Question about CVE-2019-6477: TCP-pipelined queries can bypass tcp-clients limit
Veronique.Lefebure at cern.ch
Fri Dec 20 15:44:18 UTC 2019
Many thanks for your reply. It answers the second part of my question.
But what about the first part of the question: " If a client is using TCP-pipelining, and if querylog channel is enabled, what will appear in the query log file for that client ? Shall we see one line per DNS query, i.e. N lines if the client has sent N queries in the pipeline, or shall we see only one line ?"
You say "Just seeing multiple queries from the same client TCP connection doesn't mean that it is pipelining them."
But are we sure that one would see multiple queries in the querylogs in case of pipelining ?
From: Cathy Almond <cathya at isc.org>
Sent: 09 December 2019 10:05
To: Veronique Lefebure <Veronique.Lefebure at cern.ch>
Subject: Re: FW: Question about CVE-2019-6477: TCP-pipelined queries can bypass tcp-clients limit
I replied the same day:
But oddly, I don't see your posting on the list at all, just my reply.
It looks like it never made it to the list - the reason being that you can't post to the list unless you're a subscriber (which, after
checking, it turns out that you're not). You should have received an
auto-reply saying that your posting was held for moderation because you weren't signed-up to the list.
I'm guessing that you BCCd me when you posted, and I just replied to the list, thinking that your posting had come from the list and not directly.
So.. if you didn't subscribe, you wouldn't have seen the reply...
More information about the bind-users