upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-27 03:46:03 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
bind9/lib/isc
History
Ondřej Surý 38dd0e0ccc Switch UDP fetches to TCP on the first response with a wrong query id 
Until now, the dispatcher silently dropped UDP responses from the
expected peer that carried the wrong DNS message id and kept listening
for the correct id to arrive within the read timeout.  An off-path
attacker who knows the destination address and source port of an
outgoing fetch could exploit that quiet retry window to flood the
resolver with guessed responses; with a gigabit link the per-query
success probability grows linearly with the number of guesses that
arrive before the legitimate answer or the timeout.

Treat any such mismatch as a possible spoofing attempt and let the
resolver immediately retry the same query over TCP, the same control
path the truncation handler already uses.

Add a resolver statistics counter - exposed as 'queries retried over TCP
after a response with mismatched query id' in rndc stats and
'MismatchTCP' in the statistics channel

Assisted-by: Claude:claude-opus-4-7
(cherry picked from commit 11bca1051f)
2026-05-15 08:49:19 +02:00
..
include Switch UDP fetches to TCP on the first response with a wrong query id 2026-05-15 08:49:19 +02:00
netmgr Fix isc_buffer_init capacity mismatch in DoH data chunk callback 2026-03-18 10:39:38 +00:00
.gitignore Add support for User Statically Defined Tracing (USDT) probes 2023-08-21 18:39:53 +02:00
ascii.c Consolidate some ASCII tables in isc/ascii and isc/hex 2022-09-12 12:18:57 +01:00
assertions.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
async.c Cleanup the __tsan_acquire/__tsan_release 2023-07-28 08:59:08 +02:00
async_p.h Change the isc_async API to use cds_wfcqueue internally 2023-05-12 14:16:25 +02:00
backtrace.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
base32.c standardize CHECK and RETERR macros 2025-12-03 19:17:20 -08:00
base64.c Add enum for use with isc_base64_tobuffer and isc_hex_tobuffer 2026-01-28 08:02:00 +11:00
commandline.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
condition.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
counter.c Implement global limit for outgoing queries 2024-12-06 06:20:33 +00:00
crc64.c Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
dir.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
errno.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
errno2result.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
errno2result.h Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
error.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
file.c Use const pointer with strchr of const pointer 2026-01-20 06:00:50 +00:00
fips.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
getaddresses.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
hash.c Use arc4random for CSPRNG when available 2025-10-02 13:49:33 +02:00
hashmap.c Use arc4random for CSPRNG when available 2025-10-02 13:49:33 +02:00
heap.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
helper.c Add isc_helper API that adds 1:1 thread for each loop 2024-09-12 14:39:07 +00:00
hex.c Add enum for use with isc_base64_tobuffer and isc_hex_tobuffer 2026-01-28 08:02:00 +11:00
histo.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
hmac.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
ht.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
httpd.c Clear errno before calling strtol 2026-03-17 00:28:07 +00:00
interfaceiter.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
iterated_hash.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
jemalloc_shim.h Provide more information when the memory allocation fails 2025-11-28 16:45:08 +01:00
job.c Add tracing probes to the isc_job unit 2023-08-21 18:39:53 +02:00
job_p.h Use proper padding instead of using alignas() 2024-02-08 10:54:35 +01:00
lex.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
lib.c Implement incremental version of isc_hash32 and isc_hash64 2023-09-12 16:17:06 +02:00
log.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
loop.c mark loop as shuttingdown earlier in shutdown_cb 2024-12-10 19:52:13 +00:00
loop_p.h Add isc_helper API that adds 1:1 thread for each loop 2024-09-12 14:39:07 +00:00
Makefile.am Use arc4random for CSPRNG when available 2025-10-02 13:49:33 +02:00
managers.c Set name for all the isc_mem context 2025-05-29 05:45:12 +02:00
md.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
mem.c Provide more information when the memory allocation fails 2025-11-28 16:45:08 +01:00
mem_p.h Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
meminfo.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
mutex.c Fix PTHREAD_MUTEX_ADAPTIVE_NP and PTHREAD_MUTEX_ERRORCHECK_NP usage 2024-08-05 09:13:07 +00:00
mutex_p.h Use library constructor to create default mutex attr once 2022-07-13 13:19:32 +02:00
mutexblock.c Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
net.c Rename isc_net_getudpportrange() to isc_net_getportrange() 2026-02-20 17:02:45 +01:00
netaddr.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
netscope.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
openssl_shim.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
openssl_shim.h Remove unused <openssl/{hmac,engine}.h> headers from OpenSSL shims 2024-10-16 04:39:43 +00:00
os.c Implement IP_LOCAL_PORT_RANGE socket option for Linux 2026-02-20 17:02:45 +01:00
os_p.h Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
parseint.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
picohttpparser.c Add and apply InsertBraces statement 2025-08-19 08:07:41 +02:00
picohttpparser.h Update picohttpparser.{c,h} with upstream repository 2024-12-08 12:30:07 +00:00
portset.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
probes.d Add tracing probes to the isc_job unit 2023-08-21 18:39:53 +02:00
proxy2.c Use clang-format-20 to update formatting 2025-06-25 13:32:08 +10:00
quota.c Fix isc_quota bug 2025-02-20 12:20:25 +00:00
radix.c Fix INSIST copy-paste error checking RADIX_V4 instead of RADIX_V6 2026-03-30 19:01:29 +02:00
random.c Drop the unit test for testing randomness 2025-11-04 20:51:22 +01:00
ratelimiter.c Dispatch ratelimiter events under the lock 2026-04-30 10:53:49 +02:00
regex.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
region.c Incrementally apply AXFR transfer 2024-11-26 07:17:06 +00:00
result.c Switch UDP fetches to TCP on the first response with a wrong query id 2026-05-15 08:49:19 +02:00
rwlock.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
safe.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
serial.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
signal.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
sockaddr.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
stats.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
stdio.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
stdtime.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
string.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
symtab.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
syslog.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
tests Move all the unit tests to /tests/<libname>/ 2022-05-28 14:53:02 -07:00
thread.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
tid.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
time.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
timer.c Add isc_timer_running() function to check status of timer 2025-02-21 22:27:25 +01:00
tls.c Remove OpenSSL memory tracking support from the tls.c module 2026-05-06 13:57:52 +00:00
tm.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
url.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
utf8.c Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
uv.c ensure file descriptors 0-2 are in use before using libuv 2025-08-28 08:57:12 +00:00
work.c Enforce isc_work enqueue loop affinity 2026-03-14 07:52:56 +01:00
xml.c Disable own memory context for libxml2 on macOS 15.4 Sequoia 2025-04-18 21:00:52 +02:00