mirror of
https://github.com/isc-projects/bind9.git
synced 2026-05-23 10:37:43 -04:00
887502e37d
The DNS header shows if a message has multiple questions or invalid NOTIFY sections. We can drop these messages early, right after parsing the question. This matches RFC 9619 for multi-question messages and Unbound's handling of NOTIFY. To further add further robustness, we include an additional check for unknown opcodes, and also drop those messages early. Add early_sanity_check() function to check for these conditions: - Messages with more than one question, as required by RFC 9619 - NOTIFY query messages containing answer sections (like Unbound) - NOTIFY messages containing authority sections (like Unbound) - Unknown opcodes. |
||
|---|---|---|
| .. | ||
| ns1 | ||
| badnsec3owner | ||
| badrecordname | ||
| dupans | ||
| dupquestion | ||
| formerr.pl | ||
| keyclass | ||
| malformeddeltype | ||
| malformedrrsig | ||
| nametoolong | ||
| noquestions | ||
| optwrongname | ||
| qtypeasanswer | ||
| questionclass | ||
| setup.sh | ||
| shortquestion | ||
| shortrecord | ||
| tests.sh | ||
| tests_sh_formerr.py | ||
| tsignotlast | ||
| tsigwrongclass | ||
| twoquestionnames | ||
| twoquestiontypes | ||
| wrongclass | ||