error on allow-update and allow-update-forwarding at options/view level

bin/tests/system/checkconf/bad-allow-update-forwarding-view.conf

@@ -0,0 +1,14 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+view {
+	allow-update-forwarding { any; };
+};

bin/tests/system/checkconf/bad-allow-update-forwarding.conf

@@ -0,0 +1,14 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+	allow-update-forwarding { any; };
+};

bin/tests/system/checkconf/bad-allow-update-view.conf

@@ -0,0 +1,14 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+view {
+	allow-update { any; };
+};

bin/tests/system/checkconf/bad-allow-update.conf

@@ -0,0 +1,14 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+	allow-update { any; };
+};

bin/tests/system/checkconf/good.conf

@@ -133,6 +133,9 @@ view "third" {
 	zone "dnssec" {
 		type master;
 		file "file";
+		allow-update {
+			"any";
+		};
 		auto-dnssec maintain;
 	};
 	zone "p" {
@@ -145,9 +148,6 @@ view "third" {
 			1.2.3.4;
 		};
 	};
-	allow-update {
-		"any";
-	};
 };
 view "chaos" chaos {
 	zone "hostname.bind" chaos {

lib/bind9/check.c

@@ -484,6 +484,43 @@ check_viewacls(cfg_aclconfctx_t *actx, const cfg_obj_t *voptions,
 	return (result);
 }
 
+static isc_result_t
+check_non_viewacls(const cfg_obj_t *voptions, const cfg_obj_t *config,
+		   isc_log_t *logctx)
+{
+	const cfg_obj_t *aclobj = NULL;
+	const cfg_obj_t *options;
+	const char *where = NULL;
+	int i;
+
+	static const char *acls[] = {
+		"allow-update", "allow-update-forwarding", NULL
+	};
+
+	for (i = 0; acls[i] != NULL; i++) {
+		if (voptions != NULL && aclobj == NULL) {
+			cfg_map_get(voptions, acls[i], &aclobj);
+			where = "view";
+		}
+		if (config != NULL && aclobj == NULL) {
+			options = NULL;
+			cfg_map_get(config, "options", &options);
+			if (options != NULL) {
+				cfg_map_get(options, acls[i], &aclobj);
+				where = "options";
+			}
+		}
+		if (aclobj != NULL) {
+			cfg_obj_log(aclobj, logctx, ISC_LOG_ERROR,
+				    "'%s' can only be set per-zone, "
+				    "not in '%s'", acls[i], where);
+			return (ISC_R_FAILURE);
+		}
+	}
+
+	return (ISC_R_SUCCESS);
+}
+
 static const unsigned char zeros[16];
 
 static isc_result_t
@@ -3692,6 +3729,11 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
 	if (tresult != ISC_R_SUCCESS)
 		result = tresult;
 
+	tresult = check_non_viewacls(voptions, config, logctx);
+	if (tresult != ISC_R_SUCCESS) {
+		result = tresult;
+	}
+
 	tresult = check_recursionacls(actx, voptions, viewname,
 				      config, logctx, mctx);
 	if (tresult != ISC_R_SUCCESS)