From 889500d7f94dc2c10ffa61a454809a7032a4f8a7 Mon Sep 17 00:00:00 2001
From: Kees Monshouwer <mind04@monshouwer.org>
Date: Tue, 20 Dec 2016 15:13:15 +0100
Subject: [PATCH] make sure AXFR only delete records from a SLAVE domain in a
 multi backend setup

---
 pdns/dynhandler.cc        | 2 +-
 pdns/slavecommunicator.cc | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/pdns/dynhandler.cc b/pdns/dynhandler.cc
index 71aa3886e4..efa4e1606c 100644
--- a/pdns/dynhandler.cc
+++ b/pdns/dynhandler.cc
@@ -247,7 +247,7 @@ string DLNotifyRetrieveHandler(const vector<string>&parts, Utility::pid_t ppid)
   if(!B.getDomainInfo(domain, di))
     return "Domain '"+domain.toString()+"' unknown";
   
-  if(di.masters.empty())
+  if(di.kind != DomainInfo::Slave || di.masters.empty())
     return "Domain '"+domain.toString()+"' is not a slave domain (or has no master defined)";
 
   random_shuffle(di.masters.begin(), di.masters.end());
diff --git a/pdns/slavecommunicator.cc b/pdns/slavecommunicator.cc
index 56724320b8..0df99b0754 100644
--- a/pdns/slavecommunicator.cc
+++ b/pdns/slavecommunicator.cc
@@ -92,7 +92,7 @@ void CommunicatorClass::ixfrSuck(const DNSName &domain, const TSIGTriplet& tt, c
   try {
     DNSSECKeeper dk (&B); // reuse our UeberBackend copy for DNSSECKeeper
 
-    if(!B.getDomainInfo(domain, di) || !di.backend) { // di.backend and B are mostly identical
+    if(!B.getDomainInfo(domain, di) || !di.backend || di.kind != DomainInfo::Slave) { // di.backend and B are mostly identical
       L<<Logger::Error<<"Can't determine backend for domain '"<<domain<<"'"<<endl;
       return;
     }
@@ -301,7 +301,7 @@ void CommunicatorClass::suck(const DNSName &domain, const string &remote)
   try {
     DNSSECKeeper dk (&B); // reuse our UeberBackend copy for DNSSECKeeper
 
-    if(!B.getDomainInfo(domain, di) || !di.backend) { // di.backend and B are mostly identical
+    if(!B.getDomainInfo(domain, di) || !di.backend || di.kind != DomainInfo::Slave) { // di.backend and B are mostly identical
       L<<Logger::Error<<"Can't determine backend for domain '"<<domain<<"'"<<endl;
       return;
     }
-- 
2.47.2