From 045c9678e24ebf26808c2db530de0da72e024f45 Mon Sep 17 00:00:00 2001
From: Andreas Gustafsson <source@isc.org>
Date: Mon, 18 Jun 2001 19:04:32 +0000
Subject: [PATCH] log zone/class when denying zone transfers (patch posted to
 bind9-users by Mark Mentovai <mark-list@mentovai.com>

---
 bin/named/xfrout.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/bin/named/xfrout.c b/bin/named/xfrout.c
index d508462ed2..a8d452e529 100644
--- a/bin/named/xfrout.c
+++ b/bin/named/xfrout.c
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: xfrout.c,v 1.99 2001/06/07 18:18:24 gson Exp $ */
+/* $Id: xfrout.c,v 1.100 2001/06/18 19:04:32 gson Exp $ */
 
 #include <config.h>
 
@@ -873,6 +873,8 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) {
 	dns_peer_t *peer = NULL;
 	isc_buffer_t *tsigbuf = NULL;
 	char *journalfile;
+	char msg[DNS_RDATACLASS_FORMATSIZE + DNS_NAME_FORMATSIZE
+		 + sizeof("zone transfer '/'")];
 
 	switch (reqtype) {
 	case dns_rdatatype_axfr:
@@ -989,7 +991,9 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) {
 	/*
 	 * Decide whether to allow this transfer.
 	 */
-	CHECK(ns_client_checkacl(client, "zone transfer",
+	ns_client_aclmsg("zone transfer", question_name,
+			 client->view->rdclass, msg, sizeof(msg));
+	CHECK(ns_client_checkacl(client, msg,
 				 dns_zone_getxfracl(zone), ISC_TRUE,
 				 ISC_LOG_ERROR));