diff options
| author | Florian Obser <florian@cvs.openbsd.org> | 2018-05-17 19:07:09 +0000 |
|---|---|---|
| committer | Florian Obser <florian@cvs.openbsd.org> | 2018-05-17 19:07:09 +0000 |
| commit | 40b9165f194868b48de0f9535ad742474f5274ee (patch) | |
| tree | a0a359d520a8051b7040383c4be3ecf142b04006 /usr.sbin | |
| parent | bd9dd52217153e597a0bd6930d1cae3520d07046 (diff) | |
From upcomming nsd 4.1.22:
refuse-any sends truncation (+TC) in reply to ANY queries over UDP,
and allows TCP queries like normal
OK sthen
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/nsd/nsd.conf.5.in | 3 | ||||
| -rw-r--r-- | usr.sbin/nsd/query.c | 6 |
2 files changed, 6 insertions, 3 deletions
diff --git a/usr.sbin/nsd/nsd.conf.5.in b/usr.sbin/nsd/nsd.conf.5.in index bdac602efb8..78215a9c891 100644 --- a/usr.sbin/nsd/nsd.conf.5.in +++ b/usr.sbin/nsd/nsd.conf.5.in @@ -380,7 +380,8 @@ The default is no. .B refuse\-any:\fR <yes or no> Refuse queries of type ANY. This is useful to stop query floods trying to get large responses. Note that rrl ratelimiting also has type ANY as -a ratelimiting type. +a ratelimiting type. It sends truncation in response to UDP type ANY queries, +and it allows TCP type ANY queries like normal. The default is no. .TP .B zonefiles\-check:\fR <yes or no> diff --git a/usr.sbin/nsd/query.c b/usr.sbin/nsd/query.c index 29cf9f45562..48261d87404 100644 --- a/usr.sbin/nsd/query.c +++ b/usr.sbin/nsd/query.c @@ -1490,8 +1490,10 @@ query_process(query_type *q, nsd_type *nsd) if (query_state == QUERY_PROCESSED || query_state == QUERY_IN_AXFR) { return query_state; } - if(q->qtype == TYPE_ANY && nsd->options->refuse_any) - return query_error(q, NSD_RC_REFUSE); + if(q->qtype == TYPE_ANY && nsd->options->refuse_any && !q->tcp) { + TC_SET(q->packet); + return query_error(q, NSD_RC_OK); + } answer_query(nsd, q); |