diff --git a/docs/markdown/authoritative/settings.md b/docs/markdown/authoritative/settings.md index 6d9ccbeec37e..d3716a0cb7b9 100644 --- a/docs/markdown/authoritative/settings.md +++ b/docs/markdown/authoritative/settings.md @@ -69,11 +69,11 @@ always receive a notification. Even if they do not match the list in ## `any-to-tcp` * Boolean -* Default: no +* Default: yes (no, in <= 4.0.1) * Available since: 3.3 -Answer questions for the ANY and RRSIG types on UDP with a truncated packet that -refers the remote server to TCP. Useful for mitigating reflection attacks. +Answer questions for the ANY on UDP with a truncated packet that refers the +remote server to TCP. Useful for mitigating reflection attacks. ## `api` * Boolean diff --git a/modules/geoipbackend/regression-tests/static-any-resolution/command b/modules/geoipbackend/regression-tests/static-any-resolution/command index abd0fdf43350..2bc81137c1c2 100755 --- a/modules/geoipbackend/regression-tests/static-any-resolution/command +++ b/modules/geoipbackend/regression-tests/static-any-resolution/command @@ -1,3 +1,3 @@ #!/bin/sh -cleandig geo.example.com ANY +cleandig geo.example.com ANY tcp diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc index 2735d9b3b29c..5d3d4984dbcc 100644 --- a/pdns/common_startup.cc +++ b/pdns/common_startup.cc @@ -128,7 +128,7 @@ void declareArguments() ::arg().setSwitch("webserver","Start a webserver for monitoring")="no"; ::arg().setSwitch("webserver-print-arguments","If the webserver should print arguments")="no"; ::arg().setSwitch("edns-subnet-processing","If we should act on EDNS Subnet options")="no"; - ::arg().setSwitch("any-to-tcp","Answer ANY queries with tc=1, shunting to TCP")="no"; + ::arg().setSwitch("any-to-tcp","Answer ANY queries with tc=1, shunting to TCP")="yes"; ::arg().set("webserver-address","IP Address of webserver to listen on")="127.0.0.1"; ::arg().set("webserver-port","Port of webserver to listen on")="8081"; ::arg().set("webserver-password","Password required for accessing the webserver")=""; diff --git a/regression-tests/backends/gmysql-master b/regression-tests/backends/gmysql-master index 84606f5c37fc..7ca93a9af39c 100644 --- a/regression-tests/backends/gmysql-master +++ b/regression-tests/backends/gmysql-master @@ -23,9 +23,11 @@ gmysql-dbname=$GMYSQLDB gmysql-user=$GMYSQLUSER gmysql-host=$GMYSQLHOST gmysql-password=$GMYSQLPASSWD + +any-to-tcp=no __EOF__ - gsql_master gmysql + gsql_master gmysql dyndns ;; *) diff --git a/regression-tests/tests/any-nxdomain/command b/regression-tests/tests/any-nxdomain/command index e24ef3ac1364..aa7c59198ff6 100755 --- a/regression-tests/tests/any-nxdomain/command +++ b/regression-tests/tests/any-nxdomain/command @@ -1,4 +1,4 @@ #!/bin/sh -cleandig nxdomain.example.com ANY dnssec +cleandig nxdomain.example.com ANY dnssec tcp diff --git a/regression-tests/tests/any-query/command b/regression-tests/tests/any-query/command index 8422193a86bf..334ca51105d1 100755 --- a/regression-tests/tests/any-query/command +++ b/regression-tests/tests/any-query/command @@ -1,3 +1,3 @@ #!/bin/sh -SDIGBUFSIZE=32768 cleandig example.com ANY +SDIGBUFSIZE=32768 cleandig example.com ANY tcp diff --git a/regression-tests/tests/any-to-tcp-query/command b/regression-tests/tests/any-to-tcp-query/command new file mode 100755 index 000000000000..8422193a86bf --- /dev/null +++ b/regression-tests/tests/any-to-tcp-query/command @@ -0,0 +1,3 @@ +#!/bin/sh +SDIGBUFSIZE=32768 cleandig example.com ANY + diff --git a/regression-tests/tests/any-to-tcp-query/description b/regression-tests/tests/any-to-tcp-query/description new file mode 100644 index 000000000000..99d2702cd138 --- /dev/null +++ b/regression-tests/tests/any-to-tcp-query/description @@ -0,0 +1 @@ +An udp ANY query should return TC=1 diff --git a/regression-tests/tests/any-to-tcp-query/expected_result b/regression-tests/tests/any-to-tcp-query/expected_result new file mode 100644 index 000000000000..238c9957f2cb --- /dev/null +++ b/regression-tests/tests/any-to-tcp-query/expected_result @@ -0,0 +1,3 @@ +2 . IN OPT 0 +Rcode: 0 (No Error), RD: 0, QR: 1, TC: 1, AA: 1, opcode: 0 +Reply to question for qname='example.com.', qtype=ANY diff --git a/regression-tests/tests/any-to-tcp-query/skip.dyndns b/regression-tests/tests/any-to-tcp-query/skip.dyndns new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/regression-tests/tests/any-wildcard-dnssec/command b/regression-tests/tests/any-wildcard-dnssec/command index 3106093dc76d..beb7222d7307 100755 --- a/regression-tests/tests/any-wildcard-dnssec/command +++ b/regression-tests/tests/any-wildcard-dnssec/command @@ -1,4 +1,4 @@ #!/bin/sh -cleandig www.something.wtest.com ANY dnssec +cleandig www.something.wtest.com ANY dnssec tcp diff --git a/regression-tests/tests/any-wildcard/command b/regression-tests/tests/any-wildcard/command index aecb4061c2e1..9b08ab2dbb69 100755 --- a/regression-tests/tests/any-wildcard/command +++ b/regression-tests/tests/any-wildcard/command @@ -1,4 +1,4 @@ #!/bin/sh -cleandig www.something.wtest.com ANY +cleandig www.something.wtest.com ANY tcp diff --git a/regression-tests/tests/cname-to-nxdomain-any/command b/regression-tests/tests/cname-to-nxdomain-any/command index fa100ad4dc29..016bcaf4ad28 100755 --- a/regression-tests/tests/cname-to-nxdomain-any/command +++ b/regression-tests/tests/cname-to-nxdomain-any/command @@ -1,3 +1,3 @@ #!/bin/sh -cleandig nxd.example.com ANY dnssec +cleandig nxd.example.com ANY dnssec tcp diff --git a/regression-tests/tests/cname-to-unauth-any/command b/regression-tests/tests/cname-to-unauth-any/command index 9800f3b4db4f..3b8c405d4a21 100755 --- a/regression-tests/tests/cname-to-unauth-any/command +++ b/regression-tests/tests/cname-to-unauth-any/command @@ -1,3 +1,2 @@ #!/bin/sh -cleandig unauth.example.com ANY dnssec - +cleandig unauth.example.com ANY dnssec tcp diff --git a/regression-tests/tests/ent-any/command b/regression-tests/tests/ent-any/command index bed6d9217601..17a1dc744d89 100755 --- a/regression-tests/tests/ent-any/command +++ b/regression-tests/tests/ent-any/command @@ -1,2 +1,2 @@ #!/bin/sh -cleandig c.test.com ANY dnssec showflags +cleandig c.test.com ANY dnssec tcp showflags