Commit graph

5301 commits

Author SHA1 Message Date
Mark Andrews
2fb6d3782b 4437. [func] Minimal-responses now has two additional modes
no-auth and no-auth-recursive which suppress
                        adding the NS records to the authority section
                        as well as the associated address records for the
                        nameservers. [RT #42005]

(cherry picked from commit 78e31dd187)
2016-08-12 10:49:57 +10:00
Tinderbox User
3f72dac411 regenerate 2016-07-27 13:54:22 +00:00
Tinderbox User
1e9517ea21 regen v9_11 2016-07-27 01:12:35 +00:00
Mark Andrews
b8f9413618 add mdig, named-nzd2nzf, pkcs11-destroy, pkcs11-list, pkcs11-keygen and pkcs11-tokens manpages
(cherry picked from commit 915544f389)
2016-07-27 05:00:49 +10:00
Tinderbox User
52d94378a0 regenerate 2016-07-25 12:08:48 +00:00
Tinderbox User
5f0c46ca5f regen v9_11 2016-07-25 12:05:14 +00:00
Tinderbox User
a548226d23 regen v9_11 2016-07-23 01:14:40 +00:00
Mark Andrews
b7161f9898 4424. [experimental] Named now sends _ta-XXXX.<trust-anchor>/NULL queries
to provide feedback to the trust-anchor administrators
                        about how key rollovers are progressing as per
                        draft-ietf-dnsop-edns-key-tag-02.  This can be
                        disabled using 'trust-anchor-telemetry no;'.
                        [RT #40583]

(cherry picked from commit f20179857a)
2016-07-22 20:03:06 +10:00
Tinderbox User
eb2a5f51bd regen v9_11 2016-07-22 01:10:34 +00:00
Tinderbox User
adb0ac475d update copyright notice / whitespace 2016-07-21 23:46:46 +00:00
Evan Hunt
2c9f6f236f [v9_11] add release note 2016-07-21 13:36:36 -07:00
Evan Hunt
801707fe19 [v9_11] store "addzone" zone config in a NZD database
4421.	[func]		When built with LMDB (Lightning Memory-mapped
			Database), named will now use a database to store
			the configuration for zones added by "rndc addzone"
			instead of using a flat NZF file. This improves
			performance of "rndc delzone" and "rndc modzone"
			significantly. Existing NZF files will
			automatically by converted to NZD databases.
			To view the contents of an NZD or to roll back to
			NZF format, use "named-nzd2nzf". To disable
                        this feature, use "configure --without-lmdb".
                        [RT #39837]
2016-07-21 11:14:16 -07:00
Mark Andrews
e79ed99510 update example copyright notice
(cherry picked from commit ed1a24cc86)
2016-07-21 19:09:34 +10:00
Mark Andrews
cb1d847607 update example copyright notice
(cherry picked from commit ba99d845a2)
2016-07-21 19:05:36 +10:00
Tinderbox User
5347c0fcb0 regen v9_11 2016-07-21 07:53:18 +00:00
Mark Andrews
704e6c8876 copyright
(cherry picked from commit 813e9f7ee2)
2016-07-21 17:02:22 +10:00
Evan Hunt
b05ccd39b3 [v9_11] remove SIT doc 2016-07-20 21:36:30 -07:00
Tinderbox User
1700442a77 regen v9_11 2016-07-14 00:01:54 +00:00
Mark Andrews
0ad430bda9 grammar
(cherry picked from commit 8f7881684b)
2016-07-14 09:42:51 +10:00
Evan Hunt
3525200d9f [v9_11] rndc dnstap -roll
4411.	[func]		"rndc dnstap -roll" automatically rolls the
			dnstap output file; the previous version is
			saved with ".0" suffix, and earlier versions
			with ".1" and so on. An optional numeric argument
			indicates how many prior files to save. [RT #42830]
2016-07-13 01:18:41 -07:00
Tinderbox User
576bce9d73 regen v9_11 2016-07-13 04:49:09 +00:00
Mark Andrews
d23a531fde add [RT #42694] 2016-07-13 11:36:52 +10:00
Mark Andrews
967c2a93ac issue -> flaw
(cherry picked from commit 268f9e6832)
2016-07-13 11:23:36 +10:00
Tinderbox User
e191be096c regen v9_11 2016-07-12 01:09:40 +00:00
Mark Andrews
b740318a42 add CVE-2016-2775
(cherry picked from commit 909d442cc0)
2016-07-12 01:09:37 +10:00
Mark Andrews
4d8940486c 4409. [bug] DNS64 should exlude mapped addresses by default when
a exclude acl is not defined. [RT #42810]

