From: Wouter Wijngaards Date: Wed, 23 Jan 2019 11:52:17 +0000 (+0000) Subject: - Fix for IXFR fallback to reset counter when IXFR does not timeout. X-Git-Tag: release-1.9.0rc1~18 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=649e265d6f6ecdc0d3dd99bc3416129177abb25a;p=thirdparty%2Funbound.git - Fix for IXFR fallback to reset counter when IXFR does not timeout. git-svn-id: file:///svn/unbound/trunk@5066 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/doc/Changelog b/doc/Changelog index bb789fbfa..483be7efa 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -9,6 +9,7 @@ - Fixes for patch (includes, declarations, warnings). Free at end and keep config options in order read from file to keep the first one as the first one. + - Fix for IXFR fallback to reset counter when IXFR does not timeout. 22 January 2018: Wouter - Fix space calculation for tcp req buffer size. diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index 9723141b9..cbb7b654b 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -513,6 +513,9 @@ Other keys use to decrypt only. With this you can roll over to new keys, by generating a new first file and allowing decrypt of the old file by listing it after the first file for some time, after the wait clients are not using the old key any more and the old key can be removed. +One way to create the file is dd if=/dev/random bs=1 count=80 of=ticket.dat +The first 16 bytes should be different from the old one if you create a second key, that is the name used to identify the key. Then there is 32 bytes random +data for an AES key and then 32 bytes random data for the HMAC key. .TP .B tls\-ciphers: \fI Set the list of ciphers to allow when serving TLS. Use "" for defaults, diff --git a/services/authzone.c b/services/authzone.c index 69163b981..03991d9b8 100644 --- a/services/authzone.c +++ b/services/authzone.c @@ -5663,7 +5663,9 @@ auth_xfer_transfer_tcp_callback(struct comm_point* c, void* arg, int err, xfr_transfer_nexttarget_or_end(xfr, env); return 0; } - xfr->task_transfer->ixfr_possible_timeout_count = 0; + /* note that IXFR worked without timeout */ + if(xfr->task_transfer->on_ixfr) + xfr->task_transfer->ixfr_possible_timeout_count = 0; /* handle returned packet */ /* if it fails, cleanup and end this transfer */