]> git.ipfire.org Git - thirdparty/bind9.git/commit
projects / thirdparty / bind9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: eba8e3e) | patch
Retry lookups with unsigned DNAME over TCP
authorEvan Hunt <each@isc.org>
Tue, 30 Sep 2025 05:42:44 +0000 (22:42 -0700)
committerMichał Kępień <michal@isc.org>
Fri, 3 Oct 2025 15:50:07 +0000 (17:50 +0200)
commit0e4cd87bed5efc61443337034a9d96287b4885dc
treec63c2024a8892c97ba42a16065df2449bb770eeatree | snapshot
parenteba8e3eb33f907a1a622c065138e19b087b6e4f1commit | diff
Retry lookups with unsigned DNAME over TCP

To prevent spoofed unsigned DNAME responses being accepted retry
response with unsigned DNAMEs over TCP if the response is not TSIG
signed or there isn't a good DNS CLIENT COOKIE.

To prevent test failures, this required adding TCP support to the
ans3 and ans4 servers in the chain system test.

(cherry picked from commit 2e40705c06831988106335ed77db3cf924d431f6)
bin/tests/system/chain/ans3/ans.pl [deleted file] blob | blame | history
bin/tests/system/chain/ans3/ans.py [new file with mode: 0644] blob
bin/tests/system/chain/ans4/ans.py diff | blob | blame | history
bin/tests/system/cookie/ans9/ans.py diff | blob | blame | history
lib/dns/include/dns/message.h diff | blob | blame | history
lib/dns/message.c diff | blob | blame | history
lib/dns/resolver.c diff | blob | blame | history
lib/dns/win32/libdns.def.in diff | blob | blame | history
Mirror of https://gitlab.isc.org/isc-projects/bind9.git