+6401. [security] An excessively large number of rrtypes per owner can
+ slow down database query processing, so a limit has been
+ placed on the number of rrtypes that can be stored per
+ owner (node) in a cache or zone database. This is
+ configured with the new "max-rrtypes-per-name" option,
+ and defaults to 100. (CVE-2024-1737)
+ [GL #3403] [GL #4548]
+
+6400. [security] Excessively large rdatasets can slow down database
+ query processing, so a limit has been placed on the
+ number of records that can be stored per rdataset
+ in a cache or zone database. This is configured
+ with the new "max-records-per-type" option, and
+ defaults to 100. (CVE-2024-1737)
+ [GL #497] [GL #3405]
+
6399. [security] Malicious DNS client that sends many queries over
TCP but never reads responses can cause server to
respond slowly or not respond at all for other
responses can cause server to respond slowly or not respond at all for other
clients. :cve:`2024-0760` :gl:`#4481`
+- Excessively large resource record sets can be crafted to slow down
+ database processing. This has been addressed by adding a configurable
+ limit to the number of records that can be stored per name and type in
+ a cache or zone database. The default is 100, but it can be tuned with
+ the new ``max-records-per-type`` option. :gl:`#497` :gl:`#3405`
+
+ An excessively large number of resource record types for a single owner name can
+ be crafted to slow down database processing. This has been addressed by adding
+ a configurable limit to the number of records that can be stored per name and
+ type in a cache or zone database. The default is 100, and can be tuned with
+ the new ``max-rrtypes-per-name`` option. :cve:`2024-1737` :gl:`#3403`
+
+ ISC would like to thank Toshifumi Sakaguchi who independently discovered
+ and responsibly reported the issue to ISC. :gl:`#4548`
+
New Features
~~~~~~~~~~~~
projects / thirdparty / bind9.git / commitdiff
