ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
23,923 Commits 589 Branches 805 Tags
4e4ccaffc366017a133c83828b57e8974889b5c3
Commit Graph

1854 Commits

Author SHA1 Message Date
Evan Hunt
8f6dc230d0 [v9_10] prep 9.10.4b3 2016-03-24 12:41:57 -07:00
Mark Andrews
4c981c3bf7 4341. [bug] 'rndc flushtree' could fail to clean the tree if there 
wasn't a node at the specified name. [RT #41846]

(cherry picked from commit 6214c3c93a)
 2016-03-24 11:32:52 +11:00
Tinderbox User
2a28287aa7 update copyright notice / whitespace 2016-03-22 23:45:30 +00:00
Evan Hunt
c82e4d2379 [v9_10] fix mkeys TTL 0 issue 
4337.	[bug]		The previous change exposed a latent flaw in
			key refresh queries for managed-keys when
			a cached DNSKEY had TTL 0. [RT #41986]
 2016-03-22 12:13:25 -07:00
Tinderbox User
48c13be6d9 update copyright notice / whitespace 2016-03-10 23:45:32 +00:00
Mark Andrews
9f8d166497 4330. [protocol] Identify the PAD option as "PAD" when printing out 
a message.

(cherry picked from commit 33a4294f44)
 2016-03-10 16:54:08 +11:00
Mark Andrews
13a95c3775 update copyrights 2016-03-08 16:20:10 +11:00
Mark Andrews
b8341f294c 4329. [func] Warn about a common misconfiguration when forwarding 
RFC 1918 zones. [RT #41441]
 2016-03-08 10:11:56 +11:00
Mukund Sivaraman
2a461f1348 Repack dns_rbtnode struct to gain some space (reduce packing holes) (#41854) 
(cherry picked from commit 8dbf9ceb8c)
 2016-03-07 16:16:32 +05:30
Tinderbox User
b66f98643d update copyright notice / whitespace 2016-01-14 23:45:45 +00:00
Evan Hunt
25da0107d1 [v9_10] added sockaddr.h 
4291.	[cleanup]	Added a required include to dns/forward.h. [RT #41474]

(cherry picked from commit b4ccec331d)
 2016-01-14 10:27:35 -08:00
Tinderbox User
c547a8836b update copyright notice / whitespace 2015-12-10 23:46:42 +00:00
Mukund Sivaraman
318158d66a Improve performance of RBT (#41165) 
(cherry picked from commit 5d79b60fc5)
 2015-12-10 22:52:52 +05:30
Mark Andrews
3a4c24c4a5 4260. [security] Insufficient testing when parsing a message allowed 
records with an incorrect class to be be accepted,
                        triggering a REQUIRE failure when those records
                        were subsequently cached. (CVE-2015-8000) [RT #4098]

(cherry picked from commit c8821d124c)
 2015-11-16 13:21:54 +11:00
Tinderbox User
a68111c6f9 update copyright notice / whitespace 2015-11-09 23:45:50 +00:00
Evan Hunt
fbf5b36b69 [v9_10] fix python script versions 
4257.	[cleanup]	Python scripts reported incorrect version. [RT #41080]
 2015-11-08 21:36:27 -08:00
Mark Andrews
e99165ed46 4191. [protocol] Accept DNS-SD non LDH PTR records in reverse zones 
as per RFC 6763. [RT #37889]

(cherry picked from commit 5855fd79e3)
 2015-08-25 14:46:35 +10:00
Mark Andrews
daec213a5c 4190. [protocol] Accept Active Diretory gc._msdcs.<forest> name as 
valid with check-names.  <forest> still needs to be
                        LDH. [RT #40399]

(cherry picked from commit dc3912f3ca)
 2015-08-22 15:28:09 +10:00
Tinderbox User
979d849b60 update copyright notice / whitespace 2015-08-07 23:45:57 +00:00
Evan Hunt
7163ce122d [v9_10] address buffer accounting error 
4168.	[security]	A buffer accounting error could trigger an
			assertion failure when parsing certain malformed
			DNSSEC keys. (CVE-2015-5722) [RT #40212]

