int TCPNameserver::doAXFR(const string &target, shared_ptr<DNSPacket> q, int outsock)
{
shared_ptr<DNSPacket> outpacket;
- if(!canDoAXFR(q)) {
+ DNSSECKeeper dk;
+ bool noAXFRBecauseOfNSEC3=false;
+ if(dk.getNSEC3PARAM(target)) {
+ L<<Logger::Error<<"Not doing AXFR of an NSEC3 zone.."<<endl;
+ noAXFRBecauseOfNSEC3=true;
+ }
+
+ if(!canDoAXFR(q) || noAXFRBecauseOfNSEC3) {
L<<Logger::Error<<"AXFR of domain '"<<target<<"' denied to "<<q->getRemote()<<endl;
outpacket=shared_ptr<DNSPacket>(q->replyPacket());
sendPacket(outpacket,outsock);
return 0;
}
+
+
+
L<<Logger::Error<<"AXFR of domain '"<<target<<"' initiated by "<<q->getRemote()<<endl;
outpacket=shared_ptr<DNSPacket>(q->replyPacket());
nsecrepo_t nsecrepo;
// this is where the DNSKEYs go
- DNSSECKeeper dk;
+
DNSSECKeeper::keyset_t keys = dk.getKeys(target);
BOOST_FOREACH(const DNSSECKeeper::keyset_t::value_type& value, keys) {
rr.qname = target;
}
}
+
for(nsecrepo_t::const_iterator iter = nsecrepo.begin(); iter != nsecrepo.end(); ++iter) {
cerr<<"Adding for '"<<iter->first<<"'\n";
NSECRecordContent nrc;
count++;
}
+
if(count) {
sendPacket(outpacket, outsock);
}
projects / pdns / commitdiff