From: Otto Moerbeek Date: Wed, 26 Nov 2025 11:13:36 +0000 (+0100) Subject: Change default of recursor.any_to_tcp to true X-Git-Tag: rec-5.4.0-alpha1~37^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=015476f7ca73ea5779a61867abe5832ab9d22998;p=thirdparty%2Fpdns.git Change default of recursor.any_to_tcp to true This is the client side handling. Signed-off-by: Otto Moerbeek --- diff --git a/pdns/recursordist/docs/upgrade.rst b/pdns/recursordist/docs/upgrade.rst index 5ad43f9c7c..2b199e8f00 100644 --- a/pdns/recursordist/docs/upgrade.rst +++ b/pdns/recursordist/docs/upgrade.rst @@ -14,6 +14,10 @@ New Settings - The :ref:`setting-yaml-outgoing.cookies_unsupported` setting has been introduced to permanently mark authoritative servers as not supporting cookies. - The :ref:`setting-yaml-outgoing.tls_configurations` setting has been introduced to be able to force certificate validation and other properties of outgoing DoT connections. +Changed Settings +^^^^^^^^^^^^^^^^ +- The default value of :ref:`setting-yaml-recursor.any_to_tcp` has been changed to ``true``. + :program:`rec_control` ^^^^^^^^^^^^^^^^^^^^^^ @@ -420,14 +424,14 @@ Offensive language Synonyms for various settings names containing ``master``, ``slave``, ``whitelist`` and ``blacklist`` have been introduced. -- For :ref:`setting-stats-api-blacklist` use :ref:`setting-stats-api-disabled-list`. -- For :ref:`setting-stats-carbon-blacklist` use :ref:`setting-stats-carbon-disabled-list`. -- For :ref:`setting-stats-rec-control-blacklist` use :ref:`setting-stats-rec-control-disabled-list`. -- For :ref:`setting-stats-snmp-blacklist` use :ref:`setting-stats-snmp-disabled-list`. -- For :ref:`setting-edns-subnet-whitelist` use :ref:`setting-edns-subnet-allow-list`. -- For :ref:`setting-new-domain-whitelist` use :ref:`setting-new-domain-ignore-list`. -- For :ref:`setting-snmp-master-socket` use :ref:`setting-snmp-daemon-socket`. -- For the LUA config function :func:`rpzMaster` use :func:`rpzPrimary`. +- For ``setting-stats-api-blacklist`` use :ref:`setting-stats-api-disabled-list`. +- For ``setting-stats-carbon-blacklist`` use :ref:`setting-stats-carbon-disabled-list`. +- For ``setting-stats-rec-control-blacklist`` use :ref:`setting-stats-rec-control-disabled-list`. +- For ``setting-stats-snmp-blacklist`` use :ref:`setting-stats-snmp-disabled-list`. +- For ``setting-edns-subnet-whitelist`` use :ref:`setting-edns-subnet-allow-list`. +- For ``setting-new-domain-whitelist`` use :ref:`setting-new-domain-ignore-list`. +- For ``setting-snmp-master-socket`` use :ref:`setting-snmp-daemon-socket`. +- For the LUA config function ``rpzMaster`` use :func:`rpzPrimary`. Currently, the older setting names are also accepted and used. The next release will start deprecating them. diff --git a/pdns/recursordist/rec-rust-lib/table.py b/pdns/recursordist/rec-rust-lib/table.py index febd0c6500..6ec67c80f0 100644 --- a/pdns/recursordist/rec-rust-lib/table.py +++ b/pdns/recursordist/rec-rust-lib/table.py @@ -217,12 +217,13 @@ If not set (the default), these queries are answered with rcode ``Refused``. 'name' : 'any_to_tcp', 'section' : 'recursor', 'type' : LType.Bool, - 'default' : 'false', + 'default' : 'true', 'help' : 'Answer ANY queries with tc=1, shunting to TCP', 'doc' : ''' -Answer questions for the ANY type on UDP with a truncated packet that refers the remote server to TCP. +Answer questions for the ANY type on UDP with a truncated packet that refers the remote client to TCP. Useful for mitigating ANY reflection attacks. ''', + 'versionchanged': ('5.4.0', 'Default is enabled now, was disabled before 5.4.0'), }, { 'name' : 'allow_trust_anchor_query',