[CVE-2019-6477] No quota on the number of queries on a single TCP connection/DoS possibility
Related/discovered: https://support.isc.org/Ticket/Display.html?id=15332
With pipelining enabled each incoming query on a TCP connection causes creation of a ns_client_t object. Number of outstanding queries is not guarded by any quota, and I was able to hit 30000 clients created on my laptop - causing allocation of 2.5G of memory. Then, cleaning up those clients causes a huge load on the server as it's unable to handle any other queries. This leads to a -very- simple DoS.
This behaviour was introduced when we fixed tcp-clients quota, v9_11@724ad961dfb740ec04af14ad448002d6ee9a3067 works properly.