ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
22,868 Commits 589 Branches 805 Tags
66a5cde2503c8eb7017301efd0ba83d60a5af644
Commit Graph

6801 Commits

Author SHA1 Message Date
Francis Dupont
66a5cde250 update OpenSSL 0.9.8 patch 2015-01-02 15:00:48 +01:00
Mark Andrews
d4b074a858 4027. [port] Net::DNS 0.81 compatibility. [RT #38165 
(cherry picked from commit 511ec77fca)
 2014-12-23 08:38:14 +11:00
Mark Andrews
268e481090 4026. [bug] Fix RFC 3658 reference in dig +sigchase. [RT #38173] 
(cherry picked from commit 44032d3918)
 2014-12-22 09:40:40 +11:00
Evan Hunt
b0e9108311 [v9_10] adjust max-recursion-queries 
4021.	[bug]		Adjust max-recursion-queries to accommodate
			the need for more queries when the cache is
			empty. [RT #38104]

(cherry picked from commit be7fba8019)
 2014-12-15 22:28:26 -08:00
Mark Andrews
110aa8ce81 adjust comment 
(cherry picked from commit 8ee3233acd)
 2014-12-09 07:41:39 +11:00
Evan Hunt
3c4dda4f1a [v9_10] Clean up after reclimit system test 2014-12-08 08:52:49 -08:00
Tinderbox User
992ed2cb60 update copyright notice / whitespace 2014-12-05 23:45:49 +00:00
Mark Andrews
cff6ae17e8 skip subtest if cryptography not compiled in 2014-12-06 00:49:11 +11:00
Mark Andrews
cb41aeedd9 4020. [bug] Change 3736 broke nsupdate's SOA MNAME discovery 
resulting in updates being sent to the wrong server.
                        [RT #37925]

(cherry picked from commit 03fd9cb81c)
 2014-12-05 18:26:57 +11:00
Mark Andrews
ac9781c7cd 4019. [func] If named is not configured to validate the answer 
then allow fallback to plain DNS on timeout even
                        when we know the server supports EDNS. [RT #37978]
 2014-12-05 18:04:26 +11:00
Mark Andrews
199e906b00 clean up intermediates 2014-12-05 08:28:26 +11:00
Mark Andrews
32343ff6cc pre-sign the zones 2014-12-05 07:29:01 +11:00
Tinderbox User
5617f6b539 update copyright notice / whitespace 2014-12-03 23:45:52 +00:00
Mark Andrews
e5d902504f 4017. [testing] Add system test to check lookups to legacy servers 
with broken DNS behaviour. [RT #37965]
 2014-12-04 07:05:18 +11:00
Mukund Sivaraman
2d33a22970 Fix a dig segfault due to bad linked list usage [RT #37591] 
The crash (#37591) seems to happen because the query is taken out of
lookup->q(query->link), and put on lookup->connecting(query->clink).
The code checks query->link where it is detached (-1 in next pointer).
However, there's no need to call send_tcp_connect() there as the queries
are already connecting at that point.

(cherry picked from commit c5e9423340)
 2014-12-03 16:33:43 +05:30
Mark Andrews
b99cdea866 4015. [bug] Nameservers that are skipped due to them being 
CNAMEs were not being logged. They are now logged
                        to category 'cname' as per BIND 8. [RT #37935]

(cherry picked from commit ea3aa401bc)
 2014-12-03 11:42:16 +11:00
Tinderbox User
0d310e1695 update copyright notice / whitespace 2014-12-02 23:45:48 +00:00
Mark Andrews
d821a83c51 4014. [bug] When including a master file origin_changed was 
not being properly set leading to a potentially
                        spurious 'inherited owner' warning. [RT #37919]

(cherry picked from commit 6444de08d1)
 2014-12-03 09:45:06 +11:00
Evan Hunt
4cff4b31ef [v9_10] remove obsolete 'relay' test 2014-12-02 13:57:58 -08:00
Mark Andrews
a06d773309 unchecked putnull 2014-11-25 15:24:38 +11:00
Tinderbox User
59aa4616e2 update copyright notice / whitespace 2014-11-24 23:53:24 +00:00
Mark Andrews
93e7c290d5 extend the permissible number of queries to 25 from 24 
(cherry picked from commit 7301df07cf)
 2014-11-25 08:38:20 +11:00
Mark Andrews
12326926c5 4011. [bug] master's list port and dscp inheritance was not 
properly implemented. [RT #37792]

(cherry picked from commit d040fa2f1c)
 2014-11-24 11:40:51 +11:00
Mark Andrews
dc6882addd 4010. [cleanup] Clear the prefetchable state when initiating a prefetch. 
[RT #37399]

(cherry picked from commit 092d3b76db)
 2014-11-24 11:20:20 +11:00
Tinderbox User
c12efe0d96 update copyright notice / whitespace 2014-11-20 23:45:53 +00:00
Evan Hunt
6c049c57d9 [v9_10] refactor max-recursion-queries 
- the counters weren't set correctly when fetches timed out.
  instead we now pass down a counter object.

