From 86177332089a9bc0a023bfe71c41d9bcc0e6d6eb Mon Sep 17 00:00:00 2001 From: Kees Monshouwer Date: Tue, 9 May 2017 14:04:08 +0200 Subject: [PATCH] auth: add option to set a global lua-axfr-script value --- docs/markdown/authoritative/domainmetadata.md | 2 ++ docs/markdown/authoritative/settings.md | 8 ++++++++ pdns/common_startup.cc | 1 + pdns/slavecommunicator.cc | 14 +++++++++++--- 4 files changed, 22 insertions(+), 3 deletions(-) diff --git a/docs/markdown/authoritative/domainmetadata.md b/docs/markdown/authoritative/domainmetadata.md index 3d95454786..a17dd5c09b 100644 --- a/docs/markdown/authoritative/domainmetadata.md +++ b/docs/markdown/authoritative/domainmetadata.md @@ -62,6 +62,8 @@ If set to 1, attempt IXFR when retrieving zone updates. Otherwise IXFR is not at ## LUA-AXFR-SCRIPT Script to be used to edit incoming AXFRs, see [Modifying a slave zone using a script](modes-of-operation.md#modifying-a-slave-zone-using-a-script). +This value will override the [`lua-axfr-script`](settings.md#lua-axfr-scriptmaster) setting. +Use 'NONE' to remove a global script. ## NSEC3NARROW Set to "1" to tell PowerDNS this zone operates in NSEC3 'narrow' mode. See diff --git a/docs/markdown/authoritative/settings.md b/docs/markdown/authoritative/settings.md index a1bb83ce85..9fb9c5b319 100644 --- a/docs/markdown/authoritative/settings.md +++ b/docs/markdown/authoritative/settings.md @@ -421,6 +421,14 @@ options to allow binding to non-local addresses. This feature is intended to facilitate ip-failover setups, but it may also mask configuration issues and for this reason it is disabled by default. +## `lua-axfr-script` + +* String +* Default: empty +* Available since: 4.0.4 + +Script to be used to edit incoming AXFRs, see [Modifying a slave zone using a script](modes-of-operation.md#modifying-a-slave-zone-using-a-script). + ## `local-address-nonexist-fail` * Boolean * Default: no diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc index 4089cee68c..e5f6077258 100644 --- a/pdns/common_startup.cc +++ b/pdns/common_startup.cc @@ -198,6 +198,7 @@ void declareArguments() ::arg().setSwitch("8bit-dns", "Allow 8bit dns queries")="no"; ::arg().setSwitch("axfr-lower-serial", "Also AXFR a zone from a master with a lower serial")="no"; + ::arg().set("lua-axfr-script", "Script to be used to edit incoming AXFRs")=""; ::arg().set("xfr-max-received-mbytes", "Maximum number of megabytes received from an incoming XFR")="100"; ::arg().set("tcp-fast-open", "Enable TCP Fast Open support on the listening sockets, using the supplied numerical value as the queue size")="0"; diff --git a/pdns/slavecommunicator.cc b/pdns/slavecommunicator.cc index 4918a50f05..6731862fd4 100644 --- a/pdns/slavecommunicator.cc +++ b/pdns/slavecommunicator.cc @@ -327,13 +327,21 @@ void CommunicatorClass::suck(const DNSName &domain, const string &remote) scoped_ptr pdl; vector scripts; + string script=::arg()["lua-axfr-script"]; if(B.getDomainMetadata(domain, "LUA-AXFR-SCRIPT", scripts) && !scripts.empty()) { + if (pdns_iequals(scripts[0], "NONE")) { + script.clear(); + } else { + script=scripts[0]; + } + } + if(!script.empty()){ try { - pdl.reset(new AuthLua4(scripts[0])); - L<