Bug #8619
closedDomains improperly checked when registering DHCP static mappings
0%
Description
There is a bug in the Register DHCP Static Mappings feature of BIND zones. I've noticed that if I create DHCP static mappings with a domain such as "domain.com", if I have zones that are subdomain of "domain.com", such as "sub1.domain.com" and "sub2.domain.com", then these subdomain zones will also be populated with the static DHCP mappings of "domain.com". This is not the expected behavior.
I've narrowed it down to https://github.com/pfsense/FreeBSD-ports/blob/devel/dns/pfSense-pkg-bind9/files/usr/local/pkg/bind.inc line 576 where the PHP function array_diff_assoc is used to compare the domain defined for a given static DHCP mapping and a given zone's domain. This function "Returns an array containing all the values from array1 that are not present in any of the other arrays.". So with array1 being the DHCP static mapping domain and array2 being the current loop iteration's zone name, it is normal that array1 (["com", "domain"]) does not have any values that are not already contained in the other array (such as ["com", "domain", "sub1"]). Therefore it returns an empty array with a length of zero, which triggers the behavior to create the static DHCP mapping.
By replacing the array_diff_assoc function with an equality comparison it replaces the above behavior with one which I believe is the correct one, which is to only register DHCP static mappings in the zone that is an exact match for the domain specified for that DHCP mapping:
--- bind.inc.orig-magi 2018-06-20 16:56:03.522194000 -0400 +++ bind.inc.change-magi 2018-06-21 09:01:15.353851000 -0400 @@ -566,8 +566,7 @@ } } else { $parts = array_reverse(explode('.', $domain)); - $diff = array_diff_assoc($parts, $zoneparts); - if (count($diff) == 0) { + if ($parts === $zoneparts) { $zone_conf .= "{$host['hostname']}\tIN A\t{$host['ipaddr']}\n"; } }
I will submit a PR for this issue.
Thanks,
-Martin