[TS-428] Add proxy.config.dns.validate_query_name to drecords.config doc from Jira notes.
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/44a86148 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/44a86148 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/44a86148 Branch: refs/heads/master Commit: 44a8614853f2d622861aa3ee434b1eb9fe255bb7 Parents: 1b814a7 Author: Miles Libbey <[email protected]> Authored: Mon Dec 16 14:12:48 2013 -0800 Committer: Miles Libbey <[email protected]> Committed: Mon Dec 16 14:12:48 2013 -0800 ---------------------------------------------------------------------- doc/reference/configuration/records.config.en.rst | 6 ++++++ 1 file changed, 6 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/44a86148/doc/reference/configuration/records.config.en.rst ---------------------------------------------------------------------- diff --git a/doc/reference/configuration/records.config.en.rst b/doc/reference/configuration/records.config.en.rst index fd662c5..353b8e6 100644 --- a/doc/reference/configuration/records.config.en.rst +++ b/doc/reference/configuration/records.config.en.rst @@ -1403,6 +1403,12 @@ hostname to ``host_x.y.com``. contention on the first worker thread (which otherwise takes on the burden of all DNS lookups). +.. ts:cv:: CONFIG proxy.config.dns.validate_query_name INT 0 + + When enabled (1) provides additional resilience against DNS forgery (for instance + in DNS Injection attacks), particularly in forward or transparent proxies, but + requires that the resolver populates the queries section of the response properly. + HostDB ======
