mirror of
https://github.com/isc-projects/bind9.git
synced 2026-07-07 11:40:54 -04:00
A response that failed the signature check with a missing or unexpected TSIG used to set nextitem, so the resolver kept reading the dispatch for another response. When the response was truncated with the TSIG cut off the end of the wire, no further response ever arrived and the fetch stalled until resolver-query-timeout. Treat an unauthenticated response like every other signature-check failure and finish the fetch immediately. A response carrying a missing or bogus TSIG now yields SERVFAIL instead of being skipped in favour of a later one; the cookie system test that fed a spoofed TSIG response is updated to expect that. The unauthenticated data is still never returned. |
||
|---|---|---|
| .. | ||
| startperf | ||
| system | ||
| testdata/wire | ||
| .gitignore | ||
| meson.build | ||
| test_client.c | ||
| test_server.c | ||