47 lines
1.6 KiB
Diff
47 lines
1.6 KiB
Diff
From d7011a55d3e7f06fbbb764678ef204e4e51d6f8b Mon Sep 17 00:00:00 2001
|
|
From: Mark Andrews <marka@isc.org>
|
|
Date: Thu, 25 Feb 2021 14:11:05 +1100
|
|
Subject: [PATCH] Unload a zone if a transfer breaks its SOA record
|
|
|
|
If a zone transfer results in a zone not having any NS records, named
|
|
stops serving it because such a zone is broken. Do the same if an
|
|
incoming zone transfer results in a zone lacking an SOA record at the
|
|
apex or containing more than one SOA record.
|
|
Conflict: NA
|
|
Reference: https://gitlab.isc.org/isc-projects/bind9/-/commit/d7011a55d3e7f06fbbb764678ef204e4e51d6f8b
|
|
---
|
|
lib/dns/zone.c | 15 ++++++++++++---
|
|
1 file changed, 12 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/lib/dns/zone.c b/lib/dns/zone.c
|
|
index 9866f85184..0797d004ae 100644
|
|
--- a/lib/dns/zone.c
|
|
+++ b/lib/dns/zone.c
|
|
@@ -15987,11 +15987,20 @@ zone_xfrdone(dns_zone_t *zone, isc_result_t result) {
|
|
&retry, &expire, &minimum, NULL);
|
|
ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
|
|
if (result == ISC_R_SUCCESS) {
|
|
- if (soacount != 1)
|
|
+ if (soacount != 1) {
|
|
dns_zone_log(zone, ISC_LOG_ERROR,
|
|
"transferred zone "
|
|
- "has %d SOA record%s", soacount,
|
|
- (soacount != 0) ? "s" : "");
|
|
+ "has %d SOA records",
|
|
+ soacount);
|
|
+ if (DNS_ZONE_FLAG(zone,
|
|
+ DNS_ZONEFLG_HAVETIMERS)) {
|
|
+ zone->refresh = DNS_ZONE_DEFAULTREFRESH;
|
|
+ zone->retry = DNS_ZONE_DEFAULTRETRY;
|
|
+ }
|
|
+ DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_HAVETIMERS);
|
|
+ zone_unload(zone);
|
|
+ goto next_master;
|
|
+ }
|
|
if (nscount == 0) {
|
|
dns_zone_log(zone, ISC_LOG_ERROR,
|
|
"transferred zone "
|
|
--
|
|
2.23.0
|
|
|