ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
22,782 Commits 589 Branches 805 Tags
0af284b18b195c797b51208d623c3cedbb5bb2bd
Commit Graph

9538 Commits

Author SHA1 Message Date
Evan Hunt
c58e4a4503 [v9_10] remove inadvertently-retained content from quota.h 2014-11-20 12:55:25 -08:00
Evan Hunt
6c049c57d9 [v9_10] refactor max-recursion-queries 
- the counters weren't set correctly when fetches timed out.
  instead we now pass down a counter object.

(cherry picked from commit 05e448935c)
 2014-11-19 18:26:46 -08:00
Evan Hunt
b3aa528d7e [v9_10] add max-recursion-queries 
also fixes and documentation for max-recursion-depth

(cherry picked from commit c4f54e5bd1)
 2014-11-18 22:13:13 -08:00
Evan Hunt
6fd51d5088 [v9_10] limit recursion depth and iterative queries 
4006.	[security]	A flaw in delegation handling could be exploited
			to put named into an infinite loop.  This has
			been addressed by placing limits on the number
			of levels of recursion named will allow (default 7),
			and the number of iterative queries that it will
			send (default 50) before terminating a recursive
			query (CVE-2014-8500).

			The recursion depth limit is configured via the
			"max-recursion-depth" option.  [RT #35780]
 2014-11-17 23:48:20 -08:00
Evan Hunt
8b7a37a594 [v9_10] geoip security fixes 
4003.	[security]	When geoip-directory was reconfigured during
			named run-time, the previously loaded GeoIP
			data could remain, potentially causing wrong
			ACLs to be used or wrong results to be served
			based on geolocation. [RT #37720]

4002.	[security]	Lookups in GeoIP databases that were not
			loaded could cause an assertion failure.
			[RT #37679]

4001.	[security]	The caching of GeoIP lookups did not always
			handle address families correctly, potentially
			resulting in an assertion failure. [RT #37672]
 2014-11-16 08:39:47 -08:00
Evan Hunt
53b733da7f [v9_10] fix false positive compiler warning 
a "pointer always evaluates to true" warning was blocking
compilation of the radix ATF test when using --enable-developer
with gcc 4.8.2.
 2014-11-15 00:55:06 -08:00
Evan Hunt
96b6923a25 [v9_10] reference leak with AAAA glue but not A 
4004.	[bug]		When delegations had AAAA glue but not A, a
			reference could be leaked causing an assertion
			failure on shutdown. [RT #37796]

(cherry picked from commit c4abb19716)
 2014-11-14 09:04:44 -08:00
Tinderbox User
8836da6a4d update copyright notice 2014-11-04 23:45:46 +00:00
Mark Andrews
ebdf2334f5 add missing opening bracket 
(cherry picked from commit a31d0513c3)
 2014-11-04 17:12:20 +11:00
Mark Andrews
b2b3882c5c 3998. [bug] isc_radix_search was returning matches that were 
to precise. [RT #37680]

(cherry picked from commit b976c39c07)
 2014-11-04 12:40:41 +11:00
Mark Andrews
73b7afc3b6 3997. [protocol] Add OPENGPGKEY record. [RT# 37671] 2014-11-04 12:24:56 +11:00
Tinderbox User
53b878cd1c update copyright notice 2014-10-31 23:45:48 +00:00
Mark Andrews
5ccdac854e 3996. [bug] Address use after free on out of memory error in 
keyring_add. [RT #37639]

(cherry picked from commit c2f8108123)
 2014-10-31 11:44:53 +11:00
Mark Andrews
1083f358ae 3995. [bug] receive_secure_serial holds the zone lock for too 
long. [RT #37626]

(cherry picked from commit 4e59131f18)
 2014-10-31 11:39:45 +11:00
Mark Andrews
ab7a781bc3 3989. [cleanup] Remove redundent dns_db_resigned calls. [RT #35748] 
(cherry picked from commit eb5243365c)
 2014-10-30 10:54:26 +11:00
Tinderbox User
bdab9fe78f update copyright notice 2014-10-21 23:45:51 +00:00
Francis Dupont
463a8fcc6b Handle VS14 incompatible changes [RT #37380] 2014-10-21 09:35:28 +02:00
Francis Dupont
fc9ddebdf5 Accept up to 256 byte PINs in native PKCS#11. [RT #37410] 2014-10-20 22:57:43 +02:00
Mark Andrews
9efce3c577 3981. [bug] Cache DS/NXDOMAIN independently of other query types. 
[RT #37467]

(cherry picked from commit 72775a79fe)
 2014-10-18 13:09:40 +11:00
Mark Andrews
fd3a59740b 3980. [bug] Improve --with-tuning=large by self tuning of SO_RCVBUF 
size. [RT #37187]

(cherry picked from commit 871f3c8bee)
 2014-10-18 12:41:29 +11:00
Evan Hunt
bc59dcd76e [v9_10] add diffie-hellman key unit test 
3978.	[test]		Added a unit test for Diffie-Hellman key
			computation, completing change #3974. [RT #37477]

