ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
24,134 Commits 589 Branches 805 Tags
a3cee5460d00a1e95dcb6064277b644458b82e9f
Commit Graph

1868 Commits

Author SHA1 Message Date
Tinderbox User
9831d2c6e5 update copyright notice / whitespace 2016-08-19 01:23:59 +00:00
Mark Andrews
e0449a0a4a 4450. [port] Provide more nuanced HSM support which better matches 
the specific PKCS11 providers capabilities. [RT #42458]

(cherry picked from commit 8ee6f289d8)
 2016-08-19 08:25:54 +10:00
Tinderbox User
4858334554 update copyright notice / whitespace 2016-08-11 23:46:19 +00:00
Francis Dupont
7a4d54f6c6 Merged rt42840_10 (tcp-only backport) 2016-08-11 14:28:22 +02:00
Tinderbox User
7a90fc75f5 update copyright notice / whitespace 2016-07-22 23:48:53 +00:00
Mark Andrews
aa1a7e1e58 4424. [experimental] Named now sends _ta-XXXX.<trust-anchor>/NULL queries 
to provide feedback to the trust-anchor administrators
                        about how key rollovers are progressing as per
                        draft-ietf-dnsop-edns-key-tag-02.  This can be
                        disabled using 'trust-anchor-telemetry no;'.
                        [RT #40583]

(cherry picked from commit f20179857a)
 2016-07-22 20:16:59 +10:00
Tinderbox User
d122358d76 update copyright notice / whitespace 2016-07-14 23:52:39 +00:00
Mark Andrews
594b2c2597 4413. [bug] GSSAPI negotiation could fail if GSS_S_CONTINUE_NEEDED 
was returned. [RT #42733]

(cherry picked from commit 63e58ad048)
 2016-07-14 15:08:28 +10:00
Mukund Sivaraman
e7a3b8948f Some general cleanup (#42827) 
(cherry picked from commit e65cd99461)
(cherry picked from commit 47ed813864)
 2016-07-13 14:33:16 +05:30
Tinderbox User
351f101697 update copyright notice / whitespace 2016-07-05 23:47:38 +00:00
Evan Hunt
fb07d9858b [v9_10] clarify some comments 2016-07-05 10:53:22 -07:00
Tinderbox User
5c174bc119 update copyright notice / whitespace 2016-06-16 23:45:43 +00:00
Mark Andrews
17c01907d6 backport dns_name_t *name -> const dns_name_t *name 
(cherry picked from commit ded95d497df16579852356fc5434671d24c7f00d)
 2016-06-16 21:42:10 +10:00
Mark Andrews
04a6d1de64 4366. [bug] Address race condition when updating rbtnode bit 
fields. [RT #42379]

(cherry picked from commit e2047969de)
 2016-05-17 13:15:05 +10:00
Evan Hunt
8f6dc230d0 [v9_10] prep 9.10.4b3 2016-03-24 12:41:57 -07:00
Mark Andrews
4c981c3bf7 4341. [bug] 'rndc flushtree' could fail to clean the tree if there 
wasn't a node at the specified name. [RT #41846]

(cherry picked from commit 6214c3c93a)
 2016-03-24 11:32:52 +11:00
Tinderbox User
2a28287aa7 update copyright notice / whitespace 2016-03-22 23:45:30 +00:00
Evan Hunt
c82e4d2379 [v9_10] fix mkeys TTL 0 issue 
4337.	[bug]		The previous change exposed a latent flaw in
			key refresh queries for managed-keys when
			a cached DNSKEY had TTL 0. [RT #41986]
 2016-03-22 12:13:25 -07:00
Tinderbox User
48c13be6d9 update copyright notice / whitespace 2016-03-10 23:45:32 +00:00
Mark Andrews
9f8d166497 4330. [protocol] Identify the PAD option as "PAD" when printing out 
a message.

