From: Ondřej Surý <ondrej@isc.org>
Date: Tue, 5 May 2026 05:07:40 +0000 (+0200)
Subject: [9.18] fix: usr: Prevent crafted queries from degrading RRL performance
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e81855244dde2e62a45c3715ded4a791c492b021;p=thirdparty%2Fbind9.git

[9.18] fix: usr: Prevent crafted queries from degrading RRL performance

With response rate limiting enabled, an attacker sending queries from many
spoofed source addresses could steer entries into the same slot of the
internal rate-limit table and slow down query processing on the affected
server. The table now uses a per-process keyed hash so the placement of
entries cannot be predicted or influenced from the network.

Closes #5906

Backport of MR !11950

Merge branch 'backport-5906-rrl-hash-collision-dos-9.18' into 'bind-9.18'

See merge request isc-projects/bind9!11953
---

e81855244dde2e62a45c3715ded4a791c492b021