upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-23 01:40:23 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
22033 commits 18 branches 854 tags 440 MiB
Commit graph

9294 commits

Author SHA1 Message Date
Evan Hunt
711e833921 [v9_9] add max-recursion-queries 
also fixes and documentation for max-recursion-depth

(cherry picked from commit c4f54e5bd1)
(cherry picked from commit b3aa528d7e)
 2014-11-18 22:14:55 -08:00
Evan Hunt
603a0e2637 [v9_9] limit recursion depth and iterative queries 
4006.	[security]	A flaw in delegation handling could be exploited
			to put named into an infinite loop.  This has
			been addressed by placing limits on the number
			of levels of recursion named will allow (default 7),
			and the number of iterative queries that it will
			send (default 50) before terminating a recursive
			query (CVE-2014-8500).

			The recursion depth limit is configured via the
			"max-recursion-depth" option.  [RT #35780]
 2014-11-17 23:49:07 -08:00
Evan Hunt
922588e83e [v9_9] fix false positive compiler warning 
a "pointer always evaluates to true" warning was blocking
compilation of the radix ATF test when using --enable-developer
with gcc 4.8.2.
 2014-11-15 00:55:20 -08:00
Evan Hunt
f6e2e95a7d [v9_9] reference leak with AAAA glue but not A 
4004.	[bug]		When delegations had AAAA glue but not A, a
			reference could be leaked causing an assertion
			failure on shutdown. [RT #37796]

(cherry picked from commit c4abb19716)
(cherry picked from commit 96b6923a25)
 2014-11-14 09:04:52 -08:00
Tinderbox User
ea276ca5fa update copyright notice 2014-11-04 23:46:04 +00:00
Mark Andrews
7e43c092d4 add missing opening bracket 
(cherry picked from commit a31d0513c3)
 2014-11-04 17:14:08 +11:00
Mark Andrews
c75e6e9756 DNS_STYLEFLAG_NOCRYPTO not supported in 9.9.x 2014-11-04 14:02:42 +11:00
Mark Andrews
4cc275ad08 3998. [bug] isc_radix_search was returning matches that were 
to precise. [RT #37680]

(cherry picked from commit b976c39c07)
 2014-11-04 12:41:07 +11:00
Mark Andrews
bb4ef32432 3997. [protocol] Add OPENGPGKEY record. [RT# 37671] 2014-11-04 12:25:38 +11:00
Tinderbox User
2c0599bc2b update copyright notice 2014-10-31 23:46:07 +00:00
Mark Andrews
14a1fe655c 3996. [bug] Address use after free on out of memory error in 
keyring_add. [RT #37639]

(cherry picked from commit c2f8108123)
 2014-10-31 11:45:01 +11:00
Mark Andrews
241cf99bf5 3995. [bug] receive_secure_serial holds the zone lock for too 
long. [RT #37626]

(cherry picked from commit 4e59131f18)
(cherry picked from commit 1083f358ae)
 2014-10-31 11:40:05 +11:00
Mark Andrews
b73923f773 3989. [cleanup] Remove redundent dns_db_resigned calls. [RT #35748] 
(cherry picked from commit eb5243365c)
 2014-10-30 10:55:10 +11:00
Tinderbox User
c64d8daa09 update copyright notice 2014-10-21 23:46:11 +00:00
Francis Dupont
88f53e412b Handle VS14 incompatible changes [RT #37380] 2014-10-21 09:36:43 +02:00
Mark Andrews
f2b44f6586 3981. [bug] Cache DS/NXDOMAIN independently of other query types. 
[RT #37467]

(cherry picked from commit 72775a79fe)
 2014-10-18 13:10:16 +11:00
Evan Hunt
7b4063bd24 [v9_9] add diffie-hellman key unit test 
3978.	[test]		Added a unit test for Diffie-Hellman key
			computation, completing change #3974. [RT #37477]

(cherry picked from commit 188690149b)
(cherry picked from commit bc59dcd76e)
 2014-10-17 15:58:29 -07:00
Evan Hunt
d1d6b9c1b3 [v9_9] correctly validate 5011 trust anchors 
3976.	[bug]		When refreshing managed-key trust anchors, clear
			any cached trust so that they will always be
			revalidated with the current set of secure
			roots. [RT #37506]

(cherry picked from commit eb6d61d5e0)
(cherry picked from commit 5c409ba290)
 2014-10-17 15:42:02 -07:00
Tinderbox User
bff9e4ff82 update copyright notice 2014-10-16 23:46:04 +00:00
Mark Andrews
a83faea899 initialize rdataset->private7 
(cherry picked from commit ca77632f65)
 2014-10-16 11:25:11 +11:00
Tinderbox User
9c4c75ddbf update copyright notice 2014-10-13 23:46:06 +00:00
Mark Andrews
8b85186a3f 3974. [bug] handle DH_compute_key() failure correctly in 
openssldh_link.c. [RT #37477]

(cherry picked from commit 58a1051e92)
 2014-10-13 23:42:43 +11:00
Mark Andrews
db7f16f51c silence compiler warning 
(cherry picked from commit bbec761a67)
 2014-10-08 17:47:59 +11:00
Tinderbox User
027014d649 update copyright notice 2014-10-04 23:46:05 +00:00
Mark Andrews
53373a6929 3971. [bug] Reduce the cascasding failures due to a bad $TTL line 
in named-checkconf / named-checkzone. [RT #37138]

(cherry picked from commit c81d56c03e)
 2014-10-05 08:30:37 +11:00
Mark Andrews
aaf8ae4297 3966. [bug] Missing dns_db_closeversion call in receive_secure_db. 
[RT #35746]

(cherry picked from commit 9c0589bc8b)
 2014-10-03 07:52:17 +10:00
Tinderbox User
aaa24cf075 update copyright notice 2014-09-30 23:47:13 +00:00
Mark Andrews
650404030c 3961. [bug] Forwarding of SIG(0) signed UPDATE messages failed with 
BADSIG.  [RT #37216]

(cherry picked from commit a6869655d6)
 2014-10-01 07:43:17 +10:00
Mark Andrews
a962ff7d5e 3959. [bug] Updates could be lost if they arrived immediately 
after a rndc thaw. [RT #37233]

(cherry picked from commit fa827173df)
 2014-10-01 07:00:02 +10:00
Tinderbox User
141adfd898 update copyright notice 2014-09-29 23:46:13 +00:00
Mark Andrews
332652409f 3958. [bug] Detect when writeable files have multiple references 
in named.conf. [RT #37172]

(cherry picked from commit 386d6c08167bc048dfd20e3bba051a5f9d3cc545)
 2014-09-29 11:32:52 +10:00
Mark Andrews
0ae15932ae 3957. [bug] "dnssec-keygen -S" failed for ECCGOST, ECDSAP256SHA256 
and ECDSAP384SHA384. [RT #37183]

(cherry picked from commit 80169c379d)
 2014-09-29 10:27:24 +10:00
Tinderbox User
911e552d6c update copyright notice 2014-09-28 23:46:05 +00:00
Mark Andrews
c41a438d4d 3955. [bug] Notify messages due to changes are no longer queued 
behind startup notify messages. [RT #24454]

(cherry picked from commit 319659fc23)
 2014-09-29 09:35:15 +10:00
Tinderbox User
9dca2871b7 update copyright notice 2014-09-27 23:46:06 +00:00
Mark Andrews
bb2451e0e1 3953. [bug] Don't escape semi-colon in TXT fields. [RT #37159] 
(cherry picked from commit 9a36fb86f5)
 2014-09-27 12:14:57 +10:00
Mark Andrews
6c34e1c183 3952. [bug] dns_name_fullcompare failed to set *nlabelsp when the 
two name pointers were the same. [RT #37176]

(cherry picked from commit a266ab205b)
 2014-09-27 11:47:17 +10:00
Evan Hunt
9ce5221877 [v9_9] prep 9.9.6 2014-09-16 09:35:23 -07:00
Evan Hunt
17c9e5f31d [v9_9] spelling 2014-09-15 18:19:39 -07:00
Mark Andrews
c0416dd92b update named-checkzone manpage for SPF changes 2014-09-13 07:56:19 +10:00
Tinderbox User
e438b6de1e update copyright notice 2014-09-05 23:46:22 +00:00
Evan Hunt
40d8a124e5 [v9_9] prep 9.9.6rc2 2014-09-05 10:36:29 -07:00
Evan Hunt
38398c590a [v9_9] [rt36786] use INSTALL_PROGRAM for shared libs 
3947.	[cleanup]	Set the executable bit on libraries when using
			libtool. [RT #36786]

(cherry picked from commit f687e639f0)
 2014-09-05 10:28:57 -07:00
Mark Andrews
0ef83e5b5d 3945. [bug] Invalid wildcard expansions could be incorrectly 
accepted by the validator. [RT #37093]

(cherry picked from commit 2fa1fc5332)
 2014-09-05 12:12:08 +10:00
Tinderbox User
d575f45931 regen v9_9 2014-09-05 01:14:12 +00:00
Mark Andrews
d2ac59302c 3942. [bug] Wildcard responses from a optout range should be 
marked as insecure. [RT #37072]
 2014-09-04 13:59:50 +10:00
Evan Hunt
95ac626e8d [v9_9] missed an api change 2014-08-29 18:38:35 -07:00
Evan Hunt
ff21403ec5 [v9_9] prep 9.9.6rc1 2014-08-29 18:36:49 -07:00
Evan Hunt
d5669ee77c [v9_9] fixes to checkconf test, HIP casecompare 
3933.	[bug]		Corrected the implementation of dns_rdata_casecompare()
			for the HIP rdata type.  [RT #36911]

3932.	[test]		Improved named-checkconf tests. [RT #36911]

(cherry picked from commit 0c2313eb36)
 2014-08-27 21:37:40 -07:00
Mark Andrews
ddf4e45cad 3931. [cleanup] Cleanup how dlz grammer is defined. [RT #36879] 
(cherry picked from commit 1164997311)
 2014-08-26 15:26:05 +10:00