(cherry picked from commit 33a4294f44)
 2016-03-10 16:54:08 +11:00
Mark Andrews
13a95c3775 update copyrights 2016-03-08 16:20:10 +11:00
Mark Andrews
b8341f294c 4329. [func] Warn about a common misconfiguration when forwarding 
RFC 1918 zones. [RT #41441]
 2016-03-08 10:11:56 +11:00
Mukund Sivaraman
2a461f1348 Repack dns_rbtnode struct to gain some space (reduce packing holes) (#41854) 
(cherry picked from commit 8dbf9ceb8c)
 2016-03-07 16:16:32 +05:30
Tinderbox User
b66f98643d update copyright notice / whitespace 2016-01-14 23:45:45 +00:00
Evan Hunt
25da0107d1 [v9_10] added sockaddr.h 
4291.	[cleanup]	Added a required include to dns/forward.h. [RT #41474]

(cherry picked from commit b4ccec331d)
 2016-01-14 10:27:35 -08:00
Tinderbox User
c547a8836b update copyright notice / whitespace 2015-12-10 23:46:42 +00:00
Mukund Sivaraman
318158d66a Improve performance of RBT (#41165) 
(cherry picked from commit 5d79b60fc5)
 2015-12-10 22:52:52 +05:30
Mark Andrews
3a4c24c4a5 4260. [security] Insufficient testing when parsing a message allowed 
records with an incorrect class to be be accepted,
                        triggering a REQUIRE failure when those records
                        were subsequently cached. (CVE-2015-8000) [RT #4098]

(cherry picked from commit c8821d124c)
 2015-11-16 13:21:54 +11:00
Tinderbox User
a68111c6f9 update copyright notice / whitespace 2015-11-09 23:45:50 +00:00
Evan Hunt
fbf5b36b69 [v9_10] fix python script versions 
4257.	[cleanup]	Python scripts reported incorrect version. [RT #41080]
 2015-11-08 21:36:27 -08:00
Mark Andrews
e99165ed46 4191. [protocol] Accept DNS-SD non LDH PTR records in reverse zones 
as per RFC 6763. [RT #37889]

(cherry picked from commit 5855fd79e3)
 2015-08-25 14:46:35 +10:00
Mark Andrews
daec213a5c 4190. [protocol] Accept Active Diretory gc._msdcs.<forest> name as 
valid with check-names.  <forest> still needs to be
                        LDH. [RT #40399]

(cherry picked from commit dc3912f3ca)
 2015-08-22 15:28:09 +10:00
Tinderbox User
979d849b60 update copyright notice / whitespace 2015-08-07 23:45:57 +00:00
Evan Hunt
7163ce122d [v9_10] address buffer accounting error 
4168.	[security]	A buffer accounting error could trigger an
			assertion failure when parsing certain malformed
			DNSSEC keys. (CVE-2015-5722) [RT #40212]

(cherry picked from commit ce9f893e21)
 2015-08-07 13:23:03 -07:00
Mark Andrews
38df037565 badcookie has a offical code point of 23 
(cherry picked from commit 46e7fc51b8)
 2015-07-27 15:22:42 +10:00
Tinderbox User
dae3e8def6 update copyright notice / whitespace 2015-07-13 23:45:49 +00:00
Mark Andrews
d03dbac02e 4164. [bug] Don't rename slave files and journals on out of memory. 
[RT #40033]

4163.   [bug]           Address compiler warnings. [RT #40024]

(cherry picked from commit 3a49d0ff10)
 2015-07-13 09:48:42 +10:00
Tinderbox User
a704920204 update copyright notice / whitespace 2015-07-09 23:45:51 +00:00
Evan Hunt
83d0b1ab69 [v9_10] DDoS mitigation features 
3938.	[func]		Added quotas to be used in recursive resolvers
			that are under high query load for names in zones
			whose authoritative servers are nonresponsive or
			are experiencing a denial of service attack.

