mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-03-21 18:41:38 +00:00
45924eb90b
To send UDP DNS queries to upstream DNS servers, we have a `UdpSocket::handshake` function that turns a UDP socket into a single-use object where exactly one datagram is expected from the address we send a message to. The way this is enforced is via an equality check. It appears that this equality check fails if users run an upstream DNS server on a link-local IPv6 address within a setup that utilises IPv6 scopes. At the time when we receive the response, the packet has already been successfully routed back to us so we should accept it, even if we didn't specify a scope as the destination address.