Warn about AXFR streams that are incompatible with BIND 9.18

diff --git a/CHANGES b/CHANGES
index 9bb43f2f69a8ada336071433765d07051fa72747..edfd9cacbaa4ca3ac56857cd5031dea71bfa04fa 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+5387.  [func]          Warn about AXFR streams that are incompatible with
+                       BIND 9.17.2.  [GL #1674]
+
 5386.  [cleanup]       Address Coverity warnings in keymgr.c [GL #1737]
 
 

diff --git a/lib/dns/xfrin.c b/lib/dns/xfrin.c
index 4c5f2e820cd7f77ca9f52e9c0ca28609ec9c707b..5040f7334f3abd40198ee9d4c0180d61e730d340 100644 (file)
--- a/lib/dns/xfrin.c
+++ b/lib/dns/xfrin.c
@@ -111,7 +111,7 @@ struct dns_xfrin_ctx {
        dns_name_t name; /*%< Name of zone to transfer */
        dns_rdataclass_t rdclass;
 
-       bool checkid;
+       bool checkid, logit;
        dns_messageid_t id;
 
        /*%
@@ -836,6 +836,7 @@ xfrin_create(isc_mem_t *mctx, dns_zone_t *zone, dns_db_t *db, isc_task_t *task,
        dns_name_init(&xfr->name, NULL);
        xfr->rdclass = rdclass;
        xfr->checkid = true;
+       xfr->logit = true;
        xfr->id = (dns_messageid_t)isc_random16();
        xfr->reqtype = reqtype;
        xfr->dscp = dscp;
@@ -1146,6 +1147,7 @@ xfrin_send_request(dns_xfrin_ctx_t *xfr) {
        }
 
        xfr->checkid = true;
+       xfr->logit = true;
        xfr->id++;
        xfr->nmsg = 0;
        xfr->nrecs = 0;
@@ -1316,6 +1318,12 @@ xfrin_recv_done(isc_task_t *task, isc_event_t *ev) {
                xfr->state = XFRST_SOAQUERY;
                (void)xfrin_start(xfr);
                return;
+       } else if (!xfr->checkid && msg->id != xfr->id && xfr->logit) {
+               xfrin_log(xfr, ISC_LOG_WARNING,
+                         "detected message ID mismatch on incoming AXFR "
+                         "stream, transfer will fail in BIND 9.17.2 and "
+                         "later if AXFR source is not fixed");
+               xfr->logit = false;
        }
 
        /*