summaryrefslogtreecommitdiffstats
path: root/usr.sbin/bind/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
* init a variable to address https://kb.isc.org/article/AA-01272jsg2016-08-181-0/+1
| | | | | | | Most of bind got removed and this function is not called by any of the remaining parts. ok deraadt@ a long time ago.
* Change last non-/gnu/ fcntl(x, F_GETFL, 0) strays to fcntl(x, F_GETFL).krw2016-04-163-3/+3
| | | | | | No functional change. ok millert@
* pledge bind(1), dig(1), and nslookup(1). This modifies the underlyingderaadt2015-10-252-6/+6
| | | | | | | ISC library to use socket(2) with the SOCK_DNS flag. As a result, the port commands are disabled (such practice is rare in the wild these days, and pretty incompatible with the DNS vs regular socket concept in pledge..) ok bluhm phessler reyk, etc
* Initialize nameservers ports along with nameservers addresses.jca2015-03-171-1/+3
| | | | | | | | | | Missing initialization, as hinted by lwres_conf_clear(). Not present in recent bind versions (the code has changed since). This fixes an erratic behaviour when no (valid) nameserver is configured in resolv.conf (dig / nslookup send requests to 127.0.0.1:48830). Problem reported by Pawel S. Veselov who also provided an alternative diff. ok crickets@
* port NSEC3 and TLSA parsing code into dig(1) from ISC BIND 9.10.1-P1pelikan2015-02-0716-5/+1987
| | | | ok henning
* Return failure not success in openssldh_computesecret() whenjsg2014-10-131-1/+1
| | | | | | DH_compute_key() fails and returns -1. ok guenther@
* Misc time_t tweaks. %ld / (long)tv_sec -> %lld / (long long)tv_sec.krw2013-09-121-2/+2
| | | | Eliminate unneeded casts. suggestions from & ok millert@ guenther@
* There is no need to call arc4random_addrandom() and feed it somederaadt2013-09-021-2/+0
| | | | stupid seed that bind has decided on..
* add other root servers from named.root that were missed in previous updatessthen2013-01-081-0/+2
|
* new IPv4 address for D.ROOT-SERVERS.NETjakob2013-01-081-1/+1
|
* Add a fix for CVE-2012-1667, backported from ISC BIND. ok millert@sthen2012-06-062-5/+10
| | | | | | | | | http://www.isc.org/software/bind/advisories/cve-2012-1667 Distinguish rdata removed by BIND due to duplication, from zero-length rdata received from a server. Otherwise a server supplying zero-length rdata sections can trigger crashes or possible memory disclosure to the client. Primarily affects recursive servers.
* Apply the patches from BIND upstream to mitigate cve-2011-4313 (crashessthen2011-11-171-2/+5
| | | | | | with INSIST(! dns_rdataset_isassociated(sigrdataset))). ok jakob@
* fix an |= that should have been !=jsg2011-09-211-1/+1
| | | | | this could cause a log message to trigger when it shouldn't have reported to isc (RT #24053) and now included in current bind releases
* fix some memset sizeofs, found by jsg. ok deraadt krwtedu2011-07-051-7/+7
|
* correct memsets of key contexts which were shorter than they needed to bederaadt2011-07-051-11/+5
| | | | | | due to sizeof pointer instead of sizeof of type with tedu; some quibbles spotted by miod, ok tedu miod jsg jakob -- please push this upstream
* parse "nameserver [host]:port" syntax in /etc/resolv.confstsp2009-08-162-4/+38
| | | | ok deraadt@
* seperation -> separation; from Amarendra Godbolejmc2009-07-271-2/+2
|
* fix CVE-2009-0025: incorrect check of DSA DNSSEC signature verificationdjm2009-01-141-1/+1
| | | | "please commit" miod@
* #if 0 a function which we have we do not use, and where the call to it is in #if 0 as wellderaadt2008-11-101-0/+2
|
* Update to BIND 9.4.2-P2 and adapt our dynamic select changes. OK deraadt@millert2008-08-0417-187/+487
|
* This log message is an excruiciating pain in the ass when it repeats 4000 times a second on a machine you need debug log on, and is actually used as a cacheing nameserver. remove just this one line of debug log to save people's sanitybeck2008-08-011-2/+1
| | | | ok djm@
* Dynamically allocate fd_sets so we are not limited to FD_SETSIZEmillert2008-07-163-53/+141
| | | | connections. With help from djm@. OK djm@
