From vmagerya at gmail.com Mon Apr 11 12:09:50 2016 From: vmagerya at gmail.com (Vitaly Magerya) Date: Mon, 11 Apr 2016 15:09:50 +0300 Subject: [ldns-users] AXFR/IXFR support (is wonky) Message-ID: <570B940E.60504@gmail.com> Hi, folks. I've just noticed that in ldns 1.6.17 'ldns_resolver_prepare_query_pkt' was changed to use 'ldns_pkt_ixfr_request_new' if requested RR type is IXFR. I don't think this is useful, since there seems to be no option to specify the IXFR serial number. In other words, if I want to create an IXFR query, I can not use '..._prepare_query_pkt'. Ideally I'd like to have a function that would take an existing query packet, and do whatever else '..._prepare_query_pkt' was doing. This change actually broke my code that added SOA records manually to IXFR queries after '..._prepare_query_pkt'. As a result 'host' utility in FreeBSD 10.3 (which is actually ldns-host) lost the ability to create IXFR queries (it sends packets with two SOA records, and gets a FORMERR reply). Admittedly, modifying a packet after '..._prepare_query_pkt' looks like an error in itself, in the general case, correct? If no EDNS/DNSSEC was used, it was working OK though. Next, ldns has some support for AXFR transfers in the form of 'ldns_axfr_start' and related functions. A problem here is that 'ldns_axfr_start' insists on creating it's own query packets, so it can't be used to start IXFR transfers. It would be useful to have something like 'ldns_axfr_start', but with the ability to manually specify the query packet. (For my uses I actually need interface that would allow me to pull individual response packets, instead of individual records as 'ldns_axfr_next' does). As it stands now, I'll need to reimplement 'ldns_axfr_start', 'ldns_resolver_prepare_query_pkt', and 'ldns_pkt_authsoa' to be able to send IXFR queries. (I don't actually have questions or requests. Just letting you know the situation). Oh, one more thing: 'ldns_resolver_prepare_query_pkt' doesn't free whatever 'ldns_rdf_clone(name)' returned, which leaks memory if 'ldns_pkt_query_new' failed. There are no validity checks for it's value too (it could be NULL). This sort of thing happens in other places too; I don't know if you care about changing that.