bind9/lib/dns/include
Mark Andrews 0aaaa8768f
Reject NSEC records with next field with \000 label
A number of DNS implementation produce NSEC records with bad type
maps that don't contain types that exist at the name leading to
NODATA responses being synthesize instead of the records in the
zone.  NSEC records with these bad type maps often have the NSEC
NSEC field set to '\000.QNAME'.  We look for the first label of
this pattern.

e.g.
	example.com NSEC \000.example.com SOA NS NSEC RRSIG
	example.com RRRSIG NSEC ...
	example.com SOA ...
	example.com RRRSIG SOA ...
	example.com NS ...
	example.com RRRSIG NS ...
	example.com A ...
	example.com RRRSIG A ...

	A is missing from the type map.

This introduces a temporary option 'reject-000-label' to control
this behaviour.
2021-12-02 14:27:18 +01:00
..
dns Reject NSEC records with next field with \000 label 2021-12-02 14:27:18 +01:00
dst Use #pragma once as header guards 2021-10-13 00:49:15 -07:00
.clang-format Add separate .clang-format files for headers 2020-02-14 09:31:05 +01:00