s4-dns: Ignore zones that shouldn't be returned currently

RootDNSServers should never be returned (Windows DNS server don't)
..TrustAnchors should never be returned as is, (Windows returns
TrustAnchors) and for the moment we don't support DNSSEC so we'd better
not return this zone.

Fix bug #9265 - Bind dlz fails to start if there is a trustedanchors zone.

diff --git a/source4/dns_server/dns_server.c b/source4/dns_server/dns_server.c
index b768feb73e77fa48f0eb0e00aaaf14cb169bca8c..5be5379683f27aecb11a501e898d903423ac3363 100644 (file)
--- a/source4/dns_server/dns_server.c
+++ b/source4/dns_server/dns_server.c
@@ -832,7 +832,20 @@ static void dns_task_init(struct task_server *task)
 
                z->name = ldb_msg_find_attr_as_string(res->msgs[i], "name", NULL);
                z->dn = talloc_move(z, &res->msgs[i]->dn);
-
+               /*
+                * Ignore the RootDNSServers zone and zones that we don't support yet
+                * RootDNSServers should never be returned (Windows DNS server don't)
+                * ..TrustAnchors should never be returned as is, (Windows returns
+                * TrustAnchors) and for the moment we don't support DNSSEC so we'd better
+                * not return this zone.
+                */
+               if ((strcmp(z->name, "RootDNSServers") == 0) ||
+                   (strcmp(z->name, "..TrustAnchors") == 0))
+               {
+                       DEBUG(10, ("Ignoring zone %s\n", z->name));
+                       talloc_free(z);
+                       continue;
+               }
                DLIST_ADD_END(dns->zones, z, NULL);
        }