From: "Mukund Sivaraman" <muks@isc.org>
MIME-Version: 1.0
X-RT-Incoming-Encryption: Not encrypted
Date: Tue, 17 Oct 2017 23:07:31 +0530
To: bind-suggest@isc.org
User-Agent: Mutt/1.9.1 (2017-09-22)
From muks@isc.org  Tue Oct 17 17:37:42 2017
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mx.pao1.isc.org
X-Original-To: bind9-public@bugs.isc.org
Subject: Some LRU tweaks for negative rdatasetheader handling
content-type: text/plain; charset="utf-8"
Delivered-To: bind9-public@bugs.isc.org
Return-Path: <muks@isc.org>
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx.pao1.isc.org", Issuer "COMODO RSA Organization Validation Secure Server CA" (not verified)) by bugs.isc.org (Postfix) with ESMTPS id 25D53D78B0A for <bind9-public@bugs.isc.org>; Tue, 17 Oct 2017 17:37:42 +0000 (UTC)
Received: from mail.banu.com (mail.banu.com [IPv6:2a01:4f8:140:644b::225]) by mx.pao1.isc.org (Postfix) with ESMTP id 2DBAF3ABE66 for <bind-suggest@isc.org>; Tue, 17 Oct 2017 17:37:40 +0000 (UTC)
Received: from jurassic (unknown [115.118.48.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.banu.com (Postfix) with ESMTPSA id 1367A56A0446; Tue, 17 Oct 2017 17:37:36 +0000 (GMT)
X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=unavailable autolearn_force=no version=3.4.1
Content-Disposition: inline
Message-ID: <20171017173731.GA5372@jurassic>
X-RT-Original-Encoding: ascii
X-RT-Interface: Email
Content-Length: 1050

Do the following tweaks for negative rdataset handling:

* rdataset->rdh_ttl is rdataset->ttl + addrdataset time

* During add32(), modify code so that if the header is negative, append
  it at the end of the LRU list

* Don't modify need_headerupdate()

* During update_header(), if the header is negative:

  + If update_header() was called < 1 minute after addrdataset() [which
    can be determined by rdataset->rdh_ttl vs. rdataset->ttl vs. now],
    don't update the header.

  + Otherwise, bring the header to the front of the LRU list as
    currently done.

----

With these changes, during a random subdomain attack, all these negative
answers will stick to the end of the LRU lists (where they'll be cleaned
out first) and if a negative answer is actually re-used after a minute,
then it'll be moved to the front of the LRU lists (i.e., it won't be
cleaned out).

We can also remove this second part if we want to be strict - i.e., just
let all negative answers get cleaned up first whether they have been
recently used or not.

		Mukund