git.ipfire.org Git - thirdparty/bind9.git/commit

]> git.ipfire.org Git - thirdparty/bind9.git/commit

projects / thirdparty / bind9.git / commit

author	Mark Andrews <marka@isc.org>
	Thu, 12 Nov 2020 22:45:47 +0000 (09:45 +1100)
committer	Mark Andrews <marka@isc.org>
	Thu, 26 Nov 2020 22:28:09 +0000 (09:28 +1100)
commit	cdf73095abbffe2aa033e6e2432ed3c60e733b6b
tree	fe15a820f0b46e669b0b823a3ef3a50491c41725	tree \| snapshot
parent	d50cc1d81a4c24399e77a91b1dd2836743e71ca8	commit \| diff

Tighten DNS COOKIE response handling

Fallback to TCP when we have already seen a DNS COOKIE response
from the given address and don't have one in this UDP response. This
could be a server that has turned off DNS COOKIE support, a
misconfigured anycast server with partial DNS COOKIE support, or a
spoofed response. Falling back to TCP is the correct behaviour in
all 3 cases.

(cherry picked from commit 0e3b1f5a25c0518210db62191405f4b0bbe6bf50)

lib/dns/resolver.c

diff | blob | blame | history

Mirror of https://gitlab.isc.org/isc-projects/bind9.git

RSS Atom