From 0923e5df06e10e7afb19dc5ce534b07450792ab1 Mon Sep 17 00:00:00 2001
From: Peter van Dijk <peter.van.dijk@powerdns.com>
Date: Wed, 14 Sep 2022 13:22:09 +0200
Subject: [PATCH] axfr-retriever: abort on chunk with TC set

---
 pdns/axfr-retriever.cc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pdns/axfr-retriever.cc b/pdns/axfr-retriever.cc
index c206306eeb..ce67f06384 100644
--- a/pdns/axfr-retriever.cc
+++ b/pdns/axfr-retriever.cc
@@ -133,6 +133,10 @@ int AXFRRetriever::getChunk(Resolver::res_t &res, vector<DNSRecord>* records, ui
     throw ResolverException("AXFR chunk error: " + RCode::to_s(err));
   }
 
+  if(mdp.d_header.tc) {
+    throw ResolverException("AXFR chunk had TC bit set");
+  }
+
   try {
     d_tsigVerifier.check(std::string(d_buf.data(), len), mdp);
   }
-- 
2.47.2