Commit 22c0177c authored by Libor Peltan's avatar Libor Peltan Committed by Daniel Salzman

freeze: REFUSE DDNS queries on frozen zone

parent 465caf49
......@@ -83,3 +83,10 @@ int internet_process_query(knot_pkt_t *pkt, struct query_data *qdata);
if (tsig_unsigned_count(tsig_ctx) > max_unsigned) { \
return KNOT_STATE_FAIL; \
}
/*! \brief Require the zone not to be frozen. */
#define NS_NEED_NOT_FROZEN(qdata, error_rcode) \
if ((qdata)->zone->events.ufrozen) { \
(qdata)->rcode = (error_rcode); \
return KNOT_STATE_FAIL; \
}
......@@ -417,6 +417,8 @@ int update_process_query(knot_pkt_t *pkt, struct query_data *qdata)
/* Check expiration. */
NS_NEED_ZONE_CONTENTS(qdata, KNOT_RCODE_SERVFAIL);
NS_NEED_NOT_FROZEN(qdata, KNOT_RCODE_REFUSED);
/* Restore original QNAME for DDNS ACL checks. */
process_query_qname_case_restore(qdata->query, qdata);
/* Store update into DDNS queue. */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment