upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-26 11:32:01 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
26645 commits 18 branches 854 tags 440 MiB
Commit graph

5556 commits

Author SHA1 Message Date
Evan Hunt
d2650297ca [master] tag mismatch 2017-03-10 17:34:01 -08:00
Mark Andrews
786402ec12 fix tag mismatch 2017-03-10 13:05:59 +11:00
Tinderbox User
d2f2db283b update copyright notice / whitespace 2017-03-09 23:46:23 +00:00
Evan Hunt
612b2e2c0d [master] timestamp suffixes for log files 
4579.	[func]		Logging channels and dnstap output files can now
			be configured with a "suffix" option, set to
			either "increment" or "timestamp", indicating
			whether to use incrementing numbers or timestamps
			as the file suffix when rolling over a log file.
			[RT #42838]
 2017-03-08 23:20:40 -08:00
Evan Hunt
aa00b31b17 [master] fix ARM merge error 2017-03-08 22:51:26 -08:00
Tinderbox User
02716f97c1 regen master 2017-03-02 01:05:06 +00:00
Tinderbox User
a06081491c regen master 2017-02-24 01:04:54 +00:00
Evan Hunt
a1365a0042 [master] remove unnecessary INSIST 
4578.	[security]	Some chaining (CNAME or DNAME) responses to upstream
			queries could trigger assertion failures.
			(CVE-2017-3137) [RT #44734]
 2017-02-23 14:34:33 -08:00
Tinderbox User
c4dbad7b36 regen master 2017-02-21 01:04:58 +00:00
Witold Krecicki
fa9b4de716 4576. [func] The RPZ implementation has been substantially refactored for improved performance and reliability. [RT #43449] 2017-02-20 11:57:28 +01:00
Tinderbox User
a32fa1246e regen master 2017-02-16 01:05:00 +00:00
Mark Andrews
009c98a1be add CVE-2017-3136 note 
(cherry picked from commit d77eadc261)
 2017-02-15 12:45:38 +11:00
Tinderbox User
a95dc83de5 regen master 2017-02-09 01:04:58 +00:00
wpk
96912e44b0 4573. [func] Query logic has been substantially refactored (e.g. query_find function has been split into smaller functions) for improved readability, maintainability 2017-02-08 22:15:01 +01:00
Evan Hunt
7fcd72f574 [master] mismatched tag 2017-02-07 18:28:40 -08:00
Evan Hunt
ef0ddc8ba3 [master] doc style 2017-02-07 08:18:15 -08:00
Mark Andrews
009aabd2e5 fix tag mismatch 2017-02-07 12:11:45 +11:00
Evan Hunt
c4e4bd6a09 [master] dnstap size and versions options 
4572.	[func]		The "dnstap-output" option can now take "size" and
			"versions" parameters to indicate the maximum size
			a dnstap log file can grow before rolling to a new
			file, and how many old files to retain. [RT #44502]
 2017-02-06 16:34:58 -08:00
Evan Hunt
5b4d6d2ff8 [master] removed extra note about bind.keys update 2017-02-06 14:19:53 -08:00
Tinderbox User
513cec7786 regen master 2017-02-05 01:04:55 +00:00
Evan Hunt
650b5e7592 [master] store local and remote addresses in dnstap 
4569.	[func]		Store both local and remote addresses in dnstap
			logging, and modify dnstap-read output format to
			print them. [RT #43595]
 2017-02-03 17:05:58 -08:00
Tinderbox User
04241eba68 regen master 2017-02-03 01:04:52 +00:00
Tinderbox User
194f07c628 update copyright notice / whitespace 2017-02-02 23:45:47 +00:00
Evan Hunt
aace5d0fb3 [master] include ECS in query logging 
4566.	[func]		Query logging now includes the ECS option if one
			was included in the query. [RT #44476]
 2017-02-02 11:54:28 -08:00
Mark Andrews
294d73d990 new root KSK 2017-02-02 18:26:52 +11:00
Mark Andrews
2f5444972a perform more testing on rndc <op> -redirect 2017-02-02 17:25:54 +11:00
Tinderbox User
59297922ce regen master 2017-02-02 01:04:40 +00:00
Evan Hunt
caf7f57771 [master] clarify client logging doc 2017-02-01 14:51:02 -08:00
Tinderbox User
1f691c3d22 regen master 2017-01-31 01:05:39 +00:00
Evan Hunt
cd668ea57f [master] change 4558 was incomplete 2017-01-30 14:10:30 -08:00
Tinderbox User
ff52f52a31 regen master 2017-01-25 01:04:56 +00:00
Evan Hunt
afa0ff0cbb [master] expand relnote 2017-01-23 20:04:04 -08:00
Tinderbox User
431ed6eede regen master 2017-01-24 01:04:59 +00:00
Mark Andrews
b1b5229a47 4556. [security] Combining dns64 and rpz can result in dereferencing 
a NULL pointer (read).  (CVE-2017-3135) [RT#44434]

(cherry picked from commit 5abe80ef13)
 2017-01-24 09:55:51 +11:00
Tinderbox User
4502e3c5dd regen master 2017-01-21 01:04:48 +00:00
Tinderbox User
96f5064e3c update copyright notice / whitespace 2017-01-20 23:45:34 +00:00
Evan Hunt
25a9b90369 [master] symbolic option names for dig +ednsopt 
4555.	[func]		dig +ednsopt: EDNS options can now be specified by
			name in addition to numeric value. [RT #44461]
 2017-01-19 23:46:37 -08:00
Tinderbox User
89e63ad516 regen master 2017-01-13 01:04:59 +00:00
Mark Andrews
d2e1b47d4f 4553. [bug] Named could deadlock there were multiple changes to 
NSEC/NSEC3 parameters for a zone being processed at
                        the same time. [RT #42770]
 2017-01-12 14:25:45 +11:00
Mark Andrews
42924b40af 4552. [bug] Named could trigger a assertion when sending notify 
messages. [RT #44019]
 2017-01-12 14:17:43 +11:00
Tinderbox User
86b7ae6b77 regen master 2017-01-10 01:04:52 +00:00
Tinderbox User
2067cfdb46 regen master 2017-01-06 01:05:20 +00:00
Tinderbox User
37ae137942 regen master 2017-01-05 01:05:07 +00:00
Evan Hunt
5804332588 [master] EDNS padding and keepalive support 
4549.	[func]		Added support for the EDNS TCP Keepalive option
			(RFC 7828). [RT #42126]

4548.	[func]		Added support for the EDNS Padding option (RFC 7830).
