From 44500cbb25bc6e76723304b9ff39f875c04309f9 Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Thu, 13 Apr 2017 13:22:51 +0200 Subject: resolv: Remove EDNS fallback [BZ #21369] EDNS is disabled by default (so there is interoperability issue), and the fallback code is problematic because it prevents an application from obtaining DNSSEC data after a FORMERR response. --- NEWS | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'NEWS') diff --git a/NEWS b/NEWS index 99288b5f22..ace0e0d90f 100644 --- a/NEWS +++ b/NEWS @@ -41,6 +41,11 @@ Version 2.26 "The Rules of Hungarian Orthography, 12th edition" and the work of Egmont Koblinger (Bug 18934). +* The DNS stub resolver no longer performs EDNS fallback. If EDNS or DNSSEC + support is enabled, the configured recursive resolver must support EDNS. + (Responding to EDNS-enabled queries with responses which are not + EDNS-enabled is fine, but FORMERR responses are not.) + * res_mkquery and res_nmkquery no longer support the IQUERY opcode. DNS servers have not supported this opcode for a long time. -- cgit 1.4.1