- Duplicate EDNS COOKIE options in a response could trigger - an assertion failure. This flaw is disclosed in CVE-2016-2088. - [RT #41809] -
- Insufficient testing when parsing a message allowed - records with an incorrect class to be be accepted, - triggering a REQUIRE failure when those records - were subsequently cached. This flaw is disclosed - in CVE-2015-8000. [RT #40987] -
- Incorrect reference counting could result in an INSIST - failure if a socket error occurred while performing a - lookup. This flaw is disclosed in CVE-2015-8461. [RT#40945] -
- An incorrect boundary check in the OPENPGPKEY rdatatype - could trigger an assertion failure. This flaw is disclosed - in CVE-2015-5986. [RT #40286] -
- A buffer accounting error could trigger an assertion failure - when parsing certain malformed DNSSEC keys. -
-- This flaw was discovered by Hanno Böck of the Fuzzing - Project, and is disclosed in CVE-2015-5722. [RT #40212] -
-- A specially crafted query could trigger an assertion failure - in message.c. -
-- This flaw was discovered by Jonathan Foote, and is disclosed - in CVE-2015-5477. [RT #40046] -
-- On servers configured to perform DNSSEC validation, an - assertion failure could be triggered on answers from - a specially configured server. -
-- This flaw was discovered by Breno Silveira Soares, and is - disclosed in CVE-2015-4620. [RT #39795] -
-- On servers configured to perform DNSSEC validation using - managed trust anchors (i.e., keys configured explicitly - via managed-keys, or implicitly - via dnssec-validation auto; or - dnssec-lookaside auto;), revoking - a trust anchor and sending a new untrusted replacement - could cause named to crash with an - assertion failure. This could occur in the event of a - botched key rollover, or potentially as a result of a - deliberate attack if the attacker was in position to - monitor the victim's DNS traffic. -
-- This flaw was discovered by Jan-Piet Mens, and is - disclosed in CVE-2015-1349. [RT #38344] -
-- A flaw in delegation handling could be exploited to put - named into an infinite loop, in which - each lookup of a name server triggered additional lookups - of more name servers. This has been addressed by placing - limits on the number of levels of recursion - named will allow (default 7), and - on the number of queries that it will send before - terminating a recursive query (default 50). -
-
- The recursion depth limit is configured via the
- max-recursion-depth option, and the query limit
- via the max-recursion-queries option.
-
- The flaw was discovered by Florian Maury of ANSSI, and is - disclosed in CVE-2014-8500. [RT #37580] -
-
- Two separate problems were identified in BIND's GeoIP code that
- could lead to an assertion failure. One was triggered by use of
- both IPv4 and IPv6 address families, the other by referencing
- a GeoIP database in named.conf which was
- not installed. Both are covered by CVE-2014-8680. [RT #37672]
- [RT #37679]
-
- A less serious security flaw was also found in GeoIP: changes
- to the geoip-directory option in
- named.conf were ignored when running
- rndc reconfig. In theory, this could allow
- named to allow access to unintended clients.
-
- Specific APL data could trigger an INSIST. This flaw - is disclosed in CVE-2015-8704. [RT #41396] -
- Certain errors that could be encountered when printing out - or logging an OPT record containing a CLIENT-SUBNET option - could be mishandled, resulting in an assertion failure. - This flaw is disclosed in CVE-2015-8705. [RT #41397] -
- Malformed control messages can trigger assertions in named - and rndc. This flaw is disclosed in CVE-2016-1285. [RT - #41666] -
- The resolver could abort with an assertion failure due to - improper DNAME handling when parsing fetch reply - messages. This flaw is disclosed in CVE-2016-1286. [RT #41753] -
+ None. +
geoip or ecs
- elements can match against the the address encoded in the option.
+ elements can match against the address encoded in the option.
This can be used to select a view for a query, so that different
answers can be provided depending on the client network.
@@ -388,7 +259,7 @@
dig +zflag can be used to set the last - unassigned DNS header flag bit. This bit in normally zero. + unassigned DNS header flag bit. This bit is normally zero.
dig +dscp=value
@@ -410,8 +281,8 @@
named -L filename
- causes named to send log messages to the specified file by
- default instead of to the system log.
+ causes named to send log messages to the
+ specified file by default instead of to the system log.
The rate limiter configured by the
@@ -531,16 +402,20 @@
may improve throughput. The default is yes.
- A "read-only" clause is now available for non-destructive + A read-only option is now available in the + controls statement to grant non-destructive control channel access. In such cases, a restricted set of - rndc commands are allowed for querying information from named. - By default, control channel access is read-write. + rndc commands are allowed, which can + report information from named, but cannot + reconfigure or stop the server. By default, the control channel + access is not restricted to these + read-only operations. [RT #40498]
- When loading managed signed zones detect if the RRSIG's - inception time is in the future and regenerate the RRSIG - immediately. This helps when the system's clock needs to - be reset backwards. + When loading a signed zone, named will + now check whether an RRSIG's inception time is in the future, + and if so, it will regenerate the RRSIG immediately. This helps + when a system's clock needs to be reset backwards.
- Updated the compiled in addresses for H.ROOT-SERVERS.NET. + Updated the compiled-in addresses for H.ROOT-SERVERS.NET + and L.ROOT-SERVERS.NET.
ACLs containing geoip asnum elements were @@ -688,7 +564,8 @@ message compression. This results in reduced network usage.
- Added support for the type AVC. + Added support for the AVC resource record type (Application + Visibility and Control).
