From 7a35ebccc55c4823d8a314d5dad2cdfc8d664f1b Mon Sep 17 00:00:00 2001
From: Miraty <miraty+git@antopie.org>
Date: Tue, 30 Aug 2022 22:34:09 +0200
Subject: [PATCH] Check upstream NS for ns/ and AAAA/A for ht/

---
 public/ht/add-http-dns.php | 8 ++++++++
 public/ns/zone-add.php     | 6 ++++++
 2 files changed, 14 insertions(+)

diff --git a/public/ht/add-http-dns.php b/public/ht/add-http-dns.php
index 1b2b6bf..2d7d3be 100644
--- a/public/ht/add-http-dns.php
+++ b/public/ht/add-http-dns.php
@@ -44,6 +44,14 @@ if ($dirsStatuses[$_POST['dir']] !== false)
 if (query('select', 'sites', ['domain' => $_POST['domain']], 'domain') !== [])
 	userError("Ce domaine existe déjà sur ce service.");
 
+$remoteAaaaRecords = array_column(dns_get_record($_POST['domain'], DNS_AAAA), 'ipv6');
+if (array_merge(array_diff($remoteAaaaRecords, [CONF['ht']['ipv6_address']]), array_diff([CONF['ht']['ipv6_address']], $remoteAaaaRecords)) !== [])
+	userError("Ce domaine doit avoir pour enregistrement AAAA <code>" . CONF['ht']['ipv6_address'] . "</code>.");
+
+$remoteARecords = array_column(dns_get_record($_POST['domain'], DNS_A), 'ip');
+if (array_merge(array_diff($remoteARecords, [CONF['ht']['ipv4_address']]), array_diff([CONF['ht']['ipv4_address']], $remoteARecords)) !== [])
+	userError("Ce domaine doit avoir pour enregistrement A <code>" . CONF['ht']['ipv4_address'] . "</code>.");
+
 addSite($_SESSION['username'], $_POST['dir'], $_POST['domain'], "dns", "http");
 
 $nginxConf = 'server {
diff --git a/public/ns/zone-add.php b/public/ns/zone-add.php
index 378cb90..8caaa38 100644
--- a/public/ns/zone-add.php
+++ b/public/ns/zone-add.php
@@ -15,6 +15,12 @@ $_POST['domain'] = formatAbsoluteDomain($_POST['domain']);
 if (query('select', 'zones', ['zone' => $_POST['domain']], 'zone') !== [])
 	userError("Cette zone existe déjà sur ce service.");
 
+$remoteNsRecords = array_column(dns_get_record($_POST['domain'], DNS_NS), 'target');
+foreach ($remoteNsRecords as $i => $remoteNsRecord)
+	$remoteNsRecords[$i] = formatAbsoluteDomain($remoteNsRecord);
+if (array_merge(array_diff($remoteNsRecords, CONF['ns']['servers']), array_diff(CONF['ns']['servers'], $remoteNsRecords)) !== [])
+	userError("Ce domaine n'a pas les bons enregistrements NS.");
+
 $db = new PDO('sqlite:' . DB_PATH);
 $stmt = $db->prepare("INSERT INTO zones(zone, username) VALUES(:zone, :username)");