+trace has the RD bit cleared however it asks the nameserver from - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	florian <florian@openbsd.org>	2020-02-13 19:29:47 +0000
committer	florian <florian@openbsd.org>	2020-02-13 19:29:47 +0000
commit	927deb690c4fda26a881da487db869634ac42483 (patch)
tree	137c9f52c7ca2519739ab03de4dcfc1de8151fcc /usr.bin/dig/lib/isc/unix/time.c
parent	Mention that the .Dd "date" argument is the date of the last change. (diff)
download	wireguard-openbsd-927deb690c4fda26a881da487db869634ac42483.tar.xz wireguard-openbsd-927deb690c4fda26a881da487db869634ac42483.zip

+trace has the RD bit cleared however it asks the nameserver from

/etc/resolv.conf for a list of root name servers. Arguably corectly configured recursive nameservers should REFUSE to answer this question to prevent cache snooping. Upstream fixed this after the license change by sending the first query with RD set. We go a different route, built in a list of root name servers and ask them. Otherwise known as a priming query. This way +trace does not depend on any localy configured nameserver in /etc/resolv.conf "I have no other quibbles" deraadt@ input & OK sthen

Diffstat (limited to 'usr.bin/dig/lib/isc/unix/time.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: