new: usr: Tighten 'max-recursion-queries' and add 'max-query-restarts' option (!9281) · Merge requests · ISC Open Source Projects / BIND

Evan Hunt requested to merge 4741-reclimit-restarts into main Aug 07, 2024

There were cases in resolver.c when the max-recursion-queries quota was ineffective. It was possible to craft zones that would cause a resolver to waste resources by sending excessive queries while attempting to resolve a name. This has been addressed by correcting errors in the implementation of max-recursion-queries, and by reducing the default value from 100 to 32.

In addition, a new max-query-restarts option has been added which limits the number of times a recursive server will follow CNAME or DNAME records before terminating resolution. This was previously a hard-coded limit of 16, and now defaults to 11.

Closes #4741 (closed)

Edited Aug 07, 2024 by Evan Hunt

new: usr: Tighten 'max-recursion-queries' and add 'max-query-restarts' option

Merge request reports