middleware/secondary: multiple fixes (#745)

Fix transferring the zone from a master and the matching of notifies
to source and dst IP addresses.

Add `upstream` keyword as well, because it is needed for the same
reasons as in the *file* middlware.
Add some dire warning about upstream in the readme of both middlewares.

Out of band testing, hidden by net build tag was added. Integration
testing still needs to be setup.

middleware/file/zone.go

@@ -2,6 +2,7 @@ package file
 
 import (
 	"fmt"
+	"net"
 	"path"
 	"strings"
 	"sync"
@@ -55,12 +56,12 @@ func NewZone(name, file string) *Zone {
 	return z
 }
 
-// Copy copies a zone *without* copying the zone's content. It is not a deep copy.
 func (z *Zone) Copy() *Zone {
 	z1 := NewZone(z.origin, z.file)
 	z1.TransferTo = z.TransferTo
 	z1.TransferFrom = z.TransferFrom
 	z1.Expired = z.Expired
+
 	z1.Apex = z.Apex
 	return z1
 }
@@ -113,11 +114,20 @@ func (z *Zone) Insert(r dns.RR) error {
 func (z *Zone) Delete(r dns.RR) { z.Tree.Delete(r) }
 
 // TransferAllowed checks if incoming request for transferring the zone is allowed according to the ACLs.
-func (z *Zone) TransferAllowed(req request.Request) bool {
+func (z *Zone) TransferAllowed(state request.Request) bool {
 	for _, t := range z.TransferTo {
 		if t == "*" {
 			return true
 		}
+		// If remote IP matches we accept.
+		remote := state.IP()
+		to, _, err := net.SplitHostPort(t)
+		if err != nil {
+			continue
+		}
+		if to == remote {
+			return true
+		}
 	}
 	// TODO(miek): future matching against IP/CIDR notations
 	return false