diff options
Diffstat (limited to 'bin/named/update.c')
| -rw-r--r-- | bin/named/update.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/bin/named/update.c b/bin/named/update.c index a526b02a1024..badf8fe1081f 100644 --- a/bin/named/update.c +++ b/bin/named/update.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -3017,6 +3017,19 @@ update_action(isc_task_t *task, isc_event_t *event) { goto failure; } } + if (! ISC_LIST_EMPTY(diff.tuples)) { + result = dns_zone_cdscheck(zone, db, ver); + if (result == DNS_R_BADCDS || result == DNS_R_BADCDNSKEY) { + update_log(client, zone, LOGLEVEL_PROTOCOL, + "update rejected: bad %s RRset", + result == DNS_R_BADCDS ? "CDS" : "CDNSKEY"); + result = DNS_R_REFUSED; + goto failure; + } + if (result != ISC_R_SUCCESS) + goto failure; + + } /* * If any changes were made, increment the SOA serial number, |