mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 22:15:20 +00:00
Code Issues Releases Wiki Activity
23,648 Commits 660 Branches 820 Tags
bf350c9f1ab59ac03e34e8063b4ce58662daec2a
Commit Graph

6207 Commits

Author SHA1 Message Date
Mukund Sivaraman
bf350c9f1a Fix RPZ bugs related to wildcard triggers (#40357) 2015-08-18 19:39:53 +05:30
Mark Andrews
b46fc43469 #include <isc/safe.h> 2015-08-18 21:22:48 +10:00
Evan Hunt
b750a49f3f [master] fixed memory leak in dns_compress_add() 
4184.	[bug]		Fixed a possible memory leak in name compression
			when rendering long messages. (Also, improved
			wire_test for testing such messages.) [RT #40375]
 2015-08-17 22:41:44 -07:00
Evan Hunt
420a43c8d8 [master] timing safe memory comparisons 
4183.	[cleanup]	Use timing-safe memory comparisons in cryptographic
			code. Also, the timing-safe comparison functions have
			been renamed to avoid possible confusion with
			memcmp(). [RT #40148]
 2015-08-17 18:26:44 -07:00
Tinderbox User
503ffdad3b update copyright notice / whitespace 2015-08-17 23:45:35 +00:00
Mukund Sivaraman
b0ba1a6059 Use mnemonics for RR class and type comparisons (#40297) 2015-08-17 12:23:35 +05:30
Mark Andrews
70862302f8 4181. [bug] Queued notify messages could be dequeued from the 
wrong rate limiter queue. [RT #40350]
 2015-08-17 10:37:06 +10:00
Tinderbox User
288c18263f update copyright notice / whitespace 2015-08-14 23:45:27 +00:00
Mukund Sivaraman
984d2bb9e5 Fix assertion failure in parsing UNSPEC(103) RR from text (#40274) 2015-08-14 13:30:52 +05:30
Mukund Sivaraman
474921d733 Fix assertion failure in parsing NSAP records from text 2015-08-14 13:11:26 +05:30
Mark Andrews
9dc5ef7f24 4175. [bug] TKEY with GSS-API keys needed bigger buffers. 
[RT #40333]
 2015-08-14 08:20:01 +10:00
Evan Hunt
45ad059c4a [master] address VS2015 compiler warning 2015-08-13 14:58:28 -07:00
Tinderbox User
ed91aca9e6 update copyright notice / whitespace 2015-08-12 23:45:25 +00:00
Mark Andrews
c631ff56bf Updated CHANGES note to include require-server-cookie: 
4152.   [func]          Implement DNS COOKIE option.  This replaces the
                        experimental SIT option of BIND 9.10.  The following
                        named.conf directives are available: send-cookie,
                        cookie-secret, cookie-algorithm, nocookie-udp-size
                        and require-server-cookie.  The following dig options
                        are available: +[no]cookie[=value] and +[no]badcookie.
                        [RT #39928]
 2015-08-13 08:26:23 +10:00
Evan Hunt
9b8f93083d [master] fix tsig class checks 
4171.	[bug]		Fixed incorrect class checks in TSIG RR
			implementation. [RT #40287]
 2015-08-11 22:16:44 -07:00
Evan Hunt
c707e2b986 [master] fix length check in OPENPGPKEY 
4170.	[security]	An incorrect boundary check in the OPENPGPKEY
			rdatatype could trigger an assertion failure.
			[RT #40286]
 2015-08-11 20:01:44 -07:00
Tinderbox User
c4567d0675 update copyright notice / whitespace 2015-08-07 23:45:26 +00:00
Evan Hunt
ce9f893e21 [master] address buffer accounting error 
4168.	[security]	A buffer accounting error could trigger an
			assertion failure when parsing certain malformed
			DNSSEC keys. (CVE-2015-5722) [RT #40212]
 2015-08-07 13:16:10 -07:00
Mark Andrews
46e7fc51b8 badcookie has a offical code point of 23 2015-07-27 15:22:09 +10:00
Mark Andrews
dbb064aa79 4165. [bug] An failure to reset a value to NULL in tkey.c could 
result in an assertion failure. (CVE-2015-5477)
                        [RT #40046]
 2015-07-14 14:48:42 +10:00
Tinderbox User
faa3b61828 update copyright notice / whitespace 2015-07-13 23:45:24 +00:00
Mark Andrews
3a49d0ff10 4164. [bug] Don't rename slave files and journals on out of memory. 
[RT #40033]

4163.   [bug]           Address compiler warnings. [RT #40024]
 2015-07-13 09:46:59 +10:00
Tinderbox User
f16a6bfb6c update copyright notice / whitespace 2015-07-09 23:45:22 +00:00
Evan Hunt
1479200aa0 [master] DDoS mitigation features 
3938.	[func]		Added quotas to be used in recursive resolvers
			that are under high query load for names in zones
			whose authoritative servers are nonresponsive or
			are experiencing a denial of service attack.

			- "fetches-per-server" limits the number of
			  simultaneous queries that can be sent to any
			  single authoritative server.  The configured
			  value is a starting point; it is automatically
			  adjusted downward if the server is partially or
			  completely non-responsive. The algorithm used to
			  adjust the quota can be configured via the
			  "fetch-quota-params" option.
			- "fetches-per-zone" limits the number of
			  simultaneous queries that can be sent for names
			  within a single domain.  (Note: Unlike
			  "fetches-per-server", this value is not
			  self-tuning.)
			- New stats counters have been added to count
			  queries spilled due to these quotas.

