BIND 10 trac1390, updated. 3ff33cfedcca0cd1acb80a5cf2651f89403a82a9 [1390] log bad requests
BIND 10 source code commits
bind10-changes at lists.isc.org
Mon Nov 21 10:52:58 UTC 2011
The branch, trac1390 has been updated
via 3ff33cfedcca0cd1acb80a5cf2651f89403a82a9 (commit)
from cf297878998c80018ba9523a53ae4947fc7e6a5e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 3ff33cfedcca0cd1acb80a5cf2651f89403a82a9
Author: Jelte Jansen <jelte at isc.org>
Date: Mon Nov 21 11:52:43 2011 +0100
[1390] log bad requests
-----------------------------------------------------------------------
Summary of changes:
src/bin/xfrout/xfrout.py.in | 28 +++++++++++++++++-----------
src/bin/xfrout/xfrout_messages.mes | 14 ++++++++++++++
2 files changed, 31 insertions(+), 11 deletions(-)
-----------------------------------------------------------------------
diff --git a/src/bin/xfrout/xfrout.py.in b/src/bin/xfrout/xfrout.py.in
index ee1f605..8c66225 100755
--- a/src/bin/xfrout/xfrout.py.in
+++ b/src/bin/xfrout/xfrout.py.in
@@ -39,6 +39,7 @@ from isc.log_messages.xfrout_messages import *
isc.log.init("b10-xfrout")
logger = isc.log.Logger("xfrout")
+DBG_XFROUT_TRACE = logger.DBGLVL_TRACE_BASIC
try:
from libutil_io_python import *
@@ -224,39 +225,44 @@ class XfroutSession():
# the auth server, but since it's far from our xfrout itself,
# we check it by ourselves.
if msg.get_rr_count(Message.SECTION_QUESTION) != 1:
- # TODO: Log?
+ logger.debug(DBG_XFROUT_TRACE, XFROUT_XFR_REQUEST_MISSING_QUESTION,
+ format_addrinfo(self._remote))
return Rcode.FORMERR(), msg
request_type = msg.get_question()[0].get_type()
+ zone_name = msg.get_question()[0].get_name()
+ zone_class = msg.get_question()[0].get_class()
# If it is an IXFR query, there should be a SOA in the authority
# section too
if request_type == RRType.IXFR():
if msg.get_rr_count(Message.SECTION_AUTHORITY) != 1:
- # TODO: Log?
+ logger.debug(DBG_XFROUT_TRACE, XFROUT_IXFR_REQUEST_MISSING_SOA,
+ format_addrinfo(self._remote),
+ format_zone_str(zone_name, zone_class))
return Rcode.FORMERR(), msg
self._request_type = 'IXFR'
elif request_type == RRType.AXFR():
self._request_type = 'AXFR'
else:
- # TODO: Log?
+ logger.error(XFROUT_XFR_REQUEST_BAD_TYPE,
+ format_zone_str(zone_name, zone_class),
+ format_addrinfo(self._remote))
return Rcode.FORMERR(), msg
# ACL checks
- zone_name = msg.get_question()[0].get_name()
- zone_class = msg.get_question()[0].get_class()
acl = self._get_transfer_acl(zone_name, zone_class)
acl_result = acl.execute(
isc.acl.dns.RequestContext(self._remote[2], msg.get_tsig_record()))
if acl_result == DROP:
- logger.info(XFROUT_QUERY_DROPPED, self._request_type,
- format_addrinfo(self._remote),
- format_zone_str(zone_name, zone_class))
+ logger.debug(DBG_XFROUT_TRACE, XFROUT_QUERY_DROPPED,
+ self._request_type, format_addrinfo(self._remote),
+ format_zone_str(zone_name, zone_class))
return None, None
elif acl_result == REJECT:
- logger.info(XFROUT_QUERY_REJECTED, self._request_type,
- format_addrinfo(self._remote),
- format_zone_str(zone_name, zone_class))
+ logger.debug(DBG_XFROUT_TRACE, XFROUT_QUERY_REJECTED,
+ self._request_type, format_addrinfo(self._remote),
+ format_zone_str(zone_name, zone_class))
return Rcode.REFUSED(), msg
return rcode, msg
diff --git a/src/bin/xfrout/xfrout_messages.mes b/src/bin/xfrout/xfrout_messages.mes
index a491283..49662e6 100644
--- a/src/bin/xfrout/xfrout_messages.mes
+++ b/src/bin/xfrout/xfrout_messages.mes
@@ -56,6 +56,10 @@ are missing on the system, or the PYTHONPATH variable is not correct.
The specific place where this library needs to be depends on your
system and your specific installation.
+% XFROUT_IXFR_REQUEST_MISSING_SOA IXFR client %1: request packet for %2 did not contain SOA RR
+An IXFR request arrived, but it did not contain a SOA RR in its authority
+section. The xfrout daemon will respond with a FORMERR.
+
% XFROUT_IXFR_TRANSFER_STARTED %1 client %2: IXFR transfer of zone %3 has started
An incremental transfer out of the given zone has started.
@@ -150,6 +154,16 @@ on, but the file is in use. The most likely cause is that another
xfrout daemon process is still running. This xfrout daemon (the one
printing this message) will not start.
+% XFROUT_XFR_REQUEST_BAD_TYPE bad question type in transfer request for %1 from %2
+A transfer request for the given zone arrived, but the RR in the question
+section was not of type AXFR or IXFR. This request should not even have
+reached the xfrout daemon, and there appears to be a problem in the module
+that passed it on, please file a bug report if this error is encountered.
+
+% XFROUT_XFR_REQUEST_MISSING_QUESTION empty question section in transfer request from %1
+A transfer request from the given client did not contain a question section.
+The xfrout daemon will respond with a FORMERR.
+
% XFROUT_XFR_TRANSFER_DONE %1 client %2: transfer of %3 complete
The transfer of the given zone has been completed successfully, or was
aborted due to a shutdown event.
More information about the bind10-changes
mailing list