Source: knot Version: 2.4.0-3+deb9u1 Severity: normal Hi,
we are using knot as secondary name server with powerdns as primary. With the version of knot shipped with stretch the zone transfer always fails with the following error message: Oct 23 18:42:02 ns1 knotd[7587]: info: [example.org.] refresh, outgoing, 192.0.2.53@53: remote serial 2017102301, zone is outdated Oct 23 18:42:02 ns1 knotd[7587]: info: [example.org.] IXFR, incoming, 192.0.2.53@53: starting Oct 23 18:42:02 ns1 knotd[7587]: warning: [example.org.] IXFR, incoming, 192.0.2.53@53: failed (malformed data) Oct 23 18:42:02 ns1 knotd[7587]: warning: [example.org.] refresh, outgoing, 192.0.2.53@53: fallback to AXFR Oct 23 18:42:02 ns1 knotd[7587]: warning: [example.org.] refresh, remote 'master' not usable Oct 23 18:42:02 ns1 knotd[7587]: error: [example.org.] refresh, failed (no usable master) After several minutes the transfer is retried and fails again with the same error. The bug is fixed upstream already. The corresponding commit is: https://gitlab.labs.nic.cz/knot/knot- dns/commit/b4ff623a1fbe410e1ab2eaa3413f38f613190b8a More information about this bug can be found on the knot mailing list: https://lists.nic.cz/pipermail/knot-dns-users/2017-January/001043.html An adapted patch for the knot version in stretch is attached to this message. Regards, Jens
diff -rNu a/src/knot/events/handlers/refresh.c b/src/knot/events/handlers/refresh.c --- a/src/knot/events/handlers/refresh.c 2017-01-18 16:35:39.000000000 +0100 +++ b/src/knot/events/handlers/refresh.c 2017-10-23 19:15:30.125334866 +0200 @@ -748,6 +748,7 @@ REFRESH_LOG(LOG_WARNING, data->zone->name, data->remote, "fallback to AXFR"); ixfr_cleanup(data); + layer->flags |= KNOT_RQ_LAYER_CLOSE; data->is_ixfr = false; return KNOT_STATE_RESET; } diff -rNu a/src/knot/query/layer.h b/src/knot/query/layer.h --- a/src/knot/query/layer.h 2017-01-18 16:35:39.000000000 +0100 +++ b/src/knot/query/layer.h 2017-10-23 19:15:30.125334866 +0200 @@ -48,6 +48,7 @@ void *data; //!< Module specific. const struct knot_layer_api *api; tsig_ctx_t *tsig; //!< TODO: remove + unsigned flags; //!< Custom flags. }; /*! \brief Packet processing module API. */ diff -rNu a/src/knot/query/requestor.c b/src/knot/query/requestor.c --- a/src/knot/query/requestor.c 2017-01-18 16:35:39.000000000 +0100 +++ b/src/knot/query/requestor.c 2017-10-23 19:15:30.125334866 +0200 @@ -197,6 +197,14 @@ knot_layer_reset(&req->layer); tsig_reset(&last->tsig); + if (req->layer.flags & KNOT_RQ_LAYER_CLOSE) { + req->layer.flags &= ~KNOT_RQ_LAYER_CLOSE; + if (last->fd >= 0) { + close(last->fd); + last->fd = -1; + } + } + if (req->layer.state == KNOT_STATE_RESET) { return KNOT_LAYER_ERROR; } diff -rNu a/src/knot/query/requestor.h b/src/knot/query/requestor.h --- a/src/knot/query/requestor.h 2017-01-18 16:35:39.000000000 +0100 +++ b/src/knot/query/requestor.h 2017-10-23 19:15:30.125334866 +0200 @@ -31,6 +31,10 @@ KNOT_RQ_UDP = 1 << 0 /* Use UDP for requests. */ }; +enum { + KNOT_RQ_LAYER_CLOSE = 1 << 0 +}; + /*! \brief Requestor structure. * * Requestor holds a FIFO of pending queries. @@ -48,7 +52,6 @@ knot_pkt_t *query; knot_pkt_t *resp; tsig_ctx_t tsig; - knot_layer_t layer; knot_sign_context_t sign; /* TODO: Remove. Used in updates only, should be part of the zone update context. */