]> git.ipfire.org Git - thirdparty/bind9.git/commit
projects / thirdparty / bind9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 34786cb) | patch
Fixed rebinding protection bug when using forwarder setups
authorDiego Fronza <diego@isc.org>
Fri, 14 Feb 2020 20:43:31 +0000 (17:43 -0300)
committerOndřej Surý <ondrej@isc.org>
Wed, 8 Apr 2020 07:21:03 +0000 (09:21 +0200)
commit8beba5ee096dae24608158e294316f045a02ebd1
treed575009332d876684dd2a862a8c7ab5a1ee29714tree | snapshot
parent34786cb997e3b7038fe2382ea751dfe72305e064commit | diff
Fixed rebinding protection bug when using forwarder setups

BIND wasn't honoring option "deny-answer-aliases" when configured to
forward queries.

Before the fix it was possible for nameservers listed in "forwarders"
option to return CNAME answers pointing to unrelated domains of the
original query, which could be used as a vector for rebinding attacks.

The fix ensures that BIND apply filters even if configured as a forwarder
instance.
lib/dns/resolver.c diff | blob | blame | history
Mirror of https://gitlab.isc.org/isc-projects/bind9.git