Commit graph

5301 commits

Author SHA1 Message Date
Mark Andrews
f2eed65224 use xmlint to process include
(cherry picked from commit 71e9df17b671f7ef5742967b25a1ab36ec3dd91b)
2016-03-09 11:35:13 +11:00
Tinderbox User
1fb011b1db regen master 2016-03-08 22:35:32 +00:00
Mark Andrews
3cf2fb29ac add automatic-interface-scan to ARM grammar
(cherry picked from commit 90499817bf)
2016-03-09 08:57:32 +11:00
Tinderbox User
7f9f0b9755 regen master 2016-03-06 01:04:34 +00:00
Mark Andrews
e011df2927 add AVC 2016-03-05 17:56:49 +11:00
Tinderbox User
820739d918 regen master 2016-03-05 01:13:25 +00:00
Mark Andrews
7a3a30e296 add AVC 2016-03-04 18:18:04 +11:00
Evan Hunt
44c86318ed [master] recursively clean empty interior nodes when deleting database records
4324.	[bug]		When deleting records from a zone database, interior
			nodes could be left empty but not deleted, damaging
			search performance afterward. [RT #40997]
2016-03-03 21:13:42 -08:00
Tinderbox User
df3d1c56e4 regen master 2016-02-27 01:04:26 +00:00
Mark Andrews
455c0848f8 4322. [security] Duplicate EDNS COOKIE options in a response could
trigger an assertion failure. (CVE-2016-2088)
                        [RT #41809]
2016-02-27 11:23:50 +11:00
Tinderbox User
ba38c6b4bc regen master 2016-02-23 01:04:33 +00:00
Mukund Sivaraman
5995fec51c Fix resolver assertion failure due to improper DNAME handling (CVE-2016-1286) (#41753) 2016-02-22 12:22:43 +05:30
Tinderbox User
1609eab3ca regen master 2016-02-19 01:04:16 +00:00
Mark Andrews
a2b15b3305 4318. [security] Malformed control messages can trigger assertions
in named and rndc. (CVE-2016-1285) [RT #41666]
2016-02-18 12:11:27 +11:00
Tinderbox User
ee2e5fec65 regen master 2016-02-11 01:04:20 +00:00
Tinderbox User
7e5658b04f regen master 2016-01-30 01:04:18 +00:00
Evan Hunt
b5c22260e5 [master] remove reporter's name per his request 2016-01-29 10:35:14 -08:00
Tinderbox User
6825f304c5 regen master 2016-01-29 01:04:18 +00:00
Tinderbox User
b7f3400f3b update copyright notice / whitespace 2016-01-28 23:45:29 +00:00
Evan Hunt
e073205a88 [master] openssl 1.0.2f patch
4306.	[maint]		Added a PKCS#11 openssl patch supporting
			version 1.0.2f [RT #38312]
2016-01-28 13:27:29 -08:00
Evan Hunt
e79e346bf2 [master] correct also-notify grammar 2016-01-27 19:07:31 -08:00
Tinderbox User
1bb7846d29 regen master 2016-01-23 01:04:14 +00:00
Evan Hunt
630b2d0c5a [master] NOSETFC incorrectly applied
4300.	[bug]		A flag could be set in the wrong field when setting
			up nonrecursive queries; this could cause the
			SERVFAIL cache to cache responses it shouldn't.
			New querytrace logging has been added which
			identified this error. [RT #41155]
2016-01-22 13:58:11 -08:00
Tinderbox User
6758b59e57 regen master 2016-01-13 01:04:19 +00:00
Evan Hunt
bb5d14d724 [master] millisecond granularity for statschannel timers
4290.	[func]		The timers returned by the statistics channel
			(indicating current time, server boot time, and
			most recent reconfiguration time) are now reported
			with millisecond accuracy. [RT #40082]
2016-01-07 15:34:58 -08:00
Tinderbox User
742cb92338 regen master 2016-01-06 01:04:26 +00:00
Evan Hunt
455b99ed92 [master] fix ticket number 2016-01-05 09:08:49 -08:00
Evan Hunt
c8b968f414 [master] fix use after free on xfr timeout
4289.	[bug]		The server could crash due to memory being used
			after it was freed if a zone transfer timed out.
			[RT #41297]
2016-01-04 22:05:23 -08:00
Tinderbox User
4206bb139c regen master 2016-01-05 01:04:24 +00:00
Evan Hunt
aadca3f7d0 [master] Merge branch 'master' of ssh://repo/proj/git/prod/bind9 2016-01-04 16:09:40 -08:00
Evan Hunt
41494939b6 [master] fixed bogus server regression
4288.	[bug]		Fixed a regression in resolver.c:possibly_mark()
			which caused known-bogus servers to be queried
			anyway. [RT #41321]
2016-01-04 15:47:16 -08:00
Tinderbox User
e1836d1fe4 update copyright notice / whitespace 2016-01-04 23:45:26 +00:00
Evan Hunt
43176d82c8 [master] clean up notes 2016-01-03 21:22:00 -08:00
Tinderbox User
58d970a2b4 regen master 2016-01-01 01:04:21 +00:00
Mark Andrews
292eb9c4e4 4286. [security] render_ecs errors were mishandled when printing out
a OPT record resulting in a assertion failure.
