Mirrors/coredns
1
0
Fork 0
mirror of https://github.com/coredns/coredns.git synced 2025-10-27 08:14:18 -04:00
Code Issues Packages Projects Releases Wiki Activity

transfer: reply with refused (#4510)

Browse Source 
* transfer: reply with refused

When the *transfer* plugin is not loaded and of the handlers will still
see the AXFR/IXFR request because it is not intercepted.

They need to reply with REFUSED in that case. Update file, auto and k8s
to do this. Add testcase in the file plugin.

Ideally *erratic* should be moved over as well, but maybe that's
*erratic*

This is a bug fix.

Signed-off-by: Miek Gieben <miek@miek.nl>

* import path

Signed-off-by: Miek Gieben <miek@miek.nl>
This commit is contained in:
Miek Gieben
2021-03-09 21:17:34 +01:00
committed by GitHub
parent c27605797b
commit 74ef6e00f1
4 changed files with 41 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
plugin/file/file.go
View File

@@ -47,6 +47,11 @@ func (f File) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (i
return dns.RcodeServerFailure, nil
}
// If transfer is not loaded, we'll see these, answer with refused (no transfer allowed).
if state.QType() == dns.TypeAXFR || state.QType() == dns.TypeIXFR {
return dns.RcodeRefused, nil
}
// This is only for when we are a secondary zones.
if r.Opcode == dns.OpcodeNotify {
if z.isNotify(state) {