• Ondřej Surý's avatar
    Disable lame-ttl cache · 8fe18c05
    Ondřej Surý authored and Michał Kępień's avatar Michał Kępień committed
    The lame-ttl cache is implemented in ADB as per-server locked
    linked-list "indexed" with <qname,qtype>.  This list has to be walked
    every time there's a new query or new record added into the lame cache.
    Determined attacker can use this to degrade performance of the resolver.
    Resolver testing has shown that disabling the lame cache has little
    impact on the resolver performance and it's a minimal viable defense
    against this kind of attack.
reference.rst 300 KB