Commit 8d8839b3 authored by Tinderbox User's avatar Tinderbox User
Browse files

regen master

parent e37bc34b
...@@ -39,7 +39,7 @@ ...@@ -39,7 +39,7 @@
named-checkconf \- named configuration file syntax checking tool named-checkconf \- named configuration file syntax checking tool
.SH "SYNOPSIS" .SH "SYNOPSIS"
.HP \w'\fBnamed\-checkconf\fR\ 'u .HP \w'\fBnamed\-checkconf\fR\ 'u
\fBnamed\-checkconf\fR [\fB\-hjvz\fR] [\fB\-p\fR\ [\fB\-x\fR\ ]] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename} \fBnamed\-checkconf\fR [\fB\-hjlvz\fR] [\fB\-p\fR\ [\fB\-x\fR\ ]] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename}
.SH "DESCRIPTION" .SH "DESCRIPTION"
.PP .PP
\fBnamed\-checkconf\fR \fBnamed\-checkconf\fR
...@@ -74,6 +74,11 @@ Print the usage summary and exit\&. ...@@ -74,6 +74,11 @@ Print the usage summary and exit\&.
When loading a zonefile read the journal if it exists\&. When loading a zonefile read the journal if it exists\&.
.RE .RE
.PP .PP
\-l
.RS 4
List all the configured zones\&. Each line of output contains the zone name, class (e\&.g\&. IN), view, and type (e\&.g\&. master or slave)\&.
.RE
.PP
\-p \-p
.RS 4 .RS 4
Print out the Print out the
......
...@@ -20,7 +20,7 @@ ...@@ -20,7 +20,7 @@
</div> </div>
<div class="refsynopsisdiv"> <div class="refsynopsisdiv">
<h2>Synopsis</h2> <h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [<code class="option">-hjvz</code>] [<code class="option">-p</code> <div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [<code class="option">-hjlvz</code>] [<code class="option">-p</code>
[<code class="option">-x</code> [<code class="option">-x</code>
]] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename}</p></div> ]] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename}</p></div>
</div> </div>
...@@ -55,6 +55,12 @@ ...@@ -55,6 +55,12 @@
<dd><p> <dd><p>
When loading a zonefile read the journal if it exists. When loading a zonefile read the journal if it exists.
</p></dd> </p></dd>
<dt><span class="term">-l</span></dt>
<dd><p>
List all the configured zones. Each line of output
contains the zone name, class (e.g. IN), view, and type
(e.g. master or slave).
</p></dd>
<dt><span class="term">-p</span></dt> <dt><span class="term">-p</span></dt>
<dd><p> <dd><p>
Print out the <code class="filename">named.conf</code> and included files Print out the <code class="filename">named.conf</code> and included files
......
...@@ -369,6 +369,7 @@ options { ...@@ -369,6 +369,7 @@ options {
( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&. ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&.
}; };
max\-journal\-size \fIsize_no_default\fR; max\-journal\-size \fIsize_no_default\fR;
max\-records \fIinteger\fR;
max\-transfer\-time\-in \fIinteger\fR; max\-transfer\-time\-in \fIinteger\fR;
max\-transfer\-time\-out \fIinteger\fR; max\-transfer\-time\-out \fIinteger\fR;
max\-transfer\-idle\-in \fIinteger\fR; max\-transfer\-idle\-in \fIinteger\fR;
...@@ -556,6 +557,7 @@ view \fIstring\fR \fIoptional_class\fR { ...@@ -556,6 +557,7 @@ view \fIstring\fR \fIoptional_class\fR {
( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&. ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&.
}; };
max\-journal\-size \fIsize_no_default\fR; max\-journal\-size \fIsize_no_default\fR;
max\-records \fIinteger\fR;
max\-transfer\-time\-in \fIinteger\fR; max\-transfer\-time\-in \fIinteger\fR;
max\-transfer\-time\-out \fIinteger\fR; max\-transfer\-time\-out \fIinteger\fR;
max\-transfer\-idle\-in \fIinteger\fR; max\-transfer\-idle\-in \fIinteger\fR;
...@@ -650,6 +652,7 @@ zone \fIstring\fR \fIoptional_class\fR { ...@@ -650,6 +652,7 @@ zone \fIstring\fR \fIoptional_class\fR {
( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&. ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&.
}; };
max\-journal\-size \fIsize_no_default\fR; max\-journal\-size \fIsize_no_default\fR;
max\-records \fIinteger\fR;
max\-transfer\-time\-in \fIinteger\fR; max\-transfer\-time\-in \fIinteger\fR;
max\-transfer\-time\-out \fIinteger\fR; max\-transfer\-time\-out \fIinteger\fR;
max\-transfer\-idle\-in \fIinteger\fR; max\-transfer\-idle\-in \fIinteger\fR;
......
