mirror of
https://github.com/isc-projects/bind9.git
synced 2026-05-23 10:37:43 -04:00
c32de7df95
Three variants of YWH-PGM40640-56: Stale/Wrong DNS Data Served via CNAME Flag Leak (DNS_DBFIND_STALEOK persistence) are presented in GitLab issue #5751. All these variants have been converted to system tests. Variant 1 forwards source.stale to another server, that provides a CNAME record, while the resolver is authoritative for target.stale. The CNAME points to a non-existing name. A stale CNAME record should result in a stale NXDOMAIN (instead of SERVFAIL). Variant 2 forwards both source.stale and target.stale to other servers. This time the CNAME points to an A RRset. If the source.stale server is not available (and stale-answer-client-timeout is off), the cached CNAME should be followed and pick up the fresh RRset (instead of the stale A RRset). Variant 3 is similar to variant 2, but this time the CNAME points to a non-existing name again. After flushing the target, BIND should return a stale NXDOMAIN (instead of SERVFAIL). |
||
|---|---|---|
| .. | ||
| check | ||
| confgen | ||
| delv | ||
| dig | ||
| dnssec | ||
| include | ||
| named | ||
| nsupdate | ||
| plugins | ||
| rndc | ||
| tests | ||
| tools | ||
| meson.build | ||