upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-25 02:42:33 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
25079 commits 18 branches 854 tags 440 MiB
Commit graph

521 commits

Author SHA1 Message Date
Mark Andrews
b81977ae70 4575. [security] Dns64 with break-dnssec yes; can result in a 
assertion failure. (CVE-2017-3136) [RT #44653]

(cherry picked from commit 3bce12e4b6)
 2017-02-15 12:22:53 +11:00
Mark Andrews
22e3ffcf2c 4556. [security] Combining dns64 and rpz can result in dereferencing 
a NULL pointer (read).  (CVE-2017-3135) [RT#44434]

(cherry picked from commit 5abe80ef13)
 2017-01-24 09:54:54 +11:00
Tinderbox User
2f4e3e45d6 update copyright notice / whitespace 2017-01-19 23:46:07 +00:00
Mark Andrews
eb032a17ef whitespace 
(cherry picked from commit bf0b649993)
 2017-01-19 13:16:35 +11:00
Mark Andrews
9609899255 4531. [security] 'is_zone' was not being properly updated by redirect2 
and subsequently preserved leading to an assertion
                        failure. (CVE-2016-9778) [RT #43837]

(cherry picked from commit d376792dae)
 2016-12-29 10:27:21 +11:00
Mark Andrews
9ee66e3a5b 4472. [bug] Named could fail to find the correct NSEC3 records when 
a zone was update between looking for the answer and
                        looking for the NSEC3 records proving non-existance
                        of the answer. [RT #43247]
 2016-10-05 10:37:17 +11:00
Mark Andrews
2fb6d3782b 4437. [func] Minimal-responses now has two additional modes 
no-auth and no-auth-recursive which suppress
                        adding the NS records to the authority section
                        as well as the associated address records for the
                        nameservers. [RT #42005]

(cherry picked from commit 78e31dd187)
 2016-08-12 10:49:57 +10:00
Mark Andrews
33f91e248b 4434. [protocol] Return EDNS EXPIRE option for master zones in addition 
to slave zones. [RT #43008]

(cherry picked from commit bf2238b064)
 2016-08-12 09:32:29 +10:00
Mark Andrews
0c27b3fe77 4401. [misc] Change LICENSE to MPL 2.0. 2016-06-27 14:56:38 +10:00
Mark Andrews
eb54bc33a2 also cleanup node 2016-06-03 18:04:37 +10:00
Mark Andrews
92ddd7ad2c detach before restore 2016-06-03 17:23:08 +10:00
Mark Andrews
b4750b5991 reset zversion on restart 2016-06-03 14:33:16 +10:00
Mark Andrews
aabcb1fde0 4377. [bug] Don't reuse zero TTL responses beyond the current 
client set (excludes ANY/SIG/RRSIG queries).
                        [RT #42142]
 2016-05-27 09:59:46 +10:00
Evan Hunt
6c2a76b3e2 [master] copyrights, win32 definitions 2016-05-26 12:36:17 -07:00
Mark Andrews
ac11084829 4374. [bug] Use SAVE/RESTORE macros in query.c to reduce the 
probability of reference counting errors as seen
                        in 4365. [RT #42405]
 2016-05-26 12:11:00 +10:00
Evan Hunt
0cbe448914 [master] minimal-any 
4371.	[func]		New "minimal-any" option reduces the size of UDP
			responses for qtype ANY by returning a single
			arbitrarily selected RRset instead of all RRsets.
			Thanks to Tony Finch. [RT #41615]
 2016-05-25 13:54:34 -07:00
Mark Andrews
c3beecc1bc 4365. [bug] Address zone reference counting errors involving 
nxdomain-redirect. [RT #42258]
 2016-05-13 11:54:25 +10:00
Witold Krecicki
19d80ce584 4358. [test] Added American Fuzzy Lop harness that allows 
feeding fuzzed packets into BIND.
			[RT #41723]
 2016-05-05 11:49:38 +02:00
Mark Andrews
08e36aa5a5 4356. [func] Add the ability to specify whether to wait for 
nameserver addresses to be looked up or not to
                        rpz with a new modifying directive 'nsip-wait-recurse'.                         [RT #35009]
 2016-05-05 16:29:05 +10:00
Mukund Sivaraman
9da98335c1 Code cleanups (#41656) 2016-03-04 12:18:17 +05:30
Mark Andrews
68ecf1c9a5 add missing line break 2016-02-04 11:51:44 +11:00
Mark Andrews
d88ba93712 4313. [bug] Handle ns_client_replace failures in test mode. 
[RT #41190]
 2016-02-03 14:59:19 +11:00
Tinderbox User
c46ac73c8f update copyright notice / whitespace 2016-01-22 23:45:23 +00:00
Evan Hunt
630b2d0c5a [master] NOSETFC incorrectly applied 
4300.	[bug]		A flag could be set in the wrong field when setting
			up nonrecursive queries; this could cause the
			SERVFAIL cache to cache responses it shouldn't.
			New querytrace logging has been added which
			identified this error. [RT #41155]
 2016-01-22 13:58:11 -08:00
Mark Andrews
f647c0df9f 4281. [bug] Teach dns_message_totext about BADCOOKIE. [RT #41257] 2015-12-15 19:49:40 +11:00
Mark Andrews
04893d38e0 add blank line 2015-10-22 12:15:02 +11:00
Mark Andrews
0526268c2b 4242. [bug] Replace the client if not already replaced when 
prefetching. [RT #41001]
 2015-10-22 10:58:25 +11:00
Mark Andrews
2a12984ce6 4227. [bug] Silence static analysis warnings. [RT #40828 2015-09-30 14:14:47 +10:00
Mark Andrews
4d085258cc make macro name match category name 2015-09-29 15:02:49 +10:00
Mukund Sivaraman
bf350c9f1a Fix RPZ bugs related to wildcard triggers (#40357) 2015-08-18 19:39:53 +05:30
Mark Andrews
c631ff56bf Updated CHANGES note to include require-server-cookie: 
4152.   [func]          Implement DNS COOKIE option.  This replaces the
                        experimental SIT option of BIND 9.10.  The following
                        named.conf directives are available: send-cookie,
                        cookie-secret, cookie-algorithm, nocookie-udp-size
                        and require-server-cookie.  The following dig options
                        are available: +[no]cookie[=value] and +[no]badcookie.
                        [RT #39928]
 2015-08-13 08:26:23 +10:00
Mark Andrews
b485d0a67f if UDP and we have a bad cookie send a immediate badcookie response 2015-07-27 15:42:03 +10:00
Mark Andrews
e8f98ec8d4 future cookie code 2015-07-08 12:57:29 +10:00
Mukund Sivaraman
33ca26968b Allow RPZ rewrite logging to be configured on a per-zone basis (#39754) 2015-07-06 08:57:51 +05:30
Tinderbox User
8f0b326d9a update copyright notice / whitespace 2015-07-05 23:45:22 +00:00
Mark Andrews
ce67023ae3 4152. [func] Implement DNS COOKIE option. This replaces the 
experimental SIT option of BIND 9.10.  The following
                        named.conf directives are avaliable: send-cookie,
                        cookie-secret, cookie-algorithm and nocookie-udp-size.
                        The following dig options are available:
                        +[no]cookie[=value] and +[no]badcookie.  [RT #39928]
 2015-07-06 09:44:24 +10:00
Tinderbox User
8e50c69783 update copyright notice / whitespace 2015-06-25 23:45:22 +00:00
Witold Krecicki
f10a67dad2 Add statistics counters for nxdomain redirections. [RT #39790] 2015-06-25 09:21:50 +02:00
Evan Hunt
27970e78c6 [master] log outdated rpz settings regardless of enable-querytrace 2015-06-10 10:22:59 -07:00
Evan Hunt
215049febb [master] rpz_ver check was ineffective 2015-06-09 15:05:43 -07:00
Evan Hunt
8c9fba44a4 [master] further RPZ fixes 
4131.	[bug]		Addressed further problems with reloading RPZ
			zones. [RT #39649]
 2015-06-03 18:18:55 -07:00
Evan Hunt
a32b6291aa [master] address regression 
4126.	[bug]		Addressed a regression introduced in change #4121.
			[RT #39611]
 2015-05-26 19:11:08 -07:00
Mukund Sivaraman
705cea35a8 Fix RPZ radix tree search() for CLIENT-IP triggers (#39481) 2015-05-21 11:10:49 +05:30
Evan Hunt
b403f3b57e [master] revert erroneous cleanup 2015-05-20 13:44:28 -07:00
Evan Hunt
54231cf082 [master] minor cleanup 2015-05-20 00:10:38 -07:00
Evan Hunt
7e6cf6fc6e [master] address a possible policy update race 
4120.	[bug]		A bug in RPZ could cause the server to crash if
			policy zones were updated while recursion was
			pending for RPZ processing of an active query.
			[RT #39415]
 2015-05-19 15:47:42 -07:00
Mark Andrews
fe76a64294 restore is_zone on return from redirect lookup [RT #37989b] 
(cherry picked from commit 1d405c1412b3a2e5aafb37ea55b332914246349e)
 2015-05-07 08:32:42 +10:00
Tinderbox User
b299727c2e update copyright notice / whitespace 2015-04-23 23:45:22 +00:00
Mark Andrews
c82b378115 4108. [func] A additional nxdomain redirect (nxdomain-redirect) 
method is now supported. [RT #37989]
 2015-04-23 16:57:15 +10:00
Mark Andrews
29d52c001f 4081. [cleanup] Use dns_rdatalist_init consistently. [RT #38759] 2015-03-03 16:43:42 +11:00