From 3d6809ba1bb028febb7db7e83239981cd6463cbf Mon Sep 17 00:00:00 2001
From: Shreyas Zare <shreyas@technitium.com>
Date: Sat, 23 Nov 2024 13:14:04 +0530
Subject: [PATCH] WebServiceZonesApi: Added validatation code to prevent
 adding/updating glue addresses for zone's NS records.

---
 DnsServerCore/WebServiceZonesApi.cs | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/DnsServerCore/WebServiceZonesApi.cs b/DnsServerCore/WebServiceZonesApi.cs
index ff3005fd..dd81e026 100644
--- a/DnsServerCore/WebServiceZonesApi.cs
+++ b/DnsServerCore/WebServiceZonesApi.cs
@@ -3244,7 +3244,12 @@ namespace DnsServerCore
                         newRecord = new DnsResourceRecord(domain, type, DnsClass.IN, ttl, new DnsNSRecordData(nameServer));
 
                         if (!string.IsNullOrEmpty(glueAddresses))
+                        {
+                            if (zoneInfo.Name.Equals(domain, StringComparison.OrdinalIgnoreCase))
+                                throw new DnsWebServiceException("The zone's own NS records cannot have glue addresses. Please add separate A/AAAA records in the zone instead.");
+
                             newRecord.SetGlueRecords(glueAddresses);
+                        }
                     }
                     break;
 
@@ -3994,7 +3999,12 @@ namespace DnsServerCore
                         newRecord = new DnsResourceRecord(newDomain, type, DnsClass.IN, ttl, new DnsNSRecordData(newNameServer));
 
                         if (request.TryGetQueryOrForm("glue", out string glueAddresses))
+                        {
+                            if (zoneInfo.Name.Equals(domain, StringComparison.OrdinalIgnoreCase))
+                                throw new DnsWebServiceException("The zone's own NS records cannot have glue addresses. Please add separate A/AAAA records in the zone instead.");
+
                             newRecord.SetGlueRecords(glueAddresses);
+                        }
                     }
                     break;