[v9_9] backport RRL to 9.9.x
This incorporates the following changes, plus a new configure option "--enable-rrl" to turn them on: 3575. [func] Changed the logging category for RRL events from 'queries' to 'query-errors'. [RT #33540] 3554. [bug] RRL failed to correctly rate-limit upward referrals and failed to count dropped error responses in the statistics. [RT #33225] 3545. [bug] RRL slip behavior was incorrect when set to 1. [RT #33111] 3518. [bug] Increase the size of dns_rrl_key.s.rtype by one bit so that all dns_rrl_rtype_t enum values fit regardless of whether it is teated as signed or unsigned by the compiler. [RT #32792] 3494. [func] DNS RRL: Blunt the impact of DNS reflection and amplification attacks by rate-limiting substantially- identical responses. To enable, use "configure --enable-rrl". [RT #28130]
This commit is contained in:
Evan Hunt
@@ -17,6 +17,7 @@ involving a different DNS setup. They are:
|
||||
nsupdate/ Dynamic update and IXFR tests
|
||||
resolver/ Regression tests for resolver bugs that have been fixed
|
||||
(not a complete resolver test suite)
|
||||
rrl/ query rate limiting
|
||||
rpz/ Tests of response policy zone (RPZ) rewriting
|
||||
stub/ Tests of stub zone functionality
|
||||
unknown/ Unknown type and class tests
|
||||
|
||||
Reference in New Issue
Block a user