summaryrefslogtreecommitdiffstats
path: root/usr.sbin/bind (follow)
Commit message (Collapse)AuthorAgeFilesLines
* init a variable to address https://kb.isc.org/article/AA-01272jsg2016-08-181-0/+1
| | | | | | | Most of bind got removed and this function is not called by any of the remaining parts. ok deraadt@ a long time ago.
* reduce confusion about -p option. parse it, but only permit port 53, andtedu2016-06-051-3/+4
| | | | | | make it an error otherwise instead of a warning that may be overlooked. reported by Peter van Dijk ok deraadt
* Change last non-/gnu/ fcntl(x, F_GETFL, 0) strays to fcntl(x, F_GETFL).krw2016-04-163-3/+3
| | | | | | No functional change. ok millert@
* exit() after perror() for pledge failure. Perhaps this got introducedderaadt2015-11-113-6/+18
| | | | | as a test idiom, either when pledge was young or during the transition to strings.... dunno
* pledge bind(1), dig(1), and nslookup(1). This modifies the underlyingderaadt2015-10-257-26/+35
| | | | | | | ISC library to use socket(2) with the SOCK_DNS flag. As a result, the port commands are disabled (such practice is rare in the wild these days, and pretty incompatible with the DNS vs regular socket concept in pledge..) ok bluhm phessler reyk, etc
* strcat -> strlcat. last time i checked, this was the last remainingderaadt2015-09-281-1/+3
| | | | | strcat in non-toolchain base, and inside #if not reached during compile. ok beck krw brynet
* kill strcpy deadbeck2015-09-111-1/+2
| | | | ok deraadt@
* Initialize nameservers ports along with nameservers addresses.jca2015-03-171-1/+3
| | | | | | | | | | Missing initialization, as hinted by lwres_conf_clear(). Not present in recent bind versions (the code has changed since). This fixes an erratic behaviour when no (valid) nameserver is configured in resolv.conf (dig / nslookup send requests to 127.0.0.1:48830). Problem reported by Pawel S. Veselov who also provided an alternative diff. ok crickets@
* port NSEC3 and TLSA parsing code into dig(1) from ISC BIND 9.10.1-P1pelikan2015-02-0716-5/+1987
| | | | ok henning
* oops, left an old line...deraadt2014-11-221-1/+0
|
* /dev/random has created the same effect as /dev/arandom (and /dev/urandom)deraadt2014-11-221-7/+1
| | | | | for quite some time. Mop up the last few, by using /dev/random where we actually want it, or not even mentioning arandom where it is irrelevant.
* Return failure not success in openssldh_computesecret() whenjsg2014-10-131-1/+1
| | | | | | DH_compute_key() fails and returns -1. ok guenther@
* Garbage collecting some further bits that are not necessarybrad2014-09-159-9976/+0
| | | | | | | within the BIND directory and for Makefile.in removing some files that no longer exist for the distclean target. ok sthen@
* Start removing unused documentation and the server and related binaries sourcebrad2014-08-25213-101009/+0
| | | | code.
* Strip the BIND code down to just building and installing dig, host and nslookup.brad2014-08-225-64/+16
|
* lynx will go to ports. there are too many reasons for it to go there,deraadt2014-07-161-21/+2
| | | | and not enough for it to stay. lengthy discussions.
* Misc time_t tweaks. %ld / (long)tv_sec -> %lld / (long long)tv_sec.krw2013-09-121-2/+2
| | | | Eliminate unneeded casts. suggestions from & ok millert@ guenther@
* There is no need to call arc4random_addrandom() and feed it somederaadt2013-09-021-2/+0
| | | | stupid seed that bind has decided on..
* add other root servers from named.root that were missed in previous updatessthen2013-01-081-0/+2
|
* new IPv4 address for D.ROOT-SERVERS.NETjakob2013-01-081-1/+1
|
* Add a fix for CVE-2012-1667, backported from ISC BIND. ok millert@sthen2012-06-062-5/+10
| | | | | | | | | http://www.isc.org/software/bind/advisories/cve-2012-1667 Distinguish rdata removed by BIND due to duplication, from zero-length rdata received from a server. Otherwise a server supplying zero-length rdata sections can trigger crashes or possible memory disclosure to the client. Primarily affects recursive servers.
