upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-03-10 10:11:39 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
23133 commits 18 branches 854 tags 440 MiB
Commit graph

1778 commits

Author SHA1 Message Date
Tinderbox User
afb9f6c482 update copyright notice / whitespace 2016-06-16 23:46:03 +00:00
Mark Andrews
8ae151e5db backport dns_name_t *name -> const dns_name_t *name 
(cherry picked from commit ded95d497df16579852356fc5434671d24c7f00d)
 2016-06-16 21:40:22 +10:00
Mark Andrews
2bf3a4d271 4366. [bug] Address race condition when updating rbtnode bit 
fields. [RT #42379]

(cherry picked from commit e2047969de)
 2016-05-17 13:16:41 +10:00
Evan Hunt
529734f9fc [v9_9] prep 9.9.9b2 2016-03-24 12:42:54 -07:00
Mark Andrews
6aec5717c7 4341. [bug] 'rndc flushtree' could fail to clean the tree if there 
wasn't a node at the specified name. [RT #41846]

(cherry picked from commit 6214c3c93a)
 2016-03-24 11:38:17 +11:00
Tinderbox User
5cc724937d update copyright notice / whitespace 2016-03-22 23:45:44 +00:00
Evan Hunt
0c3dc6f60f [v9_9] fix mkeys TTL 0 issue 
4337.	[bug]		The previous change exposed a latent flaw in
			key refresh queries for managed-keys when
			a cached DNSKEY had TTL 0. [RT #41986]
 2016-03-22 12:13:39 -07:00
Tinderbox User
aad46e76a7 update copyright notice / whitespace 2016-03-10 23:45:46 +00:00
Mark Andrews
927e9d8bbc 4330. [protocol] Identify the PAD option as "PAD" when printing out 
a message.

(cherry picked from commit 33a4294f44)
 2016-03-10 16:54:51 +11:00
Mark Andrews
757e02d75c update copyrights 2016-03-08 16:19:15 +11:00
Mark Andrews
0649f3a0c0 4329. [func] Warn about a common misconfiguration when forwarding 
RFC 1918 zones. [RT #41441]
 2016-03-08 10:12:02 +11:00
Mukund Sivaraman
4bb2aa3e15 Repack dns_rbtnode struct to gain some space (reduce packing holes) (#41854) 
(cherry picked from commit 8dbf9ceb8c)
(cherry picked from commit 2a461f1348)
 2016-03-07 16:18:02 +05:30
Tinderbox User
45449617be update copyright notice / whitespace 2016-01-14 23:46:05 +00:00
Evan Hunt
6deb83615c [v9_9] added sockaddr.h 
4291.	[cleanup]	Added a required include to dns/forward.h. [RT #41474]

(cherry picked from commit b4ccec331d)
(cherry picked from commit 25da0107d1)
 2016-01-14 10:27:41 -08:00
Mukund Sivaraman
a28d8e8bf5 Improve performance of RBT (#41165) 
(cherry picked from commit 5d79b60fc5)
(cherry picked from commit 318158d66a)
 2015-12-11 10:29:36 +05:30
Mark Andrews
9631d0769e 4260. [security] Insufficient testing when parsing a message allowed 
records with an incorrect class to be be accepted,
                        triggering a REQUIRE failure when those records
                        were subsequently cached. (CVE-2015-8000) [RT #4098]

(cherry picked from commit c8821d124c)
 2015-11-16 13:28:28 +11:00
Tinderbox User
4acf5216d7 update copyright notice / whitespace 2015-11-09 23:46:11 +00:00
Evan Hunt
7d984067ee [v9_9] fix python script versions 
4257.	[cleanup]	Python scripts reported incorrect version. [RT #41080]
 2015-11-08 21:41:04 -08:00
Mark Andrews
79f23b271e 4191. [protocol] Accept DNS-SD non LDH PTR records in reverse zones 
as per RFC 6763. [RT #37889]

