mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 05:28:00 +00:00
Code Issues Releases Wiki Activity
41,385 Commits 656 Branches 820 Tags
Commit Graph

2994 Commits

Author SHA1 Message Date
Michał Kępień
4e934bae0b BIND 9.19.9 
-----BEGIN PGP SIGNATURE-----
 
 iQJDBAABCgAtFiEENKwGS3ftSQfs1TU17QVz/8hFYQUFAmPAfwYPHG1pY2hhbEBp
 c2Mub3JnAAoJEO0Fc//IRWEFpmAP/23tasuol54W1dxnjGoQ7NYDV89ywQiWplyn
 syPs+iESFb3I9SlAHHhRGM0IREuDxjuexFdrIJOfZqokg36qPj+z81LRlRuRuetc
 HigGzpt2CDP41rVMsxzW3vyh2a3fTrjBKYT4tnDlsdnbwJOfFG4N/hdB7jqDPWut
 u1Itf/lD8iHhsISgFqvtKiQqc6XFwwzVAeSPH6pHnmngt16imVoQiddnw1RYn0vB
 EPcqhVvSeYS1AGWprnHpaWt8bru460iZwet+QKlxNxW6p4mOXGr6jQWqhZ+6ORDr
 Vo/a3+5Di+tNn89GJSbehLi5UQbvrcMR8WiQ54WP/k0PPTgoqMRC4PerLsNU8Vzq
 y1k18n8DMsuro92cNAdJk3gXuXYgGNF2sk9JtqwmiDo1/6G3afKfDiVKjiK1CxK0
 1CMKD+mPHCWB/H5U50oL1z89OCZDVUBUDT0YIrCBBrTIitzyXyAFkh+sjbRbdzww
 kg1GdZ4ODaydcWYH7r3RCHWDX6nkwADqGRk0SYvrJTFL2Hu150mwuxZj/5UZcmsz
 of6qh5b9yZrDrnBHgoqknnepuxiORFF7l3kk63fA13WG6S1m6h2ZONoVLw0J67dx
 mnAo0nlnWKi+TEl/CHiHcMZbeVhE/jrHAMPIcQQphKbCeQT1NPFSU2FQxa+dpix+
 V+y8x6Qb
 =TTpT
 -----END PGP SIGNATURE-----

Merge tag 'v9_19_9'

BIND 9.19.9
 2023-01-25 21:16:00 +01:00
Aram Sargsyan
6ea05ac3fe Resolver query forwarding to DoT-enabled upstream servers 
Implement TLS transport usage in the resolver.

Use the configured TLS transport for the forwarders in the resolver.
 2023-01-20 14:45:30 +00:00
Evan Hunt
470ccbc8ed mark "port" as deprecated for source address options 
Deprecate the use of "port" when configuring query-source(-v6),
transfer-source(-v6), notify-source(-v6), parental-source(-v6),
etc. Also deprecate use-{v4,v6}-udp-ports and avoid-{v4,v6}udp-ports.
 2023-01-17 17:29:21 -08:00
Evan Hunt
287722ac12 fully remove DSCP 
The "dscp" option is now marked as "ancient" and it is a configuration
error to use it or to configure DSCP values for any source-address
option.
 2023-01-17 16:18:21 -08:00
Michał Kępień
ac18df0591 Prepare release notes for BIND 9.19.9 2023-01-12 21:39:37 +01:00
Evan Hunt
f57758a730 add a configuration option for the update quota 
add an "update-quota" option to configure the update quota.
 2023-01-12 11:52:48 +01:00
Evan Hunt
7c47254a14 add an update quota 
limit the number of simultaneous DNS UPDATE events that can be
processed by adding a quota for update and update forwarding.
this quota currently, arbitrarily, defaults to 100.

also add a statistics counter to record when the update quota
has been exceeded.
 2023-01-12 11:52:48 +01:00
Evan Hunt
916ea26ead remove nonfunctional DSCP implementation 
DSCP has not been fully working since the network manager was
introduced in 9.16, and has been completely broken since 9.18.
This seems to have caused very few difficulties for anyone,
so we have now marked it as obsolete and removed the
implementation.

