cirno/plan9front
1
0
Fork 0
mirror of git://git.9front.org/plan9front/plan9front synced 2025-01-12 11:10:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

ndb/dns: refuse recursive requests harder when given -R (thanks be0ba)

Browse source 
Before we would refuse to recurse, but would still give
a response with hints back. Some nefarious clients will interpret the
lack of a Refused response code as us being an open resolver.
This commit is contained in:
Jacob Moody 2024-08-31 02:23:05 +00:00
parent 761452154a
commit 9d2f21b2cf
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
sys/src/cmd/ndb/dnserver.c
View file

@ -65,7 +65,8 @@ dnserver(DNSmsg *reqp, DNSmsg *repp, Request *req, uchar *srcip, int rcode)
if(cfg.nonrecursive
|| cfg.localrecursive && !localip(srcip)){
/* we don't recurse and we're not authoritative */
neg = nil;
setercode(repp, Rrefused);
return;
} else {
repp->flags |= Fcanrec;
if(reqp->flags & Frecurse){