[9.20] chg: usr: Fall back to TCP on a UDP response with a mismatched query id
BIND used to wait silently for the correct DNS message id on a UDP fetch
even after receiving a response from the expected server with the wrong
id, leaving room for off-path spoofing attempts to keep guessing within
that window. The resolver now retries the fetch over TCP on the first
such response, and a new MismatchTCP statistics counter tracks how
often the fallback fires.
Closes #5449
Backport of MR !12023
Merge branch 'backport-5449-immediate-tcp-fallback-on-id-mismatch-9.20' into 'bind-9.20'
projects / thirdparty / bind9.git / commit
