improve some comments

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2050 d19b8d6e-7fed-0310-83ef-9ca221ded41b

diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
index 9bc8f0cb2547aa0ce7652d89112cc24df6be48d5..0259abc0c83cdc9e6c0c340f08ab1ca4fd5dddc9 100644 (file)
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -868,22 +868,19 @@ int PacketHandler::processNotify(DNSPacket *p)
     L<<Logger::Error<<"Received NOTIFY for "<<p->qdomain<<" from "<<p->getRemote()<<" which is not a master"<<endl;
     return RCode::Refused;
   }
-  authServer = *di.masters.begin();
+  authServer = *di.masters.begin();  // XXX this is actually wrong, we should be picking the master that looks most like the notification!
   uint32_t theirserial=0;
 
-  /* to quote Rusty Russell - this code is so bad that you can actually hear it suck */
-  /* this is an instant DoS, just spoof notifications from the address of the master and we block  */
-
   Resolver resolver;
   try {
-    resolver.getSoaSerial(authServer, p->qdomain, &theirserial);
+    resolver.getSoaSerial(authServer, p->qdomain, &theirserial); // XXX this should have a _really_ short timeout!
   }
   catch(ResolverException& re) {
     L<<Logger::Error<<re.reason<<endl;
     return RCode::ServFail;
   }
 
-  if(theirserial<=di.serial) {
+  if(theirserial<=di.serial) { 
     L<<Logger::Error<<"Received NOTIFY for "<<p->qdomain<<" from "<< authServer <<", we are up to date: "<<
       theirserial<<"<="<<di.serial<<endl;
     return RCode::NoError;