Hi Greg. Short answer: no. Slightly less short answer: no, if you prevent the server from trying to follow delegations. It's that potentially wild goose chase that was the problem.
In short: - Forwarding must cover everything the server needs to do (that isn't locally defined) i.e. global forwarding. - Along with "forwarders {x;y;z;};" also configure "forward only;" to tell the server not to chase down delegations, should forwarding fail for some reason. If it's *only* forwarding it won't need to try and follow any NS records it might receive; goose chase avoided. Hope that helps. Greg On Tue, 18 Oct 2022 at 19:46, Greg Rabil <greg.ra...@cygnalabs.com> wrote: > Hi bind-users, > > This vulnerability was recently fixed in BIND 9.16.33: > > > > CVE-2022-2795: Processing large delegations may severely degrade resolver > performance > > > > Question: Would a server that is configured to forward all queries be > impacted by this issue? > > > > Thanks, > > Greg > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users