mirror of
https://github.com/pi-hole/dnsmasq.git
synced 2025-12-19 18:28:25 +00:00
25e63f1e56
If we add the EDNS client subnet option, or the client's MAC address, then the reply we get back may very depending on that. Since the cache is ignorant of such things, it's not safe to cache such replies. This patch determines when a dangerous EDNS option is being added and disables caching. Note that for much the same reason, we can't combine multiple queries for the same question when dangerous EDNS options are being added, and the code now handles that in the same way. This query combining is required for security against cache poisoning, so disabling the cache has a security function as well as a correctness one.
116 KiB
116 KiB