(cherry picked from commit 557c7221fd)
2016-07-11 14:12:42 +10:00
Tinderbox User
e2f974003e regen v9_11 2016-07-08 01:09:30 +00:00
Mark Andrews
da984e8fc5 add note for rt42694
(cherry picked from commit 429701008e)
2016-07-07 13:50:56 +10:00
Tinderbox User
8a48b6b9b6 regen v9_11 2016-07-07 01:09:16 +00:00
Mark Andrews
d2647cd5fd license section is no longer a list 2016-07-06 13:01:40 +10:00
Mark Andrews
988c13928a spelling 2016-07-06 12:57:34 +10:00
Tinderbox User
6af971acc0 regen v9_11 2016-07-06 01:09:13 +00:00
Tinderbox User
1ffe3f29e3 regen v9_11 2016-07-03 01:09:09 +00:00
Evan Hunt
f0e7471845 [v9_11] notes formatting, fix a CHANGES tag 2016-07-02 14:06:27 -07:00
Tinderbox User
dca6957b62 regenerate 2016-06-27 17:38:13 +00:00
Tinderbox User
a1ff871f78 regen v9_11 2016-06-27 17:36:43 +00:00
Witold Krecicki
4ab08a8117 Fix a typo and missing link in notes.xml 2016-06-27 19:33:10 +02:00
Curtis Blackburn
448e23ed61 cleanup of notes.xml
added better text to describe the license change

    added information about the following changes to notes.xml

    +4396. [func] dnssec-keymgr now takes a '-r randomfile' option.
    + [RT #42455]
    +4392. [func] Collect statistics for RSSAC02v3 traffic-volume,
    + traffic-sizes and rcode-volume reporting. [RT #41475]
    +4388. [func] Support for master entries with TSIG keys in catalog
    + zones. [RT #42577]
    +4385. [func] Add support for allow-query and allow-transfer ACLs
    + to catalog zones. [RT #42578]
2016-06-27 10:01:58 -07:00
Mark Andrews
0c27b3fe77 4401. [misc] Change LICENSE to MPL 2.0. 2016-06-27 14:56:38 +10:00
Tinderbox User
76cf91b5df regen master 2016-06-24 01:05:13 +00:00
Mark Andrews
7d262a3647 4394. [func] Add rndc command "dnstap-reopen" to close and
reopen dnstap output filed. [RT #41803]
2016-06-24 09:37:04 +10:00
Tinderbox User
5dde14e170 regen master 2016-06-23 01:05:13 +00:00
Witold Krecicki
322efcb27d 4400. [doc] Description of masters with TSIG, allow-query and
allow-transfer options in catalog zones. [RT #42692]
2016-06-22 12:47:37 +02:00
Tinderbox User
63fc155616 regen master 2016-06-22 01:05:11 +00:00
Mark Andrews
13dcf86725 request-ixfr is a slave option rather than a master option 2016-06-22 08:12:17 +10:00
Tinderbox User
7e4b5437f1 regen master 2016-06-14 01:05:13 +00:00
Francis Dupont
e9d097511e AEP keyper PKCS#11 provider is available in 64 bits 2016-06-13 15:43:57 +02:00
Mukund Sivaraman
f163503bce Use absolute names in catalog zone examples 2016-06-13 16:09:34 +05:30
Tinderbox User
e76f113739 regen master 2016-06-02 01:05:09 +00:00
Tinderbox User
408e9e235a regen master 2016-06-01 01:04:18 +00:00
Tinderbox User
77393407fd regenerate 2016-05-31 22:49:06 +00:00
Tinderbox User
1e126d80e1 regen master 2016-05-31 22:47:07 +00:00
Evan Hunt
3d0b7d5cc3 [master] zone-directory option for catalog zones
4380.	[experimental]	Added a "zone-directory" option to "catalog-zones"
			syntax, allowing local masterfiles for slaves
			that are provisioned by catalog zones to be stored
			in a directory other than the server's working
			directory. [RT #42527]
2016-05-31 10:36:27 -07:00
Mark Andrews
44fa277367 7873:Domain Name System (DNS) Cookies 2016-05-30 13:38:46 +10:00
Tinderbox User
f1f5f896c1 regen master 2016-05-28 01:05:40 +00:00
Jeremy C. Reed
ecf8e705e6 fix a few typos in doc 2016-05-27 15:22:54 -04:00
Tinderbox User
7898bf1fbc regenerate 2016-05-27 15:45:47 +00:00
Tinderbox User
260e8e04b0 regen master 2016-05-27 01:05:21 +00:00
Evan Hunt
6c2a76b3e2 [master] copyrights, win32 definitions 2016-05-26 12:36:17 -07:00
Witold Krecicki
7a00d69909 4376. [experimental] Added support for Catalog Zones, a new method for
provisioning secondary servers in which a list of
                        zones to be served is stored in a DNS zone and can
                        be propagated to slaves via AXFR/IXFR. [RT #41581]

4375.   [func]          Add support for automatic reallocation of isc_buffer
                        to isc_buffer_put* functions. [RT #42394]
2016-05-26 21:23:19 +02:00
Evan Hunt
5c5dcf34c3 [master] spelling 2016-05-25 18:44:59 -07:00
Evan Hunt
8e4d28d018 [master] extend release notes 2016-05-25 18:40:47 -07:00
Evan Hunt
9211688e88 [master] fix tag mismatch 2016-05-25 18:32:38 -07:00
Evan Hunt
0cbe448914 [master] minimal-any
4371.	[func]		New "minimal-any" option reduces the size of UDP
			responses for qtype ANY by returning a single
			arbitrarily selected RRset instead of all RRsets.
			Thanks to Tony Finch. [RT #41615]
2016-05-25 13:54:34 -07:00
Tinderbox User
3ba1f79ade regen master 2016-05-24 01:04:01 +00:00
Mark Andrews
47d19078de note RNDC module 2016-05-24 10:47:58 +10:00
Tinderbox User
22e21a4213 regen master 2016-05-17 05:39:19 +00:00
Tinderbox User
221870ba7b regen master 2016-05-17 04:27:10 +00:00
Mark Andrews
259107718f update for 9.11.0a2 2016-05-17 14:08:30 +10:00
Tinderbox User
9b3ef7211c regen master 2016-05-17 04:03:51 +00:00
Mark Andrews
bf8d171a66 add RFC7793 2016-05-13 17:00:17 +10:00
Tinderbox User
05cf9e3285 update copyright notice / whitespace 2016-05-11 23:45:23 +00:00
Mark Andrews
bf4fe7ca1b 7830: The EDNS(0) Padding Option 2016-05-11 12:08:20 +10:00
Tinderbox User
56bd026e6c regen master 2016-05-10 01:05:28 +00:00
Mark Andrews
2fef945936 remove repeated like 2016-05-10 07:22:59 +10:00
Tinderbox User
f33abec8a6 regen master 2016-05-06 01:05:45 +00:00
Witold Krecicki
e846f127d6 4362. [func] Changed rndc reconfig behaviour so that newly added
zones are loaded asynchronously and the loading does
			not block the server. [RT #41934]
2016-05-05 21:41:12 +02:00
Evan Hunt
370c6e0ac1 [master] add nsip-wait-recurse release note 2016-05-05 09:33:28 -07:00
Mark Andrews
08e36aa5a5 4356. [func] Add the ability to specify whether to wait for
nameserver addresses to be looked up or not to
                        rpz with a new modifying directive 'nsip-wait-recurse'.                         [RT #35009]
2016-05-05 16:29:05 +10:00
Tinderbox User
006283c423 regen master 2016-05-05 01:05:35 +00:00
Evan Hunt
66074f152f [master] log message when using ISC DLV
4352.	[cleanup]	The ISC DNSSEC Lookaside Validation (DLV) service
			is scheduled to be disabled in 2017.  A warning is
			now logged when named is configured to use it,
			either explicitly or via "dnssec-lookaside auto;"
			[RT #42207]
2016-05-04 14:37:25 -07:00
Tinderbox User
3241ddcf93 regen master 2016-04-30 01:05:59 +00:00
Mark Andrews
1bebd86e9f fix tag mis-match 2016-04-29 11:10:21 +10:00
Evan Hunt
f6096b958c [master] dnssec-keymgr
4349.   [contrib]       kasp2policy: A python script to create a DNSSEC
                        policy file from an OpenDNSSEC KASP XML file.

