Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/mpl/bind/dist Import bind-9.16.37 (previous was bin...
details: https://anonhg.NetBSD.org/src/rev/20a7f64cdb69
branches: trunk
changeset: 373232:20a7f64cdb69
user: christos <christos%NetBSD.org@localhost>
date: Wed Jan 25 20:36:33 2023 +0000
description:
Import bind-9.16.37 (previous was bind-9.16.33)
--- 9.16.37 released ---
6067. [security] Fix serve-stale crash when recursive clients soft quota
is reached. (CVE-2022-3924) [GL #3619]
6066. [security] Handle RRSIG lookups when serve-stale is active.
(CVE-2022-3736) [GL #3622]
6064. [security] An UPDATE message flood could cause named to exhaust all
available memory. This flaw was addressed by adding a
new "update-quota" statement that controls the number of
simultaneous UPDATE messages that can be processed or
forwarded. The default is 100. A stats counter has been
added to record events when the update quota is
exceeded, and the XML and JSON statistics version
numbers have been updated. (CVE-2022-3094) [GL #3523]
6062. [func] The DSCP implementation, which has only been
partly operational since 9.16.0, is now marked as
deprecated. Configuring DSCP values in named.conf
will cause a warning will be logged. [GL #3773]
6060. [bug] Fix a use-after-free bug in dns_zonemgr_releasezone()
by detaching from the zone manager outside of the write
lock. [GL #3768]
6059. [bug] In some serve stale scenarios, like when following an
expired CNAME record, named could return SERVFAIL if the
previous request wasn't successful. Consider non-stale
data when in serve-stale mode. [GL #3678]
6058. [bug] Prevent named from crashing when "rndc delzone"
attempts to delete a zone added by a catalog zone.
[GL #3745]
6050. [bug] Changes to the RPZ response-policy min-update-interval
and add-soa options now take effect as expected when
named is reconfigured. [GL #3740]
6048. [bug] Fix a log message error in dns_catz_update_from_db(),
where serials with values of 2^31 or larger were logged
incorrectly as negative numbers. [GL #3742]
6045. [cleanup] The list of supported DNSSEC algorithms changed log
level from "warning" to "notice" to match named's other
startup messages. [GL !7217]
6044. [bug] There was an "RSASHA236" typo in a log message.
[GL !7206]
--- 9.16.36 released ---
6043. [bug] The key file IO locks objects would never get
deleted from the hashtable due to off-by-one error.
[GL #3727]
6042. [bug] ANY responses could sometimes have the wrong TTL.
[GL #3613]
6040. [bug] Speed up the named shutdown time by explicitly
canceling all recursing ns_client objects for
each ns_clientmgr. [GL #3183]
6039. [bug] Removing a catalog zone from catalog-zones without
also removing the referenced zone could leave a
dangling pointer. [GL #3683]
6031. [bug] Move the "final reference detached" log message
from dns_zone unit to the DEBUG(1) log level.
[GL #3707]
6024. [func] Deprecate 'auto-dnssec'. [GL #3667]
6021. [bug] Use the current domain name when checking answers from
a dual-stack-server. [GL #3607]
6020. [bug] Ensure 'named-checkconf -z' respects the check-wildcard
option when loading a zone. [GL #1905]
6017. [bug] The view's zone table was not locked when it should
have been leading to race conditions when external
extensions that manipulate the zone table where in
use. [GL #3468]
--- 9.16.35 released ---
6013. [bug] Fix a crash that could happen when you change
a dnssec-policy zone with NSEC3 to start using
inline-signing. [GL #3591]
6009. [bug] Don't trust a placeholder KEYDATA from the managed-keys
zone by adding it into secroots. [GL #2895]
6008. [bug] Fixed a race condition that could cause a crash
in dns_zone_synckeyzone(). [GL #3617]
6002. [bug] Fix a resolver prefetch bug when the record's TTL value
is equal to the configured prefetch eligibility value,
but the record was erroneously not treated as eligible
for prefetching. [GL #3603]
6001. [bug] Always call dns_adb_endudpfetch() after calling
dns_adb_beginudpfetch() for UDP queries in resolver.c,
in order to adjust back the quota. [GL #3598]
6000. [bug] Fix a startup issue on Solaris systems with many
(reportedly > 510) CPUs. Thanks to Stacey Marshall from
Oracle for deep investigation of the problem. [GL #3563]
5999. [bug] rpz-ip rules could be ineffective in some scenarios
with CD=1 queries. [GL #3247]
5998. [bug] The RecursClients statistics counter could overflow
in certain resolution scenarios. [GL #3584]
5996. [bug] Fix a couple of bugs in cfg_print_duration(), which
could result in generating incomplete duration values
when printing the configuration using named-checkconf.
[GL !6880]
--- 9.16.34 released ---
5991. [protocol] Add support for parsing and validating "dohpath" to
SVCB. [GL #3544]
5988. [bug] Some out of memory conditions in opensslrsa_link.c
could lead to memory leaks. [GL #3551]
5984. [func] 'named -V' now reports the list of supported
DNSSEC/DS/HMAC algorithms and the supported TKEY modes.
[GL #3541]
5983. [bug] Changing just the TSIG key names for primaries in
catalog zones' member zones was not effective.
[GL #3557]
5973. [bug] Fixed a possible invalid detach in UPDATE
processing. [GL #3522]
5963. [bug] Ensure struct named_server is properly initialized.
[GL #6531]
5921. [test] Convert system tests to use a default DNSKEY algorithm
where the test is not DNSKEY algorithm specific.
[GL #3440]
diffstat:
external/mpl/bind/dist/CHANGES | 146 ++
external/mpl/bind/dist/COPYRIGHT | 2 +-
external/mpl/bind/dist/bin/dig/dig.rst | 8 +-
external/mpl/bind/dist/bin/named/bind9.xsl | 4 +-
external/mpl/bind/dist/bin/named/named.conf.rst | 13 +-
external/mpl/bind/dist/bin/named/named.rst | 16 +-
external/mpl/bind/dist/bin/nsupdate/nsupdate.rst | 2 +
external/mpl/bind/dist/bin/tests/system/addzone/tests.sh | 22 +-
external/mpl/bind/dist/bin/tests/system/auth/clean.sh | 2 +
external/mpl/bind/dist/bin/tests/system/autosign/clean.sh | 2 +-
external/mpl/bind/dist/bin/tests/system/autosign/ns1/keygen.sh | 20 +-
external/mpl/bind/dist/bin/tests/system/autosign/ns2/Xbar.+013+59973.key | 5 +
external/mpl/bind/dist/bin/tests/system/autosign/ns2/Xbar.+013+59973.private | 6 +
external/mpl/bind/dist/bin/tests/system/autosign/ns2/Xbar.+013+60101.key | 5 +
external/mpl/bind/dist/bin/tests/system/autosign/ns2/Xbar.+013+60101.private | 6 +
external/mpl/bind/dist/bin/tests/system/autosign/ns2/keygen.sh | 18 +-
external/mpl/bind/dist/bin/tests/system/autosign/ns3/keygen.sh | 101 +-
external/mpl/bind/dist/bin/tests/system/autosign/ns3/named.conf.in | 4 +-
external/mpl/bind/dist/bin/tests/system/autosign/ns3/nsec-only.example.db.in | 26 +
external/mpl/bind/dist/bin/tests/system/autosign/tests.sh | 582 ++++----
external/mpl/bind/dist/bin/tests/system/builtin/tests.sh | 14 +-
external/mpl/bind/dist/bin/tests/system/cacheclean/tests.sh | 6 +-
external/mpl/bind/dist/bin/tests/system/case/setup.sh | 2 +
external/mpl/bind/dist/bin/tests/system/catz/clean.sh | 2 +
external/mpl/bind/dist/bin/tests/system/catz/ns1/named.conf.in | 7 +-
external/mpl/bind/dist/bin/tests/system/catz/ns2/named1.conf.in | 7 +-
external/mpl/bind/dist/bin/tests/system/catz/ns2/named2.conf.in | 2 +-
external/mpl/bind/dist/bin/tests/system/catz/ns3/catalog.example.db.in | 14 +
external/mpl/bind/dist/bin/tests/system/catz/setup.sh | 2 +-
external/mpl/bind/dist/bin/tests/system/catz/tests.sh | 94 +-
external/mpl/bind/dist/bin/tests/system/cds/setup.sh | 26 +-
external/mpl/bind/dist/bin/tests/system/cds/tests.sh | 2 +-
external/mpl/bind/dist/bin/tests/system/chain/ns2/sign.sh | 20 +-
external/mpl/bind/dist/bin/tests/system/chain/tests.sh | 2 +
external/mpl/bind/dist/bin/tests/system/checkconf/bad-kasp-keydir1.conf.in | 50 +
external/mpl/bind/dist/bin/tests/system/checkconf/bad-kasp-keydir2.conf.in | 48 +
external/mpl/bind/dist/bin/tests/system/checkconf/bad-kasp-keydir3.conf.in | 55 +
external/mpl/bind/dist/bin/tests/system/checkconf/bad-kasp-keydir4.conf.in | 52 +
external/mpl/bind/dist/bin/tests/system/checkconf/bad-kasp-keydir5.conf.in | 52 +
external/mpl/bind/dist/bin/tests/system/checkconf/check-wildcard-no.conf | 18 +
