]> git.ipfire.org Git - thirdparty/strongswan.git/commit
projects / thirdparty / strongswan.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5b9c46b) | patch
testing: Allow DNS via TCP in net2net-dnscert scenario
authorTobias Brunner <tobias@strongswan.org>
Wed, 22 Sep 2021 11:28:53 +0000 (13:28 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 1 Oct 2021 13:05:44 +0000 (15:05 +0200)
commitccac9c30479e37464f02676b55a4521de13b2e67
tree7c7ae542a19b7988f16e09ffb214bb33a3ba436btree
parent5b9c46b98871dde5e4a9290f0022f402c6385d34commit | diff
testing: Allow DNS via TCP in net2net-dnscert scenario

New versions of Bind limit the maximum UDP message size to 1232 bytes,
which is the same that newer versions of libunbound propose as maximum via
EDNS in requests, so increasing the limit on the server wouldn't help.

Instead we allow DNS via TCP so the client can switch after receiving the
truncated UDP response.
testing/tests/ikev2/net2net-dnscert/hosts/moon/etc/iptables.rules diff | blob | blame | history
testing/tests/ikev2/net2net-dnscert/hosts/sun/etc/iptables.rules diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.