summaryrefslogtreecommitdiff
path: root/src/resolve/resolved-dns-answer.c
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2016-01-15 19:23:51 +0100
committerLennart Poettering <lennart@poettering.net>2016-01-17 20:47:46 +0100
commitde54e62b4bd7856fb897c9a2ee93cc228adb2135 (patch)
tree770ae4b97ee38183a3a5e81a97e521c105abed98 /src/resolve/resolved-dns-answer.c
parentc3f7000e611b2c08052aca6db47245e77c008ae6 (diff)
resolved: downgrade server feature level more aggressively when we have reason to
This adds logic to downgrade the feature level more aggressively when we have reason to. Specifically: - When we get a response packet that lacks an OPT RR for a query that had it. If so, downgrade immediately to UDP mode, i.e. don't generate EDNS0 packets anymore. - When we get a response which we are sure should be signed, but lacks RRSIG RRs, we downgrade to EDNS0 mode, i.e. below DO mode, since DO is apparently not really supported. This should increase compatibility with servers that generate non-sensical responses if they messages with OPT RRs and suchlike, for example the situation described here: https://open.nlnetlabs.nl/pipermail/dnssec-trigger/2014-November/000376.html This also changes the downgrade code to explain in a debug log message why a specific downgrade happened.
Diffstat (limited to 'src/resolve/resolved-dns-answer.c')
0 files changed, 0 insertions, 0 deletions