MIME-Version: 1.0 In-Reply-To: <568E4DD6.8080106@redhat.com> X-Mailer: MIME-tools 5.505 (Entity 5.505) Content-Disposition: inline X-RT-Interface: Web References: <568E4DD6.8080106@redhat.com> Content-Type: text/plain; charset="utf-8" Message-ID: Content-Transfer-Encoding: binary X-RT-Original-Encoding: utf-8 RT-Send-CC: X-RT-Encrypt: 0 X-RT-Sign: 0 Content-Length: 1614 This is the way to check this. I've just coded this and submitted it for review with supporting changes. @@ -1969,6 +1975,32 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions, result = ISC_R_FAILURE; /* + * Check that a RFC 1918 / ULA reverse zone is not forward first + * unless explictly configured to be so. + */ + if (ztype == FORWARDZONE && (rfc1918 || ula)) { + obj = NULL; + (void)cfg_map_get(zoptions, "forward", &obj); + if (obj == NULL) { + /* + * Forward mode not explicity configured. + */ + if (voptions != NULL) + cfg_map_get(voptions, "forward", &obj); + if (obj == NULL && goptions != NULL) + cfg_map_get(goptions, "forward", &obj); + if (obj == NULL || + strcasecmp(cfg_obj_asstring(obj), "first") == 0) + cfg_obj_log(zconfig, logctx, ISC_LOG_WARNING, + "inherited 'forward first;' for " + "%s zone '%s' - did you want " + "'forward only;'?", + rfc1918 ? "rfc1918" : "ula", + znamestr); + } + } + + /* * Check validity of static stub server addresses. */ obj = NULL;