(cherry picked from commit 5855fd79e3)
 2015-08-25 14:46:41 +10:00
Mark Andrews
fea8a9d56b 4190. [protocol] Accept Active Diretory gc._msdcs.<forest> name as 
valid with check-names.  <forest> still needs to be
                        LDH. [RT #40399]

(cherry picked from commit dc3912f3ca)
 2015-08-22 15:28:16 +10:00
Tinderbox User
cd80053809 update copyright notice / whitespace 2015-08-07 23:46:19 +00:00
Evan Hunt
0d83784a75 [v9_9] address buffer accounting error 
4168.	[security]	A buffer accounting error could trigger an
			assertion failure when parsing certain malformed
			DNSSEC keys. (CVE-2015-5722) [RT #40212]

(cherry picked from commit ce9f893e21)
 2015-08-07 13:22:40 -07:00
Tinderbox User
cc1a709402 update copyright notice / whitespace 2015-07-13 23:46:09 +00:00
Mark Andrews
82b6caf613 4164. [bug] Don't rename slave files and journals on out of memory. 
[RT #40033]

4163.   [bug]           Address compiler warnings. [RT #40024]

(cherry picked from commit 3a49d0ff10)
 2015-07-13 09:49:09 +10:00
Tinderbox User
835eaef8e3 update copyright notice / whitespace 2015-07-09 23:46:11 +00:00
Evan Hunt
ea36796f82 [v9_9] DDoS mitigation features 
3938.	[func]		Added quotas to be used in recursive resolvers
			that are under high query load for names in zones
			whose authoritative servers are nonresponsive or
			are experiencing a denial of service attack.

			- "fetches-per-server" limits the number of
			  simultaneous queries that can be sent to any
			  single authoritative server.  The configured
			  value is a starting point; it is automatically
			  adjusted downward if the server is partially or
			  completely non-responsive. The algorithm used to
			  adjust the quota can be configured via the
			  "fetch-quota-params" option.
			- "fetches-per-zone" limits the number of
			  simultaneous queries that can be sent for names
			  within a single domain.  (Note: Unlike
			  "fetches-per-server", this value is not
			  self-tuning.)
			- New stats counters have been added to count
			  queries spilled due to these quotas.

			These options are not available by default;
			use "configure --enable-fetchlimit" (or
			--enable-developer) to include them in the build.

			See the ARM for details of these options. [RT #37125]
 2015-07-08 23:00:58 -07:00
Mark Andrews
5e210b5fe5 4158. [protocol] Support the printing of EDNS COOKIE options. 
[RT #39928]
 2015-07-07 15:49:36 +10:00
Mark Andrews
f5386a21a8 4154. [bug] A OPT record should be included with the FORMERR 
response when there is a malformed EDNS option.
                        [RT #39647]

4153.   [bug]           Check that non significant ECS bits are zero on
                        receipt. [RT #39647]
 2015-07-06 16:34:48 +10:00
Mukund Sivaraman
fc0797977d Fix a bug printing zone names with '/' character in XML and JSON stats (#39873) 
(cherry picked from commit 08f0129732)

Conflicts:
	bin/tests/system/statistics/clean.sh

(cherry picked from commit f69f188b90)

Conflicts:
	bin/named/statschannel.c
	bin/tests/system/statistics/clean.sh
	bin/tests/system/statistics/ns1/named.conf
	bin/tests/system/statistics/tests.sh

Conflicts:
	CHANGES
 2015-06-30 14:45:13 +05:30
Tinderbox User
2a71b08491 update copyright notice / whitespace 2015-05-28 23:46:13 +00:00
Mark Andrews
f381cb86da 4127. [protocol] CDS and CDNSKEY need to be signed by the key signing 
key as per RFC 7344, Section 4.1. [RT #37215]

(cherry picked from commit 598b502695)
 2015-05-27 15:45:46 +10:00
Tinderbox User
8eb77bc70b update copyright notice / whitespace 2015-05-11 23:46:10 +00:00
Mark Andrews
20890f61bf use dns_opcode_t 
(cherry picked from commit 844b568182)
 2015-05-11 12:17:50 +10:00
Tinderbox User
9bd61f393f update copyright notice / whitespace 2015-04-28 23:46:12 +00:00
Mark Andrews
fdb83d87d6 4110. [bug] Address memory leaks / null pointer dereferences 
on out of memory. [RT #39310]

(cherry picked from commit b292230ab8)
 2015-04-29 03:37:25 +10:00
Tinderbox User
124e64db5e update copyright notice / whitespace 2015-03-04 23:46:08 +00:00
Mark Andrews
263413c7a7 4082. [bug] Incrementally sign large inline zone deltas. 
[RT #37927]

(cherry picked from commit 1b05d22789)
 2015-03-05 10:08:11 +11:00
Tinderbox User
15dce01ef4 update copyright notice / whitespace 2015-02-26 23:46:12 +00:00
Evan Hunt
14926c3403 [v9_9] fix LOADPENDING issues 
4063.	[bug]		Asynchronous zone loads were not handled
			correctly when the zone load was already in
			progress; this could trigger a crash in zt.c.
			[RT #37573]

(cherry picked from commit 7acc2f2156)
(cherry picked from commit 62fd632bcb)
 2015-02-25 16:12:34 -08:00
Tinderbox User
9cbd625449 update copyright notice / whitespace 2015-01-20 23:47:26 +00:00
Mark Andrews
398a63d660 4038. [bug] Add 'rpz' flag to node and use it to determine whether 
to call dns_rpz_delete.  This should prevent unbalanced
                        add / delete calls. [RT #36888

(cherry picked from commit cc0a48a381)
 2015-01-20 17:48:51 +11:00
Tinderbox User
19c3ef455b update copyright notice / whitespace 2014-12-03 23:46:11 +00:00
Mark Andrews
bbc8cca27d 4015. [bug] Nameservers that are skipped due to them being 
CNAMEs were not being logged. They are now logged
                        to category 'cname' as per BIND 8. [RT #37935]

(cherry picked from commit ea3aa401bc)
 2014-12-03 11:47:10 +11:00
Evan Hunt
1d47cb124d [v9_9] refactor max-recursion-queries 
- the counters weren't set correctly when fetches timed out.
  instead we now pass down a counter object.

(cherry picked from commit 05e448935c)
(cherry picked from commit 6c049c57d9)
 2014-11-19 18:38:52 -08:00
Evan Hunt
711e833921 [v9_9] add max-recursion-queries 
also fixes and documentation for max-recursion-depth

(cherry picked from commit c4f54e5bd1)
(cherry picked from commit b3aa528d7e)
 2014-11-18 22:14:55 -08:00
Evan Hunt
603a0e2637 [v9_9] limit recursion depth and iterative queries 
4006.	[security]	A flaw in delegation handling could be exploited
			to put named into an infinite loop.  This has
			been addressed by placing limits on the number
			of levels of recursion named will allow (default 7),
			and the number of iterative queries that it will
			send (default 50) before terminating a recursive
			query (CVE-2014-8500).

			The recursion depth limit is configured via the
			"max-recursion-depth" option.  [RT #35780]
 2014-11-17 23:49:07 -08:00
Tinderbox User
aaa24cf075 update copyright notice 2014-09-30 23:47:13 +00:00
Mark Andrews
650404030c 3961. [bug] Forwarding of SIG(0) signed UPDATE messages failed with 
BADSIG.  [RT #37216]

(cherry picked from commit a6869655d6)
 2014-10-01 07:43:17 +10:00
Mark Andrews
13ffd78910 3908. [bug] rndc now differentiates between a zone in multiple 
views and a zone that doesn't exist at all. [RT #36691]

(cherry picked from commit c38341ec43)
 2014-08-02 15:09:03 +10:00
Mark Andrews
570effe386 3904. [func] Add the RPZ SOA to the additional section. [RT36507] 
(cherry picked from commit 3a55d43527)
 2014-07-31 10:53:33 +10:00