(cherry picked from commit 05e448935c)
 2014-11-19 18:26:46 -08:00
Tinderbox User
13fc7dc7dc update copyright notice / whitespace 2014-11-19 23:45:49 +00:00
Evan Hunt
3ba04bb8a0 [v9_10] fix reclimit test (remove servfail-ttl) 2014-11-19 00:18:20 -08:00
Evan Hunt
b3aa528d7e [v9_10] add max-recursion-queries 
also fixes and documentation for max-recursion-depth

(cherry picked from commit c4f54e5bd1)
 2014-11-18 22:13:13 -08:00
Tinderbox User
ff68ed6890 update copyright notice / whitespace 2014-11-18 23:45:49 +00:00
Evan Hunt
6fd51d5088 [v9_10] limit recursion depth and iterative queries 
4006.	[security]	A flaw in delegation handling could be exploited
			to put named into an infinite loop.  This has
			been addressed by placing limits on the number
			of levels of recursion named will allow (default 7),
			and the number of iterative queries that it will
			send (default 50) before terminating a recursive
			query (CVE-2014-8500).

			The recursion depth limit is configured via the
			"max-recursion-depth" option.  [RT #35780]
 2014-11-17 23:48:20 -08:00
Mark Andrews
45174975bc check returns from putstr and putnull 
(cherry picked from commit 18fa89b01e)
 2014-11-18 13:00:55 +11:00
Tinderbox User
6ff0c711ba update copyright notice 2014-11-17 23:45:44 +00:00
Evan Hunt
8b7a37a594 [v9_10] geoip security fixes 
4003.	[security]	When geoip-directory was reconfigured during
			named run-time, the previously loaded GeoIP
			data could remain, potentially causing wrong
			ACLs to be used or wrong results to be served
			based on geolocation. [RT #37720]

4002.	[security]	Lookups in GeoIP databases that were not
			loaded could cause an assertion failure.
			[RT #37679]

4001.	[security]	The caching of GeoIP lookups did not always
			handle address families correctly, potentially
			resulting in an assertion failure. [RT #37672]
 2014-11-16 08:39:47 -08:00
Evan Hunt
96b6923a25 [v9_10] reference leak with AAAA glue but not A 
4004.	[bug]		When delegations had AAAA glue but not A, a
			reference could be leaked causing an assertion
			failure on shutdown. [RT #37796]

(cherry picked from commit c4abb19716)
 2014-11-14 09:04:44 -08:00
Evan Hunt
5ffe6452e1 [v9_10] s/memcpy/memmove/ 2014-11-06 13:02:40 -08:00
Tinderbox User
9c65091de4 update copyright notice 2014-11-05 23:45:45 +00:00
Evan Hunt
56293cd148 [v9_10] fix nxrrset in nxdomain redirection 
4000.	[bug]		NXDOMAIN redirection incorrectly handled NXRRSET
			from the redirect zone. [RT #37722]

(cherry picked from commit 3cc8c7d630)
 2014-11-04 23:53:54 -08:00
Mark Andrews
73b7afc3b6 3997. [protocol] Add OPENGPGKEY record. [RT# 37671] 2014-11-04 12:24:56 +11:00
Mark Andrews
a1675b15dc 3990. [testing] Add tests for unknown DNSSEC algorithm handling. 
[RT #37541]

(cherry picked from commit a5c7cfbac4)
 2014-10-30 11:21:38 +11:00
Tinderbox User
824e85b003 regen v9_10 2014-10-21 01:08:54 +00:00
Tinderbox User
c21f76a85e update copyright notice 2014-10-20 23:45:55 +00:00
Mark Andrews
63d44ef7d2 3985. [doc] Describe how +ndots and +search interact in dig. 
[RT #37529]

(cherry picked from commit 40b28f5402)
 2014-10-21 08:06:46 +11:00
Mark Andrews
9efce3c577 3981. [bug] Cache DS/NXDOMAIN independently of other query types. 
[RT #37467]

(cherry picked from commit 72775a79fe)
 2014-10-18 13:09:40 +11:00
Mark Andrews
27231c6877 allow for the set of ttls to be empty 
(cherry picked from commit 44ef2206d7)
 2014-10-16 14:47:02 +11:00
Mark Andrews
bd5d920bd5 make test more robust in the face of server failures 2014-10-16 12:34:29 +11:00
Evan Hunt
835ec62f82 [v9_10] add redirect zone to checkconf -z test 2014-10-09 18:30:50 -07:00
Mark Andrews
5d0183a773 3972. [bug] Fix host's usage statement. [RT #37397] 
(cherry picked from commit c12c746e3a)
 2014-10-07 01:10:05 +11:00
Mark Andrews
74741bc952 3971. [bug] Reduce the cascasding failures due to a bad $TTL line 
in named-checkconf / named-checkzone. [RT #37138]

(cherry picked from commit c81d56c03e)
 2014-10-05 08:30:29 +11:00
Mark Andrews
4c12b6709a verifying inline zones work with views requires crypto to be configured 2014-10-04 18:06:25 +10:00