Wednesday, October 21, 2009

Deadwood snapshot update

Deadwood will now forward on DNS packets upstream which it thinks are invalid packets, since some DNS servers send "name error" packets without a SOA record in the NS section of the reply.

I have made sure that this fix does not allow DNS packets which would cause security problems to be forwarded to the DNS stub resolver (we still make sure the ID and question are the same).

I would like to thank Jakob Blomer at CERN laboratories for reporting this problem, and for supplying a patch.

It can be looked at here: