Tinderbox User
835eaef8e3
update copyright notice / whitespace
2015-07-09 23:46:11 +00:00
Evan Hunt
ea36796f82
[v9_9] DDoS mitigation features
...
3938. [func] Added quotas to be used in recursive resolvers
that are under high query load for names in zones
whose authoritative servers are nonresponsive or
are experiencing a denial of service attack.
- "fetches-per-server" limits the number of
simultaneous queries that can be sent to any
single authoritative server. The configured
value is a starting point; it is automatically
adjusted downward if the server is partially or
completely non-responsive. The algorithm used to
adjust the quota can be configured via the
"fetch-quota-params" option.
- "fetches-per-zone" limits the number of
simultaneous queries that can be sent for names
within a single domain. (Note: Unlike
"fetches-per-server", this value is not
self-tuning.)
- New stats counters have been added to count
queries spilled due to these quotas.
These options are not available by default;
use "configure --enable-fetchlimit" (or
--enable-developer) to include them in the build.
See the ARM for details of these options. [RT #37125 ]
2015-07-08 23:00:58 -07:00
Witold Krecicki
ece6e87818
rndc reconfig reports configuration errors the same way rndc reload does [RT #39635 ]
2015-06-12 11:13:36 +02:00
Mark Andrews
aec5c211a9
4117. [protocol] Add EMPTY.AS112.ARPA as per RFC 7534.
...
(cherry picked from commit 8f20f6c9d7
2015-05-15 08:23:43 +10:00
Evan Hunt
a25f1b3cf5
[v9_9] fix root-delegation-only without exclude
...
4112. [bug] Named failed to load when "root-delegation-only"
was used without a list of domains to exclude.
[RT #39380 ]
2015-05-04 12:46:11 -07:00
Mark Andrews
1c33552240
4081. [cleanup] Use dns_rdatalist_init consistently. [RT #38759 ]
...
(cherry picked from commit 29d52c001fa55c3151b2
2015-03-03 16:52:02 +11:00
Mark Andrews
f16ab01da5
4076. [bug] Named could crash on shutdown with outstanding
...
reload / reconfig events. [RT #38622 ]
(cherry picked from commit bb5df338d9
2015-02-27 12:36:08 +11:00
Evan Hunt
fa01c77ac6
[v9_9] version cleanup
...
4073. [cleanup] Add libjson-c version number reporting to
"named -V"; normalize version number formatting.
[RT #38056 ]
2015-02-26 12:12:31 -08:00
Evan Hunt
0d6547c706
[v9_9] address valgrind warnings
...
4059. [bug] Addressed valgrind warnings. [RT #38549 ]
2015-02-10 14:04:13 -08:00
Evan Hunt
57f015bd2a
[v9_9] clean up gcc -Wshadow warnings
...
4039. [cleanup] Cleaned up warnings from gcc -Wshadow. [RT #37381 ]
2015-01-20 14:55:41 -08:00
Mukund Sivaraman
ece19205b7
Close FILEs before overwriting NZF file ( #38332 )
...
Based on a patch sent in by Tony Finch <dot@dotat.at >.
(cherry picked from commit 1721fb782c
2015-01-16 15:41:15 +05:30
Mark Andrews
15738c0888
4032. [bug] Built-in "empty" zones did not correctly inherit the
...
"allow-transfer" ACL from the options or view.
[RT #38310 ]
(cherry picked from commit 7952156995
2015-01-10 22:04:32 +11:00
Tinderbox User
7e35cef570
update copyright notice / whitespace
2015-01-08 23:46:12 +00:00
Mark Andrews
94124ad484
4031. [bug] named-checkconf -z failed to report a missing file
...
with a hint zone. [RT #38294 ]
(cherry picked from commit d1f1f13c7f
2015-01-08 19:20:31 +11:00
Mark Andrews
2d21161222
unchecked putnull
2014-11-25 15:24:45 +11:00
Evan Hunt
711e833921
[v9_9] add max-recursion-queries
...
also fixes and documentation for max-recursion-depth
(cherry picked from commit c4f54e5bd1b3aa528d7e
2014-11-18 22:14:55 -08:00
Evan Hunt
603a0e2637
[v9_9] limit recursion depth and iterative queries
...
