ADB responses were not being validated, allowing spoofed responses to be accepted and used for further lookups. This should not be possible when the servers for the zone are in a signed zone, except with CD=1 requests or when glue is needed. This has been fixed.
Closes #5066
Merge branch '5066-validate-adb-fetches' into 'main'
projects / thirdparty / bind9.git / commitdiff
