git.ipfire.org Git - thirdparty/bind9.git/commit

]> git.ipfire.org Git - thirdparty/bind9.git/commit

projects / thirdparty / bind9.git / commit

author	Ondřej Surý <ondrej@sury.org>
	Fri, 24 Sep 2021 07:35:11 +0000 (09:35 +0200)
committer	Michał Kępień <michal@isc.org>
	Thu, 28 Oct 2021 10:05:58 +0000 (12:05 +0200)
commit	011e9418ce9bb25675de6ac8d47536efedeeb312
tree	51eba624939a9e4ae1e3b59c6f207b2847187fef	tree \| snapshot
parent	02940b71a39a5edf1e849f9f8d9bfca2e56daf8b	commit \| diff

Disable lame-ttl cache

The lame-ttl cache is implemented in ADB as per-server locked
linked-list "indexed" with <qname,qtype>. This list has to be walked
every time there's a new query or new record added into the lame cache.
Determined attacker can use this to degrade performance of the resolver.

Resolver testing has shown that disabling the lame cache has little
impact on the resolver performance and it's a minimal viable defense
against this kind of attack.

bin/named/config.c		diff \| blob \| blame \| history
bin/named/server.c		diff \| blob \| blame \| history
doc/arm/reference.rst		diff \| blob \| blame \| history

Mirror of https://gitlab.isc.org/isc-projects/bind9.git

RSS Atom