[nsd-users] NSD 4.1.11

Anand Buddhdev anandb at ripe.net
Wed Aug 10 09:04:51 CEST 2016


On 10/08/16 04:03, Paul Wouters wrote:

Hi Paul,

> If this is a known vulnerability, is there a reason why the default
> config has not enabled any kind of limits? This release is now just
> as vulnerable as before because no upper limits have actually been
> enabled.

Introducing a limit has the potential of breaking some configurations if
they have large zones.

Given that this vulnerability only affects slave NSDs, and that most
configs will have well-known masters, I don't think it's such huge problem.

FYI, Knot DNS has also introduced a similar option, but it also defaults
to unlimited.

Regards,
Anand


More information about the nsd-users mailing list