The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
Attempts to modify behaviour done in 9.16.33. It requires explicit specification of inline-signing yes for any zone, which has specified dnssec-policy. For primary zones also when allow-update and update-policy are disabled. Turn it into warning only on RHEL builds, do not prevent starting of named. That should roughly emulate error message present on 9.16.23: 'inline-signing;' cannot be set to 'no' if dnssec-policy is also set on a non-dynamic DNS zone. But point a link into upstream KB article in any case. This has appeared only when inline-signing were specified in a zone block. For that case make it still fatal, but with new message. https://downloads.isc.org/isc/bind9/9.16.50/doc/arm/html/notes.html#known-issues Related to upstream commit 30fceec069ae0942749e6aa783f67756e82fcaae. Resolves: RHEL-6454 |
||
|---|---|---|
| .fmf | ||
| tests | ||
| .gitignore | ||
| bind93-rh490837.patch | ||
| bind97-exportlib.patch | ||
| bind97-rh645544.patch | ||
| bind-9.5-dlz-64bit.patch | ||
| bind-9.5-PIE.patch | ||
| bind-9.9.1-P2-dlz-libdb.patch | ||
| bind-9.10-dist-native-pkcs11.patch | ||
| bind-9.11-fips-disable.patch | ||
| bind-9.11-fips-tests.patch | ||
| bind-9.11-kyua-pkcs11.patch | ||
| bind-9.11-rh1666814.patch | ||
| bind-9.11.12.tar.gz.asc | ||
| bind-9.14-config-pkcs11.patch | ||
| bind-9.14-json-c.patch | ||
| bind-9.14.7.tar.gz.asc | ||
| bind-9.16-CVE-2023-2828.patch | ||
| bind-9.16-CVE-2024-1737-records-test2.patch | ||
| bind-9.16-CVE-2024-1737-records-test.patch | ||
| bind-9.16-CVE-2024-1737-records.patch | ||
| bind-9.16-CVE-2024-1737-types-test.patch | ||
| bind-9.16-CVE-2024-1737-types.patch | ||
| bind-9.16-CVE-2024-1737.patch | ||
| bind-9.16-CVE-2024-1975.patch | ||
| bind-9.16-CVE-2025-40778.patch | ||
| bind-9.16-CVE-2025-40780.patch | ||
| bind-9.16-CVE-2026-1519.patch | ||
| bind-9.16-CVE-2026-3039.patch | ||
| bind-9.16-CVE-2026-5946.patch | ||
| bind-9.16-properly-process-extra-nameserver-lines.patch | ||
| bind-9.16-redhat_doc.patch | ||
| bind-9.16-RH-inline-signing.patch | ||
| bind-9.18-configurable-additional-records.patch | ||
| bind-9.18-CVE-2024-4076.patch | ||
| bind-9.18-CVE-2024-11187-pre-test.patch | ||
| bind-9.18-CVE-2024-11187.patch | ||
| bind-9.18-dig-idn-input-always-test.patch | ||
| bind-9.18-dig-idn-input-always.patch | ||
| bind-9.18-fix-dig-hanging-issue.patch | ||
| bind-9.18-partial-additional-records.patch | ||
| bind-9.18-query-fname-relative.patch | ||
| bind-9.20-robust-key-rollovers.patch | ||
| bind-9.21-resume-qmin-cname.patch | ||
| bind-chroot.tmpfiles.d | ||
| bind.spec | ||
| bind.tmpfiles.d | ||
| Changes.md | ||
| ci.fmf | ||
| gating.yaml | ||
| generate-rndc-key.sh | ||
| isc-keyblock.asc | ||
| ldap2zone.c | ||
| makefile-replace-libs.py | ||
| named-chroot-setup.service | ||
| named-chroot.files | ||
| named-chroot.service | ||
| named-pkcs11.service | ||
| named-setup-rndc.service | ||
| named.conf | ||
| named.conf.sample | ||
| named.empty | ||
| named.localhost | ||
| named.logrotate | ||
| named.loopback | ||
| named.rfc1912.zones | ||
| named.root | ||
| named.root.key | ||
| named.rwtab | ||
| named.service | ||
| named.sysconfig | ||
| named.sysusers | ||
| plans.fmf | ||
| README.md | ||
| setup-named-chroot.sh | ||
| setup-named-softhsm.sh | ||
| softhsm2.conf.in | ||
| sources | ||
| trusted-key.key | ||
BIND 9
BIND (Berkeley Internet Name Domain) is a complete, highly portable implementation of the DNS (Domain Name System) protocol.
Internet Systems Consortium (https://www.isc.org), a 501(c)(3) public benefit corporation dedicated to providing software and services in support of the Internet infrastructure, developed BIND 9 and is responsible for its ongoing maintenance and improvement.
More details about upstream project can be found on their gitlab. This repository contains only upstream sources and packaging instructions for Fedora Project.
Subpackages
The package contains several subpackages, some of them can be disabled on rebuild.
- bind -- named daemon providing DNS server
- bind-utils -- set of tools to analyse DNS responses or update entries (dig, host)
- bind-doc -- documentation for current bind, BIND 9 Administrator Reference Manual.
- bind-license -- Shared license for all packages but bind-export-libs.
- bind-pkcs11 -- named daemon built with native PKCS#11 support. Can be disabled by
--without PKCS11. - bind-libs and bind-libs-lite -- Shared libraries used by some others programs
- bind-devel -- Development headers for libs.
- bind-dlz-* -- Dynamic loadable DLZ plugins with support for external databases
Optional features
- GSSTSIG -- Support for Kerberos authentication in BIND.
- LMDB -- Support for dynamic database for managing runtime added zones. Provides faster removal of added zone with much less overhead. But requires lmdb linked to base libs.
- DLZ -- Support for dynamic loaded modules providing support for features bind-sdb provides, but only small module is required.