(cherry picked from commit ce9f893e21)
 2015-08-07 13:23:03 -07:00
Mark Andrews
38df037565 badcookie has a offical code point of 23 
(cherry picked from commit 46e7fc51b8)
 2015-07-27 15:22:42 +10:00
Tinderbox User
dae3e8def6 update copyright notice / whitespace 2015-07-13 23:45:49 +00:00
Mark Andrews
d03dbac02e 4164. [bug] Don't rename slave files and journals on out of memory. 
[RT #40033]

4163.   [bug]           Address compiler warnings. [RT #40024]

(cherry picked from commit 3a49d0ff10)
 2015-07-13 09:48:42 +10:00
Tinderbox User
a704920204 update copyright notice / whitespace 2015-07-09 23:45:51 +00:00
Evan Hunt
83d0b1ab69 [v9_10] DDoS mitigation features 
3938.	[func]		Added quotas to be used in recursive resolvers
			that are under high query load for names in zones
			whose authoritative servers are nonresponsive or
			are experiencing a denial of service attack.

			- "fetches-per-server" limits the number of
			  simultaneous queries that can be sent to any
			  single authoritative server.  The configured
			  value is a starting point; it is automatically
			  adjusted downward if the server is partially or
			  completely non-responsive. The algorithm used to
			  adjust the quota can be configured via the
			  "fetch-quota-params" option.
			- "fetches-per-zone" limits the number of
			  simultaneous queries that can be sent for names
			  within a single domain.  (Note: Unlike
			  "fetches-per-server", this value is not
			  self-tuning.)
			- New stats counters have been added to count
			  queries spilled due to these quotas.

			These options are not available by default;
			use "configure --enable-fetchlimit" (or
			--enable-developer) to include them in the build.

			See the ARM for details of these options. [RT #37125]
 2015-07-08 22:55:31 -07:00
Mark Andrews
bb7971417a 4157. [protocol] Update experimental SIT code to use the EDNS COOKIE 
option code point (10).  This is the minimal change
                        required to use the new code point. [RT #39928]
 2015-07-07 15:43:04 +10:00
Mark Andrews
a9557c404e 4154. [bug] A OPT record should be included with the FORMERR 
response when there is a malformed EDNS option.
                        [RT #39647]

4153.   [bug]           Dig should zero non significant +subnet bits.  Check
                        that non significant ECS bits are zero on receipt.
                        [RT #39647]

(cherry picked from commit 3e33f4198d)
 2015-07-06 13:47:17 +10:00
Mukund Sivaraman
f69f188b90 Fix a bug printing zone names with '/' character in XML and JSON stats (#39873) 
(cherry picked from commit 08f0129732)

Conflicts:
	bin/tests/system/statistics/clean.sh
 2015-06-29 18:46:36 +05:30
Mukund Sivaraman
9f1888805b Propagate stale attribute when updating stats (#39141) 
Squashed commit of the following:

commit 9b5b9fa30fbeba8ee1e95cb1028017230ed4db02
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Apr 7 19:30:54 2015 +0530

    Remove double function prototypes

commit f3bb8cc60ae476eaa871ba10330b16425ced2d7c
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Apr 7 19:30:34 2015 +0530

    Unify several copies of redundant code into a helper function

commit 4899fb9b2f36fc5d159fa877c0780a442a7cbdb3
Author: Mukund Sivaraman <muks@isc.org>
Date:   Thu Apr 2 00:23:53 2015 +0530

    Propagate stale attribute when updating stats

(cherry picked from commit 59a9cb54c1)

Conflicts:
	CHANGES
 2015-06-10 16:10:44 +05:30
Evan Hunt
f89d03dc9e [v9_10] further RPZ fixes 
4131.	[bug]		Addressed further problems with reloading RPZ
			zones. [RT #39649]
 2015-06-03 18:19:19 -07:00
Tinderbox User
b3623d80ab update copyright notice / whitespace 2015-05-28 23:45:50 +00:00
Mark Andrews
d8161b8756 4127. [protocol] CDS and CDNSKEY need to be signed by the key signing 
key as per RFC 7344, Section 4.1. [RT #37215]