                        (CVE-2015-8705) [RT #41397]

(cherry picked from commit 3e0c1603a8)
2015-12-31 22:19:46 +11:00
Mark Andrews
9c52f43036 remove period 2015-12-31 14:35:06 +11:00
Mark Andrews
1b3d211802 4285. [security] Specific APL data could trigger a INSIST.
(CVE-2015-8704) [RT #41396]
2015-12-31 13:43:21 +11:00
Tinderbox User
428a763a70 regen master 2015-12-27 01:04:16 +00:00
Evan Hunt
fbed5f0f44 [master] fix geoip options
4284.	[bug]		Some GeoIP options were incorrectly documented
			using abbreviated forms which were not accepted by
			named.  The code has been updated to allow both
			long and abbreviated forms. [RT #41381]
2015-12-26 10:50:32 -08:00
Tinderbox User
0226754d9e regen master 2015-12-19 01:04:14 +00:00
Mark Andrews
8beb9bf514 add dig +mapped 2015-12-19 09:51:53 +11:00
Tinderbox User
a179cbdf65 regen master 2015-12-16 01:04:13 +00:00
Mukund Sivaraman
6960e7fd12 Update notes.xml for #40996 2015-12-15 18:06:13 +05:30
Mukund Sivaraman
ecc06cbc32 Use optimal message sizes to improve compression in AXFRs (#40996) 2015-12-15 13:24:14 +05:30
Tinderbox User
a35017e06e regen master 2015-12-08 01:04:12 +00:00
Mark Andrews
322e6b5be7 4276. [protocol] Add support for SMIMEA. [RT #40513] 2015-12-08 08:16:41 +11:00
Tinderbox User
2ba8603ca9 regen master 2015-12-04 01:04:14 +00:00
Evan Hunt
4071efbec0 [master] disallow map zones in response-policy
4269.	[bug]		Zones using "map" format master files currently
			don't work as policy zones.  This limitation has
			now been documented; attempting to use such zones
			in "response-policy" statements is now a
			configuration error.  [RT #38321]
2015-12-02 21:10:09 -08:00
Mark Andrews
7bde79b32a update description 2015-12-03 15:42:58 +11:00
Mark Andrews
ff2f98076c Add CVE-2015-8461 2015-12-03 15:31:28 +11:00
Tinderbox User
89c5c74c96 update copyright notice / whitespace 2015-11-24 23:45:23 +00:00
Evan Hunt
bdc60a0bde [master] update developer guide, expanding on comments and unit tests 2015-11-24 14:43:02 -08:00
Tinderbox User
909a8e59a4 regen master 2015-11-21 01:04:11 +00:00
Mark Andrews
cbc660172d spelling 2015-11-20 14:55:20 +11:00
Tinderbox User
dec590a3de regen master 2015-11-18 01:04:11 +00:00
Mark Andrews
b57276f89e note the address changes for H.ROOT-SERVERS.NET 2015-11-18 11:08:50 +11:00
Jeremy C. Reed
22b006e0df Merge branch 'master' of repo.isc.org:/proj/git/prod/bind9 2015-11-17 10:22:41 -05:00
Evan Hunt
63042d5b57 [master] typo 2015-11-16 18:21:17 -08:00
Tinderbox User
c42708dcc8 regen master 2015-11-17 01:04:47 +00:00
Jeremy C. Reed
414678df72 Merge branch 'master' of repo.isc.org:/proj/git/prod/bind9 2015-11-16 12:53:55 -05:00
Mark Andrews
c8821d124c 4260. [security] Insufficient testing when parsing a message allowed
records with an incorrect class to be be accepted,
                        triggering a REQUIRE failure when those records
                        were subsequently cached. (CVE-2015-8000) [RT #4098]
2015-11-16 13:12:20 +11:00
Tinderbox User
d7a61cfbe5 regen master 2015-11-12 01:04:13 +00:00
Mukund Sivaraman
8012e06abf Update notes.xml for #40498 2015-11-11 13:51:55 +05:30
Mukund Sivaraman
58f7af60e7 Allow non-destructive control channel access using a "read-only" clause (#40498) 2015-11-11 13:46:57 +05:30
Tinderbox User
d9613f4c73 regen master 2015-11-11 01:04:12 +00:00
Mark Andrews
1d83f85752 don't run {doc,man}clean for releaseinfo.xml and friend 2015-11-10 14:39:41 +11:00
Jeremy C. Reed
e08c32f45f add simpara to some note tags
So generated "Note" header isn't on same line as content.

