upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-26 19:34:04 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
bind9/lib/isc/include/isc
History
Ondřej Surý 38dd0e0ccc Switch UDP fetches to TCP on the first response with a wrong query id 
Until now, the dispatcher silently dropped UDP responses from the
expected peer that carried the wrong DNS message id and kept listening
for the correct id to arrive within the read timeout.  An off-path
attacker who knows the destination address and source port of an
outgoing fetch could exploit that quiet retry window to flood the
resolver with guessed responses; with a gigabit link the per-query
success probability grows linearly with the number of guesses that
arrive before the legitimate answer or the timeout.

Treat any such mismatch as a possible spoofing attempt and let the
resolver immediately retry the same query over TCP, the same control
path the truncation handler already uses.

Add a resolver statistics counter - exposed as 'queries retried over TCP
after a response with mismatched query id' in rndc stats and
'MismatchTCP' in the statistics channel

Assisted-by: Claude:claude-opus-4-7
(cherry picked from commit 11bca1051f)
2026-05-15 08:49:19 +02:00
..
ascii.h Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
assertions.h Replace ISC_NORETURN with C11's noreturn 2022-03-25 08:33:43 +01:00
async.h complete removal of isc_loop_current() 2024-04-02 10:35:56 +02:00
atomic.h Fix isc_quota bug 2025-02-20 12:20:25 +00:00
attributes.h Add and use __attribute__((nonnull)) in dnssec-signzone.c 2025-08-28 14:24:48 +00:00
backtrace.h Cleanup the last Windows / MSC ifdefs and comments 2023-04-03 09:06:20 +00:00
barrier.h Prefer the pthread_barrier implementation over uv_barrier 2023-01-11 09:51:02 +01:00
base32.h Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
base64.h Add enum for use with isc_base64_tobuffer and isc_hex_tobuffer 2026-01-28 08:02:00 +11:00
buffer.h Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
commandline.h Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
condition.h Make the pthread_rwlock implementation header-only macros [2/2] 2022-11-02 10:34:10 +01:00
counter.h Implement global limit for outgoing queries 2024-12-06 06:20:33 +00:00
crc64.h Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
dir.h Apply adjusted clang-format 2023-03-10 17:31:28 +01:00
dnsstream.h Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
endian.h Update the source code formatting using clang-format-17 2023-10-17 17:47:46 +02:00
errno.h Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
error.h Include the function name when reporting unexpected errors 2022-10-17 13:43:59 +01:00
file.h Apply adjusted clang-format 2023-03-10 17:31:28 +01:00
fips.h Define isc_fips_mode() and isc_fips_set_mode() 2023-04-03 12:05:28 +10:00
formatcheck.h Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
fuzz.h Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
getaddresses.h Remove some lingering references to libbind9 2023-03-08 10:06:22 +00:00
hash.h Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
hashmap.h Refactor isc_hashmap to accept custom match function 2023-09-16 07:20:48 +02:00
heap.h Make isc_heap_create() and isc_heap_insert() return void 2022-03-08 11:19:34 +01:00
helper.h Add isc_helper API that adds 1:1 thread for each loop 2024-09-12 14:39:07 +00:00
hex.h Add enum for use with isc_base64_tobuffer and isc_hex_tobuffer 2026-01-28 08:02:00 +11:00
histo.h Simplify histogram quantiles 2023-04-03 12:08:05 +01:00
hmac.h Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
ht.h Make isc_ht optionally case insensitive 2022-03-28 15:02:18 -07:00
httpd.h remove isc_task completely 2023-02-16 18:35:32 +01:00
interfaceiter.h Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
iterated_hash.h Enforce NSEC3 record consistency 2026-02-24 17:10:52 +01:00
job.h Reformat sources with up-to-date clang-format-17 2023-11-13 16:52:35 +01:00
lang.h Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
lex.h Change the return type of isc_lex_create() to void 2022-10-26 12:55:06 +02:00
list.h Clang-format header file changes 2024-05-17 16:03:21 -07:00
log.h Fix building on uclibc 2026-01-04 20:47:47 +00:00
loop.h Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
magic.h Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
