Do not allow dangerous operations on secondary zones unless --force.

This applies to: add-record, delete-rrset, edit-zone, increase-serial and replace-rrset. Fixes #11392, #15130
PowerDNS · Feb 12, 2025 · 443fefa · 443fefa
1 parent b731e9d
commit 443fefa
Showing 1 changed file with 41 additions and 0 deletions.
diff --git a/pdns/pdnsutil.cc b/pdns/pdnsutil.cc
@@ -61,6 +61,7 @@ string g_programname="pdns";
 
 namespace {
   bool g_verbose;
+  bool g_force;
 }
 
 ArgvMap &arg()
@@ -945,6 +946,17 @@ static int increaseSerial(const DNSName& zone, DNSSECKeeper &dk)
     return -1;
   }
 
+  DomainInfo info;
+  if (!B.getDomainInfo(zone, info, false)) {
+    cout << "[Warning] Unable to get zone information for zone '" << zone << "'" << endl;
+    cout << "Hopefully you know what you are doing and this is a primary zone." << endl;
+  }
+  else {
+    if (info.isSecondaryType() && !g_force) {
+      throw PDNSException("Operation on a secondary zone is not allowed unless --force");
+    }
+  }
+
   string soaEditKind;
   dk.getSoaEdit(zone, soaEditKind);
 
@@ -1204,6 +1216,28 @@ static int editZone(const DNSName &zone, const PDNSColors& col) {
     return EXIT_FAILURE;
   }
 
+  if (isatty(STDIN_FILENO) == 0) {
+    cerr << "edit-zone requires a terminal" << endl;
+    return EXIT_FAILURE;
+  }
+
+  if (di.isSecondaryType() && !g_force) {
+    cout << "Zone '" << zone << "' is not a primary zone." << endl;
+    while (true) {
+      cout << "Edit the zone anyway? (N/y) " << std::flush;
+      int resp = read1char();
+      if (resp != '\n') {
+        cout << endl;
+      }
+      if (resp == 'y' || resp == 'Y') {
+        break;
+      }
+      if (resp == 'n' || resp == 'N' || resp == '\n') {
+        return EXIT_FAILURE;
+      }
+    }
+  }
+
   /* ensure that the temporary file will only
      be accessible by the current user, not even
      by other users in the same group, and certainly
@@ -1596,6 +1630,9 @@ static int addOrReplaceRecord(bool addOrReplace, const vector<string>& cmds) {
     cerr << "Zone '" << zone << "' does not exist" << endl;
     return EXIT_FAILURE;
   }
+  if (di.isSecondaryType() && !g_force) {
+    throw PDNSException("Operation on a secondary zone is not allowed unless --force");
+  }
   rr.auth = true;
   rr.domain_id = di.id;
   rr.qname = name;
@@ -1718,6 +1755,9 @@ static int deleteRRSet(const std::string& zone_, const std::string& name_, const
     cerr << "Zone '" << zone << "' does not exist" << endl;
     return EXIT_FAILURE;
   }
+  if (di.isSecondaryType() && !g_force) {
+    throw PDNSException("Operation on a secondary zone is not allowed unless --force");
+  }
 
   DNSName name;
   if(name_=="@")
@@ -4582,6 +4622,7 @@ try
   }
 
   g_verbose = g_vm.count("verbose") != 0;
+  g_force = g_vm.count("force") != 0;
 
   if (g_vm.count("version") != 0) {
     cout<<"pdnsutil "<<VERSION<<endl;