rpm/bind
SHA256
1
0
Fork 0
forked from pool/bind
Code Pull Requests Activity
0394b453e3
bind/bind-CVE-2021-25219.patch

74 lines
2.5 KiB
Diff
Raw Blame History

diff --git a/bin/named/config.c b/bin/named/config.c
index 213c45cb33..0b28c8db7a 100644
--- a/bin/named/config.c
+++ b/bin/named/config.c
@@ -164,7 +164,7 @@ options {\n\
fetches-per-server 0;\n\
fetches-per-zone 0;\n\
glue-cache yes;\n\
- lame-ttl 600;\n"
+ lame-ttl 0;\n"
#ifdef HAVE_LMDB
" lmdb-mapsize 32M;\n"
#endif /* ifdef HAVE_LMDB */
diff --git a/bin/named/server.c b/bin/named/server.c
index ff04689685..0f001ba303 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -4840,8 +4840,11 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config,
result = named_config_get(maps, "lame-ttl", &obj);
INSIST(result == ISC_R_SUCCESS);
lame_ttl = cfg_obj_asduration(obj);
- if (lame_ttl > 1800) {
- lame_ttl = 1800;
+ if (lame_ttl > 0) {
+ cfg_obj_log(obj, named_g_lctx, ISC_LOG_WARNING,
+ "disabling lame cache despite lame-ttl > 0 as it "
+ "may cause performance issues");
+ lame_ttl = 0;
}
dns_resolver_setlamettl(view->resolver, lame_ttl);
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 0358241d95..40c416dcf1 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -10122,25 +10122,26 @@ rctx_badserver(respctx_t *rctx, isc_result_t result) {
*/
static isc_result_t
rctx_lameserver(respctx_t *rctx) {
- isc_result_t result;
+ isc_result_t result = ISC_R_SUCCESS;
fetchctx_t *fctx = rctx->fctx;
resquery_t *query = rctx->query;
- if (fctx->res->lame_ttl == 0 || ISFORWARDER(query->addrinfo) ||
- !is_lame(fctx, query->rmessage))
- {
+ if (ISFORWARDER(query->addrinfo) || !is_lame(fctx, query->rmessage)) {
return (ISC_R_SUCCESS);
}
inc_stats(fctx->res, dns_resstatscounter_lame);
log_lame(fctx, query->addrinfo);
- result = dns_adb_marklame(fctx->adb, query->addrinfo, &fctx->name,
- fctx->type, rctx->now + fctx->res->lame_ttl);
- if (result != ISC_R_SUCCESS) {
- isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
- DNS_LOGMODULE_RESOLVER, ISC_LOG_ERROR,
- "could not mark server as lame: %s",
- isc_result_totext(result));
+ if (fctx->res->lame_ttl != 0) {
+ result = dns_adb_marklame(fctx->adb, query->addrinfo,
+ &fctx->name, fctx->type,
+ rctx->now + fctx->res->lame_ttl);
+ if (result != ISC_R_SUCCESS) {
+ isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
+ DNS_LOGMODULE_RESOLVER, ISC_LOG_ERROR,
+ "could not mark server as lame: %s",
+ isc_result_totext(result));
+ }
}
rctx->broken_server = DNS_R_LAME;
rctx->next_server = true;
View Git Blame Copy Permalink