ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
17,038 Commits 589 Branches 805 Tags
befbc68ee5a2c19cd8e4f33cbf598fc51271a3c3
Commit Graph

485 Commits

Author SHA1 Message Date
Tatuya JINMEI 神明達哉
19d3add998 2386. [func] Add warning about too small 'open files' limit. 
[RT #18269]
 2008-08-01 02:00:42 +00:00
Mark Andrews
9b16a48b9b 2389 [bug] Move the working directory writable to after the 
ns_os_changeuser() call. [RT #18326]
 2008-07-18 01:31:15 +00:00
Tatuya JINMEI 神明達哉
0edc9d2bf7 2384. [security] Additional support for query port randomization (change 
#2375) including performance improvement and port range
			specification.  [RT #17949, #18098]
 2008-06-24 02:02:51 +00:00
Evan Hunt
906685e44d Fully randomize UDP query ports to improve forgery resilience. [rt17949] 2008-05-22 21:16:05 +00:00
Automatic Updater
fcef5293d2 update copyright notice 2008-01-17 23:46:05 +00:00
Automatic Updater
47289f9dc1 update copyright notice 2008-01-09 23:45:58 +00:00
Mark Andrews
0a61938a98 2292. [bug] Log if the working directory is not writable. 
[RT #17312]

2291.   [bug]           PR_SET_DUMPABLE may be set too late.  Also report
                        failure to set PR_SET_DUMPABLE. [RT #17312]
 2008-01-09 04:52:56 +00:00
Mark Andrews
d5ad178122 2268. [bug] 0.IN-ADDR.ARPA was missing from the empty zones 
list.
 2007-12-02 18:58:20 +00:00
Mark Andrews
32a8d3517a 2264. [bug] Server prefix length was being ignored. [RT #17308] 2007-11-26 03:01:34 +00:00
Automatic Updater
beb9fabda3 update copyright notice 2007-08-28 07:20:06 +00:00
Mark Andrews
e550366612 2206. [security] "allow-query-cache" and "allow-recursion" now 
cross inherit from each other.

                        If allow-query-cache is not set in named.conf then
                        allow-recursion is used if set, otherwise allow-query
                        is used if set, otherwise the default (localnets;
                        localhost;) is used.

                        If allow-recursion is not set in named.conf then
                        allow-query-cache is used if set, otherwise allow-query
                        is used if set, otherwise the default (localnets;
                        localhost;) is used.

                        [RT #16987]
 2007-07-09 02:18:49 +00:00
Mark Andrews
685397fc48 2202. [security] The default acls for allow-query-cache and 
allow-recursion were not being applied. [RT #16960]
 2007-06-25 02:42:24 +00:00
Mark Andrews
2b14a229e5 2178. [bug] 'rndc reload' of a slave or stub zone resulted in 
a reference leak. [RT #16867]
 2007-05-15 02:31:05 +00:00
Mark Andrews
b5f9044cec 2167. [bug] When re-using a automatic zone named failed to 
attach it to the new view. [RT #16786]
 2007-04-24 06:58:47 +00:00
Automatic Updater
51a3b9fd2a update copyright notice 2007-04-03 23:43:54 +00:00
Mark Andrews
dab584a7f3 remove unused label 2007-04-03 00:05:17 +00:00
Mark Andrews
fd9dc4719c 2161. [bug] 'rndc flush' could report a false success. [RT #16698] 2007-04-03 00:00:46 +00:00
Mark Andrews
975bf17988 2112. [security] Warn if weak RSA exponent is used. [RT #16460] 2006-12-07 05:24:20 +00:00
Mark Andrews
0c1d76c634 2060. [bug] Enabling DLZ support could leave views partially 
configured. [RT #16295]
 2006-07-24 05:52:44 +00:00
Mark Andrews
a3f85746be 2031. [bug] Emit a error message when "rndc refresh" is called on 
a non slave/stub zone. [RT # 16073]
 2006-05-24 04:30:43 +00:00
Mark Andrews
72a28d8eba 2022. [bug] If dnssec validation is disabled only assert CD if 
CD was requested. [RT #16037]

2021.   [bug]           dnssec-enable no; triggered a REQUIRE. [RT #16037]
 2006-05-18 02:02:35 +00:00
Mark Andrews
b209b57067 2015. [cleanup] use-additional-cache is now acache-enable for 
consistancy.  Default acache-enable off in BIND 9.4
                        as it requires memory usage to be configured.
                        It may be enabled by default in BIND 9.5 once we
                        have more experience with it.
 2006-05-03 01:46:40 +00:00
Mark Andrews
e9724570aa 2008. [func] It is now posssible to enable/disable DNSSEC 
validation from rndc.  This is useful for the
                        mobile hosts where the current connection point
                        breaks DNSSEC (firewall/proxy).  [RT #15592]

                                rndc validation newstate [view]
 2006-03-09 23:46:20 +00:00
Mark Andrews
f560a1877b 2007. [func] It is now possible to explicitly enable DNSSEC 
validation.  default dnssec-validation no; to
                        be changed to yes in 9.5.0.  [RT #15674]
 2006-03-09 23:38:21 +00:00
Mark Andrews
1ba9283d78 2006. [security] Allow-query-cache and allow-recursion now default 
to the builtin acls "localnets" and "localhost".

                        This is being done to make caching servers less
                        attractive as reflective amplifying targets for
                        spoofed traffic.  This still leave authoritative
                        servers exposed.

                        The best fix is for full BCP 38 deployment to
                        remove spoofed traffic.
 2006-03-09 03:40:33 +00:00
Mark Andrews
ea407e7082 1991. [cleanup] The configuration data, once read, should be treated 
as readonly.  Expand the use of const to enforce this
                        at compile time. [RT #15813]
 2006-02-28 03:10:49 +00:00
Mark Andrews
7af42116ba fix minor typos 2006-02-26 23:01:58 +00:00
Mark Andrews
77c5b1c067 1986. [func] Report when a zone is removed. [RT #15849] 2006-02-21 23:17:32 +00:00
Mark Andrews
8fc5e43bd9 1597. [func] Allow notify-source and query-source to be specified 
on a per server basis similar to transfer-source.
                        [RT #6496]
 2006-02-17 00:42:10 +00:00
Mark Andrews
ff3b707f8a 1959. [func] Control the zeroing of the negative response TTL to 
a soa query.  Defaults "zero-no-soa-ttl yes;" and
                        "zero-no-soa-ttl-cache no;". [RT #15460]
 2006-01-05 02:24:27 +00:00
Mark Andrews
48d9f5bdaa inclu1954. [func] Named now falls back to advertising EDNS with a 
512 byte receive buffer if the initial EDNS queries
                        fail.  [RT #14852]

1953.   [func]          The maximum EDNS UDP response named will send can
                        now be set in named.conf (max-udp-size).  This is
                        independent of the advertised receive buffer
                        (edns-udp-size). [RT #14852]
 2006-01-05 00:10:44 +00:00
Mark Andrews
e770e36d60 update copyright notice 2006-01-04 23:50:23 +00:00
Mark Andrews
f53e702b25 1947. [func] It is now possible to configure named to accept 
expired RRSIGs.  Default "dnssec-accept-expired no;".
                        Setting "dnssec-accept-expired yes;" leaves named
                        vulnerable to replay attacks.  [RT #14685]
 2006-01-04 02:58:42 +00:00
Mark Andrews
3c8367a203 1940. [bug] Fixed a number of error conditions reported by 
Coverity.
 2005-11-30 03:44:39 +00:00
Mark Andrews
756c1c98e4 1913. [func] Integrate contibuted DLZ code into named. [RT #11382] 2005-09-05 00:20:08 +00:00
Mark Andrews
35dfb27614 1914. [bug] Strings returned from cfg_obj_asstring() should be 
treated as read-only.  The prototype for
                        cfg_obj_asstring() has been updated to reflect this.
                        [RT #15256]
 2005-08-23 02:31:40 +00:00
Mark Andrews
4df834d69f 1913. [func] Automatic empty zone creation for D.F.IP6.ARPA and 
friends.  Note: RFC 1918 zones are not yet covered by
                        this but are likely to be in a future release.

                        New options: empty-server, empty-contact,
                        empty-zones-enable and disable-empty-zone.
 2005-08-18 01:03:03 +00:00
Mark Andrews
bbdb4afea0 1911. [func] Attempt to make the amount of work performed in a 
iteration self tuning.  The covers nodes clean from
                        the cache per iteration, nodes written to disk when
                        rewriting a master file and nodes destroyed per
                        iteration when destroying a zone or a cache.
                        [RT #14996]
 2005-08-15 01:46:51 +00:00
Mark Andrews
b9ee625560 1905. [bug] Recursive clients soft quota support wasn't working 
as expected. [RT #15103]
 2005-07-27 02:44:22 +00:00
Mark Andrews
e021d8eff8 1891. [func] Limit the number of recursive clients that can be 
waiting for a single query (<qname,qtype,qclass>) to
                        resolve.  New options clients-per-query and
                        max-clients-per-query.
 2005-06-27 00:20:04 +00:00
Mark Andrews
02ff44e8ef sync w/ head 2005-06-22 22:05:50 +00:00
Mark Andrews
37495b467a 1857. [bug] named could trigger a INSIST() if reconfigured / 
reloaded too fast.  [RT #14673]
 2005-06-07 01:53:50 +00:00
Mark Andrews
740a273347 1868. [func] edns-udp-size can now be overridden on a per 
server basis. [RT #14851]
 2005-06-07 00:30:42 +00:00
Mark Andrews
27237763df further changes for 
1848.   [bug]           Improve SMF integration. [RT #13238]
 2005-04-29 00:55:53 +00:00
Rob Austein
372edff338 1851. [doc] Doxygen comment markup. [RT #11398] 2005-04-27 05:02:59 +00:00
Mark Andrews
a392997a02 1848. [bug] Improve SMF integration. [RT #13238] 2005-04-05 01:04:49 +00:00
Mark Andrews
7769123869 1795. [bug] "rndc dumpb" was not fully documented. Minor 
formating issues with "rndc dumpdb -all".  [RT #13396]
 2005-03-14 23:55:50 +00:00
Mark Andrews
92531cb186 1798. [func] The server syntax has been extended to support a 
range of servers.  [RT #11132]
 2005-01-16 23:56:09 +00:00
Mark Andrews
f14dd601bb 1796. [func] "rndc freeze/thaw" now freezes/thaws all zones. 2005-01-14 03:28:03 +00:00
Mark Andrews
1619928e2d update copyrights 2005-01-12 01:54:57 +00:00