upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-04-15 22:09:31 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
22982 commits 18 branches 854 tags 440 MiB
Commit graph

9614 commits

Author SHA1 Message Date
Mark Andrews
017aa9aef6 4019. [func] If named is not configured to validate the answer 
then allow fallback to plain DNS on timeout even
                        when we know the server supports EDNS. [RT #37978]
 2014-12-05 17:47:26 +11:00
Mark Andrews
ea3aa401bc 4015. [bug] Nameservers that are skipped due to them being 
CNAMEs were not being logged. They are now logged
                        to category 'cname' as per BIND 8. [RT #37935]
 2014-12-03 11:34:07 +11:00
Mark Andrews
6444de08d1 4014. [bug] When including a master file origin_changed was 
not being properly set leading to a potentially
                        spurious 'inherited owner' warning. [RT #37919]
 2014-12-03 09:42:30 +11:00
Francis Dupont
5c5c6d289d Add a TCP only option to server/peer 2014-12-02 14:17:59 +01:00
Francis Dupont
fc63119c8b Hardened OpenSSL digest/HMAC calls [RT #37944] 2014-12-02 12:41:01 +01:00
Mark Andrews
401f7510d7 use the actual header 2014-11-28 19:17:26 +11:00
Mark Andrews
7554ff1619 add #define rdataset_clearprefetch rdataset_clearprefetch64 2014-11-25 12:06:23 +11:00
Tinderbox User
523ad879ce update copyright notice / whitespace 2014-11-24 23:53:16 +00:00
Mark Andrews
092d3b76db 4010. [cleanup] Clear the prefetchable state when initiating a prefetch. 
[RT #37399]
 2014-11-24 11:18:30 +11:00
Evan Hunt
92384667ff [master] delv +tcp 
4009.	[func]		delv: added a +tcp option. [RT #37855]
 2014-11-21 09:42:04 -08:00
Mark Andrews
70bceacc80 silence signed/unsigned warning 2014-11-21 20:28:17 +11:00
Evan Hunt
3e5b4176d8 [master] win32 build fix 2014-11-20 15:55:43 -08:00
Evan Hunt
c6b699b58e [master] remove inadvertently-retained content from quota.h 2014-11-20 12:55:01 -08:00
Evan Hunt
05e448935c [master] refactor max-recursion-queries 
- the counters weren't set correctly when fetches timed out.
  instead we now pass down a counter object.
 2014-11-19 18:21:02 -08:00
Evan Hunt
c4f54e5bd1 [master] add max-recursion-queries 
also fixes and documentation for max-recursion-depth
 2014-11-18 22:02:02 -08:00
Evan Hunt
3230429e17 [master] limit recursion depth and iterative queries 
4006.	[security]	A flaw in delegation handling could be exploited
			to put named into an infinite loop.  This has
			been addressed by placing limits on the number
			of levels of recursion named will allow (default 7),
			and the number of iterative queries that it will
			send (default 50) before terminating a recursive
			query (CVE-2014-8500).

			The recursion depth limit is configured via the
			"max-recursion-depth" option.  [RT #35780]
 2014-11-17 23:24:44 -08:00
Evan Hunt
c325ff9c79 [master] complete coverity fixes 2014-11-17 17:39:00 -08:00
Mark Andrews
4ac862fa96 only execute additional tests if create call succeeds 2014-11-18 12:19:37 +11:00
Evan Hunt
a0b4f6d952 [master] geoip security fixes 
4003.	[security]	When geoip-directory was reconfigured during
			named run-time, the previously loaded GeoIP
			data could remain, potentially causing wrong
			ACLs to be used or wrong results to be served
			based on geolocation. [RT #37720]

4002.	[security]	Lookups in GeoIP databases that were not
			loaded could cause an assertion failure.
			[RT #37679]

