upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-22 10:10:14 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
bind9/lib
History
Ondřej Surý cffcab9d5f
Use cryptographically-secure pseudo-random generator everywhere 
It was discovered in an upcoming academic paper that a xoshiro128**
internal state can be recovered by an external 3rd party allowing to
predict UDP ports and DNS IDs in the outgoing queries.  This could lead
to an attacker spoofing the DNS answers with great efficiency and
poisoning the DNS cache.

Change the internal random generator to system CSPRNG with buffering to
avoid excessive syscalls.

Thanks Omer Ben Simhon and Amit Klein of Hebrew University of Jerusalem
for responsibly reporting this to us.  Very cool research!
2025-10-02 13:26:07 +02:00
..
dns Retry lookups with unsigned DNAME over TCP 2025-10-02 12:54:42 +02:00
isc Use cryptographically-secure pseudo-random generator everywhere 2025-10-02 13:26:07 +02:00
isccc replace the build system with meson 2025-06-11 10:30:12 +03:00
isccfg rename ns_pluginregister_ctx_t into ns_pluginctx_t 2025-10-01 20:20:48 +02:00
ns rename ns_pluginregister_ctx_t into ns_pluginctx_t 2025-10-01 20:20:48 +02:00
.gitignore The isc/platform.h header has been completely removed 2021-07-06 05:33:48 +00:00
meson.build replace the build system with meson 2025-06-11 10:30:12 +03:00