The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
48ccfe833a
When answering queries, don't add data to the additional section if the answer has more than 13 names in the RDATA. This limits the number of lookups into the database(s) during a single client query, reducing query processing load. Also, don't append any additional data to type=ANY queries. The answer to ANY is already big enough. Vulnerability: CVE-2024-11187 Resolves: RHEL-76875 (cherry picked from commit 90a94b1099913c2c18188f78a5226d43bc7fecc5) |
||
|---|---|---|
| .fmf | ||
| .gitignore | ||
| bind93-rh490837.patch | ||
| bind97-rh478718.patch | ||
| bind97-rh645544.patch | ||
| bind97-rh669163.patch | ||
| bind99-rh640538.patch | ||
| bind-9.3.1rc1-sdb_tools-Makefile.in | ||
| bind-9.3.2-redhat_doc.patch | ||
| bind-9.3.2b1-fix_sdb_ldap.patch | ||
| bind-9.3.2b2-sdbsrc.patch | ||
| bind-9.5-dlz-64bit.patch | ||
| bind-9.5-PIE.patch | ||
| bind-9.9.1-P2-dlz-libdb.patch | ||
| bind-9.9.1-P2-multlib-conflict.patch | ||
| bind-9.10-dist-native-pkcs11.patch | ||
| bind-9.10-sdb.patch | ||
| bind-9.10-use-of-strlcat.patch | ||
| bind-9.11-CVE-2021-25220-test.patch | ||
| bind-9.11-CVE-2021-25220.patch | ||
| bind-9.11-CVE-2022-2795.patch | ||
| bind-9.11-CVE-2023-2828-fixup.patch | ||
| bind-9.11-CVE-2023-2828.patch | ||
| bind-9.11-CVE-2023-4408.patch | ||
| bind-9.11-CVE-2023-50387-fixup.patch | ||
| bind-9.11-CVE-2023-50387.patch | ||
| bind-9.11-CVE-2024-1737-runtime-env.patch | ||
| bind-9.11-CVE-2024-1737.patch | ||
| bind-9.11-CVE-2024-1975.patch | ||
| bind-9.11-dhcp-time-monotonic.patch | ||
| bind-9.11-engine-pkcs11.patch | ||
| bind-9.11-export-suffix.patch | ||
| bind-9.11-fips-code-includes.patch | ||
| bind-9.11-fips-code.patch | ||
| bind-9.11-fips-disable.patch | ||
| bind-9.11-fips-tests.patch | ||
| bind-9.11-host-idn-disable.patch | ||
| bind-9.11-json-c.patch | ||
| bind-9.11-kyua-pkcs11.patch | ||
| bind-9.11-oot-manual.patch | ||
| bind-9.11-pk11.patch | ||
| bind-9.11-rh1205168.patch | ||
| bind-9.11-rh1410433.patch | ||
| bind-9.11-rh1668682.patch | ||
| bind-9.11-rh1980757.patch | ||
| bind-9.11-rh2101712.patch | ||
| bind-9.11-rh2133889.patch | ||
| bind-9.11-rt31459.patch | ||
| bind-9.11-rt46047.patch | ||
| bind-9.11-serve-stale.patch | ||
| bind-9.11-stale-cache.patch | ||
| bind-9.11-unit-disable-random.patch | ||
| bind-9.11-zone2ldap.patch | ||
| bind-9.15-resolver-ntasks.patch | ||
| bind-9.16-CVE-2022-3094-1.patch | ||
| bind-9.16-CVE-2022-3094-2.patch | ||
| bind-9.16-CVE-2022-3094-3.patch | ||
| bind-9.16-CVE-2022-3094-test.patch | ||
| bind-9.16-CVE-2022-38177.patch | ||
| bind-9.16-CVE-2022-38178.patch | ||
| bind-9.16-CVE-2023-3341.patch | ||
| bind-9.16-update-b.root-servers.net.patch | ||
| bind-9.18-CVE-2024-11187-pre-test.patch | ||
| bind-9.18-CVE-2024-11187.patch | ||
| bind-95-rh452060.patch | ||
| bind-96-old-api.patch | ||
| bind.spec | ||
| bind.tmpfiles.d | ||
| ci.fmf | ||
| dnszone.schema | ||
| gating.yaml | ||
| generate-rndc-key.sh | ||
| ldap2zone.1 | ||
| ldap2zone.c | ||
| named-chroot-setup.service | ||
| named-chroot.files | ||
| named-chroot.service | ||
| named-pkcs11.service | ||
| named-sdb-chroot-setup.service | ||
| named-sdb-chroot.service | ||
| named-sdb.8 | ||
| named-sdb.service | ||
| named-setup-rndc.service | ||
| named.conf | ||
| named.conf.sample | ||
| named.empty | ||
| named.localhost | ||
| named.logrotate | ||
| named.loopback | ||
| named.rfc1912.zones | ||
| named.root | ||
| named.root.key | ||
| named.rwtab | ||
| named.service | ||
| named.sysconfig | ||
| plans.fmf | ||
| README.sdb_pgsql | ||
| setup-named-chroot.sh | ||
| setup-named-softhsm.sh | ||
| sources | ||
| trusted-key.key | ||
| zone2sqlite.1 | ||
| zonetodb.1 | ||
PGSQL BIND SDB driver
The postgresql BIND SDB driver is of experimental status and should not be
used for production systems.
Usage:
o Use the named_sdb process ( put ENABLE_SDB=yes in /etc/sysconfig/named )
o Edit your named.conf to contain a database zone, eg. :
zone "pgdb.net." IN {
type master;
database "pgsql bind pgdb localhost pguser pgpasswd";
# ^- DB name ^-Table ^-host ^-user ^-password
};
o Create the database zone table
The table must contain the columns "name", "rdtype", and "rdata", and
is expected to contain a properly constructed zone. The program "zonetodb"
creates such a table.
zonetodb usage:
zonetodb origin file dbname dbtable
where
origin : zone origin, eg "pgdb.net."
file : master zone database file, eg. pgdb.net.db
dbname : name of postgresql database
dbtable: name of table in database
Eg. to import this zone in the file 'pgdb.net.db' into the 'bind' database
'pgdb' table:
---
#pgdb.net.db:
$TTL 1H
@ SOA localhost. root.localhost. ( 1
3H
1H
1W
1H )
NS localhost.
host1 A 192.168.2.1
host2 A 192.168.2.2
host3 A 192.168.2.3
host4 A 192.168.2.4
host5 A 192.168.2.5
host6 A 192.168.2.6
host7 A 192.168.2.7
---
Issue this command as the pgsql user authorized to update the bind database:
# zonetodb pgdb.net. pgdb.net.db bind pgdb
will create / update the pgdb table in the 'bind' db:
$ psql -dbind -c 'select * from pgdb;'
name | ttl | rdtype | rdata
----------------+------+--------+-----------------------------------------------------
pgdb.net | 3600 | SOA | localhost. root.localhost. 1 10800 3600 604800 3600
pgdb.net | 3600 | NS | localhost.
host1.pgdb.net | 3600 | A | 192.168.2.1
host2.pgdb.net | 3600 | A | 192.168.2.2
host3.pgdb.net | 3600 | A | 192.168.2.3
host4.pgdb.net | 3600 | A | 192.168.2.4
host5.pgdb.net | 3600 | A | 192.168.2.5
host6.pgdb.net | 3600 | A | 192.168.2.6
host7.pgdb.net | 3600 | A | 192.168.2.7
(9 rows)
I've tested exactly the above configuration with bind-sdb-9.3.1+ and it works OK.
NOTE: If you use pgsqldb SDB, ensure the postgresql service is started before the named
service .
USE AT YOUR OWN RISK!