- Make it possible to turn on RES_INSECURE[12] with /etc/resolv.conf.
- Don't connect datagram socket if RES_INSECURE1. - Needed to implement IPv6 anycast UDP DNS queries as documented in <draft-ietf-ipngwg-dns-discovery-03.txt>. Obtained from: KAME
This commit is contained in:
parent
572310c609
commit
676e98714d
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=88504
@ -533,6 +533,10 @@ res_setoptions(options, source)
|
||||
#endif
|
||||
} else if (!strncmp(cp, "inet6", sizeof("inet6") - 1)) {
|
||||
_res.options |= RES_USE_INET6;
|
||||
} else if (!strncmp(cp, "insecure1", sizeof("insecure1") - 1)) {
|
||||
_res.options |= RES_INSECURE1;
|
||||
} else if (!strncmp(cp, "insecure2", sizeof("insecure2") - 1)) {
|
||||
_res.options |= RES_INSECURE2;
|
||||
} else if (!strncmp(cp, "no_tld_query", sizeof("no_tld_query") - 1)) {
|
||||
_res.options |= RES_NOTLDQUERY;
|
||||
} else if (!strncmp(cp, "edns0", sizeof("edns0") - 1)) {
|
||||
|
@ -635,8 +635,16 @@ res_send(buf, buflen, ans, anssiz)
|
||||
* however, we don't want to remain connected,
|
||||
* as we wish to receive answers from the first
|
||||
* server to respond.
|
||||
*
|
||||
* When the option "insecure1" is specified, we'd
|
||||
* rather expect to see responses from an "unknown"
|
||||
* address. In order to let the kernel accept such
|
||||
* responses, do not connect the socket here.
|
||||
* XXX: or do we need an explicit option to disable
|
||||
* connecting?
|
||||
*/
|
||||
if (_res.nscount == 1 || (try == 0 && ns == 0)) {
|
||||
if (!(_res.options & RES_INSECURE1) &&
|
||||
(_res.nscount == 1 || (try == 0 && ns == 0))) {
|
||||
/*
|
||||
* Connect only if we are sure we won't
|
||||
* receive a response from another server.
|
||||
|
Loading…
Reference in New Issue
Block a user