To ensure that old config files don't fail, the code to parse
dscp key-value pairs is still present, but a warning is logged
that the feature is obsolete and should not be used. Nothing is
done with configured values, and there is no longer any
range checking.
 2023-01-09 12:15:21 -08:00
Michał Kępień
1a5d707f52 Update copyright year to 2023 2023-01-02 13:58:00 +01:00
Matthijs Mekking
8640e70616 Remove setting alternate transfer source from doc 
Remove any reference to 'alt-transfer-source', 'alt-transfer-source-v6',
and 'use-alt-transfer-source' from the documentation and manual pages.
 2022-12-23 14:44:48 +01:00
Tom Krizek
a3fcfe3d71 BIND 9.19.8 
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQQenrxMWseszT2nKSgBYjubZSogpwUCY5c08QAKCRABYjubZSog
 p13/AP93ry8u87Zcu9KnQ4/Tm5dIgfwPWstsvn90ZRnZBVMVGQEA8FP02WrE+dkr
 pODYjvXvkGchYdetg8qHlpXOk4BHXgc=
 =ohAR
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQQenrxMWseszT2nKSgBYjubZSogpwUCY6QfxAAKCRABYjubZSog
 p+xKAQCLz+H1F/p5cIrcnqtmtFn6EprmLm4x+3Qy+TFxHwJunAD/Xqd2WbzpyI9c
 QjRtfLn2fZl/YEWiDfLYh10LwQLYyg4=
 =N+1U
 -----END PGP SIGNATURE-----

Merge tag 'v9_19_8'

BIND 9.19.8
 2022-12-22 10:13:38 +01:00
Michał Kępień
64985af9fc Prepare release notes for BIND 9.19.8 2022-12-12 12:11:01 +01:00
Ondřej Surý
0c62c0bdb7
Mark setting operating system limits from named.conf as ancient 
After deprecating the operating system limits settings (coresize,
datasize, files and stacksize), mark them as ancient and remove the code
that sets the values from config.
 2022-12-07 19:40:00 +01:00
Matthijs Mekking
f7b477f6ea Document NS queries are excempt from minimal-responses 
Also document that DNSKEY, DS, CDNSKEY, and CDS never do additional
section processing.
 2022-12-07 11:37:55 +01:00
Mark Andrews
e8e40e2e01 Check that DS records are only present at delegations 
This extends the integrity check to look for stray DS records
in the zone.
 2022-12-06 23:27:40 +11:00
Matthijs Mekking
13a16c1f4d Add missing deprecated tag to max-zone-ttl 
This option was deprecated in commit 19352dd1877 but at that time
we didn't mark it deprecated in the ARM reference.
 2022-11-30 16:29:46 +01:00
Matthijs Mekking
105465d316 Deprecate alt-transfer-source and companions 
Deprecate the alternate transfer sources from BIND 8.
 2022-11-30 16:29:46 +01:00
Michal Nowak
b293b2c638
Add Fedora 37 2022-11-21 12:48:40 +01:00
Matthijs Mekking
f71a6692db Obsolete dnssec-secure-to-insecure option 
Now that the key management operations using dynamic updates feature
has been removed, the 'dnssec-secure-to-insecure' option has become
obsoleted.
 2022-11-18 11:04:17 +01:00
Matthijs Mekking
93441714ad Remove dynamic update key management documentation 
Remove the text from the ARM and DNSSEC guide that describes how to do
key and denial of existence operations using dynamic update. Add a new
section about DNSSEC multi-signer models, but no longer suggest using
dynamic update and auto-dnssec allow.
 2022-11-18 11:04:17 +01:00
Michal Nowak
0b5a58202e BIND 9.19.7 
-----BEGIN PGP SIGNATURE-----
 
 iQJDBAABCgAtFiEENKwGS3ftSQfs1TU17QVz/8hFYQUFAmNpeGQPHG1pY2hhbEBp
 c2Mub3JnAAoJEO0Fc//IRWEFwEoQAIEfRAfCXJH+RfQj36KHPtmODcVgCA7HxWZE
 jhC5u0Koh7nbCFEhOepTWmMEfu6xoqRLhC/f/DJp20HxsvHWPj7XySNBhKrhCiM/
 xCU1uYteBh3bgrwTvgD9nnecTcHfUMVy+nzGBWLxAp0P20X2hRy/ldH0SO6Gn3Jm
 S/WuKAn4h9RAdPDSmFQV5U7wcLKKuW2Ueb2gNwXFexcqkmElBb6SoPR4TZd7EwaL
 EbXx9pSNUPGP/JSFDZ5FHBh/CiI1YdjNw3xz103aauSToFfNBAZajYNLFXY7PPDv
 cgBhTNTFCJRZBlSENPnRMzD6si+Tzo12IxHotnSKF/4tRQAg0wOmLxaTXlycp+nn
 sBqN1+7BJAI33EElJzKyOLKU/siaTYGGCDCukPliCOmx34MteeOvuKYu9AAX5cU9
 cCXNo31x0rKlYytL3e8jprzw/uIY1vch8Bc8gV9BgaY+qVZJP6n0GP4noCgXIws6
 I0Fu+Nl5eu6/ITkcwsRuTw9v45zMKfvzsEh78pwPWJ4DCG48NHAz44M3HDEBUYsj
 A+B4k17qclvEAJSHjdWPa0tLG292nTBmpA8dCXoHmVUomuiTQ4ux6zNkmA4RiGAF
 fgVRAQKEzdb1NM1qrhbVyBJWp3mkBwQa3NpHnWZarA5eCMAuaTFnWpgiSzN2OyYo
 Qbq9lTWc
 =IAec
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEIz+ZTe/bbr1Q+/5RJKPoRjruXlYFAmN073QACgkQJKPoRjru
 XlZPZw/+MBtiRLVwQtHMHas2c2WpYO7WlVdT6sxkBtk06q7KvEJWjH9QBnmRkn57
 hO+B9sGHOqFptI+15oNgQQqghJxT43DCIAF5/6N0wWobT6m7frFxwh0nE2fTuHfK
 nTOI7OseLQVdi4jutbhiovh5APooqfNTvM5KXrx45C9WNhs2v14LJjgyeLbRa1NS
 +X26g8GaUVVsHKwE7/Et5PtWVuLczVVQjW8aNMsE0bfPmY/jWMmSangdcF7TtYSs
 YBJQbrNIpWDHfmOAsz8WeqW4dRr9YBDn0yF7bWKEKgmQu9BKZ/QiDnFNXnHNUu7r
 crM0fSZFgt/385mn5U/cMXKjCg+UndEq7/rHFgzwnqEHX/5e3f3uWW3zVhBZGbX6
 mVreUUIvG/gih+IXWi96ozVojmv2Bn5jAgEwgWXuWfx/RpdCrKmJ6VAFSb6+cte6
 p2JWWVohdptjK8ys0XHjVpXDeDd162ces9Gj9RuBMWmUTehIM0tBvacOtiwWVm6h
 oJNOkkzeXWBDKF/RdbflMYhQ6Pu0JOcSfKqnzOj3J3+10yPSqMA/LBBS2Hn71FJ7
 jJztrFOH6vLjiKMZyu3UXCxwYSa3qs33yUzHUX+jH2+7ijMSYl0qQ0AwW8ZPPWxQ
 f4DC+YwKlFnIBt4t9mYxWNltVYbS5Gm9FPe+LnLO/KjWLA4Tnuk=
 =upj5
 -----END PGP SIGNATURE-----

Merge tag 'v9_19_7'

BIND 9.19.7
 2022-11-16 15:10:51 +01:00
Michal Nowak
b239e6870d
Add OpenBSD 7.2 2022-11-15 08:06:37 +01:00
Michal Nowak
d34c7ae227 Replace "sha1sum" with "openssl sha1 -r" 
"sha1sum" is part of GNU Coreutils, neither BIND 9 dependency nor POSIX.
Replace it with "openssl sha1 -r" as OpenSSL is BIND 9 dependency.
 2022-11-14 19:54:42 +00:00
Ondřej Surý
379929e052
Deprecate setting operating system limits from named.conf 
It was possible to set operating system limits (RLIMIT_DATA,
RLIMIT_STACK, RLIMIT_CORE and RLIMIT_NOFILE) from named.conf.  It's
better to leave these untouched as setting these is responsibility of
the operating system and/or supervisor.

