DNS API should reject qnames that aren't in a zone managed by the box

see https://discourse.mailinabox.email/t/set-www-a-and-other-dns-records-after-install/63/10

DNS API should reject qnames that aren't in a zone managed by the box
see https://discourse.mailinabox.email/t/set-www-a-and-other-dns-records-after-install/63/10
c7c3bd33 · Joshua Tauberer · 16371535 · c7c3bd33
Commit c7c3bd33 authored Sep 21, 2014 by Joshua Tauberer
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 1 deletion

dns_update.py management/dns_update.py +11 -1

No files found.
--- a/management/dns_update.py
+++ b/management/dns_update.py
@@ -596,7 +596,17 @@ def write_opendkim_tables(zonefiles, env):
 ########################################################################

 def set_custom_dns_record(qname, rtype, value, env):
-	# validate
+	# validate qname
+	for zone, fn in get_dns_zones(env):
+		# It must match a zone apex or be a subdomain of a zone
+		# that we are otherwise hosting.
+		if qname == zone or qname.endswith("."+zone):
+			break
+	else:
+		# No match.
+		raise ValueError("%s is not a domain name or a subdomain of a domain name managed by this box." % qname)
+
+	# validate rtype
 	rtype = rtype.upper()
 	if value is not None:
 		if rtype in ("A", "AAAA"):