s4 dns: Only forward for zones we don't own

diff --git a/source4/dns_server/dns_query.c b/source4/dns_server/dns_query.c
index e57512c488307d4f669be83b7b019bc368642a4d..9d287bd3a421b07f2309cd2574eced1125e1ac22 100644 (file)
--- a/source4/dns_server/dns_query.c
+++ b/source4/dns_server/dns_query.c
@@ -226,8 +226,9 @@ WERROR dns_server_process_query(struct dns_server *dns,
                return DNS_ERR(NOT_IMPLEMENTED);
        }
 
                return DNS_ERR(NOT_IMPLEMENTED);
        }
 

-       werror = handle_question(dns, mem_ctx, &in->questions[0], &ans, &num_answers);
-       if(W_ERROR_EQUAL(DNS_ERR(NAME_ERROR), werror)) {
+       if (dns_authorative_for_zone(dns, in->questions[0].name)) {
+               werror = handle_question(dns, mem_ctx, &in->questions[0], &ans, &num_answers);
+       } else {

                DEBUG(2, ("I don't feel responsible for '%s', forwarding\n", in->questions[0].name));
                werror = ask_forwarder(mem_ctx, &in->questions[0], &ans, &num_answers,
                                       &ns, &num_nsrecs, &adds, &num_additional);
                DEBUG(2, ("I don't feel responsible for '%s', forwarding\n", in->questions[0].name));
                werror = ask_forwarder(mem_ctx, &in->questions[0], &ans, &num_answers,
                                       &ns, &num_nsrecs, &adds, &num_additional);

diff --git a/source4/dns_server/dns_server.h b/source4/dns_server/dns_server.h
index 53d63063180c6b9956cdbc24ae0efeda27b27085..718df00dd8bf6e783c693a8858736d3c7bb17371 100644 (file)
--- a/source4/dns_server/dns_server.h
+++ b/source4/dns_server/dns_server.h
@@ -59,6 +59,8 @@ bool dns_name_match(const char *zone, const char *name, size_t *host_part_len);
 bool dns_name_equal(const char *name1, const char *name2);
 bool dns_records_match(struct dnsp_DnssrvRpcRecord *rec1,
                       struct dnsp_DnssrvRpcRecord *rec2);
 bool dns_name_equal(const char *name1, const char *name2);
 bool dns_records_match(struct dnsp_DnssrvRpcRecord *rec1,
                       struct dnsp_DnssrvRpcRecord *rec2);

+bool dns_authorative_for_zone(struct dns_server *dns,
+                             const char *name);

 WERROR dns_lookup_records(struct dns_server *dns,
                          TALLOC_CTX *mem_ctx,
                          struct ldb_dn *dn,
 WERROR dns_lookup_records(struct dns_server *dns,
                          TALLOC_CTX *mem_ctx,
                          struct ldb_dn *dn,

diff --git a/source4/dns_server/dns_utils.c b/source4/dns_server/dns_utils.c
index 1f7648cd5b418c140db771b2c2b554dc7215f1aa..b4f308c0279473c631e072cc148cc13db2442d10 100644 (file)
--- a/source4/dns_server/dns_utils.c
+++ b/source4/dns_server/dns_utils.c
@@ -294,6 +294,34 @@ WERROR dns_replace_records(struct dns_server *dns,
        return WERR_OK;
 }
 
        return WERR_OK;
 }
 

+bool dns_authorative_for_zone(struct dns_server *dns,
+                             const char *name)
+{
+       const struct dns_server_zone *z;
+       size_t host_part_len = 0;
+
+       if (name == NULL) {
+               return false;
+       }
+
+       if (strcmp(name, "") == 0) {
+               return true;
+       }
+       for (z = dns->zones; z != NULL; z = z->next) {
+               bool match;
+
+               match = dns_name_match(z->name, name, &host_part_len);
+               if (match) {
+                       break;
+               }
+       }
+       if (z == NULL) {
+               return false;
+       }
+
+       return true;
+}
+

 WERROR dns_name2dn(struct dns_server *dns,
                   TALLOC_CTX *mem_ctx,
                   const char *name,
 WERROR dns_name2dn(struct dns_server *dns,
                   TALLOC_CTX *mem_ctx,
                   const char *name,