The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
70dbc522da
6404. [security] Remove SIG(0) support from named as a countermeasure for CVE-2024-1975. [GL #4480] Upstream commit 225f2861920b8f8d42a0ea6c34dd1faa93aa8726 Resolves: RHEL-49919 |
||
|---|---|---|
| .gitignore | ||
| bind93-rh490837.patch | ||
| bind97-rh478718.patch | ||
| bind97-rh645544.patch | ||
| bind97-rh669163.patch | ||
| bind99-rh640538.patch | ||
| bind-9.3.1rc1-sdb_tools-Makefile.in | ||
| bind-9.3.2-redhat_doc.patch | ||
| bind-9.3.2b1-fix_sdb_ldap.patch | ||
| bind-9.3.2b2-sdbsrc.patch | ||
| bind-9.5-dlz-64bit.patch | ||
| bind-9.5-PIE.patch | ||
| bind-9.9.1-P2-dlz-libdb.patch | ||
| bind-9.9.1-P2-multlib-conflict.patch | ||
| bind-9.10-dist-native-pkcs11.patch | ||
| bind-9.10-sdb.patch | ||
| bind-9.10-use-of-strlcat.patch | ||
| bind-9.11-CVE-2021-25220-test.patch | ||
| bind-9.11-CVE-2021-25220.patch | ||
| bind-9.11-CVE-2022-2795.patch | ||
| bind-9.11-CVE-2023-2828-fixup.patch | ||
| bind-9.11-CVE-2023-2828.patch | ||
| bind-9.11-CVE-2023-4408.patch | ||
| bind-9.11-CVE-2023-50387-fixup.patch | ||
| bind-9.11-CVE-2023-50387.patch | ||
| bind-9.11-CVE-2024-1975.patch | ||
| bind-9.11-dhcp-time-monotonic.patch | ||
| bind-9.11-engine-pkcs11.patch | ||
| bind-9.11-export-suffix.patch | ||
| bind-9.11-fips-code-includes.patch | ||
| bind-9.11-fips-code.patch | ||
| bind-9.11-fips-disable.patch | ||
| bind-9.11-fips-tests.patch | ||
| bind-9.11-host-idn-disable.patch | ||
| bind-9.11-json-c.patch | ||
| bind-9.11-kyua-pkcs11.patch | ||
| bind-9.11-oot-manual.patch | ||
| bind-9.11-pk11.patch | ||
| bind-9.11-rh1205168.patch | ||
| bind-9.11-rh1410433.patch | ||
| bind-9.11-rh1668682.patch | ||
| bind-9.11-rh1980757.patch | ||
| bind-9.11-rh2101712.patch | ||
| bind-9.11-rh2133889.patch | ||
| bind-9.11-rt31459.patch | ||
| bind-9.11-rt46047.patch | ||
| bind-9.11-serve-stale.patch | ||
| bind-9.11-stale-cache.patch | ||
| bind-9.11-unit-disable-random.patch | ||
| bind-9.11-zone2ldap.patch | ||
| bind-9.15-resolver-ntasks.patch | ||
| bind-9.16-CVE-2022-3094-1.patch | ||
| bind-9.16-CVE-2022-3094-2.patch | ||
| bind-9.16-CVE-2022-3094-3.patch | ||
| bind-9.16-CVE-2022-3094-test.patch | ||
| bind-9.16-CVE-2022-38177.patch | ||
| bind-9.16-CVE-2022-38178.patch | ||
| bind-9.16-CVE-2023-3341.patch | ||
| bind-9.16-update-b.root-servers.net.patch | ||
| bind-95-rh452060.patch | ||
| bind-96-old-api.patch | ||
| bind.spec | ||
| bind.tmpfiles.d | ||
| dnszone.schema | ||
| gating.yaml | ||
| generate-rndc-key.sh | ||
| ldap2zone.1 | ||
| ldap2zone.c | ||
| named-chroot-setup.service | ||
| named-chroot.files | ||
| named-chroot.service | ||
| named-pkcs11.service | ||
| named-sdb-chroot-setup.service | ||
| named-sdb-chroot.service | ||
| named-sdb.8 | ||
| named-sdb.service | ||
| named-setup-rndc.service | ||
| named.conf | ||
| named.conf.sample | ||
| named.empty | ||
| named.localhost | ||
| named.logrotate | ||
| named.loopback | ||
| named.rfc1912.zones | ||
| named.root | ||
| named.root.key | ||
| named.rwtab | ||
| named.service | ||
| named.sysconfig | ||
| README.sdb_pgsql | ||
| setup-named-chroot.sh | ||
| setup-named-softhsm.sh | ||
| sources | ||
| trusted-key.key | ||
| zone2sqlite.1 | ||
| zonetodb.1 | ||
PGSQL BIND SDB driver
The postgresql BIND SDB driver is of experimental status and should not be
used for production systems.
Usage:
o Use the named_sdb process ( put ENABLE_SDB=yes in /etc/sysconfig/named )
o Edit your named.conf to contain a database zone, eg. :
zone "pgdb.net." IN {
type master;
database "pgsql bind pgdb localhost pguser pgpasswd";
# ^- DB name ^-Table ^-host ^-user ^-password
};
o Create the database zone table
The table must contain the columns "name", "rdtype", and "rdata", and
is expected to contain a properly constructed zone. The program "zonetodb"
creates such a table.
zonetodb usage:
zonetodb origin file dbname dbtable
where
origin : zone origin, eg "pgdb.net."
file : master zone database file, eg. pgdb.net.db
dbname : name of postgresql database
dbtable: name of table in database
Eg. to import this zone in the file 'pgdb.net.db' into the 'bind' database
'pgdb' table:
---
#pgdb.net.db:
$TTL 1H
@ SOA localhost. root.localhost. ( 1
3H
1H
1W
1H )
NS localhost.
host1 A 192.168.2.1
host2 A 192.168.2.2
host3 A 192.168.2.3
host4 A 192.168.2.4
host5 A 192.168.2.5
host6 A 192.168.2.6
host7 A 192.168.2.7
---
Issue this command as the pgsql user authorized to update the bind database:
# zonetodb pgdb.net. pgdb.net.db bind pgdb
will create / update the pgdb table in the 'bind' db:
$ psql -dbind -c 'select * from pgdb;'
name | ttl | rdtype | rdata
----------------+------+--------+-----------------------------------------------------
pgdb.net | 3600 | SOA | localhost. root.localhost. 1 10800 3600 604800 3600
pgdb.net | 3600 | NS | localhost.
host1.pgdb.net | 3600 | A | 192.168.2.1
host2.pgdb.net | 3600 | A | 192.168.2.2
host3.pgdb.net | 3600 | A | 192.168.2.3
host4.pgdb.net | 3600 | A | 192.168.2.4
host5.pgdb.net | 3600 | A | 192.168.2.5
host6.pgdb.net | 3600 | A | 192.168.2.6
host7.pgdb.net | 3600 | A | 192.168.2.7
(9 rows)
I've tested exactly the above configuration with bind-sdb-9.3.1+ and it works OK.
NOTE: If you use pgsqldb SDB, ensure the postgresql service is started before the named
service .
USE AT YOUR OWN RISK!