From e3619f5766c37598579fd6d8d58d7160d31db34f Mon Sep 17 00:00:00 2001 From: Matti Hiljanen Date: Tue, 3 Sep 2019 16:10:04 +0300 Subject: [PATCH] auth: add configurable timeout for inbound AXFR --- docs/settings.rst | 12 ++++++++++++ pdns/common_startup.cc | 1 + pdns/slavecommunicator.cc | 5 +++-- 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/docs/settings.rst b/docs/settings.rst index e68dfc33a5..54b5137c01 100644 --- a/docs/settings.rst +++ b/docs/settings.rst @@ -160,6 +160,18 @@ Static pre-shared authentication key for access to the REST API. Disallow data modification through the REST API when set. +.. _setting-axfr-fetch-timeout: + +``axfr-fetch-timeout`` +---------------------- + +- Integer +- Default: 10 + +.. versionadded:: 4.3.0 + +Maximum time in seconds for inbound AXFR to start or be idle after starting. + .. _setting-axfr-lower-serial: ``axfr-lower-serial`` diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc index fa56dd6870..62e72b04d6 100644 --- a/pdns/common_startup.cc +++ b/pdns/common_startup.cc @@ -222,6 +222,7 @@ void declareArguments() ::arg().set("lua-axfr-script", "Script to be used to edit incoming AXFRs")=""; ::arg().set("xfr-max-received-mbytes", "Maximum number of megabytes received from an incoming XFR")="100"; + ::arg().set("axfr-fetch-timeout", "Maximum time in seconds for inbound AXFR to start or be idle after starting")="10"; ::arg().set("tcp-fast-open", "Enable TCP Fast Open support on the listening sockets, using the supplied numerical value as the queue size")="0"; diff --git a/pdns/slavecommunicator.cc b/pdns/slavecommunicator.cc index 46e4c8f15d..af88fa9585 100644 --- a/pdns/slavecommunicator.cc +++ b/pdns/slavecommunicator.cc @@ -241,13 +241,14 @@ static bool processRecordForZS(const DNSName& domain, bool& firstNSEC3, DNSResou static vector doAxfr(const ComboAddress& raddr, const DNSName& domain, const TSIGTriplet& tt, const ComboAddress& laddr, scoped_ptr& pdl, ZoneStatus& zs) { + uint16_t axfr_timeout=::arg().asNum("axfr-fetch-timeout"); vector rrs; - AXFRRetriever retriever(raddr, domain, tt, (laddr.sin4.sin_family == 0) ? NULL : &laddr, ((size_t) ::arg().asNum("xfr-max-received-mbytes")) * 1024 * 1024); + AXFRRetriever retriever(raddr, domain, tt, (laddr.sin4.sin_family == 0) ? NULL : &laddr, ((size_t) ::arg().asNum("xfr-max-received-mbytes")) * 1024 * 1024, axfr_timeout); Resolver::res_t recs; bool first=true; bool firstNSEC3{true}; bool soa_received {false}; - while(retriever.getChunk(recs)) { + while(retriever.getChunk(recs, nullptr, axfr_timeout)) { if(first) { g_log<