- Duplicate EDNS COOKIE options in a response could trigger - an assertion failure. This flaw is disclosed in CVE-2016-2088. - [RT #41809] -
- Insufficient testing when parsing a message allowed - records with an incorrect class to be be accepted, - triggering a REQUIRE failure when those records - were subsequently cached. This flaw is disclosed - in CVE-2015-8000. [RT #40987] -
- Incorrect reference counting could result in an INSIST - failure if a socket error occurred while performing a - lookup. This flaw is disclosed in CVE-2015-8461. [RT#40945] -
- An incorrect boundary check in the OPENPGPKEY rdatatype - could trigger an assertion failure. This flaw is disclosed - in CVE-2015-5986. [RT #40286] -
- A buffer accounting error could trigger an assertion failure - when parsing certain malformed DNSSEC keys. -
-- This flaw was discovered by Hanno Böck of the Fuzzing - Project, and is disclosed in CVE-2015-5722. [RT #40212] -
-- A specially crafted query could trigger an assertion failure - in message.c. -
-- This flaw was discovered by Jonathan Foote, and is disclosed - in CVE-2015-5477. [RT #40046] -
-- On servers configured to perform DNSSEC validation, an - assertion failure could be triggered on answers from - a specially configured server. -
-- This flaw was discovered by Breno Silveira Soares, and is - disclosed in CVE-2015-4620. [RT #39795] -
-- On servers configured to perform DNSSEC validation using - managed trust anchors (i.e., keys configured explicitly - via managed-keys, or implicitly - via dnssec-validation auto; or - dnssec-lookaside auto;), revoking - a trust anchor and sending a new untrusted replacement - could cause named to crash with an - assertion failure. This could occur in the event of a - botched key rollover, or potentially as a result of a - deliberate attack if the attacker was in position to - monitor the victim's DNS traffic. -
-- This flaw was discovered by Jan-Piet Mens, and is - disclosed in CVE-2015-1349. [RT #38344] -
-- A flaw in delegation handling could be exploited to put - named into an infinite loop, in which - each lookup of a name server triggered additional lookups - of more name servers. This has been addressed by placing - limits on the number of levels of recursion - named will allow (default 7), and - on the number of queries that it will send before - terminating a recursive query (default 50). -
-
- The recursion depth limit is configured via the
- max-recursion-depth option, and the query limit
- via the max-recursion-queries option.
-
- The flaw was discovered by Florian Maury of ANSSI, and is - disclosed in CVE-2014-8500. [RT #37580] -
-
- Two separate problems were identified in BIND's GeoIP code that
- could lead to an assertion failure. One was triggered by use of
- both IPv4 and IPv6 address families, the other by referencing
- a GeoIP database in named.conf which was
- not installed. Both are covered by CVE-2014-8680. [RT #37672]
- [RT #37679]
-
- A less serious security flaw was also found in GeoIP: changes
- to the geoip-directory option in
- named.conf were ignored when running
- rndc reconfig. In theory, this could allow
- named to allow access to unintended clients.
-
- Specific APL data could trigger an INSIST. This flaw - is disclosed in CVE-2015-8704. [RT #41396] -
- Certain errors that could be encountered when printing out - or logging an OPT record containing a CLIENT-SUBNET option - could be mishandled, resulting in an assertion failure. - This flaw is disclosed in CVE-2015-8705. [RT #41397] -
- Malformed control messages can trigger assertions in named - and rndc. This flaw is disclosed in CVE-2016-1285. [RT - #41666] -
- The resolver could abort with an assertion failure due to - improper DNAME handling when parsing fetch reply - messages. This flaw is disclosed in CVE-2016-1286. [RT #41753] -
+ None. +
geoip or ecs
- elements can match against the the address encoded in the option.
+ elements can match against the address encoded in the option.
This can be used to select a view for a query, so that different
answers can be provided depending on the client network.
@@ -349,7 +220,7 @@
dig +zflag can be used to set the last - unassigned DNS header flag bit. This bit in normally zero. + unassigned DNS header flag bit. This bit is normally zero.
dig +dscp=value
@@ -371,8 +242,8 @@
named -L filename
- causes named to send log messages to the specified file by
- default instead of to the system log.
+ causes named to send log messages to the
+ specified file by default instead of to the system log.
The rate limiter configured by the
@@ -492,16 +363,20 @@
may improve throughput. The default is yes.
- A "read-only" clause is now available for non-destructive + A read-only option is now available in the + controls statement to grant non-destructive control channel access. In such cases, a restricted set of - rndc commands are allowed for querying information from named. - By default, control channel access is read-write. + rndc commands are allowed, which can + report information from named, but cannot + reconfigure or stop the server. By default, the control channel + access is not restricted to these + read-only operations. [RT #40498]
- When loading managed signed zones detect if the RRSIG's - inception time is in the future and regenerate the RRSIG - immediately. This helps when the system's clock needs to - be reset backwards. + When loading a signed zone, named will + now check whether an RRSIG's inception time is in the future, + and if so, it will regenerate the RRSIG immediately. This helps + when a system's clock needs to be reset backwards.
- Updated the compiled in addresses for H.ROOT-SERVERS.NET. + Updated the compiled-in addresses for H.ROOT-SERVERS.NET + and L.ROOT-SERVERS.NET.
ACLs containing geoip asnum elements were @@ -649,7 +525,8 @@ message compression. This results in reduced network usage.
- Added support for the type AVC. + Added support for the AVC resource record type (Application + Visibility and Control).