Merge pull request #73 from peteeckel/fix/allow-cname-and-nsec

CNAME and NSEC for the same name must be allowed
peteeckel · Oct 16, 2023 · 8cb60bd · 8cb60bd
2 parents 7c1281f + 5265484
commit 8cb60bd
Show file tree

Hide file tree

Showing 2 changed files with 58 additions and 2 deletions.
diff --git a/netbox_dns/models.py b/netbox_dns/models.py
@@ -970,14 +970,17 @@ def clean(self, *args, **kwargs):
         )
 
         if self.type == RecordTypeChoices.CNAME:
-            if records.exists():
+            if records.exclude(type=RecordTypeChoices.NSEC).exists():
                 raise ValidationError(
                     {
                         "type": f"There is already an active record for name {self.name} in zone {self.zone}, CNAME is not allowed."
                     }
                 ) from None
 
-        elif records.filter(type=RecordTypeChoices.CNAME).exists():
+        elif (
+            records.filter(type=RecordTypeChoices.CNAME).exists()
+            and self.type != RecordTypeChoices.NSEC
+        ):
             raise ValidationError(
                 {
                     "type": f"There is already an active CNAME record for name {self.name} in zone {self.zone}, no other record allowed."

diff --git a/netbox_dns/tests/record/test_validation.py b/netbox_dns/tests/record/test_validation.py
@@ -203,6 +203,32 @@ def test_name_and_cname(self):
         with self.assertRaises(ValidationError):
             f_record2.save()
 
+    def test_nsec_and_cname(self):
+        f_zone = self.zones[0]
+
+        name1 = "test1"
+        name2 = "test2"
+
+        f_record1 = Record(
+            zone=f_zone,
+            name=name1,
+            type=RecordTypeChoices.NSEC,
+            value="test2.zone1.example.com. A MX RRSIG NSEC",
+            **self.record_data,
+        )
+        f_record1.save()
+
+        f_record2 = Record(
+            zone=f_zone,
+            name=name1,
+            type=RecordTypeChoices.CNAME,
+            value=name2,
+            **self.record_data,
+        )
+        f_record2.save()
+
+        self.assertEqual(Record.objects.filter(name=name1, zone=f_zone).count(), 2)
+
     def test_cname_and_name(self):
         f_zone = self.zones[0]
 
@@ -230,6 +256,33 @@ def test_cname_and_name(self):
         with self.assertRaises(ValidationError):
             f_record2.save()
 
+    def test_cname_and_nsec(self):
+        f_zone = self.zones[0]
+
+        name1 = "test1"
+        name2 = "test2"
+        address = "fe80:dead:beef:1::42"
+
+        f_record1 = Record(
+            zone=f_zone,
+            name=name1,
+            type=RecordTypeChoices.CNAME,
+            value=name2,
+            **self.record_data,
+        )
+        f_record1.save()
+
+        f_record2 = Record(
+            zone=f_zone,
+            name=name1,
+            type=RecordTypeChoices.NSEC,
+            value="test2.zone1.example.com. A MX RRSIG NSEC",
+            **self.record_data,
+        )
+        f_record2.save()
+
+        self.assertEqual(Record.objects.filter(name=name1, zone=f_zone).count(), 2)
+
     def test_double_singletons(self):
         f_zone = self.zones[1]