mirror of
https://github.com/isc-projects/bind9.git
synced 2026-03-14 14:42:22 -04:00
15096aefdf
Instead of running all the cryptographic validation in a tight loop, spread it out into multiple event loop "ticks", but moving every single validation into own isc_async_run() asynchronous event. Move the cryptographic operations - both verification and DNSKEY selection - to the offloaded threads (isc_work_enqueue), this further limits the time we spend doing expensive operations on the event loops that should be fast. Limit the impact of invalid or malicious RRSets that contain crafted records causing the dns_validator to do many validations per single fetch by adding a cap on the maximum number of validations and maximum number of validation failures that can happen before the resolving fails. |
||
|---|---|---|
| .. | ||
| dns | ||
| dst | ||
| irs | ||
| .clang-format | ||