ref: 530aa3f3173e89fc9b0ece8d3bcac96367914e70
parent: 88b9fbdb3a14de36aa269bb88857f70164b09afd
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Sun Sep 28 01:15:25 EDT 2014
ndb/dns: request recursion only for local dns servers we used to set RD flag in requests unconditionally, which is fine by the standard but some dns server administrators seem to use it as a denial of service indicator (for ther non recursive authoritative nameservers) and ignore the request. so only set the RD flag when talking to local dns servers.
--- a/sys/src/cmd/ndb/dnresolve.c
+++ b/sys/src/cmd/ndb/dnresolve.c
@@ -1326,7 +1326,7 @@
static int
queryns(Query *qp, int depth, uchar *ibuf, uchar *obuf, ulong waitms, int inns)
{- int ndest, len, replywaits, rv;
+ int ndest, len, replywaits, rv, flag;
ushort req;
uvlong endms;
char buf[32];
@@ -1333,9 +1333,15 @@
uchar srcip[IPaddrlen];
Dest *p, *np, dest[Maxdest];
- /* pack request into a udp message */
req = rand();
- len = mkreq(qp->dp, qp->type, obuf, Frecurse|Oquery, req);
+
+ /* request recursion only for local dns servers */
+ flag = Oquery;
+ if(strncmp(qp->nsrp->owner->name, "local#", 6) == 0)
+ flag |= Frecurse;
+
+ /* pack request into a udp message */
+ len = mkreq(qp->dp, qp->type, obuf, flag, req);
/* no server addresses yet */
memset(dest, 0, sizeof dest);
--
⑨