upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-14 00:49:59 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

regen v9_11

Browse source
This commit is contained in:
Tinderbox User 2016-11-03 01:12:32 +00:00
parent 9ab989b88c
commit 45571e7374
7 changed files with 120 additions and 57 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
bin/named/named.conf.5
View file

@ -369,6 +369,7 @@ options {
( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&.
};
max\-journal\-size \fIsize_no_default\fR;
max\-records \fIinteger\fR;
max\-transfer\-time\-in \fIinteger\fR;
max\-transfer\-time\-out \fIinteger\fR;
max\-transfer\-idle\-in \fIinteger\fR;
@ -556,6 +557,7 @@ view \fIstring\fR \fIoptional_class\fR {
( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&.
};
max\-journal\-size \fIsize_no_default\fR;
max\-records \fIinteger\fR;
max\-transfer\-time\-in \fIinteger\fR;
max\-transfer\-time\-out \fIinteger\fR;
max\-transfer\-idle\-in \fIinteger\fR;
@ -650,6 +652,7 @@ zone \fIstring\fR \fIoptional_class\fR {
( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&.
};
max\-journal\-size \fIsize_no_default\fR;
max\-records \fIinteger\fR;
max\-transfer\-time\-in \fIinteger\fR;
max\-transfer\-time\-out \fIinteger\fR;
max\-transfer\-idle\-in \fIinteger\fR;

3
bin/named/named.conf.html
View file

@ -320,6 +320,7 @@ options
};<br>
<br>
max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
max-records <em class="replaceable"><code>integer</code></em>;<br>
max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
@ -523,6 +524,7 @@ view
};<br>
<br>
max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
max-records <em class="replaceable"><code>integer</code></em>;<br>
max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
@ -623,6 +625,7 @@ zone
};<br>
<br>
max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
max-records <em class="replaceable"><code>integer</code></em>;<br>
max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>

11
doc/arm/Bv9ARM.ch06.html
View file

@ -2402,6 +2402,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
[<span class="optional"> use-queryport-pool <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> queryport-pool-ports <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> queryport-pool-updateinterval <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> max-records <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> max-transfer-time-in <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> max-transfer-time-out <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> max-transfer-idle-in <em class="replaceable"><code>number</code></em>; </span>]
@ -5594,6 +5595,11 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
means 2 gigabytes.
This may also be set on a per-zone basis.
</p></dd>
<dt><span class="term"><span class="command"><strong>max-records</strong></span></span></dt>
<dd><p>
The maximum number of records permitted in a zone.
The default is zero which means unlimited.
</p></dd>
<dt><span class="term"><span class="command"><strong>host-statistics-max</strong></span></span></dt>
<dd><p>
In BIND 8, specifies the maximum number of host statistics
@ -9171,6 +9177,11 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
See the description of
<span class="command"><strong>max-journal-size</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#server_resource_limits" title="Server Resource Limits">the section called &#8220;Server Resource Limits&#8221;</a>.
</p></dd>
<dt><span class="term"><span class="command"><strong>max-records</strong></span></span></dt>
<dd><p>
See the description of
<span class="command"><strong>max-records</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#server_resource_limits" title="Server Resource Limits">the section called &#8220;Server Resource Limits&#8221;</a>.
</p></dd>
<dt><span class="term"><span class="command"><strong>max-transfer-time-in</strong></span></span></dt>
<dd><p>
See the description of

7
doc/arm/Bv9ARM.ch09.html
View file

@ -108,6 +108,13 @@
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem"><p>
Added the ability to specify the maximum number of records
permitted in a zone (max-records #;). This provides a mechanism
to block overly large zone transfers, which is a potential risk
with slave zones from other parties, as described in CVE-2016-6170.
[RT #42143]
</p></li>
<li class="listitem"><p>
It was possible to trigger a assertion when rendering a
message using a specially crafted request. This flaw is

3
doc/arm/man.named.conf.html
View file

@ -338,6 +338,7 @@ options
};<br>
<br>
max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
max-records <em class="replaceable"><code>integer</code></em>;<br>
max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
@ -541,6 +542,7 @@ view
};<br>
<br>
max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
max-records <em class="replaceable"><code>integer</code></em>;<br>
max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
@ -641,6 +643,7 @@ zone
};<br>
<br>
max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
max-records <em class="replaceable"><code>integer</code></em>;<br>
max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>

