--- bind-9.3.2b2/bin/dig/host.1.no_servfail_stops 2005-10-12 22:33:43.000000000 -0400
+++ bind-9.3.2b2/bin/dig/host.1 2005-11-15 12:51:26.000000000 -0500
@@ -30,7 +30,7 @@
host \- DNS lookup utility
.SH "SYNOPSIS"
.HP 5
-\fBhost\fR [\fB\-aCdlnrTwv\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-N\ \fR\fB\fIndots\fR\fR] [\fB\-R\ \fR\fB\fInumber\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-W\ \fR\fB\fIwait\fR\fR] [\fB\-4\fR] [\fB\-6\fR] {name} [server]
+\fBhost\fR [\fB\-aCdlnrTwv\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-N\ \fR\fB\fIndots\fR\fR] [\fB\-R\ \fR\fB\fInumber\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-W\ \fR\fB\fIwait\fR\fR] [\fB\-4\fR] [\fB\-6\fR] [ \fB\-s\fR ] {name} [server]
.SH "DESCRIPTION"
.PP
\fBhost\fR
@@ -176,6 +176,11 @@
option is used,
\fBhost\fR
will effectively wait forever for a reply. The time to wait for a response will be set to the number of seconds given by the hardware's maximum value for an integer quantity.
+.PP
+The \fB-s\fR option tells \fBhost\fR NOT to send the query to the next nameserver if any
+server responds with a SERVFAIL response, which is the reverse of normal stub resolver
+behaviour.
+.PP
.SH "FILES"
.PP
\fI/etc/resolv.conf\fR
--- bind-9.3.2b2/bin/dig/nslookup.c.no_servfail_stops 2005-07-12 01:47:42.000000000 -0400
+++ bind-9.3.2b2/bin/dig/nslookup.c 2005-11-15 12:49:55.000000000 -0500
@@ -50,7 +50,8 @@
comments = ISC_TRUE, section_question = ISC_TRUE,
section_answer = ISC_TRUE, section_authority = ISC_TRUE,
section_additional = ISC_TRUE, recurse = ISC_TRUE,
- aaonly = ISC_FALSE;
+ aaonly = ISC_FALSE, nofail=ISC_TRUE;
+
static isc_boolean_t in_use = ISC_FALSE;
static char defclass[MXRD] = "IN";
static char deftype[MXRD] = "A";
@@ -631,6 +632,10 @@
usesearch = ISC_FALSE;
} else if (strncasecmp(opt, "sil", 3) == 0) {
/* deprecation_msg = ISC_FALSE; */
+ } else if (strncasecmp(opt, "fail", 3) == 0) {
+ nofail=ISC_FALSE;
+ } else if (strncasecmp(opt, "nofail", 3) == 0) {
+ nofail=ISC_TRUE;
} else {
printf("*** Invalid option: %s\n", opt);
}
@@ -689,6 +694,8 @@
lookup->section_authority = section_authority;
lookup->section_additional = section_additional;
lookup->new_search = ISC_TRUE;
+ if ( nofail )
+ lookup->servfail_stops = ISC_FALSE;
ISC_LIST_INIT(lookup->q);
ISC_LINK_INIT(lookup, link);
ISC_LIST_APPEND(lookup_list, lookup, link);
--- bind-9.3.2b2/bin/dig/nslookup.1.no_servfail_stops 2005-10-12 22:33:43.000000000 -0400
+++ bind-9.3.2b2/bin/dig/nslookup.1 2005-11-15 12:49:55.000000000 -0500
@@ -166,6 +166,12 @@
Always use a virtual circuit when sending requests to the server.
.sp
(Default = novc)
+.TP
+\fB[no]fail\R
+Try the next nameserver if a nameserver responds with SERVFAIL or
+a referral (nofail) or terminate query (fail) on such a response.
+
+(Default = nofail)
.RE
.IP
.SH "FILES"
--- bind-9.3.2b2/bin/dig/host.c.no_servfail_stops 2005-07-03 23:29:45.000000000 -0400
+++ bind-9.3.2b2/bin/dig/host.c 2005-11-15 12:49:55.000000000 -0500
@@ -128,7 +128,8 @@
" -w specifies to wait forever for a reply\n"
" -W specifies how long to wait for a reply\n"
" -4 use IPv4 query transport only\n"
-" -6 use IPv6 query transport only\n", stderr);
+" -6 use IPv6 query transport only\n"
+" -s a SERVFAIL response should stop query\n", stderr);
exit(1);
}
@@ -538,7 +539,10 @@
lookup = make_empty_lookup();
- while ((c = isc_commandline_parse(argc, argv, "lvwrdt:c:aTCN:R:W:Dni46"))
+ lookup->servfail_stops = ISC_FALSE;
+ lookup->comments = ISC_FALSE;
+
+ while ((c = isc_commandline_parse(argc, argv, "lvwrdt:c:aTCN:R:W:Dni46s"))
!= EOF) {
switch (c) {
case 'l':
@@ -676,6 +680,9 @@
} else
fatal("can't find IPv6 networking");
break;
+ case 's':
+ lookup->servfail_stops = ISC_TRUE;
+ break;
}
}