...@@ -320,6 +320,7 @@ options ...@@ -320,6 +320,7 @@ options
};<br> };<br>
<br> <br>
max-journal-size<em class="replaceable"><code>size_no_default</code></em>;<br> max-journal-size<em class="replaceable"><code>size_no_default</code></em>;<br>
max-records<em class="replaceable"><code>integer</code></em>;<br>
max-transfer-time-in<em class="replaceable"><code>integer</code></em>;<br> max-transfer-time-in<em class="replaceable"><code>integer</code></em>;<br>
max-transfer-time-out<em class="replaceable"><code>integer</code></em>;<br> max-transfer-time-out<em class="replaceable"><code>integer</code></em>;<br>
max-transfer-idle-in<em class="replaceable"><code>integer</code></em>;<br> max-transfer-idle-in<em class="replaceable"><code>integer</code></em>;<br>
...@@ -523,6 +524,7 @@ view ...@@ -523,6 +524,7 @@ view
};<br> };<br>
<br> <br>
max-journal-size<em class="replaceable"><code>size_no_default</code></em>;<br> max-journal-size<em class="replaceable"><code>size_no_default</code></em>;<br>
max-records<em class="replaceable"><code>integer</code></em>;<br>
max-transfer-time-in<em class="replaceable"><code>integer</code></em>;<br> max-transfer-time-in<em class="replaceable"><code>integer</code></em>;<br>
max-transfer-time-out<em class="replaceable"><code>integer</code></em>;<br> max-transfer-time-out<em class="replaceable"><code>integer</code></em>;<br>
max-transfer-idle-in<em class="replaceable"><code>integer</code></em>;<br> max-transfer-idle-in<em class="replaceable"><code>integer</code></em>;<br>
...@@ -623,6 +625,7 @@ zone ...@@ -623,6 +625,7 @@ zone
};<br> };<br>
<br> <br>
max-journal-size<em class="replaceable"><code>size_no_default</code></em>;<br> max-journal-size<em class="replaceable"><code>size_no_default</code></em>;<br>
max-records<em class="replaceable"><code>integer</code></em>;<br>
max-transfer-time-in<em class="replaceable"><code>integer</code></em>;<br> max-transfer-time-in<em class="replaceable"><code>integer</code></em>;<br>
max-transfer-time-out<em class="replaceable"><code>integer</code></em>;<br> max-transfer-time-out<em class="replaceable"><code>integer</code></em>;<br>
max-transfer-idle-in<em class="replaceable"><code>integer</code></em>;<br> max-transfer-idle-in<em class="replaceable"><code>integer</code></em>;<br>
......
...@@ -2402,6 +2402,7 @@ badresp:1,adberr:0,findfail:0,valfail:0] ...@@ -2402,6 +2402,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
[<span class="optional"> use-queryport-pool <em class="replaceable"><code>yes_or_no</code></em>; </span>] [<span class="optional"> use-queryport-pool <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> queryport-pool-ports <em class="replaceable"><code>number</code></em>; </span>] [<span class="optional"> queryport-pool-ports <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> queryport-pool-updateinterval <em class="replaceable"><code>number</code></em>; </span>] [<span class="optional"> queryport-pool-updateinterval <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> max-records <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> max-transfer-time-in <em class="replaceable"><code>number</code></em>; </span>] [<span class="optional"> max-transfer-time-in <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> max-transfer-time-out <em class="replaceable"><code>number</code></em>; </span>] [<span class="optional"> max-transfer-time-out <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> max-transfer-idle-in <em class="replaceable"><code>number</code></em>; </span>] [<span class="optional"> max-transfer-idle-in <em class="replaceable"><code>number</code></em>; </span>]
...@@ -5594,6 +5595,11 @@ avoid-v6-udp-ports { 40000; range 50000 60000; }; ...@@ -5594,6 +5595,11 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
means 2 gigabytes. means 2 gigabytes.
This may also be set on a per-zone basis. This may also be set on a per-zone basis.
</p></dd> </p></dd>
<dt><span class="term"><span class="command"><strong>max-records</strong></span></span></dt>
<dd><p>
The maximum number of records permitted in a zone.
The default is zero which means unlimited.