Also removed one place that said "Note" (so doesn't say
"Note Note").
2015-11-09 22:10:01 -05:00
Jeremy C. Reed
cca02d061f Merge branch 'master' of repo.isc.org:/proj/git/prod/bind9 2015-11-09 22:07:27 -05:00
Tinderbox User
3865e18d3d update copyright notice / whitespace 2015-11-09 23:45:22 +00:00
Jeremy C. Reed
dde7a7d357 Merge branch 'master' of repo.isc.org:/proj/git/prod/bind9 2015-11-09 11:25:01 -05:00
Mukund Sivaraman
517b58429c Fix typo 2015-11-09 15:17:44 +05:30
Evan Hunt
e13d04fda9 [master] fix python script versions
4257.	[cleanup]	Python scripts reported incorrect version. [RT #41080]
2015-11-08 21:34:24 -08:00
Tinderbox User
58021df889 regen master 2015-11-07 01:04:14 +00:00
Evan Hunt
17834caa6c [master] clarify message-compression doc
- mention TCP and RFC compliance issues
2015-11-06 13:44:28 -08:00
Tinderbox User
e62b9c9ce6 regen master 2015-11-06 01:04:13 +00:00
Witold Krecicki
bfd4b9e11a 4255. [func] Add 'message-compression' option to disable DNS compression in responses. [RT #40726] 2015-11-05 12:19:04 +01:00
Mark Andrews
e939674d53 4252. [func] Add support for automating the generation CDS and
CDNSKEY rrsets to named and dnssec-signzone.
                        [RT #40424]
2015-11-05 12:09:48 +11:00
Tinderbox User
2b39e7bde9 regen master 2015-11-05 01:04:10 +00:00
Evan Hunt
6b8519147a [master] NTAs did not survive reoad/reconfig
4251.	[bug]		NTAs were deleted when the server was reconfigured
			or reloaded. [RT #41058]
2015-11-04 10:34:28 -08:00
Evan Hunt
ffb47c916a [master] update README-SGML 2015-10-28 21:38:55 -07:00
Tinderbox User
eadee66609 regen master 2015-10-29 02:56:15 +00:00
Jeremy C. Reed
fe12c35c3e fix some spelling typos and standardize some English spellings
(to be consistent)
2015-10-23 13:04:09 -04:00
Jeremy C. Reed
a8ce30c861 Merge branch 'master' of repo.isc.org:/proj/git/prod/bind9 2015-10-23 08:14:48 -04:00
Tinderbox User
9d557856c2 regen master 2015-10-22 05:53:09 +00:00
Mark Andrews
79f0eedd65 cleanup trailing whitespace 2015-10-22 16:24:03 +11:00
Mark Andrews
30eec077db cleanup trailing white space in SGML like files 2015-10-22 16:09:46 +11:00
Jeremy C. Reed
fcb755212b make sure there is a simpara for missing context for note tag 2015-10-21 15:03:25 -04:00
Jeremy C. Reed
134788b041 remove errant word
a word is repeated in a sentence and didn't make sense as-is
so removed it
2015-10-20 14:56:46 -04:00
Jeremy C. Reed
bb2e9569fe get rid of the "See also fetch-glue" since is obsolete
This doesn't remove the description but don't have other
options refer to obsolete option.

No CHANGES entry since very minor.
2015-10-20 10:45:49 -04:00
Tinderbox User
2b4d1b54f6 regen master 2015-10-20 01:04:48 +00:00
Evan Hunt
932715fbbe [master] update TSIG, TKEY, SIG(0) documentation
4241.	[doc]		Improved the TSIG, TKEY, and SIG(0) sections in
			the ARM. [RT #40955]
2015-10-19 08:48:18 -07:00
Tinderbox User
e2b184f84e regen master 2015-10-18 01:07:32 +00:00
Evan Hunt
90174e64f4 [master] shorten default servfail-ttl
4239.	[func]		Changed default servfail-ttl value to 1 second from 10.
			Also, the maximum value is now 30 instead of 300. [RT #37556]
2015-10-17 13:44:01 -07:00
Tinderbox User
b96b01ed26 regen master 2015-10-15 01:06:35 +00:00
Evan Hunt
c3cb3953b6 [master] remove unneeded xsl code, fix a link in ARM 2015-10-14 14:57:54 -07:00
Tinderbox User
af40ebed62 regen master 2015-10-13 01:04:41 +00:00
Evan Hunt
b2171b164c [master] add link achors to to <section> tags 2015-10-12 13:01:13 -07:00
Tinderbox User
fd2597f756 regen master 2015-10-07 04:11:09 +00:00
Tinderbox User
010a51c427 regen master 2015-10-07 01:06:58 +00:00
Tinderbox User
19c7b1a029 update copyright notice / whitespace 2015-10-06 23:45:23 +00:00
Tinderbox User
2eeb74d1cf regen master 2015-10-06 05:45:21 +00:00
Evan Hunt
14a656f94b [master] upgrade doc toolchain
4237.	[doc]		Upgraded documentation toolchain to use DocBook 5
			and dblatex. [RT #40766]
2015-10-05 21:59:35 -07:00
Mukund Sivaraman
56ebb560a1 Fix notes and CHANGES for #40761 2015-10-06 05:44:53 +05:30
Jeremy C. Reed
dfd19d9ff6 add missing <listitem> tags
because require-server-cookie and request-sit explanations were
missing.
2015-10-05 11:53:13 -04:00
Evan Hunt
9044f878d7 [master] wrong category name 2015-10-04 18:42:47 -07:00
Tinderbox User
90d087cf9c regen master 2015-10-04 01:09:39 +00:00
Mukund Sivaraman
9260c1157d Update CHANGES and notes.xml for #40761 2015-10-03 07:11:12 +05:30
Mukund Sivaraman
930719e876 Update the default value for number of UDP listeners (#40761) 2015-10-03 07:08:55 +05:30
Evan Hunt
3ce7ddcc01 [master] add "dnstap" to categories 2015-10-02 18:31:12 -07:00
Tinderbox User
10b865e918 regen master 2015-10-03 01:07:28 +00:00
Evan Hunt
b66b333f59 [master] dnstap
4235.	[func]		Added support in named for "dnstap", a fast method of
			capturing and logging DNS traffic, and a new command
			"dnstap-read" to read a dnstap log file.  Use
			"configure --enable-dnstap" to enable this
			feature (note that this requires libprotobuf-c
			and libfstrm). See the ARM for configuration details.

			Thanks to Robert Edmonds of Farsight Security.
			[RT #40211]
2015-10-02 12:32:42 -07:00
Tinderbox User
41f0b3e098 regen master 2015-10-01 01:06:45 +00:00
Tinderbox User
551e0d486d update copyright notice / whitespace 2015-09-30 23:45:36 +00:00
Evan Hunt
3739c1beae [master] document the spill category 2015-09-29 21:21:44 -07:00
Tinderbox User
fa535fa05f regen master 2015-09-30 03:48:43 +00:00
Mark Andrews
6c4f9b5cf6 split out logging-categories [RT #40844] 2015-09-30 12:56:31 +10:00
Tinderbox User
983df82baf regen master 2015-09-30 01:06:20 +00:00
Evan Hunt
a00f9e2f50 [master] merge dyndb
4224.	[func]		Added support for "dyndb", a new interface for loading
			zone data from an external database, developed by
			Red Hat for the FreeIPA project.

			DynDB drivers fully implement the BIND database
			API, and are capable of significantly better
			performance and functionality than DLZ drivers,
			while taking advantage of advanced database
			features not available in BIND such as multi-master
			replication.

			Thanks to Adam Tkac and Petr Spacek of Red Hat.
			[RT #35271]
2015-09-28 23:12:35 -07:00
Tinderbox User
8f70b6b483 regen master 2015-09-29 01:10:32 +00:00
Mark Andrews
8fc1b0bf4d add closing tag 2015-09-29 08:36:05 +10:00
Witold Krecicki
e6d0a391f5 4223. [func] Add support for setting max-cache-size to percentage
of available physical memory, set default to 90%.
			[RT #38442]
2015-09-28 11:08:50 +02:00
Mark Andrews
98a7f8c7ae 4222. [func] Bias IPv6 servers when selecting the next server to
query. [RT #40836]
2015-09-28 18:57:19 +10:00
Tinderbox User
9a5087bf58 regen master 2015-09-23 01:05:36 +00:00
Tinderbox User
ad8f23aed6 regen master 2015-09-22 01:06:07 +00:00
Evan Hunt
72c2a84e77 [master] comment no longer needed 2015-09-21 13:17:20 -07:00
Evan Hunt
00b4840c36 [master] named.conf and lwresd man pages missing from ARM 2015-09-21 13:15:07 -07:00
Jeremy C. Reed
5c41d47227 Improve docs for zone-statistics
This is for ticket #36955.
Improve grammar for zone-statistics to list new arguments.
Refer to the docs in the options section.
Clarify about stats may not show view name.
2015-09-21 10:06:15 -05:00
Jeremy C. Reed
f48280a996 Merge branch 'rt39570'
Note I didn't add a changelog entry. The documentation was already
there and only modified a little.
