3873. [protocol] Only warn for SPF without TXT spf record. [RT #36210]

3b187cad · Mark Andrews · 0accdb26 · 3b187cad · 3b187cad · 3b187cad
Commit 3b187cad authored Jun 10, 2014 by Mark Andrews
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 16 deletions

CHANGES CHANGES +2 -0

bin/tests/system/spf/tests.sh bin/tests/system/spf/tests.sh +6 -9

lib/dns/zone.c lib/dns/zone.c +4 -7

No files found.
--- a/CHANGES
+++ b/CHANGES
+3873.	[protocol]	Only warn for SPF without TXT spf record. [RT #36210]
+
 3872.	[bug]		Address issues found by static analysis. [RT #36209]

 3871.	[bug]		Don't publish an activated key automatically before

--- a/bin/tests/system/spf/tests.sh
+++ b/bin/tests/system/spf/tests.sh
@@ -24,19 +24,16 @@ echo "I:checking that SPF warnings have been correctly generated ($n)"
 ret=0

 grep "zone spf/IN: loaded serial 0" ns1/named.run > /dev/null || ret=1
-grep "'x.spf' found SPF/TXT" ns1/named.run > /dev/null || ret=1
-grep "'y.spf' found SPF/SPF" ns1/named.run > /dev/null || ret=1
-grep "'spf' found SPF/" ns1/named.run > /dev/null && ret=1
+grep "'y.spf' found type SPF" ns1/named.run > /dev/null || ret=1
+grep "'spf' found type SPF" ns1/named.run > /dev/null && ret=1

 grep "zone warn/IN: loaded serial 0" ns1/named.run > /dev/null || ret=1
-grep "'x.warn' found SPF/TXT" ns1/named.run > /dev/null || ret=1
-grep "'y.warn' found SPF/SPF" ns1/named.run > /dev/null || ret=1
-grep "'warn' found SPF/" ns1/named.run > /dev/null && ret=1
+grep "'y.warn' found type SPF" ns1/named.run > /dev/null || ret=1
+grep "'warn' found type SPF" ns1/named.run > /dev/null && ret=1

 grep "zone nowarn/IN: loaded serial 0" ns1/named.run > /dev/null || ret=1
-grep "'x.nowarn' found SPF/" ns1/named.run > /dev/null && ret=1
-grep "'y.nowarn' found SPF/" ns1/named.run > /dev/null && ret=1
-grep "'nowarn' found SPF/" ns1/named.run > /dev/null && ret=1
+grep "'y.nowarn' found type SPF" ns1/named.run > /dev/null && ret=1
+grep "'nowarn' found type SPF" ns1/named.run > /dev/null && ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`

--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -2913,16 +2913,13 @@ integrity_checks(dns_zone_t *zone, dns_db_t *db) {
 		dns_rdataset_disassociate(&rdataset);

 notxt:
-		if (have_spf != have_txt) {
+		if (have_spf && !have_txt) {
 			char namebuf[DNS_NAME_FORMATSIZE];
-			const char *found = have_txt ? "TXT" : "SPF";
-			const char *need = have_txt ? "SPF" : "TXT";

 			dns_name_format(name, namebuf, sizeof(namebuf));
-			dns_zone_log(zone, ISC_LOG_WARNING, "'%s' found SPF/%s "
-				     "record but no SPF/%s record found, add "
-				     "matching type %s record", namebuf, found,
-				     need, need);
+			dns_zone_log(zone, ISC_LOG_WARNING, "'%s' found type "
+				     "SPF record but no SPF TXT record found, "
+				     "add matching type TXT record", namebuf);
 		}

 next: