upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-17 09:39:15 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

BIND 9.16.37

Browse source 
-----BEGIN PGP SIGNATURE-----
 
 iQJDBAABCgAtFiEENKwGS3ftSQfs1TU17QVz/8hFYQUFAmPAjacPHG1pY2hhbEBp
 c2Mub3JnAAoJEO0Fc//IRWEFK/8QAIwzV2AXifS4FpuPG+AUDYDkWISambW62ZYx
 KVMxJquSRv3ZeBc7JZ0OFcqP6RcZKlj8X55aJlehusmEBTCOS3pXJUyBIJ8O//4P
 lqGUPaNrQd1Y0YsBfKLP0Eoljfopj9aplUGZMBz35LejkDSwbj4E6oO0R29ZtLKZ
 8qA2V5TgY1X28fkPlzZyEKtg2+MDZ8WebSjn/J3usJmTlmfyPT/II0aWSS/bhSz2
 M3IZdECPS0n11M4a/9pbgsGUHVfLMTrVkxVyNlJK6yRs2SWWlb0ylrRjZbxY4jyK
 hp8bOnQuLwQ/dtMW90Od7oLxbGzhW7fUmpRxA/UbycaDUiXHTFL6lgG1ZIcVBMHy
 pbg6B+RSGgAIb3SUyCcff83ya8HKyX456AxhfdbitHlioGi4sZUehVV8NUZOzrgE
 9xLbSWIkvVLzZGT42O81kHL225CkteZwc2NaIIrGCIXS+s58MqGIP/tNAmTbty5s
 40xyoYjaPc2g8DHw+Lw2ykJqA5O14vkJR+ERFdc6N5rgBIQWbuMG6AV4mH9cgixU
 ANyVytQF792O9Y2HHFmLcGTDHOjyUfpxVxWc7hy9jJ8ejgzaGQbY3UXeVRuJ6ZAW
 lsdfP0Nh9b371sGcgxkmQZaNDj1wUp5eYXDkCuk27t9iOHsqvWzM38iTvRZqpDZQ
 WE+64/IG
 =8rdy
 -----END PGP SIGNATURE-----

Merge tag 'v9_16_37' into v9_16

BIND 9.16.37
This commit is contained in:
Michał Kępień 2023-01-25 21:34:55 +01:00
commit 7b0e57095a
32 changed files with 536 additions and 197 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
CHANGES
View file

@ -11,6 +11,23 @@
release the memory held by the dead view
early. [GL #3801]
--- 9.16.37 released ---
6067. [security] Fix serve-stale crash when recursive clients soft quota
is reached. (CVE-2022-3924) [GL #3619]
6066. [security] Handle RRSIG lookups when serve-stale is active.
(CVE-2022-3736) [GL #3622]
6064. [security] An UPDATE message flood could cause named to exhaust all
available memory. This flaw was addressed by adding a
new "update-quota" statement that controls the number of
simultaneous UPDATE messages that can be processed or
forwarded. The default is 100. A stats counter has been
added to record events when the update quota is
exceeded, and the XML and JSON statistics version
numbers have been updated. (CVE-2022-3094) [GL #3523]
6062. [func] The DSCP implementation, which has only been
partly operational since 9.16.0, is now marked as
deprecated. Configuring DSCP values in named.conf

4
bin/named/bind9.xsl
View file

@ -2,7 +2,9 @@
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://www.w3.org/1999/xhtml" version="1.0">
<xsl:output method="html" indent="yes" version="4.0"/>
<xsl:template match="statistics[@version=&quot;3.11&quot;]">
<!-- the version number **below** must match version in bin/named/statschannel.c -->
<!-- don't forget to update "/xml/v<STATS_XML_VERSION_MAJOR>" in the HTTP endpoints listed below -->
<xsl:template match="statistics[@version=&quot;3.11.1&quot;]">
<html>
<head>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>

6
bin/named/bind9.xsl.h
View file

@ -8,7 +8,11 @@ static char xslmsg[] =
"<xsl:stylesheet xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\" "
"xmlns=\"http://www.w3.org/1999/xhtml\" version=\"1.0\">\n"
" <xsl:output method=\"html\" indent=\"yes\" version=\"4.0\"/>\n"
" <xsl:template match=\"statistics[@version=&quot;3.11&quot;]\">\n"
" <!-- the version number **below** must match version in "
"bin/named/statschannel.c -->\n"
" <!-- don't forget to update \"/xml/v<STATS_XML_VERSION_MAJOR>\" in "
"the HTTP endpoints listed below -->\n"
" <xsl:template match=\"statistics[@version=&quot;3.11.1&quot;]\">\n"
" <html>\n"
" <head>\n"
" <script type=\"text/javascript\" "

1
bin/named/config.c
View file

@ -130,6 +130,7 @@ options {\n\
transfers-out 10;\n\
transfers-per-ns 2;\n\
trust-anchor-telemetry yes;\n\
update-quota 100;\n\
\n\
/* view */\n\
allow-new-zones no;\n\

9
bin/named/named.conf.rst
View file

@ -179,7 +179,7 @@ OPTIONS
answer-cookie boolean;
attach-cache string;
auth-nxdomain boolean; // default changed
auto-dnssec ( allow | maintain | off );
auto-dnssec ( allow | maintain | off );// deprecated
automatic-interface-scan boolean;
avoid-v4-udp-ports { portrange; ... };
avoid-v6-udp-ports { portrange; ... };
@ -446,6 +446,7 @@ OPTIONS
trust-anchor-telemetry boolean; // experimental
try-tcp-refresh boolean;
update-check-ksk boolean;
update-quota integer;
use-alt-transfer-source boolean;
use-v4-udp-ports { portrange; ... };
use-v6-udp-ports { portrange; ... };
@ -584,7 +585,7 @@ VIEW
* ) ] [ dscp integer ];
attach-cache string;
auth-nxdomain boolean; // default changed
auto-dnssec ( allow | maintain | off );
auto-dnssec ( allow | maintain | off );// deprecated
cache-file quoted_string;// deprecated
catalog-zones { zone string [ default-masters [ port integer ]
[ dscp integer ] { ( remote-servers | ipv4_address [ port
@ -859,7 +860,7 @@ VIEW
integer | * ) ] [ dscp integer ];
alt-transfer-source-v6 ( ipv6_address | * ) [ port (
integer | * ) ] [ dscp integer ];
auto-dnssec ( allow | maintain | off );
auto-dnssec ( allow | maintain | off );// deprecated
check-dup-records ( fail | warn | ignore );
check-integrity boolean;
check-mx ( fail | warn | ignore );
@ -977,7 +978,7 @@ ZONE
] [ dscp integer ];
alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
* ) ] [ dscp integer ];
auto-dnssec ( allow | maintain | off );
auto-dnssec ( allow | maintain | off );// deprecated
check-dup-records ( fail | warn | ignore );
check-integrity boolean;
check-mx ( fail | warn | ignore );

1
bin/named/server.c
View file

@ -8543,6 +8543,7 @@ load_configuration(const char *filename, named_server_t *server,
configure_server_quota(maps, "tcp-clients", &server->sctx->tcpquota);
configure_server_quota(maps, "recursive-clients",
&server->sctx->recursionquota);
configure_server_quota(maps, "update-quota", &server->sctx->updquota);
max = isc_quota_getmax(&server->sctx->recursionquota);
if (max > 1000) {

5
bin/named/statschannel.c
View file

@ -344,6 +344,7 @@ init_desc(void) {
SET_NSSTATDESC(reclimitdropped,
"queries dropped due to recursive client limit",
"RecLimitDropped");
SET_NSSTATDESC(updatequota, "Update quota exceeded", "UpdateQuota");
INSIST(i == ns_statscounter_max);
@ -2018,7 +2019,7 @@ generatexml(named_server_t *server, uint32_t flags, int *buflen,
"href=\"/bind9.xsl\""));
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "statistics"));
TRY0(xmlTextWriterWriteAttribute(writer, ISC_XMLCHAR "version",
ISC_XMLCHAR "3.11"));
ISC_XMLCHAR "3.11.1"));
/* Set common fields for statistics dump */
dumparg.type = isc_statsformat_xml;
@ -2878,7 +2879,7 @@ generatejson(named_server_t *server, size_t *msglen, const char **msg,
/*
* These statistics are included no matter which URL we use.
*/
obj = json_object_new_string("1.5");
obj = json_object_new_string("1.5.1");
CHECKMEM(obj);
json_object_object_add(bindstats, "json-stats-version", obj);

1
bin/tests/system/checkconf/good.conf
View file

@ -75,6 +75,7 @@ options {
recursive-clients 3000;
serial-query-rate 100;
server-id none;
update-quota 200;
check-names primary warn;
check-names secondary ignore;
max-cache-size 20000000000000;

2
bin/tests/system/nsupdate/ns1/named.conf.in
View file

@ -23,6 +23,7 @@ options {
recursion no;
notify yes;
minimal-responses no;
update-quota 1;
};
acl named-acl {
@ -83,6 +84,7 @@ zone "other.nil" {
check-integrity no;
check-mx warn;
update-policy local;
allow-query { !10.53.0.2; any; };
allow-query-on { 10.53.0.1; 127.0.0.1; };
allow-transfer { any; };
};

28
bin/tests/system/nsupdate/tests.sh
View file

@ -1288,6 +1288,34 @@ END
grep "NSEC3PARAM has excessive iterations (> 150)" nsupdate.out-$n >/dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
n=$((n + 1))
ret=0
echo_i "check that update is rejected if query is not allowed ($n)"
{
$NSUPDATE -d <<END
local 10.53.0.2
server 10.53.0.1 ${PORT}
update add reject.other.nil 3600 IN TXT Whatever
send
END
} > nsupdate.out.test$n 2>&1
grep 'failed: REFUSED' nsupdate.out.test$n > /dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
n=$((n + 1))
ret=0
echo_i "check that update is rejected if quota is exceeded ($n)"
for loop in 1 2 3 4 5 6 7 8 9 10; do
{
$NSUPDATE -4 -l -p ${PORT} -k ns1/session.key > /dev/null 2>&1 <<END
update add txt-$loop.other.nil 3600 IN TXT Whatever
send
END
} &
done
wait_for_log 10 "too many DNS UPDATEs queued" ns1/named.run || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
if ! $FEATURETEST --gssapi ; then
echo_i "SKIPPED: GSSAPI tests"
else

2
bin/tests/system/upforwd/clean.sh
View file

@ -31,3 +31,5 @@ rm -f keyname keyname.err
rm -f ns*/named.lock
rm -f ns1/example2.db
rm -f ns*/managed-keys.bind*
rm -f nsupdate.out.*
rm -f ns*/named.run.prev

13
bin/tests/system/upforwd/ns3/named.conf.in → bin/tests/system/upforwd/ns3/named1.conf.in
View file

@ -30,20 +30,27 @@ key rndc_key {
};
controls {
inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
zone "example" {
type secondary;
file "example.bk";
allow-update-forwarding { any; };
allow-update-forwarding { 10.53.0.1; };
primaries { 10.53.0.1; };
};
zone "example2" {
type secondary;
file "example2.bk";
allow-update-forwarding { any; };
allow-update-forwarding { 10.53.0.1; };
primaries { 10.53.0.1; };
};
zone "example3" {
type secondary;
file "example3.bk";
allow-update-forwarding { 10.53.0.1; };
primaries { 10.53.0.1; };
};

41
bin/tests/system/upforwd/ns3/named2.conf.in Normal file
View file

@ -0,0 +1,41 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* SPDX-License-Identifier: MPL-2.0
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
options {
query-source address 10.53.0.3;
notify-source 10.53.0.3;
transfer-source 10.53.0.3;
port @PORT@;
pid-file "named.pid";
listen-on { 10.53.0.3; };
listen-on-v6 { none; };
recursion no;
notify yes;
update-quota 1;
};
key rndc_key {
secret "1234abcd8765";
algorithm @DEFAULT_HMAC@;
};
controls {
inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
zone "example" {
type secondary;
file "example.bk";
allow-update-forwarding { any; };
primaries { 10.53.0.1; };
};

2
bin/tests/system/upforwd/setup.sh
View file

@ -19,7 +19,7 @@ cp -f ns3/nomaster.db ns3/nomaster1.db
copy_setports ns1/named.conf.in ns1/named.conf
copy_setports ns2/named.conf.in ns2/named.conf
copy_setports ns3/named.conf.in ns3/named.conf
copy_setports ns3/named1.conf.in ns3/named.conf
if $FEATURETEST --enable-dnstap
then

39
bin/tests/system/upforwd/tests.sh
View file

@ -82,6 +82,7 @@ if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
echo_i "updating zone (signed) ($n)"
ret=0
$NSUPDATE -y update.example:c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K -- - <<EOF || ret=1
local 10.53.0.1
server 10.53.0.3 ${PORT}
update add updated.example. 600 A 10.10.10.1
update add updated.example. 600 TXT Foo
@ -140,6 +141,7 @@ fi
echo_i "updating zone (unsigned) ($n)"
ret=0
$NSUPDATE -- - <<EOF || ret=1
local 10.53.0.1
server 10.53.0.3 ${PORT}
update add unsigned.example. 600 A 10.10.10.1
update add unsigned.example. 600 TXT Foo
@ -196,6 +198,7 @@ while [ $count -lt 5 -a $ret -eq 0 ]
do
(
$NSUPDATE -- - <<EOF
local 10.53.0.1
server 10.53.0.3 ${PORT}
zone nomaster
update add unsigned.nomaster. 600 A 10.10.10.1
@ -227,6 +230,7 @@ then
ret=0
keyname=`cat keyname`
$NSUPDATE -k $keyname.private -- - <<EOF
local 10.53.0.1
server 10.53.0.3 ${PORT}
zone example2
update add unsigned.example2. 600 A 10.10.10.1
@ -251,5 +255,40 @@ EOF
fi
fi
echo_i "attempting an update that should be rejected by ACL ($n)"
ret=0
{
$NSUPDATE -- - << EOF
local 10.53.0.2
server 10.53.0.3 ${PORT}
update add another.unsigned.example. 600 A 10.10.10.2
update add another.unsigned.example. 600 TXT Bar
send
EOF
} > nsupdate.out.$n 2>&1
grep REFUSED nsupdate.out.$n > /dev/null || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
n=`expr $n + 1`
n=$((n + 1))
ret=0
echo_i "attempting updates that should exceed quota ($n)"
# lower the update quota to 1.
copy_setports ns3/named2.conf.in ns3/named.conf
rndc_reconfig ns3 10.53.0.3
nextpart ns3/named.run > /dev/null
for loop in 1 2 3 4 5 6 7 8 9 10; do
{
$NSUPDATE -- - > /dev/null 2>&1 <<END
local 10.53.0.1
server 10.53.0.3 ${PORT}
update add txt-$loop.unsigned.example 300 IN TXT Whatever
send
END
} &
done
wait_for_log 10 "too many DNS UPDATEs queued" ns3/named.run || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

1
doc/arm/notes.rst
View file

@ -47,6 +47,7 @@ for Microsoft Windows operating systems.
.. include:: ../notes/notes-known-issues.rst
.. include:: ../notes/notes-current.rst
.. include:: ../notes/notes-9.16.37.rst
.. include:: ../notes/notes-9.16.36.rst
.. include:: ../notes/notes-9.16.35.rst
.. include:: ../notes/notes-9.16.34.rst

10
doc/arm/reference.rst
View file

@ -3151,6 +3151,11 @@ system.
value as ``tcp-keepalive-timeout``. This value can be updated at
runtime by using ``rndc tcp-timeouts``.
``update-quota``
This is the maximum number of simultaneous DNS UPDATE messages that
the server will accept for updating local authoritiative zones or
forwarding to a primary server. The default is ``100``.
.. _intervals:
Periodic Task Intervals
@ -6837,6 +6842,11 @@ Name Server Statistics Counters
``UpdateBadPrereq``
This indicates the number of dynamic updates rejected due to a prerequisite failure.
``UpdateQuota``
This indicates the number of times a dynamic update or update
forwarding request was rejected because the number of pending
requests exceeded ``update-quota``.
``RateDropped``
This indicates the number of responses dropped due to rate limits.

2
doc/dnssec-guide/introduction.rst
View file

@ -250,7 +250,7 @@ at a very high level, looking up the name ``www.isc.org`` :
Let's take a quick break here and look at what we've got so far...
how can our server trust this answer? If a clever attacker had taken over
the ``isc.org`` name server(s), or course she would send matching
the ``isc.org`` name server(s), of course she would send matching
keys and signatures. We need to ask someone else to have confidence
that we are really talking to the real ``isc.org`` name server. This
is a critical part of DNSSEC: at some point, the DNS administrators

9
doc/man/named.conf.5in
View file

@ -231,7 +231,7 @@ options {
answer\-cookie boolean;
attach\-cache string;
auth\-nxdomain boolean; // default changed
auto\-dnssec ( allow | maintain | off );
auto\-dnssec ( allow | maintain | off );// deprecated
automatic\-interface\-scan boolean;
avoid\-v4\-udp\-ports { portrange; ... };
avoid\-v6\-udp\-ports { portrange; ... };
@ -498,6 +498,7 @@ options {
trust\-anchor\-telemetry boolean; // experimental
try\-tcp\-refresh boolean;
update\-check\-ksk boolean;
update\-quota integer;
use\-alt\-transfer\-source boolean;
use\-v4\-udp\-ports { portrange; ... };
use\-v6\-udp\-ports { portrange; ... };
@ -668,7 +669,7 @@ view string [ class ] {
* ) ] [ dscp integer ];
attach\-cache string;
auth\-nxdomain boolean; // default changed
auto\-dnssec ( allow | maintain | off );
auto\-dnssec ( allow | maintain | off );// deprecated
cache\-file quoted_string;// deprecated
catalog\-zones { zone string [ default\-masters [ port integer ]
[ dscp integer ] { ( remote\-servers | ipv4_address [ port
@ -943,7 +944,7 @@ view string [ class ] {
integer | * ) ] [ dscp integer ];
alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port (
integer | * ) ] [ dscp integer ];
auto\-dnssec ( allow | maintain | off );
auto\-dnssec ( allow | maintain | off );// deprecated
check\-dup\-records ( fail | warn | ignore );
check\-integrity boolean;
check\-mx ( fail | warn | ignore );
@ -1065,7 +1066,7 @@ zone string [ class ] {
] [ dscp integer ];
alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer |
* ) ] [ dscp integer ];
auto\-dnssec ( allow | maintain | off );
auto\-dnssec ( allow | maintain | off );// deprecated
check\-dup\-records ( fail | warn | ignore );
check\-integrity boolean;
check\-mx ( fail | warn | ignore );

