diff options
author | Lennart Poettering <lennart@poettering.net> | 2016-01-15 19:23:51 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2016-01-17 20:47:46 +0100 |
commit | de54e62b4bd7856fb897c9a2ee93cc228adb2135 (patch) | |
tree | 770ae4b97ee38183a3a5e81a97e521c105abed98 /src/reply-password | |
parent | c3f7000e611b2c08052aca6db47245e77c008ae6 (diff) |
resolved: downgrade server feature level more aggressively when we have reason to
This adds logic to downgrade the feature level more aggressively when we have reason to. Specifically:
- When we get a response packet that lacks an OPT RR for a query that had it. If so, downgrade immediately to UDP mode,
i.e. don't generate EDNS0 packets anymore.
- When we get a response which we are sure should be signed, but lacks RRSIG RRs, we downgrade to EDNS0 mode, i.e.
below DO mode, since DO is apparently not really supported.
This should increase compatibility with servers that generate non-sensical responses if they messages with OPT RRs and
suchlike, for example the situation described here:
https://open.nlnetlabs.nl/pipermail/dnssec-trigger/2014-November/000376.html
This also changes the downgrade code to explain in a debug log message why a specific downgrade happened.
Diffstat (limited to 'src/reply-password')
0 files changed, 0 insertions, 0 deletions