7
doc/arm/notes.html
View file

@ -69,6 +69,13 @@
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem"><p>
Added the ability to specify the maximum number of records
permitted in a zone (max-records #;). This provides a mechanism
to block overly large zone transfers, which is a potential risk
with slave zones from other parties, as described in CVE-2016-6170.
[RT #42143]
</p></li>
<li class="listitem"><p>
It was possible to trigger a assertion when rendering a
message using a specially crafted request. This flaw is

143
doc/misc/options
View file

@ -2,30 +2,35 @@
This is a summary of the named.conf options supported by
this version of BIND 9.
acl <string> { <address_match_element>; ... };
acl <string> { <address_match_element>; ... }; // may occur multiple times
controls {
inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | *
) ] allow { <address_match_element>; ... } [ keys { <string>;
... } ] [ read-only <boolean> ];
unix <quoted_string> perm <integer> owner <integer> group <integer>
[ keys { <string>; ... } ] [ read-only <boolean> ];
};
inet ( <ipv4_address> | <ipv6_address> |
* ) [ port ( <integer> | * ) ] allow
{ <address_match_element>; ... } [
keys { <string>; ... } ] [ read-only
<boolean> ]; // may occur multiple times
unix <quoted_string> perm <integer>
owner <integer> group <integer> [
keys { <string>; ... } ] [ read-only
<boolean> ]; // may occur multiple times
}; // may occur multiple times
dlz <string> {
database <string>;
search <boolean>;
};
}; // may occur multiple times
dyndb <string> <quoted_string> { <unspecified text> };
dyndb <string> <quoted_string> {
<unspecified-text> }; // may occur multiple times
key <string> {
algorithm <string>;
secret <string>;
};
}; // may occur multiple times
logging {
category <string> { <string>; ... };
category <string> { <string>; ... }; // may occur multiple times
channel <string> {
buffered <boolean>;
file <quoted_string> [ versions ( "unlimited" | <integer> )
@ -37,7 +42,7 @@ logging {
severity <log_severity>;
stderr;
syslog [ <syslog_facility> ];
};
}; // may occur multiple times
};
lwres {
@ -48,14 +53,15 @@ lwres {
ndots <integer>;
search { <string>; ... };
view <string> [ <class> ];
};
}; // may occur multiple times
managed-keys { <string> <string> <integer> <integer> <integer>
<quoted_string>; ... };
managed-keys { <string> <string> <integer>
<integer> <integer> <quoted_string>; ... }; // may occur multiple times
masters <string> [ port <integer> ] [ dscp <integer> ] { ( <masters> |
<ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] )
[ key <string> ]; ... };
masters <string> [ port <integer> ] [ dscp
<integer> ] { ( <masters> | <ipv4_address> [
port <integer> ] | <ipv6_address> [ port
<integer> ] ) [ key <string> ]; ... }; // may occur multiple times
options {
acache-cleaning-interval <integer>;
@ -99,7 +105,8 @@ options {
check-integrity <boolean>;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-names ( master | slave | response ) ( fail | warn | ignore );
check-names ( master | slave | response
) ( fail | warn | ignore ); // may occur multiple times
check-sibling <boolean>;
check-spf ( warn | ignore );
check-srv-cname ( fail | warn | ignore );
@ -117,9 +124,11 @@ options {
<quoted_string>; ... } ];
dialup ( notify | notify-passive | refresh | passive | <boolean> );
directory <quoted_string>;
disable-algorithms <string> { <string>; ... };
disable-ds-digests <string> { <string>; ... };
disable-empty-zone <string>;
disable-algorithms <string> { <string>;
... }; // may occur multiple times
disable-ds-digests <string> { <string>;
... }; // may occur multiple times
disable-empty-zone <string>; // may occur multiple times
dns64 <netprefix> {
break-dnssec <boolean>;
clients { <address_match_element>; ... };
@ -127,15 +136,16 @@ options {
mapped { <address_match_element>; ... };
recursive-only <boolean>;
suffix <ipv6_address>;
};
}; // may occur multiple times
dns64-contact <string>;
dns64-server <string>;
dnssec-accept-expired <boolean>;
dnssec-dnskey-kskonly <boolean>;
dnssec-enable <boolean>;
dnssec-loadkeys-interval <integer>;
