ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
22,033 Commits 589 Branches 805 Tags
711e833921d3dd67df7515438e152bbfdb2c1249
Commit Graph

1734 Commits

Author SHA1 Message Date
Evan Hunt
711e833921 [v9_9] add max-recursion-queries 
also fixes and documentation for max-recursion-depth

(cherry picked from commit c4f54e5bd1)
(cherry picked from commit b3aa528d7e)
 2014-11-18 22:14:55 -08:00
Evan Hunt
603a0e2637 [v9_9] limit recursion depth and iterative queries 
4006.	[security]	A flaw in delegation handling could be exploited
			to put named into an infinite loop.  This has
			been addressed by placing limits on the number
			of levels of recursion named will allow (default 7),
			and the number of iterative queries that it will
			send (default 50) before terminating a recursive
			query (CVE-2014-8500).

			The recursion depth limit is configured via the
			"max-recursion-depth" option.  [RT #35780]
 2014-11-17 23:49:07 -08:00
Tinderbox User
aaa24cf075 update copyright notice 2014-09-30 23:47:13 +00:00
Mark Andrews
650404030c 3961. [bug] Forwarding of SIG(0) signed UPDATE messages failed with 
BADSIG.  [RT #37216]

(cherry picked from commit a6869655d6)
 2014-10-01 07:43:17 +10:00
Mark Andrews
13ffd78910 3908. [bug] rndc now differentiates between a zone in multiple 
views and a zone that doesn't exist at all. [RT #36691]

(cherry picked from commit c38341ec43)
 2014-08-02 15:09:03 +10:00
Mark Andrews
570effe386 3904. [func] Add the RPZ SOA to the additional section. [RT36507] 
(cherry picked from commit 3a55d43527)
 2014-07-31 10:53:33 +10:00
Tinderbox User
18ae2b1347 update copyright notice 2014-05-21 23:46:07 +00:00
Mark Andrews
a86bb63d99 3855. [bug] Limit smoothed round trip time aging to no more than 
once a second. [RT #32909]

(cherry picked from commit 0fe0789181)
 2014-05-21 11:09:56 +10:00
Mark Andrews
28f0e82bea 3838. [protocol] EDNS EXPIRE as been assigned a code point of 9. 2014-05-09 12:09:54 +10:00
Tinderbox User
853c451dc5 update copyright notice 2014-05-08 23:46:02 +00:00
Mark Andrews
2fd5f9a326 s/DNS_EDNSOPTIONS/DNS_EDNSOPTIONS/ 
(cherry picked from commit 801b958a5c)
 2014-05-08 11:43:45 +10:00
Mark Andrews
375dac22e4 define DNS_OPT_EDNSOPTIONS 
(cherry picked from commit 72ba6ba736)
 2014-05-08 11:39:56 +10:00
Tinderbox User
ed32138fe7 update copyright notice 2014-05-02 23:46:00 +00:00
Mark Andrews
b9d7857d16 3836. [bug] Address C++ keyword usage in header file. 
(cherry picked from commit dd820d8fd2)
 2014-05-02 11:36:12 +10:00
Tinderbox User
6ec060a1f9 update copyright notice 2014-04-29 23:46:03 +00:00
Evan Hunt
7939308755 [v9_9] SIT/max-cache-size flag collision 
3824.	[bug]		A collision between two flag values could cause
			problems with cache cleaning when SIT was enabled.
			[RT #35858]

(cherry picked from commit e01fbe2a45)
 2014-04-29 11:28:11 +10:00
Mark Andrews
34c6d20fe3 sort 
(cherry picked from commit 51af0a72ad)
 2014-04-08 10:44:01 +10:00
Mark Andrews
81697d5d7a order.h 
(cherry picked from commit c7bd423cec)
 2014-04-08 10:38:44 +10:00
Mark Andrews
7908a238dd 3802. [bug] Various header files were not being installed 
(cherry picked from commit 866606b9c7)
 2014-04-04 22:06:24 +11:00
Tinderbox User
ed05579879 update copyright notice 2014-03-27 23:45:30 +00:00
Mark Andrews
caf94c7fbe fix typo in comment 
(cherry picked from commit 6d5740075b)
 2014-03-27 18:22:06 +11:00
Tinderbox User
6e1a48501e update copyright notice 2014-02-07 23:45:57 +00:00
Evan Hunt
c2d3d0eda5 [v9_9] add no-case-compress 
3731.	[func]		Added a "no-case-compress" ACL, which causes
			named to use case-insensitive compression
			(disabling change #3645) for specified
			clients. (This is useful when dealing
			with broken client implementations that
			use case-sensitive name comparisons,
			rejecting responses that fail to match the
			capitalization of the query that was sent.)
			[RT #35300]

(cherry picked from commit 166341d554)
 2014-02-06 19:42:39 -08:00
Tinderbox User
f148939b08 update copyright notice 2014-01-30 23:45:43 +00:00
Mark Andrews
52f0c7ba83 3720. [bug] Address compiler warnings. [RT #35261] 
(cherry picked from commit 63add83a26)
 2014-01-30 10:33:52 +11:00
Tinderbox User
c5917963bc update copyright notice 2014-01-27 23:45:47 +00:00
Mark Andrews
736db05eb6 doxygen markup 
(cherry picked from commit bc28371004d70b17f0ca872da8bd84e70591eaf4)
 2014-01-28 09:13:06 +11:00
Tinderbox User
ba3a0473b5 update copyright notice 2014-01-13 23:45:42 +00:00
Evan Hunt
65510ca0d7 [v9_9] See ticket 35140 for details. 
Install some include files:

dns/client.h
dns/compress.h
dns/tsec.h
irs/resconf.h
irs/types.h
(I noticed these when building DHCP using installed BIND9.)

This was okayed during the 2014-01-02 BIND9 phone meeting.

(cherry picked from commit c55b7dce48)
 2014-01-13 15:18:29 -08:00
Tinderbox User
c75c9ee78e update copyright notice 2013-12-11 23:46:56 +00:00
Evan Hunt
2c73b0a857 [v9_9] dnssec-signzone -Q 
3686.	[func]		"dnssec-signzone -Q" drops signatures from keys
			that are still published but no longer active.
			[RT #34990]

(cherry picked from commit 0bbe3273a2)
 2013-12-11 13:25:44 -08:00
Mark Andrews
a0095a7c1a update copyrights 2013-12-05 15:13:01 +11:00
Mark Andrews
3b38a23089 3681. [port] Update the Windows build system to support feature 
selection and WIN64 builds.  This is a work in
                        progress. [RT #34160]

(cherry picked from commit c3c8823fed)

Conflicts:
	CHANGES
	bin/check/win32/checktool.dsp.in
	bin/dnssec/win32/dnssectool.dsp.in
	bin/dnssec/win32/importkey.dsp.in
	bin/dnssec/win32/importkey.mak.in
	bin/named/geoip.c
	bin/named/include/named/geoip.h
	bin/tools/win32/rrchecker.dsp.in
	bin/tools/win32/rrchecker.mak.in
	config.h.win32
	lib/dns/geoip.c
	lib/dns/master.c
	lib/dns/win32/libdns.dsp.in
	lib/dns/win32/libdns.mak.in
	lib/isc/mem.c
	lib/isc/stats.c
	lib/isc/win32/file.c
	lib/isc/win32/libisc.def.in
	lib/isc/win32/libisc.mak.in
	lib/isc/win32/stdio.c
	lib/isccc/cc.c
	win32utils/BuildAll.bat
	win32utils/BuildSetup.bat
	win32utils/legacy/BINDBuild.dsw.in
	win32utils/makeversion.pl
	win32utils/setpk11provider.pl
	win32utils/updatelibxml2.pl
	win32utils/win32-build.txt
 2013-12-04 13:48:45 +11:00
Tinderbox User
a960d3a679 update copyright notice 2013-11-13 23:45:54 +00:00
Evan Hunt
eaa4ead2bd [v9_9] allow setting local addr in dns_client 
3672.	[func]		Local address can now be specified when using
			dns_client API. [RT #34811]

