The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
Go to file
Petr Menšík 168294acac Use hashtable when parsing a message
When parsing messages use a hashtable instead of a linear search to reduce
the amount of work done in findname when there's more than one name in
the section.

There are two hashtables:

1) hashtable for owner names - that's constructed for each section when we
hit the second name in the section and destroyed right after parsing
that section;

2) per-name hashtable - for each name in the section, we construct a new
hashtable for that name if there are more than one rdataset for that
particular name.

(cherry picked from commit b8a96317544c7b310b4f74360825a87b6402ddc2)
(cherry picked from commit 0ceed03ebea395da1a39ad1cb39205ce75a3f768)

Backport isc_ht API changes from BIND 9.18

To prevent allocating large hashtable in dns_message, we need to
backport the improvements to isc_ht API from BIND 9.18+ that includes
support for case insensitive keys and incremental rehashing of the
hashtables.

(cherry picked from commit a4baf324159ec3764195c949cb56c861d9f173ff)
(cherry picked from commit 2fc28056b33018f7f78b625409eb44c32d5c9b11)

fix a message parsing regression

the fix for CVE-2023-4408 introduced a regression in the message
parser, which could cause a crash if duplicate rdatasets were found
in the question section. this commit ensures that rdatasets are
correctly disassociated and freed when this occurs.

(cherry picked from commit 4c19d35614f8cd80d8748156a5bad361e19abc28)
(cherry picked from commit 98ab8c81cc7739dc220aa3f50efa3061774de8ba)

fix another message parsing regression

The fix for CVE-2023-4408 introduced a regression in the message
parser, which could cause a crash if an rdata type that can only
occur in the question was found in another section.

(cherry picked from commit 510f1de8a6add516b842a55750366944701d3d9a)
(cherry picked from commit bbbcaf8b2ec17d2cad28841ea86078168072ae2f)

Apply various tweaks specific to BIND 9.11

(cherry picked from commit c6026cbbaa9d297910af350fa6cc45788cc9f397)

Fix case insensitive matching in isc_ht hash table implementation

The case insensitive matching in isc_ht was basically completely broken
as only the hashvalue computation was case insensitive, but the key
comparison was always case sensitive.

(cherry picked from commit c462d65b2fd0db362947db4a18a87df78f8d8e5d)
(cherry picked from commit 418b3793598a1e1c7e391bb317866d405cd03501)

Add a system test for mixed-case data for the same owner

We were missing a test where a single owner name would have multiple
types with a different case.  The generated RRSIGs and NSEC records will
then have different case than the signed records and message parser have
to cope with that and treat everything as the same owner.

(cherry picked from commit c8b623d87f0fb8f9cba8dea5c6a4b600953895e7)
(cherry picked from commit 1f9bbe1fe34b7a2c9765431e8a86b460afc9b323)

6315.	[security]	Speed up parsing of DNS messages with many different
			names. (CVE-2023-4408) [GL #4234]

