[nsd-users] allow-notify SUBNET and request-xfr inconsistency

Ilya Bakulin Ilya_Bakulin at genua.de
Mon Jul 30 11:51:42 UTC 2012 

Hi Yuri,
thank you for your fix!
There is one small problem with it. The following code in xfrd.c:
>                 /* First, see if our notifier has a match in provide-xfr */
>                 xfr_acl = acl_find_num(
>                         zone->zone_options->request_xfr, acl_num_xfr);
>
>                 if (xfr_acl) {
>                         next = acl_num_xfr;
>                 } /* If not, find master that matches notifiers ACL entry
> */ else {
>                         next = find_same_master_notify(zone, acl_num);
>                         if(next != -1) {
>                                 zone->next_master = next;
>                                 DEBUG(DEBUG_XFRD,1, (LOG_INFO,
>                                         "xfrd: notify set next master to
> query %d", next));
>                         }
>                 }
doesn't work correctly, because after assigning value of "acl_num_xfr" 
to "next" variable it is never used. I have corrected this as follows:
>                 /* First, see if our notifier has a match in provide-xfr */
>                 xfr_acl = acl_find_num(
>                         zone->zone_options->request_xfr, acl_num_xfr);
>
>                 if (xfr_acl) {
>                         next = acl_num_xfr;
>                 } /* If not, find master that matches notifiers ACL entry
> */ else {
>                         next = find_same_master_notify(zone, acl_num);
>                 }
>                 if(next != -1) {
>                   zone->next_master = next;
>                   DEBUG(DEBUG_XFRD,1, (LOG_INFO,
>                                        "xfrd: notify set next master to
> query %d", next));
>                 }

And now it works correctly.

On Friday 27 July 2012 17:22:03 Yuri Schaeffer wrote:
> Hello Ilya,
>
> > I have tested suggested workaround and it works as expected.
> > We will now wait for your fix.
>
> As of revision 3621 in the NSD_3_2 branch NSD should select the notifier
> to XFR from as a first try. Even if allow-notify specifies a subnet.
> I.e. IFF the notifying host matches a request-xfr entry exactly. This
> also means you should use the same key for allow-notify and request-xfr
> for that particular host (or both NOKEY).
>
> Thank you for reporting your observations!
>
> Regards,
> Yuri

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20120730/c569eb8f/attachment.bin>

More information about the nsd-users mailing list