Deprecate the configuration options and remove them in future BIND 9
release.
 2022-11-14 16:48:52 +01:00
Ondřej Surý
76725718f4
Update the build requirements in the ARM 
The build requirements have been updated to state that libcap is now
required on Linux and removed mention of --with-tuning configure option.
 2022-11-14 10:01:20 +01:00
Petr Špaček
7d352741a0
Document that update-policy external is synchronous 2022-11-11 10:32:14 +01:00
Michał Kępień
a8129353f4 Prepare release notes for BIND 9.19.7 2022-11-07 22:07:08 +01:00
Petr Špaček
c58dd2790a Repeat Known Issues at the top of Release Notes page 
From now on all per-version notes link to the global list
of Known Issues. If there is a new note it should be listed twice:
In the per-version list, and in the global list.
 2022-11-07 14:03:15 +01:00
Mark Andrews
da6359345e Add check-svcb to named 
check-svcb signals whether to perform additional contraint tests
when loading / update primary zone files.
 2022-10-29 00:22:54 +11:00
Michał Kępień
a8f0ab7df6 Bump Sphinx version to 5.3.0 
Make the Sphinx version listed in doc/arm/requirements.txt match the
version currently used in GitLab CI, so that Read the Docs builds the
documentation using the same Python software versions as those used in
GitLab CI.
 2022-10-24 11:05:02 +02:00
Aram Sargsyan
ef344b1f52 Fix prefetch "trigger" value's documentation in ARM 
For the prefetch "trigger" parameter ARM states that when a cache
record with a lower TTL value is encountered during query processing,
it is refreshed. But in reality, the record is refreshed when the TTL
value is lower or equal to the configured "trigger" value.

Fix the documentation to make it match with with the code.
 2022-10-21 10:19:53 +00:00
Michal Nowak
97b9a7eb56 BIND 9.19.6 
-----BEGIN PGP SIGNATURE-----
 
 iQJDBAABCgAtFiEENKwGS3ftSQfs1TU17QVz/8hFYQUFAmNDwzcPHG1pY2hhbEBp
 c2Mub3JnAAoJEO0Fc//IRWEF1J0P/A3nRfW//8azItZk1F+AIONmqzVNljC5wP62
 fvsPfjvaro+nt7FuXTIv+uC5lK6GuKNZmHHJJO1U40CiT125xYfhTbPC1XCnhVFH
 F66m0fOMExJ7t0UWIwoFqJJgZbMffIgB0zfhwCna9EZzxDVew3YWUoi9jw3C8LyE
 JyD6FDTr/BmZ1Sp9dpJf/PNvEcB3evfB3DOxtYKt7vm6KQ6azTaDOaWsnssp/8i6
 QLo1Sgnr7uyXAvq7ce53uLM8hkgU6hdXzv5F0JYxX54aVCDaH1pX8qY9FT2sw0tM
 tSFgQTtnOVIMKXQQHnWM10bTslDKiopXIFn6EojR+jnB5lL6oWLbaPf/f/s4Xkwp
 n3cG77v8Quxe5Vznk041B615P8rY4xjg0C5qmCiHmD3bTjX3nYrubT0aAcYjzcL7
 XPu1m4M6j8pVb+Ad+ue/d48+PJ420o7Qj6tBAOMOyUUqYlsSah4AebIrQ+UTluAD
 m3YZoh10QUL7Hifsws3rOPjSpt/6JVBxLUFSigvkcBp/JZBZrhZSPX8AAeU3SJlq
 VZak9B+J8RQ//5znROrv8aAJCpXsixMP+L/3PEMlSvoP38WR2bswI4n+x8OTFWWp
 EVndONt/XFS/YWJ0gxYtlRbPeOEokd7oMe6ANwkRyykxBA4B5u9qYDZODzV62Q7p
 GkGsb1EJ
 =msVB
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEIz+ZTe/bbr1Q+/5RJKPoRjruXlYFAmNRDoIACgkQJKPoRjru
 Xlbj3Q//ReMwzMD9uog249scAVKVMEZv7RfH1Ra3ibKh5lGCJUFasPsEtKYKTHBK
 bUwCx/ITsyZtcyQj/P+HVhuTCGwGnznHVcEK9Gsa4RogwOesKlfNhF+tSyx0oU45
 cDXqMZ9oqxp5Gp6vtPD9f4rJ7V7uW5ajM/qHci2A2+fMWREgciWCTqEuoSsr2Rlg
 tMgzfStBGyXg7+NuPsmPtD9qzBUv7OUdb1EO78xVX+Zlg1xAxo0Glew+Aw0C1GUj
 s9k3CgyDxGjMoZauhEvMZh22Pc6eOny2Ncdbg7e/uQP+MT09nxrYHxminMd+usIv
 j0kOEoZIOk4P9vGzQDh/f/16Gro2jsu9UjJp/JPiue/3m0YUD7WeXCdeR74JMxh+
 Kq+7Lusg1X2c8lEJKXezcm+exFezpD+lag8OQjtjcuhlcqgRVGJvxlShXkIEhQqI
 JwW1p7BThdhJvC7oKYj9ru5JiRo+C2IHF8yL/7z9qYBCCnVEHcpKfqfMdkFd6nyv
 8KYbofUyz2B5axCvj1gX0NIakg87lfsvllXP2gndMuicPHQWezBBJaZ0nf9v4PYs
 bprgobkNEQxZg/ztz4oZepyz3Ab9i1HPC257lctcRJNN+ddEawRqTnOs5GNxZdjM
 ZfUwwHYInxqhuaPqwPD59++MTrlg2pg6WOGf4dMnrAoB8rv/Ip0=
 =+jC+
 -----END PGP SIGNATURE-----

