- Make it possible to turn on RES_INSECURE[12] with /etc/resolv.conf.

- Don't connect datagram socket if RES_INSECURE1. - Needed to implement IPv6 anycast UDP DNS queries as documented in <draft-ietf-ipngwg-dns-discovery-03.txt>. Obtained from: KAME
svn path=/head/; revision=88504
2001-12-26 21:21:10 +00:00 · 2001-12-26 21:21:10 +00:00 · 676e98714d · 2020-12-20 02:59:44 +00:00
commit 676e98714d
parent 572310c609
2 changed files with 13 additions and 1 deletions
--- a/lib/libc/net/res_init.c
+++ b/lib/libc/net/res_init.c
@ -533,6 +533,10 @@ res_setoptions(options, source)
 #endif
 		} else if (!strncmp(cp, "inet6", sizeof("inet6") - 1)) {
 			_res.options |= RES_USE_INET6;
+		} else if (!strncmp(cp, "insecure1", sizeof("insecure1") - 1)) {
+		       _res.options |= RES_INSECURE1;
+		} else if (!strncmp(cp, "insecure2", sizeof("insecure2") - 1)) {
+		       _res.options |= RES_INSECURE2;
 		} else if (!strncmp(cp, "no_tld_query", sizeof("no_tld_query") - 1)) {
 			_res.options |= RES_NOTLDQUERY;
 		} else if (!strncmp(cp, "edns0", sizeof("edns0") - 1)) {
--- a/lib/libc/net/res_send.c
+++ b/lib/libc/net/res_send.c
@ -635,8 +635,16 @@ res_send(buf, buflen, ans, anssiz)
 			 * however, we don't want to remain connected,
 			 * as we wish to receive answers from the first
 			 * server to respond.
+			 *
+			 * When the option "insecure1" is specified, we'd
+			 * rather expect to see responses from an "unknown"
+			 * address.  In order to let the kernel accept such
+			 * responses, do not connect the socket here.
+			 * XXX: or do we need an explicit option to disable
+			 * connecting?
 			 */
-			if (_res.nscount == 1 || (try == 0 && ns == 0)) {
+			if (!(_res.options & RES_INSECURE1) &&
+			    (_res.nscount == 1 || (try == 0 && ns == 0))) {
 				/*
 				 * Connect only if we are sure we won't
 				 * receive a response from another server.