			[RT #42094]
 2017-01-04 09:16:30 -08:00
Tinderbox User
fdc6f64030 regen master 2016-12-29 04:58:08 +00:00
Evan Hunt
8f2b2012a4 [master] release notes 2016-12-28 20:19:47 -08:00
Tinderbox User
6ce6801f3f regen master 2016-12-29 01:05:39 +00:00
Mark Andrews
2c1c4b99a1 4508. [security] Named incorrectly tried to cache TKEY records which 
could trigger a assertion failure when there was
                            a class mismatch. (CVE-2016-9131) [RT #43522]
 2016-12-29 11:07:40 +11:00
Evan Hunt
eff07b51df [master] release notes 2016-12-28 12:05:08 -08:00
Evan Hunt
cc1a796b78 [master] release note 2016-12-28 11:07:27 -08:00
Tinderbox User
190ea9e6b8 regen master 2016-12-28 01:05:39 +00:00
Mark Andrews
5093e8d482 4542. [func] Allow rndc to manipulate redirect zones with using 
-redirect as the zone name (use "-redirect." to
                        manipulate a zone named "-redirect"). [RT #43971]
 2016-12-28 11:36:31 +11:00
Tinderbox User
dd0e617038 regen master 2016-12-27 01:05:51 +00:00
Evan Hunt
c5b8b74113 [master] clarify auth ECS is not meant for production use 2016-12-26 16:52:30 -08:00
Tinderbox User
16fde7f0b3 regen master 2016-12-07 01:05:34 +00:00
Mark Andrews
1b8ce3b330 4527. [doc] Support DocBook XSL Stylesheets v1.79.1. [RT #43831] 2016-12-07 10:49:55 +11:00
Tinderbox User
807bf70d07 regenerate 2016-12-05 19:19:01 +00:00
Tinderbox User
b06a5726eb regen master 2016-12-05 18:24:42 +00:00
Evan Hunt
ca58c1ea25 [master] fixed ARM grammars 
4526.	[doc]		Corrected errors and improved formatting of
			grammar defintiions in the ARM. [RT #43739]
 2016-12-05 00:43:10 -08:00
Evan Hunt
e1ba21bd58 [master] fix managed-keys doc 
4525.	[doc]		Fixed outdated documentation on managed-keys.
			[RT #43810]
 2016-12-04 20:22:20 -08:00
Mukund Sivaraman
5c843b384d Add doc function for cfg_type_querysource4 and cfg_type_querysource6 (#43768) 2016-12-02 11:16:08 +05:30
Tinderbox User
09c44ec7f1 regen master 2016-11-30 01:06:25 +00:00
Tinderbox User
c8b6065dde regen master 2016-11-25 21:01:07 +00:00
Mark Andrews
e527dcdb00 automate insertion of copyright year list into Bv9ARM-book.xml 2016-11-26 07:49:23 +11:00
Tinderbox User
ee2c593635 regen master 2016-11-24 01:05:57 +00:00
Evan Hunt
62c85a4a52 [master] allow different time formats: local, iso8601, iso8601-utc 
4518.	[func]		The "print-time" option in the logging configuration
			can now take arguments "local", "iso8601" or
			"iso8601-utc" to indicate the format in which the
			date and time should be logged. For backward
			compatibility, "yes" is a synonym for "local".
