ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

3744. [experimental] SIT: send and process Source Identity Tokens

Browse Source 
(which are similar to DNS Cookies by Donald Eastlake)
                        and are designed to help clients detect off path
                        spoofed responses and for servers to detect legitimate
                        clients.

                        SIT use a experimental EDNS option code (65001).

                        SIT can be enabled via --enable-developer or
                        --enable-sit.  It is on by default in Windows.

                        RRL processing as been updated to know about SIT with
                        legitimate clients not being rate limited. [RT #35389]
This commit is contained in:
Mark Andrews
2014-02-19 12:53:42 +11:00
parent 43c1433ef2
commit b5f6271f4d
49 changed files with 1910 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bin/tests/system/dnssec/tests.sh
View File

@@ -2081,7 +2081,7 @@ echo server 10.53.0.3 5300
echo update add fail.nosign.example 300 in txt "reject me"
echo send
) | $NSUPDATE > /dev/null 2>&1 && ret=1
$DIG +noall +answer +dnssec -p 5300 fail.nosign.example txt @10.53.0.3 \
$DIG +tcp +noall +answer +dnssec -p 5300 fail.nosign.example txt @10.53.0.3 \
> dig.out.ns3.test$n 2>&1
[ -s dig.out.ns3.test$n ] && ret=1
n=`expr $n + 1`