mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-28 13:08:06 +00:00
Code Issues Releases Wiki Activity
41,735 Commits 660 Branches 820 Tags
Commit Graph

434 Commits

Author SHA1 Message Date
Mark Andrews
6bd6bd6d62 cast to unsigned 2018-02-16 10:20:38 +11:00
Mark Andrews
2b803b3463 prevent implict conversion to signed 2018-02-16 10:20:38 +11:00
Mark Andrews
9d5a0abe81 4841. [bug] Address -fsanitize=undefined warnings. [RT #46786] 2017-12-06 21:00:14 +11:00
Evan Hunt
65314b0fd8 [master] "enable-filter-aaaa" no longer optional 
4786.	[func]		The "filter-aaaa-on-v4" and "filter-aaaa-on-v6"
			options are no longer conditionally compiled.
			[RT #46340]
 2017-10-25 00:33:51 -07:00
Evan Hunt
8eb88aafee [master] add libns and remove liblwres 
4708.   [cleanup]       Legacy Windows builds (i.e. for XP and earlier)
                        are no longer supported. [RT #45186]

4707.	[func]		The lightweight resolver daemon and library (lwresd
			and liblwres) have been removed. [RT #45186]

4706.	[func]		Code implementing name server query processing has
			been moved from bin/named to a new library "libns".
			Functions remaining in bin/named are now prefixed
			with "named_" rather than "ns_".  This will make it
			easier to write unit tests for name server code, or
			link name server functionality into new tools.
			[RT #45186]
 2017-09-08 13:47:34 -07:00
Mark Andrews
0aed466565 4693. [func] Synthesis of responses from DNSSEC-verified records. 
Stage 1 covers NXDOMAIN synthesis from NSEC records.
                        This is controlled by synth-from-dnssec and is enabled
                        by default. [RT #40138]
 2017-08-31 07:57:50 +10:00
Mark Andrews
07741d43c8 4688. [protocol] Check and display EDNS KEY TAG options (RFC 8145) in 
messages. [RT #44804]
 2017-08-25 08:38:19 +10:00
Evan Hunt
581c1526ab [master] address TSIG bypass/forgery vulnerabilities 
4643.	[security]	An error in TSIG handling could permit unauthorized
			zone transfers or zone updates. (CVE-2017-3142)
			(CVE-2017-3143) [RT #45383]
 2017-06-27 11:39:19 -07:00
Mark Andrews
33e94f501f 4615. [bug] AD could be set on truncated answer with no records 
present in the answer and authority sections.
                        [RT #45140]
 2017-05-03 07:51:41 +10:00
Mukund Sivaraman
03be5a6b4e Improve performance for delegation heavy answers and also general query performance (#44029) 2017-04-22 09:22:44 +05:30
Mark Andrews
87ff6241e4 dns_master_styleflags returns dns_masterstyle_flags_t 2017-02-20 17:39:20 +11:00
Evan Hunt
4f744a027f [master] fix dig +ednsopt padding error 
4556.	[bug]		Sending an EDNS Padding option using "dig
			+ednsopt" could cause a crash in dig. [RT #44462]
 2017-01-19 23:52:41 -08:00
Evan Hunt
2e703d7b61 [master] expand the flags field in dns_master_style 
4550.	[cleanup]	Increased the number of available master file
			output style flags from 32 to 64. [RT #44043]
 2017-01-10 10:40:47 -08:00
Tinderbox User
f557aeef7c update copyright notice / whitespace 2017-01-05 23:45:24 +00:00
Evan Hunt
6d25cd0502 [master] remove inline variable declaration (broke win32) 2017-01-04 11:17:06 -08:00
Evan Hunt
5804332588 [master] EDNS padding and keepalive support 
4549.	[func]		Added support for the EDNS TCP Keepalive option
			(RFC 7828). [RT #42126]

4548.	[func]		Added support for the EDNS Padding option (RFC 7830).
			[RT #42094]
 2017-01-04 09:16:30 -08:00
Mark Andrews
52e2aab392 4546. [func] Extend the use of const declarations. [RT #43379] 2016-12-30 15:45:08 +11:00
Evan Hunt
b3aebb5890 [master] silence warning 2016-12-28 17:54:16 -08:00
Tinderbox User
4ef83f4333 update copyright notice / whitespace 2016-12-28 23:48:39 +00:00
Mark Andrews
f3bf3905c3 4517. [security] Named could mishandle authority sections that were 
missing RRSIGs triggering an assertion failure.
                        (CVE-2016-9444) [RT # 43632]

(cherry picked from commit 1df30cfd27c5a3c57fce357c54aaf6c702227d51)
 2016-12-29 10:39:51 +11:00
wpk
e910d18007 4545. [func] Make dnstap-read output more functionally usable. 
[RT #43642]

