]> git.ipfire.org Git - thirdparty/bind9.git/commit
projects / thirdparty / bind9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e4c96c4) | patch
Tighten restrictions on caching NS RRsets in authority section
authorEvan Hunt <each@isc.org>
Tue, 30 Sep 2025 04:46:59 +0000 (21:46 -0700)
committerMichał Kępień <michal@isc.org>
Fri, 3 Oct 2025 13:50:34 +0000 (15:50 +0200)
commit2f0f44d493c382a7f0a3adfe7c4976b18a3d480b
tree3c900a4a6a335cccae5e34494dbaf7e4f9407d7btree | snapshot
parente4c96c4975d50f02b9d8f0c034c893f5dfd234b6commit | diff
Tighten restrictions on caching NS RRsets in authority section

To prevent certain spoofing attacks, a new check has been added
to the existing rules for whether NS data can be cached: the owner
name of the NS RRset must be an ancestor of the name being queried.

(cherry picked from commit fa153f791f9324bf84abf8d259e11c0531fe6e25)
lib/dns/resolver.c diff | blob | blame | history
Mirror of https://gitlab.isc.org/isc-projects/bind9.git