upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-25 02:42:33 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
25079 commits 18 branches 854 tags 440 MiB
Commit graph

3069 commits

Author SHA1 Message Date
Tinderbox User
3be4330b77 update copyright notice / whitespace 2017-03-16 23:47:44 +00:00
Mark Andrews
8bcd80824c 4581. [port] Linux: Add getpid and getrandom to the list of system 
calls named uses for seccomp. [RT #44883]

(cherry picked from commit f94f3e2791)
 2017-03-16 11:23:36 +11:00
Mark Andrews
b81977ae70 4575. [security] Dns64 with break-dnssec yes; can result in a 
assertion failure. (CVE-2017-3136) [RT #44653]

(cherry picked from commit 3bce12e4b6)
 2017-02-15 12:22:53 +11:00
Tinderbox User
1617002c78 update copyright notice / whitespace 2017-02-04 23:46:08 +00:00
Evan Hunt
fc8c8966c9 [v9_11] fall back to builtin keys if bind.keys is empty 
4570.	[cleanup]	named did not correctly fall back to the built-in
			initializing keys if the bind.keys file was present
			but empty. [RT #44531]
 2017-02-04 00:43:32 -08:00
Evan Hunt
07b7a3eade [v9_11] store local and remote addresses in dnstap 
4569.	[func]		Store both local and remote addresses in dnstap
			logging, and modify dnstap-read output format to
			print them. [RT #43595]

(cherry picked from commit 650b5e7592)
 2017-02-03 17:11:06 -08:00
Evan Hunt
6ec6741fe7 [v9_11] Revert "fixed build failure when building without LMDB" 
This reverts commit d9788e03ad.
 2017-02-02 11:28:53 -08:00
Evan Hunt
d9788e03ad [v9_11] fixed build failure when building without LMDB 
(cherry picked from commit 8acbf7e4de99bbc4867b02ed87dbbc3761a57ca5)
 2017-02-02 11:24:57 -08:00
Mark Andrews
22e3ffcf2c 4556. [security] Combining dns64 and rpz can result in dereferencing 
a NULL pointer (read).  (CVE-2017-3135) [RT#44434]

(cherry picked from commit 5abe80ef13)
 2017-01-24 09:54:54 +11:00
Tinderbox User
2f4e3e45d6 update copyright notice / whitespace 2017-01-19 23:46:07 +00:00
Mark Andrews
eb032a17ef whitespace 
(cherry picked from commit bf0b649993)
 2017-01-19 13:16:35 +11:00
Tinderbox User
f6b9092741 update copyright notice / whitespace 2017-01-12 23:46:13 +00:00
Evan Hunt
445b0e72d7 [v9_11] more specific date for DLV shutdown warning 2017-01-12 09:11:17 -08:00
Tinderbox User
2a2618356e update copyright notice / whitespace 2016-12-28 23:50:44 +00:00
Mark Andrews
9609899255 4531. [security] 'is_zone' was not being properly updated by redirect2 
and subsequently preserved leading to an assertion
                        failure. (CVE-2016-9778) [RT #43837]

(cherry picked from commit d376792dae)
 2016-12-29 10:27:21 +11:00
Mark Andrews
72cae054ad 4541. [bug] rndc addzone should properly reject non master/slave 
zones. [RT #43665]

(cherry picked from commit e20db12918)
 2016-12-28 10:28:54 +11:00
Mark Andrews
f1e3dd087b 4540. [bug] Correctly handle ecs entries in dns_acl_isinsecure. 
[RT #43601]

(cherry picked from commit 8e333f42ef)
 2016-12-27 09:50:08 +11:00
Mark Andrews
23ac7e6634 4539. [bug] Referencing a nonexistant zone with rpz could lead 
to a assertion failure when configuring. [RT #43787]

(cherry picked from commit 762c4fc5a8)
 2016-12-27 09:13:40 +11:00
Mark Andrews
bc2510a6a5 4536. [bug] ISC_SOCKEVENTATTR_USEMINMTU was not being cleared 
when reusing the event structure. [RT #43885]

(cherry picked from commit a678e70481)
 2016-12-14 10:43:24 +11:00
Mark Andrews
348d80fb84 4534. [bug] Only set RD, RA and CD in QUERY responses. [RT #43879] 
(cherry picked from commit def6b33bad)
 2016-12-13 16:27:49 +11:00
Tinderbox User
7911e6f9de regen v9_11 2016-12-07 01:09:50 +00:00
Mark Andrews
83a28ca274 4527. [doc] Support DocBook XSL Stylesheets v1.79.1. [RT #43831] 
(cherry picked from commit 1b8ce3b330)
 2016-12-07 10:50:50 +11:00
Mark Andrews
52254f7526 added -T keepstderr to keep stderr open when daemonizing [RT #43736] 
(cherry picked from commit c9ee977f31)
 2016-12-05 10:38:50 +11:00
Evan Hunt
1c89e89eaf [v9_11] log as error if entropy unavailable 
4521.	[cleanup]	Log it as an error if an entropy source is not
			found and there is no fallback available. [RT #43659]

(cherry picked from commit 6bdb70057d)
 2016-11-29 11:30:47 -08:00
Tinderbox User
45571e7374 regen v9_11 2016-11-03 01:12:32 +00:00
Mark Andrews
744c1db635 4504. [security] Allow the maximum number of records in a zone to 
be specified.  This provides a control for issues
                        raised in CVE-2016-6170. [RT #42143]

(cherry picked from commit 5f8412a4cb)
 2016-11-03 09:48:26 +11:00
Evan Hunt
8a5809527e [v9_11] make uninstall 
4503.	[cleanup]	"make uninstall" now removes file installed by
			BIND. (This currently excludes Python files
			due to lack of support in setup.py.) [RT #42912]

(cherry picked from commit 6087f87afb)
 2016-11-01 19:17:23 -07:00
Mark Andrews
fd44151797 check for LIBRESSL_VERSION_NUMBER 
(cherry picked from commit b2c1d6f0a2)
 2016-11-01 12:49:13 +11:00
Mark Andrews
76af83c9ad 4497. [port] Add support for OpenSSL 1.1.0. [RT #41284] 
(cherry picked from commit 1fce0951ed)
 2016-10-31 10:05:55 +11:00
Mark Andrews
54ee0b0eef s/,/;/ 
(cherry picked from commit 856c77cc40)
 2016-10-26 22:38:50 +11:00
Witold Krecicki
cc51cd2d20 4487. [test] Make system tests work on Windows. [RT #42931] 2016-10-19 17:21:13 +02:00
Tinderbox User
17697000bc regen v9_11 2016-10-16 01:10:31 +00:00
Mark Andrews
2e0d02503c add managed keys to view section 
(cherry picked from commit 7551ec1ebe)
 2016-10-16 08:15:36 +11:00
Evan Hunt
94694e720a [v9_11] add cfg_parse_buffer3() function with linenum parameter 
4482.	[cleanup]	Change #4455 was incomplete. [RT #43252]

(cherry picked from commit 676ac3cc82)
 2016-10-10 17:12:30 -07:00
Mark Andrews
9ee66e3a5b 4472. [bug] Named could fail to find the correct NSEC3 records when 
a zone was update between looking for the answer and
                        looking for the NSEC3 records proving non-existance
                        of the answer. [RT #43247]
 2016-10-05 10:37:17 +11:00
Evan Hunt
fcadf0b320 [v9_11] render querylog format consistent, and add a release note 
4471.	[cleanup]	Render client/query logging format consistent for
			ease of log file parsing. (Note that this affects
			"querylog" format: there is now an additional field
			indicating the client object address.) [RT #43238]

(cherry picked from commit c4b7db4932)
 2016-09-22 14:49:26 -07:00
Mark Andrews
db9781d4a2 4468. [bug] Address ECS option handling issues. [RT #43191] 
(cherry picked from commit df17290113)
 2016-09-14 08:23:07 +10:00
Mark Andrews
48ec547968 4465. [bug] Don't use "%z" as Windows doesn't support it. 
[RT #43131]

(cherry picked from commit f1977af0d3)
 2016-09-08 14:17:32 +10:00
Mark Andrews
e51ba26500 4461. [bug] win32: not all external data was properly marked 
as external data for windows dll. [RT #43161]

(cherry picked from commit 8eceb0bffe)
 2016-09-07 14:14:40 +10:00
Evan Hunt
af326c2e3f [v9_11] fix tcp client memory leak 
4459.	[bug]		TCP client objects created to handle pipeline queries
			were not cleaned up correctly, causing uncontrolled
			memory growth. [RT #43106]

(cherry picked from commit a26a62cef2)
 2016-08-29 11:56:56 -07:00
Mark Andrews
d6fa26d0ad 4456. [doc] Add DOCTYPE and lang attribute to <html> tags. 
[RT #42587]

(cherry picked from commit 63fe88e8d8)
 2016-08-26 15:14:32 +10:00
Evan Hunt
f503aa345b [v9_11] pass source file and line to dyndb load function 
4455.	[cleanup]	Allow dyndb modules to correctly log the filename
			and line number when processing configuration text
			from named.conf. [RT #43050]

(cherry picked from commit 02fb764681)
 2016-08-25 18:09:45 -07:00
Mark Andrews
7df3f06c0b 4454. [bug] 'rndc dnstap -reopen' had a race issue. [RT #43089] 
(cherry picked from commit 726cddb564)
 2016-08-25 10:05:07 +10:00
Evan Hunt
32431c79c7 [master] fix dnstap query/response selectors 
4427.	[bug]		The "query" and "response" parameters to the
			"dnstap" option had their functions reversed.

(cherry picked from commit e9bd1496ed)
 2016-08-19 11:41:07 +10:00
Tinderbox User
281ed127e3 regen v9_11 2016-08-19 01:08:24 +00:00
Mark Andrews
c40906dfad 4450. [port] Provide more nuanced HSM support which better matches 
the specific PKCS11 providers capabilities. [RT #42458]

(cherry picked from commit 8ee6f289d8)
 2016-08-19 08:05:47 +10:00
Mark Andrews
7204d08a31 4447. [tuning] Allow the fstrm_iothr_init() options to be set using 
named.conf to control how dnstap manages the data
                        flow. [RT #42974]

(cherry picked from commit 934837913f)
 2016-08-18 11:16:58 +10:00
Tinderbox User
0cfa9af7ed regen v9_11 2016-08-12 01:08:44 +00:00
Mark Andrews
2fb6d3782b 4437. [func] Minimal-responses now has two additional modes 
no-auth and no-auth-recursive which suppress
                        adding the NS records to the authority section
                        as well as the associated address records for the
                        nameservers. [RT #42005]

(cherry picked from commit 78e31dd187)
 2016-08-12 10:49:57 +10:00
Mark Andrews
36be0aad8e 4435. [tuning] Only set IPV6_USE_MIN_MTU for UDP when the message 
will not fit into a single IPv4 encapsulated IPv6
                        UDP packet when transmitted over a Ethernet link.
                        [RT #42871]

(cherry picked from commit 31ffec1541)
 2016-08-12 09:43:55 +10:00