* retry port allocation on all errors, not just EADDRINUSE; ok jakob@djm2008-07-101-1/+1
|
* let the kernel choose the random port. code from djm@. ok markus@.jakob2008-07-091-0/+21
|
* reintroduce our own shuffle ID generator. ok djm@ millert@jakob2008-07-091-1/+4
|
* merge and resolve conflicts introduced by 9.4.2-P1jakob2008-07-094-497/+283
|
* remove an unused variable that is a leftover from the old alg.reyk2008-07-091-2/+1
| | | | ok deraadt@
* simplify math for arc4random_uniform() suggested bydjm2008-06-091-2/+2
| | | | | | Jinmei_Tatuya AT isc.org via jakob@ empirically verified for entire domain of upper_bound
* fix math screwup that reintroduced a bias for upper_bounds in rangedjm2008-06-041-1/+1
| | | | | | | (2^30,2^31). Nothing in the tree yet requests random numbers bounded by this range. report jakob!deraadt; ok deraadt@
* msg_controllen has to be CMSG_SPACE so that the kernel can account forderaadt2008-03-242-30/+18
| | | | | | | each cmsg_len (ie. msg_controllen = sum of CMSG_ALIGN(cmsg_len). This works now that kernel fd passing has been fixed to accept a bit of sloppiness because of this ABI repair. lots of discussion with kettenis
* CMSG_LEN and CMSG_SPACE are not neccessarily the same size. So if youderaadt2008-03-191-15/+27
| | | | | | are going to allocate/free a block of memory for the message contents, you have to calculate and track the sizes seperately. This change is just like all the other CMSG changes...
* Repair the simple cases for msg_controllen where it should just bederaadt2008-03-151-3/+3
| | | | | CMSG_SIZE(sizeof(int)), not sizeof(buffer) which may be larger because of alignment; ok kettenis hshoexer
* Because the shuffle code initialisation is a specific case of shufflingdjm2008-03-151-8/+4
| | | | | | | | | a set of incrementing integers (and not an arbitrary set of values) it is possible to populate the array as we shuffle it in a single forward pass. Clever optimisation from didickman AT gmail.com; ok deraadt@ mcbride@ (same change as netinet/ip_id.c)
* Correct CMSG_SPACE and CMSG_LEN usage everywhere in the tree. Due toderaadt2008-03-131-7/+13
| | | | an extensive discussion with otto, kettenis, millert, and hshoexer
* introduce a isc_random_uniform() function to return a uniformly distributeddjm2008-03-023-10/+55
| | | | | | | number 0 < x <= upper_bound and use it to correct the last tiny bias in the shuffle initialisation feedback & ok deraadt@
* replacement algorithm. initialize a 64K-short buffer using Durstenfeldderaadt2008-02-296-277/+140
| | | | | | | | | | | | shuffle. Upon allocation, swap-permute the new value to a random slot in the 0..32K-1 th entry of the buffer as we move forward, ensuring randomness but also satisfying the non-repeating property we need. Inspired by Dillon's implementation for ip id. We believe this is easier to read though, initializes with less bias and wins speed tests. Thanks a lot to mcbride and djm for doing a bunch of statistical and speed analysis, and comments from nordin ok jakob djm mcbride
* add IPv6 root serversjakob2008-02-071-4/+8
|
* more str fixes; from chl@jakob2007-12-131-3/+6
|
* str fixes; from chl@jakob2007-12-132-4/+4
|
* more strcpy fixesjakob2007-12-094-6/+6
|
* resolve conflictsjakob2007-12-09157-8173/+15899
|
* ISC BIND release 9.4.2jakob2007-12-09470-8406/+23219
|
* update IP address of L.ROOT-SERVERS.NET; fix PR#5629jakob2007-11-141-1/+1
|
* avoid potentially bad snprintf construct; ok henning millert ottopvalchev2007-06-011-2/+4
|
* More comment typos from Diego Casati. Including winners like funtion, allmost,krw2007-05-261-1/+1
| | | | oustside, seqencer, toghether, nessissary, etc.
* remove some bogus *p tests from charles longeautedu2007-03-202-2/+2
| | | | ok deraadt millert
* resolve conflicts with 9.3.4; SECURITY UPDATEjakob2007-01-253-12/+71
|
* ISC BIND release 9.3.4jakob2007-01-251-1/+11
|
* resolve conflicts and regen configure scriptjakob2007-01-1063-1287/+1636
|
* ISC BIND release 9.3.3jakob2007-01-1060-578/+1417
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.