* fixed stupid bug in our outbound NOTIFY packets

* fixed problem with immediate IXFR request from downstream Unbound before we have any IXFR chain at all.
dnstapir · May 29, 2024 · 02d2066 · 02d2066
1 parent 0803c23
commit 02d2066
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 2 deletions.
diff --git a/refreshengine.go b/refreshengine.go
@@ -409,7 +409,7 @@ func (td *TemData) NotifyDownstreams() error {
 		m := new(dns.Msg)
 		m.SetNotify(td.Rpz.ZoneName)
 		td.Rpz.Axfr.SOA.Serial = td.Rpz.CurrentSerial
-		m.Ns = append(m.Ns, dns.RR(&td.Rpz.Axfr.SOA))
+		// m.Ns = append(m.Ns, dns.RR(&td.Rpz.Axfr.SOA))
 		dest := net.JoinHostPort(d.Address, strconv.Itoa(d.Port))
 		td.Logger.Printf("RefreshEngine: Notifying downstream %s about new SOA serial (%d) for RPZ zone %s", dest, td.Rpz.Axfr.SOA.Serial, td.Rpz.ZoneName)
 		r, err := dns.Exchange(m, dest)

diff --git a/xfr.go b/xfr.go
@@ -179,7 +179,14 @@ func (td *TemData) RpzIxfrOut(w dns.ResponseWriter, r *dns.Msg) (uint32, int, er
 	zone := td.Rpz.ZoneName
 	td.mu.Unlock()
 
-	if curserial < td.Rpz.IxfrChain[0].FromSerial {
+	if len(td.Rpz.IxfrChain) == 0 {
+		td.Logger.Printf("RpzIxfrOut: Downstream %s claims to have RPZ %s with serial %d, but the IXFR chain is empty; AXFR needed", downstream, zone, curserial)
+		serial, _, err := td.RpzAxfrOut(w, r)
+		if err != nil {
+			return 0, 0, err
+		}
+		return serial, 0, nil
+	} else if curserial < td.Rpz.IxfrChain[0].FromSerial {
 		td.Logger.Printf("RpzIxfrOut: Downstream %s claims to have RPZ %s with serial %d, but the IXFR chain starts at %d; AXFR needed", downstream, zone, curserial, td.Rpz.IxfrChain[0].FromSerial)
 		serial, _, err := td.RpzAxfrOut(w, r)
 		if err != nil {