upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-25 19:04:57 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind9/bin/named
History
Artem Boldariev 5ed3a76f9d BIND: Add 'allow-proxy' and 'allow-proxy-on' options 
The main intention of PROXY protocol is to pass endpoints information
to a back-end server (in our case - BIND). That means that it is a
valid way to spoof endpoints information, as the addresses and ports
extracted from PROXYv2 headers, from the point of view of BIND, are
used instead of the real connection addresses.

Of course, an ability to easily spoof endpoints information can be
considered a security issue when used uncontrollably. To resolve that,
we introduce 'allow-proxy' and 'allow-proxy-on' ACL options. These are
the only ACL options in BIND that work with real PROXY connections
addresses, allowing a DNS server operator to specify from what clients
and on which interfaces he or she is willing to accept PROXY
headers. By default, for security reasons we do not allow to accept
them.
2023-12-06 15:15:25 +02:00
..
include Remove the lock-file configuration and -X argument to named 2023-10-26 22:42:37 +02:00
.gitignore Complete rewrite the BIND 9 build system 2020-04-21 14:19:48 +02:00
bind9.xsl Expose the SOA query transport type used before/during XFR 2023-09-22 09:56:33 +00:00
builtin.c Give the rdataset->privateN fields more helpful names 2023-07-17 14:50:25 +02:00
config.c BIND: Add 'allow-proxy' and 'allow-proxy-on' options 2023-12-06 15:15:25 +02:00
control.c Make sure we shutdown the controlconf listeners and connections once 2023-11-16 16:58:12 +01:00
controlconf.c Make sure we shutdown the controlconf listeners and connections once 2023-11-16 16:58:12 +01:00
dlz_dlopen_driver.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
fuzz.c Update netmgr, tasks, and applications to use isc_loopmgr 2022-08-26 09:09:24 +02:00
geoip.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
log.c Properly name ADB hashmap and named log memory contexts 2023-01-30 12:54:57 +01:00
logconf.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
main.c Remove the lock-file configuration and -X argument to named 2023-10-26 22:42:37 +02:00
Makefile.am Add support for User Statically Defined Tracing (USDT) probes 2023-08-21 18:39:53 +02:00
named.conf.rst remove {root-}delegation-only 2023-03-23 12:57:01 -07:00
named.rst Remove the lock-file configuration and -X argument to named 2023-10-26 22:42:37 +02:00
os.c Remove the lock-file configuration and -X argument to named 2023-10-26 22:42:37 +02:00
server.c BIND: Add 'allow-proxy' and 'allow-proxy-on' options 2023-12-06 15:15:25 +02:00
statschannel.c Fix error path issue in xfrin_xmlrender() 2023-09-27 10:03:40 +00:00
tkeyconf.c Remove TKEY Mode 2 (Diffie-Hellman) 2023-03-08 08:36:25 +01:00
transportconf.c Update sources to Clang 15 formatting 2022-11-29 08:54:34 +01:00
tsigconf.c convert TSIG keyring storage from RBT to hash table 2023-06-14 08:14:38 +00:00
xsl_p.h Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
zoneconf.c Ignore inline-signing by default 2023-10-17 10:52:36 +02:00