ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
25,536 Commits 589 Branches 805 Tags
77db93e68cfacd490aee67680db00ce4c3ab47cb
Commit Graph

212 Commits

Author SHA1 Message Date
Evan Hunt
f592d2f76c [v9_11] further restrict update-policy local 
4762.	[func]		"update-policy local" is now restricted to updates
                from local addresses. (Previously, other addresses
                were allowed so long as updates were signed by the
                local session key.) [RT #45492]
 2017-10-06 15:43:18 -07:00
Mark Andrews
2732d4922c 4754. [bug] dns_zone_setview needs a two stage commit to properly 
handle errors. [RT #45841]
 2017-10-05 13:41:49 +11:00
Evan Hunt
73b52dd1f0 [v9_11] fix tag 2017-10-04 18:44:26 -07:00
Evan Hunt
d5bd8bb71a [v9_11] de-DLV 
4749.	[func]		The ISC DLV service has been shut down, and all
			DLV records have been removed from dlv.isc.org.
			- Removed references to ISC DLV in documentation
			- Removed DLV key from bind.keys
			- No longer use ISC DLV by default in delv
			[RT #46155]
 2017-10-03 00:43:19 -07:00
Mark Andrews
a64daf673d 4688. [protocol] Check and display EDNS KEY TAG options (RFC 8145) in 
messages. [RT #44804]

(cherry picked from commit 07741d43c8)
 2017-08-25 08:47:19 +10:00
Evan Hunt
1073e2001c [v9_11] revise CHANGES note and add release note 2017-07-31 10:36:00 -07:00
Evan Hunt
d4098be27b [v9_11] update relnotes to mention termination of windows XP support 2017-07-15 13:56:54 -07:00
Evan Hunt
3ba9f5804c [v9_11] add a release note for TSIG regression 2017-07-14 14:52:29 -07:00
Mark Andrews
e55c767c89 note change in AD setting on some truncated answers 
(cherry picked from commit 56d8312a48)
 2017-07-11 13:29:33 +10:00
Mark Andrews
66afb7c86a add note about .local 
(cherry picked from commit 9987992232)
 2017-07-11 12:45:02 +10:00
Evan Hunt
a03f4b1ea4 [v9_11] address TSIG bypass/forgery vulnerabilities 
4643.	[security]	An error in TSIG handling could permit unauthorized
			zone transfers or zone updates. (CVE-2017-3142)
			(CVE-2017-3143) [RT #45383]

(cherry picked from commit 581c1526ab)
 2017-06-27 11:39:33 -07:00
Evan Hunt
214b53880b [v9_11] prevent reload failure due to LMDB database perms 
4638.	[bug]		Reloading or reconfiguring named could fail on
			some platforms when LMDB was in use. [RT #45203]

(cherry picked from commit bf05e66bb3)
 2017-06-13 12:01:29 -07:00
Evan Hunt
c28e44f3f8 [v9_11] quote service registry paths 
4532.	[security]	The BIND installer on Windows used an unquoted
                        service path, which can enable privilege escalation.
			(CVE-2017-3141) [RT #45229]

(cherry picked from commit 967a3b9419)
 2017-05-30 13:38:22 -07:00
Evan Hunt
3440cf9c60 [v9_11] fix rpz formerr loop 
4531.	[security]	Some RPZ configurations could go into an infinite
			query loop when encountering responses with TTL=0.
			(CVE-2017-3140) [RT #45181]
 2017-05-30 12:35:06 -07:00
Tinderbox User
4745777284 update copyright notice / whitespace 2017-05-16 23:45:57 +00:00
Evan Hunt
403e7b4512 [v9_11] symbolic option names for dig +ednsopt 
4555.	[func]		dig +ednsopt: EDNS options can now be specified by
			name in addition to numeric value. [RT #44461]

(cherry picked from commit 25a9b90369)
 2017-05-16 10:08:17 -07:00
Mark Andrews
613cdc91fe add warning about semicolon no longer being escaped 
(cherry picked from commit d4d73bca79)
 2017-05-11 11:03:06 +10:00
Evan Hunt
c83a306155 [v9_11] fix lmdb delzone 
4616.	[bug]		When using LMDB, zones deleted using "rndc delzone"
			were not correctly removed from the new-zone
			database. [RT #45185]

(cherry picked from commit 3a554a444c)
 2017-05-04 12:32:47 -07:00
Evan Hunt
8b9c4592ed [v9_11] give threads unique names to assist debugging 
4602.	[func]		Threads are now set to human-readable
			names to assist debugging, when supported by
			the OS. [RT #43234]

(cherry picked from commit d26ae7fc08)
 2017-04-21 14:00:15 -07:00
Evan Hunt
c03cca4629 [v9_11] clear out relnotes 2017-04-21 13:37:32 -07:00
Evan Hunt
869cb92bab [v9_11] formatting 
(cherry picked from commit 52e398c0af)
 2017-04-12 14:06:04 -07:00
Mark Andrews
33cc2edb8e add CVE-2017-3138 
(cherry picked from commit fe1ad70e51)
 2017-03-30 02:57:02 +11:00
Evan Hunt
559cbe04e7 [v9_11] remove unnecessary INSIST and prep 9.11.1rc2 
4578.	[security]	Some chaining (CNAME or DNAME) responses to upstream
			queries could trigger assertion failures.
			(CVE-2017-3137) [RT #44734]

(cherry picked from commit a1365a0042)
 2017-02-23 14:55:10 -08:00
Mark Andrews
42f4ea6317 add CVE-2017-3136 note 
(cherry picked from commit d77eadc261)
 2017-02-15 12:45:30 +11:00
Evan Hunt
6043c4453d [v9_11] doc style 2017-02-07 08:18:55 -08:00
Evan Hunt
8e69860942 [v9_11] removed extra note about bind.keys update 2017-02-06 14:18:37 -08:00
Evan Hunt
59f34c1fc7 [v9_11] release note about new root key 2017-02-04 22:15:30 -08:00
Evan Hunt
07b7a3eade [v9_11] store local and remote addresses in dnstap 
4569.	[func]		Store both local and remote addresses in dnstap
			logging, and modify dnstap-read output format to
			print them. [RT #43595]

(cherry picked from commit 650b5e7592)
 2017-02-03 17:11:06 -08:00
Mark Andrews
51b0319696 new root KSK 2017-02-02 18:30:00 +11:00
Evan Hunt
781f6daa74 [v9_11] change 4558 was incomplete 
(cherry picked from commit cd668ea57f)
 2017-01-30 14:11:17 -08:00
Evan Hunt
2f70ce448a [v9_11] expand relnote 
(cherry picked from commit afa0ff0cbb)
 2017-01-23 20:04:30 -08:00
Mark Andrews
22e3ffcf2c 4556. [security] Combining dns64 and rpz can result in dereferencing 
a NULL pointer (read).  (CVE-2017-3135) [RT#44434]

(cherry picked from commit 5abe80ef13)
 2017-01-24 09:54:54 +11:00
Tinderbox User
f6b9092741 update copyright notice / whitespace 2017-01-12 23:46:13 +00:00
Mark Andrews
2cee8eadec 4553. [bug] Named could deadlock there were multiple changes to 
NSEC/NSEC3 parameters for a zone being processed at
                        the same time. [RT #42770]

(cherry picked from commit d2e1b47d4f)
 2017-01-12 14:26:06 +11:00
Mark Andrews
9e4e871392 4552. [bug] Named could trigger a assertion when sending notify 
messages. [RT #44019]

(cherry picked from commit 42924b40af)
 2017-01-12 14:18:01 +11:00
Evan Hunt
ac424b61bb [v9_11] release notes 2016-12-28 20:19:10 -08:00
Mark Andrews
b243aa40f9 4508. [security] Named incorrectly tried to cache TKEY records which 
could trigger a assertion failure when there was
                            a class mismatch. (CVE-2016-9131) [RT #43522]

(cherry picked from commit 2c1c4b99a1)
 2016-12-29 11:17:14 +11:00
Evan Hunt
58f15381f7 [v9_11] expand intro 2016-12-28 13:20:44 -08:00
Evan Hunt
544e2b48ec [v9_11] release notes 2016-12-28 11:51:06 -08:00
Evan Hunt
6649db1ca4 [v9_11] release note 2016-12-28 11:09:12 -08:00
Evan Hunt
d438157f7e [v9_11] clarify auth ECS is not meant for production use 2016-12-26 16:52:14 -08:00
Mark Andrews
83a28ca274 4527. [doc] Support DocBook XSL Stylesheets v1.79.1. [RT #43831] 
(cherry picked from commit 1b8ce3b330)
 2016-12-07 10:50:50 +11:00
Mark Andrews
744c1db635 4504. [security] Allow the maximum number of records in a zone to 
be specified.  This provides a control for issues
                        raised in CVE-2016-6170. [RT #42143]

(cherry picked from commit 5f8412a4cb)
 2016-11-03 09:48:26 +11:00
Evan Hunt
fcadf0b320 [v9_11] render querylog format consistent, and add a release note 
4471.	[cleanup]	Render client/query logging format consistent for
			ease of log file parsing. (Note that this affects
			"querylog" format: there is now an additional field
			indicating the client object address.) [RT #43238]

(cherry picked from commit c4b7db4932)
 2016-09-22 14:49:26 -07:00
Mark Andrews
61349d96c0 reorder 
(cherry picked from commit 9ffbc3f9b3)
 2016-09-09 11:54:34 +10:00
Mark Andrews
cdf97b41dc add CVE-2016-2776 
(cherry picked from commit d4c8a622c0)
 2016-09-09 11:50:38 +10:00
Evan Hunt
99e64ce41f [v9_11] fix dnssec-policy.conf in notes 
(cherry picked from commit bfb479d5e3)
 2016-08-25 08:19:16 -07:00
Evan Hunt
756b54c8ff [v9_11] add missing release notes and fix other doc nits 
(cherry picked from commit 864dc79dce)
 2016-08-24 16:25:51 -07:00
Mark Andrews
2fb6d3782b 4437. [func] Minimal-responses now has two additional modes 
no-auth and no-auth-recursive which suppress
                        adding the NS records to the authority section
                        as well as the associated address records for the
                        nameservers. [RT #42005]

(cherry picked from commit 78e31dd187)
 2016-08-12 10:49:57 +10:00
Mark Andrews
b7161f9898 4424. [experimental] Named now sends _ta-XXXX.<trust-anchor>/NULL queries 
to provide feedback to the trust-anchor administrators
                        about how key rollovers are progressing as per
                        draft-ietf-dnsop-edns-key-tag-02.  This can be
                        disabled using 'trust-anchor-telemetry no;'.
                        [RT #40583]

(cherry picked from commit f20179857a)
 2016-07-22 20:03:06 +10:00