Skip to content

Cache key isolation issue in recursive lookups #1502

@pawal

Description

@pawal

Recursor->recurse() supports passing a custom nameserver set, but the recursive cache key is only (name, type, class) (lib/Zonemaster/Engine/Recursor.pm, around lines 98-110). That means a result learned from a custom/untrusted nameserver context can be reused later by normal root-based recursion for the same qname/qtype/qclass. It would be safer if cache entries were scoped by resolver context (for example, root mode vs specific NS set), or if custom-NS recursion bypassed the shared cache.

Metadata

Metadata

Assignees

No one assigned

    Labels

    T-FeatureType: New feature in software or test case description

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions