</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>any-to-tcp | any-to-tcp=yes | any-to-tcp=no</term>
+ <listitem>
+ <para>
+ Answer questions for the ANY type on UDP with a truncated packet that refers the
+ remote server to TCP. Useful for mitigating ANY reflection attacks. Defaults to off.
+ </para>
+ </listitem>
+ </varlistentry>
<varlistentry>
<term>dont-query</term>
<listitem>
unsigned int g_maxTCPPerClient;
unsigned int g_networkTimeoutMsec;
bool g_logCommonErrors;
+bool g_anyToTcp;
__thread shared_ptr<RecursorLua>* t_pdl;
__thread RemoteKeeper* t_remotes;
__thread shared_ptr<Regex>* t_traceRegex;
pw.getHeader()->id=dc->d_mdp.d_header.id;
pw.getHeader()->rd=dc->d_mdp.d_header.rd;
+ if(dc->d_mdp.d_qtype==QType::ANY && !dc->d_tcp && g_anyToTcp) {
+ pw.getHeader()->tc=1;
+ goto sendit;
+ }
+
SyncRes sr(dc->d_now);
bool tracedQuery=false; // we could consider letting Lua know about this too
if(t_traceRegex->get() && (*t_traceRegex)->match(dc->d_mdp.d_qname)) {
g_logCommonErrors=::arg().mustDo("log-common-errors");
+
+ g_anyToTcp = ::arg().mustDo("any-to-tcp");
makeUDPServerSockets();
makeTCPServerSockets();
::arg().setSwitch( "disable-edns", "Disable EDNS - EXPERIMENTAL, LEAVE DISABLED" )= "";
::arg().setSwitch( "disable-packetcache", "Disable packetcache" )= "no";
::arg().setSwitch( "pdns-distributes-queries", "If PowerDNS itself should distribute queries over threads (EXPERIMENTAL)")="no";
+ ::arg().setSwitch( "any-to-tcp","Answer ANY queries with tc=1, shunting to TCP" )="no";
::arg().set("include-dir","Include *.conf files from this directory")="";
::arg().setCmd("help","Provide a helpful message");
projects / pdns / commitdiff