You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is not a support question, I have read about opensource and will send support questions to the IRC channel, GitHub Discussions or the mailing list.
As reported on the pdns-users list, attempting to do DNSSEC in a split-backend configuration where the first backend lacks DNSSEC support (e.g. LDAP, GeoIP, TinyDNS) can end up triggering a defensive abort in the code in DNSBackend::getBeforeAndAfterNamesAbsolute().
This happens because various code paths in PacketHandler trust the backend obtained by getSOAUncached to be able to perform DNSSEC operations.
As a minimum, the use of DNSSEC methods should be protected by doesDNSSEC() calls to prevent hitting the abort().
The text was updated successfully, but these errors were encountered:
This is not a support question, I have read about opensource and will send support questions to the IRC channel, GitHub Discussions or the mailing list.
I have read and understood the 'out in the open' support policy
Program: Authoritative
Issue type: Bug report
Short description
As reported on the pdns-users list, attempting to do DNSSEC in a split-backend configuration where the first backend lacks DNSSEC support (e.g. LDAP, GeoIP, TinyDNS) can end up triggering a defensive
abortin the code inDNSBackend::getBeforeAndAfterNamesAbsolute().This happens because various code paths in
PacketHandlertrust the backend obtained bygetSOAUncachedto be able to perform DNSSEC operations.As a minimum, the use of DNSSEC methods should be protected by
doesDNSSEC()calls to prevent hitting theabort().The text was updated successfully, but these errors were encountered: