From: aerique <aerique@xs4all.nl>
Date: Tue, 26 Feb 2019 15:43:10 +0000 (+0100)
Subject: Merge pull request #6872 from pieterlexis/ixfrdist-limit-size
X-Git-Tag: auth-4.2.0-beta1~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1975c29747059cec50e2aaa4ffa527ca8ede06ee;p=thirdparty%2Fpdns.git

Merge pull request #6872 from pieterlexis/ixfrdist-limit-size

ixfrdist: Add option to limit AXFR record count
---

1975c29747059cec50e2aaa4ffa527ca8ede06ee
diff --cc pdns/ixfrdist.cc
index 1ba8ffed0c,48f26f0700..f49e0fae56
--- a/pdns/ixfrdist.cc
+++ b/pdns/ixfrdist.cc
@@@ -267,11 -232,9 +267,11 @@@ static void updateCurrentZoneInfo(cons
  {
    std::lock_guard<std::mutex> guard(g_soas_mutex);
    g_soas[domain] = newInfo;
 +  g_stats.setSOASerial(domain, newInfo->soa->d_st.serial);
 +  // FIXME: also report zone size?
  }
  
- void updateThread(const string& workdir, const uint16_t& keep, const uint16_t& axfrTimeout, const uint16_t& soaRetry) {
+ void updateThread(const string& workdir, const uint16_t& keep, const uint16_t& axfrTimeout, const uint16_t& soaRetry, const uint32_t axfrMaxRecords) {
    setThreadName("ixfrdist/update");
    std::map<DNSName, time_t> lastCheck;
  
@@@ -394,12 -352,13 +394,15 @@@
              nrecords++;
              if (dr.d_type == QType::SOA) {
                soa = getRR<SOARecordContent>(dr);
 +              soaTTL = dr.d_ttl;
              }
            }
+           if (axfrMaxRecords != 0 && nrecords > axfrMaxRecords) {
+             throw PDNSException("Received more than " + std::to_string(axfrMaxRecords) + " records in AXFR, aborted");
+           }
            axfr_now = time(nullptr);
            if (axfr_now - t_start > axfrTimeout) {
 +            g_stats.incrementAXFRFailures(domain);
              throw PDNSException("Total AXFR time exceeded!");
            }
          }