rpms/bind

The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server

Go to file

Petr Menšík 809898a212 Resolve CVE-2024-1737 6400. [security] Excessively large rdatasets can slow down database query processing, so a limit has been placed on the number of records that can be stored per rdataset in a cache or zone database. This is configured with the new "max-records-per-type" option, and defaults to 100. (CVE-2024-1737) [GL #497] [GL #3405] 6401. [security] An excessively large number of rrtypes per owner can slow down database query processing, so a limit has been placed on the number of rrtypes that can be stored per owner (node) in a cache or zone database. This is configured with the new "max-rrtypes-per-name" option, and defaults to 100. (CVE-2024-1737) [GL #3403] [GL #4548] Does not change db methods like 9.18 fix. It makes limits set at build time and fixed numbers, but does not need adjusting db interface to set new limits. Resolves: RHEL-49900		2024-08-27 22:29:25 +02:00
tests	Merged update from upstream sources	2021-01-12 20:05:29 +00:00
.gitignore	Update 9.16.23	2021-11-23 11:26:51 +01:00
bind93-rh490837.patch	Merged update from upstream sources	2021-01-22 20:42:08 +00:00
bind97-exportlib.patch	RHEL 9.0.0 Alpha bootstrap	2020-10-14 22:16:50 +02:00
bind97-rh645544.patch	Merged update from upstream sources	2021-01-22 20:42:08 +00:00
bind-9.5-dlz-64bit.patch	RHEL 9.0.0 Alpha bootstrap	2020-10-14 22:16:50 +02:00
bind-9.5-PIE.patch	Merged update from upstream sources	2021-01-22 20:42:08 +00:00
bind-9.9.1-P2-dlz-libdb.patch	RHEL 9.0.0 Alpha bootstrap	2020-10-14 22:16:50 +02:00
bind-9.10-dist-native-pkcs11.patch	Update to 9.16.16	2021-07-22 00:31:03 +02:00
bind-9.11-feature-test-named.patch	Merged update from upstream sources	2021-01-22 20:42:08 +00:00
bind-9.11-fips-disable.patch	Merged update from upstream sources	2021-01-22 20:42:08 +00:00
bind-9.11-fips-tests.patch	Update to 9.16.13	2021-05-04 14:08:10 +02:00
bind-9.11-kyua-pkcs11.patch	Merged update from upstream sources	2021-01-22 20:42:08 +00:00
bind-9.11-rh1666814.patch	Remove merged changes and update changed patch	2021-11-23 11:27:00 +01:00
bind-9.11-tests-variants.patch	Update to 9.16.16	2021-07-22 00:31:03 +02:00
bind-9.11.12.tar.gz.asc	RHEL 9.0.0 Alpha bootstrap	2020-10-14 22:16:50 +02:00
bind-9.14-config-pkcs11.patch	Update to 9.16.13	2021-05-04 14:08:10 +02:00
bind-9.14-json-c.patch	Merged update from upstream sources	2021-01-22 20:42:08 +00:00
bind-9.14.7.tar.gz.asc	Merged update from upstream sources	2021-01-22 20:42:08 +00:00
bind-9.16-CVE-2021-25220-test.patch	Add tests for forwarder cache poisoning scenarios	2022-04-11 18:07:08 +02:00
bind-9.16-CVE-2021-25220.patch	Tighten cache protection against record from forwarders	2022-04-11 18:00:59 +02:00
bind-9.16-CVE-2022-0396.patch	[CVE-2022-0396] Resolve #3112 TCP sockets stuck in CLOSE_WAIT	2022-03-25 21:03:37 +01:00
bind-9.16-CVE-2022-2795.patch	Bound the amount of work performed for delegations	2022-10-04 19:52:37 +02:00
bind-9.16-CVE-2022-3080.patch	Fix CVE-2022-3080	2022-09-22 22:14:55 +02:00
bind-9.16-CVE-2022-3094-1.patch	Fix small differences to upstream patches	2023-02-25 03:10:37 +01:00
bind-9.16-CVE-2022-3094-2.patch	Prevent flooding with UPDATE requests	2023-02-08 18:47:31 +01:00
bind-9.16-CVE-2022-3094-3.patch	Prevent flooding with UPDATE requests	2023-02-08 18:47:31 +01:00
bind-9.16-CVE-2022-3094-test.patch	Fix small differences to upstream patches	2023-02-25 03:10:37 +01:00
bind-9.16-CVE-2022-3736.patch	Handle RRSIG queries when server-stale is active	2023-02-09 17:28:30 +01:00
bind-9.16-CVE-2022-3924.patch	Fix crash when soft-quota is reached and serve-stale is active	2023-02-09 17:52:04 +01:00
bind-9.16-CVE-2022-38177.patch	Fix CVE-2022-38177	2022-09-22 22:14:56 +02:00
bind-9.16-CVE-2022-38178.patch	Fix CVE-2022-38178	2022-09-22 22:14:56 +02:00
bind-9.16-CVE-2023-2828.patch	Fix CVE-2023-2828	2023-07-19 18:09:09 +02:00
bind-9.16-CVE-2023-2911-1.patch	Fix CVE-2023-2911	2023-07-19 18:24:02 +02:00
bind-9.16-CVE-2023-2911-2.patch	Fix CVE-2023-2911	2023-07-19 18:24:02 +02:00
bind-9.16-CVE-2023-2911-3.patch	Fix CVE-2023-2911	2023-07-19 18:24:02 +02:00
bind-9.16-CVE-2023-3341.patch	Fix CVE-2023-3341	2023-09-20 13:22:16 +02:00
bind-9.16-CVE-2023-4408-test1.patch	Import tests for large DNS messages fix	2024-03-26 12:05:32 +01:00
bind-9.16-CVE-2023-4408-test2.patch	Import tests for large DNS messages fix	2024-03-26 12:05:32 +01:00
bind-9.16-CVE-2023-4408.patch	Prevent increased CPU load on large DNS messages	2024-03-26 12:05:22 +01:00
bind-9.16-CVE-2023-5517.patch	Prevent assertion failure when nxdomain-redirect is used with	2024-03-26 12:05:32 +01:00
bind-9.16-CVE-2023-5679.patch	Prevent assertion failure if DNS64 and serve-stale is used	2024-03-26 12:05:32 +01:00
bind-9.16-CVE-2023-6516-test.patch	Stop crashes at masterformat system tests	2024-03-26 12:05:32 +01:00
bind-9.16-CVE-2023-6516.patch	Specific recursive query patterns may lead to an out-of-memory condition	2024-03-26 12:05:32 +01:00
bind-9.16-CVE-2023-50387.patch	Prevent increased CPU consumption in DNSSEC validator	2024-03-26 12:05:32 +01:00
bind-9.16-CVE-2024-1737.patch	Resolve CVE-2024-1737	2024-08-27 22:29:25 +02:00
bind-9.16-CVE-2024-1975.patch	Resolve CVE-2024-1975	2024-08-27 22:27:20 +02:00
bind-9.16-isc_hp-additional.patch	Increase size of hazard pointer array	2024-07-09 16:36:12 +02:00
bind-9.16-isc_hp-CVE-2023-50387.patch	Downstream specific changes related to KeyTrap	2024-03-26 12:05:32 +01:00
bind-9.16-isc-mempool-attach.patch	Add mctx attach/detach when creating/destroying a memory pool	2024-03-26 12:05:32 +01:00
bind-9.16-redhat_doc.patch	Update to 9.16.13	2021-05-04 14:08:10 +02:00
bind-9.16-rh2101712.patch	fixup! Have dns_zt_apply lock the zone table	2023-02-27 14:44:05 +01:00
bind-9.16-rh2133889.patch	Add include to rwlocktype_t to dns/zt.h	2023-01-21 00:03:05 +01:00
bind-9.16-system-test-cds.patch	Define variables used for test variants	2024-03-26 12:05:32 +01:00
bind-9.16-update-b.root-servers.net.patch	Update addresses of b.root-servers.net	2023-12-07 15:20:38 +01:00
bind.spec	Resolve CVE-2024-1737	2024-08-27 22:29:25 +02:00
bind.tmpfiles.d	RHEL 9.0.0 Alpha bootstrap	2020-10-14 22:16:50 +02:00
Changes.md	Merged update from upstream sources	2021-01-22 20:42:08 +00:00
ci.fmf	Merged update from upstream sources	2021-01-12 20:05:29 +00:00
codesign2021.txt	Merged update from upstream sources	2021-01-22 20:42:08 +00:00
gating.yaml	Update gating for RHEL9	2021-08-26 12:45:34 +02:00
generate-rndc-key.sh	Merged update from upstream sources	2021-01-22 20:42:08 +00:00
ldap2zone.c	RHEL 9.0.0 Alpha bootstrap	2020-10-14 22:16:50 +02:00
makefile-replace-libs.py	RHEL 9.0.0 Alpha bootstrap	2020-10-14 22:16:50 +02:00
named-chroot-setup.service	RHEL 9.0.0 Alpha bootstrap	2020-10-14 22:16:50 +02:00
named-chroot.files	Propagate system emphemeral ports to chroot	2021-10-13 12:27:59 +02:00
named-chroot.service	RHEL 9.0.0 Alpha bootstrap	2020-10-14 22:16:50 +02:00
named-pkcs11.service	RHEL 9.0.0 Alpha bootstrap	2020-10-14 22:16:50 +02:00
named-setup-rndc.service	RHEL 9.0.0 Alpha bootstrap	2020-10-14 22:16:50 +02:00
named.conf	Merged update from upstream sources	2021-01-22 20:42:08 +00:00
named.conf.sample	Merged update from upstream sources	2021-01-22 20:42:08 +00:00
named.empty	RHEL 9.0.0 Alpha bootstrap	2020-10-14 22:16:50 +02:00
named.localhost	RHEL 9.0.0 Alpha bootstrap	2020-10-14 22:16:50 +02:00
named.logrotate	RHEL 9.0.0 Alpha bootstrap	2020-10-14 22:16:50 +02:00
named.loopback	RHEL 9.0.0 Alpha bootstrap	2020-10-14 22:16:50 +02:00
named.rfc1912.zones	RHEL 9.0.0 Alpha bootstrap	2020-10-14 22:16:50 +02:00
named.root	Update addresses of b.root-servers.net	2023-12-07 15:20:38 +01:00
named.root.key	Merged update from upstream sources	2021-01-22 20:42:08 +00:00
named.rwtab	RHEL 9.0.0 Alpha bootstrap	2020-10-14 22:16:50 +02:00
named.service	RHEL 9.0.0 Alpha bootstrap	2020-10-14 22:16:50 +02:00
named.sysconfig	RHEL 9.0.0 Alpha bootstrap	2020-10-14 22:16:50 +02:00
README.md	Merged update from upstream sources	2021-01-22 20:42:08 +00:00
setup-named-chroot.sh	RHEL 9.0.0 Alpha bootstrap	2020-10-14 22:16:50 +02:00
setup-named-softhsm.sh	RHEL 9.0.0 Alpha bootstrap	2020-10-14 22:16:50 +02:00
softhsm2.conf.in	RHEL 9.0.0 Alpha bootstrap	2020-10-14 22:16:50 +02:00
sources	Update 9.16.23	2021-11-23 11:26:51 +01:00
trusted-key.key	RHEL 9.0.0 Alpha bootstrap	2020-10-14 22:16:50 +02:00

README.md

BIND 9

BIND (Berkeley Internet Name Domain) is a complete, highly portable implementation of the DNS (Domain Name System) protocol.

Internet Systems Consortium (https://www.isc.org), a 501(c)(3) public benefit corporation dedicated to providing software and services in support of the Internet infrastructure, developed BIND 9 and is responsible for its ongoing maintenance and improvement.

More details about upstream project can be found on their gitlab. This repository contains only upstream sources and packaging instructions for Fedora Project.

Subpackages

The package contains several subpackages, some of them can be disabled on rebuild.

bind -- named daemon providing DNS server
bind-utils -- set of tools to analyse DNS responses or update entries (dig, host)
bind-doc -- documentation for current bind, BIND 9 Administrator Reference Manual.
bind-license -- Shared license for all packages but bind-export-libs.
bind-pkcs11 -- named daemon built with native PKCS#11 support. Can be disabled by --without PKCS11.
bind-libs and bind-libs-lite -- Shared libraries used by some others programs
bind-devel -- Development headers for libs.
bind-dlz-* -- Dynamic loadable DLZ plugins with support for external databases

Optional features

GSSTSIG -- Support for Kerberos authentication in BIND.
LMDB -- Support for dynamic database for managing runtime added zones. Provides faster removal of added zone with much less overhead. But requires lmdb linked to base libs.
DLZ -- Support for dynamic loaded modules providing support for features bind-sdb provides, but only small module is required.