ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
22,782 Commits 589 Branches 805 Tags
0af284b18b195c797b51208d623c3cedbb5bb2bd
Commit Graph

6776 Commits

Author SHA1 Message Date
Evan Hunt
6c049c57d9 [v9_10] refactor max-recursion-queries 
- the counters weren't set correctly when fetches timed out.
  instead we now pass down a counter object.

(cherry picked from commit 05e448935c)
 2014-11-19 18:26:46 -08:00
Tinderbox User
13fc7dc7dc update copyright notice / whitespace 2014-11-19 23:45:49 +00:00
Evan Hunt
3ba04bb8a0 [v9_10] fix reclimit test (remove servfail-ttl) 2014-11-19 00:18:20 -08:00
Evan Hunt
b3aa528d7e [v9_10] add max-recursion-queries 
also fixes and documentation for max-recursion-depth

(cherry picked from commit c4f54e5bd1)
 2014-11-18 22:13:13 -08:00
Tinderbox User
ff68ed6890 update copyright notice / whitespace 2014-11-18 23:45:49 +00:00
Evan Hunt
6fd51d5088 [v9_10] limit recursion depth and iterative queries 
4006.	[security]	A flaw in delegation handling could be exploited
			to put named into an infinite loop.  This has
			been addressed by placing limits on the number
			of levels of recursion named will allow (default 7),
			and the number of iterative queries that it will
			send (default 50) before terminating a recursive
			query (CVE-2014-8500).

			The recursion depth limit is configured via the
			"max-recursion-depth" option.  [RT #35780]
 2014-11-17 23:48:20 -08:00
Mark Andrews
45174975bc check returns from putstr and putnull 
(cherry picked from commit 18fa89b01e)
 2014-11-18 13:00:55 +11:00
Tinderbox User
6ff0c711ba update copyright notice 2014-11-17 23:45:44 +00:00
Evan Hunt
8b7a37a594 [v9_10] geoip security fixes 
4003.	[security]	When geoip-directory was reconfigured during
			named run-time, the previously loaded GeoIP
			data could remain, potentially causing wrong
			ACLs to be used or wrong results to be served
			based on geolocation. [RT #37720]

4002.	[security]	Lookups in GeoIP databases that were not
			loaded could cause an assertion failure.
			[RT #37679]

4001.	[security]	The caching of GeoIP lookups did not always
			handle address families correctly, potentially
			resulting in an assertion failure. [RT #37672]
 2014-11-16 08:39:47 -08:00
Evan Hunt
96b6923a25 [v9_10] reference leak with AAAA glue but not A 
4004.	[bug]		When delegations had AAAA glue but not A, a
			reference could be leaked causing an assertion
			failure on shutdown. [RT #37796]

(cherry picked from commit c4abb19716)
 2014-11-14 09:04:44 -08:00
Evan Hunt
5ffe6452e1 [v9_10] s/memcpy/memmove/ 2014-11-06 13:02:40 -08:00
Tinderbox User
9c65091de4 update copyright notice 2014-11-05 23:45:45 +00:00
Evan Hunt
56293cd148 [v9_10] fix nxrrset in nxdomain redirection 
4000.	[bug]		NXDOMAIN redirection incorrectly handled NXRRSET
			from the redirect zone. [RT #37722]

(cherry picked from commit 3cc8c7d630)
 2014-11-04 23:53:54 -08:00
Mark Andrews
73b7afc3b6 3997. [protocol] Add OPENGPGKEY record. [RT# 37671] 2014-11-04 12:24:56 +11:00
Mark Andrews
a1675b15dc 3990. [testing] Add tests for unknown DNSSEC algorithm handling. 
[RT #37541]

(cherry picked from commit a5c7cfbac4)
 2014-10-30 11:21:38 +11:00
Tinderbox User
824e85b003 regen v9_10 2014-10-21 01:08:54 +00:00
Tinderbox User
c21f76a85e update copyright notice 2014-10-20 23:45:55 +00:00
Mark Andrews
63d44ef7d2 3985. [doc] Describe how +ndots and +search interact in dig. 
[RT #37529]

(cherry picked from commit 40b28f5402)
 2014-10-21 08:06:46 +11:00
Mark Andrews
9efce3c577 3981. [bug] Cache DS/NXDOMAIN independently of other query types. 
[RT #37467]

(cherry picked from commit 72775a79fe)
 2014-10-18 13:09:40 +11:00
Mark Andrews
27231c6877 allow for the set of ttls to be empty 
(cherry picked from commit 44ef2206d7)
 2014-10-16 14:47:02 +11:00
Mark Andrews
bd5d920bd5 make test more robust in the face of server failures 2014-10-16 12:34:29 +11:00
Evan Hunt
835ec62f82 [v9_10] add redirect zone to checkconf -z test 2014-10-09 18:30:50 -07:00
Mark Andrews
5d0183a773 3972. [bug] Fix host's usage statement. [RT #37397] 
(cherry picked from commit c12c746e3a)
 2014-10-07 01:10:05 +11:00
Mark Andrews
74741bc952 3971. [bug] Reduce the cascasding failures due to a bad $TTL line 
in named-checkconf / named-checkzone. [RT #37138]

(cherry picked from commit c81d56c03e)
 2014-10-05 08:30:29 +11:00
Mark Andrews
4c12b6709a verifying inline zones work with views requires crypto to be configured 2014-10-04 18:06:25 +10:00
Evan Hunt
e0e6797c03 [v9_10] add delv system test 
3969.	[test]		Added 'delv' system test. [RT #36901]

(cherry picked from commit 12002ea49e)
 2014-10-02 22:37:50 -07:00
Tinderbox User
210ba0547c update copyright notice 2014-10-02 23:45:51 +00:00
Mark Andrews
b7103cc603 3968. [bug] Silence spurious log messages when using 'named -[46]'. 
[RT #37308]

(cherry picked from commit 6979ebf549)
 2014-10-03 08:06:25 +10:00
Mark Andrews
1b9a5c6516 3967. [test] Add test for inlined signed zone in multiple views 
with different DNSKEY sets. [RT #35759]

(cherry picked from commit b24061719c)
 2014-10-03 08:00:22 +10:00
Mark Andrews
9fe54596cc 3966. [bug] Missing dns_db_closeversion call in receive_secure_db. 
[RT #35746]

(cherry picked from commit 9c0589bc8b)
 2014-10-03 07:51:45 +10:00
Mark Andrews
5bbdd6cc6b SIG(0) update forwarding testing requires crypto be configured 
(cherry picked from commit a837c939c4)
 2014-10-02 11:08:07 +10:00
Tinderbox User
f065bdc9b6 update copyright notice 2014-10-01 23:45:46 +00:00
Mark Andrews
3e8a36cf7e 3962. [bug] 'dig +topdown +trace +sigchase' address unhandled error conditions. [RT #34663] 
(cherry picked from commit 7d891eaf91)
 2014-10-01 10:02:16 +10:00
Tinderbox User
d5a5ca7225 update copyright notice 2014-09-30 23:46:53 +00:00
Mark Andrews
a6869655d6 3961. [bug] Forwarding of SIG(0) signed UPDATE messages failed with 
BADSIG.  [RT #37216]
 2014-10-01 07:37:27 +10:00
Mark Andrews
7e2d191c0a 3960. [bug] 'dig +sigchase' could loop forever. [RT #37220] 
(cherry picked from commit c83b91fb63)
 2014-10-01 07:17:42 +10:00
Tinderbox User
c16cf64ba5 update copyright notice 2014-09-29 23:45:52 +00:00
Mark Andrews
d8aa4db790 use RANDFILE rather than /dev/urandom 
(cherry picked from commit 4bc581ca31)
 2014-09-29 23:39:22 +10:00
Mark Andrews
eeafb33f52 3958. [bug] Detect when writeable files have multiple references 
in named.conf. [RT #37172]

(cherry picked from commit 386d6c08167bc048dfd20e3bba051a5f9d3cc545)
 2014-09-29 10:51:14 +10:00
Mark Andrews
c85116cb56 3957. [bug] "dnssec-keygen -S" failed for ECCGOST, ECDSAP256SHA256 
and ECDSAP384SHA384. [RT #37183]

(cherry picked from commit 80169c379d)
 2014-09-29 10:19:52 +10:00
Mark Andrews
1b0646c2c8 3954. [bug] Unchecked mutex init in dlz_dlopen_driver.c [RT #37112] 
(cherry picked from commit 6b6d6509f6)
 2014-09-27 12:30:34 +10:00
Mark Andrews
1809c690e3 3953. [bug] Don't escape semi-colon in TXT fields. [RT #37159] 
(cherry picked from commit 9a36fb86f5)
 2014-09-27 12:14:47 +10:00
Mark Andrews
44483c28cb give the nameserver a little longer to response 
(cherry picked from commit 06e28e50bd)
 2014-09-18 10:08:17 +10:00
Mark Andrews
c29dc7a1a2 make depend fails in bin/python 2014-09-15 14:10:54 +10:00
Tinderbox User
30fa17292e regen v9_10 2014-09-13 01:09:54 +00:00
Evan Hunt
357cce8964 [v9_10] [rt36993] work around a bmake bug in BSD 
3950.	[port]		Changed the bin/python Makefile to work around a
			bmake bug in FreeBSD 10 and NetBSD 6. [RT #36993]

(cherry picked from commit 8dba0e7d87)
 2014-09-12 15:22:11 -07:00
Mark Andrews
b38ca786e1 update named-checkzone manpage for SPF changes 2014-09-13 07:56:13 +10:00
Tinderbox User
0253b39064 update copyright notice 2014-09-05 23:45:59 +00:00
Evan Hunt
9f6a6d24dc [v9_10] [rt37057] server-id tests 
3944.	[test]		Added a regression test for "server-id". [RT #37057]

(cherry picked from commit c9e976dc43)
 2014-09-05 09:59:56 -07:00
Tinderbox User
868bab4830 regen v9_10 2014-09-05 01:09:53 +00:00