebuf, nameb, DNS_NAME_FORMATSIZE);
-	dns_name_totext(dns_catz_entry_getname(ev->entry), true, &namebuf);
+	dns_name_totext(name, true, &namebuf);
 	isc_buffer_putuint8(&namebuf, 0);
-	result = dns_zt_find(ev->view->zonetable,
+	result = dns_fwdtable_find(ev->view->fwdtable, name, NULL,
-			     dns_catz_entry_getname(ev->entry), 0, NULL, &zone);
+				   &dnsforwarders);
 	if (result == ISC_R_SUCCESS &&
 	    dnsforwarders->fwdpolicy == dns_fwdpolicy_only) {
 		isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
 			      NAMED_LOGMODULE_SERVER, ISC_LOG_WARNING,
 			      "catz: catz_addmodzone_taskaction: "
 			      "zone '%s' will not be processed because of the "
 			      "explicitly configured forwarding for that zone",
 			      nameb);
 		goto cleanup;
 	}
 	result = dns_zt_find(ev->view->zonetable, name, 0, NULL, &zone);
 	if (ev->mod) {
 		dns_catz_zone_t *parentcatz;
@ -2799,8 +2815,7 @@ catz_addmodzone_taskaction(isc_task_t *task, isc_event_t *event0) {
 	}
 	/* Is it there yet? */
-	CHECK(dns_zt_find(ev->view->zonetable,
+	CHECK(dns_zt_find(ev->view->zonetable, name, 0, NULL, &zone));
 			  dns_catz_entry_getname(ev->entry), 0, NULL, &zone));
 	/*
 	 * Load the zone from the master file.	If this fails, we'll
@ -5784,8 +5799,10 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config,
 			 */
 			result = dns_fwdtable_find(view->fwdtable, name, NULL,
 						   &dnsforwarders);
-			if (result == ISC_R_SUCCESS &&
+			if ((result == ISC_R_SUCCESS ||
-			    dnsforwarders->fwdpolicy == dns_fwdpolicy_only) {
+			     result == DNS_R_PARTIALMATCH) &&
 			    dnsforwarders->fwdpolicy == dns_fwdpolicy_only)
 			{
 				continue;
 			}
@ -5870,8 +5887,10 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config,
 			 */
 			result = dns_fwdtable_find(view->fwdtable, name, NULL,
 						   &dnsforwarders);
-			if (result == ISC_R_SUCCESS &&
+			if ((result == ISC_R_SUCCESS ||
-			    dnsforwarders->fwdpolicy == dns_fwdpolicy_only) {
+			     result == DNS_R_PARTIALMATCH) &&
 			    dnsforwarders->fwdpolicy == dns_fwdpolicy_only)
 			{
 				continue;
 			}
--- a/lib/dns/forward.c
+++ b/lib/dns/forward.c
@ -176,13 +176,8 @@ dns_fwdtable_find(dns_fwdtable_t *fwdtable, const dns_name_t *name,
 	REQUIRE(VALID_FWDTABLE(fwdtable));
 	RWLOCK(&fwdtable->rwlock, isc_rwlocktype_read);
 	result = dns_rbt_findname(fwdtable->table, name, 0, foundname,
 				  (void **)forwardersp);
 	if (result == DNS_R_PARTIALMATCH) {
 		result = ISC_R_SUCCESS;
 	}
 	RWUNLOCK(&fwdtable->rwlock, isc_rwlocktype_read);
 	return (result);
--- a/lib/dns/include/dns/forward.h
+++ b/lib/dns/include/dns/forward.h
@ -102,8 +102,10 @@ dns_fwdtable_find(dns_fwdtable_t *fwdtable, const dns_name_t *name,
 * \li	foundname to be NULL or a valid name with buffer.
 *
 * Returns:
- * \li	#ISC_R_SUCCESS
+ * \li	#ISC_R_SUCCESS         Success
- * \li	#ISC_R_NOTFOUND
+ * \li	#DNS_R_PARTIALMATCH    Superdomain found with data
 * \li	#ISC_R_NOTFOUND        No match
 * \li	#ISC_R_NOSPACE         Concatenating nodes to form foundname failed
 */
 void
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@ -3593,7 +3593,7 @@ fctx_getaddresses(fetchctx_t *fctx, bool badcache) {
 		domain = dns_fixedname_initname(&fixed);
 		result = dns_fwdtable_find(res->view->fwdtable, name, domain,
 					   &forwarders);
-		if (result == ISC_R_SUCCESS) {
+		if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH) {
 			fwd = ISC_LIST_HEAD(forwarders->fwdrs);
 			fctx->fwdpolicy = forwarders->fwdpolicy;
 			dns_name_copy(domain, fctx->fwdname);
@ -4783,7 +4783,7 @@ fctx_create(dns_resolver_t *res, const dns_name_t *name, dns_rdatatype_t type,
 		/* Find the forwarder for this name. */
 		result = dns_fwdtable_find(fctx->res->view->fwdtable, fwdname,
 					   fname, &forwarders);
-		if (result == ISC_R_SUCCESS) {
+		if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH) {
 			fctx->fwdpolicy = forwarders->fwdpolicy;
 			dns_name_copy(fname, fctx->fwdname);
 		}
@ -6840,7 +6840,7 @@ name_external(const dns_name_t *name, dns_rdatatype_t type, fetchctx_t *fctx) {
 		/*
 		 * See if the forwarder declaration is better.
 		 */
-		if (result == ISC_R_SUCCESS) {
+		if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH) {
 			return (!dns_name_equal(fname, fctx->fwdname));
 		}
@ -6849,7 +6849,7 @@ name_external(const dns_name_t *name, dns_rdatatype_t type, fetchctx_t *fctx) {
 		 * changed: play it safe and don't cache.
 		 */
 		return (true);
-	} else if (result == ISC_R_SUCCESS &&
+	} else if ((result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH) &&
 		   forwarders->fwdpolicy == dns_fwdpolicy_only &&
 		   !ISC_LIST_EMPTY(forwarders->fwdrs))
 	{