The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
Go to file
Petr Menšík a85d02f014 Prevent flooding with UPDATE requests
6064.	[security]	An UPDATE message flood could cause named to exhaust all
			available memory. This flaw was addressed by adding a
			new "update-quota" statement that controls the number of
			simultaneous UPDATE messages that can be processed or
			forwarded. The default is 100. A stats counter has been
			added to record events when the update quota is
			exceeded, and the XML and JSON statistics version
			numbers have been updated. (CVE-2022-3094) [GL #3523]

Resolves: CVE-2022-3094
2023-02-08 18:47:31 +01:00
tests Merged update from upstream sources 2021-01-12 20:05:29 +00:00
.gitignore Update 9.16.23 2021-11-23 11:26:51 +01:00
bind93-rh490837.patch Merged update from upstream sources 2021-01-22 20:42:08 +00:00
bind97-exportlib.patch RHEL 9.0.0 Alpha bootstrap 2020-10-14 22:16:50 +02:00
bind97-rh645544.patch Merged update from upstream sources 2021-01-22 20:42:08 +00:00
bind-9.5-dlz-64bit.patch RHEL 9.0.0 Alpha bootstrap 2020-10-14 22:16:50 +02:00
bind-9.5-PIE.patch Merged update from upstream sources 2021-01-22 20:42:08 +00:00
bind-9.9.1-P2-dlz-libdb.patch RHEL 9.0.0 Alpha bootstrap 2020-10-14 22:16:50 +02:00
bind-9.10-dist-native-pkcs11.patch Update to 9.16.16 2021-07-22 00:31:03 +02:00
bind-9.11-feature-test-named.patch Merged update from upstream sources 2021-01-22 20:42:08 +00:00
bind-9.11-fips-disable.patch Merged update from upstream sources 2021-01-22 20:42:08 +00:00
bind-9.11-fips-tests.patch Update to 9.16.13 2021-05-04 14:08:10 +02:00
bind-9.11-kyua-pkcs11.patch Merged update from upstream sources 2021-01-22 20:42:08 +00:00
bind-9.11-rh1666814.patch Remove merged changes and update changed patch 2021-11-23 11:27:00 +01:00
bind-9.11-tests-variants.patch Update to 9.16.16 2021-07-22 00:31:03 +02:00
bind-9.11.12.tar.gz.asc RHEL 9.0.0 Alpha bootstrap 2020-10-14 22:16:50 +02:00
bind-9.14-config-pkcs11.patch Update to 9.16.13 2021-05-04 14:08:10 +02:00
bind-9.14-json-c.patch Merged update from upstream sources 2021-01-22 20:42:08 +00:00
bind-9.14.7.tar.gz.asc Merged update from upstream sources 2021-01-22 20:42:08 +00:00
bind-9.16-CVE-2021-25220-test.patch Add tests for forwarder cache poisoning scenarios 2022-04-11 18:07:08 +02:00
bind-9.16-CVE-2021-25220.patch Tighten cache protection against record from forwarders 2022-04-11 18:00:59 +02:00
bind-9.16-CVE-2022-0396.patch [CVE-2022-0396] Resolve #3112 TCP sockets stuck in CLOSE_WAIT 2022-03-25 21:03:37 +01:00
bind-9.16-CVE-2022-2795.patch Bound the amount of work performed for delegations 2022-10-04 19:52:37 +02:00
bind-9.16-CVE-2022-3080.patch Fix CVE-2022-3080 2022-09-22 22:14:55 +02:00
bind-9.16-CVE-2022-3094-1.patch Prevent flooding with UPDATE requests 2023-02-08 18:47:31 +01:00
bind-9.16-CVE-2022-3094-2.patch Prevent flooding with UPDATE requests 2023-02-08 18:47:31 +01:00
bind-9.16-CVE-2022-3094-3.patch Prevent flooding with UPDATE requests 2023-02-08 18:47:31 +01:00
bind-9.16-CVE-2022-38177.patch Fix CVE-2022-38177 2022-09-22 22:14:56 +02:00
bind-9.16-CVE-2022-38178.patch Fix CVE-2022-38178 2022-09-22 22:14:56 +02:00
bind-9.16-redhat_doc.patch Update to 9.16.13 2021-05-04 14:08:10 +02:00
bind-9.16-rh2101712.patch Have dns_zt_apply lock the zone table 2022-11-10 11:21:26 +01:00
bind-9.16-rh2133889.patch Add include to rwlocktype_t to dns/zt.h 2023-01-21 00:03:05 +01:00
bind.spec Prevent flooding with UPDATE requests 2023-02-08 18:47:31 +01:00
bind.tmpfiles.d RHEL 9.0.0 Alpha bootstrap 2020-10-14 22:16:50 +02:00
Changes.md Merged update from upstream sources 2021-01-22 20:42:08 +00:00
ci.fmf Merged update from upstream sources 2021-01-12 20:05:29 +00:00
codesign2021.txt Merged update from upstream sources 2021-01-22 20:42:08 +00:00
gating.yaml Update gating for RHEL9 2021-08-26 12:45:34 +02:00
generate-rndc-key.sh Merged update from upstream sources 2021-01-22 20:42:08 +00:00
ldap2zone.c RHEL 9.0.0 Alpha bootstrap 2020-10-14 22:16:50 +02:00
makefile-replace-libs.py RHEL 9.0.0 Alpha bootstrap 2020-10-14 22:16:50 +02:00
named-chroot-setup.service RHEL 9.0.0 Alpha bootstrap 2020-10-14 22:16:50 +02:00
named-chroot.files Propagate system emphemeral ports to chroot 2021-10-13 12:27:59 +02:00
named-chroot.service RHEL 9.0.0 Alpha bootstrap 2020-10-14 22:16:50 +02:00
named-pkcs11.service RHEL 9.0.0 Alpha bootstrap 2020-10-14 22:16:50 +02:00
named-setup-rndc.service RHEL 9.0.0 Alpha bootstrap 2020-10-14 22:16:50 +02:00
named.conf Merged update from upstream sources 2021-01-22 20:42:08 +00:00
named.conf.sample Merged update from upstream sources 2021-01-22 20:42:08 +00:00
named.empty RHEL 9.0.0 Alpha bootstrap 2020-10-14 22:16:50 +02:00
named.localhost RHEL 9.0.0 Alpha bootstrap 2020-10-14 22:16:50 +02:00
named.logrotate RHEL 9.0.0 Alpha bootstrap 2020-10-14 22:16:50 +02:00
named.loopback RHEL 9.0.0 Alpha bootstrap 2020-10-14 22:16:50 +02:00
named.rfc1912.zones RHEL 9.0.0 Alpha bootstrap 2020-10-14 22:16:50 +02:00
named.root RHEL 9.0.0 Alpha bootstrap 2020-10-14 22:16:50 +02:00
named.root.key Merged update from upstream sources 2021-01-22 20:42:08 +00:00
named.rwtab RHEL 9.0.0 Alpha bootstrap 2020-10-14 22:16:50 +02:00
named.service RHEL 9.0.0 Alpha bootstrap 2020-10-14 22:16:50 +02:00
named.sysconfig RHEL 9.0.0 Alpha bootstrap 2020-10-14 22:16:50 +02:00
README.md Merged update from upstream sources 2021-01-22 20:42:08 +00:00
setup-named-chroot.sh RHEL 9.0.0 Alpha bootstrap 2020-10-14 22:16:50 +02:00
setup-named-softhsm.sh RHEL 9.0.0 Alpha bootstrap 2020-10-14 22:16:50 +02:00
softhsm2.conf.in RHEL 9.0.0 Alpha bootstrap 2020-10-14 22:16:50 +02:00
sources Update 9.16.23 2021-11-23 11:26:51 +01:00
trusted-key.key RHEL 9.0.0 Alpha bootstrap 2020-10-14 22:16:50 +02:00

