plugin/transfer: only allow outgoing axfr over tcp (#4452)

* plugin/transfer: only allow outgoing axfr over tcp Return refused when the query comes in over udp. No need to add a new test case as the current crop needed to be changed to use TCP. Fixes: #4450 Signed-off-by: Miek Gieben <miek@miek.nl> * transfer tests: this needs tcp as well Signed-off-by: Miek Gieben <miek@miek.nl>
2025-11-24 20:54:02 -05:00 · 2021-02-05 10:51:29 +01:00
parent 03812bb1e7
commit 56bc7f399a
5 changed files with 17 additions and 11 deletions
--- a/plugin/transfer/transfer.go
+++ b/plugin/transfer/transfer.go
@@ -58,6 +58,10 @@ func (t *Transfer) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Ms
 		return plugin.NextOrFailure(t.Name(), t.Next, ctx, w, r)
 	}

+	if state.Proto() != "tcp" {
+		return dns.RcodeRefused, nil
+	}
+
 	x := longestMatch(t.xfrs, state.QName())
 	if x == nil {
 		return plugin.NextOrFailure(t.Name(), t.Next, ctx, w, r)