auth-zones and DNS NOTIFY

[Harry Schmalzbauer]

Am 04.06.2018 um 11:01 schrieb W.C.A. Wijngaards:
> Hi Harry,
>
> On 02/06/18 19:24, Harry Schmalzbauer wrote:
>> Am 02.06.2018 um 16:44 schrieb Harry Schmalzbauer via Unbound-users:
>>> Am 17.04.2018 um 15:26 schrieb W.C.A. Wijngaards via Unbound-users:
>>>> Hi Harry,
>>>>
>>>> Yes, DNS NOTIFY is implemented in the current code repo version.  You
>>>> can specify additional sources with allow-notify.
>>> Great, thanks a lot!.
>>> Found time to update some production systems, but unfortunately zone
>>> transfer seem to work only initially, then I see these messages logged:
> Thank you very much for the detailed report.  I found the deadlock
> problem and fixed it for the upcoming release.
>
> There is a patch as well in case that is useful for you.  The routine
> simply forgot to unlock in one of the cases for an incoming NOTIFY
> message.  This explains why the other report did not encounter the problem.
>
> Index: services/authzone.c
> ===================================================================
> --- services/authzone.c	(revision 4703)
> +++ services/authzone.c	(working copy)
> @@ -3425,8 +3425,10 @@
>   {
>   	/* if the serial of notify is older than we have, don't fetch
>   	 * a zone, we already have it */
> -	if(has_serial && !xfr_serial_means_update(xfr, serial))
> +	if(has_serial && !xfr_serial_means_update(xfr, serial)) {
> +		lock_basic_unlock(&xfr->lock);
>   		return;
> +	}
>   	/* start new probe with this addr src, or note serial */
>   	if(!xfr_start_probe(xfr, env, fromhost)) {
>   		/* not started because already in progress, note the serial */
>
>
> Best regards, Wouter
>

Kudos!
Highly appreciate your work and support!  Far better than many 
commercial competitors…
Will drop a note after testing, which might not happen before next week :-(

One short question: Does this also address/explain the stall/outage 
(more precisly the "error response SERVFAIL") for stub-zone: matching 
queries?

Thanks,

-harry