ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
23,262 Commits 589 Branches 805 Tags
720300d50fa1994a05a23d755528befeeeaa79ce
Commit Graph

4836 Commits

Author SHA1 Message Date
Tinderbox User
877ef1db24 regen v9_10 2015-07-11 01:10:45 +00:00
Tinderbox User
1abf201343 regen v9_10 2015-07-10 01:08:50 +00:00
Evan Hunt
83d0b1ab69 [v9_10] DDoS mitigation features 
3938.	[func]		Added quotas to be used in recursive resolvers
			that are under high query load for names in zones
			whose authoritative servers are nonresponsive or
			are experiencing a denial of service attack.

			- "fetches-per-server" limits the number of
			  simultaneous queries that can be sent to any
			  single authoritative server.  The configured
			  value is a starting point; it is automatically
			  adjusted downward if the server is partially or
			  completely non-responsive. The algorithm used to
			  adjust the quota can be configured via the
			  "fetch-quota-params" option.
			- "fetches-per-zone" limits the number of
			  simultaneous queries that can be sent for names
			  within a single domain.  (Note: Unlike
			  "fetches-per-server", this value is not
			  self-tuning.)
			- New stats counters have been added to count
			  queries spilled due to these quotas.

			These options are not available by default;
			use "configure --enable-fetchlimit" (or
			--enable-developer) to include them in the build.

			See the ARM for details of these options. [RT #37125]
 2015-07-08 22:55:31 -07:00
Tinderbox User
4b6accc40b regen v9_10 2015-07-08 01:08:43 +00:00
Mark Andrews
bb7971417a 4157. [protocol] Update experimental SIT code to use the EDNS COOKIE 
option code point (10).  This is the minimal change
                        required to use the new code point. [RT #39928]
 2015-07-07 15:43:04 +10:00
Tinderbox User
42792e6b2a regen v9_10 2015-06-25 01:08:51 +00:00
Mark Andrews
be4b9178f0 4143. [bug] serial-query-rate was not effective for notify. 
[RT #39858]
 2015-06-24 20:54:56 +10:00
Tinderbox User
c024374dd3 regen v9_10 2015-06-20 01:11:19 +00:00
Witold Krecicki
2e02ab4e50 fix rpz-client-ip documentation [RT #39783] 2015-06-19 10:26:04 +02:00
Tinderbox User
73f14fb2bc regen v9_10 2015-06-19 01:09:14 +00:00
Mukund Sivaraman
f38cbc4cc9 Add comma 
(cherry picked from commit f4d1c19691)
 2015-06-17 12:26:14 +05:30
Mark Andrews
48f85bd5a2 add release notes for CVE-2015-4620 
(cherry picked from commit 572e95f52a)
 2015-06-17 11:20:44 +10:00
Tinderbox User
6b3a82832c regen v9_10 2015-06-06 01:12:12 +00:00
Tinderbox User
889f1723d0 Merge branch 'v9_10' of ssh://repo.isc.org/proj/git/prod/bind9 into v9_10 2015-06-06 01:07:33 +00:00
Mark Andrews
1f0e687cfa update rpz doc as per rt39703 
(cherry picked from commit 94f7158d44)
 2015-06-05 11:14:38 +10:00
Tinderbox User
3851d4137f regen v9_10 2015-06-05 01:08:54 +00:00
Evan Hunt
f89d03dc9e [v9_10] further RPZ fixes 
4131.	[bug]		Addressed further problems with reloading RPZ
			zones. [RT #39649]
 2015-06-03 18:19:19 -07:00
Tinderbox User
2ce9b9310a regen v9_10 2015-05-29 01:08:42 +00:00
Tinderbox User
b3623d80ab update copyright notice / whitespace 2015-05-28 23:45:50 +00:00
Tinderbox User
1d6dbadbc4 regen v9_10 2015-05-28 01:08:38 +00:00
Mark Andrews
d8161b8756 4127. [protocol] CDS and CDNSKEY need to be signed by the key signing 
key as per RFC 7344, Section 4.1. [RT #37215]

(cherry picked from commit 598b502695)
 2015-05-27 15:36:55 +10:00
Tinderbox User
5fd8115e3f regen v9_10 2015-05-23 01:09:48 +00:00
Evan Hunt
1f71e84ce5 [v9_10] fix tags 2015-05-21 14:29:28 -07:00
Mukund Sivaraman
5470ba8d2b Update notes.xml and CHANGES for #39567 
(cherry picked from commit 72a1c3f1a7)
 2015-05-21 21:46:31 +05:30
Mukund Sivaraman
765bcb44ac Fix RPZ radix tree search() for CLIENT-IP triggers (#39481) 
(cherry picked from commit 705cea35a8)
 2015-05-21 11:17:58 +05:30
Mark Andrews
7338f45a04 Merge branch 'rt39585' into v9_10 2015-05-21 12:24:40 +10:00
Mark Andrews
105720bad6 3993. [func] Dig now supports EDNS negotiation by default. 
(dig +[no]ednsnegotiation). [RT #37604]

