upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
37585 commits 18 branches 886 tags 464 MiB
Commit graph

2827 commits

Author SHA1 Message Date
Michal Nowak
b293b2c638
Add Fedora 37 2022-11-21 12:48:40 +01:00
Matthijs Mekking
f71a6692db Obsolete dnssec-secure-to-insecure option 
Now that the key management operations using dynamic updates feature
has been removed, the 'dnssec-secure-to-insecure' option has become
obsoleted.
 2022-11-18 11:04:17 +01:00
Matthijs Mekking
93441714ad Remove dynamic update key management documentation 
Remove the text from the ARM and DNSSEC guide that describes how to do
key and denial of existence operations using dynamic update. Add a new
section about DNSSEC multi-signer models, but no longer suggest using
dynamic update and auto-dnssec allow.
 2022-11-18 11:04:17 +01:00
Michal Nowak
0b5a58202e BIND 9.19.7 
-----BEGIN PGP SIGNATURE-----
 
 iQJDBAABCgAtFiEENKwGS3ftSQfs1TU17QVz/8hFYQUFAmNpeGQPHG1pY2hhbEBp
 c2Mub3JnAAoJEO0Fc//IRWEFwEoQAIEfRAfCXJH+RfQj36KHPtmODcVgCA7HxWZE
 jhC5u0Koh7nbCFEhOepTWmMEfu6xoqRLhC/f/DJp20HxsvHWPj7XySNBhKrhCiM/
 xCU1uYteBh3bgrwTvgD9nnecTcHfUMVy+nzGBWLxAp0P20X2hRy/ldH0SO6Gn3Jm
 S/WuKAn4h9RAdPDSmFQV5U7wcLKKuW2Ueb2gNwXFexcqkmElBb6SoPR4TZd7EwaL
 EbXx9pSNUPGP/JSFDZ5FHBh/CiI1YdjNw3xz103aauSToFfNBAZajYNLFXY7PPDv
 cgBhTNTFCJRZBlSENPnRMzD6si+Tzo12IxHotnSKF/4tRQAg0wOmLxaTXlycp+nn
 sBqN1+7BJAI33EElJzKyOLKU/siaTYGGCDCukPliCOmx34MteeOvuKYu9AAX5cU9
 cCXNo31x0rKlYytL3e8jprzw/uIY1vch8Bc8gV9BgaY+qVZJP6n0GP4noCgXIws6
 I0Fu+Nl5eu6/ITkcwsRuTw9v45zMKfvzsEh78pwPWJ4DCG48NHAz44M3HDEBUYsj
 A+B4k17qclvEAJSHjdWPa0tLG292nTBmpA8dCXoHmVUomuiTQ4ux6zNkmA4RiGAF
 fgVRAQKEzdb1NM1qrhbVyBJWp3mkBwQa3NpHnWZarA5eCMAuaTFnWpgiSzN2OyYo
 Qbq9lTWc
 =IAec
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEIz+ZTe/bbr1Q+/5RJKPoRjruXlYFAmN073QACgkQJKPoRjru
 XlZPZw/+MBtiRLVwQtHMHas2c2WpYO7WlVdT6sxkBtk06q7KvEJWjH9QBnmRkn57
 hO+B9sGHOqFptI+15oNgQQqghJxT43DCIAF5/6N0wWobT6m7frFxwh0nE2fTuHfK
 nTOI7OseLQVdi4jutbhiovh5APooqfNTvM5KXrx45C9WNhs2v14LJjgyeLbRa1NS
 +X26g8GaUVVsHKwE7/Et5PtWVuLczVVQjW8aNMsE0bfPmY/jWMmSangdcF7TtYSs
 YBJQbrNIpWDHfmOAsz8WeqW4dRr9YBDn0yF7bWKEKgmQu9BKZ/QiDnFNXnHNUu7r
 crM0fSZFgt/385mn5U/cMXKjCg+UndEq7/rHFgzwnqEHX/5e3f3uWW3zVhBZGbX6
 mVreUUIvG/gih+IXWi96ozVojmv2Bn5jAgEwgWXuWfx/RpdCrKmJ6VAFSb6+cte6
 p2JWWVohdptjK8ys0XHjVpXDeDd162ces9Gj9RuBMWmUTehIM0tBvacOtiwWVm6h
 oJNOkkzeXWBDKF/RdbflMYhQ6Pu0JOcSfKqnzOj3J3+10yPSqMA/LBBS2Hn71FJ7
 jJztrFOH6vLjiKMZyu3UXCxwYSa3qs33yUzHUX+jH2+7ijMSYl0qQ0AwW8ZPPWxQ
 f4DC+YwKlFnIBt4t9mYxWNltVYbS5Gm9FPe+LnLO/KjWLA4Tnuk=
 =upj5
 -----END PGP SIGNATURE-----

