On Wed, Jun 07, 2023 at 03:46:39PM -0400, Michael Butler wrote:
No. I will not indulge your invention of terms. "Hard-coded" means you need to recompile to change it. This is a default value. A configuration option takes precedence.
BIND-9.18.14 requires recompilation to update the embedded defaults ..
bin/named/config.c: 2001:500:200::b; # b.root-servers.net\n\ bin/named/config.c: 199.9.14.201; # b.root-servers.net\n\ lib/dns/rootns.c: "B.ROOT-SERVERS.NET. 3600000 IN A 199.9.14.201\n" lib/dns/rootns.c: "B.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:200::b\n"
Don't comprehend what a vulnerability is. Don't recognize the distinction between a logic issue and a configuration issue. Don't understand the difference between "hard-coded" and a default value. Don't recognize that these defaults are overridden by a existing configuration file that is often shipped by the operating system distribution. Don't read the code. Be a co-author with Bill on the CVE. Go for it. -- . ___ ___ . . ___ . \ / |\ |\ \ . _\_ /__ |-\ |-\ \__