From ab27c10e8522a4ab07924ffef7b51a38bcd2da00 Mon Sep 17 00:00:00 2001
From: Demian <demian@pytech.de>
Date: Thu, 14 Sep 2023 09:10:45 +0200
Subject: [PATCH 1/2] Updated validation for DNS DMARC creation/update fixes
 #6575

Before the query checked if there is a TXT record that starts
with 'v=DKIM' and has '._domainkey' in the name to validate
that a DKIM record exists as DMARC needs it. Now we check either
for the TXT record as before or if there is a CNAME record that
has '._domainkey' in the name as it is possible that we only
direct towards the record within another zone entierly.
---
 interface/web/dns/dns_dmarc_edit.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/interface/web/dns/dns_dmarc_edit.php b/interface/web/dns/dns_dmarc_edit.php
index e194aeb835..65bf8efd65 100644
--- a/interface/web/dns/dns_dmarc_edit.php
+++ b/interface/web/dns/dns_dmarc_edit.php
@@ -226,9 +226,8 @@ class page_action extends tform_actions {
 
 		$domain_name = rtrim($soa['origin'], '.');
 		// DMARC requieres at least one active dkim-record...
-		$sql = "SELECT * FROM dns_rr
-					LEFT JOIN dns_soa ON (dns_rr.zone=dns_soa.id)
-					WHERE dns_soa.origin = ? AND dns_rr.name LIKE ? AND type='TXT' AND data like 'v=DKIM1;%' AND dns_rr.active='Y'";
+		$sql = "SELECT * FROM dns_rr LEFT JOIN dns_soa ON (dns_rr.zone=dns_soa.id)
+            WHERE dns_soa.origin = ? AND dns_rr.name LIKE ? AND ((type='TXT' AND data LIKE 'v=DKIM%') OR type='CNAME') AND dns_rr.active='Y'";
 		$temp = $app->db->queryAllRecords($sql, $soa['origin'], '%._domainkey%');
 		if (empty($temp)) {
 			if (isset($app->tform->errorMessage )) $app->tform->errorMessage = '<br/>' . $app->tform->errorMessage;
-- 
GitLab


From 108f0673fb97d4be754fd436041cdbb99d6e97d9 Mon Sep 17 00:00:00 2001
From: Thom <thom@amsterdamtech.nl>
Date: Thu, 14 Sep 2023 16:23:49 +0000
Subject: [PATCH 2/2] Apply 1 suggestion(s) to 1 file(s)

---
 interface/web/dns/dns_dmarc_edit.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/interface/web/dns/dns_dmarc_edit.php b/interface/web/dns/dns_dmarc_edit.php
index 65bf8efd65..c2c54c6659 100644
--- a/interface/web/dns/dns_dmarc_edit.php
+++ b/interface/web/dns/dns_dmarc_edit.php
@@ -226,8 +226,9 @@ class page_action extends tform_actions {
 
 		$domain_name = rtrim($soa['origin'], '.');
 		// DMARC requieres at least one active dkim-record...
-		$sql = "SELECT * FROM dns_rr LEFT JOIN dns_soa ON (dns_rr.zone=dns_soa.id)
-            WHERE dns_soa.origin = ? AND dns_rr.name LIKE ? AND ((type='TXT' AND data LIKE 'v=DKIM%') OR type='CNAME') AND dns_rr.active='Y'";
+		$sql = "SELECT * FROM dns_rr
+					LEFT JOIN dns_soa ON (dns_rr.zone=dns_soa.id)
+					WHERE dns_soa.origin = ? AND dns_rr.name LIKE ? AND ((type='TXT' AND data LIKE 'v=DKIM%') OR type='CNAME') AND dns_rr.active='Y'";
 		$temp = $app->db->queryAllRecords($sql, $soa['origin'], '%._domainkey%');
 		if (empty($temp)) {
 			if (isset($app->tform->errorMessage )) $app->tform->errorMessage = '<br/>' . $app->tform->errorMessage;
-- 
GitLab