]> git.ipfire.org Git - thirdparty/bind9.git/commit
projects / thirdparty / bind9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2650ff1) | patch
Fixed rebinding protection bug when using forwarder setups
authorDiego Fronza <diego@isc.org>
Thu, 13 Feb 2020 23:17:13 +0000 (20:17 -0300)
committerOndřej Surý <ondrej@isc.org>
Wed, 8 Apr 2020 07:00:16 +0000 (09:00 +0200)
commit6da142ff7f8d48e9c4adbe80f92f63668277bfef
tree88a439e3beddacfebbfdc9a477dd45c76dcd34abtree | snapshot
parent2650ff19c72ac7e75c71e6d52e0bb068ada9447ecommit | diff
Fixed rebinding protection bug when using forwarder setups

BIND wasn't honoring option "deny-answer-aliases" when configured to
forward queries.

Before the fix it was possible for nameservers listed in "forwarders"
option to return CNAME answers pointing to unrelated domains of the
original query, which could be used as a vector for rebinding attacks.

The fix ensures that BIND apply filters even if configured as a forwarder
instance.
lib/dns/resolver.c diff | blob | blame | history
Mirror of https://gitlab.isc.org/isc-projects/bind9.git