4544.	[func]		Add message/payload size to dnstap-read YAML output.
			[RT #43622]
 2016-12-28 11:57:28 +01:00
Mark Andrews
def6b33bad 4534. [bug] Only set RD, RA and CD in QUERY responses. [RT #43879] 2016-12-13 16:27:18 +11:00
Mark Andrews
df17290113 4468. [bug] Address ECS option handling issues. [RT #43191] 2016-09-14 08:22:15 +10:00
Mark Andrews
2bd0922cf9 4467. [security] It was possible to trigger a assertion when rendering 
a message. [RT #43139]
 2016-09-09 11:29:48 +10:00
Mark Andrews
58d622d96d 4462. [bug] Don't describe a returned EDNS COOKIE as "good" 
when there isn't a valid server cookie. [RT #43167]
 2016-09-08 11:34:19 +10:00
Mark Andrews
0c27b3fe77 4401. [misc] Change LICENSE to MPL 2.0. 2016-06-27 14:56:38 +10:00
Evan Hunt
395e6865d5 [master] fix ECS with family==0 
4341.	[bug]		Correct the handling of ECS options with
			address family 0. [RT #41377]
 2016-03-23 08:54:46 -07:00
Mark Andrews
33a4294f44 4330. [protocol] Identify the PAD option as "PAD" when printing out 
a message.
 2016-03-10 16:53:06 +11:00
Mukund Sivaraman
9da98335c1 Code cleanups (#41656) 2016-03-04 12:18:17 +05:30
Mark Andrews
8d00c5ab2c 4312. [bug] dig's unknown dns and edns flags (MBZ value) logging 
was not consistent. [RT #41600]
 2016-02-02 14:19:22 +11:00
Evan Hunt
2879ee2c72 [master] fix unchecked result 
4295.	[bug]		An unchecked result in dns_message_pseudosectiontotext()
			could allow incorrect text formatting of EDNS EXPIRE
			options. [RT #41437]
 2016-01-20 17:19:19 -08:00
Tinderbox User
feb1ccdaf1 update copyright notice / whitespace 2016-01-05 23:45:26 +00:00
Evan Hunt
0302fcbf7e [master] check addrlen/scopelen fit within family address length 2016-01-05 13:39:44 -08:00
Evan Hunt
1330ae5fc2 [master] check ECS address length 2016-01-05 12:17:54 -08:00
Tinderbox User
0796eca5f7 update copyright notice / whitespace 2015-12-31 11:45:08 +00:00
Mark Andrews
292eb9c4e4 4286. [security] render_ecs errors were mishandled when printing out 
a OPT record resulting in a assertion failure.
                        (CVE-2015-8705) [RT #41397]

(cherry picked from commit 3e0c1603a835c678b07f1147909bf196988ee0d3)
 2015-12-31 22:19:46 +11:00
Mark Andrews
f647c0df9f 4281. [bug] Teach dns_message_totext about BADCOOKIE. [RT #41257] 2015-12-15 19:49:40 +11:00
Mark Andrews
c8821d124c 4260. [security] Insufficient testing when parsing a message allowed 
records with an incorrect class to be be accepted,
                        triggering a REQUIRE failure when those records
                        were subsequently cached. (CVE-2015-8000) [RT #4098]
 2015-11-16 13:12:20 +11:00
Mark Andrews
8475bed9de 4249. [func] Improve error reporting of TSIG / SIG(0) records in 
the wrong location. [RT #40953]
 2015-10-29 17:03:03 +11:00
Evan Hunt
b66b333f59 [master] dnstap 
4235.	[func]		Added support in named for "dnstap", a fast method of
			capturing and logging DNS traffic, and a new command
			"dnstap-read" to read a dnstap log file.  Use
			"configure --enable-dnstap" to enable this
			feature (note that this requires libprotobuf-c
			and libfstrm). See the ARM for configuration details.

			Thanks to Robert Edmonds of Farsight Security.
			[RT #40211]
 2015-10-02 12:32:42 -07:00
Mark Andrews
f43e5c8ed2 4210. [cleanup] Silence use after free false positive. [RT #40743] 2015-09-17 14:05:19 +10:00
Mark Andrews
bd08b82891 add warning not about handling malformed option content 2015-07-07 10:25:09 +10:00
Mark Andrews
46fc714aa0 dig +ednsopt=<invalid> could trigger a assertion failure [RT #39990] 2015-07-06 23:03:51 +10:00
Mark Andrews
ce67023ae3 4152. [func] Implement DNS COOKIE option. This replaces the 
experimental SIT option of BIND 9.10.  The following
                        named.conf directives are avaliable: send-cookie,
                        cookie-secret, cookie-algorithm and nocookie-udp-size.
                        The following dig options are available:
                        +[no]cookie[=value] and +[no]badcookie.  [RT #39928]
 2015-07-06 09:44:24 +10:00
Mark Andrews
4a61eae651 4147. [bug] Filter-aaaa / filter-aaaa-on-v4 / filter-aaaa-on-v6 
was returning referrals rather than nodata responses
                        when the AAAA records were filtered.  [RT #39843]
 2015-06-29 15:48:41 +10:00
Evan Hunt
a32b6291aa [master] address regression 
4126.	[bug]		Addressed a regression introduced in change #4121.
			[RT #39611]
 2015-05-26 19:11:08 -07:00
Mark Andrews
1acfed3dac update variable name to better reflect reality 
(cherry picked from commit 51a82fe30d59ab84b4dd945d1b4408a93ba782a3)
 2015-05-11 13:42:04 +10:00
Mark Andrews
29d52c001f 4081. [cleanup] Use dns_rdatalist_init consistently. [RT #38759] 2015-03-03 16:43:42 +11:00
Mark Andrews
a8da00ef95 4079. [func] Preserve the case of the ownername of records to 
the RRset level. [RT #37442]
 2015-02-27 15:08:38 +11:00
Tinderbox User
c110d61b17 update copyright notice / whitespace 2015-01-20 23:45:26 +00:00