Merge tag 'v9_19_6'

BIND 9.19.6
 2022-10-20 11:01:27 +02:00
Michał Kępień
73686d18bf Prepare release notes for BIND 9.19.6 2022-10-07 12:55:17 +02:00
Michal Nowak
f5d9fa6ea4
Drop flake8 ignore lists 
flake8 is not used in BIND 9 CI and inline ignore lists are not needed
anymore.
 2022-10-05 17:56:24 +02:00
Petr Špaček
137e0f4e0e
Remove manually defined anchors pointing to statement definitions 
This is hopefully end of duplication. This batch did not cause clashes
in Sphinx but it was pointless nonetheless as we have auto-generated
anchors for all statements.
 2022-10-05 11:36:22 +02:00
Tom Krizek
ea2d213f34
Remove trailing whitespaces 2022-10-05 11:36:22 +02:00
Petr Špaček
9a7c2b370e
Deduplicate link anchors in the ARM 
Some statement names like "allow-query" had manually defined link anchor
_allow-query and also implicit anchor created by
.. namedconf:statement:: syntax. This causes warnings if a ambiguous
reference is made using :any:`allow-query` syntax.

Remove (hopefully all) manually defined anchors which pointed to
identical place as the implicit anchor. This allows :any: to work.

In rare cases where manual anchor points to descriptive text separated
from statement definition the reference was disamguated by replacing
:any:`notify` with :ref:`notify` (for manual anchor)
vs. :namedconf:ref:`notify` (for statement definition).

Please note that `options` statement is a trap: It is ambiguous even
without manual anchor because rndc.conf has its own `options`. Use
:namedconf:ref:`options` vs. :rndcconf:ref:`options` to select
appropriate target.
 2022-10-05 11:36:19 +02:00
Ondřej Surý
0086ebf3fc
Bump the libuv requirement to libuv >= 1.34.0 
By bumping the minimum libuv version to 1.34.0, it allows us to remove
all libuv shims we ever had and makes the code much cleaner.  The
up-to-date libuv is available in all distributions supported by BIND
9.19+ either natively or as a backport.
 2022-09-27 17:09:10 +02:00
Ondřej Surý
d5bead54c0
Drop Ubuntu 18.04 bionic from the CI 
The Ubuntu 18.04 bionic will go EOL in April 2023 before the next stable
BIND 9 release, so we can drop this for the next stable BIND 9 release.
 2022-09-27 17:09:10 +02:00
Ondřej Surý
7238c85c88
Drop Debian buster from the CI 
The Debian buster is official EOL and in the LTS mode, so we can drop
this for the next stable BIND 9 release.
 2022-09-27 17:09:10 +02:00
Matthijs Mekking
18d230a584 Add inline-signing to config examples 
Add 'inline-signing yes;' to configuration examples to have working
copy paste configurations.
 2022-09-27 17:06:30 +02:00
Matthijs Mekking
5d454a7158 Update inline-signing requirement to ARM 
This change was made in !6403, but the appropriate documentation
changes were not applied to the ARM.
 2022-09-27 17:06:30 +02:00
Michal Nowak
a313c49a3b Add Fedora 36 2022-09-27 09:37:09 +02:00
Petr Menšík
bc6c6b1184
Compatibility for building ARM on older sphinx 
Make documentation building successful even on RHEL9 sphinx 3.4.3. It
does not like case-insensitive matching of terms, so provide lowercase
text description with Uppercase word reference.
 2022-09-26 17:09:51 +02:00
Michał Kępień
2ee16067c5 BIND 9.19.5 
-----BEGIN PGP SIGNATURE-----
 
