Date: Thu, 19 Sep 2002 10:44:27 +0200 From: Juan Francisco Rodriguez Hervella <jrh@it.uc3m.es> To: Lista <freebsd-net@freebsd.org>, "(Lista) bind9-users@isc.org" <bind9-users@isc.org> Subject: RES_INSECURE and CHECK_SRVR_ADDR in resolver functions (IPv6 anycast response problem) Message-ID: <3D898E6B.692C3C43@it.uc3m.es>
next in thread | raw e-mail | index | archive | help
Hello: I need to make some tests with IPv6 anycast addresses, and I've found out that when /etc/resolv.conf has an IPv6 anycast address, the DNS response isn't accepted because it comes from an unicast IPv6 address. I've been digging into the source code of /usr/src/lib/libc/net/res_* and I've found these constants: RES_INSECURE1 RES_INSECURE2 and a compilation option called: CHECK_SRVR_ADDR What I would like to do is re-compile the resolver library to accept DNS responses coming from a unicast IPv6 address to solve the problem mentioned above. What's better... to *un*define CHECK_SRVR_ADDR or to include RES_INSECURE1 into RES_DEFAULT ? Do you think it's a good idea to do this ? what are the security implications ? PS: RES_DEFAULT appears in "resolv.h" Best Regards. -- JFRH. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D898E6B.692C3C43>