You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

546 lines
19 KiB

  1. #include "arguments.hh"
  2. #include "dnsparser.hh"
  3. #include "dnsrecords.hh"
  4. #include "ixfr.hh"
  5. #include "syncres.hh"
  6. #include "axfr-retriever.hh"
  7. #include "logger.hh"
  8. #include "rec-lua-conf.hh"
  9. #include "rpzloader.hh"
  10. #include "zoneparser-tng.hh"
  11. #include "threadname.hh"
  12. #include "query-local-address.hh"
  13. Netmask makeNetmaskFromRPZ(const DNSName& name)
  14. {
  15. auto parts = name.getRawLabels();
  16. /*
  17. * why 2?, the minimally valid IPv6 address that can be encoded in an RPZ is
  18. * $NETMASK.zz (::/$NETMASK)
  19. * Terrible right?
  20. */
  21. if(parts.size() < 2 || parts.size() > 9)
  22. throw PDNSException("Invalid IP address in RPZ: "+name.toLogString());
  23. bool isV6 = (stoi(parts[0]) > 32);
  24. bool hadZZ = false;
  25. for (auto &part : parts) {
  26. // Check if we have an IPv4 octet
  27. for (auto c : part)
  28. if (!isdigit(c))
  29. isV6 = true;
  30. if (pdns_iequals(part,"zz")) {
  31. if (hadZZ)
  32. throw PDNSException("more than one 'zz' label found in RPZ name"+name.toLogString());
  33. part = "";
  34. isV6 = true;
  35. hadZZ = true;
  36. }
  37. }
  38. if (isV6 && parts.size() < 9 && !hadZZ)
  39. throw PDNSException("No 'zz' label found in an IPv6 RPZ name shorter than 9 elements: "+name.toLogString());
  40. if (parts.size() == 5 && !isV6)
  41. return Netmask(parts[4]+"."+parts[3]+"."+parts[2]+"."+parts[1]+"/"+parts[0]);
  42. string v6;
  43. if (parts[parts.size()-1] == "") {
  44. v6 += ":";
  45. }
  46. for (uint8_t i = parts.size()-1 ; i > 0; i--) {
  47. v6 += parts[i];
  48. if (i > 1 || (i == 1 && parts[i] == "")) {
  49. v6 += ":";
  50. }
  51. }
  52. v6 += "/" + parts[0];
  53. return Netmask(v6);
  54. }
  55. static void RPZRecordToPolicy(const DNSRecord& dr, std::shared_ptr<DNSFilterEngine::Zone> zone, bool addOrRemove, boost::optional<DNSFilterEngine::Policy> defpol, bool defpolOverrideLocal, uint32_t maxTTL)
  56. {
  57. static const DNSName drop("rpz-drop."), truncate("rpz-tcp-only."), noaction("rpz-passthru.");
  58. static const DNSName rpzClientIP("rpz-client-ip"), rpzIP("rpz-ip"),
  59. rpzNSDname("rpz-nsdname"), rpzNSIP("rpz-nsip.");
  60. static const std::string rpzPrefix("rpz-");
  61. DNSFilterEngine::Policy pol;
  62. bool defpolApplied = false;
  63. if(dr.d_class != QClass::IN) {
  64. return;
  65. }
  66. if(dr.d_type == QType::CNAME) {
  67. auto crc = getRR<CNAMERecordContent>(dr);
  68. if (!crc) {
  69. return;
  70. }
  71. auto crcTarget=crc->getTarget();
  72. if(defpol) {
  73. pol=*defpol;
  74. defpolApplied = true;
  75. }
  76. else if(crcTarget.isRoot()) {
  77. // cerr<<"Wants NXDOMAIN for "<<dr.d_name<<": ";
  78. pol.d_kind = DNSFilterEngine::PolicyKind::NXDOMAIN;
  79. } else if(crcTarget==g_wildcarddnsname) {
  80. // cerr<<"Wants NODATA for "<<dr.d_name<<": ";
  81. pol.d_kind = DNSFilterEngine::PolicyKind::NODATA;
  82. }
  83. else if(crcTarget==drop) {
  84. // cerr<<"Wants DROP for "<<dr.d_name<<": ";
  85. pol.d_kind = DNSFilterEngine::PolicyKind::Drop;
  86. }
  87. else if(crcTarget==truncate) {
  88. // cerr<<"Wants TRUNCATE for "<<dr.d_name<<": ";
  89. pol.d_kind = DNSFilterEngine::PolicyKind::Truncate;
  90. }
  91. else if(crcTarget==noaction) {
  92. // cerr<<"Wants NOACTION for "<<dr.d_name<<": ";
  93. pol.d_kind = DNSFilterEngine::PolicyKind::NoAction;
  94. }
  95. /* "The special RPZ encodings which are not to be taken as Local Data are
  96. CNAMEs with targets that are:
  97. + "." (NXDOMAIN action),
  98. + "*." (NODATA action),
  99. + a top level domain starting with "rpz-",
  100. + a child of a top level domain starting with "rpz-".
  101. */
  102. else if(!crcTarget.empty() && !crcTarget.isRoot() && crcTarget.getRawLabel(crcTarget.countLabels() - 1).compare(0, rpzPrefix.length(), rpzPrefix) == 0) {
  103. /* this is very likely an higher format number or a configuration error,
  104. let's just ignore it. */
  105. g_log<<Logger::Info<<"Discarding unsupported RPZ entry "<<crcTarget<<" for "<<dr.d_name<<endl;
  106. return;
  107. }
  108. else {
  109. pol.d_kind = DNSFilterEngine::PolicyKind::Custom;
  110. pol.d_custom.emplace_back(dr.d_content);
  111. // cerr<<"Wants custom "<<crcTarget<<" for "<<dr.d_name<<": ";
  112. }
  113. }
  114. else {
  115. if (defpol && defpolOverrideLocal) {
  116. pol=*defpol;
  117. defpolApplied = true;
  118. }
  119. else {
  120. pol.d_kind = DNSFilterEngine::PolicyKind::Custom;
  121. pol.d_custom.emplace_back(dr.d_content);
  122. // cerr<<"Wants custom "<<dr.d_content->getZoneRepresentation()<<" for "<<dr.d_name<<": ";
  123. }
  124. }
  125. if (!defpolApplied || defpol->d_ttl < 0) {
  126. pol.d_ttl = static_cast<int32_t>(std::min(maxTTL, dr.d_ttl));
  127. } else {
  128. pol.d_ttl = static_cast<int32_t>(std::min(maxTTL, static_cast<uint32_t>(pol.d_ttl)));
  129. }
  130. // now to DO something with that
  131. if(dr.d_name.isPartOf(rpzNSDname)) {
  132. DNSName filt=dr.d_name.makeRelative(rpzNSDname);
  133. if(addOrRemove)
  134. zone->addNSTrigger(filt, std::move(pol), defpolApplied);
  135. else
  136. zone->rmNSTrigger(filt, std::move(pol));
  137. } else if(dr.d_name.isPartOf(rpzClientIP)) {
  138. DNSName filt=dr.d_name.makeRelative(rpzClientIP);
  139. auto nm=makeNetmaskFromRPZ(filt);
  140. if(addOrRemove)
  141. zone->addClientTrigger(nm, std::move(pol), defpolApplied);
  142. else
  143. zone->rmClientTrigger(nm, std::move(pol));
  144. } else if(dr.d_name.isPartOf(rpzIP)) {
  145. // cerr<<"Should apply answer content IP policy: "<<dr.d_name<<endl;
  146. DNSName filt=dr.d_name.makeRelative(rpzIP);
  147. auto nm=makeNetmaskFromRPZ(filt);
  148. if(addOrRemove)
  149. zone->addResponseTrigger(nm, std::move(pol), defpolApplied);
  150. else
  151. zone->rmResponseTrigger(nm, std::move(pol));
  152. } else if(dr.d_name.isPartOf(rpzNSIP)) {
  153. DNSName filt=dr.d_name.makeRelative(rpzNSIP);
  154. auto nm=makeNetmaskFromRPZ(filt);
  155. if(addOrRemove)
  156. zone->addNSIPTrigger(nm, std::move(pol), defpolApplied);
  157. else
  158. zone->rmNSIPTrigger(nm, std::move(pol));
  159. } else {
  160. if(addOrRemove) {
  161. /* if we did override the existing policy with the default policy,
  162. we might turn two A or AAAA into a CNAME, which would trigger
  163. an exception. Let's just ignore it. */
  164. zone->addQNameTrigger(dr.d_name, std::move(pol), defpolApplied);
  165. }
  166. else {
  167. zone->rmQNameTrigger(dr.d_name, std::move(pol));
  168. }
  169. }
  170. }
  171. static shared_ptr<SOARecordContent> loadRPZFromServer(const ComboAddress& master, const DNSName& zoneName, std::shared_ptr<DNSFilterEngine::Zone> zone, boost::optional<DNSFilterEngine::Policy> defpol, bool defpolOverrideLocal, uint32_t maxTTL, const TSIGTriplet& tt, size_t maxReceivedBytes, const ComboAddress& localAddress, uint16_t axfrTimeout)
  172. {
  173. g_log<<Logger::Warning<<"Loading RPZ zone '"<<zoneName<<"' from "<<master.toStringWithPort()<<endl;
  174. if(!tt.name.empty())
  175. g_log<<Logger::Warning<<"With TSIG key '"<<tt.name<<"' of algorithm '"<<tt.algo<<"'"<<endl;
  176. ComboAddress local(localAddress);
  177. if (local == ComboAddress())
  178. local = pdns::getQueryLocalAddress(master.sin4.sin_family, 0);
  179. AXFRRetriever axfr(master, zoneName, tt, &local, maxReceivedBytes, axfrTimeout);
  180. unsigned int nrecords=0;
  181. Resolver::res_t nop;
  182. vector<DNSRecord> chunk;
  183. time_t last=0;
  184. time_t axfrStart = time(nullptr);
  185. time_t axfrNow = time(nullptr);
  186. shared_ptr<SOARecordContent> sr;
  187. while(axfr.getChunk(nop, &chunk, (axfrStart + axfrTimeout - axfrNow))) {
  188. for(auto& dr : chunk) {
  189. if(dr.d_type==QType::NS || dr.d_type==QType::TSIG) {
  190. continue;
  191. }
  192. dr.d_name.makeUsRelative(zoneName);
  193. if(dr.d_type==QType::SOA) {
  194. sr = getRR<SOARecordContent>(dr);
  195. continue;
  196. }
  197. RPZRecordToPolicy(dr, zone, true, defpol, defpolOverrideLocal, maxTTL);
  198. nrecords++;
  199. }
  200. axfrNow = time(nullptr);
  201. if (axfrNow < axfrStart || axfrNow - axfrStart > axfrTimeout) {
  202. throw PDNSException("Total AXFR time exceeded!");
  203. }
  204. if(last != time(0)) {
  205. g_log<<Logger::Info<<"Loaded & indexed "<<nrecords<<" policy records so far for RPZ zone '"<<zoneName<<"'"<<endl;
  206. last=time(0);
  207. }
  208. }
  209. g_log<<Logger::Info<<"Done: "<<nrecords<<" policy records active, SOA: "<<sr->getZoneRepresentation()<<endl;
  210. return sr;
  211. }
  212. // this function is silent - you do the logging
  213. std::shared_ptr<SOARecordContent> loadRPZFromFile(const std::string& fname, std::shared_ptr<DNSFilterEngine::Zone> zone, boost::optional<DNSFilterEngine::Policy> defpol, bool defpolOverrideLocal, uint32_t maxTTL)
  214. {
  215. shared_ptr<SOARecordContent> sr = nullptr;
  216. ZoneParserTNG zpt(fname);
  217. zpt.setMaxGenerateSteps(::arg().asNum("max-generate-steps"));
  218. DNSResourceRecord drr;
  219. DNSName domain;
  220. while(zpt.get(drr)) {
  221. try {
  222. if(drr.qtype.getCode() == QType::CNAME && drr.content.empty())
  223. drr.content=".";
  224. DNSRecord dr(drr);
  225. if(dr.d_type == QType::SOA) {
  226. sr = getRR<SOARecordContent>(dr);
  227. domain = dr.d_name;
  228. zone->setDomain(domain);
  229. }
  230. else if(dr.d_type == QType::NS) {
  231. continue;
  232. }
  233. else {
  234. dr.d_name=dr.d_name.makeRelative(domain);
  235. RPZRecordToPolicy(dr, zone, true, defpol, defpolOverrideLocal, maxTTL);
  236. }
  237. }
  238. catch(const PDNSException& pe) {
  239. throw PDNSException("Issue parsing '"+drr.qname.toLogString()+"' '"+drr.content+"' at "+zpt.getLineOfFile()+": "+pe.reason);
  240. }
  241. }
  242. if (sr != nullptr) {
  243. zone->setRefresh(sr->d_st.refresh);
  244. }
  245. return sr;
  246. }
  247. static std::unordered_map<std::string, shared_ptr<rpzStats> > s_rpzStats;
  248. static std::mutex s_rpzStatsMutex;
  249. shared_ptr<rpzStats> getRPZZoneStats(const std::string& zone)
  250. {
  251. std::lock_guard<std::mutex> l(s_rpzStatsMutex);
  252. if (s_rpzStats.find(zone) == s_rpzStats.end()) {
  253. s_rpzStats[zone] = std::make_shared<rpzStats>();
  254. }
  255. return s_rpzStats[zone];
  256. }
  257. static void incRPZFailedTransfers(const std::string& zone)
  258. {
  259. auto stats = getRPZZoneStats(zone);
  260. if (stats != nullptr)
  261. stats->d_failedTransfers++;
  262. }
  263. static void setRPZZoneNewState(const std::string& zone, uint32_t serial, uint64_t numberOfRecords, bool wasAXFR)
  264. {
  265. auto stats = getRPZZoneStats(zone);
  266. if (stats == nullptr)
  267. return;
  268. stats->d_successfulTransfers++;
  269. if (wasAXFR) {
  270. stats->d_fullTransfers++;
  271. }
  272. stats->d_lastUpdate = time(nullptr);
  273. stats->d_serial = serial;
  274. stats->d_numberOfRecords = numberOfRecords;
  275. }
  276. static bool dumpZoneToDisk(const DNSName& zoneName, const std::shared_ptr<DNSFilterEngine::Zone>& newZone, const std::string& dumpZoneFileName)
  277. {
  278. std::string temp = dumpZoneFileName + "XXXXXX";
  279. int fd = mkstemp(&temp.at(0));
  280. if (fd < 0) {
  281. g_log<<Logger::Warning<<"Unable to open a file to dump the content of the RPZ zone "<<zoneName<<endl;
  282. return false;
  283. }
  284. auto fp = std::unique_ptr<FILE, int(*)(FILE*)>(fdopen(fd, "w+"), fclose);
  285. if (!fp) {
  286. close(fd);
  287. g_log<<Logger::Warning<<"Unable to open a file pointer to dump the content of the RPZ zone "<<zoneName<<endl;
  288. return false;
  289. }
  290. fd = -1;
  291. try {
  292. newZone->dump(fp.get());
  293. }
  294. catch(const std::exception& e) {
  295. g_log<<Logger::Warning<<"Error while dumping the content of the RPZ zone "<<zoneName<<": "<<e.what()<<endl;
  296. return false;
  297. }
  298. if (fflush(fp.get()) != 0) {
  299. g_log<<Logger::Warning<<"Error while flushing the content of the RPZ zone "<<zoneName<<" to the dump file: "<<stringerror()<<endl;
  300. return false;
  301. }
  302. if (fsync(fileno(fp.get())) != 0) {
  303. g_log<<Logger::Warning<<"Error while syncing the content of the RPZ zone "<<zoneName<<" to the dump file: "<<stringerror()<<endl;
  304. return false;
  305. }
  306. if (fclose(fp.release()) != 0) {
  307. g_log<<Logger::Warning<<"Error while writing the content of the RPZ zone "<<zoneName<<" to the dump file: "<<stringerror()<<endl;
  308. return false;
  309. }
  310. if (rename(temp.c_str(), dumpZoneFileName.c_str()) != 0) {
  311. g_log<<Logger::Warning<<"Error while moving the content of the RPZ zone "<<zoneName<<" to the dump file: "<<stringerror()<<endl;
  312. return false;
  313. }
  314. return true;
  315. }
  316. void RPZIXFRTracker(const std::vector<ComboAddress>& masters, boost::optional<DNSFilterEngine::Policy> defpol, bool defpolOverrideLocal, uint32_t maxTTL, size_t zoneIdx, const TSIGTriplet& tt, size_t maxReceivedBytes, const ComboAddress& localAddress, const uint16_t axfrTimeout, const uint32_t refreshFromConf, std::shared_ptr<SOARecordContent> sr, std::string dumpZoneFileName, uint64_t configGeneration)
  317. {
  318. setThreadName("pdns-r/RPZIXFR");
  319. bool isPreloaded = sr != nullptr;
  320. auto luaconfsLocal = g_luaconfs.getLocal();
  321. /* we can _never_ modify this zone directly, we need to do a full copy then replace the existing zone */
  322. std::shared_ptr<DNSFilterEngine::Zone> oldZone = luaconfsLocal->dfe.getZone(zoneIdx);
  323. if (!oldZone) {
  324. g_log<<Logger::Error<<"Unable to retrieve RPZ zone with index "<<zoneIdx<<" from the configuration, exiting"<<endl;
  325. return;
  326. }
  327. time_t refresh;
  328. DNSName zoneName = oldZone->getDomain();
  329. std::string polName = oldZone->getName().empty() ? oldZone->getName() : zoneName.toString();
  330. while (!sr) {
  331. /* if we received an empty sr, the zone was not really preloaded */
