- unbound-control get_option domain-insecure shows config file items.
- fix retry sequence if prime hints are recursion-lame.
- autotrust anchor file can be initialized with a ZSK key as well.
+ - harden-referral-path does not result in failures due to max-depth.
+ You can increase the max-depth by adding numbers (' 0') after the
+ target-fetch-policy, this increases the depth to which is checked.
26 April 2010: Wouter
- Compile fix using Sun Studio 12 compiler on Solaris 5.9, use
Default off, because it burdens the authority servers, and it is
not RFC standard, and could lead to performance problems because of the
extra query load that is generated. Experimental option.
+If you enable it consider adding more numbers after the target\-fetch\-policy
+to increase the max depth that is checked to.
.TP
.B use\-caps\-for\-id: \fI<yes or no>
Use 0x20\-encoded random bits in the query to foil spoof attempts.
generate_a_aaaa_check(struct module_qstate* qstate, struct iter_qstate* iq,
int id)
{
+ struct iter_env* ie = (struct iter_env*)qstate->env->modinfo[id];
struct module_qstate* subq;
size_t i;
struct reply_info* rep = iq->response->rep;
struct ub_packed_rrset_key* s;
log_assert(iq->dp);
+ if(iq->depth == ie->max_dependency_depth)
+ return;
/* walk through additional, and check if in-zone,
* only relevant A, AAAA are left after scrub anyway */
for(i=rep->an_numrrsets+rep->ns_numrrsets; i<rep->rrset_count; i++) {
static void
generate_ns_check(struct module_qstate* qstate, struct iter_qstate* iq, int id)
{
+ struct iter_env* ie = (struct iter_env*)qstate->env->modinfo[id];
struct module_qstate* subq;
log_assert(iq->dp);
+ if(iq->depth == ie->max_dependency_depth)
+ return;
/* is this query the same as the nscheck? */
if(qstate->qinfo.qtype == LDNS_RR_TYPE_NS &&
query_dname_compare(iq->dp->name, qstate->qinfo.qname)==0 &&
projects / thirdparty / unbound.git / commitdiff
