upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-03-14 06:32:14 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
23318 commits 18 branches 854 tags 440 MiB
Commit graph

1787 commits

Author SHA1 Message Date
Tinderbox User
ff69a0423e update copyright notice / whitespace 2016-11-08 23:57:34 +00:00
Mark Andrews
964e19cea8 4497. [port] Add support for OpenSSL 1.1.0. [RT #41284] 2016-11-09 09:59:32 +11:00
Tinderbox User
fc6f778fd8 update copyright notice / whitespace 2016-11-03 23:51:28 +00:00
Tinderbox User
a06917d08f update copyright notice / whitespace 2016-11-02 23:51:39 +00:00
Mark Andrews
51fe40fd59 4504. [security] Allow the maximum number of records in a zone to 
be specified.  This provides a control for issues
                        raised in CVE-2016-6170. [RT #42143]

(cherry picked from commit 5f8412a4cb)
 2016-11-03 10:46:37 +11:00
Evan Hunt
60814deed8 [v9_9] make uninstall 
4503.	[cleanup]	"make uninstall" now removes file installed by
			BIND. (This currently excludes Python files
			due to lack of support in setup.py.) [RT #42912]

(cherry picked from commit 6087f87afb)
(cherry picked from commit 398f8c32f3)
 2016-11-01 20:22:35 -07:00
Tinderbox User
e52e476295 update copyright notice / whitespace 2016-07-14 23:54:00 +00:00
Mark Andrews
456d497196 4413. [bug] GSSAPI negotiation could fail if GSS_S_CONTINUE_NEEDED 
was returned. [RT #42733]

(cherry picked from commit 63e58ad048)
 2016-07-14 15:08:36 +10:00
Mukund Sivaraman
995cda9432 Some general cleanup (#42827) 
(cherry picked from commit e65cd99461)
(cherry picked from commit 47ed813864)
(cherry picked from commit e7a3b8948f)
 2016-07-13 15:00:36 +05:30
Tinderbox User
afb9f6c482 update copyright notice / whitespace 2016-06-16 23:46:03 +00:00
Mark Andrews
8ae151e5db backport dns_name_t *name -> const dns_name_t *name 
(cherry picked from commit ded95d497df16579852356fc5434671d24c7f00d)
 2016-06-16 21:40:22 +10:00
Mark Andrews
2bf3a4d271 4366. [bug] Address race condition when updating rbtnode bit 
fields. [RT #42379]

(cherry picked from commit e2047969de)
 2016-05-17 13:16:41 +10:00
Evan Hunt
529734f9fc [v9_9] prep 9.9.9b2 2016-03-24 12:42:54 -07:00
Mark Andrews
6aec5717c7 4341. [bug] 'rndc flushtree' could fail to clean the tree if there 
wasn't a node at the specified name. [RT #41846]

(cherry picked from commit 6214c3c93a)
 2016-03-24 11:38:17 +11:00
Tinderbox User
5cc724937d update copyright notice / whitespace 2016-03-22 23:45:44 +00:00
Evan Hunt
0c3dc6f60f [v9_9] fix mkeys TTL 0 issue 
4337.	[bug]		The previous change exposed a latent flaw in
			key refresh queries for managed-keys when
			a cached DNSKEY had TTL 0. [RT #41986]
 2016-03-22 12:13:39 -07:00
Tinderbox User
aad46e76a7 update copyright notice / whitespace 2016-03-10 23:45:46 +00:00
Mark Andrews
927e9d8bbc 4330. [protocol] Identify the PAD option as "PAD" when printing out 
a message.

(cherry picked from commit 33a4294f44)
 2016-03-10 16:54:51 +11:00
Mark Andrews
757e02d75c update copyrights 2016-03-08 16:19:15 +11:00
Mark Andrews
0649f3a0c0 4329. [func] Warn about a common misconfiguration when forwarding 
RFC 1918 zones. [RT #41441]
 2016-03-08 10:12:02 +11:00
Mukund Sivaraman
4bb2aa3e15 Repack dns_rbtnode struct to gain some space (reduce packing holes) (#41854) 
(cherry picked from commit 8dbf9ceb8c)
(cherry picked from commit 2a461f1348)
 2016-03-07 16:18:02 +05:30
Tinderbox User
45449617be update copyright notice / whitespace 2016-01-14 23:46:05 +00:00
Evan Hunt
6deb83615c [v9_9] added sockaddr.h 
4291.	[cleanup]	Added a required include to dns/forward.h. [RT #41474]

(cherry picked from commit b4ccec331d)
(cherry picked from commit 25da0107d1)
 2016-01-14 10:27:41 -08:00
Mukund Sivaraman
a28d8e8bf5 Improve performance of RBT (#41165) 
(cherry picked from commit 5d79b60fc5)
(cherry picked from commit 318158d66a)
 2015-12-11 10:29:36 +05:30
Mark Andrews
9631d0769e 4260. [security] Insufficient testing when parsing a message allowed 
records with an incorrect class to be be accepted,
                        triggering a REQUIRE failure when those records
                        were subsequently cached. (CVE-2015-8000) [RT #4098]

(cherry picked from commit c8821d124c)
 2015-11-16 13:28:28 +11:00
Tinderbox User
4acf5216d7 update copyright notice / whitespace 2015-11-09 23:46:11 +00:00
Evan Hunt
7d984067ee [v9_9] fix python script versions 
4257.	[cleanup]	Python scripts reported incorrect version. [RT #41080]
 2015-11-08 21:41:04 -08:00
Mark Andrews
79f23b271e 4191. [protocol] Accept DNS-SD non LDH PTR records in reverse zones 
as per RFC 6763. [RT #37889]

(cherry picked from commit 5855fd79e3)
 2015-08-25 14:46:41 +10:00
Mark Andrews
fea8a9d56b 4190. [protocol] Accept Active Diretory gc._msdcs.<forest> name as 
valid with check-names.  <forest> still needs to be
                        LDH. [RT #40399]

(cherry picked from commit dc3912f3ca)
 2015-08-22 15:28:16 +10:00
Tinderbox User
cd80053809 update copyright notice / whitespace 2015-08-07 23:46:19 +00:00
Evan Hunt
0d83784a75 [v9_9] address buffer accounting error 
4168.	[security]	A buffer accounting error could trigger an
			assertion failure when parsing certain malformed
			DNSSEC keys. (CVE-2015-5722) [RT #40212]

(cherry picked from commit ce9f893e21)
 2015-08-07 13:22:40 -07:00
Tinderbox User
cc1a709402 update copyright notice / whitespace 2015-07-13 23:46:09 +00:00
Mark Andrews
82b6caf613 4164. [bug] Don't rename slave files and journals on out of memory. 
[RT #40033]

4163.   [bug]           Address compiler warnings. [RT #40024]

(cherry picked from commit 3a49d0ff10)
 2015-07-13 09:49:09 +10:00
Tinderbox User
835eaef8e3 update copyright notice / whitespace 2015-07-09 23:46:11 +00:00
Evan Hunt
ea36796f82 [v9_9] DDoS mitigation features 
3938.	[func]		Added quotas to be used in recursive resolvers
			that are under high query load for names in zones
			whose authoritative servers are nonresponsive or
			are experiencing a denial of service attack.

			- "fetches-per-server" limits the number of
			  simultaneous queries that can be sent to any
			  single authoritative server.  The configured
			  value is a starting point; it is automatically
			  adjusted downward if the server is partially or
			  completely non-responsive. The algorithm used to
			  adjust the quota can be configured via the
			  "fetch-quota-params" option.
			- "fetches-per-zone" limits the number of
			  simultaneous queries that can be sent for names
			  within a single domain.  (Note: Unlike
			  "fetches-per-server", this value is not
			  self-tuning.)
			- New stats counters have been added to count
			  queries spilled due to these quotas.

			These options are not available by default;
			use "configure --enable-fetchlimit" (or
			--enable-developer) to include them in the build.

			See the ARM for details of these options. [RT #37125]
 2015-07-08 23:00:58 -07:00
Mark Andrews
5e210b5fe5 4158. [protocol] Support the printing of EDNS COOKIE options. 
[RT #39928]
 2015-07-07 15:49:36 +10:00
Mark Andrews
f5386a21a8 4154. [bug] A OPT record should be included with the FORMERR 
response when there is a malformed EDNS option.
                        [RT #39647]

4153.   [bug]           Check that non significant ECS bits are zero on
                        receipt. [RT #39647]
 2015-07-06 16:34:48 +10:00
Mukund Sivaraman
fc0797977d Fix a bug printing zone names with '/' character in XML and JSON stats (#39873) 
(cherry picked from commit 08f0129732)

Conflicts:
	bin/tests/system/statistics/clean.sh

(cherry picked from commit f69f188b90)

Conflicts:
	bin/named/statschannel.c
	bin/tests/system/statistics/clean.sh
	bin/tests/system/statistics/ns1/named.conf
	bin/tests/system/statistics/tests.sh

Conflicts:
	CHANGES
 2015-06-30 14:45:13 +05:30
Tinderbox User
2a71b08491 update copyright notice / whitespace 2015-05-28 23:46:13 +00:00
Mark Andrews
f381cb86da 4127. [protocol] CDS and CDNSKEY need to be signed by the key signing 
key as per RFC 7344, Section 4.1. [RT #37215]

(cherry picked from commit 598b502695)
 2015-05-27 15:45:46 +10:00
Tinderbox User
8eb77bc70b update copyright notice / whitespace 2015-05-11 23:46:10 +00:00
Mark Andrews
20890f61bf use dns_opcode_t 
(cherry picked from commit 844b568182)
 2015-05-11 12:17:50 +10:00
Tinderbox User
9bd61f393f update copyright notice / whitespace 2015-04-28 23:46:12 +00:00
Mark Andrews
fdb83d87d6 4110. [bug] Address memory leaks / null pointer dereferences 
on out of memory. [RT #39310]

(cherry picked from commit b292230ab8)
 2015-04-29 03:37:25 +10:00
Tinderbox User
124e64db5e update copyright notice / whitespace 2015-03-04 23:46:08 +00:00
Mark Andrews
263413c7a7 4082. [bug] Incrementally sign large inline zone deltas. 
[RT #37927]

(cherry picked from commit 1b05d22789)
 2015-03-05 10:08:11 +11:00
Tinderbox User
15dce01ef4 update copyright notice / whitespace 2015-02-26 23:46:12 +00:00
Evan Hunt
14926c3403 [v9_9] fix LOADPENDING issues 
4063.	[bug]		Asynchronous zone loads were not handled
			correctly when the zone load was already in
			progress; this could trigger a crash in zt.c.
			[RT #37573]

(cherry picked from commit 7acc2f2156)
(cherry picked from commit 62fd632bcb)
 2015-02-25 16:12:34 -08:00
Tinderbox User
9cbd625449 update copyright notice / whitespace 2015-01-20 23:47:26 +00:00
Mark Andrews
398a63d660 4038. [bug] Add 'rpz' flag to node and use it to determine whether 
to call dns_rpz_delete.  This should prevent unbalanced
                        add / delete calls. [RT #36888

(cherry picked from commit cc0a48a381)
 2015-01-20 17:48:51 +11:00