ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
25,303 Commits 589 Branches 805 Tags
cb4e0ef4e2c8a942f99af6ecc6aa564c903b00a0
Commit Graph

6594 Commits

Author SHA1 Message Date
Mark Andrews
c631ff56bf Updated CHANGES note to include require-server-cookie: 
4152.   [func]          Implement DNS COOKIE option.  This replaces the
                        experimental SIT option of BIND 9.10.  The following
                        named.conf directives are available: send-cookie,
                        cookie-secret, cookie-algorithm, nocookie-udp-size
                        and require-server-cookie.  The following dig options
                        are available: +[no]cookie[=value] and +[no]badcookie.
                        [RT #39928]
 2015-08-13 08:26:23 +10:00
Evan Hunt
9b8f93083d [master] fix tsig class checks 
4171.	[bug]		Fixed incorrect class checks in TSIG RR
			implementation. [RT #40287]
 2015-08-11 22:16:44 -07:00
Evan Hunt
c707e2b986 [master] fix length check in OPENPGPKEY 
4170.	[security]	An incorrect boundary check in the OPENPGPKEY
			rdatatype could trigger an assertion failure.
			[RT #40286]
 2015-08-11 20:01:44 -07:00
Tinderbox User
c4567d0675 update copyright notice / whitespace 2015-08-07 23:45:26 +00:00
Evan Hunt
ce9f893e21 [master] address buffer accounting error 
4168.	[security]	A buffer accounting error could trigger an
			assertion failure when parsing certain malformed
			DNSSEC keys. (CVE-2015-5722) [RT #40212]
 2015-08-07 13:16:10 -07:00
Mark Andrews
46e7fc51b8 badcookie has a offical code point of 23 2015-07-27 15:22:09 +10:00
Mark Andrews
dbb064aa79 4165. [bug] An failure to reset a value to NULL in tkey.c could 
result in an assertion failure. (CVE-2015-5477)
                        [RT #40046]
 2015-07-14 14:48:42 +10:00
Tinderbox User
faa3b61828 update copyright notice / whitespace 2015-07-13 23:45:24 +00:00
Mark Andrews
3a49d0ff10 4164. [bug] Don't rename slave files and journals on out of memory. 
[RT #40033]

4163.   [bug]           Address compiler warnings. [RT #40024]
 2015-07-13 09:46:59 +10:00
Tinderbox User
f16a6bfb6c update copyright notice / whitespace 2015-07-09 23:45:22 +00:00
Evan Hunt
1479200aa0 [master] DDoS mitigation features 
3938.	[func]		Added quotas to be used in recursive resolvers
			that are under high query load for names in zones
			whose authoritative servers are nonresponsive or
			are experiencing a denial of service attack.

			- "fetches-per-server" limits the number of
			  simultaneous queries that can be sent to any
			  single authoritative server.  The configured
			  value is a starting point; it is automatically
			  adjusted downward if the server is partially or
			  completely non-responsive. The algorithm used to
			  adjust the quota can be configured via the
			  "fetch-quota-params" option.
			- "fetches-per-zone" limits the number of
			  simultaneous queries that can be sent for names
			  within a single domain.  (Note: Unlike
			  "fetches-per-server", this value is not
			  self-tuning.)
			- New stats counters have been added to count
			  queries spilled due to these quotas.

			See the ARM for details of these options. [RT #37125]
 2015-07-08 22:53:39 -07:00
Tinderbox User
9ab5a7d83c update copyright notice / whitespace 2015-07-07 23:45:22 +00:00
Mark Andrews
bd08b82891 add warning not about handling malformed option content 2015-07-07 10:25:09 +10:00
Mark Andrews
46fc714aa0 dig +ednsopt=<invalid> could trigger a assertion failure [RT #39990] 2015-07-06 23:03:51 +10:00
Mukund Sivaraman
33ca26968b Allow RPZ rewrite logging to be configured on a per-zone basis (#39754) 2015-07-06 08:57:51 +05:30
Mark Andrews
3e33f4198d 4154. [bug] A OPT record should be included with the FORMERR 
response when there is a malformed EDNS option.
                        [RT #39647]

