The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
4cefc72f11
- Check that an NS in an authority section returned from a forwarder which is above the name in a configured "forward first" or "forward only" zone (i.e., net/NS in a response from a forwarder configured for local.net) is not cached. - Test that a DNAME for a parent domain will not be cached when sent in a response from a forwarder configured to answer for a child. - Check that glue is rejected if its name falls below that of zone configured locally. - Check that an extra out-of-bailiwick data in the answer section is not cached (this was already working correctly, but was not explicitly tested before). Related: CVE-2021-25220 |
||
---|---|---|
tests | ||
.gitignore | ||
bind93-rh490837.patch | ||
bind97-exportlib.patch | ||
bind97-rh645544.patch | ||
bind-9.5-dlz-64bit.patch | ||
bind-9.5-PIE.patch | ||
bind-9.9.1-P2-dlz-libdb.patch | ||
bind-9.10-dist-native-pkcs11.patch | ||
bind-9.11-feature-test-named.patch | ||
bind-9.11-fips-disable.patch | ||
bind-9.11-fips-tests.patch | ||
bind-9.11-kyua-pkcs11.patch | ||
bind-9.11-rh1666814.patch | ||
bind-9.11-tests-variants.patch | ||
bind-9.11.12.tar.gz.asc | ||
bind-9.14-config-pkcs11.patch | ||
bind-9.14-json-c.patch | ||
bind-9.14.7.tar.gz.asc | ||
bind-9.16-CVE-2021-25220-test.patch | ||
bind-9.16-CVE-2021-25220.patch | ||
bind-9.16-CVE-2022-0396.patch | ||
bind-9.16-redhat_doc.patch | ||
bind.spec | ||
bind.tmpfiles.d | ||
Changes.md | ||
ci.fmf | ||
codesign2021.txt | ||
gating.yaml | ||
generate-rndc-key.sh | ||
ldap2zone.c | ||
makefile-replace-libs.py | ||
named-chroot-setup.service | ||
named-chroot.files | ||
named-chroot.service | ||
named-pkcs11.service | ||
named-setup-rndc.service | ||
named.conf | ||
named.conf.sample | ||
named.empty | ||
named.localhost | ||
named.logrotate | ||
named.loopback | ||
named.rfc1912.zones | ||
named.root | ||
named.root.key | ||
named.rwtab | ||
named.service | ||
named.sysconfig | ||
README.md | ||
setup-named-chroot.sh | ||
setup-named-softhsm.sh | ||
softhsm2.conf.in | ||
sources | ||
trusted-key.key |
BIND 9
BIND (Berkeley Internet Name Domain) is a complete, highly portable implementation of the DNS (Domain Name System) protocol.
Internet Systems Consortium (https://www.isc.org), a 501(c)(3) public benefit corporation dedicated to providing software and services in support of the Internet infrastructure, developed BIND 9 and is responsible for its ongoing maintenance and improvement.
More details about upstream project can be found on their gitlab. This repository contains only upstream sources and packaging instructions for Fedora Project.
Subpackages
The package contains several subpackages, some of them can be disabled on rebuild.
- bind -- named daemon providing DNS server
- bind-utils -- set of tools to analyse DNS responses or update entries (dig, host)
- bind-doc -- documentation for current bind, BIND 9 Administrator Reference Manual.
- bind-license -- Shared license for all packages but bind-export-libs.
- bind-pkcs11 -- named daemon built with native PKCS#11 support. Can be disabled by
--without PKCS11
. - bind-libs and bind-libs-lite -- Shared libraries used by some others programs
- bind-devel -- Development headers for libs.
- bind-dlz-* -- Dynamic loadable DLZ plugins with support for external databases
Optional features
- GSSTSIG -- Support for Kerberos authentication in BIND.
- LMDB -- Support for dynamic database for managing runtime added zones. Provides faster removal of added zone with much less overhead. But requires lmdb linked to base libs.
- DLZ -- Support for dynamic loaded modules providing support for features bind-sdb provides, but only small module is required.