From: Ondřej Surý <ondrej@isc.org>
Date: Mon, 4 May 2026 12:58:42 +0000 (+0200)
Subject: fix: usr: Prevent crafted queries from degrading RRL performance
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cf18479882818bd2c2accb15f9da94f69cdedf61;p=thirdparty%2Fbind9.git

fix: usr: Prevent crafted queries from degrading RRL performance

With response rate limiting enabled, an attacker sending queries from many
spoofed source addresses could steer entries into the same slot of the
internal rate-limit table and slow down query processing on the affected
server. The table now uses a per-process keyed hash so the placement of
entries cannot be predicted or influenced from the network.

Closes #5906

Merge branch '5906-rrl-hash-collision-dos' into 'main'

See merge request isc-projects/bind9!11950
---

cf18479882818bd2c2accb15f9da94f69cdedf61