4153.   [bug]           Dig should zero non significant +subnet bits.  Check
                        that non significant ECS bits are zero on receipt.
                        [RT #39647]
 2015-07-06 12:52:37 +10:00
Tinderbox User
8f0b326d9a update copyright notice / whitespace 2015-07-05 23:45:22 +00:00
Mark Andrews
ce67023ae3 4152. [func] Implement DNS COOKIE option. This replaces the 
experimental SIT option of BIND 9.10.  The following
                        named.conf directives are avaliable: send-cookie,
                        cookie-secret, cookie-algorithm and nocookie-udp-size.
                        The following dig options are available:
                        +[no]cookie[=value] and +[no]badcookie.  [RT #39928]
 2015-07-06 09:44:24 +10:00
Tinderbox User
85d23eaae8 update copyright notice / whitespace 2015-07-03 23:45:24 +00:00
Mark Andrews
307adf6792 4151. [bug] 'rndc flush' could cause a deadlock. [RT #39835] 2015-07-03 10:17:33 +10:00
Mukund Sivaraman
08f0129732 Fix a bug printing zone names with '/' character in XML and JSON stats (#39873) 2015-06-29 18:33:18 +05:30
Mark Andrews
4a61eae651 4147. [bug] Filter-aaaa / filter-aaaa-on-v4 / filter-aaaa-on-v6 
was returning referrals rather than nodata responses
                        when the AAAA records were filtered.  [RT #39843]
 2015-06-29 15:48:41 +10:00
Mark Andrews
adbf81335b 4146. [bug] Address reference leak that could prevent a clean 
shutdown. [RT #37125]
 2015-06-25 18:36:27 +10:00
Mark Andrews
2f66e2dd81 4145. [bug] Not all unassociated adb entries where being printed. 
[RT #37125]
 2015-06-25 18:26:59 +10:00
Mark Andrews
d4422ec231 don't use C++ keyword new; use (const char *) for output of strchr((const char *), char) 2015-06-18 11:14:43 +10:00
Mark Andrews
a85c6b35af 4138. [bug] A uninitialized value in validator.c could result 
in a assertion failure. (CVE-2015-4620) [RT #39795]
 2015-06-17 09:13:03 +10:00
Mark Andrews
a8cb6c6fbc add #define check_stale_rdataset check_stale_rdataset64 2015-06-12 11:17:07 +10:00
Mark Andrews
c781d465b6 silence unused parameter warning 2015-06-11 14:03:19 +10:00
Mukund Sivaraman
59a9cb54c1 Propagate stale attribute when updating stats (#39141) 
Squashed commit of the following:

commit 9b5b9fa30fbeba8ee1e95cb1028017230ed4db02
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Apr 7 19:30:54 2015 +0530

    Remove double function prototypes

commit f3bb8cc60ae476eaa871ba10330b16425ced2d7c
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Apr 7 19:30:34 2015 +0530

    Unify several copies of redundant code into a helper function

commit 4899fb9b2f36fc5d159fa877c0780a442a7cbdb3
Author: Mukund Sivaraman <muks@isc.org>
Date:   Thu Apr 2 00:23:53 2015 +0530

    Propagate stale attribute when updating stats
 2015-06-10 14:04:30 +05:30
Witold Krecicki
f85deb5154 log expired NTA at startup 2015-06-08 13:57:24 +02:00
Witold Krecicki
8d21d93a6b better logging of RPZ changes RT #39670 2015-06-05 12:24:11 +02:00
Tinderbox User
e545fce91b update copyright notice / whitespace 2015-06-04 23:45:25 +00:00
Evan Hunt
8c9fba44a4 [master] further RPZ fixes 
4131.	[bug]		Addressed further problems with reloading RPZ
			zones. [RT #39649]
 2015-06-03 18:18:55 -07:00
Mark Andrews
e0fea0bf85 silence coverity warnings 2015-05-30 17:44:52 +10:00
Mark Andrews
03089dd420 add INSIST to silence coverity 2015-05-30 17:37:14 +10:00
Mark Andrews
4e056cee66 unsigned constants 2015-05-29 11:26:13 +10:00
Tinderbox User
431e5c81db update copyright notice / whitespace 2015-05-28 23:45:24 +00:00
Evan Hunt
2bb245e04a [master] typo in comment 2015-05-28 15:04:40 -07:00
Mark Andrews
8bb630c751 4129. [port] Address API changes in OpenSSL 1.1.0. [RT #39532] 2015-05-28 14:41:21 +10:00
Mark Andrews
e53e202ef3 4128. [bug] Address issues raised by Coverity 7.6. [RT #39537] 2015-05-28 13:17:07 +10:00
Tinderbox User
3813d22587 update copyright notice / whitespace 2015-05-27 23:45:25 +00:00
Mark Andrews
e7b7ede003 add dns_zone_cdscheck 2015-05-27 16:17:54 +10:00
Mark Andrews
598b502695 4127. [protocol] CDS and CDNSKEY need to be signed by the key signing 
key as per RFC 7344, Section 4.1. [RT #37215]
 2015-05-27 15:25:45 +10:00
Evan Hunt
a32b6291aa [master] address regression 
4126.	[bug]		Addressed a regression introduced in change #4121.
			[RT #39611]
 2015-05-26 19:11:08 -07:00
Tinderbox User
d70dac20d2 update copyright notice / whitespace 2015-05-23 23:45:25 +00:00
Francis Dupont
941b62c8cb finished print.h stuff 2015-05-23 16:12:24 +02:00
Francis Dupont
3759f10fc5 added print.h includes, updated copyrights 2015-05-23 14:21:51 +02:00
Tinderbox User
0dfc0745c4 update copyright notice / whitespace 2015-05-21 23:45:26 +00:00
Evan Hunt
cadf8d687b [master] add %z format options to printf 
4123.	[port]		Added %z (size_t) format options to the portable
			internal printf/sprintf implementation. [RT #39586]
 2015-05-21 14:55:15 -07:00
Mukund Sivaraman
705cea35a8 Fix RPZ radix tree search() for CLIENT-IP triggers (#39481) 2015-05-21 11:10:49 +05:30