From 998b2d5a57d97bea49c69a6ad8a7da5c7d129d6f Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Thu, 16 Apr 2020 16:54:09 +1000 Subject: [PATCH] Warn about AXFR streams that are incompatible with BIND 9.18 --- CHANGES | 3 +++ lib/dns/xfrin.c | 10 +++++++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 9bb43f2f69..edfd9cacba 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +5387. [func] Warn about AXFR streams that are incompatible with + BIND 9.17.2. [GL #1674] + 5386. [cleanup] Address Coverity warnings in keymgr.c [GL #1737] diff --git a/lib/dns/xfrin.c b/lib/dns/xfrin.c index 4c5f2e820c..5040f7334f 100644 --- a/lib/dns/xfrin.c +++ b/lib/dns/xfrin.c @@ -111,7 +111,7 @@ struct dns_xfrin_ctx { dns_name_t name; /*%< Name of zone to transfer */ dns_rdataclass_t rdclass; - bool checkid; + bool checkid, logit; dns_messageid_t id; /*% @@ -836,6 +836,7 @@ xfrin_create(isc_mem_t *mctx, dns_zone_t *zone, dns_db_t *db, isc_task_t *task, dns_name_init(&xfr->name, NULL); xfr->rdclass = rdclass; xfr->checkid = true; + xfr->logit = true; xfr->id = (dns_messageid_t)isc_random16(); xfr->reqtype = reqtype; xfr->dscp = dscp; @@ -1146,6 +1147,7 @@ xfrin_send_request(dns_xfrin_ctx_t *xfr) { } xfr->checkid = true; + xfr->logit = true; xfr->id++; xfr->nmsg = 0; xfr->nrecs = 0; @@ -1316,6 +1318,12 @@ xfrin_recv_done(isc_task_t *task, isc_event_t *ev) { xfr->state = XFRST_SOAQUERY; (void)xfrin_start(xfr); return; + } else if (!xfr->checkid && msg->id != xfr->id && xfr->logit) { + xfrin_log(xfr, ISC_LOG_WARNING, + "detected message ID mismatch on incoming AXFR " + "stream, transfer will fail in BIND 9.17.2 and " + "later if AXFR source is not fixed"); + xfr->logit = false; } /*