On Fri, May 26, 2017 at 08:08:08AM -0400, Ted Unangst wrote:
> Edgar Pettijohn wrote:
> > This may not be the best way to handle this, but it was the first fix to
> > come to mind. Not sure where to put this in the manual or if its even
> > worth documenting. Thoughts?
>
> I think this is a better fix. the user shouldn't worry about such things. at
> least until a better path forward is determined.
Are there any plans to revisit this?
>
> Index: bin/dig/dighost.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/bind/bin/dig/dighost.c,v
> retrieving revision 1.15
> diff -u -p -r1.15 dighost.c
> --- bin/dig/dighost.c 28 Sep 2015 15:55:54 -0000 1.15
> +++ bin/dig/dighost.c 26 May 2017 12:03:53 -0000
> @@ -34,6 +34,8 @@
> #include <string.h>
> #include <limits.h>
>
> +#include <sys/sysctl.h>
> +
> #ifdef HAVE_LOCALE_H
> #include <locale.h>
> #endif
> @@ -2778,6 +2780,15 @@ recv_done(isc_task_t *task, isc_event_t
> isc_region_t r;
> isc_buffer_t *buf = NULL;
> #endif
> + static int checked_jackport;
> + static int jackport;
> +
> + if (!checked_jackport) {
> + int dnsjacking[2] = { CTL_KERN, KERN_DNSJACKPORT };
> + size_t portlen = sizeof(jackport);
> + sysctl(dnsjacking, 2, &jackport, &portlen, NULL, 0);
> + checked_jackport = 1;
> + }
>
> UNUSED(task);
> INSIST(!free_now);
> @@ -2854,6 +2865,7 @@ recv_done(isc_task_t *task, isc_event_t
> * sent to 0.0.0.0, :: or to a multicast addresses.
> * XXXMPA broadcast needs to be handled here as well.
> */
> + if (jackport == 0)
> if ((!isc_sockaddr_eqaddr(&query->sockaddr, &any) &&
> !isc_sockaddr_ismulticast(&query->sockaddr)) ||
> isc_sockaddr_getport(&query->sockaddr) !=
>
