diff --git a/DnsServerCore/Dns/Zones/PrimarySubDomainZone.cs b/DnsServerCore/Dns/Zones/PrimarySubDomainZone.cs index c94fd6c3..2d919ea2 100644 --- a/DnsServerCore/Dns/Zones/PrimarySubDomainZone.cs +++ b/DnsServerCore/Dns/Zones/PrimarySubDomainZone.cs @@ -54,6 +54,16 @@ namespace DnsServerCore.Dns.Zones public override void SetRecords(DnsResourceRecordType type, IReadOnlyList records) { + if (_primaryZone.DnssecStatus != AuthZoneDnssecStatus.Unsigned) + { + switch (type) + { + case DnsResourceRecordType.ANAME: + case DnsResourceRecordType.APP: + throw new DnsServerException("The record type is not supported by DNSSEC signed primary zones."); + } + } + switch (type) { case DnsResourceRecordType.SOA: @@ -66,6 +76,9 @@ namespace DnsServerCore.Dns.Zones case DnsResourceRecordType.NSEC3: throw new InvalidOperationException("Cannot set DNSSEC records."); + case DnsResourceRecordType.FWD: + throw new DnsServerException("The record type is not supported by primary zones."); + default: if (records[0].OriginalTtlValue > _primaryZone.GetZoneSoaExpire()) throw new DnsServerException("Failed to set records: TTL cannot be greater than SOA EXPIRE."); @@ -85,6 +98,16 @@ namespace DnsServerCore.Dns.Zones public override void AddRecord(DnsResourceRecord record) { + if (_primaryZone.DnssecStatus != AuthZoneDnssecStatus.Unsigned) + { + switch (record.Type) + { + case DnsResourceRecordType.ANAME: + case DnsResourceRecordType.APP: + throw new DnsServerException("The record type is not supported by DNSSEC signed primary zones."); + } + } + switch (record.Type) { case DnsResourceRecordType.DNSKEY: @@ -94,6 +117,9 @@ namespace DnsServerCore.Dns.Zones case DnsResourceRecordType.NSEC3: throw new InvalidOperationException("Cannot add DNSSEC record."); + case DnsResourceRecordType.FWD: + throw new DnsServerException("The record type is not supported by primary zones."); + default: if (record.OriginalTtlValue > _primaryZone.GetZoneSoaExpire()) throw new DnsServerException("Failed to add record: TTL cannot be greater than SOA EXPIRE.");