4006. [security] A flaw in delegation handling could be exploited
to put named into an infinite loop. This has
been addressed by placing limits on the number
of levels of recursion named will allow (default 7),
and the number of iterative queries that it will
send (default 50) before terminating a recursive
query (CVE-2014-8500).
The recursion depth limit is configured via the
"max-recursion-depth" option. [RT #35780 ]
2014-11-17 23:49:07 -08:00
Mark Andrews
16adeb3661
check returns from putstr and putnull
...
(cherry picked from commit 18fa89b01e
2014-11-18 13:03:20 +11:00
Mark Andrews
c4c43e7359
3968. [bug] Silence spurious log messages when using 'named -[46]'.
...
[RT #37308 ]
(cherry picked from commit 6979ebf549
2014-10-03 08:06:31 +10:00
Mark Andrews
aaf8ae4297
3966. [bug] Missing dns_db_closeversion call in receive_secure_db.
...
[RT #35746 ]
(cherry picked from commit 9c0589bc8b
2014-10-03 07:52:17 +10:00
Mark Andrews
ddf4e45cad
3931. [cleanup] Cleanup how dlz grammer is defined. [RT #36879 ]
...
(cherry picked from commit 1164997311
2014-08-26 15:26:05 +10:00
Mark Andrews
9f23fea978
3924. [bug] Improve 'rndc addzone' error reporting. RT #35187
...
(cherry picked from commit d4859b0b2a
2014-08-22 16:26:19 +10:00
Mark Andrews
13ffd78910
3908. [bug] rndc now differentiates between a zone in multiple
...
views and a zone that doesn't exist at all. [RT #36691 ]
(cherry picked from commit c38341ec43
2014-08-02 15:09:03 +10:00
Mark Andrews
ff74829d81
silence win64 possible loss of data
2014-06-23 14:07:24 +10:00
Mark Andrews
df2396b4f9
3866. [bug] Named could die on disk full in generate_session_key.
...
[RT #36119 ]
(cherry picked from commit fa6308bd57
2014-05-30 14:39:33 +10:00
Evan Hunt
95b85c7342
[v9_9] log static-stub correctly when removing
...
3822. [bug] Log the correct type of static-stub zones when
removing them. [RT #35842 ]
(cherry picked from commit eb1a7730f000e9952c41
2014-04-26 10:19:27 -07:00
Evan Hunt
2b4781835c
[v9_9] warn when wrong address family used in listen-on/-v6
...
3778. [bug] Log a warning when the wrong address family is
used in "listen-on" or "listen-on-v6". [RT #17848 ]
(cherry picked from commit 78f79084fc
2014-03-07 11:36:20 -08:00
Mark Andrews
d659c5dac1
3743. [bug] delegation-only flag wasn't working in forward zone
...
declarations despite being documented. This is
needed to support turning off forwarding and turning
on delegation only at the same name. [RT #35392 ]
(cherry picked from commit 38eabfcee7
2014-02-18 10:16:26 +11:00
Francis Dupont
5524962730
spurious space
2014-02-16 02:11:32 +01:00
Mark Andrews
1c67e9747b
fix typo in comment
...
(cherry picked from commit 404d7c966c
2014-02-08 09:38:34 +11:00
Evan Hunt
c2d3d0eda5
[v9_9] add no-case-compress
...
3731. [func] Added a "no-case-compress" ACL, which causes
named to use case-insensitive compression
(disabling change #3645 ) for specified
clients. (This is useful when dealing
with broken client implementations that
use case-sensitive name comparisons,
rejecting responses that fail to match the
capitalization of the query that was sent.)
[RT #35300 ]
(cherry picked from commit 166341d554
2014-02-06 19:42:39 -08:00
Evan Hunt
f48c053bb5
[v9_9] silence coverity warnings
...
- remove dead code in server.c
- initialize a struct tm.c
(cherry picked from commit 48def18179
2014-01-31 09:40:11 -08:00
Mark Andrews
f721bb7788
3710. [bug] Address double dns_zone_detach when switching to
...
using automatic empty zones from regular zones.
[RT #35177 ]
(cherry picked from commit db8938c993
2014-01-17 10:06:06 +11:00
Tinderbox User
864ca7ce33
update copyright notice
2014-01-09 23:45:53 +00:00
Evan Hunt
8c7ce6d3e6
[v9_9] replace memcpy() with memmove().
...
3698. [cleanup] Replaced all uses of memcpy() with memmove().
[RT #35120 ]
(cherry picked from commit ebe54c7d2221c6a0a4b3d96bcae3280c823a45e6)
2014-01-08 16:38:56 -08:00
Evan Hunt
dda2ffdbcf
[v9_9] fix 'rndc refresh' in inline-signing zones
...
3685. [bug] "rndc refresh" didn't work correctly with slave
zones using inline-signing. [RT #35105 ]
(cherry picked from commit 445a354e63
2013-12-11 13:00:22 -08:00
Mark Andrews
4071bd2c0e
cleanup
...
(cherry picked from commit 99c3e8e09c
2013-12-10 09:55:32 +11:00
Mark Andrews
b26719dff0
use snprintf; check the result of putstr
...
(cherry picked from commit 06a0b00bb6
2013-12-10 08:56:58 +11:00
Tinderbox User
da9611344e
update copyright notice
2013-12-04 23:46:00 +00:00
Evan Hunt
98a3bd57ca
[master] clearer "not found" message for rndc commands
...
3683. [cleanup] Add a more detailed "not found" message to rndc
commands which specify a zone name. [RT #35059 ]
(cherry picked from commit bee9a28af0
2013-12-04 12:58:28 -08:00
Mark Andrews
3b38a23089
3681. [port] Update the Windows build system to support feature
...
selection and WIN64 builds. This is a work in
progress. [RT #34160 ]
(cherry picked from commit c3c8823fed
2013-12-04 13:48:45 +11:00
Mark Andrews
ed3dc651f5
3653. [func] Create delegations for all "children" of empty zones
...
except "forward first". [RT #34826 ]
(cherry picked from commit 00043fc284
2013-09-25 09:41:26 +10:00
Tinderbox User
3f72c4af9e
update copyright notice
2013-09-19 23:45:45 +00:00
Evan Hunt
1e77160774
[v9_9] comment nzf files
...
3649. [cleanup] Include a comment in .nzf files, giving the name of
the associated view. [RT #34765 ]
(cherry picked from commit c7965f84c2
2013-09-19 15:43:18 -07:00
Mark Andrews
e30eef239d
style
...
(cherry picked from commit 92f2cf45ce
2013-09-01 17:09:38 +10:00
Mark Andrews
481672cf84
remove dead code
...
(cherry picked from commit 601d1a9aad
2013-08-19 12:44:35 +10:00
Mark Andrews
f15a37beb5
3636. [bug] Automatic empty zones now behave better with
...
forward only "zones" beneath them. [RT #34583 ]
(cherry picked from commit e548e07a9a
2013-08-16 13:56:42 +10:00
Mark Andrews
fa4192fe18
3634. [func] Report build-id in rndc status. Report build-id
...
when building from a git repository. [RT #20422 ]
(cherry picked from commit 0e1dfb8ff5
2013-08-15 12:56:43 +10:00
Evan Hunt
f3e5684b09
[v9_9] don't go nonresponsive during "rndc reload"
...
3617. [bug] Named was failing to answer queries during
"rndc reload" [RT #34098 ]
(cherry picked from commit 964bdcd7ad
2013-07-11 10:57:19 -07:00
Evan Hunt
c2cb8c8fc0
[v9_9] address race conditions with removing inline zones
...
3513. [bug] named could crash when deleting inline-signing
zones with "rndc delzone". [RT #34066 ]
(cherry picked from commit 927e4c9fec
2013-07-09 17:50:43 -07:00
