uint32_t refresh=0;
std::string polName(zoneName);
size_t maxReceivedXFRMBytes = 0;
+ uint16_t axfrTimeout = 20;
uint32_t maxTTL = std::numeric_limits<uint32_t>::max();
ComboAddress localAddress;
if(options) {
if(have.count("localAddress")) {
localAddress = ComboAddress(boost::get<string>(constGet(have,"localAddress")));
}
+ if(have.count("axfrTimeout")) {
+ axfrTimeout = static_cast<uint16_t>(boost::get<uint32_t>(constGet(have, "axfrTimeout")));
+ }
}
ComboAddress master(master_, 53);
if (localAddress != ComboAddress() && localAddress.sin4.sin_family != master.sin4.sin_family) {
size_t zoneIdx = lci.dfe.addZone(zone);
if (!checkOnly) {
- auto sr=loadRPZFromServer(master, domain, zone, defpol, maxTTL, tt, maxReceivedXFRMBytes * 1024 * 1024, localAddress);
+ auto sr=loadRPZFromServer(master, domain, zone, defpol, maxTTL, tt, maxReceivedXFRMBytes * 1024 * 1024, localAddress, axfrTimeout);
if(refresh)
sr->d_st.refresh=refresh;
zone->setSerial(sr->d_st.serial);
- std::thread t(RPZIXFRTracker, master, DNSName(zoneName), defpol, maxTTL, zoneIdx, tt, sr, maxReceivedXFRMBytes * 1024 * 1024, localAddress);
+ std::thread t(RPZIXFRTracker, master, DNSName(zoneName), defpol, maxTTL, zoneIdx, tt, sr, maxReceivedXFRMBytes * 1024 * 1024, localAddress, axfrTimeout);
t.detach();
}
}
The source IP address to use when transferring the RPZ.
When unset, :ref:`setting-query-local-address` and :ref:`setting-query-local-address6` are used.
+axfrTimeout
+^^^^^^^^^^^
+.. versionadded:: 4.1.2
+ Before 4.1.2, the timeout was fixed on 10 seconds.
+
+The timeout in seconds of the total initial AXFR transaction.
+20 by default.
+
Policy Actions
--------------
}
-void RPZIXFRTracker(const ComboAddress& master, const DNSName& zoneName, boost::optional<DNSFilterEngine::Policy> defpol, uint32_t maxTTL, size_t zoneIdx, const TSIGTriplet& tt, shared_ptr<SOARecordContent> oursr, size_t maxReceivedBytes, const ComboAddress& localAddress)
+void RPZIXFRTracker(const ComboAddress& master, const DNSName& zoneName, boost::optional<DNSFilterEngine::Policy> defpol, uint32_t maxTTL, size_t zoneIdx, const TSIGTriplet& tt, shared_ptr<SOARecordContent> oursr, size_t maxReceivedBytes, const ComboAddress& localAddress, const uint16_t axfrTimeout)
{
uint32_t refresh = oursr->d_st.refresh;
for(;;) {
}
}
-shared_ptr<SOARecordContent> loadRPZFromServer(const ComboAddress& master, const DNSName& zoneName, std::shared_ptr<DNSFilterEngine::Zone> zone, boost::optional<DNSFilterEngine::Policy> defpol, uint32_t maxTTL, const TSIGTriplet& tt, size_t maxReceivedBytes, const ComboAddress& localAddress)
+shared_ptr<SOARecordContent> loadRPZFromServer(const ComboAddress& master, const DNSName& zoneName, std::shared_ptr<DNSFilterEngine::Zone> zone, boost::optional<DNSFilterEngine::Policy> defpol, uint32_t maxTTL, const TSIGTriplet& tt, size_t maxReceivedBytes, const ComboAddress& localAddress, uint16_t axfrTimeout)
{
L<<Logger::Warning<<"Loading RPZ zone '"<<zoneName<<"' from "<<master.toStringWithPort()<<endl;
if(!tt.name.empty())
Resolver::res_t nop;
vector<DNSRecord> chunk;
time_t last=0;
+ time_t axfrStart = time(0);
+ time_t axfrNow = time(0);
shared_ptr<SOARecordContent> sr;
- while(axfr.getChunk(nop, &chunk)) {
+ while(axfr.getChunk(nop, &chunk, (axfrStart + axfrTimeout - axfrNow))) {
for(auto& dr : chunk) {
if(dr.d_type==QType::NS || dr.d_type==QType::TSIG) {
continue;
RPZRecordToPolicy(dr, zone, true, defpol, maxTTL);
nrecords++;
}
+ axfrNow = time(nullptr);
+ if (axfrNow - axfrStart > axfrTimeout) {
+ throw PDNSException("Total AXFR time exceeded!");
+ }
if(last != time(0)) {
L<<Logger::Info<<"Loaded & indexed "<<nrecords<<" policy records so far"<<endl;
last=time(0);
extern bool g_logRPZChanges;
void loadRPZFromFile(const std::string& fname, std::shared_ptr<DNSFilterEngine::Zone> zone, boost::optional<DNSFilterEngine::Policy> defpol, uint32_t maxTTL);
-std::shared_ptr<SOARecordContent> loadRPZFromServer(const ComboAddress& master, const DNSName& zoneName, std::shared_ptr<DNSFilterEngine::Zone> zone, boost::optional<DNSFilterEngine::Policy> defpol, uint32_t maxTTL, const TSIGTriplet& tt, size_t maxReceivedBytes, const ComboAddress& localAddress);
+std::shared_ptr<SOARecordContent> loadRPZFromServer(const ComboAddress& master, const DNSName& zoneName, std::shared_ptr<DNSFilterEngine::Zone> zone, boost::optional<DNSFilterEngine::Policy> defpol, uint32_t maxTTL, const TSIGTriplet& tt, size_t maxReceivedBytes, const ComboAddress& localAddress, const uint16_t axfrTimeout);
void RPZRecordToPolicy(const DNSRecord& dr, std::shared_ptr<DNSFilterEngine::Zone> zone, bool addOrRemove, boost::optional<DNSFilterEngine::Policy> defpol, uint32_t maxTTL);
-void RPZIXFRTracker(const ComboAddress& master, const DNSName& zoneName, boost::optional<DNSFilterEngine::Policy> defpol, uint32_t maxTTL, size_t polZone, const TSIGTriplet &tt, shared_ptr<SOARecordContent> oursr, size_t maxReceivedBytes, const ComboAddress& localAddress);
+void RPZIXFRTracker(const ComboAddress& master, const DNSName& zoneName, boost::optional<DNSFilterEngine::Policy> defpol, uint32_t maxTTL, size_t polZone, const TSIGTriplet &tt, shared_ptr<SOARecordContent> oursr, size_t maxReceivedBytes, const ComboAddress& localAddress, const uint16_t axfrTimeout);
projects / thirdparty / pdns.git / commitdiff
