1. 12 Aug, 2015 2 commits
    • Mark Andrews's avatar
      Updated CHANGES note to include require-server-cookie: · c631ff56
      Mark Andrews authored
      4152.   [func]          Implement DNS COOKIE option.  This replaces the
                              experimental SIT option of BIND 9.10.  The following
                              named.conf directives are available: send-cookie,
                              cookie-secret, cookie-algorithm, nocookie-udp-size
                              and require-server-cookie.  The following dig options
                              are available: +[no]cookie[=value] and +[no]badcookie.
                              [RT #39928]
      c631ff56
    • Evan Hunt's avatar
      [master] fix length check in OPENPGPKEY · c707e2b9
      Evan Hunt authored
      4170.	[security]	An incorrect boundary check in the OPENPGPKEY
      			rdatatype could trigger an assertion failure.
      			[RT #40286]
      c707e2b9
  2. 07 Aug, 2015 1 commit
    • Evan Hunt's avatar
      [master] address buffer accounting error · ce9f893e
      Evan Hunt authored
      4168.	[security]	A buffer accounting error could trigger an
      			assertion failure when parsing certain malformed
      			DNSSEC keys. (CVE-2015-5722) [RT #40212]
      ce9f893e
  3. 05 Aug, 2015 1 commit
  4. 31 Jul, 2015 1 commit
  5. 14 Jul, 2015 1 commit
  6. 09 Jul, 2015 1 commit
    • Evan Hunt's avatar
      [master] DDoS mitigation features · 1479200a
      Evan Hunt authored
      3938.	[func]		Added quotas to be used in recursive resolvers
      			that are under high query load for names in zones
      			whose authoritative servers are nonresponsive or
      			are experiencing a denial of service attack.
      
      			- "fetches-per-server" limits the number of
      			  simultaneous queries that can be sent to any
      			  single authoritative server.  The configured
      			  value is a starting point; it is automatically
      			  adjusted downward if the server is partially or
      			  completely non-responsive. The algorithm used to
      			  adjust the quota can be configured via the
      			  "fetch-quota-params" option.
      			- "fetches-per-zone" limits the number of
      			  simultaneous queries that can be sent for names
      			  within a single domain.  (Note: Unlike
      			  "fetches-per-server", this value is not
      			  self-tuning.)
      			- New stats counters have been added to count
      			  queries spilled due to these quotas.
      
      			See the ARM for details of these options. [RT #37125]
      1479200a
  7. 07 Jul, 2015 1 commit
    • Evan Hunt's avatar
      [master] traffic size stats · 70d987de
      Evan Hunt authored
      4156.	[func]		Added statistics counters to track the sizes
      			of incoming queries and outgoing responses in
      			histogram buckets, as specified in RSSAC002.
      			[RT #39049]
      70d987de
  8. 06 Jul, 2015 1 commit
  9. 05 Jul, 2015 1 commit
    • Mark Andrews's avatar
      4152. [func] Implement DNS COOKIE option. This replaces the · ce67023a
      Mark Andrews authored
                              experimental SIT option of BIND 9.10.  The following
                              named.conf directives are avaliable: send-cookie,
                              cookie-secret, cookie-algorithm and nocookie-udp-size.
                              The following dig options are available:
                              +[no]cookie[=value] and +[no]badcookie.  [RT #39928]
      ce67023a
  10. 17 Jun, 2015 2 commits
  11. 04 Jun, 2015 1 commit
  12. 21 May, 2015 3 commits
  13. 20 May, 2015 1 commit
  14. 19 May, 2015 1 commit
  15. 07 May, 2015 1 commit
  16. 24 Apr, 2015 1 commit
  17. 23 Apr, 2015 2 commits
  18. 15 Apr, 2015 1 commit
  19. 13 Apr, 2015 2 commits
  20. 08 Apr, 2015 1 commit
  21. 07 Apr, 2015 1 commit
  22. 04 Mar, 2015 2 commits
  23. 03 Mar, 2015 1 commit
    • Evan Hunt's avatar
      [master] add "lock-file" and fix up singleton code · 7ae96d88
      Evan Hunt authored
      4080.	[func]		Completed change #4022, adding a "lock-file" option
      			to named.conf to override the default lock file,
      			in addition to the "named -X <filename>" command
      			line option.  Setting the lock file to "none"
      			using either method disables the check completely.
      			[RT #37908]
      7ae96d88
  24. 02 Mar, 2015 1 commit
  25. 23 Feb, 2015 1 commit
    • Evan Hunt's avatar
      [master] fix LOADPENDING issues · 7acc2f21
      Evan Hunt authored
      4063.	[bug]		Asynchronous zone loads were not handled
      			correctly when the zone load was already in
      			progress; this could trigger a crash in zt.c.
      			[RT #37573]
      7acc2f21
  26. 06 Feb, 2015 1 commit
    • Evan Hunt's avatar
      [master] 5011 tests and fixes · 591389c7
      Evan Hunt authored
      4056.	[bug]		Expanded automatic testing of trust anchor
      			management and fixed several small bugs including
      			a memory leak and a possible loss of key state
      			information. [RT #38458]
      
      4055.	[func]		"rndc managed-keys" can be used to check status
      			of trust anchors or to force keys to be refreshed,
      			Also, the managed keys data file has easier-to-read
      			comments.  [RT #38458]
      591389c7
  27. 04 Feb, 2015 2 commits
  28. 03 Feb, 2015 1 commit
  29. 21 Jan, 2015 4 commits