Ondřej Surý 2924910eee Use cryptographically-secure pseudo-random generator everywhere ... It was discovered in an upcoming academic paper that a xoshiro128** internal state can be recovered by an external 3rd party allowing to predict UDP ports and DNS IDs in the outgoing queries. This could lead to an attacker spoofing the DNS answers with great efficiency and poisoning the DNS cache. Change the internal random generator to system CSPRNG with buffering to avoid excessive syscalls. Thanks Omer Ben Simhon and Amit Klein of Hebrew University of Jerusalem for responsibly reporting this to us. Very cool research! (cherry picked from commit cffcab9d5f)		2025-10-02 13:49:33 +02:00
..
dns	Retry lookups with unsigned DNAME over TCP	2025-10-02 12:58:54 +02:00
isc	Use cryptographically-secure pseudo-random generator everywhere	2025-10-02 13:49:33 +02:00
isccc	Remove redundant parentheses from the return statement	2024-11-19 14:26:52 +01:00
isccfg	Change checkconf to include built-in dnssec-policy	2025-09-29 15:13:26 +02:00
ns	check plugin config before registering	2025-10-01 11:16:11 +02:00
.gitignore	The isc/platform.h header has been completely removed	2021-07-06 05:33:48 +00:00
Makefile.am	Move irs_resconf into libdns and remove libirs	2023-02-24 09:38:59 +00:00