From: Mark Andrews <marka@isc.org>
Date: Thu, 25 Feb 2021 03:11:05 +0000 (+1100)
Subject: Unload a zone if a transfer breaks its SOA record
X-Git-Tag: v9.17.12~4^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e9d077d4f13b5ee23f7020e1c41e3b449c3c9938;p=thirdparty%2Fbind9.git

Unload a zone if a transfer breaks its SOA record

If a zone transfer results in a zone not having any NS records, named
stops serving it because such a zone is broken.  Do the same if an
incoming zone transfer results in a zone lacking an SOA record at the
apex or containing more than one SOA record.
---

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 5f042f4f63f..17a17f300cf 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -17219,9 +17219,16 @@ again:
 			if (soacount != 1) {
 				dns_zone_log(zone, ISC_LOG_ERROR,
 					     "transferred zone "
-					     "has %d SOA record%s",
-					     soacount,
-					     (soacount != 0) ? "s" : "");
+					     "has %d SOA records",
+					     soacount);
+				if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_HAVETIMERS))
+				{
+					zone->refresh = DNS_ZONE_DEFAULTREFRESH;
+					zone->retry = DNS_ZONE_DEFAULTRETRY;
+				}
+				DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_HAVETIMERS);
+				zone_unload(zone);
+				goto next_master;
 			}
 			if (nscount == 0) {
 				dns_zone_log(zone, ISC_LOG_ERROR,