2
doc/misc/master.zoneopt.rst
View file

@ -20,7 +20,7 @@
also-notify [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... };
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
auto-dnssec ( allow | maintain | off );
auto-dnssec ( allow | maintain | off ); // deprecated
check-dup-records ( fail | warn | ignore );
check-integrity <boolean>;
check-mx ( fail | warn | ignore );

1
doc/misc/options
View file

@ -404,6 +404,7 @@ options {
trust-anchor-telemetry <boolean>; // experimental
try-tcp-refresh <boolean>;
update-check-ksk <boolean>;
update-quota <integer>;
use-alt-transfer-source <boolean>;
use-id-pool <boolean>; // ancient
use-ixfr <boolean>; // obsolete

1
doc/misc/options.active
View file

@ -363,6 +363,7 @@ options {
trust-anchor-telemetry <boolean>; // experimental
try-tcp-refresh <boolean>;
update-check-ksk <boolean>;
update-quota <integer>;
use-alt-transfer-source <boolean>;
use-v4-udp-ports { <portrange>; ... };
use-v6-udp-ports { <portrange>; ... };

3
doc/misc/options.grammar.rst
View file

@ -33,7 +33,7 @@
answer-cookie <boolean>;
attach-cache <string>;
auth-nxdomain <boolean>; // default changed
auto-dnssec ( allow | maintain | off );
auto-dnssec ( allow | maintain | off ); // deprecated
automatic-interface-scan <boolean>;
avoid-v4-udp-ports { <portrange>; ... };
avoid-v6-udp-ports { <portrange>; ... };
@ -300,6 +300,7 @@
trust-anchor-telemetry <boolean>; // experimental
try-tcp-refresh <boolean>;
update-check-ksk <boolean>;
update-quota <integer>;
use-alt-transfer-source <boolean>;
use-v4-udp-ports { <portrange>; ... };
use-v6-udp-ports { <portrange>; ... };

2
doc/misc/slave.zoneopt.rst
View file

@ -21,7 +21,7 @@
also-notify [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... };
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
auto-dnssec ( allow | maintain | off );
auto-dnssec ( allow | maintain | off ); // deprecated
check-names ( fail | warn | ignore );
database <string>;
dialup ( notify | notify-passive | passive | refresh | <boolean> );

