* Fri Apr 06 2018 Paul Wouters <pwouters@redhat.com> - 1.7.0-3
- Patch for referral with auth-zone: response
This commit is contained in:
parent
7760424284
commit
bdec72db18
33
unbound-1.7.0-ref.patch
Normal file
33
unbound-1.7.0-ref.patch
Normal file
@ -0,0 +1,33 @@
|
||||
--- a/iterator/iterator.c 2018-04-04 19:03:14.483416675 +0200
|
||||
+++ b/iteratoriterator.c 2018-04-04 19:05:33.444712537 +0200
|
||||
@@ -2161,11 +2161,15 @@
|
||||
log_dns_msg("msg from auth zone",
|
||||
&iq->response->qinfo, iq->response->rep);
|
||||
}
|
||||
- iq->num_current_queries++;
|
||||
- iq->chase_to_rd = 0;
|
||||
- iq->dnssec_lame_query = 0;
|
||||
- iq->auth_zone_response = 1;
|
||||
- return next_state(iq, QUERY_RESP_STATE);
|
||||
+ if((iq->chase_flags&BIT_RD) && !(iq->response->rep->flags&BIT_AA)) {
|
||||
+ verbose(VERB_ALGO, "forwarder, ignoring referral from auth zone");
|
||||
+ } else {
|
||||
+ iq->num_current_queries++;
|
||||
+ iq->chase_to_rd = 0;
|
||||
+ iq->dnssec_lame_query = 0;
|
||||
+ iq->auth_zone_response = 1;
|
||||
+ return next_state(iq, QUERY_RESP_STATE);
|
||||
+ }
|
||||
}
|
||||
iq->auth_zone_response = 0;
|
||||
if(auth_fallback == 0) {
|
||||
@@ -2443,7 +2447,8 @@
|
||||
(int)((iq->chase_flags&BIT_RD) || iq->chase_to_rd),
|
||||
iq->response, &iq->qchase, iq->dp);
|
||||
iq->chase_to_rd = 0;
|
||||
- if(type == RESPONSE_TYPE_REFERRAL && (iq->chase_flags&BIT_RD)) {
|
||||
+ if(type == RESPONSE_TYPE_REFERRAL && (iq->chase_flags&BIT_RD) &&
|
||||
+ !iq->auth_zone_response) {
|
||||
/* When forwarding (RD bit is set), we handle referrals
|
||||
* differently. No queries should be sent elsewhere */
|
||||
type = RESPONSE_TYPE_ANSWER;
|
@ -21,7 +21,7 @@
|
||||
Summary: Validating, recursive, and caching DNS(SEC) resolver
|
||||
Name: unbound
|
||||
Version: 1.7.0
|
||||
Release: 2%{?extra_version:.%{extra_version}}%{?dist}
|
||||
Release: 3%{?extra_version:.%{extra_version}}%{?dist}
|
||||
License: BSD
|
||||
Url: https://www.unbound.net/
|
||||
Source: https://www.unbound.net/downloads/%{name}-%{version}%{?extra_version}.tar.gz
|
||||
@ -43,6 +43,7 @@ Source16: unbound-munin.README
|
||||
Source17: unbound-anchor.service
|
||||
|
||||
Patch1: unbound-1.7.0-aggrnsec.patch
|
||||
Patch2: unbound-1.7.0-ref.patch
|
||||
|
||||
Group: System Environment/Daemons
|
||||
BuildRequires: flex, openssl-devel
|
||||
@ -142,9 +143,11 @@ Python 3 modules and extensions for unbound
|
||||
mv %{pkgname} %{pkgname}_python2
|
||||
pushd %{pkgname}_python2
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%else
|
||||
pushd %{pkgname}
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%endif # with_python
|
||||
|
||||
# only for snapshots
|
||||
@ -439,6 +442,9 @@ popd
|
||||
%attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key
|
||||
|
||||
%changelog
|
||||
* Fri Apr 06 2018 Paul Wouters <pwouters@redhat.com> - 1.7.0-3
|
||||
- Patch for referral with auth-zone: response
|
||||
|
||||
* Wed Mar 21 2018 Paul Wouters <pwouters@redhat.com> - 1.7.0-2
|
||||
- Patch for broken Aggressive NSEC + stub-zone configuration causing NXDOMAIN at TTL expiry
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user