From: Otto <otto.moerbeek@open-xchange.com>
Date: Wed, 10 Feb 2021 14:10:18 +0000 (+0100)
Subject: Change spoof-nearmiss-max default to 1.
X-Git-Tag: dnsdist-1.6.0-alpha2~45^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d9fc0107a223bb14244523901fcf8e495bbb3ba8;p=thirdparty%2Fpdns.git

Change spoof-nearmiss-max default to 1.

Fixes #9845.
---

diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc
index 3e4348caff..23cbb4169a 100644
--- a/pdns/pdns_recursor.cc
+++ b/pdns/pdns_recursor.cc
@@ -5374,7 +5374,7 @@ int main(int argc, char **argv)
     ::arg().set("dont-query", "If set, do not query these netmasks for DNS data")=DONT_QUERY;
     ::arg().set("max-tcp-per-client", "If set, maximum number of TCP sessions per client (IP address)")="0";
     ::arg().set("max-tcp-queries-per-connection", "If set, maximum number of TCP queries in a TCP connection")="0";
-    ::arg().set("spoof-nearmiss-max", "If non-zero, assume spoofing after this many near misses")="20";
+    ::arg().set("spoof-nearmiss-max", "If non-zero, assume spoofing after this many near misses")="1";
     ::arg().set("single-socket", "If set, only use a single socket for outgoing queries")="off";
     ::arg().set("auth-zones", "Zones for which we have authoritative data, comma separated domain=file pairs ")="";
     ::arg().set("lua-config-file", "More powerful configuration options")="";
diff --git a/pdns/recursordist/docs/settings.rst b/pdns/recursordist/docs/settings.rst
index acb792ed09..cb4f4c8381 100644
--- a/pdns/recursordist/docs/settings.rst
+++ b/pdns/recursordist/docs/settings.rst
@@ -1612,8 +1612,11 @@ Owner and group can be specified by name, mode is in octal.
 
 ``spoof-nearmiss-max``
 ----------------------
+.. versionchanged:: 4.5.0
+  Old versions used default 20.
+
 -  Integer
--  Default: 20
+-  Default: 1
 
 If set to non-zero, PowerDNS will assume it is being spoofed after seeing this many answers with the wrong id.
 
diff --git a/pdns/recursordist/docs/upgrade.rst b/pdns/recursordist/docs/upgrade.rst
index f5f82935e4..b60b479fd4 100644
--- a/pdns/recursordist/docs/upgrade.rst
+++ b/pdns/recursordist/docs/upgrade.rst
@@ -29,7 +29,7 @@ trouble.
 Deprecated and changed settings
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 - The :ref:`setting-minimum-ttl-override` and :ref:`setting-ecs-minimum-ttl-override` defaults have ben changed from 0 to 1.
-
+- The :ref:`setting-spoof-nearmiss-max` default has been changed from 20 to 1.
 
 4.3.x to 4.4.0
 --------------