upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-03-03 14:00:47 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
22033 commits 18 branches 854 tags 440 MiB
Commit graph

6493 commits

Author SHA1 Message Date
Evan Hunt
711e833921 [v9_9] add max-recursion-queries 
also fixes and documentation for max-recursion-depth

(cherry picked from commit c4f54e5bd1)
(cherry picked from commit b3aa528d7e)
 2014-11-18 22:14:55 -08:00
Tinderbox User
dd461ee35b update copyright notice / whitespace 2014-11-18 23:46:09 +00:00
Evan Hunt
603a0e2637 [v9_9] limit recursion depth and iterative queries 
4006.	[security]	A flaw in delegation handling could be exploited
			to put named into an infinite loop.  This has
			been addressed by placing limits on the number
			of levels of recursion named will allow (default 7),
			and the number of iterative queries that it will
			send (default 50) before terminating a recursive
			query (CVE-2014-8500).

			The recursion depth limit is configured via the
			"max-recursion-depth" option.  [RT #35780]
 2014-11-17 23:49:07 -08:00
Mark Andrews
16adeb3661 check returns from putstr and putnull 
(cherry picked from commit 18fa89b01e)
 2014-11-18 13:03:20 +11:00
Evan Hunt
f6e2e95a7d [v9_9] reference leak with AAAA glue but not A 
4004.	[bug]		When delegations had AAAA glue but not A, a
			reference could be leaked causing an assertion
			failure on shutdown. [RT #37796]

(cherry picked from commit c4abb19716)
(cherry picked from commit 96b6923a25)
 2014-11-14 09:04:52 -08:00
Tinderbox User
8cf35615f6 update copyright notice 2014-11-05 23:46:03 +00:00
Evan Hunt
b2630b7363 [v9_9] fix nxrrset in nxdomain redirection 
4000.	[bug]		NXDOMAIN redirection incorrectly handled NXRRSET
			from the redirect zone. [RT #37722]

(cherry picked from commit 3cc8c7d630)
(cherry picked from commit 56293cd148)
 2014-11-04 23:54:25 -08:00
Mark Andrews
bb4ef32432 3997. [protocol] Add OPENGPGKEY record. [RT# 37671] 2014-11-04 12:25:38 +11:00
Mark Andrews
bfef33cbe3 3990. [testing] Add tests for unknown DNSSEC algorithm handling. 
[RT #37541]

(cherry picked from commit a5c7cfbac4)
 2014-10-30 11:22:17 +11:00
Tinderbox User
e00da9b8bc regen v9_9 2014-10-21 06:49:41 +00:00
Tinderbox User
6ec35cff80 regen v9_9 2014-10-21 01:12:23 +00:00
Tinderbox User
bf2b88607b update copyright notice 2014-10-20 23:46:18 +00:00
Mark Andrews
ca46ee6d2b 3985. [doc] Describe how +ndots and +search interact in dig. 
[RT #37529]

(cherry picked from commit 40b28f5402)
 2014-10-21 08:07:24 +11:00
Mark Andrews
f2b44f6586 3981. [bug] Cache DS/NXDOMAIN independently of other query types. 
[RT #37467]

(cherry picked from commit 72775a79fe)
 2014-10-18 13:10:16 +11:00
Mark Andrews
8b5f53534c allow for the set of ttls to be empty 
(cherry picked from commit 44ef2206d7)
 2014-10-16 14:47:11 +11:00
Mark Andrews
7d00852591 make test more robust in the face of server failures 2014-10-16 12:34:36 +11:00
Mark Andrews
8f355bec12 3972. [bug] Fix host's usage statement. [RT #37397] 
(cherry picked from commit c12c746e3a)
 2014-10-07 01:10:10 +11:00
Mark Andrews
53373a6929 3971. [bug] Reduce the cascasding failures due to a bad $TTL line 
in named-checkconf / named-checkzone. [RT #37138]

(cherry picked from commit c81d56c03e)
 2014-10-05 08:30:37 +11:00
Mark Andrews
cbe35320bf verifying inline zones work with views requires crypto to be configured 2014-10-04 18:08:53 +10:00
Evan Hunt
d1beb33058 [v9_9] remove clone tests from the views system test: inapplicable in 9.9 2014-10-03 07:22:55 -07:00
Tinderbox User
3c516868aa update copyright notice 2014-10-02 23:46:10 +00:00
Mark Andrews
c4c43e7359 3968. [bug] Silence spurious log messages when using 'named -[46]'. 
[RT #37308]

(cherry picked from commit 6979ebf549)
 2014-10-03 08:06:31 +10:00
Mark Andrews
e232d15075 3967. [test] Add test for inlined signed zone in multiple views 
with different DNSKEY sets. [RT #35759]

(cherry picked from commit b24061719c)
 2014-10-03 08:01:54 +10:00
Mark Andrews
aaf8ae4297 3966. [bug] Missing dns_db_closeversion call in receive_secure_db. 
[RT #35746]