* Apply the patches from BIND upstream to mitigate cve-2011-4313 (crashessthen2011-11-172-13/+13
| | | | | | with INSIST(! dns_rdataset_isassociated(sigrdataset))). ok jakob@
* fix an |= that should have been !=jsg2011-09-211-1/+1
| | | | | this could cause a log message to trigger when it shouldn't have reported to isc (RT #24053) and now included in current bind releases
* fix some memset sizeofs, found by jsg. ok deraadt krwtedu2011-07-051-7/+7
|
* correct memsets of key contexts which were shorter than they needed to bederaadt2011-07-051-11/+5
| | | | | | due to sizeof pointer instead of sizeof of type with tedu; some quibbles spotted by miod, ok tedu miod jsg jakob -- please push this upstream
* Add missing #includes instead of assuming that some system header pulls inguenther2010-12-311-0/+1
| | | | | | the needed bits ok deraadt@, millert@
* Initialise the port in nslookup.c correctly. It was initialisedstsp2010-05-021-2/+7
| | | | | | to zero in interactive mode, should be 53. Second half of patch submission by Nathan Rickerby (pr 6322). ok krw
* Fix breakage of dig's -p option introduced when support forstsp2010-04-241-4/+17
| | | | | | | parsing the [host]:port syntax in resolv.conf was added. Patch by Nathan Rickerby <rickerby () gmail ! com>. Prodded by jmc, OK djm krw
* Add line breaks to the source to render an .RS display that got skipped;schwarze2010-02-201-1/+6
| | | | | | found by and unbreaking the build with mandoc(1). I will also send this patch upstream. ok jmc@
* parse "nameserver [host]:port" syntax in /etc/resolv.confstsp2009-08-166-17/+63
| | | | ok deraadt@
* apply patch for https://www.isc.org/node/474 since jakob does notderaadt2009-07-291-1/+5
| | | | appear to be around.
* seperation -> separation; from Amarendra Godbolejmc2009-07-271-2/+2
|
* fix CVE-2009-0025: incorrect check of DSA DNSSEC signature verificationdjm2009-01-141-1/+1
| | | | "please commit" miod@
* #if 0 a function which we have we do not use, and where the call to it is in #if 0 as wellderaadt2008-11-101-0/+2
|
* Update to BIND 9.4.2-P2 and adapt our dynamic select changes. OK deraadt@millert2008-08-0432-244/+653
|
* Don't print a warning when the random device cannot be opened ifmillert2008-08-031-10/+10
| | | | we have a pre-chroot random device. OK deraadt@ kettenis@
* This log message is an excruiciating pain in the ass when it repeats 4000 times a second on a machine you need debug log on, and is actually used as a cacheing nameserver. remove just this one line of debug log to save people's sanitybeck2008-08-011-2/+1
| | | | ok djm@
* Dynamically allocate fd_sets so we are not limited to FD_SETSIZEmillert2008-07-163-53/+141
| | | | connections. With help from djm@. OK djm@
* retry port allocation on all errors, not just EADDRINUSE; ok jakob@djm2008-07-101-1/+1
|
* let the kernel choose the random port. code from djm@. ok markus@.jakob2008-07-091-0/+21
|
* reintroduce our own shuffle ID generator. ok djm@ millert@jakob2008-07-091-1/+4
|
* merge and resolve conflicts introduced by 9.4.2-P1jakob2008-07-0910-523/+341
|
* remove an unused variable that is a leftover from the old alg.reyk2008-07-091-2/+1
| | | | ok deraadt@
* simplify math for arc4random_uniform() suggested bydjm2008-06-091-2/+2
| | | | | | Jinmei_Tatuya AT isc.org via jakob@ empirically verified for entire domain of upper_bound
* fix math screwup that reintroduced a bias for upper_bounds in rangedjm2008-06-041-1/+1
| | | | | | | (2^30,2^31). Nothing in the tree yet requests random numbers bounded by this range. report jakob!deraadt; ok deraadt@
* msg_controllen has to be CMSG_SPACE so that the kernel can account forderaadt2008-03-242-30/+18
| | | | | | | each cmsg_len (ie. msg_controllen = sum of CMSG_ALIGN(cmsg_len). This works now that kernel fd passing has been fixed to accept a bit of sloppiness because of this ABI repair. lots of discussion with kettenis
* CMSG_LEN and CMSG_SPACE are not neccessarily the same size. So if youderaadt2008-03-191-15/+27
| | | | | | are going to allocate/free a block of memory for the message contents, you have to calculate and track the sizes seperately. This change is just like all the other CMSG changes...
* Repair the simple cases for msg_controllen where it should just bederaadt2008-03-151-3/+3
| | | | | CMSG_SIZE(sizeof(int)), not sizeof(buffer) which may be larger because of alignment; ok kettenis hshoexer
* Because the shuffle code initialisation is a specific case of shufflingdjm2008-03-151-8/+4
| | | | | | | | | a set of incrementing integers (and not an arbitrary set of values) it is possible to populate the array as we shuffle it in a single forward pass. Clever optimisation from didickman AT gmail.com; ok deraadt@ mcbride@ (same change as netinet/ip_id.c)
* Correct CMSG_SPACE and CMSG_LEN usage everywhere in the tree. Due toderaadt2008-03-131-7/+13
| | | | an extensive discussion with otto, kettenis, millert, and hshoexer
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.