DNS fix NS record coexistence validator

NS can coexistent only with A, AAAA, DS, NS record Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Martin Kosek <mkosek@redhat.com>
2025-02-25 18:55:28 -06:00 · 2014-08-21 18:08:10 +02:00 · 2014-08-21 18:08:10 +02:00 · f605fe8614
commit f605fe8614
parent 2863fc94b2
1 changed files with 17 additions and 6 deletions
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@ -2894,11 +2894,23 @@ class dnsrecord(LDAPObject):
                    error=_('only one DNAME record is allowed per name '
                            '(RFC 6672, section 2.4)'))
            # DNAME must not coexist with CNAME, but this is already checked earlier
-            if rrattrs.get('nsrecord') and not keys[1].is_empty():
-                raise errors.ValidationError(name='dnamerecord',
-                      error=_('DNAME record is not allowed to coexist with an '
-                              'NS record except when located in a zone root '
-                              'record (RFC 6672, section 2.3)'))
+
+        # NS record validation
+        # NS record can coexist only with A, AAAA, DS, and other NS records (except zone apex)
+        # RFC 2181 section 6.1,
+        allowed_records = ['AAAA', 'A', 'DS', 'NS']
+        nsrecords = rrattrs.get('nsrecord')
+        if nsrecords and not self.is_pkey_zone_record(*keys):
+            for r_type in _record_types:
+                if (r_type not in allowed_records
+                    and rrattrs.get('%srecord' % r_type.lower())
+                ):
+                    raise errors.ValidationError(
+                        name='nsrecord',
+                        error=_('NS record is not allowed to coexist with an '
+                                '%(type)s record except when located in a '
+                                'zone root record (RFC 2181, section 6.1)') %
+                                {'type': r_type})

    def check_record_type_dependencies(self, keys, rrattrs):
        # Test that all record type dependencies are satisfied
@ -2914,7 +2926,6 @@ class dnsrecord(LDAPObject):
                error=_('DS record requires to coexist with an '
                         'NS record (RFC 4592 section 4.6, RFC 4035 section 2.4)'))

-
    def _entry2rrsets(self, entry_attrs, dns_name, dns_domain):
        '''Convert entry_attrs to a dictionary {rdtype: rrset}.