(cherry picked from commit 9c0589bc8b)
 2014-10-03 07:52:17 +10:00
Mark Andrews
302455db78 SIG(0) update forwarding testing requires crypto be configured 
(cherry picked from commit a837c939c4)
 2014-10-02 11:08:02 +10:00
Tinderbox User
c039cd1603 update copyright notice 2014-10-01 23:46:05 +00:00
Mark Andrews
c433c3b9dd 3962. [bug] 'dig +topdown +trace +sigchase' address unhandled error conditions. [RT #34663] 
(cherry picked from commit 7d891eaf91)
 2014-10-01 10:02:21 +10:00
Tinderbox User
aaa24cf075 update copyright notice 2014-09-30 23:47:13 +00:00
Mark Andrews
650404030c 3961. [bug] Forwarding of SIG(0) signed UPDATE messages failed with 
BADSIG.  [RT #37216]

(cherry picked from commit a6869655d6)
 2014-10-01 07:43:17 +10:00
Mark Andrews
57acbfc9c7 3960. [bug] 'dig +sigchase' could loop forever. [RT #37220] 
(cherry picked from commit c83b91fb63)
 2014-10-01 07:18:49 +10:00
Tinderbox User
141adfd898 update copyright notice 2014-09-29 23:46:13 +00:00
Mark Andrews
8f050179ef use RANDFILE rather than /dev/urandom 
(cherry picked from commit 4bc581ca31)
 2014-09-29 23:39:30 +10:00
Mark Andrews
332652409f 3958. [bug] Detect when writeable files have multiple references 
in named.conf. [RT #37172]

(cherry picked from commit 386d6c08167bc048dfd20e3bba051a5f9d3cc545)
 2014-09-29 11:32:52 +10:00
Mark Andrews
0ae15932ae 3957. [bug] "dnssec-keygen -S" failed for ECCGOST, ECDSAP256SHA256 
and ECDSAP384SHA384. [RT #37183]

(cherry picked from commit 80169c379d)
 2014-09-29 10:27:24 +10:00
Mark Andrews
0ab4fe276e 3954. [bug] Unchecked mutex init in dlz_dlopen_driver.c [RT #37112] 
(cherry picked from commit 6b6d6509f6)
 2014-09-27 12:30:39 +10:00
Mark Andrews
bb2451e0e1 3953. [bug] Don't escape semi-colon in TXT fields. [RT #37159] 
(cherry picked from commit 9a36fb86f5)
 2014-09-27 12:14:57 +10:00
Mark Andrews
288be32d30 give the nameserver a little longer to response 
(cherry picked from commit 06e28e50bd)
 2014-09-18 10:10:05 +10:00
Mark Andrews
d7baef56d7 make depend fails in bin/python 2014-09-15 14:11:01 +10:00
Tinderbox User
0bc7a16fe3 regen v9_9 2014-09-13 01:13:48 +00:00
Evan Hunt
9385828b30 [v9_9] [rt36993] work around a bmake bug in BSD 
3950.	[port]		Changed the bin/python Makefile to work around a
			bmake bug in FreeBSD 10 and NetBSD 6. [RT #36993]

(cherry picked from commit 8dba0e7d87)
(cherry picked from commit 357cce8964)
 2014-09-12 15:22:42 -07:00
Mark Andrews
c0416dd92b update named-checkzone manpage for SPF changes 2014-09-13 07:56:19 +10:00
Tinderbox User
e438b6de1e update copyright notice 2014-09-05 23:46:22 +00:00
Evan Hunt
039e58e905 [v9_9] [rt37057] server-id tests 
3944.	[test]		Added a regression test for "server-id". [RT #37057]

(cherry picked from commit c9e976dc43)
(cherry picked from commit 9f6a6d24dc)
 2014-09-05 10:12:28 -07:00
Tinderbox User
d575f45931 regen v9_9 2014-09-05 01:14:12 +00:00
Mark Andrews
d2ac59302c 3942. [bug] Wildcard responses from a optout range should be 
marked as insecure. [RT #37072]
 2014-09-04 13:59:50 +10:00
Evan Hunt
17d84b0ec9 [v9_9] check correctly for duplicate zone error message 2014-09-03 12:58:43 -07:00
Mark Andrews
42b68f99bc update-copyrights 2014-08-29 10:18:38 +10:00
Evan Hunt
d5669ee77c [v9_9] fixes to checkconf test, HIP casecompare 
3933.	[bug]		Corrected the implementation of dns_rdata_casecompare()
			for the HIP rdata type.  [RT #36911]

3932.	[test]		Improved named-checkconf tests. [RT #36911]

(cherry picked from commit 0c2313eb36)
 2014-08-27 21:37:40 -07:00
Mark Andrews
ddf4e45cad 3931. [cleanup] Cleanup how dlz grammer is defined. [RT #36879] 
(cherry picked from commit 1164997311)
 2014-08-26 15:26:05 +10:00
Mark Andrews
28f24102e2 3929. [bug] 'host -a' needed to clear idnoptions. [RT #36963] 
(cherry picked from commit 905ba39e10)
 2014-08-26 08:28:00 +10:00