File bind-CVE-2021-25219.patch of Package bind.34202
Index: bind-9.16.6/bin/named/config.c
===================================================================
--- bind-9.16.6.orig/bin/named/config.c
+++ bind-9.16.6/bin/named/config.c
@@ -159,7 +159,7 @@ options {\n\
fetches-per-server 0;\n\
fetches-per-zone 0;\n\
glue-cache yes;\n\
- lame-ttl 600;\n"
+ lame-ttl 0;\n"
#ifdef HAVE_LMDB
" lmdb-mapsize 32M;\n"
#endif /* ifdef HAVE_LMDB */
Index: bind-9.16.6/bin/named/server.c
===================================================================
--- bind-9.16.6.orig/bin/named/server.c
+++ bind-9.16.6/bin/named/server.c
@@ -4650,8 +4650,11 @@ configure_view(dns_view_t *view, dns_vie
result = named_config_get(maps, "lame-ttl", &obj);
INSIST(result == ISC_R_SUCCESS);
lame_ttl = cfg_obj_asduration(obj);
- if (lame_ttl > 1800) {
- lame_ttl = 1800;
+ if (lame_ttl > 0) {
+ cfg_obj_log(obj, named_g_lctx, ISC_LOG_WARNING,
+ "disabling lame cache despite lame-ttl > 0 as it "
+ "may cause performance issues");
+ lame_ttl = 0;
}
dns_resolver_setlamettl(view->resolver, lame_ttl);
Index: bind-9.16.6/lib/dns/resolver.c
===================================================================
--- bind-9.16.6.orig/lib/dns/resolver.c
+++ bind-9.16.6/lib/dns/resolver.c
@@ -9952,24 +9952,25 @@ rctx_badserver(respctx_t *rctx, isc_resu
*/
static isc_result_t
rctx_lameserver(respctx_t *rctx) {
- isc_result_t result;
+ isc_result_t result = ISC_R_SUCCESS;
fetchctx_t *fctx = rctx->fctx;
resquery_t *query = rctx->query;
- if (fctx->res->lame_ttl == 0 || ISFORWARDER(query->addrinfo) ||
- !is_lame(fctx)) {
+ if (ISFORWARDER(query->addrinfo) || !is_lame(fctx)) {
return (ISC_R_SUCCESS);
}
inc_stats(fctx->res, dns_resstatscounter_lame);
log_lame(fctx, query->addrinfo);
- result = dns_adb_marklame(fctx->adb, query->addrinfo, &fctx->name,
- fctx->type, rctx->now + fctx->res->lame_ttl);
- if (result != ISC_R_SUCCESS) {
- isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
- DNS_LOGMODULE_RESOLVER, ISC_LOG_ERROR,
- "could not mark server as lame: %s",
- isc_result_totext(result));
+ if (fctx->res->lame_ttl != 0) {
+ result = dns_adb_marklame(fctx->adb, query->addrinfo, &fctx->name,
+ fctx->type, rctx->now + fctx->res->lame_ttl);
+ if (result != ISC_R_SUCCESS) {
+ isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
+ DNS_LOGMODULE_RESOLVER, ISC_LOG_ERROR,
+ "could not mark server as lame: %s",
+ isc_result_totext(result));
+ }
}
rctx->broken_server = DNS_R_LAME;
rctx->next_server = true;