			[RT #42585]
 2016-11-22 23:34:47 -08:00
Evan Hunt
f26fab1103 [master] clean up relnotes 2016-11-22 23:32:37 -08:00
Mark Andrews
cbd3082c62 add rfc7477 and rfc8020 2016-11-16 19:12:09 +11:00
Tinderbox User
8d8839b3a0 regen master 2016-11-03 01:06:32 +00:00
Mark Andrews
5f8412a4cb 4504. [security] Allow the maximum number of records in a zone to 
be specified.  This provides a control for issues
                        raised in CVE-2016-6170. [RT #42143]
 2016-11-02 17:31:27 +11:00
Tinderbox User
05caf20a11 regen master 2016-11-02 01:07:10 +00:00
Mark Andrews
89286906dc 4502. [func] Report multiple and experimental options when printing 
grammar. [RT #43134]
 2016-11-02 10:04:57 +11:00
Tinderbox User
c970f162b6 regen master 2016-10-29 01:06:53 +00:00
Tinderbox User
0b15ee0705 regen master 2016-10-16 01:06:28 +00:00
Tinderbox User
5e32012dcf regen master 2016-10-10 01:04:44 +00:00
Tinderbox User
f925373f21 regen master 2016-10-06 01:05:06 +00:00
Tinderbox User
ddb166caff regen master 2016-10-04 22:13:44 +00:00
Mark Andrews
413e9b90de sync with 9.11.0 2016-09-30 14:48:13 +10:00
Tinderbox User
f1814f50c9 regen master 2016-09-29 01:05:10 +00:00
Tinderbox User
03bb19ed38 regen master 2016-09-26 13:42:17 +00:00
Tinderbox User
6caf463209 regen master 2016-09-23 01:05:40 +00:00
Evan Hunt
c4b7db4932 [master] render querylog format consistent, and add a release note 
4471.	[cleanup]	Render client/query logging format consistent for
			ease of log file parsing. (Note that this affects
			"querylog" format: there is now an additional field
			indicating the client object address.) [RT #43238]
 2016-09-22 14:48:56 -07:00
Mark Andrews
4f713200f8 sync with 9.11.0rc2 2016-09-20 20:54:27 +10:00
Tinderbox User
18c84f3b0b regen master 2016-09-14 01:04:44 +00:00
Tinderbox User
91ff2c5a4b regen master 2016-09-09 02:18:18 +00:00
Mark Andrews
9ffbc3f9b3 reorder 2016-09-09 11:54:19 +10:00
Mark Andrews
d4c8a622c0 add CVE-2016-2776 2016-09-09 11:50:24 +10:00
Tinderbox User
1a49346184 regen master 2016-09-02 01:04:40 +00:00
Mark Andrews
fe09d4b609 s/secret_string/algorithm_id/ for cookie-algorithm 2016-09-01 12:04:47 +10:00
Tinderbox User
9465a47983 regen master 2016-09-01 01:04:48 +00:00
Evan Hunt
b46760b373 [master] correct default value of tcp-clients 2016-08-30 23:02:27 -07:00
Mark Andrews
63fe88e8d8 4456. [doc] Add DOCTYPE and lang attribute to <html> tags. 
[RT #42587]
 2016-08-26 15:14:04 +10:00
Tinderbox User
65c09d514e regen master 2016-08-26 01:04:37 +00:00
Jeremy C. Reed
25a13a0861 fix the 8K number 
from the upstream source:
/** Default `buffer_hint` value. */
 2016-08-25 13:55:17 -04:00
Evan Hunt
bfb479d5e3 [master] fix dnssec-policy.conf in notes 2016-08-25 08:19:01 -07:00
Tinderbox User
5883460271 regen master 2016-08-25 01:04:54 +00:00
Evan Hunt
864dc79dce [master] add missing release notes and fix other doc nits 2016-08-24 16:25:20 -07:00
Evan Hunt
1e50c0d857 [master] add dnssec-keygen and nslookup man page links to ARM 2016-08-24 20:39:03 +00:00
Tinderbox User
a1458d47a5 regen master 2016-08-19 01:52:16 +00:00
Evan Hunt
dd666442d3 [master] document power of 2 requirement for fstrm-set-input-queue-size 2016-08-18 18:10:32 -07:00
Evan Hunt
b715ad3cdb [master] missed renaming SIT to COOKIE 2016-08-18 18:08:35 -07:00
Tinderbox User
b297f5cdd5 regen master 2016-08-19 01:04:52 +00:00
Mark Andrews
934837913f 4447. [tuning] Allow the fstrm_iothr_init() options to be set using 
named.conf to control how dnstap manages the data
                        flow. [RT #42974]
 2016-08-18 11:16:06 +10:00
Francis Dupont
f4288bafe9 Updated WIN32 part of TCP_FASTOPEN doc 2016-08-15 19:43:20 +02:00
Mark Andrews
a977bc4c8e 4440. [func] Enable TCP fast open support when available on the 
server side. [RT #42866]
 2016-08-12 15:31:33 +10:00
Tinderbox User
a7115b8b4d regen master 2016-08-12 01:04:57 +00:00
Mark Andrews
78e31dd187 4437. [func] Minimal-responses now has two additional modes 
no-auth and no-auth-recursive which suppress
                        adding the NS records to the authority section
                        as well as the associated address records for the
                        nameservers. [RT #42005]
 2016-08-12 10:48:51 +10:00
Mark Andrews
969e4ba50c sync with 9.11.0.b3 2016-07-30 07:14:31 +10:00
Tinderbox User
49834f2f8d regen master 2016-07-27 01:07:09 +00:00
Mark Andrews
915544f389 add mdig, named-nzd2nzf, pkcs11-destroy, pkcs11-list, pkcs11-keygen and pkcs11-tokens manpages 2016-07-27 05:00:20 +10:00
Tinderbox User
e31a24d05b regen master 2016-07-23 01:08:43 +00:00
Mark Andrews
f20179857a 4424. [experimental] Named now sends _ta-XXXX.<trust-anchor>/NULL queries 
to provide feedback to the trust-anchor administrators
                        about how key rollovers are progressing as per
                        draft-ietf-dnsop-edns-key-tag-02.  This can be
                        disabled using 'trust-anchor-telemetry no;'.
