Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the max-cache-size statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit. It has been discovered that the effectiveness of the cache-cleaning algorithm used in named can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured max-cache-size limit to be significantly exceeded.
*** Bug 2216580 has been marked as a duplicate of this bug. ***
Created bind tracking bugs for this issue: Affects: fedora-all [bug 2216627] Created dhcp tracking bugs for this issue: Affects: fedora-all [bug 2216628]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:4005 https://access.redhat.com/errata/RHSA-2023:4005
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:4037 https://access.redhat.com/errata/RHSA-2023:4037
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:4099 https://access.redhat.com/errata/RHSA-2023:4099
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:4101 https://access.redhat.com/errata/RHSA-2023:4101
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:4100 https://access.redhat.com/errata/RHSA-2023:4100
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:4102 https://access.redhat.com/errata/RHSA-2023:4102
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:4154 https://access.redhat.com/errata/RHSA-2023:4154
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:4153 https://access.redhat.com/errata/RHSA-2023:4153
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2023:4152 https://access.redhat.com/errata/RHSA-2023:4152
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:4332 https://access.redhat.com/errata/RHSA-2023:4332
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-2828