pdns
pdns copied to clipboard
Published
20 hours ago •
PowerDNS
PowerDNS
API calls "GET /servers/{server_id}/zones/{zone_id}" with query parameters 'rrset_name' doesn't limit to the specified RRSets
- [X] This is not a support question, I have read about opensource and will send support questions to the IRC channel, Github Discussions or the mailing list.
- [X] I have read and understood the 'out in the open' support policy
- Program: Authoritative
- Issue type: Bug report
Short description
Calling the API "GET /servers/{server_id}/zones/{zone_id}" with query parameters 'rrset_name' and rrset_type doesn't limit the output to the specified RRSet.
For example, it returns the comments for another RRSet
Environment
- Operating system: kubernetes
- Software version: 4.8.4
- Software source: below output from
pdns_server --version
Jul 30 14:18:04 Features: libcrypto-ecdsa libcrypto-ed25519 libcrypto-ed448 libcrypto-eddsa lua lua-records PKCS#11 protobuf sodium curl DoT scrypt
Jul 30 14:18:04 Built-in modules:
Jul 30 14:18:04 Configured with: " '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--runstatedir=/run' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--enable-option-checking=fatal' '--sysconfdir=/etc/pdns' '--disable-static' '--disable-dependency-tracking' '--disable-silent-rules' '--with-modules=' '--with-lua=luajit' '--with-dynmodules= bind gmysql gpgsql pipe remote ldap lua2 gsqlite3 tinydns' '--enable-tools' '--with-libsodium' '--enable-ixfrdist' '--enable-unit-tests' '--enable-lua-records' '--enable-experimental-pkcs11' '--enable-dns-over-tls' '--enable-systemd' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CC=gcc' 'CFLAGS=-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' 'LDFLAGS=-Wl,-z,relro -Wl,--as-needed -Wl,-z,pack-relative-relocs -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld-errors -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes ' 'CPPFLAGS=-DLDAP_DEPRECATED' 'CXX=g++' 'CXXFLAGS=-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' 'LT_SYS_LIBRARY_PATH=/usr/lib64:' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'"
Steps to reproduce
- Create a zone:
cat > zone.json <<EOF
{"name": "helloworld.com.", "kind": "Native", "masters": [], "nameservers": ["ns1.helloworld.com.", "ns2.helloworld.com."]}
EOF
curl -X POST -H "X-API-Key: secret" -H "Content-Type: application/json" [email protected] "http://localhost:8081/api/v1/servers/localhost/zones"
- Create the records
cat > record-test.helloworld.com.json <<EOF
{
"rrsets":
[
{
"name": "test.helloworld.com.",
"type": "A",
"ttl": 3600,
"changetype": "REPLACE",
"comments":
[
{
"account": "powerdns-operator",
"content": "a very important comment",
"modified_at": 1722338368
}
],
"records":
[
{
"content": "1.1.1.1",
"disabled": false
},
{
"content": "2.2.2.2",
"disabled": false
}
]
}
]
}
EOF
cat > record-test1.helloworld.com.json <<EOF
{
"rrsets":
[
{
"name": "test1.helloworld.com.",
"type": "A",
"ttl": 3600,
"changetype": "REPLACE",
"records":
[
{
"content": "1.1.1.1",
"disabled": false
}
]
}
]
}
EOF
curl -X PATCH -H "X-API-Key: secret" -H "Content-Type: application/json" [email protected] "http://localhost:8081/api/v1/servers/localhost/zones/helloworld.com"
curl -X PATCH -H "X-API-Key: secret" -H "Content-Type: application/json" [email protected] "http://localhost:8081/api/v1/servers/localhost/zones/helloworld.com"
- Verify informations
curl -H "X-API-Key: secret" "http://localhost:8081/api/v1/servers/localhost/zones/helloworld.com"
{
"account": "",
"api_rectify": false,
"catalog": "",
"dnssec": false,
"edited_serial": 2024073004,
"id": "helloworld.com.",
"kind": "Native",
"last_check": 0,
"master_tsig_key_ids": [],
"masters": [],
"name": "helloworld.com.",
"notified_serial": 0,
"nsec3narrow": false,
"nsec3param": "",
"rrsets": [
{
"comments":
[
{
"account": "powerdns-operator",
"content": "a very important comment",
"modified_at": 1722345870
}
],
"name": "test.helloworld.com.",
"records":
[
{
"content": "1.1.1.1",
"disabled": false
},
{
"content": "2.2.2.2",
"disabled": false
}
],
"ttl": 300,
"type": "A"
},
{
"comments":
[],
"name": "test1.helloworld.com.",
"records":
[
{
"content": "1.1.1.1",
"disabled": false
}
],
"ttl": 300,
"type": "A"
},
{
"comments":
[],
"name": "helloworld.com.",
"records":
[
{
"content": "a.misconfigured.dns.server.invalid. hostmaster.helloworld.com. 2024073004 10800 3600 604800 3600",
"disabled": false
}
],
"ttl": 1500,
"type": "SOA"
},
{
"comments":
[],
"name": "helloworld.com.",
"records":
[
{
"content": "ns1.helloworld.com.",
"disabled": false
},
{
"content": "ns2.helloworld.com.",
"disabled": false
}
],
"ttl": 1500,
"type": "NS"
}
],
"serial": 2024073004,
"slave_tsig_key_ids":
[],
"soa_edit": "",
"soa_edit_api": "DEFAULT",
"url": "/api/v1/servers/localhost/zones/helloworld.com."
}
- Get informations about Zone for a specific RRSet
curl -H "X-API-Key: secret" "http://localhost:8083/api/v1/servers/localhost/zones/helloworld.com?rrset_name=test1.helloworld.com&rrset_type=A"
{
"account": "",
"api_rectify": false,
"catalog": "",
"dnssec": false,
"edited_serial": 2024073004,
"id": "helloworld.com.",
"kind": "Native",
"last_check": 0,
"master_tsig_key_ids":
[],
"masters":
[],
"name": "helloworld.com.",
"notified_serial": 0,
"nsec3narrow": false,
"nsec3param": "",
"rrsets":
[
{
"comments":
[
{
"account": "powerdns-operator",
"content": "a very important comment",
"modified_at": 1722345870
}
],
"name": "test.helloworld.com.",
"records":
[],
"ttl": 0,
"type": "A"
},
{
"comments":
[],
"name": "test1.helloworld.com.",
"records":
[
{
"content": "1.1.1.1",
"disabled": false
}
],
"ttl": 300,
"type": "A"
}
],
"serial": 2024073004,
"slave_tsig_key_ids":
[],
"soa_edit": "",
"soa_edit_api": "DEFAULT",
"url": "/api/v1/servers/localhost/zones/helloworld.com."
}
Expected behaviour
I expected the output for step 4. not to include the following rrset:
{
"comments":
[
{
"account": "powerdns-operator",
"content": "a very important comment",
"modified_at": 1722345870
}
],
"name": "test.helloworld.com.",
"records":
[],
"ttl": 0,
"type": "A"
},
Actual behaviour
See step 4.