(cherry picked from commit 0618287859)
 2013-11-13 10:57:50 -08:00
Mark Andrews
2e4548087a 3642. [func] Allow externally generated DNSKEY to be imported 
into the DNSKEY management framework.  A new tool
                        dnssec-importkey is used to this. [RT #34698]
 2013-11-13 12:54:37 +11:00
Tinderbox User
2db9d480e8 update copyright notice 2013-09-23 23:45:46 +00:00
Mark Andrews
f026660a4c silence clang warning 
(cherry picked from commit 9084a3e58f)
 2013-09-23 13:26:55 +10:00
Mark Andrews
6aef504a6a 3644. [protocol] Check that EDNS subnet client options are well formed. 
[RT #34718]

(cherry picked from commit 3ad8f24ddd)
 2013-09-18 11:03:59 +10:00
Tinderbox User
e7953a5eff update copyright notice 2013-09-17 23:45:47 +00:00
Mark Andrews
65d3b9a231 3639. [bug] Treat type 65533 (KEYDATA) as opaque except when used 
in a key zone. [RT #34238]

(cherry picked from commit d6f99498d6)
 2013-09-17 10:37:56 +10:00
Tinderbox User
d1fb83012b update copyright notice 2013-08-15 23:45:44 +00:00
Mark Andrews
cbc2132d2a 3632. [bug] Signature from newly inactive keys were not being 
removed.  [RT #32178]

(cherry picked from commit 7ace327795)
 2013-08-15 11:20:18 +10:00
Mark Andrews
dab73dfc86 3627. [bug] RPZ changes were not effective on slaves. [RT #34450] 
(cherry picked from commit 333f320a62d78e79fa54e7bcc389073a109618f7)
 2013-08-09 12:58:11 +10:00
Tinderbox User
00f7494211 update copyright notice 2013-06-08 23:45:45 +00:00
Evan Hunt
6260eef2be [v9_9] backport RRL to 9.9.x 
This incorporates the following changes, plus a new configure
option "--enable-rrl" to turn them on:

3575.	[func]		Changed the logging category for RRL events from
			'queries' to 'query-errors'. [RT #33540]

3554.	[bug]		RRL failed to correctly rate-limit upward
			referrals and failed to count dropped error
			responses in the statistics. [RT #33225]

3545.	[bug]		RRL slip behavior was incorrect when set to 1.
			[RT #33111]

3518.	[bug]		Increase the size of dns_rrl_key.s.rtype by one bit
			so that all dns_rrl_rtype_t enum values fit regardless
			of whether it is teated as signed or unsigned by
			the compiler. [RT #32792]

3494.	[func]		DNS RRL: Blunt the impact of DNS reflection and
			amplification attacks by rate-limiting substantially-
			identical responses. To enable, use "configure
			--enable-rrl". [RT #28130]
 2013-06-07 12:47:11 -07:00
Mark Andrews
7366376f57 3559. [func] Check that both forms of Sender Policy Framework 
records exist or do not exist. [RT #33355]
(cherry picked from commit 26bb3b7a67)
 2013-04-30 13:53:43 +10:00
Evan Hunt
62ebf6bbef [v9_9] address two more possible acache asserts 
3555.	[bug]		Address theoretical race conditions in acache.c
			(change #3553 was incomplete). [RT #33252]
(cherry picked from commit ff5ac6d421)
 2013-04-25 18:03:28 -07:00
Tinderbox User
c4d2f352d3 update copyright notice 2013-04-09 23:45:38 +00:00
Mark Andrews
f28461b6f5 3548. [bug] The NSID request code in resolver.c was broken 
resulting in invalid EDNS options being sent.
                        [RT #33153]
(cherry picked from commit 4adf97c32f)

Conflicts:
	lib/dns/include/dns/message.h
	lib/dns/message.c
(cherry picked from commit 6227ab7137)
 2013-04-08 16:48:36 +10:00