diff --git a/src/bin/xfrin/tests/xfrin_test.py b/src/bin/xfrin/tests/xfrin_test.py index 0648ede39a..4000c5bf50 100644 --- a/src/bin/xfrin/tests/xfrin_test.py +++ b/src/bin/xfrin/tests/xfrin_test.py @@ -1344,6 +1344,11 @@ class TestAXFR(TestXfrinConnection): self.assertEqual(TEST_RRCLASS, self._check_zone_params[1]) self.assertTrue(isinstance(self._check_zone_params[2], MockRRsetCollection)) + # Check we can safely call the callbacks. They have no sideeffects + # we can check (checking logging is hard), but we at least check + # they don't crash. + self._check_zone_params[3][0]("Test error") + self._check_zone_params[3][1]("Test warning") def test_axfr_response_extra(self): '''Test with an extra RR after the end of AXFR session. diff --git a/src/bin/xfrin/xfrin.py.in b/src/bin/xfrin/xfrin.py.in index 1ce97b8a86..81fcff2c4d 100755 --- a/src/bin/xfrin/xfrin.py.in +++ b/src/bin/xfrin/xfrin.py.in @@ -423,7 +423,7 @@ class XfrinIXFRAdd(XfrinState): if soa_serial == conn._end_serial: # The final part is there. Check all was signed # and commit it to the database. - conn._finish_transfer() + conn.finish_transfer() self.set_xfrstate(conn, XfrinIXFREnd()) return True elif soa_serial != conn._current_serial: @@ -500,7 +500,7 @@ class XfrinAXFREnd(XfrinState): indicating there will be no more message to receive. """ - conn._finish_transfer() + conn.finish_transfer() return False class XfrinTransferStats: @@ -797,15 +797,20 @@ class XfrinConnection(asyncore.dispatcher): raise XfrinProtocolError('TSIG verify fail: no TSIG on last '+ 'message') - def __validate_error(reason): - # TODO: Log - pass + def __validate_error(self, reason): + ''' + Used as error callback below. + ''' + logger.error(XFRIN_ZONE_INVALID, self._zone_name, self._rrclass, + reason) - def __validate_warning(reason): - # TODO: Log - pass + def __validate_warning(self, reason): + ''' + Used as warning callback below. + ''' + logger.warn(XFRIN_ZONE_WARN, self._zone_name, self._rrclass, reason) - def _finish_transfer(self): + def finish_transfer(self): """ Perform any necessary checks after a transfer. Then complete the transfer by commiting the transaction into the data source. diff --git a/src/bin/xfrin/xfrin_messages.mes b/src/bin/xfrin/xfrin_messages.mes index 770a8b2bd1..9f8af59895 100644 --- a/src/bin/xfrin/xfrin_messages.mes +++ b/src/bin/xfrin/xfrin_messages.mes @@ -228,6 +228,12 @@ zones at a higher level. In future it is more likely that a separate zone management framework is provided, and the situation where the given zone isn't found in xfrout will be treated as an error. +% XFRIN_ZONE_INVALID Newly received zone %1/%2 fails validation: %3 +The zone was received successfully, but it failed validation. The problem +is severe enough that the new version of zone is discarded and the old version, +if any, will stay in use. New transfer will be attempted after some time. +The problem needs to be fixed in the zone data on the remote server. + % XFRIN_ZONE_MULTIPLE_SOA Zone %1 has %2 SOA RRs On starting an xfrin session, it is identified that the zone to be transferred has multiple SOA RRs. Such a zone is broken, but could be @@ -254,3 +260,9 @@ the latest version of the zone. But if the primary server is known to be the real source of the zone, some unexpected inconsistency may have happened, and you may want to take a closer look. In this case xfrin doesn't perform subsequent zone transfer. + +% XFRIN_ZONE_WARN Newly received zone %1/%2 has a problem: %3 +The zone was received successfully, but when checking it, it was discovered +there's some issue with it. It might be correct, but it should be checked +and possibly fixed on the remote server. The problem is described in the +message. The problem does not stop the zone from being used.