Domain Name System (DNS) Server (named)
Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols and provides an openly redistributable
reference implementation of the major components of the Domain Name
System. This package includes the components to operate a DNS server.
- Developed at network
- Sources inherited from project openSUSE:Factory
-
9
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout devel:ARM:Factory:Contrib:ILP32/bind && cd $_ - Create Badge
Refresh
Refresh
Source Files
| Filename | Size | Changed |
|---|---|---|
| bind-9.18.19.tar.xz | 0005508464 5.25 MB | |
| bind-9.18.19.tar.xz.asc | 0000000833 833 Bytes | |
| bind-ldapdump-use-valid-host.patch | 0000002541 2.48 KB | |
| bind.changes | 0000192517 188 KB | |
| bind.conf | 0000000444 444 Bytes | |
| bind.keyring | 0000009606 9.38 KB | |
| bind.spec | 0000021903 21.4 KB | |
| dlz-schema.txt | 0000006292 6.14 KB | |
| dnszone-schema.txt | 0000005637 5.5 KB | |
| named.conf | 0000000090 90 Bytes | |
| named.root | 0000003310 3.23 KB | |
| vendor-files.tar.bz2 | 0000020398 19.9 KB |
Revision 202 (latest revision is 207)
Ana Guerrero (anag+factory)
accepted
request 1112571
from
Jorik Cronenberg (jcronenberg)
(revision 202)
- Update to release 9.18.19
Security Fixes:
* Previously, sending a specially crafted message over the
control channel could cause the packet-parsing code to run out
of available stack memory, causing named to terminate
unexpectedly. This has been fixed. (CVE-2023-3341)
[bsc#1215472]
* A flaw in the networking code handling DNS-over-TLS queries
could cause named to terminate unexpectedly due to an assertion
failure under significant DNS-over-TLS query load. This has
been fixed. (CVE-2023-4236)
[bsc#1215471]
Removed Features:
* The dnssec-must-be-secure option has been deprecated and will
be removed in a future release.
Feature Changes:
* If the server command is specified, nsupdate now honors the
nsupdate -v option for SOA queries by sending both the UPDATE
request and the initial query over TCP.
Bug Fixes:
* The value of the If-Modified-Since header in the statistics
channel was not being correctly validated for its length,
potentially allowing an authorized user to trigger a buffer
overflow. Ensuring the statistics channel is configured
correctly to grant access exclusively to authorized users is
essential (see the statistics-channels block definition and
usage section).
* The Content-Length header in the statistics channel was lacking
proper bounds checking. A negative or excessively large value
could potentially trigger an integer overflow and result in an
assertion failure.
* Several memory leaks caused by not clearing the OpenSSL error
stack were fixed.
* The introduction of krb5-subdomain-self-rhs and
ms-subdomain-self-rhs UPDATE policies accidentally caused named
to return SERVFAIL responses to deletion requests for
non-existent PTR and SRV records. This has been fixed.
* The stale-refresh-time feature was mistakenly disabled when the
server cache was flushed by rndc flush. This has been fixed.
* BIND’s memory consumption has been improved by implementing
dedicated jemalloc memory arenas for sending buffers. This
optimization ensures that memory usage is more efficient and
better manages the return of memory pages to the operating
system.
* Previously, partial writes in the TLS DNS code were not
accounted for correctly, which could have led to DNS message
corruption. This has been fixed.
Comments 2
bind 9.12.2 has been released; https://www.isc.org/downloads/
Link to bits: ftp://ftp.isc.org/isc/bind9/9.13.2/bind-9.13.2.tar.gz