git.ipfire.org Git - thirdparty/bind9.git/commit

]> git.ipfire.org Git - thirdparty/bind9.git/commit

projects / thirdparty / bind9.git / commit

author	Ondřej Surý <ondrej@sury.org>
	Fri, 24 Sep 2021 07:35:11 +0000 (09:35 +0200)
committer	Michał Kępień <michal@isc.org>
	Thu, 28 Oct 2021 10:44:12 +0000 (12:44 +0200)
commit	1f8570671195b910c9ac60e54e4491fef529fa8f
tree	e2afa14c9e98e5fccc2beedcd37eff96143a3e39	tree \| snapshot
parent	3f9d7859d76bceee66991a55c1d3419607d71cd3	commit \| diff

Disable lame-ttl cache

The lame-ttl cache is implemented in ADB as per-server locked
linked-list "indexed" with <qname,qtype>. This list has to be walked
every time there's a new query or new record added into the lame cache.
Determined attacker can use this to degrade performance of the resolver.

Resolver testing has shown that disabling the lame cache has little
impact on the resolver performance and it's a minimal viable defense
against this kind of attack.

bin/named/config.c		diff \| blob \| blame \| history
bin/named/server.c		diff \| blob \| blame \| history
doc/arm/Bv9ARM-book.xml		diff \| blob \| blame \| history

Mirror of https://gitlab.isc.org/isc-projects/bind9.git

RSS Atom