diff options
| author | Florian Obser <florian@cvs.openbsd.org> | 2019-03-30 01:22:13 +0000 |
|---|---|---|
| committer | Florian Obser <florian@cvs.openbsd.org> | 2019-03-30 01:22:13 +0000 |
| commit | b46f5afffeed0510aca777c9cc9ebec532c59c5a (patch) | |
| tree | 12670d20d55786edf3c0c5169de4a4df73f06efe /usr.sbin | |
| parent | ce58b1637b7eaf1b93a01eba087cc717eb652912 (diff) | |
Disable
- Deny ANY with only one RR in response, by default. Patch from
Daisuke Higashi. The deny-any statement in nsd.conf sets ANY
queries over UDP to be further moved to TCP as well.
Also no additional section processig for type ANY, reducing
the response size.
with an ifdef NOTYET. It is too close to release and we want to let
this sit for a bit.
Pointed out / requested by sthen.
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/nsd/query.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/usr.sbin/nsd/query.c b/usr.sbin/nsd/query.c index e2a56e9aea0..e3b5fe6e9c8 100644 --- a/usr.sbin/nsd/query.c +++ b/usr.sbin/nsd/query.c @@ -970,9 +970,11 @@ answer_domain(struct nsd* nsd, struct query *q, answer_type *answer, { add_rrset(q, answer, ANSWER_SECTION, domain, rrset); ++added; +#ifdef NOTYET /* minimize response size with one RR, * according to RFC 8482(4.1). */ break; +#endif } } if (added == 0) { |