dnssec-lookaside ( <string> trust-anchor <string> | auto | no );
dnssec-must-be-secure <string> <boolean>;
dnssec-lookaside ( <string> trust-anchor
<string> | auto | no ); // may occur multiple times
dnssec-must-be-secure <string> <boolean>; // may occur multiple times
dnssec-secure-to-insecure <boolean>;
dnssec-update-mode ( maintain | no-resign );
dnssec-validation ( yes | no | auto );
@ -188,10 +198,12 @@ options {
keep-response-order { <address_match_element>; ... };
key-directory <quoted_string>;
lame-ttl <ttlval>;
listen-on [ port <integer> ] [ dscp <integer> ] {
<address_match_element>; ... };
listen-on-v6 [ port <integer> ] [ dscp <integer> ] {
<address_match_element>; ... };
listen-on [ port <integer> ] [ dscp
<integer> ] {
<address_match_element>; ... }; // may occur multiple times
listen-on-v6 [ port <integer> ] [ dscp
<integer> ] {
<address_match_element>; ... }; // may occur multiple times
lock-file ( <quoted_string> | none );
maintain-ixfr-base <boolean>; // obsolete
managed-keys-directory <quoted_string>;
@ -205,6 +217,7 @@ options {
max-ixfr-log-size ( unlimited | default | <sizeval> ); // obsolete
max-journal-size ( unlimited | <sizeval> );
max-ncache-ttl <integer>;
max-records <integer>;
max-recursion-depth <integer>;
max-recursion-queries <integer>;
max-refresh-time <integer>;
@ -329,7 +342,7 @@ options {
transfers-out <integer>;
transfers-per-ns <integer>;
treat-cr-as-space <boolean>; // obsolete
trust-anchor-telemetry <boolean>;
trust-anchor-telemetry <boolean>; // experimental
try-tcp-refresh <boolean>;
update-check-ksk <boolean>;
use-alt-transfer-source <boolean>;
@ -372,14 +385,17 @@ server <netprefix> {
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
] [ dscp <integer> ];
transfers <integer>;
};
}; // may occur multiple times
statistics-channels {
inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | *
) ] [ allow { <address_match_element>; ... } ];
};
inet ( <ipv4_address> | <ipv6_address> |
* ) [ port ( <integer> | * ) ] [
allow { <address_match_element>; ...
} ]; // may occur multiple times
}; // may occur multiple times
trusted-keys { <string> <integer> <integer> <integer> <quoted_string>; ... };
trusted-keys { <string> <integer> <integer>
<integer> <quoted_string>; ... }; // may occur multiple times
view <string> [ <class> ] {
acache-cleaning-interval <integer>;
@ -418,7 +434,8 @@ view <string> [ <class> ] {
check-integrity <boolean>;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-names ( master | slave | response ) ( fail | warn | ignore );
check-names ( master | slave | response
) ( fail | warn | ignore ); // may occur multiple times
check-sibling <boolean>;
check-spf ( warn | ignore );
check-srv-cname ( fail | warn | ignore );
@ -430,13 +447,15 @@ view <string> [ <class> ] {
deny-answer-aliases { <quoted_string>; ... } [ except-from {
<quoted_string>; ... } ];
dialup ( notify | notify-passive | refresh | passive | <boolean> );
disable-algorithms <string> { <string>; ... };
disable-ds-digests <string> { <string>; ... };
disable-empty-zone <string>;
disable-algorithms <string> { <string>;
... }; // may occur multiple times
disable-ds-digests <string> { <string>;
... }; // may occur multiple times
disable-empty-zone <string>; // may occur multiple times
dlz <string> {
database <string>;
search <boolean>;
};
}; // may occur multiple times
dns64 <netprefix> {
break-dnssec <boolean>;
clients { <address_match_element>; ... };
@ -444,15 +463,16 @@ view <string> [ <class> ] {
mapped { <address_match_element>; ... };
recursive-only <boolean>;
suffix <ipv6_address>;
};
}; // may occur multiple times
dns64-contact <string>;
dns64-server <string>;
dnssec-accept-expired <boolean>;
dnssec-dnskey-kskonly <boolean>;
dnssec-enable <boolean>;
dnssec-loadkeys-interval <integer>;
dnssec-lookaside ( <string> trust-anchor <string> | auto | no );
dnssec-must-be-secure <string> <boolean>;
dnssec-lookaside ( <string> trust-anchor
<string> | auto | no ); // may occur multiple times
dnssec-must-be-secure <string> <boolean>; // may occur multiple times
