Commit 2ba8603c authored by Tinderbox User's avatar Tinderbox User
Browse files

regen master

parent 8c20f863
......@@ -6879,6 +6879,8 @@ deny-answer-aliases { "example.net"; };
that can be queried normally if allowed.
It is usually best to restrict those queries with something like
<span class="command"><strong>allow-query { localhost; };</strong></span>.
Note that zones using <span class="command"><strong>masterfile-format map</strong></span>
cannot be used as policy zones.
</p>
<p>
A <span class="command"><strong>response-policy</strong></span> option can support
......
......@@ -90,6 +90,11 @@
were subsequently cached. This flaw is disclosed
in CVE-2015-8000. [RT #40987]
</p></li>
<li class="listitem"><p>
Incorrect reference counting could result in an INSIST
failure if a socket error occurred while performing a
lookup. This flaw is disclosed in CVE-2015-8461. [RT#40945]
</p></li>
<li class="listitem"><p>
An incorrect boundary check in the OPENPGPKEY rdatatype
could trigger an assertion failure. This flaw is disclosed
......@@ -786,6 +791,15 @@
Negative trust anchors (NTAs) were incorrectly deleted
when the server was reloaded or reconfigured. [RT #41058]
</p></li>
<li class="listitem"><p>
Zones configured to use <span class="command"><strong>map</strong></span> format
master files can't be used as policy zones because RPZ
summary data isn't compiled when such zones are mapped into
memory. This limitation may be fixed in a future release,
but in the meantime it has been documented, and attempting
to use such zones in <span class="command"><strong>response-policy</strong></span>
statements is now a configuration error. [RT #38321]
</p></li>
</ul></div>
</li>
</ul></div>
......
......@@ -51,6 +51,11 @@
were subsequently cached. This flaw is disclosed
in CVE-2015-8000. [RT #40987]
</p></li>
<li class="listitem"><p>
Incorrect reference counting could result in an INSIST
failure if a socket error occurred while performing a
lookup. This flaw is disclosed in CVE-2015-8461. [RT#40945]
</p></li>
<li class="listitem"><p>
An incorrect boundary check in the OPENPGPKEY rdatatype
could trigger an assertion failure. This flaw is disclosed
......@@ -747,6 +752,15 @@
Negative trust anchors (NTAs) were incorrectly deleted
when the server was reloaded or reconfigured. [RT #41058]
</p></li>
<li class="listitem"><p>
Zones configured to use <span class="command"><strong>map</strong></span> format
master files can't be used as policy zones because RPZ
summary data isn't compiled when such zones are mapped into
memory. This limitation may be fixed in a future release,
but in the meantime it has been documented, and attempting
to use such zones in <span class="command"><strong>response-policy</strong></span>
statements is now a configuration error. [RT #38321]
</p></li>
</ul></div>
</li>
</ul></div>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment