I was reading the changelogs for version 1.4.21 and came across this bug fix listed but without a Bugzilla link: “Fix queries leaking up for stubs and forwards, if the configured nameservers all fail to answer.”
I was wondering how I could get more information on how this problem manifested (or was found), what code change the fix involved and whether or not my version was susceptible in the first place. I’m happy to do the footwork, just need some pointing in the right direction.
I was reading the changelogs for version 1.4.21 and came across
this bug fix listed but without a Bugzilla link: “Fix queries
leaking up for stubs and forwards, if the configured nameservers
all fail to answer.”
I was wondering how I could get more information on how this
problem manifested (or was found), what code change the fix
involved and whether or not my version was susceptible in the first
place. I’m happy to do the footwork, just need some pointing in the
right direction.
This bug involved unbound failing to resolve at all nameservers, and
then trying to get the parental-delegation information. This is great
to resolve troublesome names normally, but when a configuration entry
is present, this is not supposed to happen. The issue was code in
iterator/iterator.c:can_have_last_resort() which was fixed for this
issue (commit r2882).