apply AXFR access rules to IXFR

author Kees Monshouwer <mind04@monshouwer.org>

Tue, 22 Jul 2014 19:08:52 +0000 (21:08 +0200)

committer mind04 <mind04@monshouwer.org>

Tue, 22 Jul 2014 20:22:46 +0000 (22:22 +0200)
author Kees Monshouwer <mind04@monshouwer.org>
Tue, 22 Jul 2014 19:08:52 +0000 (21:08 +0200)
committer mind04 <mind04@monshouwer.org>
Tue, 22 Jul 2014 20:22:46 +0000 (22:22 +0200)
diff --git a/pdns/tcpreceiver.cc b/pdns/tcpreceiver.cc

index 9ad38f66b5689cf80de2b36afa29c84d72a0bf14..5314d54ca695872da3fdc9838ba04aa92f979043 100644 (file)
--- a/pdns/tcpreceiver.cc
+++ b/pdns/tcpreceiver.cc
@@ -983,7 +983,7 @@ int TCPNameserver::doIXFR(shared_ptr<DNSPacket> q, int outsock)
        s_P=new PacketHandler;
      }
  
-    if(!s_P->getBackend()->getSOA(q->qdomain, sd)) {
+    if(!s_P->getBackend()->getSOA(q->qdomain, sd) || !canDoAXFR(q)) {
        L<<Logger::Error<<"IXFR of domain '"<<q->qdomain<<"' failed: not authoritative"<<endl;
        outpacket->setRcode(9); // 'NOTAUTH'
        sendPacket(outpacket,outsock);
author	Kees Monshouwer <mind04@monshouwer.org>
	Tue, 22 Jul 2014 19:08:52 +0000 (21:08 +0200)
committer	mind04 <mind04@monshouwer.org>
	Tue, 22 Jul 2014 20:22:46 +0000 (22:22 +0200)