[Git][hardenedbsd/HardenedBSD][hardened/current/cross-dso-cfi] 4 commits: resolver.5: document six previously undocumented options

[HardenedBSD Services (@hardenedbsd-services)]

HardenedBSD Services pushed to branch hardened/current/cross-dso-cfi at HardenedBSD / HardenedBSD


Commits:
462a1f61 by Christos Longros at 2026-03-15T16:17:08+01:00
resolver.5: document six previously undocumented options

Document the edns0, inet6, insecure1, insecure2, no-check-names,
and rotate options which are parsed by res_init(3) but were not
described in the resolver(5) man page.

MFC after: 1 week
Signed-off-by: Christos Longros <chris....@gmail.com>
Reviewed by: des
Differential Revision: https://reviews.freebsd.org/D55864

- - - - -
356415aa by Dag-Erling Smørgrav at 2026-03-15T18:36:27+01:00
Unbreak LINT after ZFS import

Fixes: 8a62a2a5659d ("zfs: merge openzfs/zfs@f8e5af53e")

- - - - -
7ce8c7f3 by HardenedBSD Sync Services at 2026-03-15T12:01:44-06:00
Merge branch 'freebsd/current/main' into hardened/current/master

- - - - -
f119e681 by HardenedBSD Sync Services at 2026-03-15T12:02:06-06:00
Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi

- - - - -


2 changed files:

- share/man/man5/resolver.5
- sys/conf/files


Changes:

=====================================
share/man/man5/resolver.5
=====================================
@@ -25,7 +25,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd November 23, 2022
+.Dd March 15, 2026
.Dt RESOLVER 5
.Os
.Sh NAME
@@ -170,6 +170,38 @@ the allowed maximum is
.Dv RES_MAXRETRY
(see
.In resolv.h ) .
+.It Sy edns0
+Sets
+.Dv RES_USE_EDNS0 .
+Attach an OPT pseudo-RR for the EDNS0 extension,
+as specified in RFC 2671.
+This allows the resolver to advertise a larger UDP receive buffer size,
+permitting responses larger than the original 512-byte limit.
+.It Sy inet6
+Sets
+.Dv RES_USE_INET6 .
+Causes
+.Xr gethostbyname 3
+to look up AAAA records before A records
+and to map IPv4 responses into IPv6 addresses.
+The use of this option is discouraged.
+.It Sy insecure1
+Sets
+.Dv RES_INSECURE1 .
+Disables the check that the response was received from the
+same server to which the query was sent.
+Use of this option is a security risk and is not recommended.
+.It Sy insecure2
+Sets
+.Dv RES_INSECURE2 .
+Disables the check that the response contains a query
+matching the one that was sent.
+Use of this option is a security risk and is not recommended.
+.It Sy no-check-names
+Sets
+.Dv RES_NOCHECKNAME .
+Disables the check of incoming host names for invalid characters
+such as underscore, non-ASCII, or control characters.
.It Sy no_tld_query
tells the resolver not to attempt to resolve a top level domain name, that
is, a name that contains no dots.
@@ -179,6 +211,12 @@ the resolver from obeying the standard
and
.Sy search
rules with the given name.
+.It Sy rotate
+Sets
+.Dv RES_ROTATE .
+Causes the resolver to round-robin among the configured name servers,
+distributing the query load instead of always trying the first
+listed server.
.It Sy reload-period : Ns Ar n
The resolver checks the modification time of
.Pa /etc/resolv.conf


=====================================
sys/conf/files
=====================================
@@ -742,6 +742,7 @@ dev/acpi_support/acpi_ibm.c optional acpi_ibm acpi
dev/acpi_support/acpi_panasonic.c optional acpi_panasonic acpi
dev/acpi_support/acpi_sbl_wmi.c optional acpi_sbl_wmi acpi
dev/acpi_support/acpi_sony.c optional acpi_sony acpi
+dev/acpi_support/acpi_system76.c optional acpi_system76 acpi
dev/acpi_support/acpi_toshiba.c optional acpi_toshiba acpi
dev/acpi_support/atk0110.c optional aibs acpi
dev/acpica/Osd/OsdDebug.c optional acpi
@@ -1850,6 +1851,7 @@ dev/iicbus/rtc/ds1307.c optional ds1307
dev/iicbus/rtc/ds13rtc.c optional ds13rtc | ds133x | ds1374
dev/iicbus/rtc/ds1672.c optional ds1672
dev/iicbus/rtc/ds3231.c optional ds3231
+dev/iicbus/rtc/hym8563.c optional hym8563 iicbus fdt
dev/iicbus/rtc/isl12xx.c optional isl12xx
dev/iicbus/rtc/nxprtc.c optional nxprtc | pcf8563
dev/iicbus/rtc/pcf85063.c optional pcf85063 iicbus fdt
@@ -3575,6 +3577,7 @@ dev/xdma/xdma_mbuf.c optional xdma
dev/xdma/xdma_queue.c optional xdma
dev/xdma/xdma_sg.c optional xdma
dev/xdma/xdma_sglist.c optional xdma
+dev/xen/acpi/xen-acpi.c optional xenhvm
dev/xen/balloon/balloon.c optional xenhvm
dev/xen/blkfront/blkfront.c optional xenhvm
dev/xen/blkback/blkback.c optional xenhvm



View it on GitLab: https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/compare/e6b77c1104f17cbc92d8ff10951404ceb6cf7903...f119e681f05153e6d99be1d3130a74810c37af9a

--
View it on GitLab: https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/compare/e6b77c1104f17cbc92d8ff10951404ceb6cf7903...f119e681f05153e6d99be1d3130a74810c37af9a
You're receiving this email because of your account on git.hardenedbsd.org.