plugin/transfer: only allow outgoing axfr over tcp (#4452)

* plugin/transfer: only allow outgoing axfr over tcp Return refused when the query comes in over udp. No need to add a new test case as the current crop needed to be changed to use TCP. Fixes: #4450 Signed-off-by: Miek Gieben <miek@miek.nl> * transfer tests: this needs tcp as well Signed-off-by: Miek Gieben <miek@miek.nl>
2025-10-26 15:54:16 -04:00 · 2021-02-05 10:51:29 +01:00
parent 03812bb1e7
commit 56bc7f399a
5 changed files with 17 additions and 11 deletions
--- a/test/secondary_test.go
+++ b/test/secondary_test.go
@@ -100,7 +100,7 @@ func TestIxfrResponse(t *testing.T) {
 		}
 	}`

-	i, udp, _, err := CoreDNSServerAndPorts(corefile)
+	i, _, tcp, err := CoreDNSServerAndPorts(corefile)
 	if err != nil {
 		t.Fatalf("Could not get CoreDNS serving instance: %s", err)
 	}
@@ -111,9 +111,11 @@ func TestIxfrResponse(t *testing.T) {
 	m.Ns = []dns.RR{test.SOA("example.org. IN SOA sns.dns.icann.org. noc.dns.icann.org. 2015082541 7200 3600 1209600 3600")} // copied from exampleOrg

 	var r *dns.Msg
+	c := new(dns.Client)
+	c.Net = "tcp"
 	// This is now async; we need to wait for it to be transferred.
 	for i := 0; i < 10; i++ {
-		r, _ = dns.Exchange(m, udp)
+		r, _, _ = c.Exchange(m, tcp)
 		if len(r.Answer) != 0 {
 			break
 		}