2015-09-21 08:56:07 -05:00
Tinderbox User
09d72af3e9 regen master 2015-09-19 01:08:38 +00:00
Mark Andrews
f6e45a5c54 4217. [protocol] Add support for CSYNC. [RT #40532] 2015-09-18 23:45:12 +10:00
Tinderbox User
d758d223c9 regen master 2015-09-18 01:07:23 +00:00
Tinderbox User
7dbeeeaa1e update copyright notice / whitespace 2015-09-17 23:45:24 +00:00
Mark Andrews
e0a30050c8 4214. [protocol] Add support for TALINK. [RT #40544] 2015-09-18 07:43:43 +10:00
Evan Hunt
9e86fc48e0 [master] some options were in the wrong section of the ARM 2015-09-17 09:33:52 -07:00
Tinderbox User
dc9edc1332 regen master 2015-09-17 01:06:03 +00:00
Mark Andrews
3b3178ba7a fix company name
(cherry picked from commit eb4de5324b)
2015-09-17 10:17:49 +10:00
Jeremy C. Reed
f07aac8639 fix docbook tag mistake
Fix my mistake in my new branch that I just introduced.
2015-09-16 10:40:02 -05:00
Jeremy C. Reed
205c17fd0d improve the nocookie-udp-size documentation 2015-09-16 11:34:56 -04:00
Jeremy C. Reed
ed15792642 move the nocookie-udp-size from server statement to options 2015-09-16 11:25:21 -04:00
Jeremy C. Reed
7d2c4d1c9f document zone "type" in the ARM
This is for ticket #39577
It only added two sentences so didn't update changelog.
2015-09-16 09:50:29 -05:00
Jeremy C. Reed
456ef30acb remove the only section in the history appendix to workaround dblatex issue
dblatex generated LaTeX that failed with the "id" for link reference
in the sect1 when itr had no <title> to reference.
(A workaround is to set a <title>.)
But since this appendix only had one section
and looked off to have B1 with no title and no B2, just remove the
sect1 tags.
I added the id to the first <para> tag just in case someone uses
it to link.
Note I didn't reformat the content there.

I didn't get this reviewed as was trivial change.
2015-09-16 09:42:08 -05:00
Tinderbox User
5091a6fed9 regen master 2015-09-12 01:08:08 +00:00
Jeremy C. Reed
6db5cee19c add docbook tag for dns64 suffix value
add missing docbook formatting.
Note the element is standard, but that can be fixed in bulk later.
2015-09-11 13:33:55 -05:00
Jeremy C. Reed
a9695fcdcb add nxdomain-redirect to options grammar
I just used "string" as the value type.
There is no real order here so just put by another "nxdomain" option.
This was not reviewed.
This is for ticket #39384 which also considers other work.
2015-09-11 13:04:06 -05:00
Mark Andrews
5a49f61ca9 4199. [protocol] Add support for NINFO, RKEY, SINK, TA.
[RT #40545] [RT #40547] [RT #40561] [RT #40563]
2015-09-11 17:35:01 +10:00
Mark Andrews
a0ef8211d3 4201. [func] The default preferred-glue is now the address record
type of the transport the query was received
                        over.  [RT #40468]
2015-09-11 13:27:58 +10:00
Mark Andrews
3fa134363f 4200. [cleanup] win32: update BINDinstall to be BIND release
independent. [RT #38915]
2015-09-11 12:25:39 +10:00
Mark Andrews
329073f6b8 add NINFO and RKEY 2015-09-11 11:40:44 +10:00
Tinderbox User
199045f81d regen master 2015-09-11 01:06:12 +00:00
Jeremy C. Reed
4eb29d8984 Merge branch 'master' of repo.isc.org:/proj/git/prod/bind9 2015-09-10 09:34:37 -05:00
Jeremy C. Reed
c0fc4a1abd add missing space
noticed in manual review of the PDF
minor so wasn't reviewed
2015-09-10 09:32:29 -05:00
Mark Andrews
3dd63ba00f 4199. [protocol] Add support for NINFO, RKEY, TA.
[RT #40545] [RT #40547] [RT #40563]
2015-09-10 17:58:29 +10:00
Mark Andrews
63874956de 4199. [protocol] Add support for NINFO, RKEY. [RT #40547] [RT #40563] 2015-09-10 17:07:05 +10:00
Mark Andrews
8b29fc0b7a 4199. [protocol] Add support for RKEY. [RT #40563] 2015-09-10 14:50:20 +10:00
Tinderbox User
81199ce5ba regen master 2015-09-10 01:06:15 +00:00
Mark Andrews
4ca7391e64 4196. [doc] Improve how "enum + other" types are documented.
