Content-Transfer-Encoding: quoted-printable
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mx.pao1.isc.org
Return-Path: <marka@isc.org>
content-type: text/plain; charset="utf-8"
MIME-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
X-RT-Interface: Email
References: <RT-Ticket-47009@isc.org> <20180116173243.GA1449@jurassic> <rt-4.4.1-49390-1516145065-947.47009-4-0@isc.org>
Delivered-To: bind9-confidential@bugs.isc.org
X-RT-Original-Encoding: utf-8
From: "Mark Andrews" <marka@isc.org>
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx.pao1.isc.org", Issuer "COMODO RSA Organization Validation Secure Server CA" (not verified)) by bugs.isc.org (Postfix) with ESMTPS id 043D8D78B0D for <bind9-confidential@bugs.isc.org>; Tue, 16 Jan 2018 23:58:05 +0000 (UTC)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 77C5D3AB05B for <bind9-confidential@isc.org>; Tue, 16 Jan 2018 23:58:02 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 35D33160045 for <bind9-confidential@isc.org>; Tue, 16 Jan 2018 23:58:01 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 073F7160085 for <bind9-confidential@isc.org>; Tue, 16 Jan 2018 23:58:01 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id siutTR1ykHjf for <bind9-confidential@isc.org>; Tue, 16 Jan 2018 23:58:00 +0000 (UTC)
Received: from [172.30.42.90] (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id 7ACEA160045 for <bind9-confidential@isc.org>; Tue, 16 Jan 2018 23:58:00 +0000 (UTC)
X-Original-To: bind9-confidential@bugs.isc.org
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,T_RP_MATCHES_RCVD autolearn=disabled version=3.4.1
X-RT-Incoming-Encryption: Not encrypted
X-Mailer: Apple Mail (2.3273)
Subject: Re: [ISC-Bugs #47009] named accepts TKEY to load to a zone
In-Reply-To: <rt-4.4.1-49390-1516145065-947.47009-4-0@isc.org>
Date: Wed, 17 Jan 2018 10:57:58 +1100
Message-ID: <A8816C8E-0613-4228-A49E-2EADE393C02F@isc.org>
From marka@isc.org  Tue Jan 16 23:58:05 2018
To: bind9-confidential@isc.org
RT-Message-ID: <rt-4.4.1-49390-1516147086-1114.47009-0-0@isc.org>
Content-Length: 1287

    Already handled.

            if (update_class == zoneclass) {
                        /*
                         * Check for meta-RRs.  The RFC2136 pseudocode says
                         * check for ANY|AXFR|MAILA|MAILB, but the text adds
                         * "or any other QUERY metatype"
                         */
                        if (dns_rdatatype_ismeta(rdata.type)) {
                                FAILC(DNS_R_FORMERR,
                                      "meta-RR in update");
                        }
                        result = dns_zone_checknames(zone, name, &rdata);
                        if (result != ISC_R_SUCCESS)
                                FAIL(DNS_R_REFUSED);


> On 17 Jan 2018, at 10:24 am, Evan Hunt via RT <bind9-confidential@isc.org> wrote:
> 
> I don't think it's necessary to worry about xfrin, but I do think UPDATE is
> a good idea. I pushed a suggested change, but I haven't been able to come up
> with a working test, nsupdate doesn't seem to want to parse a TKEY rdata.
> I'm probably doing something wrong.
> 
> -- 
> Ticket History: https://bugs.isc.org/Ticket/Display.html?id=47009

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka@isc.org