ENH: add regex for bad zone transfer request/ TST: add test for bind-9.9 zone transfer denied

2013-08-28 00:53:08 +10:00 · 2013-08-28 00:53:08 +10:00 · a401d11644
parent ef903db3c9
commit a401d11644
2 changed files with 5 additions and 0 deletions
--- a/config/filter.d/named-refused.conf
+++ b/config/filter.d/named-refused.conf
@ -27,6 +27,7 @@ __line_prefix=(?:\s\S+ %(__daemon_combs_re)s\s+)?
 #
 failregex = %(__line_prefix)sclient <HOST>#\S+( \([\S.]+\))?: (view (internal|external): )?query(?: \(cache\))? '.*' denied\s*$
            %(__line_prefix)sclient <HOST>#\S+( \([\S.]+\))?: zone transfer '\S+/AXFR/\w+' denied\s*$
+            %(__line_prefix)sclient <HOST>#\S+( \([\S.]+\))?: bad zone transfer request: '\S+/IN': non-authoritative zone \(NOTAUTH\)\s*$

 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
--- a/testcases/files/logs/named-refused
+++ b/testcases/files/logs/named-refused
@ -19,3 +19,7 @@ Aug 17 08:20:22 catinthehat named[2954]: client 223.252.23.219#56275: zone trans
 # failJSON: { "time": "2013-08-23T10:32:56", "match": true , "host": "82.207.95.42" }
 23-Aug-2013 10:32:56.621 client 82.207.95.42#40278 (redginseng.com.ua): query (cache) 'redginseng.com.ua/A/IN' denied

+# failJSON: { "time": "2013-08-27T17:49:45", "match": true , "host": "59.167.242.100" }
+27-Aug-2013 17:49:45.330 client 59.167.242.100#44281 (watt.kiev.ua): zone transfer 'watt.kiev.ua/AXFR/IN' denied
+# failJSON: { "time": "2013-08-27T16:58:31", "match": true , "host": "176.9.92.38" }
+Aug 27 16:58:31 vhost1-ua named[29206]: client 176.9.92.38#42592 (simmarket.com.ua): bad zone transfer request: 'simmarket.com.ua/IN': non-authoritative zone (NOTAUTH)