mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 14:07:59 +00:00
Code Issues Releases Wiki Activity

Don't allow dynamic updates of SIG records, since it either leaves the

Browse Source 
database in an inconsistent state or fails when it shouldn't.  This will be
supported at some point, but it's better to flat out refuse than fail badly.
This commit is contained in:
Brian Wellington
2000-05-27 00:07:52 +00:00
parent 7cd4c3ddd1
commit 311918e5a6
1 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
bin/named/update.c
View File

@@ -2069,11 +2069,18 @@ update_action(isc_task_t *task, isc_event_t *event) {
* "Unlike traditional dynamic update, the client * "Unlike traditional dynamic update, the client
* is forbidden from updating NXT records." * is forbidden from updating NXT records."
*/ */
if (dns_db_issecure(db) && rdata.type == dns_rdatatype_nxt) { if (dns_db_issecure(db)) {
if (rdata.type == dns_rdatatype_nxt) {
FAILC(DNS_R_REFUSED, FAILC(DNS_R_REFUSED,
"explicit NXT updates are not allowed " "explicit NXT updates are not allowed "
"in secure zones"); "in secure zones");
} }
else if (rdata.type == dns_rdatatype_sig) {
FAILC(DNS_R_REFUSED,
"explicit SIG updates are currently not "
"supported in secure zones");
}
}
if (ssutable != NULL && client->signer != NULL) { if (ssutable != NULL && client->signer != NULL) {
if (rdata.type != dns_rdatatype_any) { if (rdata.type != dns_rdatatype_any) {