(cherry picked from commit 0f5144163c)
 2015-05-21 11:45:56 +10:00
Tinderbox User
582d2b0daa regen v9_10 2015-05-21 01:08:25 +00:00
Evan Hunt
433b64a548 [v9_10] ensure rpz summary consistence during AXFR updates 
4121.	[bug]		When updating a response-policy zone via AXFR,
			summary data about other policy zones could fall
			out of sync. Ultimately this could trigger an
			assertion failure in rpz.c. [RT #39567]

(cherry picked from commit 19365b43e9)
 2015-05-20 15:07:09 -07:00
Tinderbox User
a3591ab901 regen v9_10 2015-05-20 01:08:36 +00:00
Evan Hunt
04defaf799 [v9_10] address a possible policy update race 
4120.	[bug]		A bug in RPZ could cause the server to crash if
			policy zones were updated while recursion was
			pending for RPZ processing of an active query.
			[RT #39415]

(cherry picked from commit 7e6cf6fc6e)
 2015-05-19 15:56:40 -07:00
Mark Andrews
617a2024bd 4117. [protocol] Add EMPTY.AS112.ARPA as per RFC 7534. 
(cherry picked from commit 8f20f6c9d7)
 2015-05-15 08:23:20 +10:00
Tinderbox User
ee3b68f05c regen v9_10 2015-05-08 01:08:55 +00:00
Mukund Sivaraman
5cbd509a3d Fix a bug in RPZ that could cause unwanted recursion (#39229) 
Conflicts:
	doc/arm/notes.xml

(cherry picked from commit b947e1a521)

Conflicts:
	CHANGES
	bin/tests/system/conf.sh.in
 2015-05-07 08:36:49 +05:30
Tinderbox User
68db6e5fd2 regen v9_10 2015-05-05 01:09:02 +00:00
Tinderbox User
f65fd2aad1 regen v9_10 2015-04-25 01:11:07 +00:00
Mark Andrews
5c2f43d008 4109. [port] linux: support reading the local port range from 
net.ipv4.ip_local_port_range. [RT # 39379]
 2015-04-25 08:27:21 +10:00
Tinderbox User
c09508cf70 regen v9_10 2015-04-16 01:08:45 +00:00
Evan Hunt
094d578993 [v9_10] fix +split and +rrcomments with dig +short 
4101.	[bug]		dig: the +split and +rrcomments options didn't
			work with +short. [RT #39291]
 2015-04-15 10:01:41 -07:00
Tinderbox User
abd1513c63 regen v9_10 2015-04-09 01:08:56 +00:00
Evan Hunt
289ff24e2d [v9_10] hold a reference on fetch context during query 
4094.	[bug]		A race during shutdown or reconfiguration could
			cause an assertion in mem.c. [RT #38979]

(cherry picked from commit 2cfe85e6ee33ec97102b6e2e80c86f827bba8594)
 2015-04-08 14:34:10 -07:00
Tinderbox User
5058bdb645 regen v9_10 2015-04-08 01:09:02 +00:00
Evan Hunt
1c13a150ed [v9_10] dig can now learn the SIT value when retrying 
4093.	[func]		Dig now learns the SIT value from truncated
			responses when it retries over TCP. [RT #39047]
 2015-04-06 23:18:27 -07:00
Mark Andrews
3dbd0b7da5 4092. [bug] 'in-view' didn't work for zones beneath a empty zone. 
[RT #39173]

(cherry picked from commit febb020dce)
 2015-04-07 13:22:20 +10:00
Tinderbox User
306c1eb38d regen v9_10 2015-04-07 01:08:54 +00:00
Evan Hunt
0b6dfb95ee [v9_10] minor doc fixes 2015-04-06 13:48:48 -07:00
Tinderbox User
0a775763af sync 2015-04-03 01:04:58 +00:00
Tinderbox User
327ff9a0a4 regen v9_10 2015-03-11 01:08:28 +00:00
Mark Andrews
5e8cc6e868 Add warning about configuration inheritence with in-view 
(cherry picked from commit 7b52254bf3)
 2015-03-11 10:43:34 +11:00
Tinderbox User
b538882cb3 regen v9_10 2015-03-05 01:08:21 +00:00