ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
24,184 Commits 589 Branches 805 Tags
455c0848f80a8acda27aad1466c72987cafaa029
Commit Graph

125 Commits

Author SHA1 Message Date
Mark Andrews
455c0848f8 4322. [security] Duplicate EDNS COOKIE options in a response could 
trigger an assertion failure. (CVE-2016-2088)
                        [RT #41809]
 2016-02-27 11:23:50 +11:00
Mukund Sivaraman
5995fec51c Fix resolver assertion failure due to improper DNAME handling (CVE-2016-1286) (#41753) 2016-02-22 12:22:43 +05:30
Mark Andrews
a2b15b3305 4318. [security] Malformed control messages can trigger assertions 
in named and rndc. (CVE-2016-1285) [RT #41666]
 2016-02-18 12:11:27 +11:00
Evan Hunt
b5c22260e5 [master] remove reporter's name per his request 2016-01-29 10:35:14 -08:00
Evan Hunt
630b2d0c5a [master] NOSETFC incorrectly applied 
4300.	[bug]		A flag could be set in the wrong field when setting
			up nonrecursive queries; this could cause the
			SERVFAIL cache to cache responses it shouldn't.
			New querytrace logging has been added which
			identified this error. [RT #41155]
 2016-01-22 13:58:11 -08:00
Evan Hunt
bb5d14d724 [master] millisecond granularity for statschannel timers 
4290.	[func]		The timers returned by the statistics channel
			(indicating current time, server boot time, and
			most recent reconfiguration time) are now reported
			with millisecond accuracy. [RT #40082]
 2016-01-07 15:34:58 -08:00
Evan Hunt
455b99ed92 [master] fix ticket number 2016-01-05 09:08:49 -08:00
Evan Hunt
c8b968f414 [master] fix use after free on xfr timeout 
4289.	[bug]		The server could crash due to memory being used
			after it was freed if a zone transfer timed out.
			[RT #41297]
 2016-01-04 22:05:23 -08:00
Evan Hunt
aadca3f7d0 [master] Merge branch 'master' of ssh://repo/proj/git/prod/bind9 2016-01-04 16:09:40 -08:00
Evan Hunt
41494939b6 [master] fixed bogus server regression 
4288.	[bug]		Fixed a regression in resolver.c:possibly_mark()
			which caused known-bogus servers to be queried
			anyway. [RT #41321]
 2016-01-04 15:47:16 -08:00
Tinderbox User
e1836d1fe4 update copyright notice / whitespace 2016-01-04 23:45:26 +00:00
Evan Hunt
43176d82c8 [master] clean up notes 2016-01-03 21:22:00 -08:00
Mark Andrews
292eb9c4e4 4286. [security] render_ecs errors were mishandled when printing out 
a OPT record resulting in a assertion failure.
                        (CVE-2015-8705) [RT #41397]

(cherry picked from commit 3e0c1603a8)
 2015-12-31 22:19:46 +11:00
Mark Andrews
9c52f43036 remove period 2015-12-31 14:35:06 +11:00
Mark Andrews
1b3d211802 4285. [security] Specific APL data could trigger a INSIST. 
(CVE-2015-8704) [RT #41396]
 2015-12-31 13:43:21 +11:00
Evan Hunt
fbed5f0f44 [master] fix geoip options 
4284.	[bug]		Some GeoIP options were incorrectly documented
			using abbreviated forms which were not accepted by
			named.  The code has been updated to allow both
			long and abbreviated forms. [RT #41381]
 2015-12-26 10:50:32 -08:00
Mark Andrews
8beb9bf514 add dig +mapped 2015-12-19 09:51:53 +11:00
Mukund Sivaraman
6960e7fd12 Update notes.xml for #40996 2015-12-15 18:06:13 +05:30
Evan Hunt
4071efbec0 [master] disallow map zones in response-policy 
4269.	[bug]		Zones using "map" format master files currently
			don't work as policy zones.  This limitation has
			now been documented; attempting to use such zones
			in "response-policy" statements is now a
			configuration error.  [RT #38321]
 2015-12-02 21:10:09 -08:00
Mark Andrews
7bde79b32a update description 2015-12-03 15:42:58 +11:00
Mark Andrews
ff2f98076c Add CVE-2015-8461 2015-12-03 15:31:28 +11:00
Mark Andrews
cbc660172d spelling 2015-11-20 14:55:20 +11:00
Mark Andrews
b57276f89e note the address changes for H.ROOT-SERVERS.NET 2015-11-18 11:08:50 +11:00
Evan Hunt
63042d5b57 [master] typo 2015-11-16 18:21:17 -08:00
Mark Andrews
c8821d124c 4260. [security] Insufficient testing when parsing a message allowed 
records with an incorrect class to be be accepted,
                        triggering a REQUIRE failure when those records
                        were subsequently cached. (CVE-2015-8000) [RT #4098]
 2015-11-16 13:12:20 +11:00
Mukund Sivaraman
8012e06abf Update notes.xml for #40498 2015-11-11 13:51:55 +05:30
Witold Krecicki
bfd4b9e11a 4255. [func] Add 'message-compression' option to disable DNS compression in responses. [RT #40726] 2015-11-05 12:19:04 +01:00
Evan Hunt
6b8519147a [master] NTAs did not survive reoad/reconfig 
4251.	[bug]		NTAs were deleted when the server was reconfigured
			or reloaded. [RT #41058]
 2015-11-04 10:34:28 -08:00
Mark Andrews
30eec077db cleanup trailing white space in SGML like files 2015-10-22 16:09:46 +11:00
Evan Hunt
90174e64f4 [master] shorten default servfail-ttl 
4239.	[func]		Changed default servfail-ttl value to 1 second from 10.
			Also, the maximum value is now 30 instead of 300. [RT #37556]
 2015-10-17 13:44:01 -07:00
Tinderbox User
19c7b1a029 update copyright notice / whitespace 2015-10-06 23:45:23 +00:00
Evan Hunt
14a656f94b [master] upgrade doc toolchain 
4237.	[doc]		Upgraded documentation toolchain to use DocBook 5
			and dblatex. [RT #40766]
 2015-10-05 21:59:35 -07:00
Mukund Sivaraman
56ebb560a1 Fix notes and CHANGES for #40761 2015-10-06 05:44:53 +05:30
Mukund Sivaraman
9260c1157d Update CHANGES and notes.xml for #40761 2015-10-03 07:11:12 +05:30
Mukund Sivaraman
930719e876 Update the default value for number of UDP listeners (#40761) 2015-10-03 07:08:55 +05:30
Evan Hunt
b66b333f59 [master] dnstap 
4235.	[func]		Added support in named for "dnstap", a fast method of
			capturing and logging DNS traffic, and a new command
			"dnstap-read" to read a dnstap log file.  Use
			"configure --enable-dnstap" to enable this
			feature (note that this requires libprotobuf-c
			and libfstrm). See the ARM for configuration details.

			Thanks to Robert Edmonds of Farsight Security.
			[RT #40211]
 2015-10-02 12:32:42 -07:00
Evan Hunt
a00f9e2f50 [master] merge dyndb 
4224.	[func]		Added support for "dyndb", a new interface for loading
			zone data from an external database, developed by
			Red Hat for the FreeIPA project.

			DynDB drivers fully implement the BIND database
			API, and are capable of significantly better
			performance and functionality than DLZ drivers,
			while taking advantage of advanced database
			features not available in BIND such as multi-master
			replication.

			Thanks to Adam Tkac and Petr Spacek of Red Hat.
			[RT #35271]
 2015-09-28 23:12:35 -07:00
Mark Andrews
f6e45a5c54 4217. [protocol] Add support for CSYNC. [RT #40532] 2015-09-18 23:45:12 +10:00
Mark Andrews
e0a30050c8 4214. [protocol] Add support for TALINK. [RT #40544] 2015-09-18 07:43:43 +10:00
Mark Andrews
5a49f61ca9 4199. [protocol] Add support for NINFO, RKEY, SINK, TA. 
[RT #40545] [RT #40547] [RT #40561] [RT #40563]
 2015-09-11 17:35:01 +10:00
Mark Andrews
a0ef8211d3 4201. [func] The default preferred-glue is now the address record 
type of the transport the query was received
                        over.  [RT #40468]
 2015-09-11 13:27:58 +10:00
Mark Andrews
3fa134363f 4200. [cleanup] win32: update BINDinstall to be BIND release 
independent. [RT #38915]
 2015-09-11 12:25:39 +10:00
Mark Andrews
3dd63ba00f 4199. [protocol] Add support for NINFO, RKEY, TA. 
[RT #40545] [RT #40547] [RT #40563]
 2015-09-10 17:58:29 +10:00
Mark Andrews
63874956de 4199. [protocol] Add support for NINFO, RKEY. [RT #40547] [RT #40563] 2015-09-10 17:07:05 +10:00
Mark Andrews
8b29fc0b7a 4199. [protocol] Add support for RKEY. [RT #40563] 2015-09-10 14:50:20 +10:00
Evan Hunt
4c9ead8b9f [master] fix incorrect bug ID 2015-08-27 10:22:46 -07:00
Tinderbox User
310f88d008 [master] fix the o umlaut for HTML and TXT too 2015-08-15 02:55:15 +00:00
Evan Hunt
afc3103851 [master] add CVE number 2015-08-13 15:30:49 -07:00
Tinderbox User
a73d9c0b4d support umlaut 'o' 2015-08-13 19:42:19 +00:00
Evan Hunt
9716b6a5d6 [master] xml doesn't define ö 2015-08-12 18:16:04 -07:00