dig: remove "+unexpected" option

The network manager does not support returning UDP datagrams to clients from unexpected sources; it is therefore not possible for dig to accept them. The "+[no]unexpected" option has therefore been removed from the dig command and its documentation.
2025-09-02 07:35:26 +00:00 · 2020-09-08 15:58:09 -07:00
parent 94b7988efb
commit cde27d2d2b
5 changed files with 5 additions and 82 deletions
--- a/bin/dig/dig.c
+++ b/bin/dig/dig.c
@@ -296,9 +296,6 @@ help(void) {
 	       "in records)\n"
 	       "                 +[no]ttlunits       (Display TTLs in "
 	       "human-readable units)\n"
 	       "                 +[no]unexpected     (Print replies from "
 	       "unexpected sources\n"
 	       "                                      default=off)\n"
 	       "                 +[no]unknownformat  (Print RDATA in RFC 3597 "
 	       "\"unknown\" "
 	       "format)\n"
@@ -1807,7 +1804,8 @@ plus_option(char *option, bool is_batchfile, dig_lookup_t *lookup) {
 			switch (cmd[2]) {
 			case 'e':
 				FULLCHECK("unexpected");
-				lookup->accept_reply_unexpected_src = state;
+				fprintf(stderr, ";; +unexpected option "
 						"is deprecated");
 				break;
 			case 'k':
 				FULLCHECK("unknownformat");
--- a/bin/dig/dig.rst
+++ b/bin/dig/dig.rst
@@ -549,11 +549,6 @@ abbreviation is unambiguous; for example, ``+cd`` is equivalent to
   units of ``s``, ``m``, ``h``, ``d``, and ``w``, representing seconds, minutes,
   hours, days, and weeks. This implies ``+ttlid``.
 ``+[no]unexpected``
   This option accepts [or does not accept] answers from unexpected sources.  By default, ``dig``
   will not accept a reply from a source other than the one to which it sent the
   query.
 ``+[no]unknownformat``
   This option prints all RDATA in unknown RR type presentation format (:rfc:`3597`).
   The default is to print RDATA for known types in the type's
--- a/bin/dig/dighost.c
+++ b/bin/dig/dighost.c
@@ -650,7 +650,6 @@ make_empty_lookup(void) {
 	looknew->ttlunits = false;
 	looknew->expandaaaa = false;
 	looknew->qr = false;
 	looknew->accept_reply_unexpected_src = false;
 #ifdef HAVE_LIBIDN2
 	looknew->idnin = isatty(1) ? (getenv("IDN_DISABLE") == NULL) : false;
 	looknew->idnout = looknew->idnin;
@@ -799,8 +798,6 @@ clone_lookup(dig_lookup_t *lookold, bool servers) {
 	looknew->ttlunits = lookold->ttlunits;
 	looknew->expandaaaa = lookold->expandaaaa;
 	looknew->qr = lookold->qr;
 	looknew->accept_reply_unexpected_src =
 		lookold->accept_reply_unexpected_src;
 	looknew->idnin = lookold->idnin;
 	looknew->idnout = lookold->idnout;
 	looknew->udpsize = lookold->udpsize;
@@ -3627,43 +3624,6 @@ recv_done(isc_nmhandle_t *handle, isc_result_t eresult, isc_region_t *region,
 	isc_buffer_add(&b, region->length);
 	peer = isc_nmhandle_peeraddr(handle);
 	if (!l->tcp_mode &&
 	    !isc_sockaddr_compare(&peer, &query->sockaddr,
 				  ISC_SOCKADDR_CMPADDR | ISC_SOCKADDR_CMPPORT |
 					  ISC_SOCKADDR_CMPSCOPE |
 					  ISC_SOCKADDR_CMPSCOPEZERO))
 	{
 		char buf1[ISC_SOCKADDR_FORMATSIZE];
 		char buf2[ISC_SOCKADDR_FORMATSIZE];
 		isc_sockaddr_t any;
 		if (isc_sockaddr_pf(&query->sockaddr) == AF_INET) {
 			isc_sockaddr_any(&any);
 		} else {
 			isc_sockaddr_any6(&any);
 		}
 		/*
 		 * We don't expect a match when the packet is
 		 * sent to 0.0.0.0, :: or to a multicast addresses.
 		 * XXXMPA broadcast needs to be handled here as well.
 		 */
 		if ((!isc_sockaddr_eqaddr(&query->sockaddr, &any) &&
 		     !isc_sockaddr_ismulticast(&query->sockaddr)) ||
 		    isc_sockaddr_getport(&query->sockaddr) !=
 			    isc_sockaddr_getport(&peer))
 		{
 			isc_sockaddr_format(&peer, buf1, sizeof(buf1));
 			isc_sockaddr_format(&query->sockaddr, buf2,
 					    sizeof(buf2));
 			dighost_warning("reply from unexpected source: %s,"
 					" expected %s\n",
 					buf1, buf2);
 			if (!l->accept_reply_unexpected_src) {
 				match = false;
 			}
 		}
 	}
 	result = dns_message_peekheader(&b, &id, &msgflags);
 	if (result != ISC_R_SUCCESS || l->sendmsg->id != id) {
--- a/bin/dig/dighost.h
+++ b/bin/dig/dighost.h
@@ -114,12 +114,9 @@ struct dig_lookup {
 		tcp_keepalive, header_only, ednsneg, mapped,
 		print_unknown_format, multiline, nottl, noclass, onesoa,
 		use_usec, nocrypto, ttlunits, idnin, idnout, expandaaaa, qr,
-		accept_reply_unexpected_src, /*%  print replies from
+		setqid;	       /*% use a specified query ID */
-					      * unexpected
+	char textname[MXNAME]; /*% Name we're going to be
-					      *   sources. */
+				* looking up */
 		setqid;			     /*% use a speciied query ID */
 	char textname[MXNAME];		     /*% Name we're going to be
 					      * looking up */
 	char cmdline[MXNAME];
 	dns_rdatatype_t rdtype;
 	dns_rdatatype_t qrdtype;
--- a/bin/tests/system/digdelv/tests.sh
+++ b/bin/tests/system/digdelv/tests.sh
@@ -919,33 +919,6 @@ if [ -x "$DIG" ] ; then
    status=$((status+ret))
  fi
  n=$((n+1))
  echo_i "check that dig +unexpected works ($n)"
  ret=0
  dig_with_opts @10.53.0.6 +tries=1 +time=2 +unexpected a a.example > dig.out.test$n || ret=1
  grep 'reply from unexpected source' dig.out.test$n > /dev/null || ret=1
  grep 'status: NOERROR' dig.out.test$n > /dev/null || ret=1
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
  n=$((n+1))
  echo_i "check that dig +nounexpected works ($n)"
  ret=0
  dig_with_opts @10.53.0.6 +nounexpected +tries=1 +time=2 a a.example > dig.out.test$n && ret=1
  grep 'reply from unexpected source' dig.out.test$n > /dev/null || ret=1
  grep "status: NOERROR" < dig.out.test$n > /dev/null && ret=1
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
  n=$((n+1))
  echo_i "check that dig default for +[no]unexpected (+nounexpected) works ($n)"
  ret=0
  dig_with_opts @10.53.0.6 +tries=1 +time=2 a a.example > dig.out.test$n && ret=1
  grep 'reply from unexpected source' dig.out.test$n > /dev/null || ret=1
  grep "status: NOERROR" < dig.out.test$n > /dev/null && ret=1
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
  n=$((n+1))
  echo_i "check that dig +bufsize=0 just sets the buffer size to 0 ($n)"
  ret=0