Commit 12e1f957 authored by Vitezslav Kriz's avatar Vitezslav Kriz

zone-size-limit: limit ddns

parent 3b0faffd
......@@ -403,7 +403,7 @@ static int ixfrin_finalize(struct answer_data *adata)
IXFRIN_LOG(LOG_WARNING, "zone size exceeded");
update_rollback(&a_ctx);
update_free_zone(&new_contents);
return KNOT_STATE_FAIL;
return KNOT_EZONESIZE;
}
/* Write changes to journal. */
......
......@@ -154,7 +154,7 @@ static int process_normal(conf_t *conf, zone_t *zone, list_t *requests)
// Apply changes.
ret = zone_update_commit(conf, &up);
if (ret != KNOT_EOK) {
if (ret == KNOT_ETTL) {
if (ret == KNOT_ETTL || ret == KNOT_EZONESIZE) {
set_rcodes(requests, KNOT_RCODE_REFUSED);
} else {
set_rcodes(requests, KNOT_RCODE_SERVFAIL);
......
......@@ -696,6 +696,20 @@ int zone_update_commit(conf_t *conf, zone_update_t *update)
}
}
conf_val_t val = conf_zone_get(conf, C_MAX_ZONE_SIZE, update->zone->name);
int64_t size_limit = conf_int(&val);
if (new_contents != NULL && new_contents->size > size_limit) {
if (update->flags & UPDATE_FULL) {
update->new_cont = NULL;
} else if (update->flags & UPDATE_INCREMENTAL) {
update_rollback(&update->a_ctx);
update_free_zone(&new_contents);
changeset_clear(&update->change);
}
return KNOT_EZONESIZE;
}
/* If there is anything to change */
if (new_contents != NULL) {
/* Switch zone contents. */
......
......@@ -83,6 +83,7 @@ enum knot_error {
KNOT_EDSDIGESTLEN,
KNOT_ENOTSIG,
KNOT_ELIMIT,
KNOT_EZONESIZE,
KNOT_EWRITABLE,
KNOT_EOF,
KNOT_ESYSTEM,
......
......@@ -82,6 +82,7 @@ static const struct error errors[] = {
{ KNOT_EDSDIGESTLEN, "DS digest length does not match digest type" },
{ KNOT_ENOTSIG, "expected a TSIG or SIG(0)" },
{ KNOT_ELIMIT, "exceeded response rate limit" },
{ KNOT_EZONESIZE, "zone size exceeded" },
{ KNOT_EWRITABLE, "file is not writable" },
{ KNOT_EOF, "end of file" },
{ KNOT_ESYSTEM, "system error" },
......
#!/usr/bin/env python3
'''Test for checking zone size limit with DDNS update'''
from dnstest.test import Test
t = Test()
master = t.server("knot")
zone = t.zone("example.com.")
master.zone_size_limit = 500
t.link(zone, master, ddns=True)
t.start()
master.zones_wait(zone)
update = master.update(zone)
update.add("test.example.com.", 1, "TXT", "passed")
update.send("NOERROR")
resp = master.dig("test.example.com.", "TXT")
resp.check("passed")
t.sleep(5)
update = master.update(zone)
update.add("test.example.com.", 1, "TXT", "FAILED. This zone is larger than limit. More text: Lorem impsum dolor sit a met.")
update.delete("test.example.com.", "TXT", "passed")
update.send("REFUSED")
resp = master.dig("test.example.com.", "TXT")
resp.check("passed")
t.end()
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment