Domain Name System (DNS) Server (named)
Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols and provides an openly redistributable
reference implementation of the major components of the Domain Name
System. This package includes the components to operate a DNS server.
- Developed at network
- Sources inherited from project openSUSE:Factory
-
9
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout openSUSE:Factory:ARM/bind && cd $_
- Create Badge
Refresh
Refresh
Source Files
Filename | Size | Changed |
---|---|---|
bind-9.18.11.tar.xz | 0005284184 5.04 MB | |
bind-9.18.11.tar.xz.sha512.asc | 0000000833 833 Bytes | |
bind-ldapdump-use-valid-host.patch | 0000002541 2.48 KB | |
bind.changes | 0000178617 174 KB | |
bind.conf | 0000000444 444 Bytes | |
bind.keyring | 0000003966 3.87 KB | |
bind.spec | 0000021418 20.9 KB | |
dlz-schema.txt | 0000006292 6.14 KB | |
dnszone-schema.txt | 0000005637 5.5 KB | |
named.conf | 0000000090 90 Bytes | |
named.root | 0000003310 3.23 KB | |
vendor-files.tar.bz2 | 0000020221 19.7 KB |
Revision 191 (latest revision is 208)
Dominique Leuenberger (dimstar_suse)
accepted
request 1060984
from
Jorik Cronenberg (jcronenberg)
(revision 191)
- Update to release 9.18.11 Security Fixes: * An UPDATE message flood could cause named to exhaust all available memory. This flaw was addressed by adding a new update-quota option that controls the maximum number of outstanding DNS UPDATE messages that named can hold in a queue at any given time (default: 100). (CVE-2022-3094) * named could crash with an assertion failure when an RRSIG query was received and stale-answer-client-timeout was set to a non-zero value. This has been fixed. (CVE-2022-3736) * named running as a resolver with the stale-answer-client-timeout option set to any value greater than 0 could crash with an assertion failure, when the recursive-clients soft quota was reached. This has been fixed. (CVE-2022-3924) New Features: * The new update-quota option can be used to control the number of simultaneous DNS UPDATE messages that can be processed to update an authoritative zone on a primary server, or forwarded to the primary server by a secondary server. The default is 100. A new statistics counter has also been added to record events when this quota is exceeded, and the version numbers for the XML and JSON statistics schemas have been updated. Removed Features: * The Differentiated Services Code Point (DSCP) feature in BIND has been non-operational since the new Network Manager was introduced in BIND 9.16. It is now marked as obsolete, and vestigial code implementing it has been removed. Configuring DSCP values in named.conf now causes a warning to be logged. Feature Changes: * The catalog zone implementation has been optimized to work with hundreds of thousands of member zones. Bug Fixes: * A rare assertion failure was fixed in outgoing TCP DNS connection handling. * Large zone transfers over TLS (XoT) could fail. This has been fixed. * In addition to a previously fixed bug, another similar issue was discovered where quotas could be erroneously reached for servers, including any configured forwarders, resulting in SERVFAIL answers being sent to clients. This has been fixed. * In certain query resolution scenarios (e.g. when following CNAME records), named configured to answer from stale cache could return a SERVFAIL response despite a usable, non-stale answer being present in the cache. This has been fixed. * When an outgoing request timed out, named would retry up to three times with the same server instead of trying the next available name server. This has been fixed. * Recently used ADB names and ADB entries (IP addresses) could get cleaned when ADB was under memory pressure. To mitigate this, only actual ADB names and ADB entries are now counted (excluding internal memory structures used for “housekeeping”) and recently used (<= 10 seconds) ADB names and entries are excluded from the overmem memory cleaner. * The “Prohibited” Extended DNS Error was inadvertently set in some NOERROR responses. This has been fixed. * Previously, TLS session resumption could have led to handshake failures when client certificates were used for authentication (Mutual TLS). This has been fixed. [bsc#1207471, bsc#1207473, bsc#1207475]
Comments 2
bind 9.12.2 has been released; https://www.isc.org/downloads/
Link to bits: ftp://ftp.isc.org/isc/bind9/9.13.2/bind-9.13.2.tar.gz