git.ipfire.org Git - thirdparty/bind9.git/commit

]> git.ipfire.org Git - thirdparty/bind9.git/commit

projects / thirdparty / bind9.git / commit

author	Ondřej Surý <ondrej@isc.org>
	Tue, 19 May 2026 13:00:39 +0000 (15:00 +0200)
committer	Ondřej Surý <ondrej@isc.org>
	Tue, 19 May 2026 13:00:39 +0000 (15:00 +0200)
commit	78ececa6bd21fac7d327fd3801e76d567b6d9f2b
tree	2b14524ddf6a38ab920c4b1504260fa8401b7ab6	tree \| snapshot
parent	3b45b43600cde2712cdfa9b72d7384c5f5d2a3a5	commit \| diff
parent	c28ba9c3c6f4274a3626cd300a2590a1593ab2f6	commit \| diff

fix: usr: Reject RRSIG records covering meta-types

A recursive resolver could accept and cache an RRSIG record whose
Type-Covered field names a meta-type (ANY, AXFR, IXFR, MAILA, MAILB),
even though no real RRset of those types ever exists. Such records
are now rejected by the DNS message parser.

Closes #6002

Merge branch '6002-reject-rrsig-covering-meta-types' into 'main'

See merge request isc-projects/bind9!12048

Mirror of https://gitlab.isc.org/isc-projects/bind9.git

RSS Atom