TSIGTriplet tt;
uint32_t refresh=0;
size_t maxReceivedXFRMBytes = 0;
+ uint16_t axfrTimeout = 20;
uint32_t maxTTL = std::numeric_limits<uint32_t>::max();
ComboAddress localAddress;
ComboAddress master(master_, 53);
if(have.count("localAddress")) {
localAddress = ComboAddress(boost::get<string>(constGet(have,"localAddress")));
}
+ if(have.count("axfrTimeout")) {
+ axfrTimeout = static_cast<uint16_t>(boost::get<uint32_t>(constGet(have, "axfrTimeout")));
+ }
}
if (localAddress != ComboAddress() && localAddress.sin4.sin_family != master.sin4.sin_family) {
// We were passed a localAddress, check if its AF matches the master's
try {
if (!checkOnly) {
- std::thread t(RPZIXFRTracker, master, defpol, maxTTL, zoneIdx, tt, maxReceivedXFRMBytes * 1024 * 1024, localAddress, zone);
+ std::thread t(RPZIXFRTracker, master, defpol, maxTTL, zoneIdx, tt, maxReceivedXFRMBytes * 1024 * 1024, localAddress, zone, axfrTimeout);
t.detach();
}
}
The source IP address to use when transferring the RPZ.
When unset, :ref:`setting-query-local-address` and :ref:`setting-query-local-address6` are used.
+axfrTimeout
+^^^^^^^^^^^
+.. versionadded:: 4.1.2
+ Before 4.1.2, the timeout was fixed on 10 seconds.
+
+The timeout in seconds of the total initial AXFR transaction.
+20 by default.
+
Policy Actions
--------------
}
-void RPZIXFRTracker(const ComboAddress& master, boost::optional<DNSFilterEngine::Policy> defpol, uint32_t maxTTL, size_t zoneIdx, const TSIGTriplet& tt, size_t maxReceivedBytes, const ComboAddress& localAddress, std::shared_ptr<DNSFilterEngine::Zone> zone)
+void RPZIXFRTracker(const ComboAddress& master, boost::optional<DNSFilterEngine::Policy> defpol, uint32_t maxTTL, size_t zoneIdx, const TSIGTriplet& tt, size_t maxReceivedBytes, const ComboAddress& localAddress, std::shared_ptr<DNSFilterEngine::Zone> zone, const uint16_t axfrTimeout)
{
uint32_t refresh = zone->getRefresh();
DNSName zoneName = zone->getDomain();
while (!sr) {
try {
- sr=loadRPZFromServer(master, zoneName, zone, defpol, maxTTL, tt, maxReceivedBytes, localAddress);
+ sr = loadRPZFromServer(master, zoneName, zone, defpol, maxTTL, tt, maxReceivedBytes, localAddress, axfrTimeout);
if(refresh) {
sr->d_st.refresh=refresh;
}
}
}
-shared_ptr<SOARecordContent> loadRPZFromServer(const ComboAddress& master, const DNSName& zoneName, std::shared_ptr<DNSFilterEngine::Zone> zone, boost::optional<DNSFilterEngine::Policy> defpol, uint32_t maxTTL, const TSIGTriplet& tt, size_t maxReceivedBytes, const ComboAddress& localAddress)
+shared_ptr<SOARecordContent> loadRPZFromServer(const ComboAddress& master, const DNSName& zoneName, std::shared_ptr<DNSFilterEngine::Zone> zone, boost::optional<DNSFilterEngine::Policy> defpol, uint32_t maxTTL, const TSIGTriplet& tt, size_t maxReceivedBytes, const ComboAddress& localAddress, uint16_t axfrTimeout)
{
L<<Logger::Warning<<"Loading RPZ zone '"<<zoneName<<"' from "<<master.toStringWithPort()<<endl;
if(!tt.name.empty())
Resolver::res_t nop;
vector<DNSRecord> chunk;
time_t last=0;
+ time_t axfrStart = time(0);
+ time_t axfrNow = time(0);
shared_ptr<SOARecordContent> sr;
- while(axfr.getChunk(nop, &chunk)) {
+ while(axfr.getChunk(nop, &chunk, (axfrStart + axfrTimeout - axfrNow))) {
for(auto& dr : chunk) {
if(dr.d_type==QType::NS || dr.d_type==QType::TSIG) {
continue;
RPZRecordToPolicy(dr, zone, true, defpol, maxTTL);
nrecords++;
}
+ axfrNow = time(nullptr);
+ if (axfrNow - axfrStart > axfrTimeout) {
+ throw PDNSException("Total AXFR time exceeded!");
+ }
if(last != time(0)) {
L<<Logger::Info<<"Loaded & indexed "<<nrecords<<" policy records so far"<<endl;
last=time(0);
extern bool g_logRPZChanges;
void loadRPZFromFile(const std::string& fname, std::shared_ptr<DNSFilterEngine::Zone> zone, boost::optional<DNSFilterEngine::Policy> defpol, uint32_t maxTTL);
-std::shared_ptr<SOARecordContent> loadRPZFromServer(const ComboAddress& master, const DNSName& zoneName, std::shared_ptr<DNSFilterEngine::Zone> zone, boost::optional<DNSFilterEngine::Policy> defpol, uint32_t maxTTL, const TSIGTriplet& tt, size_t maxReceivedBytes, const ComboAddress& localAddress);
+std::shared_ptr<SOARecordContent> loadRPZFromServer(const ComboAddress& master, const DNSName& zoneName, std::shared_ptr<DNSFilterEngine::Zone> zone, boost::optional<DNSFilterEngine::Policy> defpol, uint32_t maxTTL, const TSIGTriplet& tt, size_t maxReceivedBytes, const ComboAddress& localAddress, const uint16_t axfrTimeout);
void RPZRecordToPolicy(const DNSRecord& dr, std::shared_ptr<DNSFilterEngine::Zone> zone, bool addOrRemove, boost::optional<DNSFilterEngine::Policy> defpol, uint32_t maxTTL);
-void RPZIXFRTracker(const ComboAddress& master, boost::optional<DNSFilterEngine::Policy> defpol, uint32_t maxTTL, size_t polZone, const TSIGTriplet &tt, size_t maxReceivedBytes, const ComboAddress& localAddress, std::shared_ptr<DNSFilterEngine::Zone> zone);
+void RPZIXFRTracker(const ComboAddress& master, boost::optional<DNSFilterEngine::Policy> defpol, uint32_t maxTTL, size_t polZone, const TSIGTriplet &tt, size_t maxReceivedBytes, const ComboAddress& localAddress, std::shared_ptr<DNSFilterEngine::Zone> zone, uint16_t axfrTimeout);
projects / pdns / commitdiff