			- "fetches-per-server" limits the number of
			  simultaneous queries that can be sent to any
			  single authoritative server.  The configured
			  value is a starting point; it is automatically
			  adjusted downward if the server is partially or
			  completely non-responsive. The algorithm used to
			  adjust the quota can be configured via the
			  "fetch-quota-params" option.
			- "fetches-per-zone" limits the number of
			  simultaneous queries that can be sent for names
			  within a single domain.  (Note: Unlike
			  "fetches-per-server", this value is not
			  self-tuning.)
			- New stats counters have been added to count
			  queries spilled due to these quotas.

			These options are not available by default;
			use "configure --enable-fetchlimit" (or
			--enable-developer) to include them in the build.

			See the ARM for details of these options. [RT #37125]
 2015-07-08 22:55:31 -07:00
Mark Andrews
bb7971417a 4157. [protocol] Update experimental SIT code to use the EDNS COOKIE 
option code point (10).  This is the minimal change
                        required to use the new code point. [RT #39928]
 2015-07-07 15:43:04 +10:00
Mark Andrews
a9557c404e 4154. [bug] A OPT record should be included with the FORMERR 
response when there is a malformed EDNS option.
                        [RT #39647]

4153.   [bug]           Dig should zero non significant +subnet bits.  Check
                        that non significant ECS bits are zero on receipt.
                        [RT #39647]

(cherry picked from commit 3e33f4198d)
 2015-07-06 13:47:17 +10:00
Mukund Sivaraman
f69f188b90 Fix a bug printing zone names with '/' character in XML and JSON stats (#39873) 
(cherry picked from commit 08f0129732)

Conflicts:
	bin/tests/system/statistics/clean.sh
 2015-06-29 18:46:36 +05:30
Mukund Sivaraman
9f1888805b Propagate stale attribute when updating stats (#39141) 
Squashed commit of the following:

commit 9b5b9fa30fbeba8ee1e95cb1028017230ed4db02
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Apr 7 19:30:54 2015 +0530

    Remove double function prototypes

commit f3bb8cc60ae476eaa871ba10330b16425ced2d7c
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Apr 7 19:30:34 2015 +0530

    Unify several copies of redundant code into a helper function

commit 4899fb9b2f36fc5d159fa877c0780a442a7cbdb3
Author: Mukund Sivaraman <muks@isc.org>
Date:   Thu Apr 2 00:23:53 2015 +0530

    Propagate stale attribute when updating stats

(cherry picked from commit 59a9cb54c1)

Conflicts:
	CHANGES
 2015-06-10 16:10:44 +05:30
Evan Hunt
f89d03dc9e [v9_10] further RPZ fixes 
4131.	[bug]		Addressed further problems with reloading RPZ
			zones. [RT #39649]
 2015-06-03 18:19:19 -07:00
Tinderbox User
b3623d80ab update copyright notice / whitespace 2015-05-28 23:45:50 +00:00
Mark Andrews
d8161b8756 4127. [protocol] CDS and CDNSKEY need to be signed by the key signing 
key as per RFC 7344, Section 4.1. [RT #37215]

(cherry picked from commit 598b502695)
 2015-05-27 15:36:55 +10:00
Evan Hunt
a6a15bb069 [v9_10] address regression 
4126.	[bug]		Addressed a regression introduced in change #4121.
			[RT #39611]
 2015-05-26 19:11:54 -07:00
Tinderbox User
1b9f989cae update copyright notice / whitespace 2015-05-21 23:45:59 +00:00
Evan Hunt
433b64a548 [v9_10] ensure rpz summary consistence during AXFR updates 
4121.	[bug]		When updating a response-policy zone via AXFR,
			summary data about other policy zones could fall
			out of sync. Ultimately this could trigger an
			assertion failure in rpz.c. [RT #39567]

(cherry picked from commit 19365b43e9)
 2015-05-20 15:07:09 -07:00
Evan Hunt
04defaf799 [v9_10] address a possible policy update race 
4120.	[bug]		A bug in RPZ could cause the server to crash if
			policy zones were updated while recursion was
			pending for RPZ processing of an active query.
			[RT #39415]

(cherry picked from commit 7e6cf6fc6e)
 2015-05-19 15:56:40 -07:00