You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by ml...@apache.org on 2013/12/19 02:05:19 UTC
[08/12] git commit: [TS-428] Add proxy.config.dns.validate_query_name
to drecords.config doc from Jira notes.
[TS-428] Add proxy.config.dns.validate_query_name to drecords.config doc from Jira notes.
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/44a86148
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/44a86148
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/44a86148
Branch: refs/heads/master
Commit: 44a8614853f2d622861aa3ee434b1eb9fe255bb7
Parents: 1b814a7
Author: Miles Libbey <ml...@apache.org>
Authored: Mon Dec 16 14:12:48 2013 -0800
Committer: Miles Libbey <ml...@apache.org>
Committed: Mon Dec 16 14:12:48 2013 -0800
----------------------------------------------------------------------
doc/reference/configuration/records.config.en.rst | 6 ++++++
1 file changed, 6 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/44a86148/doc/reference/configuration/records.config.en.rst
----------------------------------------------------------------------
diff --git a/doc/reference/configuration/records.config.en.rst b/doc/reference/configuration/records.config.en.rst
index fd662c5..353b8e6 100644
--- a/doc/reference/configuration/records.config.en.rst
+++ b/doc/reference/configuration/records.config.en.rst
@@ -1403,6 +1403,12 @@ hostname to ``host_x.y.com``.
contention on the first worker thread (which otherwise takes on the burden of
all DNS lookups).
+.. ts:cv:: CONFIG proxy.config.dns.validate_query_name INT 0
+
+ When enabled (1) provides additional resilience against DNS forgery (for instance
+ in DNS Injection attacks), particularly in forward or transparent proxies, but
+ requires that the resolver populates the queries section of the response properly.
+
HostDB
======
Re: [08/12] git commit: [TS-428] Add
proxy.config.dns.validate_query_name to drecords.config doc from Jira
notes.
Posted by Igor Galić <i....@brainsware.org>.
----- Original Message -----
> [TS-428] Add proxy.config.dns.validate_query_name to drecords.config doc from
> Jira notes.
>
>
> Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
> Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/44a86148
> Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/44a86148
> Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/44a86148
>
> Branch: refs/heads/master
> Commit: 44a8614853f2d622861aa3ee434b1eb9fe255bb7
> Parents: 1b814a7
> Author: Miles Libbey <ml...@apache.org>
> Authored: Mon Dec 16 14:12:48 2013 -0800
> Committer: Miles Libbey <ml...@apache.org>
> Committed: Mon Dec 16 14:12:48 2013 -0800
>
> ----------------------------------------------------------------------
> doc/reference/configuration/records.config.en.rst | 6 ++++++
> 1 file changed, 6 insertions(+)
> ----------------------------------------------------------------------
>
>
> http://git-wip-us.apache.org/repos/asf/trafficserver/blob/44a86148/doc/reference/configuration/records.config.en.rst
> ----------------------------------------------------------------------
> diff --git a/doc/reference/configuration/records.config.en.rst
> b/doc/reference/configuration/records.config.en.rst
> index fd662c5..353b8e6 100644
> --- a/doc/reference/configuration/records.config.en.rst
> +++ b/doc/reference/configuration/records.config.en.rst
> @@ -1403,6 +1403,12 @@ hostname to ``host_x.y.com``.
> contention on the first worker thread (which otherwise takes on the
> burden of
> all DNS lookups).
>
> +.. ts:cv:: CONFIG proxy.config.dns.validate_query_name INT 0
> +
> + When enabled (1) provides additional resilience against DNS forgery (for
> instance
> + in DNS Injection attacks), particularly in forward or transparent
> proxies, but
> + requires that the resolver populates the queries section of the response
> properly.
What does that mean?
* who/what is the resolver? (we? HostDB? The system? something else)
* what is the queries section
* what qualifies as "properly"
> +
> HostDB
> ======
>
>
>
--
Igor Galić
Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/
GPG: 8716 7A9F 989B ABD5 100F 4008 F266 55D6 2998 1641