]> git.ipfire.org Git - thirdparty/bind9.git/commit
projects / thirdparty / bind9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4d81036) | patch
Tighten restrictions on caching NS RRsets in authority section
authorEvan Hunt <each@isc.org>
Tue, 30 Sep 2025 05:17:39 +0000 (22:17 -0700)
committerMichał Kępień <michal@isc.org>
Fri, 3 Oct 2025 15:50:07 +0000 (17:50 +0200)
commit41ab0709d1bde6fb8a2dde623d00e69bc48fab0d
tree1d4ca5960568d8552e749756b16f48f0cb861f66tree | snapshot
parent4d81036c510c0babe187f11e9e3566adc8e69edccommit | diff
Tighten restrictions on caching NS RRsets in authority section

To prevent certain spoofing attacks, a new check has been added
to the existing rules for whether NS data can be cached: the owner
name of the NS RRset must be an ancestor of the name being queried.

(cherry picked from commit fa153f791f9324bf84abf8d259e11c0531fe6e25)
lib/dns/resolver.c diff | blob | blame | history
Mirror of https://gitlab.isc.org/isc-projects/bind9.git