                        [RT #40583]
 2016-07-22 20:02:17 +10:00
Tinderbox User
806ed3a2f1 regen master 2016-07-22 01:05:36 +00:00
Tinderbox User
2bc4d454e1 update copyright notice / whitespace 2016-07-21 23:46:03 +00:00
Evan Hunt
02991b6884 [master] add release note 2016-07-21 13:36:28 -07:00
Evan Hunt
eca74c52c1 [master] store "addzone" zone config in a NZD database 
4421.	[func]		When built with LMDB (Lightning Memory-mapped
			Database), named will now use a database to store
			the configuration for zones added by "rndc addzone"
			instead of using a flat NZF file. This improves
			performance of "rndc delzone" and "rndc modzone"
			significantly. Existing NZF files will
			automatically by converted to NZD databases.
			To view the contents of an NZD or to roll back to
			NZF format, use "named-nzd2nzf". To disable
                        this feature, use "configure --without-lmdb".
                        [RT #39837]
 2016-07-21 11:13:37 -07:00
Mark Andrews
ed1a24cc86 update example copyright notice 2016-07-21 19:09:16 +10:00
Mark Andrews
ba99d845a2 update example copyright notice 2016-07-21 19:05:03 +10:00
Tinderbox User
6807a2dc3c regen master 2016-07-21 07:11:01 +00:00
Mark Andrews
813e9f7ee2 copyright 2016-07-21 17:00:44 +10:00
Evan Hunt
da8ac39a23 [master] remove SIT doc 2016-07-20 21:36:08 -07:00
Mark Andrews
203b6934f4 sync w/ 9.11.0b2 2016-07-14 15:13:57 +10:00
Tinderbox User
bc8c067281 regen master 2016-07-14 01:06:14 +00:00
Mark Andrews
8f7881684b grammar 2016-07-14 09:42:31 +10:00
Evan Hunt
ffa622d7a3 [master] rndc dnstap -roll 
4411.	[func]		"rndc dnstap -roll" automatically rolls the
			dnstap output file; the previous version is
			saved with ".0" suffix, and earlier versions
			with ".1" and so on. An optional numeric argument
			indicates how many prior files to save. [RT #42830]
 2016-07-13 01:12:47 -07:00
Tinderbox User
b7b2e64450 regen master 2016-07-13 04:45:35 +00:00
Mark Andrews
e55168b7bf add [RT #42694] 2016-07-13 11:37:18 +10:00
Mark Andrews
268f9e6832 issue -> flaw 2016-07-13 11:23:12 +10:00
Tinderbox User
98ef4d0786 regen master 2016-07-12 01:05:41 +00:00
Mark Andrews
909d442cc0 add CVE-2016-2775 2016-07-12 01:09:13 +10:00
Mark Andrews
557c7221fd 4409. [bug] DNS64 should exlude mapped addresses by default when 
a exclude acl is not defined. [RT #42810]
 2016-07-11 14:11:34 +10:00
Tinderbox User
df52e5c7d5 regen master 2016-07-08 01:05:32 +00:00
Mark Andrews
429701008e add note for rt42694 2016-07-07 13:47:25 +10:00
Tinderbox User
b3d352f01d regen master 2016-07-07 01:05:27 +00:00
Mark Andrews
4d0b0596d9 license section is no longer a list 
(cherry picked from commit d2647cd5fd)
 2016-07-06 13:02:11 +10:00
Mark Andrews
a367a6eb9b spelling 2016-07-06 12:56:20 +10:00
Tinderbox User
6aba65d9f0 regen master 2016-07-06 01:05:19 +00:00
Tinderbox User
63f4908b14 regen master 2016-07-05 01:05:04 +00:00
Tinderbox User
3257ef2d96 regen master 2016-07-03 01:05:19 +00:00
Evan Hunt
c2d0738d5c [master] notes formatting, fix a CHANGES tag 2016-07-02 14:06:17 -07:00
Tinderbox User
e95f0bb5c0 regen master 2016-06-28 01:04:44 +00:00
Witold Krecicki
aea7ab20c0 Fix a typo and missing link in notes.xml 2016-06-27 20:11:21 +02:00
Curtis Blackburn
809239a853 cleanup of notes.xml 
added better text to describe the license change

    added information about the following changes to notes.xml

    +4396. [func] dnssec-keymgr now takes a '-r randomfile' option.
