From c39f973279205be278e50058f01af9931181e981 Mon Sep 17 00:00:00 2001 From: Gemini Bot Date: Mon, 15 Dec 2025 03:55:09 +0000 Subject: [PATCH] fix: Enforce DNS Name matches Device Name for Forward Zone generation --- sync.py | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/sync.py b/sync.py index e925dc1..966c1ea 100644 --- a/sync.py +++ b/sync.py @@ -171,6 +171,31 @@ def generate_zone_file_fwd(ipam_data, plugin_records): short_name = dns_name.replace(f".{ZONE_NAME}", "") if short_name == "": short_name = "@" + # Check: DNS Name muss zum Device/VM Namen passen (wenn zugewiesen) + # Verhindert, dass externe IPs auf anderen Hosts (Split-Brain) hier landen. + assigned = ip.get('assigned_object') + if assigned: + device_name = None + if 'device' in assigned and assigned['device']: + device_name = assigned['device']['name'] + elif 'virtual_machine' in assigned and assigned['virtual_machine']: + device_name = assigned['virtual_machine']['name'] + + if device_name: + # Case-Insensitive Vergleich + d_norm = device_name.lower() + s_norm = short_name.lower() + + # Erlaube Match mit Shortname ODER Full-FQDN als Devicename + fqdn_norm = dns_name.lower().rstrip('.') + + if d_norm != s_norm and d_norm != fqdn_norm: + # Ausnahme: Wenn der Shortname "device-name-irgendwas" ist? + # Nein, User will strikte Trennung. + # Wir loggen das als Info, damit man es debuggen kann. + # log(f"DEBUG: Skipping {dns_name} on device {device_name} (Mismatch)") + continue + if ":" in address: rtype = "AAAA" else: