From 526548486aa3dbd12af2c3c1af82e3217c328c62 Mon Sep 17 00:00:00 2001
From: Peter Eckel <pe-git@hindenburgring.com>
Date: Mon, 16 Oct 2023 21:24:19 +0200
Subject: [PATCH] CNAME and NSEC for the same name must be allowed

---
 netbox_dns/models.py                       |  7 ++-
 netbox_dns/tests/record/test_validation.py | 53 ++++++++++++++++++++++
 2 files changed, 58 insertions(+), 2 deletions(-)

diff --git a/netbox_dns/models.py b/netbox_dns/models.py
index f51d49bb..fcab52bb 100644
--- a/netbox_dns/models.py
+++ b/netbox_dns/models.py
@@ -970,14 +970,17 @@ def clean(self, *args, **kwargs):
         )
 
         if self.type == RecordTypeChoices.CNAME:
-            if records.exists():
+            if records.exclude(type=RecordTypeChoices.NSEC).exists():
                 raise ValidationError(
                     {
                         "type": f"There is already an active record for name {self.name} in zone {self.zone}, CNAME is not allowed."
                     }
                 ) from None
 
-        elif records.filter(type=RecordTypeChoices.CNAME).exists():
+        elif (
+            records.filter(type=RecordTypeChoices.CNAME).exists()
+            and self.type != RecordTypeChoices.NSEC
+        ):
             raise ValidationError(
                 {
                     "type": f"There is already an active CNAME record for name {self.name} in zone {self.zone}, no other record allowed."
diff --git a/netbox_dns/tests/record/test_validation.py b/netbox_dns/tests/record/test_validation.py
index ff4ebe07..5ac4a97b 100644
--- a/netbox_dns/tests/record/test_validation.py
+++ b/netbox_dns/tests/record/test_validation.py
@@ -203,6 +203,32 @@ def test_name_and_cname(self):
         with self.assertRaises(ValidationError):
             f_record2.save()
 
+    def test_nsec_and_cname(self):
+        f_zone = self.zones[0]
+
+        name1 = "test1"
+        name2 = "test2"
+
+        f_record1 = Record(
+            zone=f_zone,
+            name=name1,
+            type=RecordTypeChoices.NSEC,
+            value="test2.zone1.example.com. A MX RRSIG NSEC",
+            **self.record_data,
+        )
+        f_record1.save()
+
+        f_record2 = Record(
+            zone=f_zone,
+            name=name1,
+            type=RecordTypeChoices.CNAME,
+            value=name2,
+            **self.record_data,
+        )
+        f_record2.save()
+
+        self.assertEqual(Record.objects.filter(name=name1, zone=f_zone).count(), 2)
+
     def test_cname_and_name(self):
         f_zone = self.zones[0]
 
@@ -230,6 +256,33 @@ def test_cname_and_name(self):
         with self.assertRaises(ValidationError):
             f_record2.save()
 
+    def test_cname_and_nsec(self):
+        f_zone = self.zones[0]
+
+        name1 = "test1"
+        name2 = "test2"
+        address = "fe80:dead:beef:1::42"
+
+        f_record1 = Record(
+            zone=f_zone,
+            name=name1,
+            type=RecordTypeChoices.CNAME,
+            value=name2,
+            **self.record_data,
+        )
+        f_record1.save()
+
+        f_record2 = Record(
+            zone=f_zone,
+            name=name1,
+            type=RecordTypeChoices.NSEC,
+            value="test2.zone1.example.com. A MX RRSIG NSEC",
+            **self.record_data,
+        )
+        f_record2.save()
+
+        self.assertEqual(Record.objects.filter(name=name1, zone=f_zone).count(), 2)
+
     def test_double_singletons(self):
         f_zone = self.zones[1]