Commit 3444d8a4 authored by Vladimír Čunát's avatar Vladimír Čunát

Merge !328: fix dns64 with policy.FORWARD

parents e7908bd5 72c0e3d4
Pipeline #9069 canceled with stages
in 76 minutes and 33 seconds
......@@ -10,7 +10,7 @@ Bugfixes
--------
- daemon: check existence of config file even if rundir isn't specified
- policy.FORWARD and STUB: use RTT tracking to choose servers (#125, #208)
- dns64: fix CNAME problems (#203) It still won't work with query policies.
- dns64: fix CNAME problems (#203) It still won't work with policy.STUB.
Improvements
------------
......
......@@ -958,6 +958,7 @@ static int forward_trust_chain_check(struct kr_request *request, struct kr_query
if (qry->parent != NULL &&
!(qry->forward_flags & QUERY_CNAME) &&
!(qry->flags & QUERY_DNS64_MARK) &&
knot_dname_in(qry->parent->zone_cut.name, qry->zone_cut.name)) {
return KR_STATE_PRODUCE;
}
......
......@@ -5,7 +5,7 @@ DNS64
The module for :rfc:`6147` DNS64 AAAA-from-A record synthesis, it is used to enable client-server communication between an IPv6-only client and an IPv4-only server. See the well written `introduction`_ in the PowerDNS documentation.
.. warning:: The module currently won't work well with query policies.
.. warning:: The module currently won't work well with policy.STUB.
.. tip:: The A record sub-requests will be DNSSEC secured, but the synthetic AAAA records can't be. Make sure the last mile between stub and resolver is secure to avoid spoofing.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment