The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
Recursion, dynamic updates (UPDATE), and zone change notifications (NOTIFY) are now disabled for views with a class other than IN (such as CHAOS or HESIOD); authoritative service for non-IN zones (e.g. version.bind in class CHAOS) continues to work as before. Servers configured with recursion yes in a non-IN view will log a warning at startup, and named-checkconf flags the same condition. UPDATE and NOTIFY messages that specify the meta-classes ANY or NONE in the question section are now rejected with FORMERR. This addresses a set of closely related security issues collectively identified as CVE-2026-5946. ISC would like to thank Mcsky23 for bringing these issues to our attention. [9.16] fix: dev: Pass empty string instead of NULL to ns_client_dumpmessage() Pass "" instead of NULL to ns_client_dumpmessage() to get the log message printed. Resolves-Vulnerability: CVE-2026-5946 Resolves: RHEL-177764 |
||
|---|---|---|
| .fmf | ||
| tests | ||
| .gitignore | ||
| bind93-rh490837.patch | ||
| bind97-exportlib.patch | ||
| bind97-rh645544.patch | ||
| bind-9.5-dlz-64bit.patch | ||
| bind-9.5-PIE.patch | ||
| bind-9.9.1-P2-dlz-libdb.patch | ||
| bind-9.10-dist-native-pkcs11.patch | ||
| bind-9.11-feature-test-named.patch | ||
| bind-9.11-fips-disable.patch | ||
| bind-9.11-fips-tests.patch | ||
| bind-9.11-kyua-pkcs11.patch | ||
| bind-9.11-rh1666814.patch | ||
| bind-9.11-tests-variants.patch | ||
| bind-9.11.12.tar.gz.asc | ||
| bind-9.14-config-pkcs11.patch | ||
| bind-9.14-json-c.patch | ||
| bind-9.14.7.tar.gz.asc | ||
| bind-9.16-CVE-2021-25220-test.patch | ||
| bind-9.16-CVE-2021-25220.patch | ||
| bind-9.16-CVE-2022-0396.patch | ||
| bind-9.16-CVE-2022-2795.patch | ||
| bind-9.16-CVE-2022-3080.patch | ||
| bind-9.16-CVE-2022-3094-1.patch | ||
| bind-9.16-CVE-2022-3094-2.patch | ||
| bind-9.16-CVE-2022-3094-3.patch | ||
| bind-9.16-CVE-2022-3094-test.patch | ||
| bind-9.16-CVE-2022-3736.patch | ||
| bind-9.16-CVE-2022-3924.patch | ||
| bind-9.16-CVE-2022-38177.patch | ||
| bind-9.16-CVE-2022-38178.patch | ||
| bind-9.16-CVE-2023-2828.patch | ||
| bind-9.16-CVE-2023-2911-1.patch | ||
| bind-9.16-CVE-2023-2911-2.patch | ||
| bind-9.16-CVE-2023-2911-3.patch | ||
| bind-9.16-CVE-2023-3341.patch | ||
| bind-9.16-CVE-2023-4408-test1.patch | ||
| bind-9.16-CVE-2023-4408-test2.patch | ||
| bind-9.16-CVE-2023-4408.patch | ||
| bind-9.16-CVE-2023-5517.patch | ||
| bind-9.16-CVE-2023-5679.patch | ||
| bind-9.16-CVE-2023-6516-test.patch | ||
| bind-9.16-CVE-2023-6516.patch | ||
| bind-9.16-CVE-2023-50387.patch | ||
| bind-9.16-CVE-2024-1737-records-test2.patch | ||
| bind-9.16-CVE-2024-1737-records-test.patch | ||
| bind-9.16-CVE-2024-1737-records.patch | ||
| bind-9.16-CVE-2024-1737-types-test.patch | ||
| bind-9.16-CVE-2024-1737-types.patch | ||
| bind-9.16-CVE-2024-1737.patch | ||
| bind-9.16-CVE-2024-1975.patch | ||
| bind-9.16-CVE-2025-40778.patch | ||
| bind-9.16-CVE-2025-40780.patch | ||
| bind-9.16-CVE-2026-1519.patch | ||
| bind-9.16-CVE-2026-3039.patch | ||
| bind-9.16-CVE-2026-5946.patch | ||
| bind-9.16-isc_hp-additional.patch | ||
| bind-9.16-isc_hp-CVE-2023-50387.patch | ||