(cherry picked from commit 188690149b)
 2014-10-17 15:57:49 -07:00
Evan Hunt
5c409ba290 [v9_10] correctly validate 5011 trust anchors 
3976.	[bug]		When refreshing managed-key trust anchors, clear
			any cached trust so that they will always be
			revalidated with the current set of secure
			roots. [RT #37506]

(cherry picked from commit eb6d61d5e0)
 2014-10-17 15:41:55 -07:00
Tinderbox User
b1514e0bf0 update copyright notice 2014-10-16 23:45:46 +00:00
Mark Andrews
47ff3b8567 initialize rdataset->private7 
(cherry picked from commit ca77632f65)
 2014-10-16 11:24:37 +11:00
Mark Andrews
dfb6462891 3974. [bug] handle DH_compute_key() failure correctly in 
openssldh_link.c. [RT #37477]

(cherry picked from commit 58a1051e92)
 2014-10-13 23:42:22 +11:00
Mark Andrews
1330879d70 silence compiler warning 
(cherry picked from commit bbec761a67)
 2014-10-08 17:48:06 +11:00
Tinderbox User
eb4bed2370 update copyright notice 2014-10-04 23:45:45 +00:00
Mark Andrews
74741bc952 3971. [bug] Reduce the cascasding failures due to a bad $TTL line 
in named-checkconf / named-checkzone. [RT #37138]

(cherry picked from commit c81d56c03e)
 2014-10-05 08:30:29 +11:00
Mark Andrews
9fe54596cc 3966. [bug] Missing dns_db_closeversion call in receive_secure_db. 
[RT #35746]

(cherry picked from commit 9c0589bc8b)
 2014-10-03 07:51:45 +10:00
Tinderbox User
d5a5ca7225 update copyright notice 2014-09-30 23:46:53 +00:00
Mark Andrews
a6869655d6 3961. [bug] Forwarding of SIG(0) signed UPDATE messages failed with 
BADSIG.  [RT #37216]
 2014-10-01 07:37:27 +10:00
Mark Andrews
520fddb75b 3959. [bug] Updates could be lost if they arrived immediately 
after a rndc thaw. [RT #37233]

(cherry picked from commit fa827173df)
 2014-10-01 06:59:55 +10:00
Tinderbox User
c16cf64ba5 update copyright notice 2014-09-29 23:45:52 +00:00
Mark Andrews
eeafb33f52 3958. [bug] Detect when writeable files have multiple references 
in named.conf. [RT #37172]

(cherry picked from commit 386d6c08167bc048dfd20e3bba051a5f9d3cc545)
 2014-09-29 10:51:14 +10:00
Mark Andrews
c85116cb56 3957. [bug] "dnssec-keygen -S" failed for ECCGOST, ECDSAP256SHA256 
and ECDSAP384SHA384. [RT #37183]

(cherry picked from commit 80169c379d)
 2014-09-29 10:19:52 +10:00
Tinderbox User
1c536f8e6f update copyright notice 2014-09-28 23:45:47 +00:00
Mark Andrews
b92f71d4fc don't redefine GEOIP_DATA 2014-09-29 09:32:59 +10:00
Mark Andrews
319659fc23 3955. [bug] Notify messages due to changes are no longer queued 
behind startup notify messages. [RT #24454]
 2014-09-29 09:32:22 +10:00
Tinderbox User
aba5aaeaa8 update copyright notice 2014-09-27 23:45:48 +00:00
Mark Andrews
1809c690e3 3953. [bug] Don't escape semi-colon in TXT fields. [RT #37159] 
(cherry picked from commit 9a36fb86f5)
 2014-09-27 12:14:47 +10:00
Mark Andrews
556259c4d3 3952. [bug] dns_name_fullcompare failed to set *nlabelsp when the 
two name pointers were the same. [RT #37176]

(cherry picked from commit a266ab205b)
 2014-09-27 11:44:59 +10:00
Evan Hunt
2d3bd3471d [v9_10] prep 9.10.1 2014-09-16 09:32:56 -07:00
Evan Hunt
bde3e46ba2 [v9_10] spelling 2014-09-15 18:20:20 -07:00
Mark Andrews
b38ca786e1 update named-checkzone manpage for SPF changes 2014-09-13 07:56:13 +10:00
Mark Andrews
af6a52437f 3948. [port] solaris: RCVBUFSIZE was too large on Solaris with 
--with-tuning=large. [RT #37059]

(cherry picked from commit 52131a8351)
 2014-09-09 09:43:39 +10:00
Tinderbox User
0253b39064 update copyright notice 2014-09-05 23:45:59 +00:00
Evan Hunt
2bb52b7c30 [v9_10] prep 9.10.1rc2 2014-09-05 10:35:42 -07:00
Evan Hunt
aa430f55f4 [v9_10] [rt36786] use INSTALL_PROGRAM for shared libs 
3947.	[cleanup]	Set the executable bit on libraries when using
			libtool. [RT #36786]

(cherry picked from commit f687e639f0)
 2014-09-05 10:24:54 -07:00
Mark Andrews
04df7dff0d 3945. [bug] Invalid wildcard expansions could be incorrectly 
accepted by the validator. [RT #37093]

(cherry picked from commit 2fa1fc5332)
 2014-09-05 12:11:49 +10:00
Tinderbox User
868bab4830 regen v9_10 2014-09-05 01:09:53 +00:00