NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
bin/58170: NetBSD10.0 /usr/sbin/bind problem
>Number: 58170
>Category: bin
>Synopsis: NetBSD10.0 /usr/sbin/bind problem
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Apr 17 21:50:00 +0000 2024
>Originator: Yoshitaka Tokugawa
>Release: NetBSD 10.0
>Organization:
>Environment:
NetBSD tamgw.tokugawa.or.jp 10.0 NetBSD 10.0 (NETBSD) #14: Mon Apr 1 09:09:51 JST 2024 toku%hpms.tokugawa.org@localhost:/sys/arch/amd64/compile/NETBSD amd64
>Description:
NetBSD10 bind supports blocklistd, but it seems to block even valid queries.
Compared to "denied (allow-query-cache did not match)" in the named's logs, blocklistd blocks far more addresses.
But many of which queries from blocked addresses are appears to be valid queries.
>How-To-Repeat:
>Fix:
I don't know well about bind behavior, but following patch seems to be solves my problem.
*** external/mpl/bind/dist/lib/ns/query.c.orig Tue Apr 16 14:44:32 2024
--- external/mpl/bind/dist/lib/ns/query.c Thu Apr 18 06:35:25 2024
***************
*** 909,915 ****
msg);
}
} else {
- pfilter_notify(result, client, "checkcacheaccess");
/*
* We were denied by the "allow-query-cache" ACL.
* There is no need to clear NS_QUERYATTR_CACHEACLOK
--- 909,914 ----
***************
*** 920,925 ****
--- 919,925 ----
NULL);
if (log) {
+ pfilter_notify(result, client, "checkcacheaccess");
ns_client_aclmsg("query (cache)", name, qtype,
client->view->rdclass, msg,
sizeof(msg));
Home |
Main Index |
Thread Index |
Old Index