New DNS configuration option
----------------------------
Key: TS-428
URL: https://issues.apache.org/jira/browse/TS-428
Project: Traffic Server
Issue Type: New Feature
Components: Documentation
Reporter: Leif Hedstrom
Assignee: Miles Libbey
Fix For: 2.2.0
There is a new DNS configuration option, from the records.config file:
# This provides additional resilience against DNS forgery, particularly in
# forward or transparent proxies, but requires that the resolver populates
# the queries section of the response properly.
CONFIG proxy.config.dns.validate_query_name INT 0
This setting is disabled by default, enabling it will force us to validate the
name in response from the resolver to make sure it matches the request we made.
This could potentially break if the resolver does not populate the queries
section with the requested name.
Enabling this option is highly recommended, particularly for running ATS in a
forward or transparent proxy configuration.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
