[2934] (unrelated fix) make sure closing auth TCP socket after first AXFR.

this only happens for very first TCP connection that does not result in
an answer, so wouldn't be very problematic in practice.  but it's still
awkward.

src/lib/asiodns/asiodns_messages.mes

@@ -103,6 +103,12 @@ would be better to not be too verbose, but you might want to increase
 the log level and make sure there's no resource leak or other system
 level troubles when it's logged.
 
+% ASIODNS_TCP_CLOSE_NORESP_FAIL failed to close DNS/TCP socket with a client: %1
+A TCP DNS server tried to close a TCP socket used to communicate with
+a client without returning an answer (which normally happens for zone
+transfer requests), but it failed to do that.  See ASIODNS_TCP_CLOSE_FAIL
+for more details.
+
 % ASIODNS_TCP_GETREMOTE_FAIL failed to get remote address of a DNS TCP connection: %1
 A TCP DNS server tried to get the address and port of a remote client
 on a connected socket but failed.  It's expected to be rare but can

src/lib/asiodns/tcp_server.cc

@@ -235,8 +235,15 @@ TCPServer::operator()(asio::error_code ec, size_t length) {
         // The 'done_' flag indicates whether we have an answer
         // to send back.  If not, exit the coroutine permanently.
         if (!done_) {
+            // Explicitly close() isn't necessary for most cases. But for the
+            // very connection, socket_ is shared with the original owner of
+            // the server object and would stay open.
             // TODO: should we keep the connection open for a short time
             // to see if new requests come in?
+            socket_->close(ec);
+            if (ec) {
+                LOG_DEBUG(logger, 0, ASIODNS_TCP_CLOSE_FAIL).arg(ec.message());
+            }
             return;
         }