Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
127 lines (97 sloc) 3.62 KB

Xfer-Limit Patches

These patches provide the limitation of AXFR data size for "BIND", "NSD", "knotDNS", "PowerDNS".

Usage

BIND

This patch for BIND 9.10.3.

$ wget https://raw.githubusercontent.com/sischkg/xfer-limit/master/bind-9.10.3-xfer-limit-0.0.1.patch
$ wget http://ftp.isc.org/isc/bind9/9.10.3/bind-9.10.3.tar.gz
$ tar xzf bind-9.10.3.tar.gz
$ cd bind-9.10.3
$ patch -p1 < ../bind-9.10.3-xfer-limit-0.0.1.patch
$ ./configure <configure options>
$ make
$ su
# make install

This patch for BIND 9.9.1-P1

$ wget https://raw.githubusercontent.com/sischkg/xfer-limit/master/bind-9.9.9-P1-xfer-limit-0.0.1.patch
$ wget ftp://ftp.isc.org/isc/bind9/9.9.9-P1/bind-9.9.9-P1.tar.gz
$ tar xzf bind-9.9.9-P1.tar.gz
$ cd bind-9.9.9-P1
$ patch -p1 < ../bind-9.9.9-P1-xfer-limit-0.0.1.patch
$ ./configure <configure options>
$ make
$ su
# make install

Add max-transfer-size-in to zone statement in named.conf. max-transfer-size-in specifies the upper size limit(bytes) of received AXFR data.

zone "example.com" {
    type slave;
    masters { 192.168.198.132; };
    file "example.com.db";
    max-transfer-size-in 2000000;
};

NSD

This patch for NSD 4.1.10.

$ wget https://raw.githubusercontent.com/sischkg/xfer-limit/master/nsd-4.1.10-xfer-limit-0.0.3.patch
$ wget http://www.nlnetlabs.nl/downloads/nsd/nsd-4.1.10.tar.gz
$ tar xzf nsd-4.1.10.tar.gz
$ cd nsd-4.1.10
$ patch -p1 < ../nsd-4.1.10-xfer-limit-0.0.3.patch
$ ./configure <configure options>
$ make
$ su
# make install

Add size-limit-xfr to the zone attribute in nsd.conf. size-limit-xfr specifies the upper size limit(bytes) of AXFR temporary file.

zone:
    name: "example.com"
    zonefile: "example.com"
    request-xfr: 192.168.198.132 NOKEY
    size-limit-xfr: 2000000

knot DNS

This patch for knot DNS 1.6.5

$ wget https://raw.githubusercontent.com/sischkg/xfer-limit/master/knot-1.6.5-xfer-limit-0.0.2.patch
$ wget https://secure.nic.cz/files/knot-dns/knot-1.6.5.tar.xz
$ xz -cd knot-1.6.5.tar.xz | tar xf -
$ cd knot-1.6.5
$ patch -p1 < ../knot-1.6.5-xfer-limit-0.0.2.patch
$ ./configure <configure options>
$ make
$ su
# make install

Add xfr-in-limit to the zone options in knot.conf. xfr-in-limit specifies the upper size limit(bytes) of received AXFR data.

example.com {
  file "example.com.zone";
  xfr-in master0;
  xfr-in-limit 2000000;
  notify-in master0;
}

PowerDNS

This patch for PowerDNS 3.4.7.

$ wget https://raw.githubusercontent.com/sischkg/xfer-limit/master/powerdns-3.4.7-xfer-limit-0.0.1.patch
$ wget https://downloads.powerdns.com/releases/pdns-3.4.7.tar.bz2
$ tar xjf pdns-3.4.7.tar.bz2
$ cd pdns-3.4.7
$ patch -p1 < ../powerdns-3.4.7-xfer-limit-0.0.1.patch
$ ./configure <configure options>
$ make
$ su
# make install

Add XFR-SIZE-LIMIT to domainmetadata. XFR-SIZE-LIMIT specifies the upper size limit(bytes) of received AXFR data.

mysql> select id from domains where name = 'example.com';
+----+
| id |
+----+
|  2 |
+----+
1 row in set (0.00 sec)

mysql> insert into domainmetadata (domain_id, kind, content) values (2,'XFR-SIZE-LIMIT','10000000');

mysql> select * from domainmetadata;
+----+-----------+----------------+----------+
| id | domain_id | kind           | content  |
+----+-----------+----------------+----------+
|  2 |         2 | XFR-SIZE-LIMIT | 10000000 |
+----+-----------+----------------+----------+
1 row in set (0.00 sec)
You can’t perform that action at this time.