80
doc/notes/notes-9.16.37.rst Normal file
View file

@ -0,0 +1,80 @@
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
Notes for BIND 9.16.37
----------------------
Security Fixes
~~~~~~~~~~~~~~
- An UPDATE message flood could cause :iscman:`named` to exhaust all
available memory. This flaw was addressed by adding a new
``update-quota`` option that controls the maximum number of
outstanding DNS UPDATE messages that :iscman:`named` can hold in a
queue at any given time (default: 100). (CVE-2022-3094)
ISC would like to thank Rob Schulhof from Infoblox for bringing this
vulnerability to our attention. :gl:`#3523`
- :iscman:`named` could crash with an assertion failure when an RRSIG
query was received and ``stale-answer-client-timeout`` was set to a
non-zero value. This has been fixed. (CVE-2022-3736)
ISC would like to thank Borja Marcos from Sarenet (with assistance by
Iratxe Niño from Fundación Sarenet) for bringing this vulnerability to
our attention. :gl:`#3622`
- :iscman:`named` running as a resolver with the
``stale-answer-client-timeout`` option set to any value greater than
``0`` could crash with an assertion failure, when the
``recursive-clients`` soft quota was reached. This has been fixed.
(CVE-2022-3924)
ISC would like to thank Maksym Odinintsev from AWS for bringing this
vulnerability to our attention. :gl:`#3619`
New Features
~~~~~~~~~~~~
- The new ``update-quota`` option can be used to control the number of
simultaneous DNS UPDATE messages that can be processed to update an
authoritative zone on a primary server, or forwarded to the primary
server by a secondary server. The default is 100. A new statistics
counter has also been added to record events when this quota is
exceeded, and the version numbers for the XML and JSON statistics
schemas have been updated. :gl:`#3523`
Feature Changes
~~~~~~~~~~~~~~~
- The Differentiated Services Code Point (DSCP) feature in BIND has been
deprecated. Configuring DSCP values in ``named.conf`` now causes a
warning to be logged. Note that this feature has only been partly
operational since the new Network Manager was introduced in BIND
9.16.0. :gl:`#3773`
- The catalog zone implementation has been optimized to work with
hundreds of thousands of member zones. :gl:`#3744`
Bug Fixes
~~~~~~~~~
- In certain query resolution scenarios (e.g. when following CNAME
records), :iscman:`named` configured to answer from stale cache could
return a SERVFAIL response despite a usable, non-stale answer being
present in the cache. This has been fixed. :gl:`#3678`
Known Issues
~~~~~~~~~~~~
- There are no new known issues with this release. See :ref:`above
<relnotes_known_issues>` for a list of all known issues affecting this
BIND 9 branch.

52
lib/dns/resolver.c
View file

@ -11275,8 +11275,9 @@ void
dns_resolver_cancelfetch(dns_fetch_t *fetch) {
fetchctx_t *fctx;
dns_resolver_t *res;
dns_fetchevent_t *event, *next_event;
isc_task_t *etask;
dns_fetchevent_t *event = NULL;
dns_fetchevent_t *event_trystale = NULL;
dns_fetchevent_t *event_fetchdone = NULL;
REQUIRE(DNS_FETCH_VALID(fetch));
fctx = fetch->private;
@ -11288,33 +11289,60 @@ dns_resolver_cancelfetch(dns_fetch_t *fetch) {
LOCK(&res->buckets[fctx->bucketnum].lock);
/*
* Find the completion event for this fetch (as opposed
* Find the events for this fetch (as opposed
* to those for other fetches that have joined the same
* fctx) and send it with result = ISC_R_CANCELED.
* fctx) and send them with result = ISC_R_CANCELED.
*/
event = NULL;
if (fctx->state != fetchstate_done) {
dns_fetchevent_t *next_event = NULL;
for (event = ISC_LIST_HEAD(fctx->events); event != NULL;
event = next_event)
{
next_event = ISC_LIST_NEXT(event, ev_link);
if (event->fetch == fetch) {
ISC_LIST_UNLINK(fctx->events, event, ev_link);
break;
switch (event->ev_type) {
case DNS_EVENT_TRYSTALE:
INSIST(event_trystale == NULL);
event_trystale = event;
break;
case DNS_EVENT_FETCHDONE:
INSIST(event_fetchdone == NULL);
event_fetchdone = event;
break;
default:
UNREACHABLE();
}
if (event_trystale != NULL &&
event_fetchdone != NULL)
{
break;
}
}
}
}
if (event != NULL) {
etask = event->ev_sender;
event->ev_sender = fctx;
event->result = ISC_R_CANCELED;
isc_task_sendanddetach(&etask, ISC_EVENT_PTR(&event));
/*
* The "trystale" event must be sent before the "fetchdone" event,
* because the latter clears the "recursing" query attribute, which is
* required by both events (handled by the same callback function).
*/
if (event_trystale != NULL) {
isc_task_t *etask = event_trystale->ev_sender;
event_trystale->ev_sender = fctx;
event_trystale->result = ISC_R_CANCELED;
isc_task_sendanddetach(&etask, ISC_EVENT_PTR(&event_trystale));
}
if (event_fetchdone != NULL) {
isc_task_t *etask = event_fetchdone->ev_sender;
event_fetchdone->ev_sender = fctx;
event_fetchdone->result = ISC_R_CANCELED;
isc_task_sendanddetach(&etask, ISC_EVENT_PTR(&event_fetchdone));
}
/*
* The fctx continues running even if no fetches remain;
* the answer is still cached.
*/
UNLOCK(&res->buckets[fctx->bucketnum].lock);
}

1
lib/isccfg/namedconf.c
View file

@ -1267,6 +1267,7 @@ static cfg_clausedef_t options_clauses[] = {
{ "transfers-out", &cfg_type_uint32, 0 },
{ "transfers-per-ns", &cfg_type_uint32, 0 },
{ "treat-cr-as-space", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
{ "update-quota", &cfg_type_uint32, 0 },
{ "use-id-pool", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
{ "use-ixfr", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
