Skip to content
Snippets Groups Projects
Commit 6438a774 authored by Lubos Slovak's avatar Lubos Slovak
Browse files

ixfr: Format checking + removed redundant test 

- If the IXFR response contains no records or the first record is
  not SOA, consider it malformed and fail the transfer.
- AXFR-style IXFR both master side and slave side are checked in
  one test, removed the other.
parent e0964b5e
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 19 additions and 63 deletions
src/knot/nameserver/ixfr.c
+ 17
2
View file @ 6438a774
......@@ -667,11 +667,27 @@ int ixfr_query(knot_pkt_t *pkt, struct query_data *qdata)
return ret;
}
static int check_format(knot_pkt_t *pkt)
{
const knot_pktsection_t *answer = knot_pkt_section(pkt, KNOT_ANSWER);
if (answer->count >= 1 && answer->rr[0].type == KNOT_RRTYPE_SOA) {
return KNOT_EOK;
} else {
return KNOT_EMALF;
}
}
int ixfr_process_answer(knot_pkt_t *pkt, struct answer_data *adata)
{
if (pkt == NULL || adata == NULL) {
return KNOT_NS_PROC_FAIL;
}
if (check_format(pkt) != KNOT_EOK) {
IXFRIN_LOG(LOG_WARNING, "malformed response");
return KNOT_NS_PROC_FAIL;
}
if (adata->ext == NULL) {
/* Check for AXFR-style IXFR. */
......@@ -697,8 +713,7 @@ int ixfr_process_answer(knot_pkt_t *pkt, struct answer_data *adata)
NS_NEED_TSIG_SIGNED(&adata->param->tsig_ctx, 0);
if (!zone_transfer_needed(adata->param->zone, pkt)) {
if (knot_pkt_section(pkt, KNOT_ANSWER)->count > 1) {
IXFRIN_LOG(LOG_WARNING, "malformed IXFR response"
" (old data), ignoring");
IXFRIN_LOG(LOG_WARNING, "old data, ignoring");
} else {
/* Single-SOA answer. */
IXFRIN_LOG(LOG_INFO, "zone is up-to-date");
......
tests-extra/tests/ixfr/axfr_style_slave/test.py tests-extra/tests/ixfr/axfr_style/test.py
+ 2
2
View file @ 6438a774
......@@ -22,7 +22,7 @@ master.update_zonefile(zone, version=1)
master.reload()
master.zone_wait(zone, serial)
# check that master really sends AXFR-style IXFR
# check that master properly sends AXFR-style IXFR
t.check_axfr_style_ixfr(master, "xfr", serial)
serial = slave.zone_wait(zone, serial)
......@@ -45,7 +45,7 @@ master.reload()
master.zone_wait(zone, serial)
slave.zone_wait(zone, serial)
# check that master really sends AXFR-style IXFR
# check that master properly sends AXFR-style IXFR again
t.check_axfr_style_ixfr(master, "xfr", serial)
t.xfr_diff(master, slave, zone)
......
tests-extra/tests/ixfr/axfr_style_master/data/example.com.zone deleted 100644 → 0
+ 0
16
View file @ e0964b5e
$ORIGIN example.com.
$TTL 3600
@ SOA dns1 hostmaster 2010111201 10800 3600 1209600 7200
NS dns1
NS dns2
MX 10 mail
dns1 A 192.0.2.1
AAAA 2001:DB8::1
dns2 A 192.0.2.2
AAAA 2001:DB8::2
mail A 192.0.2.3
AAAA 2001:DB8::3
tests-extra/tests/ixfr/axfr_style_master/data/example.com.zone.1 deleted 100644 → 0
+ 0
16
View file @ e0964b5e
$ORIGIN example.com.
$TTL 3600
@ SOA dns1 hostmaster 2010111202 10800 3600 1209600 7200
NS dns1
NS dns2
MX 10 mail
dns1 A 192.0.2.1
AAAA 2001:DB8::1
dns2 A 192.0.2.2
AAAA 2001:DB8::2
mail A 192.0.2.3
AAAA 2001:DB8::3
tests-extra/tests/ixfr/axfr_style_master/test.py deleted 100644 → 0
+ 0
27
View file @ e0964b5e
#!/usr/bin/env python3
'''Test for fallback IXFR->AXFR with Knot master'''
from dnstest.test import Test
t = Test()
knot = t.server("knot")
zone = t.zone("example.com.", storage=".")
t.link(zone, knot, ixfr=False)
t.start()
# Wait for AXFR to slave server.
serial_init = knot.zone_wait(zone)
# 2nd version of the zone, differing only in serial, so that there is quite
# a difference between AXFR and IXFR
knot.update_zonefile(zone, 1)
knot.reload()
# Check if IXFR gives answer in the format of AXFR
t.check_axfr_style_ixfr(knot, "example.com.", serial_init)
t.end()
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment