some questions about BIND 9's xfrin.c code...

JINMEI Tatuya / 神明達哉 jinmei at isc.org
Tue Oct 4 18:37:24 UTC 2011 

I've been looking at BIND 9's IXFR(-in) implementation and encountered
a few questions.  I was not sure if these should be considered a bug,
so I'm asking these here before actually filing a bug report.

The source file in question is lib/dns/xfrin.c.

1. In xfrin_recv_done(), if an RR is found in the state of
   XFRST_IXFR_END, it will be treated as an error of DNS_R_EXTRADATA
   and xfrin will fail.  But all diffs have been committed to the DB
   by then (and will be visible to clients if the server is multi
   threaded, even if the intermediate changes may become invisible
   once the error is detected).  Is that intentional and okay?

2. Likewise, if an IXFR response consists of multiple difference
   sequences (i.e. multiple SOA changes), each change sequence is
   committed to the DB at the end of the sequence (and will be visible
   to clients).  If an error is detected in a later difference
   sequence, the xfrin process is aborted at that point, but some part
   of the changes have already been visible to clients.  Is that
   intentional and okay?

I guess both these questions are related to this part of RFC1995:

   An IXFR client, should only replace an older version with a newer
   version after all the differences have been successfully processed.
   (section 4)

It's not clear to me whether "all the differences" mean all the
differences of all the sequences or all differences of each sequence.
If it's the former, the BIND 9's behavior seems to break this
specification; if it's the latter, it performs exactly what's
specified.

3. When adding an RR in IXFR, an NS record with a wildcard owner name
   is rejected:

	case XFRST_IXFR_ADD:
...
		if (rdata->type == dns_rdatatype_ns &&
		    dns_name_iswildcard(name))
			FAIL(DNS_R_INVALIDNS);

  This is probably a good practice, but when does it specifically
  check this case, and this case only?  For example,
  rbtdb.c:loading_addrdataset() also rejects wildcard NSEC3 or
  non-origin SOA.  Why shouldn't xfrin also reject them?  I guess we
  could either be very strict or generally accept what the primary
  gives, but the current behavior seems to be incomplete.

---
JINMEI, Tatuya

More information about the bind-users mailing list