fix: usr: Prevent crafted queries from degrading RRL performance

With response rate limiting enabled, an attacker sending queries from many
spoofed source addresses could steer entries into the same slot of the
internal rate-limit table and slow down query processing on the affected
server. The table now uses a per-process keyed hash so the placement of
entries cannot be predicted or influenced from the network.

Closes #5906

Merge branch '5906-rrl-hash-collision-dos' into 'main'

See merge request isc-projects/bind9!11950

lib/dns/rrl.c

@@ -22,6 +22,7 @@
 #include <inttypes.h>
 #include <stdbool.h>
 
+#include <isc/hash.h>
 #include <isc/log.h>
 #include <isc/mem.h>
 #include <isc/net.h>
@@ -372,14 +373,12 @@ key_cmp(const dns_rrl_key_t *a, const dns_rrl_key_t *b) {
 
 static uint32_t
 hash_key(const dns_rrl_key_t *key) {
-	uint32_t hval;
-	int i;
-
-	hval = key->w[0];
-	for (i = sizeof(key->w) / sizeof(key->w[0]) - 1; i >= 0; --i) {
-		hval = key->w[i] + (hval << 1);
-	}
-	return hval;
+	/*
+	 * The key includes attacker-controlled bits (client /24, qname
+	 * hash, qtype). Use the keyed, per-process-randomised hash so
+	 * collisions cannot be engineered to overload one bucket chain.
+	 */
+	return isc_hash32(key, sizeof(*key), true);
 }
 
 /*