dig(1) returns success on AXFR failure
Summary
When a zone transfer using dig(1) fails, the resulting exit status is '0', indicating success.
This makes it difficult to script around dig(1) and goes counter to common unix practice.
BIND version used
BIND 9.14.7 (Extended Support Version) id:d410de0 running on NetBSD amd64 9.3 NetBSD 9.3 (PANIX-VC) #1: Wed Aug 17 12:34:21 EDT 2022 root@juggler.panix.com:/misc/obj64/misc/devel/netbsd/9.3/src/sys/arch/amd64/compile/PANIX-VC built by make with defaults compiled by GCC 7.5.0 compiled with OpenSSL version: OpenSSL 1.1.1k 25 Mar 2021 linked to OpenSSL version: OpenSSL 1.1.1k 25 Mar 2021 compiled with zlib version: 1.2.10 linked to zlib version: 1.2.10 threads support is enabled
Steps to reproduce
$ dig @a.nic.de. AXFR de.
; <<>> DiG 9.14.7 <<>> @a.nic.de. AXFR de.
; (2 servers found)
;; global options: +cmd
; Transfer failed.
$ echo $?
0
$
What is the current bug behavior?
dig(1) exits successfully, (echo $?
yields 0
).
What is the expected correct behavior?
dig(1) should exit with an exit value > 0.
Relevant configuration files
N/A
Relevant logs and/or screenshots
N/A
Possible fixes
https://gitlab.isc.org/isc-projects/bind9/-/blob/main/bin/dig/dighost.c#L3542
Possibly add exitcode = 252;
(or whatever) there? I'm not sure if that bubbles up, but either way that line seems like a good place to start.