 iQJDBAABCgAtFiEENKwGS3ftSQfs1TU17QVz/8hFYQUFAmMZ2WwPHG1pY2hhbEBp
 c2Mub3JnAAoJEO0Fc//IRWEFZz0P/3B8tQXCztMneNsAzvQ11hASuQH3RVvd1p9z
 H6yPfbBuqyBM7FOJWozLQSI0JvxwBPXW+G+AmEhafSB4plgJBfNb12TsN7ZpECbF
 E6ckVQTiLwiYWt/2neu2OYg0aOnl5mhO5J4ESkSgqXGXcDihQ922xLJFQdAAgeAj
 T6TzrF1rv0fVNNlAcE1hrsZsGChTdPAguo/jVPXJjOO8hcEFGEqCWGhCX+wuyY6t
 WRXYcnh37/rlLIY29R3sVKttPIrD7DN6doGuz0/BP0PuuXCFnWBz/t61Et8Q/nxO
 hTS4RoKs/14IXRH7UBspo1dnG7khGYu2z44mCRwx15+fjpJ+zAL/Ym9xa0ElLOWg
 +Asd8w1N275xUQdrcTxpM7z/2z7SP/+bxtLJjIPW+9Z2a8rk8ifLu1yjtWASwOUO
 vLIK0WU3T7FPhpdP+0VgeSYAlJgLEoIgwIWCB+u+I4dR9DJJ7TtjPHDcfrJKXaJ6
 eTTFIZ97xIFEpH53mT+QRG52PFP39fiLa0i7ylM+C0UbMklG++UgtkHz2CkkzV4H
 hqVcQ0Usk8XICkZ0PHAQklaDnDhXBD48x0J7wJOQSy+KS1foAyMFSPXv0ZelwiRM
 Q0StU+t+wXTAK3QID0tBqU4CyFD8fKO3cFwUnv5zqmrRc4ITu3etObT17MDPQKJj
 KLSl1VyB
 =6VJu
 -----END PGP SIGNATURE-----

Merge tag 'v9_19_5'

BIND 9.19.5
 2022-09-21 13:04:58 +02:00
Ondřej Surý
6869c98d36
Provide stronger wording about the security of statistics channel 
Add more text about the importance of properly securing the statistics
channel and what is and what is not considered a security vulnerability.
 2022-09-15 10:29:38 +02:00
Evan Hunt
9730f21f83 flag "random-device" as ancient 
the "random-device" option was made non-functional in 9.13. this commit
removes it from the configuration parser; setting it is now an error.
 2022-09-14 09:36:58 -07:00
Mark Andrews
7751e5e039 Add server clause require-cookie 
Specifies if an UDP response requires a DNS COOKIE or not.
Fallback to TCP if not present and not TSIG signed.
 2022-09-13 12:07:13 +10:00
Michał Kępień
849563797e Prepare release notes for BIND 9.19.5 2022-09-08 12:45:56 +02:00
Aram Sargsyan
89c2032421 Document RRL processing for wildcard names 
All valid wildcard domain names are interpreted as the zone's origin
name concatenated to the "*" name.
 2022-09-08 09:15:30 +02:00