4348.	[func]		dnssec-keymgr: A new python-based DNSSEC key
			management utility, which reads a policy definition
			file and can create or update DNSSEC keys as needed
			to ensure that a zone's keys match policy, roll over
			correctly on schedule, etc.  Thanks to Sebastian
			Castro for assistance in development. [RT #39211]
2016-04-28 00:16:01 -07:00
Tinderbox User
6b7cba2b10 regen master 2016-03-25 01:05:22 +00:00
Evan Hunt
4d3f9f216a [master] better relnote for read-only controls option 2016-03-24 16:52:17 -07:00
Evan Hunt
1831596a79 [master] fixes for release notes 2016-03-24 14:40:44 -07:00
Evan Hunt
936bfae6d5 [master] remove pre-9.11.0a1 security fixes from 9.11 release notes 2016-03-24 12:11:53 -07:00
Tinderbox User
e285c11870 regen master 2016-03-24 01:05:08 +00:00
Tinderbox User
6e3f736f73 regenerate 2016-03-23 06:50:54 +00:00
Tinderbox User
46472a450e regen master 2016-03-23 06:45:14 +00:00
Evan Hunt
bee8d5b202 [master] fix broken tag 2016-03-22 21:38:25 -07:00
Evan Hunt
4488842485 [master] prep 9.11.0a1 2016-03-22 20:00:47 -07:00
Tinderbox User
6a178481cf regen master 2016-03-17 01:05:26 +00:00
Jeremy C. Reed
6693c9a2f0 fix spelling 2016-03-16 15:41:18 -04:00
Tinderbox User
832fa787d4 regen master 2016-03-11 01:05:28 +00:00
Jeremy C. Reed
10b7784c59 minor grammar fix 2016-03-10 16:51:40 -05:00
Mark Andrews
98c5690bd9 note rrsig regeneration 2016-03-10 17:05:49 +11:00
Tinderbox User
54599d0e4f update copyright notice / whitespace 2016-03-09 00:56:17 +00:00
Tinderbox User
f9ce6280ce regen master 2016-03-09 00:39:40 +00:00
Mark Andrews
f2eed65224 use xmlint to process include
(cherry picked from commit 71e9df17b671f7ef5742967b25a1ab36ec3dd91b)
2016-03-09 11:35:13 +11:00
Tinderbox User
1fb011b1db regen master 2016-03-08 22:35:32 +00:00
Mark Andrews
3cf2fb29ac add automatic-interface-scan to ARM grammar
(cherry picked from commit 90499817bf)
2016-03-09 08:57:32 +11:00
Tinderbox User
7f9f0b9755 regen master 2016-03-06 01:04:34 +00:00
Mark Andrews
e011df2927 add AVC 2016-03-05 17:56:49 +11:00
Tinderbox User
820739d918 regen master 2016-03-05 01:13:25 +00:00
Mark Andrews
7a3a30e296 add AVC 2016-03-04 18:18:04 +11:00
Evan Hunt
44c86318ed [master] recursively clean empty interior nodes when deleting database records
4324.	[bug]		When deleting records from a zone database, interior
			nodes could be left empty but not deleted, damaging
			search performance afterward. [RT #40997]
2016-03-03 21:13:42 -08:00
Tinderbox User
df3d1c56e4 regen master 2016-02-27 01:04:26 +00:00
Mark Andrews
455c0848f8 4322. [security] Duplicate EDNS COOKIE options in a response could
trigger an assertion failure. (CVE-2016-2088)
                        [RT #41809]
2016-02-27 11:23:50 +11:00
Tinderbox User
ba38c6b4bc regen master 2016-02-23 01:04:33 +00:00
Mukund Sivaraman
5995fec51c Fix resolver assertion failure due to improper DNAME handling (CVE-2016-1286) (#41753) 2016-02-22 12:22:43 +05:30
Tinderbox User
1609eab3ca regen master 2016-02-19 01:04:16 +00:00
Mark Andrews
a2b15b3305 4318. [security] Malformed control messages can trigger assertions
in named and rndc. (CVE-2016-1285) [RT #41666]
2016-02-18 12:11:27 +11:00
Tinderbox User
ee2e5fec65 regen master 2016-02-11 01:04:20 +00:00
Tinderbox User
7e5658b04f regen master 2016-01-30 01:04:18 +00:00
Evan Hunt
b5c22260e5 [master] remove reporter's name per his request 2016-01-29 10:35:14 -08:00
Tinderbox User
6825f304c5 regen master 2016-01-29 01:04:18 +00:00
Tinderbox User
b7f3400f3b update copyright notice / whitespace 2016-01-28 23:45:29 +00:00
Evan Hunt
e073205a88 [master] openssl 1.0.2f patch
4306.	[maint]		Added a PKCS#11 openssl patch supporting
			version 1.0.2f [RT #38312]
2016-01-28 13:27:29 -08:00
Evan Hunt
e79e346bf2 [master] correct also-notify grammar 2016-01-27 19:07:31 -08:00
Tinderbox User
1bb7846d29 regen master 2016-01-23 01:04:14 +00:00
Evan Hunt
630b2d0c5a [master] NOSETFC incorrectly applied
4300.	[bug]		A flag could be set in the wrong field when setting
			up nonrecursive queries; this could cause the
			SERVFAIL cache to cache responses it shouldn't.
			New querytrace logging has been added which
			identified this error. [RT #41155]
2016-01-22 13:58:11 -08:00
Tinderbox User
6758b59e57 regen master 2016-01-13 01:04:19 +00:00
Evan Hunt
bb5d14d724 [master] millisecond granularity for statschannel timers
4290.	[func]		The timers returned by the statistics channel
			(indicating current time, server boot time, and
			most recent reconfiguration time) are now reported
			with millisecond accuracy. [RT #40082]
2016-01-07 15:34:58 -08:00
Tinderbox User
742cb92338 regen master 2016-01-06 01:04:26 +00:00
Evan Hunt
455b99ed92 [master] fix ticket number 2016-01-05 09:08:49 -08:00
Evan Hunt
c8b968f414 [master] fix use after free on xfr timeout
4289.	[bug]		The server could crash due to memory being used
			after it was freed if a zone transfer timed out.
			[RT #41297]
2016-01-04 22:05:23 -08:00
Tinderbox User
4206bb139c regen master 2016-01-05 01:04:24 +00:00
Evan Hunt
aadca3f7d0 [master] Merge branch 'master' of ssh://repo/proj/git/prod/bind9 2016-01-04 16:09:40 -08:00
Evan Hunt
41494939b6 [master] fixed bogus server regression
4288.	[bug]		Fixed a regression in resolver.c:possibly_mark()
			which caused known-bogus servers to be queried
			anyway. [RT #41321]
2016-01-04 15:47:16 -08:00
Tinderbox User
e1836d1fe4 update copyright notice / whitespace 2016-01-04 23:45:26 +00:00
Evan Hunt
43176d82c8 [master] clean up notes 2016-01-03 21:22:00 -08:00
Tinderbox User
58d970a2b4 regen master 2016-01-01 01:04:21 +00:00
Mark Andrews
292eb9c4e4 4286. [security] render_ecs errors were mishandled when printing out
a OPT record resulting in a assertion failure.
                        (CVE-2015-8705) [RT #41397]