{ "use-v4-udp-ports", &cfg_type_bracketed_portlist, 0 },

1
lib/ns/include/ns/server.h
View file

@ -86,6 +86,7 @@ struct ns_server {
isc_quota_t recursionquota;
isc_quota_t tcpquota;
isc_quota_t xfroutquota;
isc_quota_t updquota;
/*% Test options and other configurables */
uint32_t options;

4
lib/ns/include/ns/stats.h
View file

@ -108,7 +108,9 @@ enum {
ns_statscounter_reclimitdropped = 66,
ns_statscounter_max = 67,
ns_statscounter_updatequota = 67,
ns_statscounter_max = 68,
};
void

22
lib/ns/query.c
View file

@ -5177,6 +5177,15 @@ qctx_init(ns_client_t *client, dns_fetchevent_t **eventp, dns_rdatatype_t qtype,
qctx->result = ISC_R_SUCCESS;
qctx->findcoveringnsec = qctx->view->synthfromdnssec;
/*
* If it's an RRSIG or SIG query, we'll iterate the node.
*/
if (qctx->qtype == dns_rdatatype_rrsig ||
qctx->qtype == dns_rdatatype_sig)
{
qctx->type = dns_rdatatype_any;
}
CALL_HOOK_NORETURN(NS_QUERY_QCTX_INITIALIZED, qctx);
}
@ -5318,15 +5327,6 @@ query_setup(ns_client_t *client, dns_rdatatype_t qtype) {
CALL_HOOK(NS_QUERY_SETUP, &qctx);
/*
* If it's a SIG query, we'll iterate the node.
*/
if (qctx.qtype == dns_rdatatype_rrsig ||
qctx.qtype == dns_rdatatype_sig)
{
qctx.type = dns_rdatatype_any;
}
/*
* Check SERVFAIL cache
*/
@ -6110,7 +6110,9 @@ fetch_callback(isc_task_t *task, isc_event_t *event) {
CTRACE(ISC_LOG_DEBUG(3), "fetch_callback");
if (event->ev_type == DNS_EVENT_TRYSTALE) {
query_lookup_stale(client);
if (devent->result != ISC_R_CANCELED) {
query_lookup_stale(client);
}
isc_event_free(ISC_EVENT_PTR(&event));
return;
}

2
lib/ns/server.c
View file

@ -54,6 +54,7 @@ ns_server_create(isc_mem_t *mctx, ns_matchview_t matchingview,
isc_quota_init(&sctx->xfroutquota, 10);
isc_quota_init(&sctx->tcpquota, 10);
isc_quota_init(&sctx->recursionquota, 100);
isc_quota_init(&sctx->updquota, 100);
CHECKFATAL(dns_tkeyctx_create(mctx, &sctx->tkeyctx));
@ -133,6 +134,7 @@ ns_server_detach(ns_server_t **sctxp) {
isc_mem_put(sctx->mctx, altsecret, sizeof(*altsecret));
}
isc_quota_destroy(&sctx->updquota);
isc_quota_destroy(&sctx->recursionquota);
isc_quota_destroy(&sctx->tcpquota);
isc_quota_destroy(&sctx->xfroutquota);

369
lib/ns/update.c
View file

@ -263,6 +263,9 @@ static void
forward_done(isc_task_t *task, isc_event_t *event);
static isc_result_t
add_rr_prepare_action(void *data, rr_t *rr);
static isc_result_t
rr_exists(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
const dns_rdata_t *rdata, bool *flag);
/**************************************************************************/
@ -335,25 +338,26 @@ inc_stats(ns_client_t *client, dns_zone_t *zone, isc_statscounter_t counter) {
static isc_result_t
checkqueryacl(ns_client_t *client, dns_acl_t *queryacl, dns_name_t *zonename,
dns_acl_t *updateacl, dns_ssutable_t *ssutable) {
isc_result_t result;
char namebuf[DNS_NAME_FORMATSIZE];
char classbuf[DNS_RDATACLASS_FORMATSIZE];
int level;
isc_result_t result;
bool update_possible =
((updateacl != NULL && !dns_acl_isnone(updateacl)) ||
ssutable != NULL);
result = ns_client_checkaclsilent(client, NULL, queryacl, true);
if (result != ISC_R_SUCCESS) {
int level = update_possible ? ISC_LOG_ERROR : ISC_LOG_INFO;
dns_name_format(zonename, namebuf, sizeof(namebuf));
dns_rdataclass_format(client->view->rdclass, classbuf,
sizeof(classbuf));
level = (updateacl == NULL && ssutable == NULL) ? ISC_LOG_INFO
: ISC_LOG_ERROR;
ns_client_log(client, NS_LOGCATEGORY_UPDATE_SECURITY,
NS_LOGMODULE_UPDATE, level,
"update '%s/%s' denied due to allow-query",
namebuf, classbuf);
} else if (updateacl == NULL && ssutable == NULL) {
} else if (!update_possible) {
dns_name_format(zonename, namebuf, sizeof(namebuf));
dns_rdataclass_format(client->view->rdclass, classbuf,
sizeof(classbuf));
@ -1549,6 +1553,167 @@ send_update_event(ns_client_t *client, dns_zone_t *zone) {
isc_result_t result = ISC_R_SUCCESS;
update_event_t *event = NULL;
isc_task_t *zonetask = NULL;
dns_ssutable_t *ssutable = NULL;
dns_message_t *request = client->message;
dns_aclenv_t *env =
ns_interfacemgr_getaclenv(client->manager->interface->mgr);
dns_rdataclass_t zoneclass;
dns_rdatatype_t covers;
dns_name_t *zonename = NULL;
dns_db_t *db = NULL;
dns_dbversion_t *ver = NULL;
CHECK(dns_zone_getdb(zone, &db));
zonename = dns_db_origin(db);
zoneclass = dns_db_class(db);
dns_zone_getssutable(zone, &ssutable);
dns_db_currentversion(db, &ver);
/*
* Update message processing can leak record existence information
* so check that we are allowed to query this zone. Additionally,
* if we would refuse all updates for this zone, we bail out here.
*/
CHECK(checkqueryacl(client, dns_zone_getqueryacl(zone),
dns_zone_getorigin(zone),
dns_zone_getupdateacl(zone), ssutable));
/*
* Check requestor's permissions.
*/
if (ssutable == NULL) {
CHECK(checkupdateacl(client, dns_zone_getupdateacl(zone),
"update", dns_zone_getorigin(zone), false,
false));
} else if (client->signer == NULL && !TCPCLIENT(client)) {
CHECK(checkupdateacl(client, NULL, "update",
dns_zone_getorigin(zone), false, true));
}
if (dns_zone_getupdatedisabled(zone)) {
FAILC(DNS_R_REFUSED, "dynamic update temporarily disabled "
"because the zone is frozen. Use "
"'rndc thaw' to re-enable updates.");
}
/*
* Prescan the update section, checking for updates that
* are illegal or violate policy.
*/
for (result = dns_message_firstname(request, DNS_SECTION_UPDATE);
result == ISC_R_SUCCESS;
result = dns_message_nextname(request, DNS_SECTION_UPDATE))
{
dns_name_t *name = NULL;
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_ttl_t ttl;
