File bind-CVE-2021-25219.patch of Package bind.21682

Overview Repositories Revisions Requests Users Attributes Meta

File bind-CVE-2021-25219.patch of Package bind.21682

Index: bind-9.16.6/bin/named/config.c
===================================================================
--- bind-9.16.6.orig/bin/named/config.c
+++ bind-9.16.6/bin/named/config.c
@@ -159,7 +159,7 @@ options {\n\
 	fetches-per-server 0;\n\
 	fetches-per-zone 0;\n\
 	glue-cache yes;\n\
-	lame-ttl 600;\n"
+	lame-ttl 0;\n"
 #ifdef HAVE_LMDB
 			    "	lmdb-mapsize 32M;\n"
 #endif /* ifdef HAVE_LMDB */
Index: bind-9.16.6/bin/named/server.c
===================================================================
--- bind-9.16.6.orig/bin/named/server.c
+++ bind-9.16.6/bin/named/server.c
@@ -4650,8 +4650,11 @@ configure_view(dns_view_t *view, dns_vie
 	result = named_config_get(maps, "lame-ttl", &obj);
 	INSIST(result == ISC_R_SUCCESS);
 	lame_ttl = cfg_obj_asduration(obj);
-	if (lame_ttl > 1800) {
-		lame_ttl = 1800;
+	if (lame_ttl > 0) {
+		cfg_obj_log(obj, named_g_lctx, ISC_LOG_WARNING,
+			    "disabling lame cache despite lame-ttl > 0 as it "
+			    "may cause performance issues");
+		lame_ttl = 0;
 	}
 	dns_resolver_setlamettl(view->resolver, lame_ttl);
 
Index: bind-9.16.6/lib/dns/resolver.c
===================================================================
--- bind-9.16.6.orig/lib/dns/resolver.c
+++ bind-9.16.6/lib/dns/resolver.c
@@ -9952,24 +9952,25 @@ rctx_badserver(respctx_t *rctx, isc_resu
  */
 static isc_result_t
 rctx_lameserver(respctx_t *rctx) {
-	isc_result_t result;
+	isc_result_t result = ISC_R_SUCCESS;
 	fetchctx_t *fctx = rctx->fctx;
 	resquery_t *query = rctx->query;
 
-	if (fctx->res->lame_ttl == 0 || ISFORWARDER(query->addrinfo) ||
-	    !is_lame(fctx)) {
+	if (ISFORWARDER(query->addrinfo) || !is_lame(fctx)) {
 		return (ISC_R_SUCCESS);
 	}
 
 	inc_stats(fctx->res, dns_resstatscounter_lame);
 	log_lame(fctx, query->addrinfo);
-	result = dns_adb_marklame(fctx->adb, query->addrinfo, &fctx->name,
-				  fctx->type, rctx->now + fctx->res->lame_ttl);
-	if (result != ISC_R_SUCCESS) {
-		isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
-			      DNS_LOGMODULE_RESOLVER, ISC_LOG_ERROR,
-			      "could not mark server as lame: %s",
-			      isc_result_totext(result));
+	if (fctx->res->lame_ttl != 0) {
+		result = dns_adb_marklame(fctx->adb, query->addrinfo, &fctx->name,
+					  fctx->type, rctx->now + fctx->res->lame_ttl);
+		if (result != ISC_R_SUCCESS) {
+			isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
+				      DNS_LOGMODULE_RESOLVER, ISC_LOG_ERROR,
+				      "could not mark server as lame: %s",
+				      isc_result_totext(result));
+		}
 	}
 	rctx->broken_server = DNS_R_LAME;
 	rctx->next_server = true;

Places

File bind-CVE-2021-25219.patch of Package bind.21682

Places