fix: skip endswith guard for regex zones in check_rrset_allowed

teunis90 · teunis90 · commit a5a90b23d6dd · 2026-03-25T16:32:24.000+01:00
When zone.regex is True, zone.name is a pattern like '.*' rather than a real DNS name. The endswith guard was always False for these zones, causing regex_records to never be evaluated and all writes to be denied. Fixes #196
diff --git a/powerdns_api_proxy/config.py b/powerdns_api_proxy/config.py
@@ -155,7 +155,7 @@ def check_rrset_allowed(zone: ProxyConfigZone, rrset: RRSET) -> bool:
     if zone.all_records:
         return True
 
-    if not rrset["name"].rstrip(".").endswith(zone.name.rstrip(".")):
+    if not zone.regex and not rrset["name"].rstrip(".").endswith(zone.name.rstrip(".")):
         logger.debug("RRSET not allowed, because zone does not match")
         return False
 