</p></dd>
<dt><span class="term"><span class="command"><strong>host-statistics-max</strong></span></span></dt> <dt><span class="term"><span class="command"><strong>host-statistics-max</strong></span></span></dt>
<dd><p> <dd><p>
In BIND 8, specifies the maximum number of host statistics In BIND 8, specifies the maximum number of host statistics
...@@ -9171,6 +9177,11 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional" ...@@ -9171,6 +9177,11 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
See the description of See the description of
<span class="command"><strong>max-journal-size</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#server_resource_limits" title="Server Resource Limits">the section called &#8220;Server Resource Limits&#8221;</a>. <span class="command"><strong>max-journal-size</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#server_resource_limits" title="Server Resource Limits">the section called &#8220;Server Resource Limits&#8221;</a>.
</p></dd> </p></dd>
<dt><span class="term"><span class="command"><strong>max-records</strong></span></span></dt>
<dd><p>
See the description of
<span class="command"><strong>max-records</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#server_resource_limits" title="Server Resource Limits">the section called &#8220;Server Resource Limits&#8221;</a>.
</p></dd>
<dt><span class="term"><span class="command"><strong>max-transfer-time-in</strong></span></span></dt> <dt><span class="term"><span class="command"><strong>max-transfer-time-in</strong></span></span></dt>
<dd><p> <dd><p>
See the description of See the description of
......
...@@ -108,6 +108,13 @@ ...@@ -108,6 +108,13 @@
<div class="titlepage"><div><div><h3 class="title"> <div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_security"></a>Security Fixes</h3></div></div></div> <a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "> <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem"><p>
Added the ability to specify the maximum number of records
permitted in a zone (max-records #;). This provides a mechanism
to block overly large zone transfers, which is a potential risk
with slave zones from other parties, as described in CVE-2016-6170.
[RT #42143]
</p></li>
<li class="listitem"><p> <li class="listitem"><p>
It was possible to trigger a assertion when rendering a It was possible to trigger a assertion when rendering a
message using a specially crafted request. This flaw is message using a specially crafted request. This flaw is
......
...@@ -38,7 +38,7 @@ ...@@ -38,7 +38,7 @@
</div> </div>
<div class="refsynopsisdiv"> <div class="refsynopsisdiv">
<h2>Synopsis</h2> <h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [<code class="option">-hjvz</code>] [<code class="option">-p</code> <div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [<code class="option">-hjlvz</code>] [<code class="option">-p</code>
[<code class="option">-x</code> [<code class="option">-x</code>
]] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename}</p></div> ]] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename}</p></div>
</div> </div>
...@@ -73,6 +73,12 @@ ...@@ -73,6 +73,12 @@
<dd><p> <dd><p>
When loading a zonefile read the journal if it exists. When loading a zonefile read the journal if it exists.
</p></dd> </p></dd>
<dt><span class="term">-l</span></dt>
<dd><p>
List all the configured zones. Each line of output
contains the zone name, class (e.g. IN), view, and type
(e.g. master or slave).
</p></dd>
<dt><span class="term">-p</span></dt> <dt><span class="term">-p</span></dt>
<dd><p> <dd><p>
Print out the <code class="filename">named.conf</code> and included files Print out the <code class="filename">named.conf</code> and included files
......
...@@ -338,6 +338,7 @@ options ...@@ -338,6 +338,7 @@ options
};<br> };<br>
<br> <br>
max-journal-size<em class="replaceable"><code>size_no_default</code></em>;<br> max-journal-size<em class="replaceable"><code>size_no_default</code></em>;<br>
max-records<em class="replaceable"><code>integer</code></em>;<br>
max-transfer-time-in<em class="replaceable"><code>integer</code></em>;<br> max-transfer-time-in<em class="replaceable"><code>integer</code></em>;<br>
max-transfer-time-out<em class="replaceable"><code>integer</code></em>;<br> max-transfer-time-out<em class="replaceable"><code>integer</code></em>;<br>
max-transfer-idle-in<em class="replaceable"><code>integer</code></em>;<br> max-transfer-idle-in<em class="replaceable"><code>integer</code></em>;<br>
...@@ -541,6 +542,7 @@ view ...@@ -541,6 +542,7 @@ view
};<br> };<br>
<br> <br>
max-journal-size<em class="replaceable"><code>size_no_default</code></em>;<br> max-journal-size<em class="replaceable"><code>size_no_default</code></em>;<br>
max-records<em class="replaceable"><code>integer</code></em>;<br>
max-transfer-time-in<em class="replaceable"><code>integer</code></em>;<br> max-transfer-time-in<em class="replaceable"><code>integer</code></em>;<br>
max-transfer-time-out<em class="replaceable"><code>integer</code></em>;<br> max-transfer-time-out<em class="replaceable"><code>integer</code></em>;<br>
max-transfer-idle-in<em class="replaceable"><code>integer</code></em>;<br> max-transfer-idle-in<em class="replaceable"><code>integer</code></em>;<br>
...@@ -641,6 +643,7 @@ zone ...@@ -641,6 +643,7 @@ zone
};<br> };<br>
<br> <br>
max-journal-size<em class="replaceable"><code>size_no_default</code></em>;<br> max-journal-size<em class="replaceable"><code>size_no_default</code></em>;<br>
max-records<em class="replaceable"><code>integer</code></em>;<br>
max-transfer-time-in<em class="replaceable"><code>integer</code></em>;<br> max-transfer-time-in<em class="replaceable"><code>integer</code></em>;<br>
max-transfer-time-out<em class="replaceable"><code>integer</code></em>;<br> max-transfer-time-out<em class="replaceable"><code>integer</code></em>;<br>
max-transfer-idle-in<em class="replaceable"><code>integer</code></em>;<br> max-transfer-idle-in<em class="replaceable"><code>integer</code></em>;<br>
......
