upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-26 11:32:01 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
25438 commits 18 branches 854 tags 440 MiB
Commit graph

224 commits

Author SHA1 Message Date
Evan Hunt
f8786917ac [master] revise CHANGES and release notes to say glue-cache is on by default 2017-08-09 21:48:51 -07:00
Evan Hunt
c4cfb0b4dc [master] remove dig +sigchase 
4674.   [func]          "dig +sigchase", and related options "+topdown" and
                        "+trusted-keys", have been removed. Use "delv" for
                        queries with DNSSEC validation. [RT #42793]
 2017-08-09 11:03:27 -07:00
Evan Hunt
61367c604c [master] refactor resquery_response() and related functions 
4669.	[func]		Iterative query logic in resolver.c has been
			refactored into smaller functions and commented,
			for improved readability, maintainability and
			testability. [RT #45362]
 2017-08-04 16:08:11 -07:00
Evan Hunt
913f7528fe [master] revise CHANGES note and add release note 2017-07-31 10:34:19 -07:00
Evan Hunt
268cea9c12 [master] glue-cache option 
4664.	[func]		Add a "glue-cache" option to enable or disable the
			glue cache. The default is "no" to reduce memory
			usage, but enabling this option will improve
			performance in delegation-heavy zones. [RT #45125]
 2017-07-28 12:57:50 -07:00
Evan Hunt
8abc9db6bf [master] update relnotes to mention termination of windows XP support 2017-07-15 13:56:34 -07:00
Mark Andrews
56d8312a48 note change in AD setting on some truncated answers 2017-07-11 13:29:19 +10:00
Mark Andrews
9987992232 add note about .local 2017-07-11 12:43:31 +10:00
Evan Hunt
581c1526ab [master] address TSIG bypass/forgery vulnerabilities 
4643.	[security]	An error in TSIG handling could permit unauthorized
			zone transfers or zone updates. (CVE-2017-3142)
			(CVE-2017-3143) [RT #45383]
 2017-06-27 11:39:19 -07:00
Evan Hunt
bf05e66bb3 [master] prevent reload failure due to LMDB database perms 
4638.	[bug]		Reloading or reconfiguring named could fail on
			some platforms when LMDB was in use. [RT #45203]
 2017-06-13 10:15:34 -07:00
Evan Hunt
0471530aae [master] nsec3hash -r 
4637.	[func]		"nsec3hash -r" option ("rdata order") takes arguments
			in the same order as they appear in NSEC3 or
			NSEC3PARAM records, so that NSEC3 parameters can
			be cut and pasted from an existing record. Thanks
			to Tony Finch for the contribution. [RT #45183]
 2017-06-13 00:39:10 -07:00
Evan Hunt
967a3b9419 [master] quote service registry paths 
4532.	[security]	The BIND installer on Windows used an unquoted
                        service path, which can enable privilege escalation.
			(CVE-2017-3141) [RT #45229]
 2017-05-30 13:35:59 -07:00
Evan Hunt
2648c49be7 [master] fix rpz formerr loop 
4531.	[security]	Some RPZ configurations could go into an infinite
			query loop when encountering responses with TTL=0.
			(CVE-2017-3140) [RT #45181]
 2017-05-30 12:30:28 -07:00
Mark Andrews
d4d73bca79 add warning about semicolon no longer being escaped 2017-05-11 11:02:35 +10:00
Evan Hunt
3a554a444c [master] fix lmdb delzone 
4616.	[bug]		When using LMDB, zones deleted using "rndc delzone"
			were not correctly removed from the new-zone
			database. [RT #45185]
 2017-05-04 12:32:32 -07:00
Mark Andrews
071fe723a1 fix tag mismatch 2017-05-03 11:15:14 +10:00
Evan Hunt
d39ab7440e [master] automatically tune max-journal-size 
4613.	[func]		By default, the maximum size of a zone journal file
			is now twice the size of the zone's contents (there
			is little benefit to a journal larger than this).
			This can be overridden by setting "max-journal-size"
			to "unlimited" or to an explicit value up to 2G.
			Thanks to Tony Finch. [RT #38324]
 2017-05-02 13:23:08 -07:00
Evan Hunt
2dfb992349 [master] new-zones-directory option 
4610.	[func]		The "new-zones-directory" option specifies the
			location of NZF or NZD files for storing
			configuration of zones added by "rndc addzone".
			Thanks to Petr Menšík. [RT #44853]
 2017-04-23 23:16:53 -07:00
Evan Hunt
3a10cf1f07 [master] add a release note for performance improvements 2017-04-21 21:48:50 -07:00
Evan Hunt
d26ae7fc08 [master] give threads unique names to assist debugging 
4602.	[func]		Threads are now set to human-readable
			names to assist debugging, when supported by
			the OS. [RT #43234]
 2017-04-21 13:59:40 -07:00
Evan Hunt
f5c39b072c [master] hex output mode for dnstap-read 
4594.	[func]		"dnstap-read -x" prints a hex dump of the wire
			format of each logged DNS message. [RT #44816]
 2017-04-20 20:22:19 -07:00
Evan Hunt
52e398c0af [master] formatting 2017-04-12 14:05:54 -07:00
Mark Andrews
fe1ad70e51 add CVE-2017-3138 2017-03-30 02:56:33 +11:00
Evan Hunt
39eb1d0353 [master] host -A 
4593.	[func]		"host -A" returns most records for a name but
			omits RRSIG, NSEC and NSEC3. (Thanks to Tony Finch.)
			[RT #43032]
 2017-03-25 12:49:25 -07:00
Evan Hunt
d2650297ca [master] tag mismatch 2017-03-10 17:34:01 -08:00
Evan Hunt
612b2e2c0d [master] timestamp suffixes for log files 
4579.	[func]		Logging channels and dnstap output files can now
			be configured with a "suffix" option, set to
			either "increment" or "timestamp", indicating
			whether to use incrementing numbers or timestamps
			as the file suffix when rolling over a log file.
			[RT #42838]
 2017-03-08 23:20:40 -08:00
Evan Hunt
a1365a0042 [master] remove unnecessary INSIST 
4578.	[security]	Some chaining (CNAME or DNAME) responses to upstream
			queries could trigger assertion failures.
			(CVE-2017-3137) [RT #44734]
 2017-02-23 14:34:33 -08:00
Witold Krecicki
fa9b4de716 4576. [func] The RPZ implementation has been substantially refactored for improved performance and reliability. [RT #43449] 2017-02-20 11:57:28 +01:00
Mark Andrews
009c98a1be add CVE-2017-3136 note 
(cherry picked from commit d77eadc261)
 2017-02-15 12:45:38 +11:00
wpk
96912e44b0 4573. [func] Query logic has been substantially refactored (e.g. query_find function has been split into smaller functions) for improved readability, maintainability 2017-02-08 22:15:01 +01:00
Evan Hunt
7fcd72f574 [master] mismatched tag 2017-02-07 18:28:40 -08:00
Evan Hunt
ef0ddc8ba3 [master] doc style 2017-02-07 08:18:15 -08:00
Evan Hunt
c4e4bd6a09 [master] dnstap size and versions options 
4572.	[func]		The "dnstap-output" option can now take "size" and
			"versions" parameters to indicate the maximum size
			a dnstap log file can grow before rolling to a new
			file, and how many old files to retain. [RT #44502]
 2017-02-06 16:34:58 -08:00
Evan Hunt
5b4d6d2ff8 [master] removed extra note about bind.keys update 2017-02-06 14:19:53 -08:00
Evan Hunt
650b5e7592 [master] store local and remote addresses in dnstap 
4569.	[func]		Store both local and remote addresses in dnstap
			logging, and modify dnstap-read output format to
			print them. [RT #43595]
 2017-02-03 17:05:58 -08:00
Evan Hunt
aace5d0fb3 [master] include ECS in query logging 
4566.	[func]		Query logging now includes the ECS option if one
			was included in the query. [RT #44476]
 2017-02-02 11:54:28 -08:00
Mark Andrews
294d73d990 new root KSK 2017-02-02 18:26:52 +11:00
Evan Hunt
cd668ea57f [master] change 4558 was incomplete 2017-01-30 14:10:30 -08:00
Evan Hunt
afa0ff0cbb [master] expand relnote 2017-01-23 20:04:04 -08:00
Mark Andrews
b1b5229a47 4556. [security] Combining dns64 and rpz can result in dereferencing 
a NULL pointer (read).  (CVE-2017-3135) [RT#44434]

(cherry picked from commit 5abe80ef13)
 2017-01-24 09:55:51 +11:00
Tinderbox User
96f5064e3c update copyright notice / whitespace 2017-01-20 23:45:34 +00:00
Evan Hunt
25a9b90369 [master] symbolic option names for dig +ednsopt 
4555.	[func]		dig +ednsopt: EDNS options can now be specified by
			name in addition to numeric value. [RT #44461]
 2017-01-19 23:46:37 -08:00
Mark Andrews
d2e1b47d4f 4553. [bug] Named could deadlock there were multiple changes to 
NSEC/NSEC3 parameters for a zone being processed at
                        the same time. [RT #42770]
 2017-01-12 14:25:45 +11:00
Mark Andrews
42924b40af 4552. [bug] Named could trigger a assertion when sending notify 
messages. [RT #44019]
 2017-01-12 14:17:43 +11:00
Tinderbox User
37ae137942 regen master 2017-01-05 01:05:07 +00:00
Evan Hunt
5804332588 [master] EDNS padding and keepalive support 
4549.	[func]		Added support for the EDNS TCP Keepalive option
			(RFC 7828). [RT #42126]

4548.	[func]		Added support for the EDNS Padding option (RFC 7830).
			[RT #42094]
 2017-01-04 09:16:30 -08:00
Evan Hunt
8f2b2012a4 [master] release notes 2016-12-28 20:19:47 -08:00
Mark Andrews
2c1c4b99a1 4508. [security] Named incorrectly tried to cache TKEY records which 
could trigger a assertion failure when there was
                            a class mismatch. (CVE-2016-9131) [RT #43522]
 2016-12-29 11:07:40 +11:00
Evan Hunt
eff07b51df [master] release notes 2016-12-28 12:05:08 -08:00
Evan Hunt
cc1a796b78 [master] release note 2016-12-28 11:07:27 -08:00