[nsd-users] NSD 4.1.11
Anand Buddhdev
anandb at ripe.net
Wed Aug 10 07:04:51 UTC 2016
On 10/08/16 04:03, Paul Wouters wrote:
Hi Paul,
> If this is a known vulnerability, is there a reason why the default
> config has not enabled any kind of limits? This release is now just
> as vulnerable as before because no upper limits have actually been
> enabled.
Introducing a limit has the potential of breaking some configurations if
they have large zones.
Given that this vulnerability only affects slave NSDs, and that most
configs will have well-known masters, I don't think it's such huge problem.
FYI, Knot DNS has also introduced a similar option, but it also defaults
to unlimited.
Regards,
Anand
More information about the nsd-users
mailing list