git.ipfire.org Git - thirdparty/bind9.git/commit

]> git.ipfire.org Git - thirdparty/bind9.git/commit

projects / thirdparty / bind9.git / commit

author	Ondřej Surý <ondrej@sury.org>
	Fri, 24 Sep 2021 07:35:11 +0000 (09:35 +0200)
committer	Michał Kępień <michal@isc.org>
	Mon, 11 Oct 2021 11:23:25 +0000 (13:23 +0200)
commit	201f887065e34949fc9f72d5d41ae293cd299800
tree	2936e5678f1ceff4b57088a846b9ee3a7fc7b2bd	tree \| snapshot
parent	ab1bef0dfe0ca266890a4452edc5eaffecb4d075	commit \| diff

Disable lame-ttl cache

The lame-ttl cache is implemented in ADB as per-server locked
linked-list "indexed" with <qname,qtype>. This list has to be walked
every time there's a new query or new record added into the lame cache.
Determined attacker can use this to degrade performance of the resolver.

Resolver testing has shown that disabling the lame cache has little
impact on the resolver performance and it's a minimal viable defense
against this kind of attack.

bin/named/config.c		diff \| blob \| blame \| history
bin/named/server.c		diff \| blob \| blame \| history
doc/arm/Bv9ARM-book.xml		diff \| blob \| blame \| history

Mirror of https://gitlab.isc.org/isc-projects/bind9.git

RSS Atom