cvs commit: src/contrib/bind9 CHANGES version src/contrib/bind9/bin/named client.c server.c src/contrib/bind9/doc/arm Bv9ARM-book.xml Bv9ARM.ch06.html Bv9ARM.pdf src/contrib/bind9/lib/bind aclocal.m4 config.h.in ...

Doug Barton dougb at FreeBSD.org
Sat Jul 12 09:38:52 UTC 2008


dougb       2008-07-12 09:38:35 UTC

  FreeBSD src repository

  Modified files:
    contrib/bind9        CHANGES version 
    contrib/bind9/bin/named client.c server.c 
    contrib/bind9/doc/arm Bv9ARM-book.xml Bv9ARM.ch06.html 
                          Bv9ARM.pdf 
    contrib/bind9/lib/bind9 check.c 
    contrib/bind9/lib/dns api dispatch.c resolver.c 
    contrib/bind9/lib/dns/include/dns dispatch.h 
  Removed files:
    contrib/bind9/lib/bind aclocal.m4 config.h.in configure 
  Log:
  SVN rev 180477 on 2008-07-12 09:38:35Z by dougb
  
  Merge from vendor/bind9/dist as of the 9.4.2-P1 import, including
  the patch from ISC for lib/bind9/check.c and deletion of unused
  files in lib/bind.
  
  This version will by default randomize the UDP query source port
  (and sequence number of course) for every query.
  
  In order to take advantage of this randomization users MUST have an
  appropriate firewall configuration to allow UDP queries to be sent and
  answers to be received on random ports; and users MUST NOT specify a
  port number using the query-source[-v6] options.
  
  The avoid-v[46]-udp-ports options exist for users who wish to eliminate
  certain port numbers from being chosen by named for this purpose. See
  the ARM Chatper 6 for more information.
  
  Also please note, this issue applies only to UDP query ports. A random
  ephemeral port is always chosen for TCP queries.
  
  This issue applies primarily to name servers whose main purpose is to
  resolve random queries (sometimes referred to as "caching" servers, or
  more properly as "resolving" servers), although even an "authoritative"
  name server will make some queries, primarily at startup time.
  
  All users of BIND are strongly encouraged to upgrade to the latest
  version, and to utilize the source port randomization feature.
  
  This update addresses issues raised in:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
  http://www.kb.cert.org/vuls/id/800113
  http://tools.ietf.org/html/draft-ietf-dnsext-forgery-resilience
  
  Revision  Changes       Path
  1.2       +2565 -920    src/contrib/bind9/CHANGES
  1.2       +336 -62      src/contrib/bind9/bin/named/client.c
  1.2       +986 -220     src/contrib/bind9/bin/named/server.c
  1.2       +11732 -5969  src/contrib/bind9/doc/arm/Bv9ARM-book.xml
  1.2       +6991 -11348  src/contrib/bind9/doc/arm/Bv9ARM.ch06.html
  1.2       +9953 -6020   src/contrib/bind9/doc/arm/Bv9ARM.pdf
  1.2       +0 -2         src/contrib/bind9/lib/bind/aclocal.m4 (dead)
  1.2       +0 -45        src/contrib/bind9/lib/bind/config.h.in (dead)
  1.2       +0 -31829     src/contrib/bind9/lib/bind/configure (dead)
  1.2       +800 -169     src/contrib/bind9/lib/bind9/check.c
  1.2       +1 -1         src/contrib/bind9/lib/dns/api
  1.2       +349 -114     src/contrib/bind9/lib/dns/dispatch.c
  1.2       +102 -94      src/contrib/bind9/lib/dns/include/dns/dispatch.h
  1.2       +1053 -311    src/contrib/bind9/lib/dns/resolver.c
  1.2       +5 -5         src/contrib/bind9/version


More information about the cvs-src mailing list