stop crashing on out-of-zone data during inbound AXFR

diff --git a/pdns/ixfrdist.cc b/pdns/ixfrdist.cc
index 98fc97e820f82662f16f1ceeaef8c3b1af4fd0b8..7053c0e87e90d78d4b4df6f68e9d560dd9030a3a 100644 (file)
--- a/pdns/ixfrdist.cc
+++ b/pdns/ixfrdist.cc
@@ -342,6 +342,9 @@ void updateThread(const string& workdir, const uint16_t& keep, const uint16_t& a
           for(auto& dr : chunk) {
             if(dr.d_type == QType::TSIG)
               continue;
+            if(!dr.d_name.isPartOf(domain)) {
+              throw PDNSException("Out-of-zone data received during AXFR of "+domain.toLogString());
+            }
             dr.d_name.makeUsRelative(domain);
             records.insert(dr);
             nrecords++;

diff --git a/regression-tests.ixfrdist/test_IXFR.py b/regression-tests.ixfrdist/test_IXFR.py
index 23624c110ad618cc8560d9cf446587938aa5a6ec..217259583c51324d03e6f18f54e14c5e3992523e 100644 (file)
--- a/regression-tests.ixfrdist/test_IXFR.py
+++ b/regression-tests.ixfrdist/test_IXFR.py
@@ -36,7 +36,8 @@ class IXFRDistBasicTest(IXFRDistTest):
     global xfrServerPort
     _xfrDone = 0
     _config_domains = { 'example': '127.0.0.1:' + str(xfrServerPort),
-                        'example2': '127.0.0.1:1' } # bogus port is intentional
+                        'example2': '127.0.0.1:1',       # bogus port is intentional
+                        'example4': '127.0.0.1:' + str(xfrServerPort) }
 
     @classmethod
     def setUpClass(cls):