    + [RT #42455]
    +4392. [func] Collect statistics for RSSAC02v3 traffic-volume,
    + traffic-sizes and rcode-volume reporting. [RT #41475]
    +4388. [func] Support for master entries with TSIG keys in catalog
    + zones. [RT #42577]
    +4385. [func] Add support for allow-query and allow-transfer ACLs
    + to catalog zones. [RT #42578]
 2016-06-27 09:55:15 -07:00
Mark Andrews
0c27b3fe77 4401. [misc] Change LICENSE to MPL 2.0. 2016-06-27 14:56:38 +10:00
Tinderbox User
76cf91b5df regen master 2016-06-24 01:05:13 +00:00
Mark Andrews
7d262a3647 4394. [func] Add rndc command "dnstap-reopen" to close and 
reopen dnstap output filed. [RT #41803]
 2016-06-24 09:37:04 +10:00
Tinderbox User
5dde14e170 regen master 2016-06-23 01:05:13 +00:00
Witold Krecicki
322efcb27d 4400. [doc] Description of masters with TSIG, allow-query and 
allow-transfer options in catalog zones. [RT #42692]
 2016-06-22 12:47:37 +02:00
Tinderbox User
63fc155616 regen master 2016-06-22 01:05:11 +00:00
Mark Andrews
13dcf86725 request-ixfr is a slave option rather than a master option 2016-06-22 08:12:17 +10:00
Tinderbox User
7e4b5437f1 regen master 2016-06-14 01:05:13 +00:00
Francis Dupont
e9d097511e AEP keyper PKCS#11 provider is available in 64 bits 2016-06-13 15:43:57 +02:00
Mukund Sivaraman
f163503bce Use absolute names in catalog zone examples 2016-06-13 16:09:34 +05:30
Tinderbox User
e76f113739 regen master 2016-06-02 01:05:09 +00:00
Tinderbox User
408e9e235a regen master 2016-06-01 01:04:18 +00:00
Tinderbox User
77393407fd regenerate 2016-05-31 22:49:06 +00:00
Tinderbox User
1e126d80e1 regen master 2016-05-31 22:47:07 +00:00
Evan Hunt
3d0b7d5cc3 [master] zone-directory option for catalog zones 
4380.	[experimental]	Added a "zone-directory" option to "catalog-zones"
			syntax, allowing local masterfiles for slaves
			that are provisioned by catalog zones to be stored
			in a directory other than the server's working
			directory. [RT #42527]
 2016-05-31 10:36:27 -07:00
Mark Andrews
44fa277367 7873:Domain Name System (DNS) Cookies 2016-05-30 13:38:46 +10:00
Tinderbox User
f1f5f896c1 regen master 2016-05-28 01:05:40 +00:00
Jeremy C. Reed
ecf8e705e6 fix a few typos in doc 2016-05-27 15:22:54 -04:00
Tinderbox User
7898bf1fbc regenerate 2016-05-27 15:45:47 +00:00
Tinderbox User
260e8e04b0 regen master 2016-05-27 01:05:21 +00:00
Evan Hunt
6c2a76b3e2 [master] copyrights, win32 definitions 2016-05-26 12:36:17 -07:00
Witold Krecicki
7a00d69909 4376. [experimental] Added support for Catalog Zones, a new method for 
provisioning secondary servers in which a list of
                        zones to be served is stored in a DNS zone and can
                        be propagated to slaves via AXFR/IXFR. [RT #41581]

4375.   [func]          Add support for automatic reallocation of isc_buffer
                        to isc_buffer_put* functions. [RT #42394]
 2016-05-26 21:23:19 +02:00
Evan Hunt
5c5dcf34c3 [master] spelling 2016-05-25 18:44:59 -07:00
Evan Hunt
8e4d28d018 [master] extend release notes 2016-05-25 18:40:47 -07:00
Evan Hunt
9211688e88 [master] fix tag mismatch 2016-05-25 18:32:38 -07:00
Evan Hunt
0cbe448914 [master] minimal-any 
4371.	[func]		New "minimal-any" option reduces the size of UDP
			responses for qtype ANY by returning a single
			arbitrarily selected RRset instead of all RRsets.
			Thanks to Tony Finch. [RT #41615]
 2016-05-25 13:54:34 -07:00
Tinderbox User
3ba1f79ade regen master 2016-05-24 01:04:01 +00:00
Mark Andrews
47d19078de note RNDC module 2016-05-24 10:47:58 +10:00
Tinderbox User
22e21a4213 regen master 2016-05-17 05:39:19 +00:00
Tinderbox User
221870ba7b regen master 2016-05-17 04:27:10 +00:00
Mark Andrews
259107718f update for 9.11.0a2 2016-05-17 14:08:30 +10:00
Tinderbox User
9b3ef7211c regen master 2016-05-17 04:03:51 +00:00
Mark Andrews
bf8d171a66 add RFC7793 2016-05-13 17:00:17 +10:00
Tinderbox User
05cf9e3285 update copyright notice / whitespace 2016-05-11 23:45:23 +00:00
Mark Andrews
bf4fe7ca1b 7830: The EDNS(0) Padding Option 2016-05-11 12:08:20 +10:00
Tinderbox User
56bd026e6c regen master 2016-05-10 01:05:28 +00:00
Mark Andrews
2fef945936 remove repeated like 2016-05-10 07:22:59 +10:00
Tinderbox User
f33abec8a6 regen master 2016-05-06 01:05:45 +00:00
Witold Krecicki
e846f127d6 4362. [func] Changed rndc reconfig behaviour so that newly added 
zones are loaded asynchronously and the loading does
			not block the server. [RT #41934]
 2016-05-05 21:41:12 +02:00
Evan Hunt
370c6e0ac1 [master] add nsip-wait-recurse release note 2016-05-05 09:33:28 -07:00
Mark Andrews
08e36aa5a5 4356. [func] Add the ability to specify whether to wait for 
nameserver addresses to be looked up or not to
                        rpz with a new modifying directive 'nsip-wait-recurse'.                         [RT #35009]
 2016-05-05 16:29:05 +10:00
Tinderbox User
006283c423 regen master 2016-05-05 01:05:35 +00:00
Evan Hunt
66074f152f [master] log message when using ISC DLV 
4352.	[cleanup]	The ISC DNSSEC Lookaside Validation (DLV) service
			is scheduled to be disabled in 2017.  A warning is
			now logged when named is configured to use it,
			either explicitly or via "dnssec-lookaside auto;"
			[RT #42207]
 2016-05-04 14:37:25 -07:00
Tinderbox User
3241ddcf93 regen master 2016-04-30 01:05:59 +00:00
Mark Andrews
1bebd86e9f fix tag mis-match 2016-04-29 11:10:21 +10:00
Evan Hunt
f6096b958c [master] dnssec-keymgr 
4349.   [contrib]       kasp2policy: A python script to create a DNSSEC
                        policy file from an OpenDNSSEC KASP XML file.

4348.	[func]		dnssec-keymgr: A new python-based DNSSEC key
			management utility, which reads a policy definition
			file and can create or update DNSSEC keys as needed
			to ensure that a zone's keys match policy, roll over
			correctly on schedule, etc.  Thanks to Sebastian
			Castro for assistance in development. [RT #39211]
 2016-04-28 00:16:01 -07:00
Tinderbox User
6b7cba2b10 regen master 2016-03-25 01:05:22 +00:00
Evan Hunt
4d3f9f216a [master] better relnote for read-only controls option 2016-03-24 16:52:17 -07:00
Evan Hunt
1831596a79 [master] fixes for release notes 2016-03-24 14:40:44 -07:00
Evan Hunt
936bfae6d5 [master] remove pre-9.11.0a1 security fixes from 9.11 release notes 2016-03-24 12:11:53 -07:00
Tinderbox User
e285c11870 regen master 2016-03-24 01:05:08 +00:00
Tinderbox User
6e3f736f73 regenerate 2016-03-23 06:50:54 +00:00
Tinderbox User
46472a450e regen master 2016-03-23 06:45:14 +00:00
Evan Hunt
bee8d5b202 [master] fix broken tag 2016-03-22 21:38:25 -07:00
Evan Hunt
4488842485 [master] prep 9.11.0a1 2016-03-22 20:00:47 -07:00
Tinderbox User
6a178481cf regen master 2016-03-17 01:05:26 +00:00
Jeremy C. Reed
6693c9a2f0 fix spelling 2016-03-16 15:41:18 -04:00
Tinderbox User
832fa787d4 regen master 2016-03-11 01:05:28 +00:00
Jeremy C. Reed
10b7784c59 minor grammar fix 2016-03-10 16:51:40 -05:00
Mark Andrews
98c5690bd9 note rrsig regeneration 2016-03-10 17:05:49 +11:00
Tinderbox User
54599d0e4f update copyright notice / whitespace 2016-03-09 00:56:17 +00:00
Tinderbox User
f9ce6280ce regen master 2016-03-09 00:39:40 +00:00
Mark Andrews
f2eed65224 use xmlint to process include 
(cherry picked from commit 71e9df17b671f7ef5742967b25a1ab36ec3dd91b)
 2016-03-09 11:35:13 +11:00
Tinderbox User
1fb011b1db regen master 2016-03-08 22:35:32 +00:00
Mark Andrews
3cf2fb29ac add automatic-interface-scan to ARM grammar 
(cherry picked from commit 90499817bf)
 2016-03-09 08:57:32 +11:00
Tinderbox User
7f9f0b9755 regen master 2016-03-06 01:04:34 +00:00
Mark Andrews
e011df2927 add AVC 2016-03-05 17:56:49 +11:00
Tinderbox User
820739d918 regen master 2016-03-05 01:13:25 +00:00
Mark Andrews
7a3a30e296 add AVC 2016-03-04 18:18:04 +11:00
Evan Hunt
44c86318ed [master] recursively clean empty interior nodes when deleting database records 
4324.	[bug]		When deleting records from a zone database, interior
			nodes could be left empty but not deleted, damaging
			search performance afterward. [RT #40997]
 2016-03-03 21:13:42 -08:00
Tinderbox User
df3d1c56e4 regen master 2016-02-27 01:04:26 +00:00
Mark Andrews
455c0848f8 4322. [security] Duplicate EDNS COOKIE options in a response could 
trigger an assertion failure. (CVE-2016-2088)
                        [RT #41809]
 2016-02-27 11:23:50 +11:00
Tinderbox User
ba38c6b4bc regen master 2016-02-23 01:04:33 +00:00
Mukund Sivaraman
5995fec51c Fix resolver assertion failure due to improper DNAME handling (CVE-2016-1286) (#41753) 2016-02-22 12:22:43 +05:30
Tinderbox User
1609eab3ca regen master 2016-02-19 01:04:16 +00:00
Mark Andrews
a2b15b3305 4318. [security] Malformed control messages can trigger assertions 
in named and rndc. (CVE-2016-1285) [RT #41666]
 2016-02-18 12:11:27 +11:00
Tinderbox User
ee2e5fec65 regen master 2016-02-11 01:04:20 +00:00
Tinderbox User
7e5658b04f regen master 2016-01-30 01:04:18 +00:00
Evan Hunt
b5c22260e5 [master] remove reporter's name per his request 2016-01-29 10:35:14 -08:00
Tinderbox User
6825f304c5 regen master 2016-01-29 01:04:18 +00:00
Tinderbox User
b7f3400f3b update copyright notice / whitespace 2016-01-28 23:45:29 +00:00
Evan Hunt
e073205a88 [master] openssl 1.0.2f patch 
4306.	[maint]		Added a PKCS#11 openssl patch supporting
			version 1.0.2f [RT #38312]
 2016-01-28 13:27:29 -08:00
Evan Hunt
e79e346bf2 [master] correct also-notify grammar 2016-01-27 19:07:31 -08:00
Tinderbox User
1bb7846d29 regen master 2016-01-23 01:04:14 +00:00
Evan Hunt
630b2d0c5a [master] NOSETFC incorrectly applied 
4300.	[bug]		A flag could be set in the wrong field when setting
			up nonrecursive queries; this could cause the
			SERVFAIL cache to cache responses it shouldn't.
