--- bind-9.3.2b2/bin/dig/host.1.no_servfail_stops 2005-10-12 22:33:43.000000000 -0400 +++ bind-9.3.2b2/bin/dig/host.1 2005-11-15 12:51:26.000000000 -0500 @@ -30,7 +30,7 @@ host \- DNS lookup utility .SH "SYNOPSIS" .HP 5 -\fBhost\fR [\fB\-aCdlnrTwv\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-N\ \fR\fB\fIndots\fR\fR] [\fB\-R\ \fR\fB\fInumber\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-W\ \fR\fB\fIwait\fR\fR] [\fB\-4\fR] [\fB\-6\fR] {name} [server] +\fBhost\fR [\fB\-aCdlnrTwv\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-N\ \fR\fB\fIndots\fR\fR] [\fB\-R\ \fR\fB\fInumber\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-W\ \fR\fB\fIwait\fR\fR] [\fB\-4\fR] [\fB\-6\fR] [ \fB\-s\fR ] {name} [server] .SH "DESCRIPTION" .PP \fBhost\fR @@ -176,6 +176,11 @@ option is used, \fBhost\fR will effectively wait forever for a reply. The time to wait for a response will be set to the number of seconds given by the hardware's maximum value for an integer quantity. +.PP +The \fB-s\fR option tells \fBhost\fR NOT to send the query to the next nameserver if any +server responds with a SERVFAIL response, which is the reverse of normal stub resolver +behaviour. +.PP .SH "FILES" .PP \fI/etc/resolv.conf\fR --- bind-9.3.2b2/bin/dig/nslookup.c.no_servfail_stops 2005-07-12 01:47:42.000000000 -0400 +++ bind-9.3.2b2/bin/dig/nslookup.c 2005-11-15 12:49:55.000000000 -0500 @@ -50,7 +50,8 @@ comments = ISC_TRUE, section_question = ISC_TRUE, section_answer = ISC_TRUE, section_authority = ISC_TRUE, section_additional = ISC_TRUE, recurse = ISC_TRUE, - aaonly = ISC_FALSE; + aaonly = ISC_FALSE, nofail=ISC_TRUE; + static isc_boolean_t in_use = ISC_FALSE; static char defclass[MXRD] = "IN"; static char deftype[MXRD] = "A"; @@ -631,6 +632,10 @@ usesearch = ISC_FALSE; } else if (strncasecmp(opt, "sil", 3) == 0) { /* deprecation_msg = ISC_FALSE; */ + } else if (strncasecmp(opt, "fail", 3) == 0) { + nofail=ISC_FALSE; + } else if (strncasecmp(opt, "nofail", 3) == 0) { + nofail=ISC_TRUE; } else { printf("*** Invalid option: %s\n", opt); } @@ -689,6 +694,8 @@ lookup->section_authority = section_authority; lookup->section_additional = section_additional; lookup->new_search = ISC_TRUE; + if ( nofail ) + lookup->servfail_stops = ISC_FALSE; ISC_LIST_INIT(lookup->q); ISC_LINK_INIT(lookup, link); ISC_LIST_APPEND(lookup_list, lookup, link); --- bind-9.3.2b2/bin/dig/nslookup.1.no_servfail_stops 2005-10-12 22:33:43.000000000 -0400 +++ bind-9.3.2b2/bin/dig/nslookup.1 2005-11-15 12:49:55.000000000 -0500 @@ -166,6 +166,12 @@ Always use a virtual circuit when sending requests to the server. .sp (Default = novc) +.TP +\fB[no]fail\R +Try the next nameserver if a nameserver responds with SERVFAIL or +a referral (nofail) or terminate query (fail) on such a response. + +(Default = nofail) .RE .IP .SH "FILES" --- bind-9.3.2b2/bin/dig/host.c.no_servfail_stops 2005-07-03 23:29:45.000000000 -0400 +++ bind-9.3.2b2/bin/dig/host.c 2005-11-15 12:49:55.000000000 -0500 @@ -128,7 +128,8 @@ " -w specifies to wait forever for a reply\n" " -W specifies how long to wait for a reply\n" " -4 use IPv4 query transport only\n" -" -6 use IPv6 query transport only\n", stderr); +" -6 use IPv6 query transport only\n" +" -s a SERVFAIL response should stop query\n", stderr); exit(1); } @@ -538,7 +539,10 @@ lookup = make_empty_lookup(); - while ((c = isc_commandline_parse(argc, argv, "lvwrdt:c:aTCN:R:W:Dni46")) + lookup->servfail_stops = ISC_FALSE; + lookup->comments = ISC_FALSE; + + while ((c = isc_commandline_parse(argc, argv, "lvwrdt:c:aTCN:R:W:Dni46s")) != EOF) { switch (c) { case 'l': @@ -676,6 +680,9 @@ } else fatal("can't find IPv6 networking"); break; + case 's': + lookup->servfail_stops = ISC_TRUE; + break; } }