#!/usr/bin/perl
#
# This program analyses a BIND log file to extract lists of client
# hosts that are taking zone transfers for each zone.
#
# It is used by nsnotify2stealth.
#
# SPDX-License-Identifier: 0BSD OR MIT-0

use warnings;
use strict;

use File::Temp qw(tempfile);

my %zc;

while (<>) {
	# note that this does not match transfers that use a TSIG key,
	# because TSIG clients are not stealth slaves
	next unless m{client\ ([0-9a-f:.]+)\#[0-9]+
		      \ [(]([^()]+)[)]:
		      (?:\ view [^:]+:)?
		      \ transfer\ of\ '[^']+':
		      \ (AXFR|IXFR|AXFR-style IXFR)\ started\ 
	     }x;
	my $client = $1;
	my $zone = lc $2;
	$zc{$zone}{$client} = 1;
}

for my $zone (keys %zc) {
	my $file = $zone eq '.' ? 'root' : $zone;
	my ($tmpfh,$tmpnam) = tempfile("$file.XXXXXXXX");
	print $tmpfh "$_\n" for keys %{$zc{$zone}};
	next if (close $tmpfh)
	    and	(chmod 0666 & ~umask, $tmpnam)
	    and (rename $tmpnam, $file);
	my $errno = $!;
	unlink $tmpnam;
	$! = $errno;
	die "write $zone: $!\n";
}
