From ed721afa7c76fee4822f4c9d79ec5d204448af4b Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Thu, 29 Aug 2024 13:15:29 +1000 Subject: [PATCH] Disable ZONEVERSION for built-in chaos and empty zones --- bin/named/config.c | 1 + bin/named/server.c | 1 + 2 files changed, 2 insertions(+) diff --git a/bin/named/config.c b/bin/named/config.c index ade302bd74..c3bc87b0ab 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -262,6 +262,7 @@ view \"_bind\" chaos {\n\ notify no;\n\ allow-new-zones no;\n\ max-cache-size 2M;\n\ + provide-zoneversion no;\n\ \n\ # Prevent use of this zone in DNS amplified reflection DoS attacks\n\ rate-limit {\n\ diff --git a/bin/named/server.c b/bin/named/server.c index d271c153cf..f57a727654 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -3253,6 +3253,7 @@ create_empty_zone(dns_zone_t *pzone, dns_name_t *name, dns_view_t *view, dns_zone_setoption(zone, ~DNS_ZONEOPT_NOCHECKNS, false); dns_zone_setoption(zone, DNS_ZONEOPT_NOCHECKNS, true); + dns_zone_setoption(zone, DNS_ZONEOPT_ZONEVERSION, false); dns_zone_setcheckdstype(zone, dns_checkdstype_no); dns_zone_setnotifytype(zone, dns_notifytype_no); dns_zone_setautomatic(zone, true);