CVSROOT: /cvs
Module name: src
Changes by: flor...@cvs.openbsd.org 2020/02/13 12:29:47
Modified files:
usr.bin/dig : dig.c dig.h dighost.c host.c nslookup.c
Log message:
+trace has the RD bit cleared however it asks the nameserver from
/etc/resolv.conf for a list of root name servers.
Arguably corectly configured recursive nameservers should REFUSE to
answer this question to prevent cache snooping.
Upstream fixed this after the license change by sending the first
query with RD set.
We go a different route, built in a list of root name servers and ask
them. Otherwise known as a priming query. This way +trace does not depend
on any localy configured nameserver in /etc/resolv.conf
"I have no other quibbles" deraadt@
input & OK sthen
