summaryrefslogtreecommitdiff
path: root/usr.sbin/bind
AgeCommit message (Collapse)Author
2018-04-03Fix crash in dig(1) +trace when falling back to TCP after a truncated replyJeremie Courreges-Anglas
Problem reported by jj@ on bugs@, fix based on https://gitlab.isc.org/isc-projects/bind9/commit/084ba95b083dc55fd10631ad43fa8fff48707648 (under ISC license) by Caspar Schutijser.
2017-09-01disable a few warnings so we can start to see the relevant ones;Otto Moerbeek
ok sthen@
2017-07-04Fix the only remaining mandoc(1) ERROR in the base system.Ingo Schwarze
(Can't resist the temptation to commit 'cause it allows such a cute commit message.)
2017-06-12destroy lint remnants.Marc Espie
okay millert@ deraadt@
2017-06-01Revert 1.16 ("add a workaround for the rebound portjacking hijinks"),Stuart Henderson
it breaks at least nslookup, host, dig +tcp.
2017-05-31add a workaround for the rebound portjacking hijinks. ok millertTed Unangst
2016-08-18init a variable to address https://kb.isc.org/article/AA-01272Jonathan Gray
Most of bind got removed and this function is not called by any of the remaining parts. ok deraadt@ a long time ago.
2003-01-20ISC BIND version 9.2.2rc1Jakob Schlyter
2016-06-05reduce confusion about -p option. parse it, but only permit port 53, andTed Unangst
make it an error otherwise instead of a warning that may be overlooked. reported by Peter van Dijk ok deraadt
2016-04-16Change last non-/gnu/ fcntl(x, F_GETFL, 0) strays to fcntl(x, F_GETFL).Kenneth R Westerback
No functional change. ok millert@
2015-11-11exit() after perror() for pledge failure. Perhaps this got introducedTheo de Raadt
as a test idiom, either when pledge was young or during the transition to strings.... dunno
2015-10-25pledge bind(1), dig(1), and nslookup(1). This modifies the underlyingTheo de Raadt
ISC library to use socket(2) with the SOCK_DNS flag. As a result, the port commands are disabled (such practice is rare in the wild these days, and pretty incompatible with the DNS vs regular socket concept in pledge..) ok bluhm phessler reyk, etc
2003-01-20ISC BIND version 9.2.2rc1Jakob Schlyter
2015-09-28strcat -> strlcat. last time i checked, this was the last remainingTheo de Raadt
strcat in non-toolchain base, and inside #if not reached during compile. ok beck krw brynet
2015-09-11kill strcpy deadBob Beck
ok deraadt@
2015-03-17Initialize nameservers ports along with nameservers addresses.Jeremie Courreges-Anglas
Missing initialization, as hinted by lwres_conf_clear(). Not present in recent bind versions (the code has changed since). This fixes an erratic behaviour when no (valid) nameserver is configured in resolv.conf (dig / nslookup send requests to 127.0.0.1:48830). Problem reported by Pawel S. Veselov who also provided an alternative diff. ok crickets@
2015-02-07port NSEC3 and TLSA parsing code into dig(1) from ISC BIND 9.10.1-P1Martin Pelikan
ok henning
2003-01-20ISC BIND version 9.2.2rc1Jakob Schlyter
2014-11-22oops, left an old line...Theo de Raadt
2014-11-22/dev/random has created the same effect as /dev/arandom (and /dev/urandom)Theo de Raadt
for quite some time. Mop up the last few, by using /dev/random where we actually want it, or not even mentioning arandom where it is irrelevant.
2014-10-13Return failure not success in openssldh_computesecret() whenJonathan Gray
DH_compute_key() fails and returns -1. ok guenther@
2005-03-22ISC BIND release 9.3.1. ok deraadt@Jakob Schlyter
2014-09-15Garbage collecting some further bits that are not necessaryBrad Smith
within the BIND directory and for Makefile.in removing some files that no longer exist for the distclean target. ok sthen@
2006-04-05ISC BIND release 9.3.2Jakob Schlyter
2003-01-20ISC BIND version 9.2.2rc1Jakob Schlyter
2014-08-25Start removing unused documentation and the server and related binaries sourceBrad Smith
code.
2006-04-05ISC BIND release 9.3.2Jakob Schlyter
2006-04-05ISC BIND release 9.3.2Jakob Schlyter
2004-09-28ISC BIND version 9.3.0. ok deraadt@Jakob Schlyter
2003-01-20ISC BIND version 9.2.2rc1Jakob Schlyter
2014-08-22Strip the BIND code down to just building and installing dig, host and nslookup.Brad Smith
2014-07-16lynx will go to ports. there are too many reasons for it to go there,Theo de Raadt
and not enough for it to stay. lengthy discussions.
2013-09-12Misc time_t tweaks. %ld / (long)tv_sec -> %lld / (long long)tv_sec.Kenneth R Westerback
Eliminate unneeded casts. suggestions from & ok millert@ guenther@
2013-09-02There is no need to call arc4random_addrandom() and feed it someTheo de Raadt
stupid seed that bind has decided on..
2013-01-08add other root servers from named.root that were missed in previous updatesStuart Henderson
2013-01-08new IPv4 address for D.ROOT-SERVERS.NETJakob Schlyter
2012-06-06Add a fix for CVE-2012-1667, backported from ISC BIND. ok millert@Stuart Henderson
http://www.isc.org/software/bind/advisories/cve-2012-1667 Distinguish rdata removed by BIND due to duplication, from zero-length rdata received from a server. Otherwise a server supplying zero-length rdata sections can trigger crashes or possible memory disclosure to the client. Primarily affects recursive servers.
2011-11-17Apply the patches from BIND upstream to mitigate cve-2011-4313 (crashesStuart Henderson
with INSIST(! dns_rdataset_isassociated(sigrdataset))). ok jakob@
2011-09-21fix an |= that should have been !=Jonathan Gray
this could cause a log message to trigger when it shouldn't have reported to isc (RT #24053) and now included in current bind releases
2011-07-05fix some memset sizeofs, found by jsg. ok deraadt krwTed Unangst
2011-07-05correct memsets of key contexts which were shorter than they needed to beTheo de Raadt
due to sizeof pointer instead of sizeof of type with tedu; some quibbles spotted by miod, ok tedu miod jsg jakob -- please push this upstream
2010-12-31Add missing #includes instead of assuming that some system header pulls inPhilip Guenthe
the needed bits ok deraadt@, millert@
2010-05-02Initialise the port in nslookup.c correctly. It was initialisedStefan Sperling
to zero in interactive mode, should be 53. Second half of patch submission by Nathan Rickerby (pr 6322). ok krw
2010-04-24Fix breakage of dig's -p option introduced when support forStefan Sperling
parsing the [host]:port syntax in resolv.conf was added. Patch by Nathan Rickerby <rickerby () gmail ! com>. Prodded by jmc, OK djm krw
2010-02-20Add line breaks to the source to render an .RS display that got skipped;Ingo Schwarze
found by and unbreaking the build with mandoc(1). I will also send this patch upstream. ok jmc@
2009-08-16parse "nameserver [host]:port" syntax in /etc/resolv.confStefan Sperling
ok deraadt@
2009-07-29apply patch for https://www.isc.org/node/474 since jakob does notTheo de Raadt
appear to be around.
2009-07-27seperation -> separation; from Amarendra GodboleJason McIntyre
2009-01-14fix CVE-2009-0025: incorrect check of DSA DNSSEC signature verificationDamien Miller
"please commit" miod@
2008-11-10#if 0 a function which we have we do not use, and where the call to it is in ↵Theo de Raadt
#if 0 as well