ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
19,967 Commits 589 Branches 805 Tags
d0cc47cef94de7931a492e32ec3b25145560d16b
Commit Graph

496 Commits

Author SHA1 Message Date
Automatic Updater
e95ab03354 update copyright notice 2010-02-26 23:46:37 +00:00
Mark Andrews
b6a3b10da7 2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619] 2010-02-26 01:03:56 +00:00
Mark Andrews
32a1ab66b9 2920. [bug] Delay thawing the zone until the reload of it has 
completed successfully.  [RT #19750]
 2009-07-11 04:30:50 +00:00
Mark Andrews
41efe04c19 2539. [security] Update the interaction between recursion, allow-query, 
allow-query-cache and allow-recursion.  [RT #19198]
 2009-01-30 04:24:29 +00:00
Mark Andrews
0f4ec602dd spelling 2009-01-19 00:36:29 +00:00
Automatic Updater
f262c709c5 update copyright notice 2009-01-09 23:45:59 +00:00
Tatuya JINMEI 神明達哉
3f807f4ca8 2527. [bug] named could reuse cache on reload with 
enabling/disabling validation. [RT #19119]
 2009-01-09 22:50:58 +00:00
Tatuya JINMEI 神明達哉
2ee516cda8 comment update 2008-12-25 02:03:26 +00:00
Mark Andrews
e6ce0e2567 2478. [bug] 'addresses' could be used uninitalized in 
configure_forward(). [RT 18800]
 2008-11-20 00:50:57 +00:00
Automatic Updater
672f00e426 update copyright notice 2008-09-04 23:46:08 +00:00
Mark Andrews
a8240cd7d5 2398. [bug] Improve file descriptor management. New, 
temporary, named.conf option reserved-sockets,
                        default 512. [RT #18344]
 2008-09-04 08:03:08 +00:00
Tatuya JINMEI 神明達哉
19d3add998 2386. [func] Add warning about too small 'open files' limit. 
[RT #18269]
 2008-08-01 02:00:42 +00:00
Mark Andrews
9b16a48b9b 2389 [bug] Move the working directory writable to after the 
ns_os_changeuser() call. [RT #18326]
 2008-07-18 01:31:15 +00:00
Tatuya JINMEI 神明達哉
0edc9d2bf7 2384. [security] Additional support for query port randomization (change 
#2375) including performance improvement and port range
			specification.  [RT #17949, #18098]
 2008-06-24 02:02:51 +00:00
Evan Hunt
906685e44d Fully randomize UDP query ports to improve forgery resilience. [rt17949] 2008-05-22 21:16:05 +00:00
Automatic Updater
fcef5293d2 update copyright notice 2008-01-17 23:46:05 +00:00
Automatic Updater
47289f9dc1 update copyright notice 2008-01-09 23:45:58 +00:00
Mark Andrews
0a61938a98 2292. [bug] Log if the working directory is not writable. 
[RT #17312]

2291.   [bug]           PR_SET_DUMPABLE may be set too late.  Also report
                        failure to set PR_SET_DUMPABLE. [RT #17312]
 2008-01-09 04:52:56 +00:00
Mark Andrews
d5ad178122 2268. [bug] 0.IN-ADDR.ARPA was missing from the empty zones 
list.
 2007-12-02 18:58:20 +00:00
Mark Andrews
32a8d3517a 2264. [bug] Server prefix length was being ignored. [RT #17308] 2007-11-26 03:01:34 +00:00
Automatic Updater
beb9fabda3 update copyright notice 2007-08-28 07:20:06 +00:00
Mark Andrews
e550366612 2206. [security] "allow-query-cache" and "allow-recursion" now 
cross inherit from each other.

                        If allow-query-cache is not set in named.conf then
                        allow-recursion is used if set, otherwise allow-query
                        is used if set, otherwise the default (localnets;
                        localhost;) is used.

                        If allow-recursion is not set in named.conf then
                        allow-query-cache is used if set, otherwise allow-query
                        is used if set, otherwise the default (localnets;
                        localhost;) is used.

                        [RT #16987]
 2007-07-09 02:18:49 +00:00
Mark Andrews
685397fc48 2202. [security] The default acls for allow-query-cache and 
allow-recursion were not being applied. [RT #16960]
 2007-06-25 02:42:24 +00:00
Mark Andrews
2b14a229e5 2178. [bug] 'rndc reload' of a slave or stub zone resulted in 
a reference leak. [RT #16867]
 2007-05-15 02:31:05 +00:00
Mark Andrews
b5f9044cec 2167. [bug] When re-using a automatic zone named failed to 
attach it to the new view. [RT #16786]
 2007-04-24 06:58:47 +00:00
Automatic Updater
51a3b9fd2a update copyright notice 2007-04-03 23:43:54 +00:00
Mark Andrews
dab584a7f3 remove unused label 2007-04-03 00:05:17 +00:00
Mark Andrews
fd9dc4719c 2161. [bug] 'rndc flush' could report a false success. [RT #16698] 2007-04-03 00:00:46 +00:00
Mark Andrews
975bf17988 2112. [security] Warn if weak RSA exponent is used. [RT #16460] 2006-12-07 05:24:20 +00:00
Mark Andrews
0c1d76c634 2060. [bug] Enabling DLZ support could leave views partially 
configured. [RT #16295]
 2006-07-24 05:52:44 +00:00
Mark Andrews
a3f85746be 2031. [bug] Emit a error message when "rndc refresh" is called on 
a non slave/stub zone. [RT # 16073]
 2006-05-24 04:30:43 +00:00
Mark Andrews
72a28d8eba 2022. [bug] If dnssec validation is disabled only assert CD if 
CD was requested. [RT #16037]

2021.   [bug]           dnssec-enable no; triggered a REQUIRE. [RT #16037]
 2006-05-18 02:02:35 +00:00
Mark Andrews
b209b57067 2015. [cleanup] use-additional-cache is now acache-enable for 
consistancy.  Default acache-enable off in BIND 9.4
                        as it requires memory usage to be configured.
                        It may be enabled by default in BIND 9.5 once we
                        have more experience with it.
 2006-05-03 01:46:40 +00:00
Mark Andrews
e9724570aa 2008. [func] It is now posssible to enable/disable DNSSEC 
validation from rndc.  This is useful for the
                        mobile hosts where the current connection point
                        breaks DNSSEC (firewall/proxy).  [RT #15592]

                                rndc validation newstate [view]
 2006-03-09 23:46:20 +00:00
Mark Andrews
f560a1877b 2007. [func] It is now possible to explicitly enable DNSSEC 
validation.  default dnssec-validation no; to
                        be changed to yes in 9.5.0.  [RT #15674]
 2006-03-09 23:38:21 +00:00
Mark Andrews
1ba9283d78 2006. [security] Allow-query-cache and allow-recursion now default 
to the builtin acls "localnets" and "localhost".

                        This is being done to make caching servers less
                        attractive as reflective amplifying targets for
                        spoofed traffic.  This still leave authoritative
                        servers exposed.

                        The best fix is for full BCP 38 deployment to
                        remove spoofed traffic.
 2006-03-09 03:40:33 +00:00
Mark Andrews
ea407e7082 1991. [cleanup] The configuration data, once read, should be treated 
as readonly.  Expand the use of const to enforce this
                        at compile time. [RT #15813]
 2006-02-28 03:10:49 +00:00
Mark Andrews
7af42116ba fix minor typos 2006-02-26 23:01:58 +00:00
Mark Andrews
77c5b1c067 1986. [func] Report when a zone is removed. [RT #15849] 2006-02-21 23:17:32 +00:00
Mark Andrews
8fc5e43bd9 1597. [func] Allow notify-source and query-source to be specified 
on a per server basis similar to transfer-source.
                        [RT #6496]
 2006-02-17 00:42:10 +00:00
Mark Andrews
ff3b707f8a 1959. [func] Control the zeroing of the negative response TTL to 
a soa query.  Defaults "zero-no-soa-ttl yes;" and
                        "zero-no-soa-ttl-cache no;". [RT #15460]
 2006-01-05 02:24:27 +00:00
Mark Andrews
48d9f5bdaa inclu1954. [func] Named now falls back to advertising EDNS with a 
512 byte receive buffer if the initial EDNS queries
                        fail.  [RT #14852]

1953.   [func]          The maximum EDNS UDP response named will send can
                        now be set in named.conf (max-udp-size).  This is
                        independent of the advertised receive buffer
                        (edns-udp-size). [RT #14852]
 2006-01-05 00:10:44 +00:00
Mark Andrews
e770e36d60 update copyright notice 2006-01-04 23:50:23 +00:00
Mark Andrews
f53e702b25 1947. [func] It is now possible to configure named to accept 
expired RRSIGs.  Default "dnssec-accept-expired no;".
                        Setting "dnssec-accept-expired yes;" leaves named
                        vulnerable to replay attacks.  [RT #14685]
 2006-01-04 02:58:42 +00:00
Mark Andrews
3c8367a203 1940. [bug] Fixed a number of error conditions reported by 
Coverity.
 2005-11-30 03:44:39 +00:00
Mark Andrews
756c1c98e4 1913. [func] Integrate contibuted DLZ code into named. [RT #11382] 2005-09-05 00:20:08 +00:00
Mark Andrews
35dfb27614 1914. [bug] Strings returned from cfg_obj_asstring() should be 
treated as read-only.  The prototype for
                        cfg_obj_asstring() has been updated to reflect this.
                        [RT #15256]
 2005-08-23 02:31:40 +00:00
Mark Andrews
4df834d69f 1913. [func] Automatic empty zone creation for D.F.IP6.ARPA and 
friends.  Note: RFC 1918 zones are not yet covered by
                        this but are likely to be in a future release.

                        New options: empty-server, empty-contact,
                        empty-zones-enable and disable-empty-zone.
 2005-08-18 01:03:03 +00:00
Mark Andrews
bbdb4afea0 1911. [func] Attempt to make the amount of work performed in a 
iteration self tuning.  The covers nodes clean from
                        the cache per iteration, nodes written to disk when
                        rewriting a master file and nodes destroyed per
                        iteration when destroying a zone or a cache.
                        [RT #14996]
 2005-08-15 01:46:51 +00:00
Mark Andrews
b9ee625560 1905. [bug] Recursive clients soft quota support wasn't working 
as expected. [RT #15103]
 2005-07-27 02:44:22 +00:00