-
The lame-ttl cache is implemented in ADB as per-server locked linked-list "indexed" with <qname,qtype>. This list has to be walked every time there's a new query or new record added into the lame cache. Determined attacker can use this to degrade performance of the resolver. Resolver testing has shown that disabling the lame cache has little impact on the resolver performance and it's a minimal viable defense against this kind of attack.
8fe18c05