]> git.ipfire.org Git - thirdparty/bind9.git/commit
projects / thirdparty / bind9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7f04d71) | patch
Disable recursion for non-IN classes
authorEvan Hunt <each@isc.org>
Tue, 3 Mar 2026 22:00:38 +0000 (14:00 -0800)
committerEvan Hunt <each@isc.org>
Wed, 6 May 2026 04:05:32 +0000 (21:05 -0700)
commite577560f65dbc6109fca8a597d16568a1cd8987c
tree66e33eb4072afe1409e71e4e6b7da810d5f86ed8tree | snapshot
parent7f04d7104304fdc6b858c41bb44ad151b2c3e1b7commit | diff
Disable recursion for non-IN classes

Force recursion off, and set allow-recursion/allow-recursion-on ACLs
to none, for views with a class other than IN. Log a configuration
warning if recursion is explicitly enabled for a non-IN view.

This addresses YWH-PGM40640-74 and YWH-PGM40640-75 by preventing any
attempt at recursive processing in a class-CHAOS view, ensuring that
server addresses used for recursive queries and received in recursive
responses are of the expected format.

Fixes: isc-projects/bind9#5780
Fixes: isc-projects/bind9#5781
(cherry picked from commit 70532a37a1aec761e8a12444852866ce9d9d5fcc)
(cherry picked from commit cf0d5a4e385525e21f2ae39098b1ab90c1137a2a)
bin/named/server.c diff | blob | blame | history
bin/tests/system/checkconf/tests.sh diff | blob | blame | history
bin/tests/system/checkconf/warn-chaos-recursion.conf [new file with mode: 0644] blob
bin/tests/system/resolver/tests.sh diff | blob | blame | history
lib/bind9/check.c diff | blob | blame | history
Mirror of https://gitlab.isc.org/isc-projects/bind9.git