|
 |
56eba38 |
commit 00f12c3365fbb1f8a185a9972734c6bf225e7c0d
|
|
|
56eba38 |
Author: wouter <wouter@be551aaa-1e26-0410-a405-d3ace91eadb9>
|
|
|
56eba38 |
Date: Tue Apr 27 14:15:19 2010 +0000
|
|
|
56eba38 |
|
|
|
56eba38 |
Fix harden-referral-path so it does not generate lookup failures.
|
|
|
56eba38 |
|
|
|
56eba38 |
diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in
|
|
|
56eba38 |
index fbe3748..16a607c 100644
|
|
|
56eba38 |
--- a/doc/unbound.conf.5.in
|
|
|
56eba38 |
+++ b/doc/unbound.conf.5.in
|
|
|
56eba38 |
@@ -456,6 +456,8 @@ path to the answer.
|
|
|
56eba38 |
Default off, because it burdens the authority servers, and it is
|
|
|
56eba38 |
not RFC standard, and could lead to performance problems because of the
|
|
|
56eba38 |
extra query load that is generated. Experimental option.
|
|
|
56eba38 |
+If you enable it consider adding more numbers after the target\-fetch\-policy
|
|
|
56eba38 |
+to increase the max depth that is checked to.
|
|
|
56eba38 |
.TP
|
|
|
56eba38 |
.B use\-caps\-for\-id: \fI<yes or no>
|
|
|
56eba38 |
Use 0x20\-encoded random bits in the query to foil spoof attempts.
|
|
|
56eba38 |
diff --git a/iterator/iterator.c b/iterator/iterator.c
|
|
|
56eba38 |
index 08354e8..19b9a26 100644
|
|
|
56eba38 |
--- a/iterator/iterator.c
|
|
|
56eba38 |
+++ b/iterator/iterator.c
|
|
|
56eba38 |
@@ -695,12 +695,15 @@ static void
|
|
|
56eba38 |
generate_a_aaaa_check(struct module_qstate* qstate, struct iter_qstate* iq,
|
|
|
56eba38 |
int id)
|
|
|
56eba38 |
{
|
|
|
56eba38 |
+ struct iter_env* ie = (struct iter_env*)qstate->env->modinfo[id];
|
|
|
56eba38 |
struct module_qstate* subq;
|
|
|
56eba38 |
size_t i;
|
|
|
56eba38 |
struct reply_info* rep = iq->response->rep;
|
|
|
56eba38 |
struct ub_packed_rrset_key* s;
|
|
|
56eba38 |
log_assert(iq->dp);
|
|
|
56eba38 |
|
|
|
56eba38 |
+ if(iq->depth == ie->max_dependency_depth)
|
|
|
56eba38 |
+ return;
|
|
|
56eba38 |
/* walk through additional, and check if in-zone,
|
|
|
56eba38 |
* only relevant A, AAAA are left after scrub anyway */
|
|
|
56eba38 |
for(i=rep->an_numrrsets+rep->ns_numrrsets; i<rep->rrset_count; i++) {
|
|
|
56eba38 |
@@ -746,9 +749,12 @@ generate_a_aaaa_check(struct module_qstate* qstate, struct iter_qstate* iq,
|
|
|
56eba38 |
static void
|
|
|
56eba38 |
generate_ns_check(struct module_qstate* qstate, struct iter_qstate* iq, int id)
|
|
|
56eba38 |
{
|
|
|
56eba38 |
+ struct iter_env* ie = (struct iter_env*)qstate->env->modinfo[id];
|
|
|
56eba38 |
struct module_qstate* subq;
|
|
|
56eba38 |
log_assert(iq->dp);
|
|
|
56eba38 |
|
|
|
56eba38 |
+ if(iq->depth == ie->max_dependency_depth)
|
|
|
56eba38 |
+ return;
|
|
|
56eba38 |
/* is this query the same as the nscheck? */
|
|
|
56eba38 |
if(qstate->qinfo.qtype == LDNS_RR_TYPE_NS &&
|
|
|
56eba38 |
query_dname_compare(iq->dp->name, qstate->qinfo.qname)==0 &&
|