Re: [08/12] git commit: [TS-428] Add proxy.config.dns.validate_query_name to drecords.config doc from Jira notes.

Wed, 18 Dec 2013 21:17:52 -0800 


----- Original Message -----
> [TS-428] Add proxy.config.dns.validate_query_name to drecords.config doc from
> Jira notes.
> 
> 
> Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
> Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/44a86148
> Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/44a86148
> Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/44a86148
> 
> Branch: refs/heads/master
> Commit: 44a8614853f2d622861aa3ee434b1eb9fe255bb7
> Parents: 1b814a7
> Author: Miles Libbey <mlib...@apache.org>
> Authored: Mon Dec 16 14:12:48 2013 -0800
> Committer: Miles Libbey <mlib...@apache.org>
> Committed: Mon Dec 16 14:12:48 2013 -0800
> 
> ----------------------------------------------------------------------
>  doc/reference/configuration/records.config.en.rst | 6 ++++++
>  1 file changed, 6 insertions(+)
> ----------------------------------------------------------------------
> 
> 
> http://git-wip-us.apache.org/repos/asf/trafficserver/blob/44a86148/doc/reference/configuration/records.config.en.rst
> ----------------------------------------------------------------------
> diff --git a/doc/reference/configuration/records.config.en.rst
> b/doc/reference/configuration/records.config.en.rst
> index fd662c5..353b8e6 100644
> --- a/doc/reference/configuration/records.config.en.rst
> +++ b/doc/reference/configuration/records.config.en.rst
> @@ -1403,6 +1403,12 @@ hostname to ``host_x.y.com``.
>     contention on the first worker thread (which otherwise takes on the
>     burden of
>     all DNS lookups).
>  
> +.. ts:cv:: CONFIG proxy.config.dns.validate_query_name INT 0
> +
> +   When enabled (1) provides additional resilience against DNS forgery (for
> instance
> +   in DNS Injection attacks), particularly in forward or transparent
> proxies, but
> +   requires that the resolver populates the queries section of the response
> properly.

What does that mean?

* who/what is the resolver? (we? HostDB? The system? something else)
* what is the queries section
* what qualifies as "properly"

> +
>  HostDB
>  ======
>  
> 
> 

-- 
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.ga...@brainsware.org
URL: http://brainsware.org/
GPG: 8716 7A9F 989B ABD5 100F  4008 F266 55D6 2998 1641

Reply via email to