Parent Directory
| 
Revision Log
| 
Revision Graph
* Tue Jul 11 2017 Jean-Philipe Pialasse <tests@pialasse.com> 1.05-9.sme --import patches from openwrt and rename already applied patches --fix security issues [SME: 10374] - 020-dnsroots-update.patch: update list of root DNS servers - 070-dnscache-dpos-tcp-servfail.patch: SERVFAIL rename previous patch dns_transmit-bug.patch - 080-dnscache-cache-negatives.patch: rfc2308 ? - 210-dnscache-strict-forwardonly.patch: rename previous patch dnscache-strict-forwardonly.patch - 240-tinydns-alias-chain-truncation.patch: rename previous patch tinydns-alias-chain-truncation.patch - 270-dnscache-sigpipe-fix.patch: SIGPIPE - 300-bugfix-dnscache-dempsky-poison.patch: CVE-2009-0858 - 310-bugfix-dnscache-merge-outgoing-requests.patch: CVE-2008-4392 - 320-bugfix-dnscache-cache-soa-records.patch: CVE-2008-4392 - 450-dnscache-ghost-domain-CVE-2012-1191.patch: CVE-2012-1191 http://marc.info/?l=djbdns&m=134190748729079&w=2 --bug fixes [SME: 10374] - 060-dnscache-big-udp-packets.patch: accept and handle longer than 512 bytes UDP packets - 230-tinydns-data-semantic-error.patch: handle semantic error to avoid publishing false dns records --fix issue with short ttl cname like akamaid [SME: 8362] - 200-dnscache-cname-handling.patch: rename previous patch dnscache-cname-handling.patch - 330-fix-dnscache-cname-handling.patch: fix dnscache cname for short ttl - 500-cutom-dnscache-maxloop.patch: set max loop to 200 --needed for previous patches to apply cleanly - 030-srv-records-and-axfrget.patch: add SRV record type and axfr-get decompose SRC and PTR records (for 230-*.patch) - 050-tinydns-mmap-leak.patch: report cdb leak - 080-dnscache-cache-negatives.patch: rfc2308 ? - 090-tinydns-one-second.patch: improve tinydns with 8 or more concurent connections (for 240-*.patch) - 120-compiler-temporary-filename.patch: change tmp filename to avoid conflicts (for 230-*.patch)
| 1 | unnilennium | 1.1 | --- a/log.h |
| 2 | +++ b/log.h | ||
| 3 | @@ -25,6 +25,7 @@ extern void log_nxdomain(const char *,co | ||
| 4 | extern void log_nodata(const char *,const char *,const char *,unsigned int); | ||
| 5 | extern void log_servfail(const char *); | ||
| 6 | extern void log_lame(const char *,const char *,const char *); | ||
| 7 | +extern void log_ignore_referral(const char *,const char *,const char *); | ||
| 8 | |||
| 9 | extern void log_rr(const char *,const char *,const char *,const char *,unsigned int,unsigned int); | ||
| 10 | extern void log_rrns(const char *,const char *,const char *,unsigned int); | ||
| 11 | --- a/log.c | ||
| 12 | +++ b/log.c | ||
| 13 | @@ -197,6 +197,13 @@ void log_lame(const char server[4],const | ||
| 14 | line(); | ||
| 15 | } | ||
| 16 | |||
| 17 | +void log_ignore_referral(const char server[4],const char * control, const char *referral) | ||
| 18 | +{ | ||
| 19 | + string("ignored referral "); ip(server); space(); | ||
| 20 | + name(control); space(); name(referral); | ||
| 21 | + line(); | ||
| 22 | +} | ||
| 23 | + | ||
| 24 | void log_servfail(const char *dn) | ||
| 25 | { | ||
| 26 | const char *x = error_str(errno); | ||
| 27 | --- a/query.c | ||
| 28 | +++ b/query.c | ||
| 29 | @@ -828,6 +828,18 @@ static int doit(struct query *z,int stat | ||
| 30 | |||
| 31 | |||
| 32 | if (!dns_domain_suffix(d,referral)) goto DIE; | ||
| 33 | + | ||
| 34 | + /* In strict "forwardonly" mode, we don't, as the manual states, | ||
| 35 | + ** contact a chain of servers according to "NS" resource records. | ||
| 36 | + ** We don't obey any referral responses, therefore. Instead, we | ||
| 37 | + ** eliminate the server from the list and try the next one. | ||
| 38 | + */ | ||
| 39 | + if (flagforwardonly) { | ||
| 40 | + log_ignore_referral(whichserver,control,referral); | ||
| 41 | + byte_zero(whichserver,4); | ||
| 42 | + goto HAVENS; | ||
| 43 | + } | ||
| 44 | + | ||
| 45 | control = d + dns_domain_suffixpos(d,referral); | ||
| 46 | z->control[z->level] = control; | ||
| 47 | byte_zero(z->servers[z->level],64); |
| admin@koozali.org | ViewVC Help |
| Powered by ViewVC 1.2.1 |  |