Commit Graph

14 Commits

Author SHA1 Message Date
Erwin Lansing
cfd4d2c42e Update to 9.8.4-P1.
Security Fixes

   Prevents named from aborting with a require assertion failure
   on servers with DNS64 enabled.  These crashes might occur as a
   result of  specific queries that are received.

New Features

*  Elliptic Curve Digital Signature Algorithm keys and signatures in
   DNSSEC are now supported per RFC 6605. [RT #21918]

Feature Changes

*  Improves OpenSSL error logging [RT #29932]

*  nslookup now returns a nonzero exit code when it is unable to get
   an answer.  [RT #29492]

Other critical bug fixes are included.

Approved by:	delphij (mentor)
MFC after:	3 days
Security:	CVE-2012-5688
Sponsored by:	DK Hostmaster A/S
2012-12-07 12:39:58 +00:00
Doug Barton
d0f6280db7 Update to version 9.8.2, the latest from ISC, which contains numerous bug fixes. 2012-04-05 04:29:35 +00:00
Doug Barton
6fae67da24 Upgrade to BIND version 9.8.1. Release notes at:
https://deepthought.isc.org/article/AA-00446/81/
or
/usr/src/contrib/bind9/

Approved by:	re (kib)
2011-09-03 07:13:45 +00:00
Doug Barton
7afecc12f4 Upgrade to version 9.8.0-P4
This version has many new features, see /usr/share/doc/bind9/README
for details.
2011-07-16 11:12:09 +00:00
Doug Barton
37bb75f740 Upgrade to 9.6-ESV-R4-P1, which address the following issues:
1. Very large RRSIG RRsets included in a negative cache can trigger
an assertion failure that will crash named (BIND 9 DNS) due to an
off-by-one error in a buffer size check.

This bug affects all resolving name servers, whether DNSSEC validation
is enabled or not, on all BIND versions prior to today. There is a
possibility of malicious exploitation of this bug by remote users.

2. Named could fail to validate zones listed in a DLV that validated
insecure without using DLV and had DS records in the parent zone.

Add a patch provided by ru@ and confirmed by ISC to fix a crash at
shutdown time when a SIG(0) key is being used.
2011-05-28 00:21:28 +00:00
Doug Barton
6318052d9e Update BIND to version 9.6.1rc1. This version has better performance and
lots of new features compared to 9.4.x, including:

	Full NSEC3 support
	Automatic zone re-signing
	New update-policy methods tcp-self and 6to4-self
	DHCID support.
	More detailed statistics counters including those supported in BIND 8.
	Faster ACL processing.
	Efficient LRU cache-cleaning mechanism.
	NSID support.
2009-05-31 05:42:58 +00:00
Doug Barton
514216e8d6 Merge from vendor/bind9/dist as of the 9.4.3 import 2008-12-23 22:47:56 +00:00
Peter Wemm
a988131922 Flatten bind9 vendor work area 2008-07-12 05:00:28 +00:00
Doug Barton
995ea97467 Vendor import of BIND 9.4.2 2007-12-02 19:10:41 +00:00
Doug Barton
141cfa5029 Vendor import of BIND 9.4.1 2007-06-02 23:21:47 +00:00
Doug Barton
e99fbbb680 Vendor import of BIND 9.3.3 2006-12-10 07:09:56 +00:00
Doug Barton
a00aca3467 Vendor import of BIND 9.3.2 2005-12-29 04:22:58 +00:00
Doug Barton
6bc6438a36 Vendor import of BIND 9.3.1 2005-03-17 08:04:02 +00:00
Tom Rhodes
b1e4bd53e0 Vender import of BIND 9.3.0rc4. 2004-09-19 01:30:24 +00:00