summaryrefslogtreecommitdiff
path: root/usr.sbin/bind/lib
AgeCommit message (Collapse)Author
2016-04-16Change last non-/gnu/ fcntl(x, F_GETFL, 0) strays to fcntl(x, F_GETFL).Kenneth R Westerback
No functional change. ok millert@
2015-10-25pledge bind(1), dig(1), and nslookup(1). This modifies the underlyingTheo de Raadt
ISC library to use socket(2) with the SOCK_DNS flag. As a result, the port commands are disabled (such practice is rare in the wild these days, and pretty incompatible with the DNS vs regular socket concept in pledge..) ok bluhm phessler reyk, etc
2003-01-20ISC BIND version 9.2.2rc1Jakob Schlyter
2015-03-17Initialize nameservers ports along with nameservers addresses.Jeremie Courreges-Anglas
Missing initialization, as hinted by lwres_conf_clear(). Not present in recent bind versions (the code has changed since). This fixes an erratic behaviour when no (valid) nameserver is configured in resolv.conf (dig / nslookup send requests to 127.0.0.1:48830). Problem reported by Pawel S. Veselov who also provided an alternative diff. ok crickets@
2015-02-07port NSEC3 and TLSA parsing code into dig(1) from ISC BIND 9.10.1-P1Martin Pelikan
ok henning
2003-01-20ISC BIND version 9.2.2rc1Jakob Schlyter
2014-10-13Return failure not success in openssldh_computesecret() whenJonathan Gray
DH_compute_key() fails and returns -1. ok guenther@
2005-03-22ISC BIND release 9.3.1. ok deraadt@Jakob Schlyter
2013-09-12Misc time_t tweaks. %ld / (long)tv_sec -> %lld / (long long)tv_sec.Kenneth R Westerback
Eliminate unneeded casts. suggestions from & ok millert@ guenther@
2013-09-02There is no need to call arc4random_addrandom() and feed it someTheo de Raadt
stupid seed that bind has decided on..
2013-01-08add other root servers from named.root that were missed in previous updatesStuart Henderson
2013-01-08new IPv4 address for D.ROOT-SERVERS.NETJakob Schlyter
2012-06-06Add a fix for CVE-2012-1667, backported from ISC BIND. ok millert@Stuart Henderson
http://www.isc.org/software/bind/advisories/cve-2012-1667 Distinguish rdata removed by BIND due to duplication, from zero-length rdata received from a server. Otherwise a server supplying zero-length rdata sections can trigger crashes or possible memory disclosure to the client. Primarily affects recursive servers.
2011-11-17Apply the patches from BIND upstream to mitigate cve-2011-4313 (crashesStuart Henderson
with INSIST(! dns_rdataset_isassociated(sigrdataset))). ok jakob@
2011-09-21fix an |= that should have been !=Jonathan Gray
this could cause a log message to trigger when it shouldn't have reported to isc (RT #24053) and now included in current bind releases
2011-07-05fix some memset sizeofs, found by jsg. ok deraadt krwTed Unangst
2011-07-05correct memsets of key contexts which were shorter than they needed to beTheo de Raadt
due to sizeof pointer instead of sizeof of type with tedu; some quibbles spotted by miod, ok tedu miod jsg jakob -- please push this upstream
2009-08-16parse "nameserver [host]:port" syntax in /etc/resolv.confStefan Sperling
ok deraadt@
2009-07-27seperation -> separation; from Amarendra GodboleJason McIntyre
2009-01-14fix CVE-2009-0025: incorrect check of DSA DNSSEC signature verificationDamien Miller
"please commit" miod@
2008-11-10#if 0 a function which we have we do not use, and where the call to it is in ↵Theo de Raadt
#if 0 as well
2008-08-04Update to BIND 9.4.2-P2 and adapt our dynamic select changes. OK deraadt@Todd C. Miller
2008-08-01This log message is an excruiciating pain in the ass when it repeats 4000 ↵Bob Beck
times a second on a machine you need debug log on, and is actually used as a cacheing nameserver. remove just this one line of debug log to save people's sanity ok djm@
2008-07-16Dynamically allocate fd_sets so we are not limited to FD_SETSIZETodd C. Miller
