diff options
| -rw-r--r-- | Gopkg.lock | 2 | ||||
| -rw-r--r-- | vendor/github.com/miekg/dns/xfr.go | 11 | ||||
| -rw-r--r-- | vendor/github.com/miekg/dns/xfr_test.go | 27 |
3 files changed, 37 insertions, 3 deletions
diff --git a/Gopkg.lock b/Gopkg.lock index b24b1b5af..cb5139734 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -233,7 +233,7 @@ branch = "master" name = "github.com/miekg/dns" packages = ["."] - revision = "fb6fbed0f5ec4e418de4f156c18d2e4f9bc854e7" + revision = "e78414ef75607394ad7d917824f07f381df2eafa" [[projects]] name = "github.com/opentracing/opentracing-go" diff --git a/vendor/github.com/miekg/dns/xfr.go b/vendor/github.com/miekg/dns/xfr.go index 7346deffb..576c5590a 100644 --- a/vendor/github.com/miekg/dns/xfr.go +++ b/vendor/github.com/miekg/dns/xfr.go @@ -1,6 +1,7 @@ package dns import ( + "fmt" "time" ) @@ -81,6 +82,10 @@ func (t *Transfer) inAxfr(id uint16, c chan *Envelope) { return } if first { + if in.Rcode != RcodeSuccess { + c <- &Envelope{in.Answer, &Error{err: fmt.Sprintf(errXFR, in.Rcode)}} + return + } if !isSOAFirst(in) { c <- &Envelope{in.Answer, ErrSoa} return @@ -126,6 +131,10 @@ func (t *Transfer) inIxfr(id uint16, c chan *Envelope) { return } if first { + if in.Rcode != RcodeSuccess { + c <- &Envelope{in.Answer, &Error{err: fmt.Sprintf(errXFR, in.Rcode)}} + return + } // A single SOA RR signals "no changes" if len(in.Answer) == 1 && isSOAFirst(in) { c <- &Envelope{in.Answer, nil} @@ -242,3 +251,5 @@ func isSOALast(in *Msg) bool { } return false } + +const errXFR = "bad xfr rcode: %d" diff --git a/vendor/github.com/miekg/dns/xfr_test.go b/vendor/github.com/miekg/dns/xfr_test.go index 1337eec65..a478963a3 100644 --- a/vendor/github.com/miekg/dns/xfr_test.go +++ b/vendor/github.com/miekg/dns/xfr_test.go @@ -4,6 +4,7 @@ package dns import ( "net" + "strings" "testing" "time" ) @@ -16,8 +17,7 @@ func getIP(s string) string { return a[0] } -// flaky, need to setup local server and test from -// that. +// flaky, need to setup local server and test from that. func TestAXFR_Miek(t *testing.T) { // This test runs against a server maintained by Miek if testing.Short() { @@ -159,3 +159,26 @@ func testAXFRSIDN(t *testing.T, host, alg string) { } } } + +func TestAXFRFailNotAuth(t *testing.T) { + // This tests run against a server maintained by SIDN labs, see: + // https://workbench.sidnlabs.nl/ + if testing.Short() { + return + } + x := new(Transfer) + + m := new(Msg) + m.SetAxfr("sidnlabs.nl.") + c, err := x.In(m, "yadifa.sidnlabs.nl:53") + if err != nil { + t.Fatal(err) + } + for e := range c { + if e.Error != nil { + if !strings.HasPrefix(e.Error.Error(), "dns: bad xfr rcode:") { + t.Fatal(e.Error) + } + } + } +} |