mirror of
https://github.com/isc-projects/bind9.git
synced 2026-05-28 04:34:54 -04:00
6b02ecb3f1
The retry path in resquery_send() that flipped DNS_FETCHOPT_TCP on a
query whose dispatch had already been bound as UDP in fctx_query() had
no effect on the transport actually used, but did leave a stale TCP
bit visible to downstream consumers (dnstap framing, cookie checks,
the AUTHORITY-NS spoofability guard).
The ineffective code has been removed from resquery_send(). The
TCP fallback functionality will be corrected and restored in the
BIND 9.22.
Assisted-by: Claude:claude-opus-4-7
(cherry picked from commit 01523a078a)
33 lines
1 KiB
Python
33 lines
1 KiB
Python
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
#
|
|
# SPDX-License-Identifier: MPL-2.0
|
|
#
|
|
# This Source Code Form is subject to the terms of the Mozilla Public
|
|
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
#
|
|
# See the COPYRIGHT file distributed with this work for additional
|
|
# information regarding copyright ownership.
|
|
|
|
import dns.message
|
|
import pytest
|
|
|
|
import isctest
|
|
|
|
pytestmark = pytest.mark.extra_artifacts(
|
|
[
|
|
"ans*/ans.run",
|
|
]
|
|
)
|
|
|
|
|
|
def test_tcponly_not_resolved():
|
|
"""
|
|
An authoritative server that only answers over TCP is unreachable
|
|
when its zone is queried over UDP: the resolver does not transparently
|
|
fall back to TCP after UDP timeouts. (This confirms the expected behavior
|
|
for this commit; TCP fallback will be restored in the next.)
|
|
"""
|
|
msg = dns.message.make_query("foo.tcp-only.", "A")
|
|
res = isctest.query.udp(msg, "10.53.0.2", timeout=15)
|
|
isctest.check.servfail(res)
|