			New querytrace logging has been added which
			identified this error. [RT #41155]
 2016-01-22 13:58:11 -08:00
Tinderbox User
6758b59e57 regen master 2016-01-13 01:04:19 +00:00
Evan Hunt
bb5d14d724 [master] millisecond granularity for statschannel timers 
4290.	[func]		The timers returned by the statistics channel
			(indicating current time, server boot time, and
			most recent reconfiguration time) are now reported
			with millisecond accuracy. [RT #40082]
 2016-01-07 15:34:58 -08:00
Tinderbox User
742cb92338 regen master 2016-01-06 01:04:26 +00:00
Evan Hunt
455b99ed92 [master] fix ticket number 2016-01-05 09:08:49 -08:00
Evan Hunt
c8b968f414 [master] fix use after free on xfr timeout 
4289.	[bug]		The server could crash due to memory being used
			after it was freed if a zone transfer timed out.
			[RT #41297]
 2016-01-04 22:05:23 -08:00
Tinderbox User
4206bb139c regen master 2016-01-05 01:04:24 +00:00
Evan Hunt
aadca3f7d0 [master] Merge branch 'master' of ssh://repo/proj/git/prod/bind9 2016-01-04 16:09:40 -08:00
Evan Hunt
41494939b6 [master] fixed bogus server regression 
4288.	[bug]		Fixed a regression in resolver.c:possibly_mark()
			which caused known-bogus servers to be queried
			anyway. [RT #41321]
 2016-01-04 15:47:16 -08:00
Tinderbox User
e1836d1fe4 update copyright notice / whitespace 2016-01-04 23:45:26 +00:00
Evan Hunt
43176d82c8 [master] clean up notes 2016-01-03 21:22:00 -08:00
Tinderbox User
58d970a2b4 regen master 2016-01-01 01:04:21 +00:00
Mark Andrews
292eb9c4e4 4286. [security] render_ecs errors were mishandled when printing out 
a OPT record resulting in a assertion failure.
                        (CVE-2015-8705) [RT #41397]

(cherry picked from commit 3e0c1603a8)
 2015-12-31 22:19:46 +11:00
Mark Andrews
9c52f43036 remove period 2015-12-31 14:35:06 +11:00
Mark Andrews
1b3d211802 4285. [security] Specific APL data could trigger a INSIST. 
(CVE-2015-8704) [RT #41396]
 2015-12-31 13:43:21 +11:00
Tinderbox User
428a763a70 regen master 2015-12-27 01:04:16 +00:00
Evan Hunt
fbed5f0f44 [master] fix geoip options 
4284.	[bug]		Some GeoIP options were incorrectly documented
			using abbreviated forms which were not accepted by
			named.  The code has been updated to allow both
			long and abbreviated forms. [RT #41381]
 2015-12-26 10:50:32 -08:00
Tinderbox User
0226754d9e regen master 2015-12-19 01:04:14 +00:00
Mark Andrews
8beb9bf514 add dig +mapped 2015-12-19 09:51:53 +11:00
Tinderbox User
a179cbdf65 regen master 2015-12-16 01:04:13 +00:00
Mukund Sivaraman
6960e7fd12 Update notes.xml for #40996 2015-12-15 18:06:13 +05:30
Mukund Sivaraman
ecc06cbc32 Use optimal message sizes to improve compression in AXFRs (#40996) 2015-12-15 13:24:14 +05:30
Tinderbox User
a35017e06e regen master 2015-12-08 01:04:12 +00:00
Mark Andrews
322e6b5be7 4276. [protocol] Add support for SMIMEA. [RT #40513] 2015-12-08 08:16:41 +11:00
Tinderbox User
2ba8603ca9 regen master 2015-12-04 01:04:14 +00:00
Evan Hunt
4071efbec0 [master] disallow map zones in response-policy 
4269.	[bug]		Zones using "map" format master files currently
			don't work as policy zones.  This limitation has
			now been documented; attempting to use such zones
			in "response-policy" statements is now a
			configuration error.  [RT #38321]
 2015-12-02 21:10:09 -08:00
Mark Andrews
7bde79b32a update description 2015-12-03 15:42:58 +11:00
Mark Andrews
ff2f98076c Add CVE-2015-8461 2015-12-03 15:31:28 +11:00
Tinderbox User
89c5c74c96 update copyright notice / whitespace 2015-11-24 23:45:23 +00:00
Evan Hunt
bdc60a0bde [master] update developer guide, expanding on comments and unit tests 2015-11-24 14:43:02 -08:00
Tinderbox User
909a8e59a4 regen master 2015-11-21 01:04:11 +00:00
Mark Andrews
cbc660172d spelling 2015-11-20 14:55:20 +11:00
Tinderbox User
dec590a3de regen master 2015-11-18 01:04:11 +00:00
Mark Andrews
b57276f89e note the address changes for H.ROOT-SERVERS.NET 2015-11-18 11:08:50 +11:00
Jeremy C. Reed
22b006e0df Merge branch 'master' of repo.isc.org:/proj/git/prod/bind9 2015-11-17 10:22:41 -05:00
Evan Hunt
63042d5b57 [master] typo 2015-11-16 18:21:17 -08:00
Tinderbox User
c42708dcc8 regen master 2015-11-17 01:04:47 +00:00
Jeremy C. Reed
414678df72 Merge branch 'master' of repo.isc.org:/proj/git/prod/bind9 2015-11-16 12:53:55 -05:00
Mark Andrews
c8821d124c 4260. [security] Insufficient testing when parsing a message allowed 
records with an incorrect class to be be accepted,
                        triggering a REQUIRE failure when those records
                        were subsequently cached. (CVE-2015-8000) [RT #4098]
 2015-11-16 13:12:20 +11:00
Tinderbox User
d7a61cfbe5 regen master 2015-11-12 01:04:13 +00:00
Mukund Sivaraman
8012e06abf Update notes.xml for #40498 2015-11-11 13:51:55 +05:30
Mukund Sivaraman
58f7af60e7 Allow non-destructive control channel access using a "read-only" clause (#40498) 2015-11-11 13:46:57 +05:30
Tinderbox User
d9613f4c73 regen master 2015-11-11 01:04:12 +00:00
Mark Andrews
1d83f85752 don't run {doc,man}clean for releaseinfo.xml and friend 2015-11-10 14:39:41 +11:00
Jeremy C. Reed
e08c32f45f add simpara to some note tags 
So generated "Note" header isn't on same line as content.