[RT #40608]

4195.   [bug]           'max-zone-ttl unlimited;' was broken. [RT #40608]
2015-09-09 17:02:11 +10:00
Tinderbox User
f6e04b5923 regen master 2015-09-09 01:06:29 +00:00
Jeremy C. Reed
176b2c47db fix grammar for keys to use key_id
This is for ticket #23009.
Remove statement about grammar too.
No CHANGES entry done.
2015-09-08 15:15:42 -05:00
Jeremy C. Reed
4de43d2854 improve dnssec-enable and dnssec-validation documentation
This is for #37362
Okayed via jabber
No CHANGES entry
2015-09-08 15:53:58 -04:00
Tinderbox User
1acae3ea5e regen master 2015-09-05 01:07:14 +00:00
Jeremy C. Reed
1a2469058c mention seconds for max-zone-ttl, max-cache-ttl, min-refresh-time, max-policy-ttl in ARM
This is for ticket 38106.
The initial patch was okayed, but then another commenter mentioned
that max-zone-ttl also allows TTL units so I mention that also
without review.
Note for the ticket, resolver-query-timeout change was
already handled last month in my commit 8789f39b
2015-09-04 14:30:48 -04:00
Jeremy C. Reed
1c2152e58f fix missing space (noticed in April, bug 39228) and fix grammar 2015-09-04 13:59:35 -04:00
Tinderbox User
a8fa482d0c regen master 2015-09-01 01:05:53 +00:00
Jeremy C. Reed
0d0e6f70ba grammar 2015-08-31 10:21:35 -05:00
Mark Andrews
483f1611fc update list of supported types in the ARM 2015-08-31 15:15:55 +10:00
Tinderbox User
f7eed06a3c regen master 2015-08-28 01:06:29 +00:00
Evan Hunt
4c9ead8b9f [master] fix incorrect bug ID 2015-08-27 10:22:46 -07:00
Tinderbox User
7e3f5fbcf8 regen master 2015-08-21 01:04:49 +00:00
Jeremy C. Reed
8789f39b12 mention resolver-query-timeout is in "seconds"
I didn't get this reviewed but looked at source where
dns_resolver_settimeout value is called "seconds"
and the comments for the maximum and default macros say "seconds".
2015-08-20 15:36:27 -05:00
Tinderbox User
95273fcb70 regen master 2015-08-16 01:05:36 +00:00
Evan Hunt
c40d8676c2 [master] fix copyright 2015-08-14 19:57:22 -07:00
Tinderbox User
310f88d008 [master] fix the o umlaut for HTML and TXT too 2015-08-15 02:55:15 +00:00
Tinderbox User
c266f8b440 regen master 2015-08-14 01:04:59 +00:00
Tinderbox User
ca5b644b9e update copyright notice / whitespace 2015-08-13 23:45:25 +00:00
Evan Hunt
afc3103851 [master] add CVE number 2015-08-13 15:30:49 -07:00
Tinderbox User
f619a2035b document omlaut 2015-08-13 20:43:29 +00:00
Tinderbox User
a73d9c0b4d support umlaut 'o' 2015-08-13 19:42:19 +00:00
Tinderbox User
aa6c5a3e33 regen master 2015-08-13 01:26:22 +00:00
Evan Hunt
9716b6a5d6 [master] xml doesn't define &ouml; 2015-08-12 18:16:04 -07:00
Mark Andrews
c631ff56bf Updated CHANGES note to include require-server-cookie:
4152.   [func]          Implement DNS COOKIE option.  This replaces the
                        experimental SIT option of BIND 9.10.  The following
                        named.conf directives are available: send-cookie,
                        cookie-secret, cookie-algorithm, nocookie-udp-size
                        and require-server-cookie.  The following dig options
                        are available: +[no]cookie[=value] and +[no]badcookie.
                        [RT #39928]
2015-08-13 08:26:23 +10:00
Mark Andrews
b63a83eea8 update 2015-08-12 22:58:07 +10:00
Evan Hunt
c707e2b986 [master] fix length check in OPENPGPKEY
4170.	[security]	An incorrect boundary check in the OPENPGPKEY
			rdatatype could trigger an assertion failure.
			[RT #40286]
2015-08-11 20:01:44 -07:00
Tinderbox User
5002bd49e8 regen master 2015-08-08 01:06:01 +00:00
Evan Hunt
ce9f893e21 [master] address buffer accounting error
4168.	[security]	A buffer accounting error could trigger an
			assertion failure when parsing certain malformed
			DNSSEC keys. (CVE-2015-5722) [RT #40212]
2015-08-07 13:16:10 -07:00
Jeremy C. Reed
658b0ec21c fix spelling typo 2015-08-07 12:31:55 -04:00
Tinderbox User
964783e7e8 regen master 2015-08-07 01:06:05 +00:00
Evan Hunt
d2f45d7ffd [master] revert incorrect 'correction' 2015-08-05 12:15:25 -07:00
Tinderbox User
233da44607 regen master 2015-08-01 01:05:43 +00:00
Evan Hunt
7ed374872f [master] corrected relnotes -- assertion in name.c not message.c 2015-07-31 12:03:29 -07:00
Mark Andrews
090ba6ff30 update 2015-07-26 06:45:53 +10:00
Tinderbox User
98e1584b29 update copyright notice / whitespace 2015-07-24 23:45:21 +00:00
Mark Andrews
b2b408e4ed update 2015-07-24 23:39:58 +10:00
Mark Andrews
364162f4ae update 2015-07-24 15:05:20 +10:00
Mark Andrews
230f8da57c update 2015-07-24 14:58:21 +10:00
Tinderbox User
5d564da348 regen master 2015-07-24 01:04:59 +00:00
Mark Andrews
98869e60fa whitespace 2015-07-23 17:56:03 +10:00
Tinderbox User
bd84b04e4f regen master 2015-07-21 01:05:05 +00:00
Evan Hunt
8a205b4534 [master] remove accidentally duplicated section on clients-per-query 2015-07-20 15:25:28 -07:00
Tinderbox User
bd9a66d553 regen master 2015-07-15 01:04:58 +00:00
Mark Andrews
84114ec4c7 request-nsid -> request-sit 2015-07-15 08:38:08 +10:00
Mark Andrews
c5eb9add52 add CVE-2015-5477 2015-07-15 07:51:06 +10:00
Tinderbox User
b3338fc248 regen master 2015-07-11 01:05:48 +00:00
Tinderbox User
c0cbdeedb5 regen master 2015-07-10 01:05:03 +00:00
Evan Hunt
1479200aa0 [master] DDoS mitigation features
3938.	[func]		Added quotas to be used in recursive resolvers
			that are under high query load for names in zones
			whose authoritative servers are nonresponsive or
			are experiencing a denial of service attack.

			- "fetches-per-server" limits the number of
			  simultaneous queries that can be sent to any
			  single authoritative server.  The configured
			  value is a starting point; it is automatically
			  adjusted downward if the server is partially or
			  completely non-responsive. The algorithm used to
			  adjust the quota can be configured via the
			  "fetch-quota-params" option.
			- "fetches-per-zone" limits the number of
			  simultaneous queries that can be sent for names
			  within a single domain.  (Note: Unlike
			  "fetches-per-server", this value is not
			  self-tuning.)
			- New stats counters have been added to count
			  queries spilled due to these quotas.

			See the ARM for details of these options. [RT #37125]
2015-07-08 22:53:39 -07:00
Tinderbox User
40f508f08b regen master 2015-07-08 01:04:56 +00:00
Evan Hunt
70d987def5 [master] traffic size stats
4156.	[func]		Added statistics counters to track the sizes
			of incoming queries and outgoing responses in
			histogram buckets, as specified in RSSAC002.
			[RT #39049]
2015-07-06 22:29:06 -07:00
Mukund Sivaraman
33ca26968b Allow RPZ rewrite logging to be configured on a per-zone basis (#39754) 2015-07-06 08:57:51 +05:30
Tinderbox User
1879ff4932 regen master 2015-07-06 01:04:49 +00:00
Mark Andrews
ce67023ae3 4152. [func] Implement DNS COOKIE option. This replaces the
experimental SIT option of BIND 9.10.  The following
                        named.conf directives are avaliable: send-cookie,
                        cookie-secret, cookie-algorithm and nocookie-udp-size.
