The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
Go to file
Petr Menšík 5573a679ad Fail the DNSSEC validation on the first failure
Be more strict when encountering DNSSEC validation failures - fail on
the first failure.  This will break domains that have DNSSEC signing
keys with duplicate key ids, but this is something that's much easier
to fix on the authoritative side, so we are just going to be strict
on the resolver side where it is causing performance problems.

(cherry picked from commit 8b7ecba9885e163c07c2dd3e1ceab79b2ba89e34)

Add normal and slow task queues

Split the task manager queues into normal and slow task queues, so we
can move the tasks that blocks processing for a long time (like DNSSEC
validation) into the slow queue which doesn't block fast
operations (like responding from the cache).  This mitigates the whole
class of KeyTrap-like issues.

(cherry picked from commit db083a21726300916fa0b9fd8a433a796fedf636)

Don't iterate from start every time we select new signing key

Improve the selecting of the new signing key by remembering where
we stopped the iteration and just continue from that place instead
of iterating from the start over and over again each time.

(cherry picked from commit 75faeefcab47e4f1e12b358525190b4be90f97de)

Optimize selecting the signing key

Don't parse the crypto data before parsing and matching the id and the
algorithm.

(cherry picked from commit b38552cca7200a72658e482f8407f57516efc5db)

6322.	[security]	Specific DNS answers could cause a denial-of-service
			condition due to DNS validation taking a long time.
			(CVE-2023-50387) [GL #4424]

			The same code change also addresses another problem:
			preparing NSEC3 closest encloser proofs could exhaust
			available CPU resources. (CVE-2023-50868) [GL #4459]

; Resolves: CVE-2023-50387 CVE-2023-50868
Resolves: RHEL-25681 RHEL-25649
2024-03-26 18:07:39 +01:00
.gitignore Import rpm: c8s 2023-02-27 12:22:41 -05:00
bind93-rh490837.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind97-rh478718.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind97-rh645544.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind97-rh669163.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind99-rh640538.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.3.1rc1-sdb_tools-Makefile.in Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.3.2-redhat_doc.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.3.2b1-fix_sdb_ldap.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.3.2b2-sdbsrc.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.5-dlz-64bit.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.5-PIE.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.9.1-P2-dlz-libdb.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.9.1-P2-multlib-conflict.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.10-dist-native-pkcs11.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.10-sdb.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.10-use-of-strlcat.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-CVE-2021-25220-test.patch Auto sync2gitlab import of bind-9.11.36-7.el8.src.rpm 2022-11-24 08:09:45 +00:00
bind-9.11-CVE-2021-25220.patch Auto sync2gitlab import of bind-9.11.36-7.el8.src.rpm 2022-11-24 08:09:45 +00:00
bind-9.11-CVE-2022-2795.patch Auto sync2gitlab import of bind-9.11.36-7.el8.src.rpm 2022-11-24 08:09:45 +00:00
bind-9.11-CVE-2023-2828.patch Fix CVE-2023-2828 2023-07-19 18:16:33 +02:00
bind-9.11-CVE-2023-4408.patch Use hashtable when parsing a message 2024-03-26 18:05:44 +01:00
bind-9.11-CVE-2023-50387.patch Fail the DNSSEC validation on the first failure 2024-03-26 18:07:39 +01:00
bind-9.11-dhcp-time-monotonic.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-engine-pkcs11.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-export-suffix.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-fips-code-includes.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-fips-code.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-fips-disable.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-fips-tests.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-host-idn-disable.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-json-c.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-kyua-pkcs11.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-oot-manual.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-pk11.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-rh1205168.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-rh1410433.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-rh1668682.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-rh1980757.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-rh2101712.patch Auto sync2gitlab import of bind-9.11.36-3.el8_6.3.src.rpm 2022-11-09 04:10:38 +00:00
bind-9.11-rh2133889.patch Auto sync2gitlab import of bind-9.11.36-8.el8.src.rpm 2023-02-18 00:15:37 +00:00
bind-9.11-rt31459.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-rt46047.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-serve-stale.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-stale-cache.patch Do not keep stale records by default 2023-10-09 19:11:01 +02:00
bind-9.11-unit-disable-random.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.11-zone2ldap.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.15-resolver-ntasks.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-9.16-CVE-2022-3094-1.patch Prevent flooding with UPDATE requests 2023-03-30 19:41:23 +02:00
bind-9.16-CVE-2022-3094-2.patch Prevent flooding with UPDATE requests 2023-03-30 19:41:23 +02:00
bind-9.16-CVE-2022-3094-3.patch Prevent flooding with UPDATE requests 2023-03-30 19:41:23 +02:00
bind-9.16-CVE-2022-3094-test.patch test failure conditions 2023-03-30 19:41:23 +02:00
bind-9.16-CVE-2022-38177.patch Auto sync2gitlab import of bind-9.11.36-5.el8.src.rpm 2022-10-03 18:11:31 +00:00
bind-9.16-CVE-2022-38178.patch Auto sync2gitlab import of bind-9.11.36-5.el8.src.rpm 2022-10-03 18:11:31 +00:00
bind-9.16-CVE-2023-3341.patch Fix CVE-2023-3341 2023-09-20 13:33:25 +02:00
bind-9.16-update-b.root-servers.net.patch Update addresses of b.root-servers.net 2024-02-26 13:17:13 +01:00
bind-95-rh452060.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind-96-old-api.patch Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
bind.spec Fail the DNSSEC validation on the first failure 2024-03-26 18:07:39 +01:00
bind.tmpfiles.d Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
dnszone.schema Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
gating.yaml Remove dist-git based test reference from gating 2023-04-04 16:32:12 +02:00
generate-rndc-key.sh Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
ldap2zone.1 Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
ldap2zone.c Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
named-chroot-setup.service Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
named-chroot.files Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
named-chroot.service Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
named-pkcs11.service Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
named-sdb-chroot-setup.service Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
named-sdb-chroot.service Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
named-sdb.8 Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
named-sdb.service Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
named-setup-rndc.service Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
named.conf Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
named.conf.sample Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
named.empty Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
named.localhost Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
named.logrotate Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
named.loopback Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
named.rfc1912.zones Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
named.root Update addresses of b.root-servers.net 2024-02-26 13:17:13 +01:00
named.root.key Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
named.rwtab Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
named.service Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
named.sysconfig Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
README.sdb_pgsql Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
setup-named-chroot.sh Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
setup-named-softhsm.sh Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
sources Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
trusted-key.key Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
zone2sqlite.1 Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00
zonetodb.1 Auto sync2gitlab import of bind-9.11.36-4.el8.src.rpm 2022-07-26 12:11:24 +00:00

