| commit | 4b45355162371d2692e7bb6b8c3ad5e730885556 | |
| author | Jeffrey Altman <jaltman@secure-endpoints.com> | |
| Sat, 26 Dec 2015 18:04:22 +0000 (26 13:04 -0500) | ||
| committer | Jeffrey Altman <jaltman@secure-endpoints.com> | |
| Sun, 10 Apr 2016 22:05:07 +0000 (10 17:05 -0500) | ||
| tree | 490340d8ce4d93f13ca01040fdabf20a51cc2402 | treesnapshot (tar.gz zip) |
| parent | b0e7dc5106e5f86b850f058e473b9e4ff52fa1ab | commitdiff |
krb5: DNS SRV records test for invalid gTLD
As per
https://www.icann.org/en/system/files/files/name-collision-mitigation-01aug14-en.pdf
prior to a new top-level domain being put into service there is a
controlled interuption service which will return explicit responses to DNS
A, MX, SRV, and TXT queries that can be used to detect private namespace collisions.
Modify SRV records lookups to detect the special hostname returned in the
SRV response, skip the response, and record an appropriate error if it is detected.
Write a warning to the log (if any).
Change-Id: I47e049b617e39e49939bc92d513a547de1d04624
As per
https://www.icann.org/en/system/files/files/name-collision-mitigation-01aug14-en.pdf
prior to a new top-level domain being put into service there is a
controlled interuption service which will return explicit responses to DNS
A, MX, SRV, and TXT queries that can be used to detect private namespace collisions.
Modify SRV records lookups to detect the special hostname returned in the
SRV response, skip the response, and record an appropriate error if it is detected.
Write a warning to the log (if any).
Change-Id: I47e049b617e39e49939bc92d513a547de1d04624
| lib/krb5/krbhst.c | diffblobblamehistory |