  332. /* full copy, as promised */
  333. std::shared_ptr<DNSFilterEngine::Zone> newZone = std::make_shared<DNSFilterEngine::Zone>(*oldZone);
  334. for (const auto& master : masters) {
  335. try {
  336. refresh = refreshFromConf ? refreshFromConf : 10U;
  337. sr = loadRPZFromServer(master, zoneName, newZone, defpol, defpolOverrideLocal, maxTTL, tt, maxReceivedBytes, localAddress, axfrTimeout);
  338. newZone->setSerial(sr->d_st.serial);
  339. newZone->setRefresh(sr->d_st.refresh);
  340. // This period gets used below this loop
  341. oldZone->setRefresh(sr->d_st.refresh);
  342. setRPZZoneNewState(polName, sr->d_st.serial, newZone->size(), true);
  343. g_luaconfs.modify([zoneIdx, &newZone](LuaConfigItems& lci) {
  344. lci.dfe.setZone(zoneIdx, newZone);
  345. });
  346. if (!dumpZoneFileName.empty()) {
  347. dumpZoneToDisk(zoneName, newZone, dumpZoneFileName);
  348. }
  349. /* no need to try another master */
  350. break;
  351. }
  352. catch(const std::exception& e) {
  353. g_log<<Logger::Warning<<"Unable to load RPZ zone '"<<zoneName<<"' from '"<<master<<"': '"<<e.what()<<"'. (Will try again in "<<refresh<<" seconds...)"<<endl;
  354. incRPZFailedTransfers(polName);
  355. }
  356. catch(const PDNSException& e) {
  357. g_log<<Logger::Warning<<"Unable to load RPZ zone '"<<zoneName<<"' from '"<<master<<"': '"<<e.reason<<"'. (Will try again in "<<refresh<<" seconds...)"<<endl;
  358. incRPZFailedTransfers(polName);
  359. }
  360. }
  361. if (!sr) {
  362. sleep(refresh);
  363. }
  364. }
  365. refresh = std::max(refreshFromConf ? refreshFromConf : oldZone->getRefresh(), 1U);
  366. bool skipRefreshDelay = isPreloaded;
  367. for(;;) {
  368. DNSRecord dr;
  369. dr.d_content=sr;
  370. if (skipRefreshDelay) {
  371. skipRefreshDelay = false;
  372. }
  373. else {
  374. sleep(refresh);
  375. }
  376. if (luaconfsLocal->generation != configGeneration) {
  377. /* the configuration has been reloaded, meaning that a new thread
  378. has been started to handle that zone and we are now obsolete.
  379. */
  380. g_log<<Logger::Info<<"A more recent configuration has been found, stopping the existing RPZ update thread for "<<zoneName<<endl;
  381. return;
  382. }
  383. vector<pair<vector<DNSRecord>, vector<DNSRecord> > > deltas;
  384. for (const auto& master : masters) {
  385. g_log<<Logger::Info<<"Getting IXFR deltas for "<<zoneName<<" from "<<master.toStringWithPort()<<", our serial: "<<getRR<SOARecordContent>(dr)->d_st.serial<<endl;
  386. ComboAddress local(localAddress);
  387. if (local == ComboAddress()) {
  388. local = pdns::getQueryLocalAddress(master.sin4.sin_family, 0);
  389. }
  390. try {
  391. deltas = getIXFRDeltas(master, zoneName, dr, tt, &local, maxReceivedBytes);
  392. /* no need to try another master */
  393. break;
  394. } catch(const std::runtime_error& e ){
  395. g_log<<Logger::Warning<<e.what()<<endl;
  396. incRPZFailedTransfers(polName);
  397. continue;
  398. }
  399. }
  400. if(deltas.empty()) {
  401. continue;
  402. }
  403. try {
  404. g_log<<Logger::Info<<"Processing "<<deltas.size()<<" delta"<<addS(deltas)<<" for RPZ "<<zoneName<<endl;
  405. oldZone = luaconfsLocal->dfe.getZone(zoneIdx);
  406. /* we need to make a _full copy_ of the zone we are going to work on */
  407. std::shared_ptr<DNSFilterEngine::Zone> newZone = std::make_shared<DNSFilterEngine::Zone>(*oldZone);
  408. /* initialize the current serial to the last one */
  409. std::shared_ptr<SOARecordContent> currentSR = sr;
  410. int totremove=0, totadd=0;
  411. bool fullUpdate = false;
  412. for(const auto& delta : deltas) {
  413. const auto& remove = delta.first;
  414. const auto& add = delta.second;
  415. if(remove.empty()) {
  416. g_log<<Logger::Warning<<"IXFR update is a whole new zone"<<endl;
  417. newZone->clear();
  418. fullUpdate = true;
  419. }
  420. for(const auto& rr : remove) { // should always contain the SOA
  421. if(rr.d_type == QType::NS)
  422. continue;
  423. if(rr.d_type == QType::SOA) {
  424. auto oldsr = getRR<SOARecordContent>(rr);
  425. if (oldsr && oldsr->d_st.serial == currentSR->d_st.serial) {
  426. // cout<<"Got good removal of SOA serial "<<oldsr->d_st.serial<<endl;
  427. }
  428. else {
  429. if (!oldsr) {
  430. throw std::runtime_error("Unable to extract serial from SOA record while processing the removal part of an update");
  431. }
  432. else {
  433. throw std::runtime_error("Received an unexpected serial (" + std::to_string(oldsr->d_st.serial) + ", expecting " + std::to_string(currentSR->d_st.serial) + ") from SOA record while processing the removal part of an update");
  434. }
  435. }
  436. }
  437. else {
  438. totremove++;
  439. g_log<<(g_logRPZChanges ? Logger::Info : Logger::Debug)<<"Had removal of "<<rr.d_name<<" from RPZ zone "<<zoneName<<endl;
  440. RPZRecordToPolicy(rr, newZone, false, defpol, defpolOverrideLocal, maxTTL);
  441. }
  442. }
  443. for(const auto& rr : add) { // should always contain the new SOA
  444. if(rr.d_type == QType::NS)
  445. continue;
  446. if(rr.d_type == QType::SOA) {
  447. auto tempSR = getRR<SOARecordContent>(rr);
  448. // g_log<<Logger::Info<<"New SOA serial for "<<zoneName<<": "<<currentSR->d_st.serial<<endl;
  449. if (tempSR) {
  450. currentSR = tempSR;
  451. }
  452. }
  453. else {
  454. totadd++;
  455. g_log<<(g_logRPZChanges ? Logger::Info : Logger::Debug)<<"Had addition of "<<rr.d_name<<" to RPZ zone "<<zoneName<<endl;
  456. RPZRecordToPolicy(rr, newZone, true, defpol, defpolOverrideLocal, maxTTL);
  457. }
  458. }
  459. }
  460. /* only update sr now that all changes have been converted */
  461. if (currentSR) {
  462. sr = currentSR;
  463. }
  464. g_log<<Logger::Info<<"Had "<<totremove<<" RPZ removal"<<addS(totremove)<<", "<<totadd<<" addition"<<addS(totadd)<<" for "<<zoneName<<" New serial: "<<sr->d_st.serial<<endl;
  465. newZone->setSerial(sr->d_st.serial);
  466. newZone->setRefresh(sr->d_st.refresh);
  467. setRPZZoneNewState(polName, sr->d_st.serial, newZone->size(), fullUpdate);
  468. /* we need to replace the existing zone with the new one,
  469. but we don't want to touch anything else, especially other zones,
  470. since they might have been updated by another RPZ IXFR tracker thread.
  471. */
  472. g_luaconfs.modify([zoneIdx, &newZone](LuaConfigItems& lci) {
  473. lci.dfe.setZone(zoneIdx, newZone);
  474. });
  475. if (!dumpZoneFileName.empty()) {
  476. dumpZoneToDisk(zoneName, newZone, dumpZoneFileName);
  477. }
  478. refresh = std::max(refreshFromConf ? refreshFromConf : newZone->getRefresh(), 1U);
  479. }
  480. catch (const std::exception& e) {
  481. g_log << Logger::Error << "Error while applying the update received over XFR for "<<zoneName<<", skipping the update: "<< e.what() <<endl;
  482. }
  483. }
  484. }