From: Aki Tuomi <cmouse@desteem.org>
Date: Sun, 29 Mar 2015 21:37:27 +0000 (+0300)
Subject: Log error when remote cannot do AXFR
X-Git-Tag: dnsdist-1.0.0-alpha1~248^2~98^2~31^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F2389%2Fhead;p=thirdparty%2Fpdns.git

Log error when remote cannot do AXFR
---

diff --git a/pdns/tcpreceiver.cc b/pdns/tcpreceiver.cc
index 95dbcd7b84..547fb8c4e3 100644
--- a/pdns/tcpreceiver.cc
+++ b/pdns/tcpreceiver.cc
@@ -537,8 +537,15 @@ int TCPNameserver::doAXFR(const string &target, shared_ptr<DNSPacket> q, int out
       s_P=new PacketHandler;
     }
 
+    if (!canDoAXFR(q)) {
+      L<<Logger::Error<<"AXFR of domain '"<<target<<"' failed: "<<q->getRemote()<<" cannot request AXFR"<<endl;
+      outpacket->setRcode(9); // 'NOTAUTH'
+      sendPacket(outpacket,outsock);
+      return 0;
+    }
+
     // canDoAXFR does all the ACL checks, and has the if(disable-axfr) shortcut, call it first.
-    if(!canDoAXFR(q) || !s_P->getBackend()->getSOAUncached(target, sd)) {
+    if(!s_P->getBackend()->getSOAUncached(target, sd)) {
       L<<Logger::Error<<"AXFR of domain '"<<target<<"' failed: not authoritative"<<endl;
       outpacket->setRcode(9); // 'NOTAUTH'
       sendPacket(outpacket,outsock);