BIND 9

BIND (Berkeley Internet Name Domain) is a complete, highly portable implementation of the DNS (Domain Name System) protocol.

Internet Systems Consortium (https://www.isc.org), a 501(c)(3) public benefit corporation dedicated to providing software and services in support of the Internet infrastructure, developed BIND 9 and is responsible for its ongoing maintenance and improvement.

More details about upstream project can be found on their gitlab. This repository contains only upstream sources and packaging instructions for Fedora Project.

Subpackages

The package contains several subpackages, some of them can be disabled on rebuild.

  • bind -- named daemon providing DNS server
  • bind-utils -- set of tools to analyse DNS responses or update entries (dig, host)
  • bind-doc -- documentation for current bind, BIND 9 Administrator Reference Manual.
  • bind-license -- Shared license for all packages but bind-export-libs.
  • bind-pkcs11 -- named daemon built with native PKCS#11 support. Can be disabled by --without PKCS11.
  • bind-libs and bind-libs-lite -- Shared libraries used by some others programs
  • bind-devel -- Development headers for libs.
  • bind-dlz-* -- Dynamic loadable DLZ plugins with support for external databases

Optional features

  • GSSTSIG -- Support for Kerberos authentication in BIND.
  • LMDB -- Support for dynamic database for managing runtime added zones. Provides faster removal of added zone with much less overhead. But requires lmdb linked to base libs.
  • DLZ -- Support for dynamic loaded modules providing support for features bind-sdb provides, but only small module is required.