Commit 6438a774 authored by Lubos Slovak's avatar Lubos Slovak

ixfr: Format checking + removed redundant test

- If the IXFR response contains no records or the first record is
  not SOA, consider it malformed and fail the transfer.
- AXFR-style IXFR both master side and slave side are checked in
  one test, removed the other.
parent e0964b5e
......@@ -667,11 +667,27 @@ int ixfr_query(knot_pkt_t *pkt, struct query_data *qdata)
return ret;
}
static int check_format(knot_pkt_t *pkt)
{
const knot_pktsection_t *answer = knot_pkt_section(pkt, KNOT_ANSWER);
if (answer->count >= 1 && answer->rr[0].type == KNOT_RRTYPE_SOA) {
return KNOT_EOK;
} else {
return KNOT_EMALF;
}
}
int ixfr_process_answer(knot_pkt_t *pkt, struct answer_data *adata)
{
if (pkt == NULL || adata == NULL) {
return KNOT_NS_PROC_FAIL;
}
if (check_format(pkt) != KNOT_EOK) {
IXFRIN_LOG(LOG_WARNING, "malformed response");
return KNOT_NS_PROC_FAIL;
}
if (adata->ext == NULL) {
/* Check for AXFR-style IXFR. */
......@@ -697,8 +713,7 @@ int ixfr_process_answer(knot_pkt_t *pkt, struct answer_data *adata)
NS_NEED_TSIG_SIGNED(&adata->param->tsig_ctx, 0);
if (!zone_transfer_needed(adata->param->zone, pkt)) {
if (knot_pkt_section(pkt, KNOT_ANSWER)->count > 1) {
IXFRIN_LOG(LOG_WARNING, "malformed IXFR response"
" (old data), ignoring");
IXFRIN_LOG(LOG_WARNING, "old data, ignoring");
} else {
/* Single-SOA answer. */
IXFRIN_LOG(LOG_INFO, "zone is up-to-date");
......
......@@ -22,7 +22,7 @@ master.update_zonefile(zone, version=1)
master.reload()
master.zone_wait(zone, serial)
# check that master really sends AXFR-style IXFR
# check that master properly sends AXFR-style IXFR
t.check_axfr_style_ixfr(master, "xfr", serial)
serial = slave.zone_wait(zone, serial)
......@@ -45,7 +45,7 @@ master.reload()
master.zone_wait(zone, serial)
slave.zone_wait(zone, serial)
# check that master really sends AXFR-style IXFR
# check that master properly sends AXFR-style IXFR again
t.check_axfr_style_ixfr(master, "xfr", serial)
t.xfr_diff(master, slave, zone)
......
$ORIGIN example.com.
$TTL 3600
@ SOA dns1 hostmaster 2010111201 10800 3600 1209600 7200
NS dns1
NS dns2
MX 10 mail
dns1 A 192.0.2.1
AAAA 2001:DB8::1
dns2 A 192.0.2.2
AAAA 2001:DB8::2
mail A 192.0.2.3
AAAA 2001:DB8::3
$ORIGIN example.com.
$TTL 3600
@ SOA dns1 hostmaster 2010111202 10800 3600 1209600 7200
NS dns1
NS dns2
MX 10 mail
dns1 A 192.0.2.1
AAAA 2001:DB8::1
dns2 A 192.0.2.2
AAAA 2001:DB8::2
mail A 192.0.2.3
AAAA 2001:DB8::3
#!/usr/bin/env python3
'''Test for fallback IXFR->AXFR with Knot master'''
from dnstest.test import Test
t = Test()
knot = t.server("knot")
zone = t.zone("example.com.", storage=".")
t.link(zone, knot, ixfr=False)
t.start()
# Wait for AXFR to slave server.
serial_init = knot.zone_wait(zone)
# 2nd version of the zone, differing only in serial, so that there is quite
# a difference between AXFR and IXFR
knot.update_zonefile(zone, 1)
knot.reload()
# Check if IXFR gives answer in the format of AXFR
t.check_axfr_style_ixfr(knot, "example.com.", serial_init)
t.end()
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment