1c6949770d
Fix DNS-over-HTTP(S) implementation issues that arise under heavy query load. Optimize resource usage for :iscman:`named` instances that accept queries over DNS-over-HTTP(S). Previously, :iscman:`named` would process all incoming HTTP/2 data at once, which could overwhelm the server, especially when dealing with clients that send requests but don't wait for responses. That has been fixed. Now, :iscman:`named` handles HTTP/2 data in smaller chunks and throttles reading until the remote side reads the response data. It also throttles clients that send too many requests at once. Additionally, :iscman:`named` now carefully processes data sent by some clients, which can be considered "flooding." It logs these clients and drops connections from them. :gl:`#4795` In some cases, :iscman:`named` could leave DNS-over-HTTP(S) connections in the `CLOSE_WAIT` state indefinitely. That also has been fixed. ISC would like to thank JF Billaud for thoroughly investigating the issue and verifying the fix. :gl:`#5083` Vulnerability: CVE-2024-12705 Resolves: RHEL-76868 |
||
|---|---|---|
| .fmf | ||
| .gitignore | ||
| bind9.18.spec | ||
| bind97-exportlib.patch | ||
| bind-9.5-PIE.patch | ||
| bind-9.11.12.tar.gz.asc | ||
| bind-9.14.7.tar.gz.asc | ||
| bind-9.16-redhat_doc.patch | ||
| bind-9.18-CVE-2024-11187-pre-test.patch | ||
| bind-9.18-CVE-2024-11187.patch | ||
| bind-9.18-CVE-2024-12705.patch | ||
| bind-9.18-nsupdate-TLS-doc.patch | ||
| bind-9.18-nsupdate-TLS-tests.patch | ||
| bind-9.18-nsupdate-TLS.patch | ||
| bind-9.18-unittest-netmgr-unstable.patch | ||
| bind.tmpfiles.d | ||
| Changes.md | ||
| ci.fmf | ||
| codesign2019.txt | ||
| gating.yaml | ||
| generate-rndc-key.sh | ||
| isc-keyblock.asc | ||
| ldap2zone.c | ||
| makefile-replace-libs.py | ||
| named-chroot-setup.service | ||
| named-chroot.files | ||
| named-chroot.service | ||
| named-setup-rndc.service | ||
| named.conf | ||
| named.conf.sample | ||
| named.empty | ||
| named.localhost | ||
| named.logrotate | ||
| named.loopback | ||
| named.rfc1912.zones | ||
| named.root | ||
| named.root.key | ||
| named.rwtab | ||
| named.service | ||
| named.sysconfig | ||
| plans.fmf | ||
| README.md | ||
| setup-named-chroot.sh | ||
| setup-named-softhsm.sh | ||
| softhsm2.conf.in | ||
| sources | ||
| trusted-key.key | ||
BIND 9
BIND (Berkeley Internet Name Domain) is a complete, highly portable implementation of the DNS (Domain Name System) protocol.
Internet Systems Consortium (https://www.isc.org), a 501(c)(3) public benefit corporation dedicated to providing software and services in support of the Internet infrastructure, developed BIND 9 and is responsible for its ongoing maintenance and improvement.
More details about upstream project can be found on their gitlab. This repository contains only upstream sources and packaging instructions for Fedora Project.
Subpackages
The package contains several subpackages, some of them can be disabled on rebuild.
- bind -- named daemon providing DNS server
- bind-utils -- set of tools to analyse DNS responses or update entries (dig, host)
- bind-doc -- documentation for current bind, BIND 9 Administrator Reference Manual.
- bind-license -- Shared license for all packages but bind-export-libs.
- bind-libs -- Shared libraries used by some others programs
- bind-devel -- Development headers for libs. Can be disabled by
--without DEVEL
Optional features
- GSSTSIG -- Support for Kerberos authentication in BIND.
- LMDB -- Support for dynamic database for managing runtime added zones. Provides faster removal of added zone with much less overhead. But requires lmdb linked to base libs.
- DLZ -- Support for dynamic loaded modules providing support for features bind-sdb provides, but only small module is required.