rpms / bind

Clone
Source Code
GIT

Blame SOURCES/bind-9.11-no-default-cookies.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c9 c9-beta c9s-sig-hyperscale
  1.   c7-beta
  2.   SOURCES
  3.   bind-9.11-no-default-cookies.patch
Blob History Raw
a2a915 
From 8963e300f7e465b3c96e859ba81e128fa508cefd Mon Sep 17 00:00:00 2001
a2a915 
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
a2a915 
Date: Mon, 21 Jan 2019 19:15:40 +0100
a2a915 
Subject: [PATCH 1/5] Turn off sending cookies by default
a2a915
a2a915 
Upstream has default sending cookies on by default. For compatiblity
a2a915 
with bind 9.9.4, require inclusion of send-cookie in configuration or
a2a915 
dig +cookie parameter to send cookie. Would not send EDNS extension in
a2a915 
non-DNSSEC query by default.
a2a915 
---
a2a915 
 bin/dig/dig.c       | 4 ++--
a2a915 
 bin/dig/dig.docbook | 4 ++--
a2a915 
 bin/named/config.c  | 2 +-
a2a915 
 3 files changed, 5 insertions(+), 5 deletions(-)
a2a915
a2a915 
diff --git a/bin/dig/dig.c b/bin/dig/dig.c
a2a915 
index c577e31..8b23676 100644
a2a915 
--- a/bin/dig/dig.c
a2a915 
+++ b/bin/dig/dig.c
a2a915 
@@ -1429,7 +1429,7 @@ plus_option(const char *option, isc_boolean_t is_batchfile,
a2a915 
 					lookup->section_authority = ISC_TRUE;
a2a915 
 					lookup->section_question = ISC_FALSE;
a2a915 
 					lookup->dnssec = ISC_TRUE;
a2a915 
-					lookup->sendcookie = ISC_TRUE;
a2a915 
+					lookup->sendcookie = ISC_FALSE;
a2a915 
 					usesearch = ISC_FALSE;
a2a915 
 				}
a2a915 
 				break;
a2a915 
@@ -1883,7 +1883,7 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
a2a915 
 		default_lookup = make_empty_lookup();
a2a915 
 		default_lookup->adflag = ISC_TRUE;
a2a915 
 		default_lookup->edns = 0;
a2a915 
-		default_lookup->sendcookie = ISC_TRUE;
a2a915 
+		default_lookup->sendcookie = ISC_FALSE;
a2a915
a2a915 
 #ifndef NOPOSIX
a2a915 
 		/*
a2a915 
diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook
a2a915 
index d5dba72..575a308 100644
a2a915 
--- a/bin/dig/dig.docbook
a2a915 
+++ b/bin/dig/dig.docbook
a2a915 
@@ -617,10 +617,10 @@
a2a915 
 	      Send a COOKIE EDNS option, with optional
a2a915 
 	      value.  Replaying a COOKIE from a previous response will
a2a915 
 	      allow the server to identify a previous client.  The
a2a915 
-	      default is <option>+cookie</option>.
a2a915 
+	      default is <option>+nocookie</option>.
a2a915 
 	    </para>
a2a915 
 	    <para>
a2a915 
-	      <command>+cookie</command> is also set when +trace
a2a915 
+	      <command>+nocookie</command> is also set when +trace
a2a915 
 	      is set to better emulate the default queries from a
a2a915 
 	      nameserver.
a2a915 
 	    </para>
a2a915 
diff --git a/bin/named/config.c b/bin/named/config.c
a2a915 
index c50f759..7d97029 100644
a2a915 
--- a/bin/named/config.c
a2a915 
+++ b/bin/named/config.c
a2a915 
@@ -102,7 +102,7 @@ options {\n\
a2a915 
 	resolver-query-timeout 10;\n\
a2a915 
 	rrset-order { order random; };\n\
a2a915 
 	secroots-file \"named.secroots\";\n\
a2a915 
-	send-cookie true;\n\
a2a915 
+	send-cookie false;\n\
a2a915 
 #	serial-queries <obsolete>;\n\
a2a915 
 	serial-query-rate 20;\n\
a2a915 
 	server-id none;\n\
a2a915 
--
a2a915 
2.20.1
a2a915

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation