quic: block attempts to DDNS over QUIC...

...as it doesnt work anyway

doc/configuration.rst

@@ -261,6 +261,8 @@ all notified sequentially in the specified order.
 A secondary zone may serve as a primary zone for a different set of remotes
 at the same time.
 
+.. _dynamic updates:
+
 Dynamic updates
 ===============
 

doc/man/knot.conf.5in

@@ -608,6 +608,14 @@ for incoming queries over QUIC protocol.
 Change of this parameter requires restart of the Knot server to take effect.
 .sp
 \fIDefault:\fP not set
+.sp
+\fBNOTE:\fP
+.INDENT 0.0
+.INDENT 3.5
+Incoming DDNS over QUIC isn\(aqt supported.
+The server always responds with SERVFAIL.
+.UNINDENT
+.UNINDENT
 .SH XDP SECTION
 .sp
 Various options related to XDP listening, especially TCP.

doc/reference.rst

@@ -665,6 +665,10 @@ Change of this parameter requires restart of the Knot server to take effect.
 
 *Default:* not set
 
+.. NOTE::
+   Incoming :ref:`DDNS<dynamic updates>` over QUIC isn't supported.
+   The server always responds with SERVFAIL.
+
 .. _xdp section:
 
 ``xdp`` section

src/knot/nameserver/update.c

@@ -80,7 +80,7 @@ static int update_enqueue(zone_t *zone, knotd_qdata_t *qdata)
 int update_process_query(knot_pkt_t *pkt, knotd_qdata_t *qdata)
 {
 	/* DDNS over XDP not supported. */
-	if (qdata->params->xdp_msg != NULL) {
+	if (qdata->params->xdp_msg != NULL || qdata->params->proto == KNOTD_QUERY_PROTO_QUIC) {
 		qdata->rcode = KNOT_RCODE_SERVFAIL;
 		return KNOT_STATE_FAIL;
 	}