Merge pull request #329 from grooverdan/bind-unauth-zonetransfer

Bind unauth zonetransfer.  Closes #323

ChangeLog

@@ -64,6 +64,8 @@ ver. 0.8.11 (2013/XX/XXX) - loves-unittests
   Steven Hiscocks
    * filter.d/dovecot - Addition of session, time values and possible blank
      user
+  Zurd and Daniel Black
+   * filter/named-refused - added refused on zone transfer
 
 ver. 0.8.10 (2013/06/12) - wanna-be-secure
 -----------

THANKS

@@ -57,3 +57,4 @@ Yaroslav Halchenko
 ykimon
 Yehuda Katz
 zugeschmiert
+Zurd

config/filter.d/named-refused.conf

@@ -26,6 +26,7 @@ __line_prefix=(?:\s\S+ %(__daemon_combs_re)s\s+)?
 # Values: TEXT
 #
 failregex = %(__line_prefix)sclient <HOST>#\S+: (view (internal|external): )?query(?: \(cache\))? '.*' denied\s*$
+            %(__line_prefix)sclient <HOST>#\S+: zone transfer '\S+/AXFR/\w+' denied\s*$
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.

testcases/files/logs/named-refused

@@ -10,3 +10,8 @@ Jul 24 14:20:25 raid5 named[3935]: client 148.160.29.6#33081: query (cache) 'shi
 Jul 24 14:23:36 raid5 named[3935]: client 148.160.29.6#33081: query (cache) 'mietberatung.de/NS/IN' denied
 # failJSON: { "time": "2005-07-24T14:23:36", "match": true , "host": "62.109.4.89" }
 Jul 24 14:23:36 raid5 named[3935]: client 62.109.4.89#9334: view external: query (cache) './NS/IN' denied
+# failJSON: { "time": "2013-08-11T03:36:11", "match": true , "host": "1.2.3.4" }
+11-Aug-2013 03:36:11.372 error: client 1.2.3.4#52115: zone transfer 'domain.com/AXFR/IN' denied
+# failJSON: { "time": "2004-08-17T08:20:22", "match": true , "host": "223.252.23.219" }
+Aug 17 08:20:22 catinthehat named[2954]: client 223.252.23.219#56275: zone transfer 'openquery.eu/AXFR/IN' denied
+