(cherry picked from commit 3e0c1603a8)
2015-12-31 22:19:46 +11:00
Mark Andrews
9c52f43036 remove period 2015-12-31 14:35:06 +11:00
Mark Andrews
1b3d211802 4285. [security] Specific APL data could trigger a INSIST.
(CVE-2015-8704) [RT #41396]
2015-12-31 13:43:21 +11:00
Tinderbox User
428a763a70 regen master 2015-12-27 01:04:16 +00:00
Evan Hunt
fbed5f0f44 [master] fix geoip options
4284.	[bug]		Some GeoIP options were incorrectly documented
			using abbreviated forms which were not accepted by
			named.  The code has been updated to allow both
			long and abbreviated forms. [RT #41381]
2015-12-26 10:50:32 -08:00
Tinderbox User
0226754d9e regen master 2015-12-19 01:04:14 +00:00
Mark Andrews
8beb9bf514 add dig +mapped 2015-12-19 09:51:53 +11:00
Tinderbox User
a179cbdf65 regen master 2015-12-16 01:04:13 +00:00
Mukund Sivaraman
6960e7fd12 Update notes.xml for #40996 2015-12-15 18:06:13 +05:30
Mukund Sivaraman
ecc06cbc32 Use optimal message sizes to improve compression in AXFRs (#40996) 2015-12-15 13:24:14 +05:30
Tinderbox User
a35017e06e regen master 2015-12-08 01:04:12 +00:00
Mark Andrews
322e6b5be7 4276. [protocol] Add support for SMIMEA. [RT #40513] 2015-12-08 08:16:41 +11:00
Tinderbox User
2ba8603ca9 regen master 2015-12-04 01:04:14 +00:00
Evan Hunt
4071efbec0 [master] disallow map zones in response-policy
4269.	[bug]		Zones using "map" format master files currently
			don't work as policy zones.  This limitation has
			now been documented; attempting to use such zones
			in "response-policy" statements is now a
			configuration error.  [RT #38321]
2015-12-02 21:10:09 -08:00
Mark Andrews
7bde79b32a update description 2015-12-03 15:42:58 +11:00
Mark Andrews
ff2f98076c Add CVE-2015-8461 2015-12-03 15:31:28 +11:00