File bind-CVE-2021-25219.patch of Package bind.29689

Index: bind-9.9.9-P1/bin/named/config.c
===================================================================
--- bind-9.9.9-P1.orig/bin/named/config.c
+++ bind-9.9.9-P1/bin/named/config.c
@@ -139,7 +139,7 @@ options {\n\
 	notify-source-v6 *;\n\
 	cleaning-interval 0;  /* now meaningless */\n\
 	min-roots 2;\n\
-	lame-ttl 600;\n\
+	lame-ttl 0;\n\
 	max-ncache-ttl 10800; /* 3 hours */\n\
 	max-cache-ttl 604800; /* 1 week */\n\
 	transfer-format many-answers;\n\
Index: bind-9.9.9-P1/bin/named/server.c
===================================================================
--- bind-9.9.9-P1.orig/bin/named/server.c
+++ bind-9.9.9-P1/bin/named/server.c
@@ -2816,8 +2816,13 @@ configure_view(dns_view_t *view, cfg_obj
 	result = ns_config_get(maps, "lame-ttl", &obj);
 	INSIST(result == ISC_R_SUCCESS);
 	lame_ttl = cfg_obj_asuint32(obj);
-	if (lame_ttl > 1800)
-		lame_ttl = 1800;
+	if (lame_ttl > 0) {
+		cfg_obj_log(obj, ns_g_lctx, ISC_LOG_WARNING,
+			    "disabling lame cache despite lame-ttl > 0 as it "
+			    "may cause performance issues");
+		lame_ttl = 0;
+	}
+
 	dns_resolver_setlamettl(view->resolver, lame_ttl);
 
 	/*
Index: bind-9.9.9-P1/lib/dns/resolver.c
===================================================================
--- bind-9.9.9-P1.orig/lib/dns/resolver.c
+++ bind-9.9.9-P1/lib/dns/resolver.c
@@ -7652,18 +7652,20 @@ resquery_response(isc_task_t *task, isc_
 	/*
 	 * Is the server lame?
 	 */
-	if (res->lame_ttl != 0 && !ISFORWARDER(query->addrinfo) &&
-	    is_lame(fctx)) {
+	if (!ISFORWARDER(query->addrinfo) && is_lame(fctx)) {
 		inc_stats(res, dns_resstatscounter_lame);
 		log_lame(fctx, query->addrinfo);
-		result = dns_adb_marklame(fctx->adb, query->addrinfo,
-					  &fctx->name, fctx->type,
-					  now + res->lame_ttl);
-		if (result != ISC_R_SUCCESS)
-			isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
-				      DNS_LOGMODULE_RESOLVER, ISC_LOG_ERROR,
-				      "could not mark server as lame: %s",
-				      isc_result_totext(result));
+		if (res->lame_ttl != 0) {
+			result = dns_adb_marklame(fctx->adb, query->addrinfo,
+						  &fctx->name, fctx->type,
+						  now + res->lame_ttl);
+			if (result != ISC_R_SUCCESS) {
+				isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
+					      DNS_LOGMODULE_RESOLVER, ISC_LOG_ERROR,
+					      "could not mark server as lame: %s",
+					      isc_result_totext(result));
+			}
+		}
 		broken_server = DNS_R_LAME;
 		keep_trying = ISC_TRUE;
 		FCTXTRACE("lame server");