Verify mirror zone AXFRs

Update axfr_commit() so that all incoming versions of a mirror zone transferred using AXFR are verified before being used. If zone verification fails, discard the received version of the zone, wait until the next refresh and retry.
2018-06-28 13:38:39 +02:00
parent eaf1c0f6eb
commit d86f1d00ad
10 changed files with 184 additions and 0 deletions
--- a/bin/tests/system/mirror/setup.sh
+++ b/bin/tests/system/mirror/setup.sh
@@ -17,3 +17,8 @@ $SHELL clean.sh
 copy_setports ns1/named.conf.in ns1/named.conf
 copy_setports ns2/named.conf.in ns2/named.conf
 copy_setports ns3/named.conf.in ns3/named.conf
+
+( cd ns2 && $SHELL -e sign.sh )
+
+cat ns2/verify-axfr.db.bad.signed > ns2/verify-axfr.db.signed
+cat ns2/verify-untrusted.db.original.signed > ns2/verify-untrusted.db.signed