]> git.ipfire.org Git - thirdparty/bind9.git/commit
projects / thirdparty / bind9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cd17dfe) | patch
Retry lookups with unsigned DNAME over TCP
authorMark Andrews <marka@isc.org>
Wed, 13 Aug 2025 03:56:01 +0000 (13:56 +1000)
committerMichał Kępień <michal@isc.org>
Thu, 2 Oct 2025 11:07:06 +0000 (13:07 +0200)
commit4c6d03b0bb2ffbafcde8e8a5bc0e49908b978a72
tree3cd9e1b2ba415c57716dc62fcda51412279c797btree | snapshot
parentcd17dfe696cdf9b8ef23fbc8738de7c79f957846commit | diff
Retry lookups with unsigned DNAME over TCP

To prevent spoofed unsigned DNAME responses being accepted retry
response with unsigned DNAMEs over TCP if the response is not TSIG
signed or there isn't a good DNS CLIENT COOKIE.

To prevent test failures, this required adding TCP support to the
ans3 and ans4 servers in the chain system test.

(cherry picked from commit 2e40705c06831988106335ed77db3cf924d431f6)
bin/tests/system/chain/ans3/ans.pl [deleted file] blob | blame | history
bin/tests/system/chain/ans3/ans.py [new file with mode: 0644] blob
bin/tests/system/chain/ans4/ans.py diff | blob | blame | history
lib/dns/include/dns/message.h diff | blob | blame | history
lib/dns/message.c diff | blob | blame | history
lib/dns/resolver.c diff | blob | blame | history
Mirror of https://gitlab.isc.org/isc-projects/bind9.git