[9.20] new: usr: Tighten 'max-recursion-queries' and add 'max-query-restarts' option (!9282) · Merge requests · ISC Open Source Projects / BIND

bind-team-rw-api-rw-repo requested to merge backport-4741-reclimit-restarts-9.20 into bind-9.20 Aug 07, 2024

There were cases in resolver.c when the max-recursion-queries quota was ineffective. It was possible to craft zones that would cause a resolver to waste resources by sending excessive queries while attempting to resolve a name. This has been addressed by correcting errors in the implementation of max-recursion-queries, and by reducing the default value from 100 to 32.

In addition, a new max-query-restarts option has been added which limits the number of times a recursive server will follow CNAME or DNAME records before terminating resolution. This was previously a hard-coded limit of 16, and now defaults to 11.

Closes #4741 (closed)

Backport of MR !9281 (merged)

[9.20] new: usr: Tighten 'max-recursion-queries' and add 'max-query-restarts' option

Merge request reports