]> git.ipfire.org Git - thirdparty/bind9.git/commit
projects / thirdparty / bind9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5047935) | patch
Retry lookups with unsigned DNAME over TCP
authorEvan Hunt <each@isc.org>
Tue, 30 Sep 2025 04:57:48 +0000 (21:57 -0700)
committerMichał Kępień <michal@isc.org>
Fri, 3 Oct 2025 13:50:34 +0000 (15:50 +0200)
commit33a7db1fe964e55b76b4ac003ecc56cc67028bd9
treef198fcfa0aaf9db43eaa917b0368517e42971b07tree | snapshot
parent50479358efdf432d690415131b74b5df158a9d69commit | diff
Retry lookups with unsigned DNAME over TCP

To prevent spoofed unsigned DNAME responses being accepted retry
response with unsigned DNAMEs over TCP if the response is not TSIG
signed or there isn't a good DNS CLIENT COOKIE.

To prevent test failures, this required adding TCP support to the
ans3 and ans4 servers in the chain system test.

(cherry picked from commit 2e40705c06831988106335ed77db3cf924d431f6)
bin/tests/system/chain/ans3/ans.pl [deleted file] blob | blame | history
bin/tests/system/chain/ans3/ans.py [new file with mode: 0644] blob
bin/tests/system/chain/ans4/ans.py diff | blob | blame | history
lib/dns/include/dns/message.h diff | blob | blame | history
lib/dns/message.c diff | blob | blame | history
lib/dns/resolver.c diff | blob | blame | history
Mirror of https://gitlab.isc.org/isc-projects/bind9.git