dns_rdataclass_t update_class;
get_current_rr(request, DNS_SECTION_UPDATE, zoneclass, &name,
&rdata, &covers, &ttl, &update_class);
if (!dns_name_issubdomain(name, zonename)) {
FAILC(DNS_R_NOTZONE, "update RR is outside zone");
}
if (update_class == zoneclass) {
/*
* Check for meta-RRs. The RFC2136 pseudocode says
* check for ANY|AXFR|MAILA|MAILB, but the text adds
* "or any other QUERY metatype"
*/
if (dns_rdatatype_ismeta(rdata.type)) {
FAILC(DNS_R_FORMERR, "meta-RR in update");
}
result = dns_zone_checknames(zone, name, &rdata);
if (result != ISC_R_SUCCESS) {
FAIL(DNS_R_REFUSED);
}
} else if (update_class == dns_rdataclass_any) {
if (ttl != 0 || rdata.length != 0 ||
(dns_rdatatype_ismeta(rdata.type) &&
rdata.type != dns_rdatatype_any))
{
FAILC(DNS_R_FORMERR, "meta-RR in update");
}
} else if (update_class == dns_rdataclass_none) {
if (ttl != 0 || dns_rdatatype_ismeta(rdata.type)) {
FAILC(DNS_R_FORMERR, "meta-RR in update");
}
} else {
update_log(client, zone, ISC_LOG_WARNING,
"update RR has incorrect class %d",
update_class);
FAIL(DNS_R_FORMERR);
}
/*
* draft-ietf-dnsind-simple-secure-update-01 says
* "Unlike traditional dynamic update, the client
* is forbidden from updating NSEC records."
*/
if (rdata.type == dns_rdatatype_nsec3) {
FAILC(DNS_R_REFUSED, "explicit NSEC3 updates are not "
"allowed "
"in secure zones");
} else if (rdata.type == dns_rdatatype_nsec) {
FAILC(DNS_R_REFUSED, "explicit NSEC updates are not "
"allowed "
"in secure zones");
} else if (rdata.type == dns_rdatatype_rrsig &&
!dns_name_equal(name, zonename))
{
FAILC(DNS_R_REFUSED, "explicit RRSIG updates are "
"currently "
"not supported in secure zones "
"except "
"at the apex");
}
if (ssutable != NULL) {
isc_netaddr_t netaddr;
dst_key_t *tsigkey = NULL;
isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
if (client->message->tsigkey != NULL) {
tsigkey = client->message->tsigkey->key;
}
if (rdata.type != dns_rdatatype_any) {
if (!dns_ssutable_checkrules(
ssutable, client->signer, name,
&netaddr, TCPCLIENT(client), env,
rdata.type, tsigkey))
{
FAILC(DNS_R_REFUSED, "rejected by "
"secure update");
}
} else {
if (!ssu_checkall(db, ver, name, ssutable,
client->signer, &netaddr, env,
TCPCLIENT(client), tsigkey))
{
FAILC(DNS_R_REFUSED, "rejected by "
"secure update");
}
}
}
}
if (result != ISC_R_NOMORE) {
FAIL(result);
}
update_log(client, zone, LOGLEVEL_DEBUG, "update section prescan OK");
result = isc_quota_attach(&client->manager->sctx->updquota,
&(isc_quota_t *){ NULL });
if (result != ISC_R_SUCCESS) {
update_log(client, zone, LOGLEVEL_PROTOCOL,
"update failed: too many DNS UPDATEs queued (%s)",
isc_result_totext(result));
ns_stats_increment(client->manager->sctx->nsstats,
ns_statscounter_updatequota);
CHECK(DNS_R_DROP);
}
event = (update_event_t *)isc_event_allocate(
client->mctx, client, DNS_EVENT_UPDATE, update_action, NULL,
@ -1564,6 +1729,16 @@ send_update_event(ns_client_t *client, dns_zone_t *zone) {
dns_zone_gettask(zone, &zonetask);
isc_task_send(zonetask, ISC_EVENT_PTR(&event));
failure:
if (db != NULL) {
dns_db_closeversion(db, &ver, false);
dns_db_detach(&db);
}
if (ssutable != NULL) {
dns_ssutable_detach(&ssutable);
}
return (result);
}
@ -1671,9 +1846,6 @@ ns_update_start(ns_client_t *client, isc_nmhandle_t *handle,
break;
case dns_zone_secondary:
case dns_zone_mirror:
CHECK(checkupdateacl(client, dns_zone_getforwardacl(zone),
"update forwarding", zonename, true,
false));
dns_message_clonebuffer(client->message);
CHECK(send_forward_event(client, zone));
break;
@ -1684,16 +1856,21 @@ ns_update_start(ns_client_t *client, isc_nmhandle_t *handle,
failure:
if (result == DNS_R_REFUSED) {
INSIST(dns_zone_gettype(zone) == dns_zone_secondary ||
dns_zone_gettype(zone) == dns_zone_mirror);
inc_stats(client, zone, ns_statscounter_updaterej);
}
/*
* We failed without having sent an update event to the zone.
* We are still in the client task context, so we can
* simply give an error response without switching tasks.
*/
respond(client, result);
if (result == DNS_R_DROP) {
ns_client_drop(client, result);
isc_nmhandle_detach(&client->reqhandle);
} else {
respond(client, result);
}
if (zone != NULL) {
dns_zone_detach(&zone);
}
@ -2579,7 +2756,7 @@ update_action(isc_task_t *task, isc_event_t *event) {
dns_rdatatype_t covers;
dns_message_t *request = client->message;
dns_rdataclass_t zoneclass;
dns_name_t *zonename;
dns_name_t *zonename = NULL;
dns_ssutable_t *ssutable = NULL;
dns_fixedname_t tmpnamefixed;
dns_name_t *tmpname = NULL;
@ -2591,8 +2768,6 @@ update_action(isc_task_t *task, isc_event_t *event) {
dns_ttl_t maxttl = 0;
uint32_t maxrecords;
uint64_t records;
dns_aclenv_t *env =
ns_interfacemgr_getaclenv(client->manager->interface->mgr);
INSIST(event->ev_type == DNS_EVENT_UPDATE);
@ -2603,14 +2778,7 @@ update_action(isc_task_t *task, isc_event_t *event) {
zonename = dns_db_origin(db);
zoneclass = dns_db_class(db);
dns_zone_getssutable(zone, &ssutable);
/*
* Update message processing can leak record existence information
* so check that we are allowed to query this zone. Additionally
* if we would refuse all updates for this zone we bail out here.
*/
CHECK(checkqueryacl(client, dns_zone_getqueryacl(zone), zonename,
dns_zone_getupdateacl(zone), ssutable));
options = dns_zone_getoptions(zone);
/*
* Get old and new versions now that queryacl has been checked.
@ -2746,136 +2914,9 @@ update_action(isc_task_t *task, isc_event_t *event) {
update_log(client, zone, LOGLEVEL_DEBUG, "prerequisites are OK");
/*
