Overview

File bind-CVE-2021-25219.patch of Package bind.34020

Index: bind-9.11.22/bin/named/config.c
===================================================================
--- bind-9.11.22.orig/bin/named/config.c
+++ bind-9.11.22/bin/named/config.c
@@ -175,7 +175,7 @@ options {\n\
 #if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
 "	geoip-use-ecs yes;\n"
 #endif
-"	lame-ttl 600;\n"
+"	lame-ttl 0;\n"
 #ifdef HAVE_LMDB
 "	lmdb-mapsize 32M;\n"
 #endif
Index: bind-9.11.22/bin/named/server.c
===================================================================
--- bind-9.11.22.orig/bin/named/server.c
+++ bind-9.11.22/bin/named/server.c
@@ -3986,8 +3986,12 @@ configure_view(dns_view_t *view, dns_vie
 	result = ns_config_get(maps, "lame-ttl", &obj);
 	INSIST(result == ISC_R_SUCCESS);
 	lame_ttl = cfg_obj_asuint32(obj);
-	if (lame_ttl > 1800)
-		lame_ttl = 1800;
+	if (lame_ttl > 0) {
+	    cfg_obj_log(obj, ns_g_lctx, ISC_LOG_WARNING,
+			"disabling lame cache despite lame-ttl > 0 as it "
+			"may cause performance issues");
+	    lame_ttl = 0;
+	}
 	dns_resolver_setlamettl(view->resolver, lame_ttl);
 
 	/*
Index: bind-9.11.22/lib/dns/resolver.c
===================================================================
--- bind-9.11.22.orig/lib/dns/resolver.c
+++ bind-9.11.22/lib/dns/resolver.c
@@ -8399,18 +8399,21 @@ resquery_response(isc_task_t *task, isc_
 	/*
 	 * Is the server lame?
 	 */
-	if (res->lame_ttl != 0 && !ISFORWARDER(query->addrinfo) &&
+	if (!ISFORWARDER(query->addrinfo) &&
 	    is_lame(fctx)) {
 		inc_stats(res, dns_resstatscounter_lame);
 		log_lame(fctx, query->addrinfo);
-		result = dns_adb_marklame(fctx->adb, query->addrinfo,
-					  &fctx->name, fctx->type,
-					  now + res->lame_ttl);
-		if (result != ISC_R_SUCCESS)
-			isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
-				      DNS_LOGMODULE_RESOLVER, ISC_LOG_ERROR,
-				      "could not mark server as lame: %s",
-				      isc_result_totext(result));
+		if (res->lame_ttl != 0) {
+			result = dns_adb_marklame(fctx->adb, query->addrinfo,
+						  &fctx->name, fctx->type,
+						  now + res->lame_ttl);
+			if (result != ISC_R_SUCCESS) {
+				isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
+					      DNS_LOGMODULE_RESOLVER, ISC_LOG_ERROR,
+					      "could not mark server as lame: %s",
+					      isc_result_totext(result));
+			}
+		}
 		broken_server = DNS_R_LAME;
 		keep_trying = true;
 		FCTXTRACE("lame server");
openSUSE Build Service is sponsored by
Places