Merge tag 'v9_19_7'

BIND 9.19.7
 2022-11-16 15:10:51 +01:00
Michal Nowak
b239e6870d
Add OpenBSD 7.2 2022-11-15 08:06:37 +01:00
Michal Nowak
d34c7ae227 Replace "sha1sum" with "openssl sha1 -r" 
"sha1sum" is part of GNU Coreutils, neither BIND 9 dependency nor POSIX.
Replace it with "openssl sha1 -r" as OpenSSL is BIND 9 dependency.
 2022-11-14 19:54:42 +00:00
Ondřej Surý
379929e052
Deprecate setting operating system limits from named.conf 
It was possible to set operating system limits (RLIMIT_DATA,
RLIMIT_STACK, RLIMIT_CORE and RLIMIT_NOFILE) from named.conf.  It's
better to leave these untouched as setting these is responsibility of
the operating system and/or supervisor.

Deprecate the configuration options and remove them in future BIND 9
release.
 2022-11-14 16:48:52 +01:00
Ondřej Surý
76725718f4
Update the build requirements in the ARM 
The build requirements have been updated to state that libcap is now
required on Linux and removed mention of --with-tuning configure option.
 2022-11-14 10:01:20 +01:00
Petr Špaček
7d352741a0
Document that update-policy external is synchronous 2022-11-11 10:32:14 +01:00
Michał Kępień
a8129353f4 Prepare release notes for BIND 9.19.7 2022-11-07 22:07:08 +01:00
Petr Špaček
c58dd2790a Repeat Known Issues at the top of Release Notes page 
From now on all per-version notes link to the global list
of Known Issues. If there is a new note it should be listed twice:
In the per-version list, and in the global list.
 2022-11-07 14:03:15 +01:00
Mark Andrews
da6359345e Add check-svcb to named 
check-svcb signals whether to perform additional contraint tests
when loading / update primary zone files.
 2022-10-29 00:22:54 +11:00
Michał Kępień
a8f0ab7df6 Bump Sphinx version to 5.3.0 
Make the Sphinx version listed in doc/arm/requirements.txt match the
version currently used in GitLab CI, so that Read the Docs builds the
documentation using the same Python software versions as those used in
GitLab CI.
 2022-10-24 11:05:02 +02:00
Aram Sargsyan
ef344b1f52 Fix prefetch "trigger" value's documentation in ARM 
For the prefetch "trigger" parameter ARM states that when a cache
record with a lower TTL value is encountered during query processing,
it is refreshed. But in reality, the record is refreshed when the TTL
value is lower or equal to the configured "trigger" value.

Fix the documentation to make it match with with the code.
 2022-10-21 10:19:53 +00:00
Michal Nowak
97b9a7eb56 BIND 9.19.6 
-----BEGIN PGP SIGNATURE-----
 
 iQJDBAABCgAtFiEENKwGS3ftSQfs1TU17QVz/8hFYQUFAmNDwzcPHG1pY2hhbEBp
 c2Mub3JnAAoJEO0Fc//IRWEF1J0P/A3nRfW//8azItZk1F+AIONmqzVNljC5wP62
 fvsPfjvaro+nt7FuXTIv+uC5lK6GuKNZmHHJJO1U40CiT125xYfhTbPC1XCnhVFH
 F66m0fOMExJ7t0UWIwoFqJJgZbMffIgB0zfhwCna9EZzxDVew3YWUoi9jw3C8LyE
 JyD6FDTr/BmZ1Sp9dpJf/PNvEcB3evfB3DOxtYKt7vm6KQ6azTaDOaWsnssp/8i6
 QLo1Sgnr7uyXAvq7ce53uLM8hkgU6hdXzv5F0JYxX54aVCDaH1pX8qY9FT2sw0tM
 tSFgQTtnOVIMKXQQHnWM10bTslDKiopXIFn6EojR+jnB5lL6oWLbaPf/f/s4Xkwp
 n3cG77v8Quxe5Vznk041B615P8rY4xjg0C5qmCiHmD3bTjX3nYrubT0aAcYjzcL7
 XPu1m4M6j8pVb+Ad+ue/d48+PJ420o7Qj6tBAOMOyUUqYlsSah4AebIrQ+UTluAD
 m3YZoh10QUL7Hifsws3rOPjSpt/6JVBxLUFSigvkcBp/JZBZrhZSPX8AAeU3SJlq
 VZak9B+J8RQ//5znROrv8aAJCpXsixMP+L/3PEMlSvoP38WR2bswI4n+x8OTFWWp
 EVndONt/XFS/YWJ0gxYtlRbPeOEokd7oMe6ANwkRyykxBA4B5u9qYDZODzV62Q7p
 GkGsb1EJ
 =msVB
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEIz+ZTe/bbr1Q+/5RJKPoRjruXlYFAmNRDoIACgkQJKPoRjru
 Xlbj3Q//ReMwzMD9uog249scAVKVMEZv7RfH1Ra3ibKh5lGCJUFasPsEtKYKTHBK
 bUwCx/ITsyZtcyQj/P+HVhuTCGwGnznHVcEK9Gsa4RogwOesKlfNhF+tSyx0oU45
 cDXqMZ9oqxp5Gp6vtPD9f4rJ7V7uW5ajM/qHci2A2+fMWREgciWCTqEuoSsr2Rlg
 tMgzfStBGyXg7+NuPsmPtD9qzBUv7OUdb1EO78xVX+Zlg1xAxo0Glew+Aw0C1GUj
 s9k3CgyDxGjMoZauhEvMZh22Pc6eOny2Ncdbg7e/uQP+MT09nxrYHxminMd+usIv
 j0kOEoZIOk4P9vGzQDh/f/16Gro2jsu9UjJp/JPiue/3m0YUD7WeXCdeR74JMxh+
 Kq+7Lusg1X2c8lEJKXezcm+exFezpD+lag8OQjtjcuhlcqgRVGJvxlShXkIEhQqI
 JwW1p7BThdhJvC7oKYj9ru5JiRo+C2IHF8yL/7z9qYBCCnVEHcpKfqfMdkFd6nyv
 8KYbofUyz2B5axCvj1gX0NIakg87lfsvllXP2gndMuicPHQWezBBJaZ0nf9v4PYs
 bprgobkNEQxZg/ztz4oZepyz3Ab9i1HPC257lctcRJNN+ddEawRqTnOs5GNxZdjM
 ZfUwwHYInxqhuaPqwPD59++MTrlg2pg6WOGf4dMnrAoB8rv/Ip0=
 =+jC+
 -----END PGP SIGNATURE-----

Merge tag 'v9_19_6'

BIND 9.19.6
 2022-10-20 11:01:27 +02:00
Michał Kępień
73686d18bf Prepare release notes for BIND 9.19.6 2022-10-07 12:55:17 +02:00
Michal Nowak
f5d9fa6ea4
Drop flake8 ignore lists 
flake8 is not used in BIND 9 CI and inline ignore lists are not needed
anymore.
 2022-10-05 17:56:24 +02:00
Petr Špaček
137e0f4e0e
Remove manually defined anchors pointing to statement definitions 
This is hopefully end of duplication. This batch did not cause clashes
in Sphinx but it was pointless nonetheless as we have auto-generated
anchors for all statements.
 2022-10-05 11:36:22 +02:00
Tom Krizek
ea2d213f34
Remove trailing whitespaces 2022-10-05 11:36:22 +02:00
Petr Špaček
9a7c2b370e
Deduplicate link anchors in the ARM 
Some statement names like "allow-query" had manually defined link anchor
_allow-query and also implicit anchor created by
.. namedconf:statement:: syntax. This causes warnings if a ambiguous
reference is made using :any:`allow-query` syntax.