; Resolves: CVE-2023-4408
Resolves: RHEL-25691
2024-03-26 18:05:44 +01:00
.gitignore Import rpm: c8s 2023-02-27 12:22:41 -05:00
bind93-rh490837.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind97-rh478718.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind97-rh645544.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind97-rh669163.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind99-rh640538.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.3.1rc1-sdb_tools-Makefile.in Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.3.2-redhat_doc.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.3.2b1-fix_sdb_ldap.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.3.2b2-sdbsrc.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.5-dlz-64bit.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.5-PIE.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.9.1-P2-dlz-libdb.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.9.1-P2-multlib-conflict.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.10-dist-native-pkcs11.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.10-sdb.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.10-use-of-strlcat.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-CVE-2021-25220-test.patch Auto sync2gitlab import of bind-9.11.36-7.el8.src.rpm 2022-11-24 08:09:45 +00:00
bind-9.11-CVE-2021-25220.patch Auto sync2gitlab import of bind-9.11.36-7.el8.src.rpm 2022-11-24 08:09:45 +00:00
bind-9.11-CVE-2022-2795.patch Auto sync2gitlab import of bind-9.11.36-7.el8.src.rpm 2022-11-24 08:09:45 +00:00
bind-9.11-CVE-2023-2828.patch Fix CVE-2023-2828 2023-07-19 18:16:33 +02:00
bind-9.11-CVE-2023-4408.patch Use hashtable when parsing a message 2024-03-26 18:05:44 +01:00
bind-9.11-dhcp-time-monotonic.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-engine-pkcs11.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-export-suffix.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-fips-code-includes.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-fips-code.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-fips-disable.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-fips-tests.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-host-idn-disable.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-json-c.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-kyua-pkcs11.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-oot-manual.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-pk11.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-rh1205168.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-rh1410433.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-rh1668682.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-rh1980757.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-rh2101712.patch Auto sync2gitlab import of bind-9.11.36-3.el8_6.3.src.rpm 2022-11-09 04:10:38 +00:00
bind-9.11-rh2133889.patch Auto sync2gitlab import of bind-9.11.36-8.el8.src.rpm 2023-02-18 00:15:37 +00:00
bind-9.11-rt31459.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-rt46047.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-serve-stale.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-stale-cache.patch Do not keep stale records by default 2023-10-09 19:11:01 +02:00
bind-9.11-unit-disable-random.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-zone2ldap.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.15-resolver-ntasks.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.16-CVE-2022-3094-1.patch Prevent flooding with UPDATE requests 2023-03-30 19:41:23 +02:00
bind-9.16-CVE-2022-3094-2.patch Prevent flooding with UPDATE requests 2023-03-30 19:41:23 +02:00
bind-9.16-CVE-2022-3094-3.patch Prevent flooding with UPDATE requests 2023-03-30 19:41:23 +02:00
bind-9.16-CVE-2022-3094-test.patch test failure conditions 2023-03-30 19:41:23 +02:00
bind-9.16-CVE-2022-38177.patch Auto sync2gitlab import of bind-9.11.36-5.el8.src.rpm 2022-10-03 18:11:31 +00:00
bind-9.16-CVE-2022-38178.patch Auto sync2gitlab import of bind-9.11.36-5.el8.src.rpm 2022-10-03 18:11:31 +00:00
bind-9.16-CVE-2023-3341.patch Fix CVE-2023-3341 2023-09-20 13:33:25 +02:00
bind-9.16-update-b.root-servers.net.patch Update addresses of b.root-servers.net 2024-02-26 13:17:13 +01:00
bind-95-rh452060.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-96-old-api.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind.spec Use hashtable when parsing a message 2024-03-26 18:05:44 +01:00
bind.tmpfiles.d Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
dnszone.schema Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
gating.yaml Remove dist-git based test reference from gating 2023-04-04 16:32:12 +02:00
generate-rndc-key.sh Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
ldap2zone.1 Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
ldap2zone.c Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
named-chroot-setup.service Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
named-chroot.files Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
named-chroot.service Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
named-pkcs11.service Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
named-sdb-chroot-setup.service Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
named-sdb-chroot.service Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
named-sdb.8 Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
named-sdb.service Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
named-setup-rndc.service Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
named.conf Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
named.conf.sample Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
named.empty Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
named.localhost Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
named.logrotate Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
named.loopback Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
named.rfc1912.zones Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
named.root Update addresses of b.root-servers.net 2024-02-26 13:17:13 +01:00
named.root.key Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
named.rwtab Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
named.service Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
named.sysconfig Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
README.sdb_pgsql Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
setup-named-chroot.sh Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
setup-named-softhsm.sh Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
sources Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
trusted-key.key Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
zone2sqlite.1 Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
zonetodb.1 Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00

			PGSQL BIND SDB driver

The postgresql BIND SDB driver is of experimental status and should not be 
used for production systems.

Usage:

o Use the named_sdb process ( put ENABLE_SDB=yes in /etc/sysconfig/named )

o Edit your named.conf to contain a database zone, eg. :
  
zone "pgdb.net." IN {
        type master;
        database "pgsql  bind        pgdb     localhost pguser pgpasswd";
        #                ^- DB name  ^-Table  ^-host    ^-user ^-password
};

o Create the database zone table
  The table must contain the columns "name", "rdtype", and "rdata", and
  is expected to contain a properly constructed zone.  The program "zonetodb"
  creates such a table.
  
  zonetodb usage:
    
    zonetodb origin file dbname dbtable

    where
	origin : zone origin, eg "pgdb.net."
	file   : master zone database file, eg. pgdb.net.db
	dbname : name of postgresql database 
        dbtable: name of table in database

    Eg. to import this zone in the file 'pgdb.net.db' into the 'bind' database 
        'pgdb' table:

---
#pgdb.net.db:
$TTL 1H
@       SOA     localhost.      root.localhost. (       1
                                                3H
                                                1H
                                                1W
                                                1H )
        NS      localhost.
host1   A       192.168.2.1
host2   A       192.168.2.2
host3   A       192.168.2.3
host4   A       192.168.2.4
host5   A       192.168.2.5
host6   A       192.168.2.6
host7   A       192.168.2.7
---

Issue this command as the pgsql user authorized to update the bind database:
 
# zonetodb pgdb.net. pgdb.net.db bind pgdb

will create / update the pgdb table in the 'bind' db:

$ psql -dbind -c 'select * from pgdb;'
      name      | ttl  | rdtype |                        rdata
----------------+------+--------+-----------------------------------------------------
 pgdb.net       | 3600 | SOA    | localhost. root.localhost. 1 10800 3600 604800 3600
 pgdb.net       | 3600 | NS     | localhost.
 host1.pgdb.net | 3600 | A      | 192.168.2.1
 host2.pgdb.net | 3600 | A      | 192.168.2.2
 host3.pgdb.net | 3600 | A      | 192.168.2.3
 host4.pgdb.net | 3600 | A      | 192.168.2.4
 host5.pgdb.net | 3600 | A      | 192.168.2.5
 host6.pgdb.net | 3600 | A      | 192.168.2.6
 host7.pgdb.net | 3600 | A      | 192.168.2.7
(9 rows)

I've tested exactly the above configuration with bind-sdb-9.3.1+ and it works OK.

NOTE: If you use pgsqldb SDB, ensure the postgresql service is started before the named
      service .

USE AT YOUR OWN RISK!