Hi Greg.
Short answer: no.
Slightly less short answer: no, if you prevent the server from trying to
follow delegations. It's that potentially wild goose chase that was the
problem.
In short:
- Forwarding must cover everything the server needs to do (that isn't
locally defined) i.e. global forwarding.
- Along with "forwarders {x;y;z;};" also configure "forward only;" to tell
the server not to chase down delegations, should forwarding fail for some
reason.
If it's *only* forwarding it won't need to try and follow any NS records
it might receive; goose chase avoided.
Hope that helps.
Greg
On Tue, 18 Oct 2022 at 19:46, Greg Rabil <greg.ra...@cygnalabs.com> wrote:
> Hi bind-users,
>
> This vulnerability was recently fixed in BIND 9.16.33:
>
>
>
> CVE-2022-2795: Processing large delegations may severely degrade resolver
> performance
>
>
>
> Question: Would a server that is configured to forward all queries be
> impacted by this issue?
>
>
>
> Thanks,
>
> Greg
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