Remove (hopefully all) manually defined anchors which pointed to
identical place as the implicit anchor. This allows :any: to work.

In rare cases where manual anchor points to descriptive text separated
from statement definition the reference was disamguated by replacing
:any:`notify` with :ref:`notify` (for manual anchor)
vs. :namedconf:ref:`notify` (for statement definition).

Please note that `options` statement is a trap: It is ambiguous even
without manual anchor because rndc.conf has its own `options`. Use
:namedconf:ref:`options` vs. :rndcconf:ref:`options` to select
appropriate target.
 2022-10-05 11:36:19 +02:00
Ondřej Surý
0086ebf3fc
Bump the libuv requirement to libuv >= 1.34.0 
By bumping the minimum libuv version to 1.34.0, it allows us to remove
all libuv shims we ever had and makes the code much cleaner.  The
up-to-date libuv is available in all distributions supported by BIND
9.19+ either natively or as a backport.
 2022-09-27 17:09:10 +02:00
Ondřej Surý
d5bead54c0
Drop Ubuntu 18.04 bionic from the CI 
The Ubuntu 18.04 bionic will go EOL in April 2023 before the next stable
BIND 9 release, so we can drop this for the next stable BIND 9 release.
 2022-09-27 17:09:10 +02:00
Ondřej Surý
7238c85c88
Drop Debian buster from the CI 
The Debian buster is official EOL and in the LTS mode, so we can drop
this for the next stable BIND 9 release.
 2022-09-27 17:09:10 +02:00
Matthijs Mekking
18d230a584 Add inline-signing to config examples 
Add 'inline-signing yes;' to configuration examples to have working
copy paste configurations.
 2022-09-27 17:06:30 +02:00
Matthijs Mekking
5d454a7158 Update inline-signing requirement to ARM 
This change was made in !6403, but the appropriate documentation
changes were not applied to the ARM.
 2022-09-27 17:06:30 +02:00
Michal Nowak
a313c49a3b Add Fedora 36 2022-09-27 09:37:09 +02:00
Petr Menšík
bc6c6b1184
Compatibility for building ARM on older sphinx 
Make documentation building successful even on RHEL9 sphinx 3.4.3. It
does not like case-insensitive matching of terms, so provide lowercase
text description with Uppercase word reference.
 2022-09-26 17:09:51 +02:00
Michał Kępień
2ee16067c5 BIND 9.19.5 
-----BEGIN PGP SIGNATURE-----
 
 iQJDBAABCgAtFiEENKwGS3ftSQfs1TU17QVz/8hFYQUFAmMZ2WwPHG1pY2hhbEBp
 c2Mub3JnAAoJEO0Fc//IRWEFZz0P/3B8tQXCztMneNsAzvQ11hASuQH3RVvd1p9z
 H6yPfbBuqyBM7FOJWozLQSI0JvxwBPXW+G+AmEhafSB4plgJBfNb12TsN7ZpECbF
 E6ckVQTiLwiYWt/2neu2OYg0aOnl5mhO5J4ESkSgqXGXcDihQ922xLJFQdAAgeAj
 T6TzrF1rv0fVNNlAcE1hrsZsGChTdPAguo/jVPXJjOO8hcEFGEqCWGhCX+wuyY6t
 WRXYcnh37/rlLIY29R3sVKttPIrD7DN6doGuz0/BP0PuuXCFnWBz/t61Et8Q/nxO
 hTS4RoKs/14IXRH7UBspo1dnG7khGYu2z44mCRwx15+fjpJ+zAL/Ym9xa0ElLOWg
 +Asd8w1N275xUQdrcTxpM7z/2z7SP/+bxtLJjIPW+9Z2a8rk8ifLu1yjtWASwOUO
 vLIK0WU3T7FPhpdP+0VgeSYAlJgLEoIgwIWCB+u+I4dR9DJJ7TtjPHDcfrJKXaJ6
 eTTFIZ97xIFEpH53mT+QRG52PFP39fiLa0i7ylM+C0UbMklG++UgtkHz2CkkzV4H
 hqVcQ0Usk8XICkZ0PHAQklaDnDhXBD48x0J7wJOQSy+KS1foAyMFSPXv0ZelwiRM
 Q0StU+t+wXTAK3QID0tBqU4CyFD8fKO3cFwUnv5zqmrRc4ITu3etObT17MDPQKJj
 KLSl1VyB
 =6VJu
 -----END PGP SIGNATURE-----

Merge tag 'v9_19_5'

BIND 9.19.5
 2022-09-21 13:04:58 +02:00
Ondřej Surý
6869c98d36
Provide stronger wording about the security of statistics channel 
Add more text about the importance of properly securing the statistics
channel and what is and what is not considered a security vulnerability.
 2022-09-15 10:29:38 +02:00
Evan Hunt
9730f21f83 flag "random-device" as ancient 
the "random-device" option was made non-functional in 9.13. this commit
removes it from the configuration parser; setting it is now an error.
 2022-09-14 09:36:58 -07:00
Mark Andrews
7751e5e039 Add server clause require-cookie 
Specifies if an UDP response requires a DNS COOKIE or not.
Fallback to TCP if not present and not TSIG signed.
 2022-09-13 12:07:13 +10:00
Michał Kępień
849563797e Prepare release notes for BIND 9.19.5 2022-09-08 12:45:56 +02:00
Aram Sargsyan
89c2032421 Document RRL processing for wildcard names 
All valid wildcard domain names are interpreted as the zone's origin
name concatenated to the "*" name.
 2022-09-08 09:15:30 +02:00
Aram Sargsyan
7eda1aba76 Document RPZ Extended DNS Error (EDE) code configuration option 
Add information about the 'ede' option for response policy zones.
 2022-08-31 08:56:03 +00:00
Aram Sargsyan
0fbd07ac22 Update RPZ documentation 
The RPZ documentation section with response policy rules and actions
is incomplete.

Add information about the 'RPZ-CLIENT-IP' rule, and 'TCP-Only' and
'DROP' actions.
 2022-08-29 14:04:03 +00:00
Michal Nowak
cfee4ce4f6 Add FreeBSD 13.1 2022-08-18 17:11:14 +02:00
Michal Nowak
ffcee7c5b7 Merge tag 'v9_19_4' 
BIND 9.19.4
 2022-08-18 11:29:56 +02:00
Michal Nowak
593bed4ed0 Add OpenBSD 7.1 2022-08-16 16:30:00 +02:00
Michal Nowak
3c9fcc8327 Add Oracle Linux 9 2022-08-09 16:22:18 +02:00
Michał Kępień
4b0ac154a0 Prepare release notes for BIND 9.19.4 2022-08-04 23:13:22 +02:00
Petr Špaček
9b3710987b Add last missing tags, finishing touches 2022-07-29 18:56:04 +02:00
Suzanne Goldlust
f9a5f389ed Add descriptions of each tag 2022-07-29 18:56:04 +02:00
Suzanne Goldlust
20d01ca2e3 Text edits to Statements and Statements by Tag sections 2022-07-29 18:56:04 +02:00
Suzanne Goldlust
e14201a2f6 Reorder Statements and Statements by Tag sections 2022-07-29 18:56:04 +02:00
Suzanne Goldlust
fc272863c6 Rephrase parental-agents description 2022-07-29 18:56:04 +02:00
Suzanne Goldlust
7dcdeba117 Add short description for plugin statement 2022-07-29 18:56:04 +02:00
Suzanne Goldlust
75ab5f81a4 Add tag and short description for dyndb statement 2022-07-29 18:56:04 +02:00
Suzanne Goldlust
a8294e7af4 Add tags and short descriptions for dlz and search statements 2022-07-29 18:56:04 +02:00
Suzanne Goldlust
017008c407 Add tag and short description for catalog-zones statement 2022-07-29 18:56:04 +02:00
Suzanne Goldlust
a470a6545f Add short descriptions and some tags to statements through line 1766 2022-07-29 18:56:00 +02:00