1. 17 Nov, 2014 1 commit
  2. 16 Nov, 2014 1 commit
    • Evan Hunt's avatar
      [master] geoip security fixes · a0b4f6d9
      Evan Hunt authored
      4003.	[security]	When geoip-directory was reconfigured during
      			named run-time, the previously loaded GeoIP
      			data could remain, potentially causing wrong
      			ACLs to be used or wrong results to be served
      			based on geolocation. [RT #37720]
      
      4002.	[security]	Lookups in GeoIP databases that were not
      			loaded could cause an assertion failure.
      			[RT #37679]
      
      4001.	[security]	The caching of GeoIP lookups did not always
      			handle address families correctly, potentially
      			resulting in an assertion failure. [RT #37672]
      a0b4f6d9
  3. 30 Aug, 2014 1 commit
  4. 29 Aug, 2014 3 commits
    • Tinderbox User's avatar
      update copyright notice · 3278ff81
      Tinderbox User authored
      3278ff81
    • Evan Hunt's avatar
      [master] ECS authoritative support · d46855ca
      Evan Hunt authored
      3936.	[func]		Added authoritative support for the EDNS Client
      			Subnet (ECS) option.
      
      			ACLs can now include "ecs" elements which specify
      			an address or network prefix; if an ECS option is
      			included in a DNS query, then the address encoded
      			in the option will be matched against "ecs" ACL
      			elements.
      
      			Also, if an ECS address is included in a query,
      			then it will be used instead of the client source
      			address when matching "geoip" ACL elements.  This
      			behavior can be overridden with "geoip-use-ecs no;".
      
      			When "ecs" or "geoip" ACL elements are used to
      			select a view for a query, the response will include
      			an ECS option to indicate which client network the
      			answer is valid for.
      
      			(Thanks to Vincent Bernat.) [RT #36781]
      d46855ca
    • Evan Hunt's avatar
      [master] fix geoip asnum matching · 180319f5
      Evan Hunt authored
      3935.	[bug]		"geoip asnum" ACL elements would not match unless
      			the full organization name was specified.  They
      			can now match against the AS number alone (e.g.,
      			AS1234). [RT #36945]
      180319f5
  5. 15 Aug, 2014 2 commits
  6. 07 May, 2014 2 commits
  7. 01 May, 2014 1 commit
  8. 29 Apr, 2014 2 commits
  9. 31 Jan, 2014 2 commits
  10. 16 Sep, 2013 1 commit
  11. 14 Mar, 2013 1 commit
    • Evan Hunt's avatar
      [master] algorithm flexibility for rndc · 4eb99892
      Evan Hunt authored
      3525.	[func]		Support for additional signing algorithms in rndc:
      			hmac-sha1, -sha224, -sha256, -sha384, and -sha512.
      			The -A option to rndc-confgen can be used to
      			select the algorithm for the generated key.
      			(The default is still hmac-md5; this may
      			change in a future release.) [RT #20363]
      4eb99892
  12. 28 Feb, 2013 2 commits
    • Mark Andrews's avatar
      update copyrights · 8e5fce1f
      Mark Andrews authored
      8e5fce1f
    • Evan Hunt's avatar
      [master] add geoip support · 501941f0
      Evan Hunt authored
      3504.	[func]		Add support for ACLs based on geographic location,
      			using MaxMind GeoIP databases. Based on code
      			contributed by Ken Brownfield <kb@slide.com>.
      			[RT #30681]
      501941f0