Commits · 11dc1b1508427252be3595ee3cb72fbfd9884c61 · ISC Open Source Projects / BIND

17 Nov, 2014 1 commit
- update copyright notice · 11dc1b15
  Tinderbox User authored Nov 17, 2014
  
  11dc1b15
16 Nov, 2014 1 commit

[master] geoip security fixes · a0b4f6d9

Evan Hunt authored Nov 16, 2014

4003.	[security]	When geoip-directory was reconfigured during
			named run-time, the previously loaded GeoIP
			data could remain, potentially causing wrong
			ACLs to be used or wrong results to be served
			based on geolocation. [RT #37720]

4002.	[security]	Lookups in GeoIP databases that were not
			loaded could cause an assertion failure.
			[RT #37679]

4001.	[security]	The caching of GeoIP lookups did not always
			handle address families correctly, potentially
			resulting in an assertion failure. [RT #37672]

a0b4f6d9

30 Aug, 2014 1 commit
- update copyrights · 1a63fb1d
  Mark Andrews authored Aug 30, 2014
  
  1a63fb1d
29 Aug, 2014 3 commits

update copyright notice · 3278ff81
Tinderbox User authored Aug 29, 2014

3278ff81

[master] ECS authoritative support · d46855ca

Evan Hunt authored Aug 28, 2014

3936.	[func]		Added authoritative support for the EDNS Client
			Subnet (ECS) option.

			ACLs can now include "ecs" elements which specify
			an address or network prefix; if an ECS option is
			included in a DNS query, then the address encoded
			in the option will be matched against "ecs" ACL
			elements.

			Also, if an ECS address is included in a query,
			then it will be used instead of the client source
			address when matching "geoip" ACL elements.  This
			behavior can be overridden with "geoip-use-ecs no;".

			When "ecs" or "geoip" ACL elements are used to
			select a view for a query, the response will include
			an ECS option to indicate which client network the
			answer is valid for.

			(Thanks to Vincent Bernat.) [RT #36781]

d46855ca

[master] fix geoip asnum matching · 180319f5

Evan Hunt authored Aug 28, 2014

3935.	[bug]		"geoip asnum" ACL elements would not match unless
			the full organization name was specified.  They
			can now match against the AS number alone (e.g.,
			AS1234). [RT #36945]

180319f5

01 May, 2014 1 commit

[master] fixed geoip elements in named ACLs · c0c45120

Evan Hunt authored Apr 30, 2014

3835.	[bug]		Geoip ACL elements didn't work correctly when
                        referenced via named or nested ACLs. [RT #35879]

c0c45120

31 Jan, 2014 2 commits
- update copyright notice · 0666e6db
  Tinderbox User authored Jan 31, 2014
  
  0666e6db
- [master] fixed geoip in blackhole ACLs · d0803df3
  Evan Hunt authored Jan 30, 2014
```
3722.	[bug]		Using geoip ACLs in a blackhole statement
			could cause a segfault. [RT #35272]
```
  d0803df3
16 Sep, 2013 1 commit
- whitspace · 2c089bf6
  Mark Andrews authored Sep 16, 2013
  
  2c089bf6
14 Mar, 2013 1 commit

[master] algorithm flexibility for rndc · 4eb99892

Evan Hunt authored Mar 13, 2013

3525.	[func]		Support for additional signing algorithms in rndc:
			hmac-sha1, -sha224, -sha256, -sha384, and -sha512.
			The -A option to rndc-confgen can be used to
			select the algorithm for the generated key.
			(The default is still hmac-md5; this may
			change in a future release.) [RT #20363]

4eb99892

28 Feb, 2013 2 commits

update copyrights · 8e5fce1f
Mark Andrews authored Mar 01, 2013

8e5fce1f

[master] add geoip support · 501941f0

Evan Hunt authored Feb 27, 2013

3504.	[func]		Add support for ACLs based on geographic location,
			using MaxMind GeoIP databases. Based on code
			contributed by Ken Brownfield <kb@slide.com>.
			[RT #30681]

501941f0