| bind-9.16-isc-mempool-attach.patch | ||
| bind-9.16-properly-process-extra-nameserver-lines.patch | ||
| bind-9.16-redhat_doc.patch | ||
| bind-9.16-rh2101712.patch | ||
| bind-9.16-rh2133889.patch | ||
| bind-9.16-system-test-cds.patch | ||
| bind-9.16-update-b.root-servers.net.patch | ||
| bind-9.18-configurable-additional-records.patch | ||
| bind-9.18-CVE-2024-4076.patch | ||
| bind-9.18-CVE-2024-11187-pre-test.patch | ||
| bind-9.18-CVE-2024-11187.patch | ||
| bind-9.18-dig-idn-input-always-test.patch | ||
| bind-9.18-dig-idn-input-always.patch | ||
| bind-9.18-fix-dig-hanging-issue.patch | ||
| bind-9.18-partial-additional-records.patch | ||
| bind-9.18-query-fname-relative.patch | ||
| bind-9.20-robust-key-rollovers.patch | ||
| bind-9.21-resume-qmin-cname.patch | ||
| bind-chroot.tmpfiles.d | ||
| bind.spec | ||
| bind.tmpfiles.d | ||
| Changes.md | ||
| ci.fmf | ||
| codesign2021.txt | ||
| gating.yaml | ||
| generate-rndc-key.sh | ||
| ldap2zone.c | ||
| makefile-replace-libs.py | ||
| named-chroot-setup.service | ||
| named-chroot.files | ||
| named-chroot.service | ||
| named-pkcs11.service | ||
| named-setup-rndc.service | ||
| named.conf | ||
| named.conf.sample | ||
| named.empty | ||
| named.localhost | ||
| named.logrotate | ||
| named.loopback | ||
| named.rfc1912.zones | ||
| named.root | ||
| named.root.key | ||
| named.rwtab | ||
| named.service | ||
| named.sysconfig | ||
| named.sysusers | ||
| plans.fmf | ||
| README.md | ||
| setup-named-chroot.sh | ||
| setup-named-softhsm.sh | ||
| softhsm2.conf.in | ||
| sources | ||
| trusted-key.key | ||
BIND 9
BIND (Berkeley Internet Name Domain) is a complete, highly portable implementation of the DNS (Domain Name System) protocol.
Internet Systems Consortium (https://www.isc.org), a 501(c)(3) public benefit corporation dedicated to providing software and services in support of the Internet infrastructure, developed BIND 9 and is responsible for its ongoing maintenance and improvement.
More details about upstream project can be found on their gitlab. This repository contains only upstream sources and packaging instructions for Fedora Project.
Subpackages
The package contains several subpackages, some of them can be disabled on rebuild.
- bind -- named daemon providing DNS server
- bind-utils -- set of tools to analyse DNS responses or update entries (dig, host)
- bind-doc -- documentation for current bind, BIND 9 Administrator Reference Manual.
- bind-license -- Shared license for all packages but bind-export-libs.
- bind-pkcs11 -- named daemon built with native PKCS#11 support. Can be disabled by
--without PKCS11. - bind-libs and bind-libs-lite -- Shared libraries used by some others programs
- bind-devel -- Development headers for libs.
- bind-dlz-* -- Dynamic loadable DLZ plugins with support for external databases
Optional features
- GSSTSIG -- Support for Kerberos authentication in BIND.
- LMDB -- Support for dynamic database for managing runtime added zones. Provides faster removal of added zone with much less overhead. But requires lmdb linked to base libs.
- DLZ -- Support for dynamic loaded modules providing support for features bind-sdb provides, but only small module is required.