mirror of
https://github.com/isc-projects/bind9.git
synced 2026-05-23 10:37:43 -04:00
c1ba80169c
Make the maximum number of processed delegation nameservers configurable via the new 'max-delegation-servers' option (default: 13), replacing the hardcoded NS_PROCESSING_LIMIT (20). The default is reduced to 13 to precisely match the maximum number of root servers that can fit into a classic 512-byte UDP payload. This provides a natural, historically sound cap that mitigates resource exhaustion and amplification attacks from artificially inflated or misconfigured delegations. The configuration option is strictly bounded between 1 and 100 to ensure resolver stability. |
||
|---|---|---|
| .. | ||
| ns1 | ||
| ns2 | ||
| ns3 | ||
| ns4 | ||
| tests_nsprocessinglimit.py | ||