ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
25,511 Commits 589 Branches 805 Tags
e01d88e885fbd101d69ca10f580fefd1c8d63225
Commit Graph

5385 Commits

Author SHA1 Message Date
Tinderbox User
95bbb75143 regen master 2017-09-06 01:11:43 +00:00
Mark Andrews
df50751585 4700. [func] Serving of stale answers is now supported. This 
allows named to provide stale cached answers when
                        the authoritative server is under attack.
                        See max-stale-ttl, stale-answer-enable,
                        stale-answer-ttl. [RT #44790]
 2017-09-06 09:58:29 +10:00
Tinderbox User
e8a4edf0ed regen master 2017-09-05 01:10:49 +00:00
Mark Andrews
e2a737bcb8 4699. [func] Multiple cookie-secret clauses can now be specified. 
The first one specified is used to generate new
                        server cookies.  [RT #45672]
 2017-09-05 09:19:45 +10:00
Tinderbox User
e640ea9343 regen master 2017-09-01 01:11:29 +00:00
Evan Hunt
45afdb2672 [master] remove default algorithm in dnssec-keygen 
4594.	[func]		dnssec-keygen no longer uses RSASHA1 by default;
			the signing algorithm must be specified on
			the command line with the "-a" option.  Signing
			scripts that rely on the existing default behavior
			will break; use "dnssec-keygen -a RSASHA1" to
			repair them. (The goal of this change is to make
			it easier to find scripts using RSASHA1 so they
			can be changed in the event of that algorithm
			being deprecated in the future.) [RT #44755]
 2017-08-30 18:51:11 -07:00
Tinderbox User
2bfc294f0a regen master 2017-08-31 01:11:54 +00:00
Mark Andrews
0aed466565 4693. [func] Synthesis of responses from DNSSEC-verified records. 
Stage 1 covers NXDOMAIN synthesis from NSEC records.
                        This is controlled by synth-from-dnssec and is enabled
                        by default. [RT #40138]
 2017-08-31 07:57:50 +10:00
Tinderbox User
a5d6b4c4c8 regen master 2017-08-30 01:12:14 +00:00
Michał Kępień
efe7977c4d [master] Add -4/-6 command line options to nsupdate and rndc 
4691.	[func]		Add -4/-6 command line options to nsupdate and rndc.
			[RT #45632]
 2017-08-29 10:21:54 +02:00
Tinderbox User
07675caf4f regen master 2017-08-25 01:10:48 +00:00
Mark Andrews
07741d43c8 4688. [protocol] Check and display EDNS KEY TAG options (RFC 8145) in 
messages. [RT #44804]
 2017-08-25 08:38:19 +10:00
Tinderbox User
2a08a599ee regen master 2017-08-22 01:11:12 +00:00
Tinderbox User
5fbe52fbce regen master 2017-08-18 01:11:45 +00:00
Tinderbox User
7655cd1fe5 regen master 2017-08-17 01:10:36 +00:00
Mark Andrews
1fe9f65dbb add more details 2017-08-16 13:22:35 +10:00
Tinderbox User
7df675188c regen master 2017-08-16 01:10:34 +00:00
Mark Andrews
52fd57c989 4681. [bug] Log messages from the validator now include the 
associated view unless the view is "_default/IN"
                        or "_dnsclient/IN". [RT #45770]
 2017-08-16 09:29:20 +10:00
Tinderbox User
9ce1a8e93b regen master 2017-08-15 01:12:22 +00:00
Tinderbox User
4e22c61020 regen master 2017-08-11 01:12:23 +00:00
Evan Hunt
f8786917ac [master] revise CHANGES and release notes to say glue-cache is on by default 2017-08-09 21:48:51 -07:00
Mukund Sivaraman
b9532d9cf3 Turn on glue-cache by default 
- We decided to do this on the weekly BIND dev meeting
- Mark reviewed patch on Jabber
 2017-08-10 09:06:54 +05:30
Tinderbox User
20809d0a5a regen master 2017-08-10 01:11:49 +00:00
Evan Hunt
b2a5df8d4b [master] grammar error and missing reference to filter-aaaa-on-v6 2017-08-09 15:02:56 -07:00
Evan Hunt
c4cfb0b4dc [master] remove dig +sigchase 
4674.   [func]          "dig +sigchase", and related options "+topdown" and
                        "+trusted-keys", have been removed. Use "delv" for
                        queries with DNSSEC validation. [RT #42793]
 2017-08-09 11:03:27 -07:00
Tinderbox User
e1a2da2259 regen master 2017-08-05 01:14:25 +00:00
Evan Hunt
61367c604c [master] refactor resquery_response() and related functions 
4669.	[func]		Iterative query logic in resolver.c has been
			refactored into smaller functions and commented,
			for improved readability, maintainability and
			testability. [RT #45362]
 2017-08-04 16:08:11 -07:00
Tinderbox User
8cc38b581c regen master 2017-08-01 01:08:53 +00:00
Evan Hunt
913f7528fe [master] revise CHANGES note and add release note 2017-07-31 10:34:19 -07:00
Francis Dupont
9b9182fe00 Added Ed25519 support (#44696) 2017-07-31 15:26:00 +02:00
Tinderbox User
93ae9a09a9 regen master 2017-07-29 01:10:15 +00:00
Evan Hunt
268cea9c12 [master] glue-cache option 
4664.	[func]		Add a "glue-cache" option to enable or disable the
			glue cache. The default is "no" to reduce memory
			usage, but enabling this option will improve
			performance in delegation-heavy zones. [RT #45125]
 2017-07-28 12:57:50 -07:00
Evan Hunt
cee0d603a3 [master] remove unnecessary acronym expansions 2017-07-28 12:22:31 -07:00
Tinderbox User
2f575e645b regen master 2017-07-16 01:07:52 +00:00
Evan Hunt
8abc9db6bf [master] update relnotes to mention termination of windows XP support 2017-07-15 13:56:34 -07:00
Tinderbox User
a28cf7bfb5 regen master 2017-07-12 01:09:15 +00:00
Mark Andrews
56d8312a48 note change in AD setting on some truncated answers 2017-07-11 13:29:19 +10:00
Mark Andrews
9987992232 add note about .local 2017-07-11 12:43:31 +10:00
Tinderbox User
c6a2d3a9e6 regen master 2017-06-28 01:09:32 +00:00
Evan Hunt
581c1526ab [master] address TSIG bypass/forgery vulnerabilities 
4643.	[security]	An error in TSIG handling could permit unauthorized
			zone transfers or zone updates. (CVE-2017-3142)
			(CVE-2017-3143) [RT #45383]
 2017-06-27 11:39:19 -07:00
Tinderbox User
d6b626e9a7 regen master 2017-06-14 01:08:21 +00:00
Evan Hunt
bf05e66bb3 [master] prevent reload failure due to LMDB database perms 
4638.	[bug]		Reloading or reconfiguring named could fail on
			some platforms when LMDB was in use. [RT #45203]
 2017-06-13 10:15:34 -07:00
Evan Hunt
0471530aae [master] nsec3hash -r 
4637.	[func]		"nsec3hash -r" option ("rdata order") takes arguments
			in the same order as they appear in NSEC3 or
			NSEC3PARAM records, so that NSEC3 parameters can
			be cut and pasted from an existing record. Thanks
			to Tony Finch for the contribution. [RT #45183]
 2017-06-13 00:39:10 -07:00
Tinderbox User
d37d9a6873 regen master 2017-05-31 01:08:13 +00:00
Evan Hunt
967a3b9419 [master] quote service registry paths 
4532.	[security]	The BIND installer on Windows used an unquoted
                        service path, which can enable privilege escalation.
			(CVE-2017-3141) [RT #45229]
 2017-05-30 13:35:59 -07:00
Evan Hunt
2648c49be7 [master] fix rpz formerr loop 
4531.	[security]	Some RPZ configurations could go into an infinite
			query loop when encountering responses with TTL=0.
			(CVE-2017-3140) [RT #45181]
 2017-05-30 12:30:28 -07:00
Tinderbox User
a014b329f2 regen master 2017-05-19 01:09:39 +00:00
Evan Hunt
ef9ab10ce0 [master] remove outdated reference to libbind 2017-05-18 15:35:06 -07:00
Tinderbox User
bdf087ba00 regen master 2017-05-12 01:09:53 +00:00
Mark Andrews
d4d73bca79 add warning about semicolon no longer being escaped 2017-05-11 11:02:35 +10:00