ndb/dns: request recursion only for local dns servers

we used to set RD flag in requests unconditionally, which
is fine by the standard but some dns server administrators
seem to use it as a denial of service indicator (for ther
non recursive authoritative nameservers) and ignore the
request.

so only set the RD flag when talking to local dns servers.

1 files changed, 9 insertions, 3 deletions

diff --git a/sys/src/cmd/ndb/dnresolve.c b/sys/src/cmd/ndb/dnresolve.c
index be7b94d91..a93c29151 100644
--- a/sys/src/cmd/ndb/dnresolve.c
+++ b/sys/src/cmd/ndb/dnresolve.c
@@ -1326,16 +1326,22 @@ tcpquery(Query *qp, DNSmsg *mp, int depth, uchar *ibuf, uchar *obuf, int len,
 static int
 queryns(Query *qp, int depth, uchar *ibuf, uchar *obuf, ulong waitms, int inns)
 {
-	int ndest, len, replywaits, rv;
+	int ndest, len, replywaits, rv, flag;
 	ushort req;
 	uvlong endms;
 	char buf[32];
 	uchar srcip[IPaddrlen];
 	Dest *p, *np, dest[Maxdest];
 
-	/* pack request into a udp message */
 	req = rand();
-	len = mkreq(qp->dp, qp->type, obuf, Frecurse|Oquery, req);
+
+	/* request recursion only for local dns servers */
+	flag = Oquery;
+	if(strncmp(qp->nsrp->owner->name, "local#", 6) == 0)
+		flag |= Frecurse;
+
+	/* pack request into a udp message */
+	len = mkreq(qp->dp, qp->type, obuf, flag, req);
 
 	/* no server addresses yet */
 	memset(dest, 0, sizeof dest);