drop packets from 100% impossible sources

diff --git a/pdns/ixfrdist.cc b/pdns/ixfrdist.cc
index ca7d18c0968d6beaba5a1ea7cb964e2dfa42f3cb..2b00ecb36350be7f14c2c51b023aa3d36acebd3e 100644 (file)
--- a/pdns/ixfrdist.cc
+++ b/pdns/ixfrdist.cc
@@ -913,6 +913,11 @@ try
     return;
   }
 
+  if (!allowedByACL(saddr, true) && !allowedByACL(saddr, false)) {
+    g_log<<Logger::Warning<<"UDP query from "<<saddr.toString()<<" did not match any valid query or NOTIFY source, dropping"<<endl;
+    return;
+  }
+
   MOADNSParser mdp(true, string(&buf[0], static_cast<size_t>(res)));
   vector<uint8_t> packet;