/[smeserver]/rpms/djbdns/sme10/210-dnscache-strict-forwardonly.patch
ViewVC logotype

Annotation of /rpms/djbdns/sme10/210-dnscache-strict-forwardonly.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Wed Jul 12 03:39:09 2017 UTC (7 years, 3 months ago) by unnilennium
Branch: MAIN
CVS Tags: djbdns-1_05-10_el7_sme, djbdns-1_05-9_el7_sme, djbdns-1_05-11_el7_sme, HEAD
* Tue Jul 11 2017 Jean-Philipe Pialasse <tests@pialasse.com> 1.05-9.sme
--import patches from openwrt and rename already applied patches
--fix security issues [SME: 10374]
- 020-dnsroots-update.patch: update list of root DNS servers
- 070-dnscache-dpos-tcp-servfail.patch: SERVFAIL rename previous patch dns_transmit-bug.patch
- 080-dnscache-cache-negatives.patch: rfc2308 ?
- 210-dnscache-strict-forwardonly.patch: rename previous patch dnscache-strict-forwardonly.patch
- 240-tinydns-alias-chain-truncation.patch: rename previous patch tinydns-alias-chain-truncation.patch
- 270-dnscache-sigpipe-fix.patch: SIGPIPE
- 300-bugfix-dnscache-dempsky-poison.patch: CVE-2009-0858
- 310-bugfix-dnscache-merge-outgoing-requests.patch: CVE-2008-4392
- 320-bugfix-dnscache-cache-soa-records.patch: CVE-2008-4392
- 450-dnscache-ghost-domain-CVE-2012-1191.patch: CVE-2012-1191 http://marc.info/?l=djbdns&m=134190748729079&w=2
--bug fixes [SME: 10374]
- 060-dnscache-big-udp-packets.patch: accept and handle longer than 512 bytes UDP packets
- 230-tinydns-data-semantic-error.patch: handle semantic error to avoid publishing false dns records
--fix issue with short ttl cname like akamaid [SME: 8362]
- 200-dnscache-cname-handling.patch: rename previous patch dnscache-cname-handling.patch
- 330-fix-dnscache-cname-handling.patch: fix dnscache cname for short ttl
- 500-cutom-dnscache-maxloop.patch: set max loop to 200
--needed for previous patches to apply cleanly
- 030-srv-records-and-axfrget.patch: add SRV record type and axfr-get decompose SRC and PTR records (for 230-*.patch)
- 050-tinydns-mmap-leak.patch: report cdb leak
- 080-dnscache-cache-negatives.patch: rfc2308 ?
- 090-tinydns-one-second.patch: improve tinydns with 8 or more  concurent connections (for 240-*.patch)
- 120-compiler-temporary-filename.patch: change tmp filename to avoid conflicts (for 230-*.patch)

1 unnilennium 1.1 --- a/log.h
2     +++ b/log.h
3     @@ -25,6 +25,7 @@ extern void log_nxdomain(const char *,co
4     extern void log_nodata(const char *,const char *,const char *,unsigned int);
5     extern void log_servfail(const char *);
6     extern void log_lame(const char *,const char *,const char *);
7     +extern void log_ignore_referral(const char *,const char *,const char *);
8    
9     extern void log_rr(const char *,const char *,const char *,const char *,unsigned int,unsigned int);
10     extern void log_rrns(const char *,const char *,const char *,unsigned int);
11     --- a/log.c
12     +++ b/log.c
13     @@ -197,6 +197,13 @@ void log_lame(const char server[4],const
14     line();
15     }
16    
17     +void log_ignore_referral(const char server[4],const char * control, const char *referral)
18     +{
19     + string("ignored referral "); ip(server); space();
20     + name(control); space(); name(referral);
21     + line();
22     +}
23     +
24     void log_servfail(const char *dn)
25     {
26     const char *x = error_str(errno);
27     --- a/query.c
28     +++ b/query.c
29     @@ -828,6 +828,18 @@ static int doit(struct query *z,int stat
30    
31    
32     if (!dns_domain_suffix(d,referral)) goto DIE;
33     +
34     + /* In strict "forwardonly" mode, we don't, as the manual states,
35     + ** contact a chain of servers according to "NS" resource records.
36     + ** We don't obey any referral responses, therefore. Instead, we
37     + ** eliminate the server from the list and try the next one.
38     + */
39     + if (flagforwardonly) {
40     + log_ignore_referral(whichserver,control,referral);
41     + byte_zero(whichserver,4);
42     + goto HAVENS;
43     + }
44     +
45     control = d + dns_domain_suffixpos(d,referral);
46     z->control[z->level] = control;
47     byte_zero(z->servers[z->level],64);

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed