[ldns-users] AXFR/IXFR support (is wonky)
vmagerya at gmail.com
Mon Apr 11 12:09:50 UTC 2016
Hi, folks. I've just noticed that in ldns 1.6.17
'ldns_resolver_prepare_query_pkt' was changed to use
'ldns_pkt_ixfr_request_new' if requested RR type is IXFR. I don't
think this is useful, since there seems to be no option to specify
the IXFR serial number. In other words, if I want to create an
IXFR query, I can not use '..._prepare_query_pkt'. Ideally I'd
like to have a function that would take an existing query packet,
and do whatever else '..._prepare_query_pkt' was doing.
This change actually broke my code that added SOA records manually
to IXFR queries after '..._prepare_query_pkt'. As a result 'host'
utility in FreeBSD 10.3 (which is actually ldns-host) lost the
ability to create IXFR queries (it sends packets with two SOA
records, and gets a FORMERR reply). Admittedly, modifying a packet
after '..._prepare_query_pkt' looks like an error in itself, in the
general case, correct? If no EDNS/DNSSEC was used, it was working
Next, ldns has some support for AXFR transfers in the form of
'ldns_axfr_start' and related functions. A problem here is that
'ldns_axfr_start' insists on creating it's own query packets,
so it can't be used to start IXFR transfers. It would be useful
to have something like 'ldns_axfr_start', but with the ability to
manually specify the query packet. (For my uses I actually need
interface that would allow me to pull individual response packets,
instead of individual records as 'ldns_axfr_next' does).
As it stands now, I'll need to reimplement 'ldns_axfr_start',
'ldns_resolver_prepare_query_pkt', and 'ldns_pkt_authsoa' to be
able to send IXFR queries.
(I don't actually have questions or requests. Just letting you know
Oh, one more thing: 'ldns_resolver_prepare_query_pkt' doesn't free
whatever 'ldns_rdf_clone(name)' returned, which leaks memory if
'ldns_pkt_query_new' failed. There are no validity checks for it's
value too (it could be NULL). This sort of thing happens in other
places too; I don't know if you care about changing that.
More information about the ldns-users