                        The following dig options are available:
                        +[no]cookie[=value] and +[no]badcookie.  [RT #39928]
2015-07-06 09:44:24 +10:00
Mark Andrews
aa3bffca69 whitespace 2015-07-04 12:50:29 +10:00
Tinderbox User
6cd01c0a96 regen master 2015-06-30 01:04:57 +00:00
Tinderbox User
0a4f0f6ab6 regen master 2015-06-26 01:05:04 +00:00
Witold Krecicki
f10a67dad2 Add statistics counters for nxdomain redirections. [RT #39790] 2015-06-25 09:21:50 +02:00
Tinderbox User
0da3028ccf regen master 2015-06-20 01:05:58 +00:00
Witold Krecicki
6a3249533a fix rpz-client-ip documentation [RT #39783] 2015-06-19 10:23:53 +02:00
Tinderbox User
b708ffc480 regen master 2015-06-19 01:05:11 +00:00
Mukund Sivaraman
f4d1c19691 Add comma 2015-06-17 12:23:44 +05:30
Mark Andrews
572e95f52a add release notes for CVE-2015-4620 2015-06-17 11:19:53 +10:00
Tinderbox User
871ab4edd8 regen master 2015-06-06 01:06:45 +00:00
Mark Andrews
94f7158d44 update rpz doc as per rt39703 2015-06-05 11:13:02 +10:00
Tinderbox User
335c82aebd regen master 2015-06-05 01:05:03 +00:00
Evan Hunt
8c9fba44a4 [master] further RPZ fixes
4131.	[bug]		Addressed further problems with reloading RPZ
			zones. [RT #39649]
2015-06-03 18:18:55 -07:00
Tinderbox User
22be030b50 regen master 2015-05-29 01:04:57 +00:00
Tinderbox User
431e5c81db update copyright notice / whitespace 2015-05-28 23:45:24 +00:00
Tinderbox User
481870b95f regen master 2015-05-28 01:04:54 +00:00
Mark Andrews
598b502695 4127. [protocol] CDS and CDNSKEY need to be signed by the key signing
key as per RFC 7344, Section 4.1. [RT #37215]
2015-05-27 15:25:45 +10:00
Tinderbox User
661e7fbf77 regen master 2015-05-22 01:04:47 +00:00
Evan Hunt
f5c20627f4 [master] fix tags 2015-05-21 14:29:22 -07:00
Mukund Sivaraman
72a1c3f1a7 Update notes.xml and CHANGES for #39567 2015-05-21 21:45:47 +05:30
Mukund Sivaraman
705cea35a8 Fix RPZ radix tree search() for CLIENT-IP triggers (#39481) 2015-05-21 11:10:49 +05:30
Tinderbox User
b9a0676eec regen master 2015-05-21 01:04:46 +00:00
Evan Hunt
19365b43e9 [master] ensure rpz summary consistence during AXFR updates
4121.	[bug]		When updating a response-policy zone via AXFR,
			summary data about other policy zones could fall
			out of sync. Ultimately this could trigger an
			assertion failure in rpz.c. [RT #39567]
2015-05-20 15:00:50 -07:00
Tinderbox User
e9ed929fd1 regen master 2015-05-20 01:04:55 +00:00
Evan Hunt
7e6cf6fc6e [master] address a possible policy update race
4120.	[bug]		A bug in RPZ could cause the server to crash if
			policy zones were updated while recursion was
			pending for RPZ processing of an active query.
			[RT #39415]
2015-05-19 15:47:42 -07:00
Mark Andrews
8f20f6c9d7 4117. [protocol] Add EMPTY.AS112.ARPA as per RFC 7534. 2015-05-15 08:22:25 +10:00
Tinderbox User
7f18387d4b regen master 2015-05-08 01:05:05 +00:00
Mukund Sivaraman
b947e1a521 Fix a bug in RPZ that could cause unwanted recursion (#39229)
Conflicts:
	doc/arm/notes.xml
2015-05-07 08:29:36 +05:30
Tinderbox User
6d45011a65 regen master 2015-05-06 01:05:06 +00:00
Tinderbox User
395c952141 regen master 2015-05-05 01:05:07 +00:00
Tinderbox User
e668599e6a regen master 2015-04-25 01:05:56 +00:00
Mark Andrews
e77e449549 4109. [port] linux: support reading the local port range from
net.ipv4.ip_local_port_range. [RT # 39379]
2015-04-25 08:25:42 +10:00
Tinderbox User
8168c28739 regen master 2015-04-24 01:05:03 +00:00
Evan Hunt
ef1aaab9ed [master] more verbose CHANGES note, added release note
4108.	[func]		An additional NXDOMAIN redirect method (option
			"nxdomain-redirect") has been added, allowing
			redirection to a specified DNS namespace instead
			of a single redirect zone. [RT #37989]
2015-04-23 09:40:07 -07:00
Mark Andrews
c82b378115 4108. [func] A additional nxdomain redirect (nxdomain-redirect)
method is now supported. [RT #37989]
2015-04-23 16:57:15 +10:00
Tinderbox User
645a03d61e regen master 2015-04-16 01:04:55 +00:00
Evan Hunt
fc3ed1dbda [master] fix +split and +rrcomments with dig +short
4101.	[bug]		dig: the +split and +rrcomments options didn't
			work with +short. [RT #39291]
2015-04-15 09:50:07 -07:00
Tinderbox User
24abfe433e regen master 2015-04-14 01:05:08 +00:00
Tinderbox User
6a6ceba6fe update copyright notice / whitespace 2015-04-13 23:45:23 +00:00
Jeremy C. Reed
2637d30fbd docbook <command> tags around named server references 2015-04-13 11:46:35 -05:00
Jeremy C. Reed
2b66b8b6fb fix mismatched docbook tag 2015-04-13 11:38:40 -05:00