mirror of
https://github.com/isc-projects/bind9.git
synced 2026-06-11 01:59:59 -04:00
11bca1051f
Until now, the dispatcher silently dropped UDP responses from the expected peer that carried the wrong DNS message id and kept listening for the correct id to arrive within the read timeout. An off-path attacker who knows the destination address and source port of an outgoing fetch could exploit that quiet retry window to flood the resolver with guessed responses; with a gigabit link the per-query success probability grows linearly with the number of guesses that arrive before the legitimate answer or the timeout. Treat any such mismatch as a possible spoofing attempt and let the resolver immediately retry the same query over TCP, the same control path the truncation handler already uses. Add a resolver statistics counter - exposed as 'queries retried over TCP after a response with mismatched query id' in rndc stats and 'MismatchTCP' in the statistics channel Assisted-by: Claude:claude-opus-4-7 |
||
|---|---|---|
| .. | ||
| include | ||
| .gitignore | ||
| bind9.xsl | ||
| builtin.c | ||
| config.c | ||
| control.c | ||
| controlconf.c | ||
| dlz_dlopen_driver.c | ||
| fuzz.c | ||
| geoip.c | ||
| log.c | ||
| logconf.c | ||
| main.c | ||
| meson.build | ||
| named.conf.rst | ||
| named.rst | ||
| nzd.c | ||
| os.c | ||
| server.c | ||
| statschannel.c | ||
| tkeyconf.c | ||
| transportconf.c | ||
| tsigconf.c | ||
| xsl_c.in | ||
| xsl_p.h | ||
| zoneconf.c | ||