Edgar Pettijohn wrote:
> This may not be the best way to handle this, but it was the first fix to
> come to mind. Not sure where to put this in the manual or if its even
> worth documenting. Thoughts?
I think this is a better fix. the user shouldn't worry about such things. at
least until a better path forward is determined.
Index: bin/dig/dighost.c
===================================================================
RCS file: /cvs/src/usr.sbin/bind/bin/dig/dighost.c,v
retrieving revision 1.15
diff -u -p -r1.15 dighost.c
--- bin/dig/dighost.c 28 Sep 2015 15:55:54 -0000 1.15
+++ bin/dig/dighost.c 26 May 2017 12:03:53 -0000
@@ -34,6 +34,8 @@
#include <string.h>
#include <limits.h>
+#include <sys/sysctl.h>
+
#ifdef HAVE_LOCALE_H
#include <locale.h>
#endif
@@ -2778,6 +2780,15 @@ recv_done(isc_task_t *task, isc_event_t
isc_region_t r;
isc_buffer_t *buf = NULL;
#endif
+ static int checked_jackport;
+ static int jackport;
+
+ if (!checked_jackport) {
+ int dnsjacking[2] = { CTL_KERN, KERN_DNSJACKPORT };
+ size_t portlen = sizeof(jackport);
+ sysctl(dnsjacking, 2, &jackport, &portlen, NULL, 0);
+ checked_jackport = 1;
+ }
UNUSED(task);
INSIST(!free_now);
@@ -2854,6 +2865,7 @@ recv_done(isc_task_t *task, isc_event_t
* sent to 0.0.0.0, :: or to a multicast addresses.
* XXXMPA broadcast needs to be handled here as well.
*/
+ if (jackport == 0)
if ((!isc_sockaddr_eqaddr(&query->sockaddr, &any) &&
!isc_sockaddr_ismulticast(&query->sockaddr)) ||
isc_sockaddr_getport(&query->sockaddr) !=
