From d68a8204d2935c6a7871289960b2c7c50a266927 Mon Sep 17 00:00:00 2001
From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Tue, 19 Jun 2007 12:34:54 +0000
Subject: [PATCH] AXFR handling and non-recursive handling.

git-svn-id: file:///svn/unbound/trunk@396 be551aaa-1e26-0410-a405-d3ace91eadb9
---
 daemon/worker.c     | 8 ++++++++
 doc/Changelog       | 2 ++
 iterator/iterator.c | 7 +++++--
 3 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/daemon/worker.c b/daemon/worker.c
index 90801c615..506752bc1 100644
--- a/daemon/worker.c
+++ b/daemon/worker.c
@@ -544,6 +544,14 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
 			LDNS_RCODE_FORMERR);
 		return 1;
 	}
+	if(qinfo.qtype == LDNS_RR_TYPE_AXFR || 
+		qinfo.qtype == LDNS_RR_TYPE_IXFR) {
+		verbose(VERB_ALGO, "worker request: refused zone transfer.");
+		LDNS_QR_SET(ldns_buffer_begin(c->buffer));
+		LDNS_RCODE_SET(ldns_buffer_begin(c->buffer), 
+			LDNS_RCODE_REFUSED);
+		return 1;
+	}
 	h = query_info_hash(&qinfo);
 	if((ret=parse_edns_from_pkt(c->buffer, &edns)) != 0) {
 		verbose(VERB_ALGO, "worker parse edns: formerror.");
diff --git a/doc/Changelog b/doc/Changelog
index e5ad7df58..86744a85d 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -4,6 +4,8 @@
 	- uncapped timeout for server selection, so that very fast or slow
 	  servers will stand out from the rest.
 	- target-fetch-policy: "3 2 1 0 0" config setting.
+	- fixup queries answered without RD bit (for root prime results).
+	- refuse AXFR and IXFR requests.
 
 18 June 2007: Wouter
 	- same, move subqueries to slumber list when first has resolved.
diff --git a/iterator/iterator.c b/iterator/iterator.c
index b31e9dcd3..6f7e0f305 100644
--- a/iterator/iterator.c
+++ b/iterator/iterator.c
@@ -829,6 +829,9 @@ processInitRequest3(struct module_qstate* qstate, struct iter_qstate* iq)
 	 * cached referral as the response. */
 	if(!(qstate->query_flags & BIT_RD)) {
 		iq->response = iq->deleg_msg;
+		if(verbosity >= VERB_ALGO)
+			log_dns_msg("no RD requested, using delegation msg", 
+				&iq->response->qinfo, iq->response->rep);
 		return final_state(iq);
 	}
 
@@ -1285,8 +1288,8 @@ processPrimeResponse(struct module_qstate* qstate, struct iter_qstate* iq,
 	delegpt_log(dp);
 	foriq = (struct iter_qstate*)forq->minfo[id];
 	foriq->dp = dp;
-	foriq->response = dns_copy_msg(iq->response, forq->region);
-	if(!foriq->response) {
+	foriq->deleg_msg = dns_copy_msg(iq->response, forq->region);
+	if(!foriq->deleg_msg) {
 		log_err("copy prime response: out of memory");
 		return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
 	}
-- 
2.47.2