[ratelimits] bind force qtype=ANY to TCP
Vernon Schryver
vjs at rhyolite.com
Wed May 15 22:42:20 UTC 2013
> From: Jared Mauch <jared at puck.nether.net>
> I've cleaned up the patch slightly with your suggestions.
It would still encounter objections from ISC's style police,
Never mind that, because ISC's style differs from my own as well as
classic kernel normal form. I frequently forget to override my
habits in favor of ISC's and so get style violation tickets.
Is it intentional that the patch does not affect authoritative ANY
responses? I think the patch would fail to stop the authorities for
isc.org from answering `dig +dnssec isc.org any @ams.sns-pb.isc.org'
with almost 4 Kbytes.
(My first second thought was that the goto would prevent responding
with REFUSED to requests that need recurssion and so make closed
resolvers look open. When I tested that thought and then looked closer,
I saw that the patch is in the path after a first attempt to recurse,
and so never encountered by an query that is answered authoritatively.)
Vernon Schryver vjs at rhyolite.com
More information about the ratelimits
mailing list