From c7c3bd33cf396a704ef8e03656cd4efe5ec50721 Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Sun, 21 Sep 2014 13:20:37 +0000 Subject: [PATCH] DNS API should reject qnames that aren't in a zone managed by the box see https://discourse.mailinabox.email/t/set-www-a-and-other-dns-records-after-install/63/10 --- management/dns_update.py | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/management/dns_update.py b/management/dns_update.py index 74dcb419..0a4ab7a0 100755 --- a/management/dns_update.py +++ b/management/dns_update.py @@ -596,7 +596,17 @@ def write_opendkim_tables(zonefiles, env): ######################################################################## def set_custom_dns_record(qname, rtype, value, env): - # validate + # validate qname + for zone, fn in get_dns_zones(env): + # It must match a zone apex or be a subdomain of a zone + # that we are otherwise hosting. + if qname == zone or qname.endswith("."+zone): + break + else: + # No match. + raise ValueError("%s is not a domain name or a subdomain of a domain name managed by this box." % qname) + + # validate rtype rtype = rtype.upper() if value is not None: if rtype in ("A", "AAAA"):