connections. With help from djm@. OK djm@
2008-07-10retry port allocation on all errors, not just EADDRINUSE; ok jakob@Damien Miller
2008-07-09let the kernel choose the random port. code from djm@. ok markus@.Jakob Schlyter
2008-07-09reintroduce our own shuffle ID generator. ok djm@ millert@Jakob Schlyter
2008-07-09merge and resolve conflicts introduced by 9.4.2-P1Jakob Schlyter
2008-07-09remove an unused variable that is a leftover from the old alg.Reyk Floeter
ok deraadt@
2008-06-09simplify math for arc4random_uniform() suggested byDamien Miller
Jinmei_Tatuya AT isc.org via jakob@ empirically verified for entire domain of upper_bound
2008-06-04fix math screwup that reintroduced a bias for upper_bounds in rangeDamien Miller
(2^30,2^31). Nothing in the tree yet requests random numbers bounded by this range. report jakob!deraadt; ok deraadt@
2008-03-24msg_controllen has to be CMSG_SPACE so that the kernel can account forTheo de Raadt
each cmsg_len (ie. msg_controllen = sum of CMSG_ALIGN(cmsg_len). This works now that kernel fd passing has been fixed to accept a bit of sloppiness because of this ABI repair. lots of discussion with kettenis
2008-03-19CMSG_LEN and CMSG_SPACE are not neccessarily the same size. So if youTheo de Raadt
are going to allocate/free a block of memory for the message contents, you have to calculate and track the sizes seperately. This change is just like all the other CMSG changes...
2008-03-15Repair the simple cases for msg_controllen where it should just beTheo de Raadt
CMSG_SIZE(sizeof(int)), not sizeof(buffer) which may be larger because of alignment; ok kettenis hshoexer
2008-03-15Because the shuffle code initialisation is a specific case of shufflingDamien Miller
a set of incrementing integers (and not an arbitrary set of values) it is possible to populate the array as we shuffle it in a single forward pass. Clever optimisation from didickman AT gmail.com; ok deraadt@ mcbride@ (same change as netinet/ip_id.c)
2008-03-13Correct CMSG_SPACE and CMSG_LEN usage everywhere in the tree. Due toTheo de Raadt
an extensive discussion with otto, kettenis, millert, and hshoexer
2008-03-02introduce a isc_random_uniform() function to return a uniformly distributedDamien Miller
number 0 < x <= upper_bound and use it to correct the last tiny bias in the shuffle initialisation feedback & ok deraadt@
2008-02-29replacement algorithm. initialize a 64K-short buffer using DurstenfeldTheo de Raadt
shuffle. Upon allocation, swap-permute the new value to a random slot in the 0..32K-1 th entry of the buffer as we move forward, ensuring randomness but also satisfying the non-repeating property we need. Inspired by Dillon's implementation for ip id. We believe this is easier to read though, initializes with less bias and wins speed tests. Thanks a lot to mcbride and djm for doing a bunch of statistical and speed analysis, and comments from nordin ok jakob djm mcbride
2008-02-07add IPv6 root serversJakob Schlyter
2007-12-13more str fixes; from chl@Jakob Schlyter
2007-12-13str fixes; from chl@Jakob Schlyter
2007-12-09more strcpy fixesJakob Schlyter
2007-12-09resolve conflictsJakob Schlyter
2007-12-09ISC BIND release 9.4.2Jakob Schlyter
2007-11-14update IP address of L.ROOT-SERVERS.NET; fix PR#5629Jakob Schlyter
2007-06-01avoid potentially bad snprintf construct; ok henning millert ottoPeter Valchev
2007-05-26More comment typos from Diego Casati. Including winners like funtion, allmost,Kenneth R Westerback
oustside, seqencer, toghether, nessissary, etc.
2007-03-20remove some bogus *p tests from charles longeauTed Unangst
ok deraadt millert
2007-01-25resolve conflicts with 9.3.4; SECURITY UPDATEJakob Schlyter
2007-01-25ISC BIND release 9.3.4Jakob Schlyter
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-11 20:07:42 +0000