4001.	[security]	The caching of GeoIP lookups did not always
			handle address families correctly, potentially
			resulting in an assertion failure. [RT #37672]
 2014-11-16 08:43:22 -08:00
Tinderbox User
aee6c351d3 update copyright notice 2014-11-15 23:45:22 +00:00
Evan Hunt
63fb92c1ba [master] fix false positive compiler warning 
a "pointer always evaluates to true" warning was blocking
compilation of the radix ATF test when using --enable-developer
with gcc 4.8.2.
 2014-11-15 00:56:30 -08:00
Evan Hunt
907e01d6f3 [master] buffer ATF test was failing 2014-11-15 00:56:17 -08:00
Evan Hunt
e32d354f75 [master] allow arbitrary-size rndc output 
4005.	[func]		The buffer used for returning text from rndc
			commands is now dynamically resizable, allowing
			arbitrarily large amounts of text to be sent back
			to the client. (Prior to this change, it was
			possible for the output of "rndc tsig-list" to be
			truncated.) [RT #37731]
 2014-11-14 15:58:54 -08:00
Evan Hunt
c4abb19716 [master] reference leak with AAAA glue but not A 
4004.	[bug]		When delegations had AAAA glue but not A, a
			reference could be leaked causing an assertion
			failure on shutdown. [RT #37796]
 2014-11-14 09:02:28 -08:00
Mukund Sivaraman
a3157f3c75 [master] close() fd when done (Coverity report) 2014-11-11 07:15:02 +05:30
Evan Hunt
fadf7291df [master] check creat() return 2014-11-10 17:30:58 -08:00
Tinderbox User
6d0a639bd0 update copyright notice 2014-11-06 23:45:21 +00:00
Evan Hunt
067c0c38e7 [master] s/mempcy/memmove/ 2014-11-06 13:01:59 -08:00
Mark Andrews
8f0cf84bb1 set working directory; #include <string.h> 2014-11-06 18:02:32 +11:00
Tinderbox User
d478dbae80 update copyright notice 2014-11-05 23:45:20 +00:00
Evan Hunt
ad9645512c [master] add print.h 2014-11-04 20:43:41 -08:00
Evan Hunt
ce96d4326c [master] new mkeys and nzf naming format 
3999.	[func]		"mkeys" and "nzf" files are now named after
			their corresponding views, unless the view name
			contains characters that would be incompatible
			with use in a filename (i.e., slash, backslash,
			or capital letters). If a view name does contain
			these characters, the files will still be named
			using a cryptographic hash of the view name.
			Regardless of this, if a file using the old name
			format is found to exist, it will continue to be
			used. [RT #37704]
 2014-11-04 19:43:27 -08:00
Tinderbox User
5781d00939 update copyright notice 2014-11-04 23:45:20 +00:00
Mark Andrews
a31d0513c3 add missing opening bracket 2014-11-04 17:02:32 +11:00
Mark Andrews
b976c39c07 3998. [bug] isc_radix_search was returning matches that were 
to precise. [RT #37680]
 2014-11-04 12:34:12 +11:00
Mark Andrews
1feee79e1f 3997. [protocol] Add OPENGPGKEY record. [RT# 37671] 2014-11-04 12:24:39 +11:00
Tinderbox User
03fc2ff527 update copyright notice 2014-10-31 23:45:23 +00:00
Mark Andrews
c2f8108123 3996. [bug] Address use after free on out of memory error in 
keyring_add. [RT #37639]
 2014-10-31 11:44:09 +11:00
Mark Andrews
4e59131f18 3995. [bug] receive_secure_serial holds the zone lock for too 
long. [RT #37626]
 2014-10-31 11:38:14 +11:00
Mark Andrews
00fb0253c9 3991. [func] Add the ability to buffer logging output by specifying 
"buffered yes;" when defining a channel. [RT #26561]
 2014-10-30 11:37:05 +11:00
Mark Andrews
eb5243365c 3989. [cleanup] Remove redundent dns_db_resigned calls. [RT #35748] 2014-10-30 10:53:12 +11:00
Mark Andrews
bad93fb90c missing comma 2014-10-28 16:10:49 +11:00
Tinderbox User
6932de75ef update copyright notice 2014-10-21 23:45:24 +00:00
Francis Dupont
4d6329c1b3 Handle VS14 incompatible changes [RT #37380] 2014-10-21 09:34:33 +02:00
Mark Andrews
4140a96f22 3987. [func] Allow the zone serial of a dynamically updatable 
zone to be updated via rndc. [RT #37404]
 2014-10-21 18:15:42 +11:00
Francis Dupont
7fbfa379e2 Accept up to 256 byte PINs in native PKCS#11. [RT #37410] 2014-10-20 22:55:40 +02:00
Evan Hunt
498b061031 [master] allow 1-week nta-lifetime/nta-recheck 
3983.	[bug]		Change #3940 was incomplete: negative trust anchors
			could be set to last up to a week, but the
			"nta-lifetime" and "nta-recheck" options were
			still limted to one day. [RT #37522]
 2014-10-20 13:40:17 -07:00
Mark Andrews
72775a79fe 3981. [bug] Cache DS/NXDOMAIN independently of other query types. 
[RT #37467]
 2014-10-18 13:09:09 +11:00
Mark Andrews
871f3c8bee 3980. [bug] Improve --with-tuning=large by self tuning of SO_RCVBUF 
size. [RT #37187]
 2014-10-18 12:40:13 +11:00
Mark Andrews
48f97c23b7 3979. [bug] Negative trust anchor fetches where not properly 
managed. [RT #37488]
 2014-10-18 10:07:24 +11:00