Check addresses for rfc953-saneness at exit too, and give a PROTOCOL_WARN when they fail. Also provide a mechanism to override this, so blossom can have its @@##$$^.whatever.exit hostnames if it wants.
svn:r9336
Re-enable warning when we resolve an already resolved address. We only warn here now if the address is not a testing address. Also, refactor out a function to check whether an address is used for testing.
svn:r9280
If we only have a single nameserver, raise the threshold to decide that the nameserver is dead. (Another fumbling attempt to do something about bug 326.)
svn:r9203
Fix bug 364: check for whether popular hostnames (curently google, yahoo, mit, and slashdot) are getting wildcarded. If they are, we are probably behind a DNS server that is useless: change our exit policy to reject *:*.
svn:r9199
Resolve bug 363: do not fall back to 127.0.0.1 when no nameservers are configured. Instead, have the admin fix resolv.conf or configure a nameserver.
svn:r9157
Change HT_INIT from a special-case to a macro-calling-a-function like the rest of ht.h. This might prevent errors if somebody did, I dunno, "HT_INIT(tp, hashtable++)". Based on a patch from Watson Ladd.
svn:r8776
We're trying to catch the kind of jerk who'd hijack zy6pzwohtnlq.test,
not the kind of lunatic who'd hijack zy6pzwohtnlq%s.test, though
apparently those exist too.
svn:r8595
client asks us to resolve (not connect to) an address, and we have a
cached answer, give them the cached answer. Previously, we would give
them no answer at all.
svn:r8478
Instead of just checking known-invalid addresses for DNS hijacking, we
now check randomly generated addresses, and if too many of them map to
the same IP, we assume that IP is the destination of a DNS hijack
attempt.
A little bird tells me that some DNS hijackers think that declining to
give an A record for RFC2606 addresses (like .invalid and .example)
makes them more standards compliant. Standardswise, this is like an
illicit brothel making sure that nobody has pulled the tags off the
mattresss, but that doesn't get us out of working around it.
svn:r8465
I tracked a bug in server-side reverse DNS to something concerning the caching code. Ive disabled server-side cacheing for reverse DNS answers for now, and I am noting the bug in the TODO.
svn:r8454
Fix dns_cancel_pending_resolve() to realize pending resolves have expiry times, and should not be freed except when they fall off the pqueue.
svn:r8328
spawn_func fixes: have cpuworker_main and dnsworker_main confirm to the right interfaces [casting func to void* is icky]. Also, make pthread_create() build without warnings.
svn:r8327