[1390] log bad requests

src/bin/xfrout/xfrout.py.in

@@ -39,6 +39,7 @@ from isc.log_messages.xfrout_messages import *
 
 isc.log.init("b10-xfrout")
 logger = isc.log.Logger("xfrout")
+DBG_XFROUT_TRACE = logger.DBGLVL_TRACE_BASIC
 
 try:
     from libutil_io_python import *
@@ -224,39 +225,44 @@ class XfroutSession():
         # the auth server, but since it's far from our xfrout itself,
         # we check it by ourselves.
         if msg.get_rr_count(Message.SECTION_QUESTION) != 1:
-            # TODO: Log?
+            logger.debug(DBG_XFROUT_TRACE, XFROUT_XFR_REQUEST_MISSING_QUESTION,
+                         format_addrinfo(self._remote))
             return Rcode.FORMERR(), msg
 
         request_type = msg.get_question()[0].get_type()
+        zone_name = msg.get_question()[0].get_name()
+        zone_class = msg.get_question()[0].get_class()
 
         # If it is an IXFR query, there should be a SOA in the authority
         # section too
         if request_type == RRType.IXFR():
             if msg.get_rr_count(Message.SECTION_AUTHORITY) != 1:
-                # TODO: Log?
+                logger.debug(DBG_XFROUT_TRACE, XFROUT_IXFR_REQUEST_MISSING_SOA,
+                             format_addrinfo(self._remote),
+                             format_zone_str(zone_name, zone_class))
                 return Rcode.FORMERR(), msg
             self._request_type = 'IXFR'
         elif request_type == RRType.AXFR():
             self._request_type = 'AXFR'
         else:
-            # TODO: Log?
+            logger.error(XFROUT_XFR_REQUEST_BAD_TYPE,
+                         format_zone_str(zone_name, zone_class),
+                         format_addrinfo(self._remote))
             return Rcode.FORMERR(), msg
 
         # ACL checks
-        zone_name = msg.get_question()[0].get_name()
-        zone_class = msg.get_question()[0].get_class()
         acl = self._get_transfer_acl(zone_name, zone_class)
         acl_result = acl.execute(
             isc.acl.dns.RequestContext(self._remote[2], msg.get_tsig_record()))
         if acl_result == DROP:
-            logger.info(XFROUT_QUERY_DROPPED, self._request_type,
-                        format_addrinfo(self._remote),
-                        format_zone_str(zone_name, zone_class))
+            logger.debug(DBG_XFROUT_TRACE, XFROUT_QUERY_DROPPED,
+                         self._request_type, format_addrinfo(self._remote),
+                         format_zone_str(zone_name, zone_class))
             return None, None
         elif acl_result == REJECT:
-            logger.info(XFROUT_QUERY_REJECTED, self._request_type,
-                        format_addrinfo(self._remote),
-                        format_zone_str(zone_name, zone_class))
+            logger.debug(DBG_XFROUT_TRACE, XFROUT_QUERY_REJECTED,
+                         self._request_type, format_addrinfo(self._remote),
+                         format_zone_str(zone_name, zone_class))
             return Rcode.REFUSED(), msg
 
         return rcode, msg

src/bin/xfrout/xfrout_messages.mes

@@ -56,6 +56,10 @@ are missing on the system, or the PYTHONPATH variable is not correct.
 The specific place where this library needs to be depends on your
 system and your specific installation.
 
+% XFROUT_IXFR_REQUEST_MISSING_SOA IXFR client %1: request packet for %2 did not contain SOA RR
+An IXFR request arrived, but it did not contain a SOA RR in its authority
+section. The xfrout daemon will respond with a FORMERR.
+
 % XFROUT_IXFR_TRANSFER_STARTED %1 client %2: IXFR transfer of zone %3 has started
 An incremental transfer out of the given zone has started.
 
@@ -150,6 +154,16 @@ on, but the file is in use. The most likely cause is that another
 xfrout daemon process is still running. This xfrout daemon (the one
 printing this message) will not start.
 
+% XFROUT_XFR_REQUEST_BAD_TYPE bad question type in transfer request for %1 from %2
+A transfer request for the given zone arrived, but the RR in the question
+section was not of type AXFR or IXFR. This request should not even have
+reached the xfrout daemon, and there appears to be a problem in the module
+that passed it on, please file a bug report if this error is encountered.
+
+% XFROUT_XFR_REQUEST_MISSING_QUESTION empty question section in transfer request from %1
+A transfer request from the given client did not contain a question section.
+The xfrout daemon will respond with a FORMERR.
+
 % XFROUT_XFR_TRANSFER_DONE %1 client %2: transfer of %3 complete
 The transfer of the given zone has been completed successfully, or was
 aborted due to a shutdown event.