Disallow TYPE0 to be queried or inserted into the database

The RR type 0 is a reserved type for SIG[1] resource record. It should not be ever inserted into the database nor queried. Add a special handling to bail out quickly with DNS_R_DISALLOWED when inserting and ISC_R_NOTFOUND when looking up TYPE0. This is also prerequisite for stricter checks in the follow-up commit. 1. https://www.rfc-editor.org/rfc/rfc2535#section-4.1.8.1
2025-08-31 06:25:31 +00:00 · 2025-08-07 08:08:24 +02:00
parent f7143dca3f
commit 76c027e949
4 changed files with 36 additions and 4 deletions
--- a/lib/dns/rdataslab.c
+++ b/lib/dns/rdataslab.c
@@ -341,6 +341,12 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
 			   isc_region_t *region, uint32_t maxrrperset) {
 	isc_result_t result;

+	if (rdataset->type == dns_rdatatype_none &&
+	    rdataset->covers == dns_rdatatype_none)
+	{
+		return DNS_R_DISALLOWED;
+	}
+
 	result = makeslab(rdataset, mctx, region, maxrrperset);
 	if (result == ISC_R_SUCCESS) {
 		dns_slabheader_t *new = (dns_slabheader_t *)region->base;