dnssec-secure-to-insecure <boolean>;
dnssec-update-mode ( maintain | no-resign );
dnssec-validation ( yes | no | auto );
@ -462,7 +482,8 @@ view <string> [ <class> ] {
<integer> ] [ dscp <integer> ] | <ipv4_address> [ port
<integer> ] [ dscp <integer> ] | <ipv6_address> [ port
<integer> ] [ dscp <integer> ] ); ... };
dyndb <string> <quoted_string> { <unspecified text> };
dyndb <string> <quoted_string> {
<unspecified-text> }; // may occur multiple times
edns-udp-size <integer>;
empty-contact <string>;
empty-server <string>;
@ -482,12 +503,13 @@ view <string> [ <class> ] {
key <string> {
algorithm <string>;
secret <string>;
};
}; // may occur multiple times
key-directory <quoted_string>;
lame-ttl <ttlval>;
maintain-ixfr-base <boolean>; // obsolete
managed-keys { <string> <string> <integer> <integer> <integer>
<quoted_string>; ... };
managed-keys { <string> <string>
<integer> <integer> <integer>
<quoted_string>; ... }; // may occur multiple times
masterfile-format ( text | raw | map );
masterfile-style ( full | relative );
match-clients { <address_match_element>; ... };
@ -500,6 +522,7 @@ view <string> [ <class> ] {
max-ixfr-log-size ( unlimited | default | <sizeval> ); // obsolete
max-journal-size ( unlimited | <sizeval> );
max-ncache-ttl <integer>;
max-records <integer>;
max-recursion-depth <integer>;
max-recursion-queries <integer>;
max-refresh-time <integer>;
@ -602,7 +625,7 @@ view <string> [ <class> ] {
transfer-source-v6 ( <ipv6_address> | * ) [ port (
<integer> | * ) ] [ dscp <integer> ];
transfers <integer>;
};
}; // may occur multiple times
servfail-ttl <ttlval>;
sig-signing-nodes <integer>;
sig-signing-signatures <integer>;
@ -616,9 +639,10 @@ view <string> [ <class> ] {
dscp <integer> ];
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
] [ dscp <integer> ];
trust-anchor-telemetry <boolean>;
trusted-keys { <string> <integer> <integer> <integer>
<quoted_string>; ... };
trust-anchor-telemetry <boolean>; // experimental
trusted-keys { <string> <integer>
<integer> <integer> <quoted_string>;
... }; // may occur multiple times
try-tcp-refresh <boolean>;
update-check-ksk <boolean>;
use-alt-transfer-source <boolean>;
@ -681,6 +705,7 @@ view <string> [ <class> ] {
max-ixfr-log-size ( unlimited | default |
<sizeval> ); // obsolete
max-journal-size ( unlimited | <sizeval> );
max-records <integer>;
max-refresh-time <integer>;
max-retry-time <integer>;
max-transfer-idle-in <integer>;
@ -699,8 +724,10 @@ view <string> [ <class> ] {
| * ) ] [ dscp <integer> ];
notify-to-soa <boolean>;
nsec3-test-zone <boolean>; // test only
pubkey <integer> <integer> <integer>
<quoted_string>; // obsolete
pubkey <integer>
<integer>
<integer>
<quoted_string>; // obsolete, may occur multiple times
request-expire <boolean>;
request-ixfr <boolean>;
serial-update-method ( increment | unixtime | date );
@ -727,9 +754,9 @@ view <string> [ <class> ] {
use-alt-transfer-source <boolean>;
zero-no-soa-ttl <boolean>;
zone-statistics ( full | terse | none | <boolean> );
};
}; // may occur multiple times
zone-statistics ( full | terse | none | <boolean> );
};
}; // may occur multiple times
zone <string> [ <class> ] {
allow-notify { <address_match_element>; ... };
@ -782,6 +809,7 @@ zone <string> [ <class> ] {
<integer> ] ) [ key <string> ]; ... };
max-ixfr-log-size ( unlimited | default | <sizeval> ); // obsolete
max-journal-size ( unlimited | <sizeval> );
max-records <integer>;
max-refresh-time <integer>;
max-retry-time <integer>;
max-transfer-idle-in <integer>;
@ -800,7 +828,8 @@ zone <string> [ <class> ] {
[ dscp <integer> ];
notify-to-soa <boolean>;
nsec3-test-zone <boolean>; // test only
pubkey <integer> <integer> <integer> <quoted_string>; // obsolete
pubkey <integer> <integer>
<integer> <quoted_string>; // obsolete, may occur multiple times
request-expire <boolean>;
request-ixfr <boolean>;
serial-update-method ( increment | unixtime | date );
@ -826,5 +855,5 @@ zone <string> [ <class> ] {
use-alt-transfer-source <boolean>;
zero-no-soa-ttl <boolean>;
zone-statistics ( full | terse | none | <boolean> );
};
}; // may occur multiple times