Hi, Bind-user folks, I have a question, about Vulnerability CVE-2014-8500 new bind option "max-recursion-depth", I do not know this option meaning.
I read ARM Documents.... I used Bind Version is 9.9.6-P1. ------------------------------ max-recursion-depth Sets the maximum number of levels of recursion that are permitted at any one time while servicing a recursive query. Resolving a name may require looking up a name server address, which in turn requires resolving another name, etc; if the number of indirections exceeds this value, the recursive query is terminated and returns SERVFAIL. The default is 7. max-recursion-queries Sets the maximum number of iterative queries that may be sent while servicing a recursive query. If more queries are sent, the recursive query is terminated and returns SERV- FAIL. The default is 50. ------------------------------ Probably meaning of "max-recursion-queries" is Iterative query max attempt from Cahce Servers. and also, this configuration option it could be confirmed that is to be test servers result "Servfail". But, "max-recursion-depth", However, it tried but it did not become a Servfail. Meaning of is is "Indirections" is described in the document, it means that when the authority server that does not come directly returns the IP address, such as the NS and CNAME? Default 7 times the number of times that follow that? Please tell me I think it's my lack of knowledge. I want to know if there is a recommended setting value of everyone regards. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users