			PGSQL BIND SDB driver

The postgresql BIND SDB driver is of experimental status and should not be 
used for production systems.

Usage:

o Use the named_sdb process ( put ENABLE_SDB=yes in /etc/sysconfig/named )

o Edit your named.conf to contain a database zone, eg. :
  
zone "pgdb.net." IN {
        type master;
        database "pgsql  bind        pgdb     localhost pguser pgpasswd";
        #                ^- DB name  ^-Table  ^-host    ^-user ^-password
};

o Create the database zone table
  The table must contain the columns "name", "rdtype", and "rdata", and
  is expected to contain a properly constructed zone.  The program "zonetodb"
  creates such a table.
  
  zonetodb usage:
    
    zonetodb origin file dbname dbtable

    where
	origin : zone origin, eg "pgdb.net."
	file   : master zone database file, eg. pgdb.net.db
	dbname : name of postgresql database 
        dbtable: name of table in database

    Eg. to import this zone in the file 'pgdb.net.db' into the 'bind' database 
        'pgdb' table:

---
#pgdb.net.db:
$TTL 1H
@       SOA     localhost.      root.localhost. (       1
                                                3H
                                                1H
                                                1W
                                                1H )
        NS      localhost.
host1   A       192.168.2.1
host2   A       192.168.2.2
host3   A       192.168.2.3
host4   A       192.168.2.4
host5   A       192.168.2.5
host6   A       192.168.2.6
host7   A       192.168.2.7
---

Issue this command as the pgsql user authorized to update the bind database:
 
# zonetodb pgdb.net. pgdb.net.db bind pgdb

will create / update the pgdb table in the 'bind' db:

$ psql -dbind -c 'select * from pgdb;'
      name      | ttl  | rdtype |                        rdata
----------------+------+--------+-----------------------------------------------------
 pgdb.net       | 3600 | SOA    | localhost. root.localhost. 1 10800 3600 604800 3600
 pgdb.net       | 3600 | NS     | localhost.
 host1.pgdb.net | 3600 | A      | 192.168.2.1
 host2.pgdb.net | 3600 | A      | 192.168.2.2
 host3.pgdb.net | 3600 | A      | 192.168.2.3
 host4.pgdb.net | 3600 | A      | 192.168.2.4
 host5.pgdb.net | 3600 | A      | 192.168.2.5
 host6.pgdb.net | 3600 | A      | 192.168.2.6
 host7.pgdb.net | 3600 | A      | 192.168.2.7
(9 rows)

I've tested exactly the above configuration with bind-sdb-9.3.1+ and it works OK.

NOTE: If you use pgsqldb SDB, ensure the postgresql service is started before the named
      service .

USE AT YOUR OWN RISK!