managers.h remove isc_task completely 2023-02-16 18:35:32 +01:00
md.h Avoid implicit algorithm fetch for OpenSSL EVP_MD family 2023-01-18 18:32:57 +01:00
mem.h Forward declare mallocx in isc/mem.h 2024-01-18 09:34:36 +01:00
meminfo.h Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
mutex.h Remove ISC_MUTEX_INITIALIZER 2024-08-05 09:13:07 +00:00
mutexblock.h Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
net.h Rename isc_net_getudpportrange() to isc_net_getportrange() 2026-02-20 17:02:45 +01:00
netaddr.h Move contributed DLZ modules into a separate repository 2024-11-26 16:24:17 +01:00
netmgr.h Implement IP_LOCAL_PORT_RANGE socket option for Linux 2026-02-20 17:02:45 +01:00
netscope.h Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
nonce.h Use arc4random for CSPRNG when available 2025-10-02 13:49:33 +02:00
once.h Improve reporting for pthread_once errors 2022-10-14 16:39:21 +02:00
os.h Implement IP_LOCAL_PORT_RANGE socket option for Linux 2026-02-20 17:02:45 +01:00
overflow.h Use clang-format-22 to update formatting 2026-03-04 12:18:27 +01:00
parseint.h Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
pause.h Improve the spinloop pause / yield hint 2023-02-14 17:13:24 +00:00
portset.h Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
proxy2.h Add PROXYv2 header utilities 2023-12-06 15:15:24 +02:00
queue.h Use clang-format-22 to update formatting 2026-03-04 12:18:27 +01:00
quota.h Use clang-format-22 to update formatting 2026-03-04 12:18:27 +01:00
radix.h Update the source code formatting using clang-format-17 2023-10-17 17:47:46 +02:00
random.h Fix assertion failure from arc4random_uniform with invalid limit 2025-10-24 20:23:32 +00:00
ratelimiter.h refactor isc_ratelimiter to use loop callbacks 2023-01-31 21:41:19 -08:00
refcount.h Use clang-format-22 to update formatting 2026-03-04 12:18:27 +01:00
regex.h Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
region.h Incrementally apply AXFR transfer 2024-11-26 07:17:06 +00:00
result.h Switch UDP fetches to TCP on the first response with a wrong query id 2026-05-15 08:49:19 +02:00
rwlock.h Use proper padding instead of using alignas() 2024-02-08 10:54:35 +01:00
safe.h Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
serial.h Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
signal.h New event loop handling API 2022-08-25 12:24:29 +02:00
siphash.h Implement incremental version of SipHash 2-4 and HalfSipHash 2-4 2023-09-12 16:17:06 +02:00
sockaddr.h Move contributed DLZ modules into a separate repository 2024-11-26 16:24:17 +01:00
spinlock.h Add isc_spinlock unit with shim pthread_spin implementation 2023-04-21 12:10:02 +02:00
stats.h Return the old counter value in isc_stats_increment 2024-05-10 12:08:52 +03:00
stdio.h Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
stdtime.h Remove isc_stdtime_get() macro 2023-03-31 13:33:16 +02:00
strerr.h Explain <isc/strerr.h> a little more 2023-02-15 16:44:09 +00:00
string.h Use strnstr implementation from FreeBSD if not provided by OS 2022-10-04 14:21:41 +11:00
symtab.h Update clang to version 14 2022-06-16 17:21:11 +02:00
syslog.h Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
thread.h Use clang-format-19 to update formatting 2024-08-22 08:16:03 +00:00
tid.h Remove redundant parentheses from the return statement 2024-11-19 14:26:52 +01:00
time.h Use constexpr for NS_PER_SEC and friends constants 2024-08-19 09:10:04 +00:00
timer.h Add isc_timer_running() function to check status of timer 2025-02-21 22:27:25 +01:00
tls.h Add isc_tls_valid_sni_hostname() 2025-03-31 15:06:59 +03:00
tm.h Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
types.h Add enum for use with isc_base64_tobuffer and isc_hex_tobuffer 2026-01-28 08:02:00 +11:00
urcu.h Use atomics for CMM_{LOAD,STORE}_SHARED with ThreadSanitizer 2025-11-27 09:32:36 +00:00
url.h Rewrite isc_httpd using picohttpparser and isc_url_parse 2022-10-14 11:26:54 +02:00
utf8.h Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
util.h Add MOVE_OWNERSHIP() macro for transferring pointer ownership 2026-03-23 12:05:30 +01:00
uv.h De-duplicate some calls to strerror_r() 2022-10-17 11:58:26 +01:00
work.h Reformat sources with up-to-date clang-format-17 2023-11-13 16:52:35 +01:00
xml.h Use custom isc_mem based allocator for libxml2 2022-09-27 17:10:42 +02:00