...@@ -69,6 +69,13 @@ ...@@ -69,6 +69,13 @@
<div class="titlepage"><div><div><h3 class="title"> <div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_security"></a>Security Fixes</h3></div></div></div> <a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "> <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem"><p>
Added the ability to specify the maximum number of records
permitted in a zone (max-records #;). This provides a mechanism
to block overly large zone transfers, which is a potential risk
with slave zones from other parties, as described in CVE-2016-6170.
[RT #42143]
</p></li>
<li class="listitem"><p> <li class="listitem"><p>
It was possible to trigger a assertion when rendering a It was possible to trigger a assertion when rendering a
message using a specially crafted request. This flaw is message using a specially crafted request. This flaw is
......
...@@ -217,6 +217,7 @@ options { ...@@ -217,6 +217,7 @@ options {
max-ixfr-log-size ( unlimited | default | <sizeval> ); // obsolete max-ixfr-log-size ( unlimited | default | <sizeval> ); // obsolete
max-journal-size ( unlimited | <sizeval> ); max-journal-size ( unlimited | <sizeval> );
max-ncache-ttl <integer>; max-ncache-ttl <integer>;
max-records <integer>;
max-recursion-depth <integer>; max-recursion-depth <integer>;
max-recursion-queries <integer>; max-recursion-queries <integer>;
max-refresh-time <integer>; max-refresh-time <integer>;
...@@ -521,6 +522,7 @@ view <string> [ <class> ] { ...@@ -521,6 +522,7 @@ view <string> [ <class> ] {
max-ixfr-log-size ( unlimited | default | <sizeval> ); // obsolete max-ixfr-log-size ( unlimited | default | <sizeval> ); // obsolete
max-journal-size ( unlimited | <sizeval> ); max-journal-size ( unlimited | <sizeval> );
max-ncache-ttl <integer>; max-ncache-ttl <integer>;
max-records <integer>;
max-recursion-depth <integer>; max-recursion-depth <integer>;
max-recursion-queries <integer>; max-recursion-queries <integer>;
max-refresh-time <integer>; max-refresh-time <integer>;
...@@ -703,6 +705,7 @@ view <string> [ <class> ] { ...@@ -703,6 +705,7 @@ view <string> [ <class> ] {
max-ixfr-log-size ( unlimited | default | max-ixfr-log-size ( unlimited | default |
<sizeval> ); // obsolete <sizeval> ); // obsolete
max-journal-size ( unlimited | <sizeval> ); max-journal-size ( unlimited | <sizeval> );
max-records <integer>;
max-refresh-time <integer>; max-refresh-time <integer>;
max-retry-time <integer>; max-retry-time <integer>;
max-transfer-idle-in <integer>; max-transfer-idle-in <integer>;
...@@ -806,6 +809,7 @@ zone <string> [ <class> ] { ...@@ -806,6 +809,7 @@ zone <string> [ <class> ] {
<integer> ] ) [ key <string> ]; ... }; <integer> ] ) [ key <string> ]; ... };
max-ixfr-log-size ( unlimited | default | <sizeval> ); // obsolete max-ixfr-log-size ( unlimited | default | <sizeval> ); // obsolete
max-journal-size ( unlimited | <sizeval> ); max-journal-size ( unlimited | <sizeval> );
max-records <integer>;
max-refresh-time <integer>; max-refresh-time <integer>;
max-retry-time <integer>; max-retry-time <integer>;
max-transfer-idle-in <integer>; max-transfer-idle-in <integer>;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment