bind
Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name
System (DNS) protocols and provides an openly redistributable reference
implementation of the major components of the Domain Name System.
- Devel package for openSUSE:Factory
-
16
derived packages
- Links to openSUSE:Factory / bind
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout network/bind && cd $_
- Create Badge
Refresh
Refresh
Source Files
Filename | Size | Changed |
---|---|---|
_link | 0000000124 124 Bytes | |
bind-9.18.7.tar.xz | 0005626820 5.37 MB | |
bind-9.18.7.tar.xz.sha512.asc | 0000000833 833 Bytes | |
bind-ldapdump-use-valid-host.patch | 0000002343 2.29 KB | |
bind.changes | 0000168774 165 KB | |
bind.conf | 0000000444 444 Bytes | |
bind.keyring | 0000003966 3.87 KB | |
bind.spec | 0000021417 20.9 KB | |
dlz-schema.txt | 0000006292 6.14 KB | |
dnszone-schema.txt | 0000005637 5.5 KB | |
named.conf | 0000000090 90 Bytes | |
named.root | 0000003310 3.23 KB | |
vendor-files.tar.bz2 | 0000020269 19.8 KB |
Revision 357 (latest revision is 388)
Jorik Cronenberg (jcronenberg)
accepted
request 1005206
from
Jorik Cronenberg (jcronenberg)
(revision 357)
- Update to bind release 9.18.7 Security Fixes: * Previously, there was no limit to the number of database lookups performed while processing large delegations, which could be abused to severely impact the performance of named running as a recursive resolver. This has been fixed. (CVE-2022-2795) * When an HTTP connection was reused to request statistics from the stats channel, the content length of successive responses could grow in size past the end of the allocated buffer. This has been fixed. (CVE-2022-2881) * Memory leaks in code handling Diffie-Hellman (DH) keys were fixed that could be externally triggered, when using TKEY records in DH mode with OpenSSL 3.0.0 and later versions. (CVE-2022-2906) * named running as a resolver with the stale-answer-client-timeout option set to 0 could crash with an assertion failure, when there was a stale CNAME in the cache for the incoming query. This has been fixed. (CVE-2022-3080) * Memory leaks were fixed that could be externally triggered in the DNSSEC verification code for the EdDSA algorithm. (CVE-2022-38178) Feature Changes: * Response Rate Limiting (RRL) code now treats all QNAMEs that are subject to wildcard processing within a given zone as the same name, to prevent circumventing the limits enforced by RRL. * Zones using dnssec-policy now require dynamic DNS or inline-signing to be configured explicitly. * When reconfiguring dnssec-policy from using NSEC with an NSEC-only DNSKEY algorithm (e.g. RSASHA1) to a policy that uses NSEC3, BIND 9 no longer fails to sign the zone; instead, it keeps using NSEC until the offending DNSKEY records have been removed from the zone, then switches to using NSEC3. * A backward-compatible approach was implemented for encoding internationalized domain names (IDN) in dig and converting the domain to IDNA2008 form; if that fails, BIND tries an IDNA2003 conversion. Bug Fixes: * A serve-stale bug was fixed, where BIND would try to return stale data from cache for lookups that received duplicate queries or queries that would be dropped. This bug resulted in premature SERVFAIL responses, and has now been resolved. This obsoletes the following patch: * bind-fix-mysql-bindings.patch [bsc#1203614, bsc#1203615, bsc#1203616, bsc#1203618, bsc#1203620]
Comments 0