(cherry picked from commit 598b502695)
 2015-05-27 15:36:55 +10:00
Evan Hunt
a6a15bb069 [v9_10] address regression 
4126.	[bug]		Addressed a regression introduced in change #4121.
			[RT #39611]
 2015-05-26 19:11:54 -07:00
Tinderbox User
1b9f989cae update copyright notice / whitespace 2015-05-21 23:45:59 +00:00
Evan Hunt
433b64a548 [v9_10] ensure rpz summary consistence during AXFR updates 
4121.	[bug]		When updating a response-policy zone via AXFR,
			summary data about other policy zones could fall
			out of sync. Ultimately this could trigger an
			assertion failure in rpz.c. [RT #39567]

(cherry picked from commit 19365b43e9)
 2015-05-20 15:07:09 -07:00
Evan Hunt
04defaf799 [v9_10] address a possible policy update race 
4120.	[bug]		A bug in RPZ could cause the server to crash if
			policy zones were updated while recursion was
			pending for RPZ processing of an active query.
			[RT #39415]

(cherry picked from commit 7e6cf6fc6e)
 2015-05-19 15:56:40 -07:00
Tinderbox User
507c672843 update copyright notice / whitespace 2015-05-11 23:45:49 +00:00
Mark Andrews
cac0c38101 use dns_opcode_t 
(cherry picked from commit 844b568182)
 2015-05-11 12:17:39 +10:00
Tinderbox User
08ebb2c56c update copyright notice / whitespace 2015-04-28 23:45:51 +00:00
Mark Andrews
2865753e29 4110. [bug] Address memory leaks / null pointer dereferences 
on out of memory. [RT #39310]

(cherry picked from commit b292230ab8)
 2015-04-29 03:18:04 +10:00
Tinderbox User
84a8cba55a update copyright notice / whitespace 2015-03-04 23:45:48 +00:00
Mark Andrews
b07543b521 4082. [bug] Incrementally sign large inline zone deltas. 
[RT #37927]

(cherry picked from commit 1b05d22789)
 2015-03-05 10:05:39 +11:00
Tinderbox User
332ca2a157 update copyright notice / whitespace 2015-02-26 23:45:49 +00:00
Evan Hunt
62fd632bcb [v9_10] fix LOADPENDING issues 
4063.	[bug]		Asynchronous zone loads were not handled
			correctly when the zone load was already in
			progress; this could trigger a crash in zt.c.
			[RT #37573]

(cherry picked from commit 7acc2f2156)
 2015-02-25 16:11:10 -08:00
Tinderbox User
3817256ab9 update copyright notice / whitespace 2015-01-20 23:47:01 +00:00
Mark Andrews
f9ef9ca233 4038. [bug] Add 'rpz' flag to node and use it to determine whether 
to call dns_rpz_delete.  This should prevent unbalanced
                        add / delete calls. [RT #36888

(cherry picked from commit cc0a48a381)
 2015-01-20 16:58:15 +11:00
Mark Andrews
b99cdea866 4015. [bug] Nameservers that are skipped due to them being 
CNAMEs were not being logged. They are now logged
                        to category 'cname' as per BIND 8. [RT #37935]

(cherry picked from commit ea3aa401bc)
 2014-12-03 11:42:16 +11:00
Mark Andrews
dc6882addd 4010. [cleanup] Clear the prefetchable state when initiating a prefetch. 
[RT #37399]

(cherry picked from commit 092d3b76db)
 2014-11-24 11:20:20 +11:00
Evan Hunt
6c049c57d9 [v9_10] refactor max-recursion-queries 
- the counters weren't set correctly when fetches timed out.
  instead we now pass down a counter object.

(cherry picked from commit 05e448935c)
 2014-11-19 18:26:46 -08:00
Evan Hunt
b3aa528d7e [v9_10] add max-recursion-queries 
also fixes and documentation for max-recursion-depth

(cherry picked from commit c4f54e5bd1)
 2014-11-18 22:13:13 -08:00