* Check Requestor's Permissions. It seems a bit silly to do this
* only after prerequisite testing, but that is what RFC2136 says.
*/
if (ssutable == NULL) {
CHECK(checkupdateacl(client, dns_zone_getupdateacl(zone),
"update", zonename, false, false));
} else if (client->signer == NULL && !TCPCLIENT(client)) {
CHECK(checkupdateacl(client, NULL, "update", zonename, false,
true));
}
if (dns_zone_getupdatedisabled(zone)) {
FAILC(DNS_R_REFUSED, "dynamic update temporarily disabled "
"because the zone is frozen. Use "
"'rndc thaw' to re-enable updates.");
}
/*
* Perform the Update Section Prescan.
*/
for (result = dns_message_firstname(request, DNS_SECTION_UPDATE);
result == ISC_R_SUCCESS;
result = dns_message_nextname(request, DNS_SECTION_UPDATE))
{
dns_name_t *name = NULL;
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_ttl_t ttl;
dns_rdataclass_t update_class;
get_current_rr(request, DNS_SECTION_UPDATE, zoneclass, &name,
&rdata, &covers, &ttl, &update_class);
if (!dns_name_issubdomain(name, zonename)) {
FAILC(DNS_R_NOTZONE, "update RR is outside zone");
}
if (update_class == zoneclass) {
/*
* Check for meta-RRs. The RFC2136 pseudocode says
* check for ANY|AXFR|MAILA|MAILB, but the text adds
* "or any other QUERY metatype"
*/
if (dns_rdatatype_ismeta(rdata.type)) {
FAILC(DNS_R_FORMERR, "meta-RR in update");
}
result = dns_zone_checknames(zone, name, &rdata);
if (result != ISC_R_SUCCESS) {
FAIL(DNS_R_REFUSED);
}
} else if (update_class == dns_rdataclass_any) {
if (ttl != 0 || rdata.length != 0 ||
(dns_rdatatype_ismeta(rdata.type) &&
rdata.type != dns_rdatatype_any))
{
FAILC(DNS_R_FORMERR, "meta-RR in update");
}
} else if (update_class == dns_rdataclass_none) {
if (ttl != 0 || dns_rdatatype_ismeta(rdata.type)) {
FAILC(DNS_R_FORMERR, "meta-RR in update");
}
} else {
update_log(client, zone, ISC_LOG_WARNING,
"update RR has incorrect class %d",
update_class);
FAIL(DNS_R_FORMERR);
}
/*
* draft-ietf-dnsind-simple-secure-update-01 says
* "Unlike traditional dynamic update, the client
* is forbidden from updating NSEC records."
*/
if (rdata.type == dns_rdatatype_nsec3) {
FAILC(DNS_R_REFUSED, "explicit NSEC3 updates are not "
"allowed "
"in secure zones");
} else if (rdata.type == dns_rdatatype_nsec) {
FAILC(DNS_R_REFUSED, "explicit NSEC updates are not "
"allowed "
"in secure zones");
} else if (rdata.type == dns_rdatatype_rrsig &&
!dns_name_equal(name, zonename))
{
FAILC(DNS_R_REFUSED, "explicit RRSIG updates are "
"currently "
"not supported in secure zones "
"except "
"at the apex");
}
if (ssutable != NULL) {
isc_netaddr_t netaddr;
dst_key_t *tsigkey = NULL;
isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
if (client->message->tsigkey != NULL) {
tsigkey = client->message->tsigkey->key;
}
if (rdata.type != dns_rdatatype_any) {
if (!dns_ssutable_checkrules(
ssutable, client->signer, name,
&netaddr, TCPCLIENT(client), env,
rdata.type, tsigkey))
{
FAILC(DNS_R_REFUSED, "rejected by "
"secure update");
}
} else {
if (!ssu_checkall(db, ver, name, ssutable,
client->signer, &netaddr, env,
TCPCLIENT(client), tsigkey))
{
FAILC(DNS_R_REFUSED, "rejected by "
"secure update");
}
}
}
}
if (result != ISC_R_NOMORE) {
FAIL(result);
}
update_log(client, zone, LOGLEVEL_DEBUG, "update section prescan OK");
/*
* Process the Update Section.
*/
options = dns_zone_getoptions(zone);
for (result = dns_message_firstname(request, DNS_SECTION_UPDATE);
result == ISC_R_SUCCESS;
result = dns_message_nextname(request, DNS_SECTION_UPDATE))
@ -3314,10 +3355,7 @@ update_action(isc_task_t *task, isc_event_t *event) {
if (result == ISC_R_SUCCESS && records > maxrecords) {
update_log(client, zone, ISC_LOG_ERROR,
"records in zone (%" PRIu64 ") "
"exceeds"
" max-"
"records"
" (%u)",
"exceeds max-records (%u)",
records, maxrecords);
result = DNS_R_TOOMANYRECORDS;
goto failure;
@ -3518,6 +3556,7 @@ updatedone_action(isc_task_t *task, isc_event_t *event) {
respond(client, uev->result);
isc_quota_detach(&(isc_quota_t *){ &client->manager->sctx->updquota });
isc_event_free(&event);
isc_nmhandle_detach(&client->updatehandle);
}
@ -3534,6 +3573,8 @@ forward_fail(isc_task_t *task, isc_event_t *event) {
INSIST(client->nupdates > 0);
client->nupdates--;
respond(client, DNS_R_SERVFAIL);
isc_quota_detach(&(isc_quota_t *){ &client->manager->sctx->updquota });
isc_event_free(&event);
isc_nmhandle_detach(&client->updatehandle);
}
@ -3571,6 +3612,8 @@ forward_done(isc_task_t *task, isc_event_t *event) {
client->nupdates--;
ns_client_sendraw(client, uev->answer);
dns_message_detach(&uev->answer);
isc_quota_detach(&(isc_quota_t *){ &client->manager->sctx->updquota });
isc_event_free(&event);
isc_nmhandle_detach(&client->reqhandle);
isc_nmhandle_detach(&client->updatehandle);
@ -3606,6 +3649,24 @@ send_forward_event(ns_client_t *client, dns_zone_t *zone) {
update_event_t *event = NULL;
isc_task_t *zonetask = NULL;
result = checkupdateacl(client, dns_zone_getforwardacl(zone),
"update forwarding", dns_zone_getorigin(zone),
true, false);
if (result != ISC_R_SUCCESS) {
return (result);
}
result = isc_quota_attach(&client->manager->sctx->updquota,
&(isc_quota_t *){ NULL });
if (result != ISC_R_SUCCESS) {
update_log(client, zone, LOGLEVEL_PROTOCOL,
"update failed: too many DNS UPDATEs queued (%s)",
isc_result_totext(result));
ns_stats_increment(client->manager->sctx->nsstats,
ns_statscounter_updatequota);
return (DNS_R_DROP);
}
event = (update_event_t *)isc_event_allocate(
client->mctx, client, DNS_EVENT_UPDATE, forward_action, NULL,
sizeof(*event));