			See the ARM for details of these options. [RT #37125]
 2015-07-08 22:53:39 -07:00
Tinderbox User
9ab5a7d83c update copyright notice / whitespace 2015-07-07 23:45:22 +00:00
Mark Andrews
bd08b82891 add warning not about handling malformed option content 2015-07-07 10:25:09 +10:00
Mark Andrews
46fc714aa0 dig +ednsopt=<invalid> could trigger a assertion failure [RT #39990] 2015-07-06 23:03:51 +10:00
Mukund Sivaraman
33ca26968b Allow RPZ rewrite logging to be configured on a per-zone basis (#39754) 2015-07-06 08:57:51 +05:30
Mark Andrews
3e33f4198d 4154. [bug] A OPT record should be included with the FORMERR 
response when there is a malformed EDNS option.
                        [RT #39647]

4153.   [bug]           Dig should zero non significant +subnet bits.  Check
                        that non significant ECS bits are zero on receipt.
                        [RT #39647]
 2015-07-06 12:52:37 +10:00
Tinderbox User
8f0b326d9a update copyright notice / whitespace 2015-07-05 23:45:22 +00:00
Mark Andrews
ce67023ae3 4152. [func] Implement DNS COOKIE option. This replaces the 
experimental SIT option of BIND 9.10.  The following
                        named.conf directives are avaliable: send-cookie,
                        cookie-secret, cookie-algorithm and nocookie-udp-size.
                        The following dig options are available:
                        +[no]cookie[=value] and +[no]badcookie.  [RT #39928]
 2015-07-06 09:44:24 +10:00
Tinderbox User
85d23eaae8 update copyright notice / whitespace 2015-07-03 23:45:24 +00:00
Mark Andrews
307adf6792 4151. [bug] 'rndc flush' could cause a deadlock. [RT #39835] 2015-07-03 10:17:33 +10:00
Mukund Sivaraman
08f0129732 Fix a bug printing zone names with '/' character in XML and JSON stats (#39873) 2015-06-29 18:33:18 +05:30
Mark Andrews
4a61eae651 4147. [bug] Filter-aaaa / filter-aaaa-on-v4 / filter-aaaa-on-v6 
was returning referrals rather than nodata responses
                        when the AAAA records were filtered.  [RT #39843]
 2015-06-29 15:48:41 +10:00
Mark Andrews
adbf81335b 4146. [bug] Address reference leak that could prevent a clean 
shutdown. [RT #37125]
 2015-06-25 18:36:27 +10:00
Mark Andrews
2f66e2dd81 4145. [bug] Not all unassociated adb entries where being printed. 
[RT #37125]
 2015-06-25 18:26:59 +10:00
Mark Andrews
d4422ec231 don't use C++ keyword new; use (const char *) for output of strchr((const char *), char) 2015-06-18 11:14:43 +10:00
Mark Andrews
a85c6b35af 4138. [bug] A uninitialized value in validator.c could result 
in a assertion failure. (CVE-2015-4620) [RT #39795]
 2015-06-17 09:13:03 +10:00
Mark Andrews
a8cb6c6fbc add #define check_stale_rdataset check_stale_rdataset64 2015-06-12 11:17:07 +10:00
Mark Andrews
c781d465b6 silence unused parameter warning 2015-06-11 14:03:19 +10:00
Mukund Sivaraman
59a9cb54c1 Propagate stale attribute when updating stats (#39141) 
Squashed commit of the following:

commit 9b5b9fa30fbeba8ee1e95cb1028017230ed4db02
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Apr 7 19:30:54 2015 +0530

    Remove double function prototypes

commit f3bb8cc60ae476eaa871ba10330b16425ced2d7c
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Apr 7 19:30:34 2015 +0530

    Unify several copies of redundant code into a helper function

commit 4899fb9b2f36fc5d159fa877c0780a442a7cbdb3
Author: Mukund Sivaraman <muks@isc.org>
Date:   Thu Apr 2 00:23:53 2015 +0530

    Propagate stale attribute when updating stats
 2015-06-10 14:04:30 +05:30
Witold Krecicki
f85deb5154 log expired NTA at startup 2015-06-08 13:57:24 +02:00
Witold Krecicki
8d21d93a6b better logging of RPZ changes RT #39670 2015-06-05 12:24:11 +02:00
Tinderbox User
e545fce91b update copyright notice / whitespace 2015-06-04 23:45:25 +00:00
Evan Hunt
8c9fba44a4 [master] further RPZ fixes 
4131.	[bug]		Addressed further problems with reloading RPZ
			zones. [RT #39649]
 2015-06-03 18:18:55 -07:00
Mark Andrews
e0fea0bf85 silence coverity warnings 2015-05-30 17:44:52 +10:00
Mark Andrews
03089dd420 add INSIST to silence coverity 2015-05-30 17:37:14 +10:00
Mark Andrews
4e056cee66 unsigned constants 2015-05-29 11:26:13 +10:00
Tinderbox User
431e5c81db update copyright notice / whitespace 2015-05-28 23:45:24 +00:00