Also removed one place that said "Note" (so doesn't say
"Note Note").
 2015-11-09 22:10:01 -05:00
Jeremy C. Reed
cca02d061f Merge branch 'master' of repo.isc.org:/proj/git/prod/bind9 2015-11-09 22:07:27 -05:00
Tinderbox User
3865e18d3d update copyright notice / whitespace 2015-11-09 23:45:22 +00:00
Jeremy C. Reed
dde7a7d357 Merge branch 'master' of repo.isc.org:/proj/git/prod/bind9 2015-11-09 11:25:01 -05:00
Mukund Sivaraman
517b58429c Fix typo 2015-11-09 15:17:44 +05:30
Evan Hunt
e13d04fda9 [master] fix python script versions 
4257.	[cleanup]	Python scripts reported incorrect version. [RT #41080]
 2015-11-08 21:34:24 -08:00
Tinderbox User
58021df889 regen master 2015-11-07 01:04:14 +00:00
Evan Hunt
17834caa6c [master] clarify message-compression doc 
- mention TCP and RFC compliance issues
 2015-11-06 13:44:28 -08:00
Tinderbox User
e62b9c9ce6 regen master 2015-11-06 01:04:13 +00:00
Witold Krecicki
bfd4b9e11a 4255. [func] Add 'message-compression' option to disable DNS compression in responses. [RT #40726] 2015-11-05 12:19:04 +01:00
Mark Andrews
e939674d53 4252. [func] Add support for automating the generation CDS and 
CDNSKEY rrsets to named and dnssec-signzone.
                        [RT #40424]
 2015-11-05 12:09:48 +11:00
Tinderbox User
2b39e7bde9 regen master 2015-11-05 01:04:10 +00:00
Evan Hunt
6b8519147a [master] NTAs did not survive reoad/reconfig 
4251.	[bug]		NTAs were deleted when the server was reconfigured
			or reloaded. [RT #41058]
 2015-11-04 10:34:28 -08:00
Evan Hunt
ffb47c916a [master] update README-SGML 2015-10-28 21:38:55 -07:00
Tinderbox User
eadee66609 regen master 2015-10-29 02:56:15 +00:00
Jeremy C. Reed
fe12c35c3e fix some spelling typos and standardize some English spellings 
(to be consistent)
 2015-10-23 13:04:09 -04:00
Jeremy C. Reed
a8ce30c861 Merge branch 'master' of repo.isc.org:/proj/git/prod/bind9 2015-10-23 08:14:48 -04:00
Tinderbox User
9d557856c2 regen master 2015-10-22 05:53:09 +00:00
Mark Andrews
79f0eedd65 cleanup trailing whitespace 2015-10-22 16:24:03 +11:00
Mark Andrews
30eec077db cleanup trailing white space in SGML like files 2015-10-22 16:09:46 +11:00
Jeremy C. Reed
fcb755212b make sure there is a simpara for missing context for note tag 2015-10-21 15:03:25 -04:00
Jeremy C. Reed
134788b041 remove errant word 
a word is repeated in a sentence and didn't make sense as-is
so removed it
 2015-10-20 14:56:46 -04:00
Jeremy C. Reed
bb2e9569fe get rid of the "See also fetch-glue" since is obsolete 
This doesn't remove the description but don't have other
options refer to obsolete option.

No CHANGES entry since very minor.
 2015-10-20 10:45:49 -04:00
Tinderbox User
2b4d1b54f6 regen master 2015-10-20 01:04:48 +00:00
Evan Hunt
932715fbbe [master] update TSIG, TKEY, SIG(0) documentation 
4241.	[doc]		Improved the TSIG, TKEY, and SIG(0) sections in
			the ARM. [RT #40955]
 2015-10-19 08:48:18 -07:00
Tinderbox User
e2b184f84e regen master 2015-10-18 01:07:32 +00:00
Evan Hunt
90174e64f4 [master] shorten default servfail-ttl 
4239.	[func]		Changed default servfail-ttl value to 1 second from 10.
			Also, the maximum value is now 30 instead of 300. [RT #37556]
 2015-10-17 13:44:01 -07:00
Tinderbox User
b96b01ed26 regen master 2015-10-15 01:06:35 +00:00
Evan Hunt
c3cb3953b6 [master] remove unneeded xsl code, fix a link in ARM 2015-10-14 14:57:54 -07:00