From: Kees Monshouwer Date: Tue, 20 Dec 2016 14:13:15 +0000 (+0100) Subject: make sure AXFR only delete records from a SLAVE domain in a multi backend setup X-Git-Tag: rec-4.1.0-alpha1~353^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F4829%2Fhead;p=thirdparty%2Fpdns.git make sure AXFR only delete records from a SLAVE domain in a multi backend setup --- diff --git a/pdns/dynhandler.cc b/pdns/dynhandler.cc index 71aa3886e4..efa4e1606c 100644 --- a/pdns/dynhandler.cc +++ b/pdns/dynhandler.cc @@ -247,7 +247,7 @@ string DLNotifyRetrieveHandler(const vector&parts, Utility::pid_t ppid) if(!B.getDomainInfo(domain, di)) return "Domain '"+domain.toString()+"' unknown"; - if(di.masters.empty()) + if(di.kind != DomainInfo::Slave || di.masters.empty()) return "Domain '"+domain.toString()+"' is not a slave domain (or has no master defined)"; random_shuffle(di.masters.begin(), di.masters.end()); diff --git a/pdns/slavecommunicator.cc b/pdns/slavecommunicator.cc index 56724320b8..0df99b0754 100644 --- a/pdns/slavecommunicator.cc +++ b/pdns/slavecommunicator.cc @@ -92,7 +92,7 @@ void CommunicatorClass::ixfrSuck(const DNSName &domain, const TSIGTriplet& tt, c try { DNSSECKeeper dk (&B); // reuse our UeberBackend copy for DNSSECKeeper - if(!B.getDomainInfo(domain, di) || !di.backend) { // di.backend and B are mostly identical + if(!B.getDomainInfo(domain, di) || !di.backend || di.kind != DomainInfo::Slave) { // di.backend and B are mostly identical L<