git.ipfire.org Git - thirdparty/bind9.git/commit

]> git.ipfire.org Git - thirdparty/bind9.git/commit

projects / thirdparty / bind9.git / commit

author	Mark Andrews <marka@isc.org>
	Fri, 17 Jan 2025 08:32:28 +0000 (19:32 +1100)
committer	Mark Andrews <marka@isc.org>
	Mon, 3 Feb 2025 00:24:34 +0000 (00:24 +0000)
commit	ea9d7080cd4606d652414eaad7fbb331306c7862
tree	aae36e141cb0e7dc74048e0ef32d5adff3eed8a0	tree \| snapshot
parent	282b0ed51408033041cb5bbd83b1ea13dd284975	commit \| diff

Validate address lookups from ADB

The address lookups from ADB were not being validated, allowing
spoofed responses to be accepted and used for other lookups.

Validate the answers except when CD=1 is set in the triggering
request. Separate ADB names looked up with CD=1 from those without
CD=1, to prevent the use of unvalidated answers in the normal lookup
case (CD=0). Set the TTL on unvalidated (pending) responses to
ADB_CACHE_MINIMUM when adding them to the ADB.

lib/dns/adb.c		diff \| blob \| blame \| history
lib/dns/include/dns/adb.h		diff \| blob \| blame \| history
lib/dns/resolver.c		diff \| blob \| blame \| history

Mirror of https://gitlab.isc.org/isc-projects/bind9.git

RSS Atom