From: Mark Andrews Date: Fri, 1 Sep 2023 00:17:00 +0000 (+1000) Subject: Adjust level of log messages when transferring in a zone X-Git-Tag: v9.19.17~6^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6c3414739de8a0bb0549ca7a172314edd78597ac;p=thirdparty%2Fbind9.git Adjust level of log messages when transferring in a zone This raises the log level of messages treated as FORMERR to NOTICE when transfering in a zone. This also adds a missing log message for TYPE0 and meta types received during a zone transfer. --- diff --git a/lib/dns/xfrin.c b/lib/dns/xfrin.c index 079d75a0830..0ee5d3ac57f 100644 --- a/lib/dns/xfrin.c +++ b/lib/dns/xfrin.c @@ -380,7 +380,7 @@ ixfr_init(dns_xfrin_t *xfr) { char *journalfile = NULL; if (xfr->reqtype != dns_rdatatype_ixfr) { - xfrin_log(xfr, ISC_LOG_ERROR, + xfrin_log(xfr, ISC_LOG_NOTICE, "got incremental response to AXFR request"); return (DNS_R_FORMERR); } @@ -496,6 +496,10 @@ xfr_rr(dns_xfrin_t *xfr, dns_name_t *name, uint32_t ttl, dns_rdata_t *rdata) { if (rdata->type == dns_rdatatype_none || dns_rdatatype_ismeta(rdata->type)) { + char buf[64]; + dns_rdatatype_format(rdata->type, buf, sizeof(buf)); + xfrin_log(xfr, ISC_LOG_NOTICE, + "Unexpected %s record in zone transfer", buf); FAIL(DNS_R_FORMERR); } @@ -518,7 +522,7 @@ redo: switch (xfr->state) { case XFRST_SOAQUERY: if (rdata->type != dns_rdatatype_soa) { - xfrin_log(xfr, ISC_LOG_ERROR, + xfrin_log(xfr, ISC_LOG_NOTICE, "non-SOA response to SOA query"); FAIL(DNS_R_FORMERR); } @@ -543,7 +547,7 @@ redo: case XFRST_INITIALSOA: if (rdata->type != dns_rdatatype_soa) { - xfrin_log(xfr, ISC_LOG_ERROR, + xfrin_log(xfr, ISC_LOG_NOTICE, "first RR in zone transfer must be SOA"); FAIL(DNS_R_FORMERR); } @@ -628,7 +632,7 @@ redo: xfr->state = XFRST_IXFR_END; break; } else if (soa_serial != xfr->ixfr.current_serial) { - xfrin_log(xfr, ISC_LOG_ERROR, + xfrin_log(xfr, ISC_LOG_NOTICE, "IXFR out of sync: " "expected serial %u, got %u", xfr->ixfr.current_serial, soa_serial); @@ -664,7 +668,7 @@ redo: * allow for case differences. */ if (dns_rdata_compare(rdata, &xfr->firstsoa) != 0) { - xfrin_log(xfr, ISC_LOG_ERROR, + xfrin_log(xfr, ISC_LOG_NOTICE, "start and ending SOA records " "mismatch"); FAIL(DNS_R_FORMERR); @@ -1471,7 +1475,7 @@ xfrin_recv_done(isc_result_t result, isc_region_t *region, void *arg) { * match the question that was sent. */ if (msg->counts[DNS_SECTION_QUESTION] > 1) { - xfrin_log(xfr, ISC_LOG_DEBUG(3), "too many questions (%u)", + xfrin_log(xfr, ISC_LOG_NOTICE, "too many questions (%u)", msg->counts[DNS_SECTION_QUESTION]); result = DNS_R_FORMERR; goto failure; @@ -1480,7 +1484,7 @@ xfrin_recv_done(isc_result_t result, isc_region_t *region, void *arg) { if ((xfr->state == XFRST_SOAQUERY || xfr->state == XFRST_INITIALSOA) && msg->counts[DNS_SECTION_QUESTION] != 1) { - xfrin_log(xfr, ISC_LOG_DEBUG(3), "missing question section"); + xfrin_log(xfr, ISC_LOG_NOTICE, "missing question section"); result = DNS_R_FORMERR; goto failure; } @@ -1497,7 +1501,7 @@ xfrin_recv_done(isc_result_t result, isc_region_t *region, void *arg) { dns_message_currentname(msg, DNS_SECTION_QUESTION, &name); if (!dns_name_equal(name, &xfr->name)) { result = DNS_R_FORMERR; - xfrin_log(xfr, ISC_LOG_DEBUG(3), + xfrin_log(xfr, ISC_LOG_NOTICE, "question name mismatch"); goto failure; } @@ -1505,13 +1509,13 @@ xfrin_recv_done(isc_result_t result, isc_region_t *region, void *arg) { INSIST(rds != NULL); if (rds->type != xfr->reqtype) { result = DNS_R_FORMERR; - xfrin_log(xfr, ISC_LOG_DEBUG(3), + xfrin_log(xfr, ISC_LOG_NOTICE, "question type mismatch"); goto failure; } if (rds->rdclass != xfr->rdclass) { result = DNS_R_FORMERR; - xfrin_log(xfr, ISC_LOG_DEBUG(3), + xfrin_log(xfr, ISC_LOG_NOTICE, "question class mismatch"); goto failure; }