The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
Go to file
Petr Menšík 1b133224fc Update to 9.16.2
Notes for BIND 9.16.2
Security Fixes

    DNS rebinding protection was ineffective when BIND 9 is configured as a forwarding DNS server. Found and responsibly reported by Tobias Klein. [GL #1574]

Known Issues

    We have received reports that in some circumstances, receipt of an IXFR can cause the processing of queries to slow significantly. Some of these were related to RPZ processing, which has been fixed in this release (see below). Others appear to occur where there are NSEC3-related changes (such as an operator changing the NSEC3 salt used in the hash calculation). These are being investigated. [GL #1685]

Feature Changes

    The previous DNSSEC sign statistics used lots of memory. The number of keys to track is reduced to four per zone, which should be enough for 99% of all signed zones. [GL #1179]

Bug Fixes

    When an RPZ policy zone was updated via zone transfer and a large number of records was deleted, named could become nonresponsive for a short period while deleted names were removed from the RPZ summary database. This database cleanup is now done incrementally over a longer period of time, reducing such delays. [GL #1447]

    When trying to migrate an already-signed zone from auto-dnssec maintain to one based on dnssec-policy, the existing keys were immediately deleted and replaced with new ones. As the key rollover timing constraints were not being followed, it was possible that some clients would not have been able to validate responses until all old DNSSEC information had timed out from caches. BIND now looks at the time metadata of the existing keys and incorporates it into its DNSSEC policy operation. [GL #1706]
2020-04-16 12:38:00 +02:00
tests Update chroot test to check RPM verify 2019-11-06 13:33:49 +01:00
.gitignore Update to 9.16.2 2020-04-16 12:38:00 +02:00
bind93-rh490837.patch Compilable 9.16.1 package 2020-03-27 11:28:11 +01:00
bind97-exportlib.patch update to 9.9.3rc2 2013-05-13 12:50:46 +02:00
bind97-rh645544.patch Compilable 9.16.1 package 2020-03-27 11:28:11 +01:00
bind99-rh640538.patch Update to 9.10.4-P1 2016-05-26 17:23:15 +02:00
bind-9.3.2-redhat_doc.patch Update to 9.10.4-P1 2016-05-26 17:23:15 +02:00
bind-9.5-dlz-64bit.patch Update to 9.11.4 2018-07-13 14:14:38 +02:00
bind-9.5-PIE.patch - build with -D_GNU_SOURCE (#431734) 2008-02-11 17:11:26 +00:00
bind-9.9.1-P2-dlz-libdb.patch Update to 9.9.6 2014-10-03 11:21:38 +02:00
bind-9.10-dist-native-pkcs11.patch Iterative update, not working properly 2020-03-27 11:26:09 +01:00
bind-9.10-sdb-sqlite-bld.patch Update to 9.10.1-P1 stable 2015-01-14 12:47:51 +01:00
bind-9.10-use-of-strlcat.patch Update to 9.10.4-P1 2016-05-26 17:23:15 +02:00
bind-9.11-engine-pkcs11.patch Avoid conflicts between OpenSSL and native PKCS#11 2019-08-27 21:39:46 +02:00
bind-9.11-feature-test-named.patch Update to 9.16.2 2020-04-16 12:38:00 +02:00
bind-9.11-fips-disable.patch Update patches after rebase 2020-03-27 12:30:39 +01:00
bind-9.11-fips-tests.patch Fix tsig system test 2020-03-27 11:28:13 +01:00
bind-9.11-kyua-pkcs11.patch Iterative update, not working properly 2020-03-27 11:26:09 +01:00
bind-9.11-oot-manual.patch Some patches adapted to v9_14 2020-03-27 10:53:44 +01:00
bind-9.11-rh1410433.patch Compilable 9.16.1 package 2020-03-27 11:28:11 +01:00
bind-9.11-rh1647829-2.patch Adapted patches for new version 2019-03-05 21:49:26 +01:00
bind-9.11-rh1666814.patch Compilable 9.16.1 package 2020-03-27 11:28:11 +01:00
bind-9.11-rh1768258.patch Fix wrong default GeoIP directory (#1768258) 2019-11-06 21:31:14 +01:00
bind-9.11-tests-pkcs11.patch Update patches to build on 9.14 2020-03-27 11:08:21 +01:00
bind-9.11-tests-variants.patch Update to 9.16.2 2020-04-16 12:38:00 +02:00
bind-9.11.12.tar.gz.asc fixup! Update to 9.11.12 (#1557762) 2019-10-21 15:44:10 +02:00
bind-9.14-config-pkcs11.patch Iterative update, not working properly 2020-03-27 11:26:09 +01:00
bind-9.14-json-c.patch First version compiling up to tests 2020-03-27 11:11:55 +01:00
bind-9.14.7.tar.gz.asc Update to 9.14.7 2020-03-27 11:25:12 +01:00
bind.spec Update to 9.16.2 2020-04-16 12:38:00 +02:00
bind.tmpfiles.d Update to 9.9.3rc1 2013-04-16 15:42:36 +02:00
Changes.md Create place for documenting changes in upstream 2020-03-27 11:26:09 +01:00
codesign2019.txt Add source verification on build 2019-11-25 21:06:06 +01:00
generate-rndc-key.sh Use hmac-sha256 for new RNDC keys (#1508003) 2017-10-31 17:37:27 +01:00
ldap2zone.c - updates due libtool 2.2.6 2008-11-24 12:59:15 +00:00
makefile-replace-libs.py Add helper for testing system daemons 2019-11-07 14:41:36 +01:00
named-chroot-setup.service Use new config named-chroot.files for chroot setup files (#1429656) 2018-07-13 14:11:20 +02:00
named-chroot.files Add GeoIP to bind-chroot (#1497646) 2019-09-03 13:58:49 +02:00
named-chroot.service Remove reload related comments from services 2019-11-19 14:01:06 +01:00
named-pkcs11.service Remove reload related comments from services 2019-11-19 14:01:06 +01:00
named-setup-rndc.service Rework the chroot setup/destruction workflow 2013-12-17 17:09:44 +01:00
named.conf Add GeoIP configuration into config file 2019-11-04 21:48:36 +01:00
named.conf.sample Remove named.iscdlv.key file (#1595782) 2018-06-27 18:18:57 +02:00
named.empty Remove config archive with zone files 2019-11-04 21:45:08 +01:00
named.localhost Remove config archive with zone files 2019-11-04 21:45:08 +01:00
named.logrotate Fixed systemctl path in logrotate configuration (#1148360) 2014-11-14 13:53:09 +01:00
named.loopback Remove config archive with zone files 2019-11-04 21:45:08 +01:00
named.rfc1912.zones Remove config archive with zone files 2019-11-04 21:45:08 +01:00
named.root Remove config archive with zone files 2019-11-04 21:45:08 +01:00
named.root.key Remove config archive with zone files 2019-11-04 21:45:08 +01:00
named.rwtab Install configuration for rwtab and fix chroot setup script 2013-11-12 14:29:33 +01:00
named.service Remove reload related comments from services 2019-11-19 14:01:06 +01:00
named.sysconfig Make comment how to use different config file 2017-07-14 17:02:15 +02:00
README.md Add some basic information about the package. Main goal is to replace 2018-03-13 12:45:16 +01:00
setup-named-chroot.sh Include /dev/urandom in chroot 2018-09-24 18:06:04 +02:00
setup-named-softhsm.sh Fix spec usage of softhsm helper 2019-02-22 16:39:54 +01:00
softhsm2.conf.in Enable unit tests with kyua tool (#1532694) 2018-01-09 18:19:43 +01:00
sources Update to 9.16.2 2020-04-16 12:38:00 +02:00
trusted-key.key Remove revoked KSK 19164 from trusted root keys 2019-02-15 19:50:20 +01:00

BIND 9

BIND (Berkeley Internet Name Domain) is a complete, highly portable implementation of the DNS (Domain Name System) protocol.

Internet Systems Consortium (https://www.isc.org), a 501(c)(3) public benefit corporation dedicated to providing software and services in support of the Internet infrastructure, developed BIND 9 and is responsible for its ongoing maintenance and improvement.

More details about upstream project can be found on their gitlab. This repository contains only upstream sources and packaging instructions for Fedora Project.

Subpackages

The package contains several subpackages, some of them can be disabled on rebuild.

  • bind -- named daemon providing DNS server
  • bind-utils -- set of tools to analyse DNS responses or update entries (dig, host)
  • bind-doc -- documentation for current bind, BIND 9 Administrator Reference Manual.
  • bind-license -- Shared license for all packages but bind-export-libs.
  • bind-sdb -- named daemon built with support for Dynamically Loadable Zones, interface to serve DNS names from external databases like LDAP or SQL. Can be disabled by --without SDB.
  • bind-pkcs11 -- named daemon built with native PKCS#11 support. Can be disabled by --without PKCS11.
  • bind-libs and bind-libs-lite -- Shared libraries used by some others programs
  • bind-export-libs -- Special subset of libraries without support for threads. Used by dhcp package. Can be disabled by --without EXPORT_LIBS
  • bind-devel -- Development headers for libs. Can be disabled by --without DEVEL

Optional features

  • GSSTSIG -- Support for Kerberos authentication in BIND.
  • LMDB -- Support for dynamic database for managing runtime added zones. Provides faster removal of added zone with much less overhead. But requires lmdb linked to base libs.
  • DLZ -- Support for dynamic loaded modules providing support for features bind-sdb provides, but only small module is required.