From: Kees Monshouwer <mind04@monshouwer.org>
Date: Tue, 22 Jul 2014 19:08:52 +0000 (+0200)
Subject: apply AXFR access rules to IXFR
X-Git-Tag: auth-3.4.0-rc1~29^2~1
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b13f38b10192ab081183b1c20df82e0f60bb3dad;p=pdns

apply AXFR access rules to IXFR
---

diff --git a/pdns/tcpreceiver.cc b/pdns/tcpreceiver.cc
index 9ad38f66b..5314d54ca 100644
--- a/pdns/tcpreceiver.cc
+++ b/pdns/tcpreceiver.cc
@@ -983,7 +983,7 @@ int TCPNameserver::doIXFR(shared_ptr<DNSPacket> q, int outsock)
       s_P=new PacketHandler;
     }
 
-    if(!s_P->getBackend()->getSOA(q->qdomain, sd)) {
+    if(!s_P->getBackend()->getSOA(q->qdomain, sd) || !canDoAXFR(q)) {
       L<<Logger::Error<<"IXFR of domain '"<<q->qdomain<<"' failed: not authoritative"<<endl;
       outpacket->setRcode(9); // 'NOTAUTH'
       sendPacket(outpacket,outsock);