external/mpl/bind/dist/bin/tests/system/checkconf/check-wildcard.conf | 18 +
external/mpl/bind/dist/bin/tests/system/checkconf/check-wildcard.db | 23 +
external/mpl/bind/dist/bin/tests/system/checkconf/clean.sh | 12 +-
external/mpl/bind/dist/bin/tests/system/checkconf/deprecated.conf | 5 +
external/mpl/bind/dist/bin/tests/system/checkconf/dnssec.4 | 20 +
external/mpl/bind/dist/bin/tests/system/checkconf/good.conf | 1 +
external/mpl/bind/dist/bin/tests/system/checkconf/tests.sh | 142 +-
external/mpl/bind/dist/bin/tests/system/checkds/ns9/setup.sh | 6 +-
external/mpl/bind/dist/bin/tests/system/checkds/tests_checkds.py | 445 ++++++
external/mpl/bind/dist/bin/tests/system/checknames/setup.sh | 2 +
external/mpl/bind/dist/bin/tests/system/checkzone/clean.sh | 3 +
external/mpl/bind/dist/bin/tests/system/checkzone/setup.sh | 4 +
external/mpl/bind/dist/bin/tests/system/checkzone/tests.sh | 2 +
external/mpl/bind/dist/bin/tests/system/checkzone/zones/bad-tsig.db.in | 17 +
external/mpl/bind/dist/bin/tests/system/checkzone/zones/good-svcb.db | 1 +
external/mpl/bind/dist/bin/tests/system/ckdnsrps.sh | 2 +-
external/mpl/bind/dist/bin/tests/system/conf.sh.common | 154 +-
external/mpl/bind/dist/bin/tests/system/conf.sh.in | 189 +-
external/mpl/bind/dist/bin/tests/system/conf.sh.win32 | 170 +-
external/mpl/bind/dist/bin/tests/system/cookie/clean.sh | 2 +
external/mpl/bind/dist/bin/tests/system/coverage/setup.sh | 74 +-
external/mpl/bind/dist/bin/tests/system/dialup/clean.sh | 2 +
external/mpl/bind/dist/bin/tests/system/dialup/ns1/named.conf.in | 40 +
external/mpl/bind/dist/bin/tests/system/dialup/ns2/named.conf.in | 40 +
external/mpl/bind/dist/bin/tests/system/dialup/ns3/named.conf.in | 40 +
external/mpl/bind/dist/bin/tests/system/dialup/tests.sh | 2 +-
external/mpl/bind/dist/bin/tests/system/digdelv/yamlget.py | 1 -
external/mpl/bind/dist/bin/tests/system/dlzexternal/tests.sh | 2 +-
external/mpl/bind/dist/bin/tests/system/dns64/ns1/sign.sh | 4 +-
external/mpl/bind/dist/bin/tests/system/dnssec/clean.sh | 3 +-
external/mpl/bind/dist/bin/tests/system/dnssec/ns4/managed-keys.bind.in | 21 +
external/mpl/bind/dist/bin/tests/system/dnssec/signer/general/Kexample.com.+010+18240.key | 5 +
external/mpl/bind/dist/bin/tests/system/dnssec/signer/general/Kexample.com.+010+18240.private | 13 +
external/mpl/bind/dist/bin/tests/system/dnssec/signer/general/Kexample.com.+010+28633.key | 5 +
external/mpl/bind/dist/bin/tests/system/dnssec/signer/general/Kexample.com.+010+28633.private | 13 +
external/mpl/bind/dist/bin/tests/system/dnssec/signer/general/bogus-ksk.key | 4 +-
external/mpl/bind/dist/bin/tests/system/dnssec/signer/general/bogus-zsk.key | 4 +-
external/mpl/bind/dist/bin/tests/system/dnssec/signer/general/test1.zone | 4 +-
external/mpl/bind/dist/bin/tests/system/dnssec/signer/general/test2.zone | 2 +-
external/mpl/bind/dist/bin/tests/system/dnssec/signer/general/test3.zone | 2 +-
external/mpl/bind/dist/bin/tests/system/dnssec/signer/general/test4.zone | 4 +-
external/mpl/bind/dist/bin/tests/system/dnssec/signer/general/test5.zone | 4 +-
external/mpl/bind/dist/bin/tests/system/dnssec/signer/general/test6.zone | 4 +-
external/mpl/bind/dist/bin/tests/system/dnssec/signer/general/test8.zone | 2 +-
external/mpl/bind/dist/bin/tests/system/dnssec/tests.sh | 105 +-
external/mpl/bind/dist/bin/tests/system/dnstap/prereq.sh | 20 +
external/mpl/bind/dist/bin/tests/system/dnstap/tests.sh | 4 +-
external/mpl/bind/dist/bin/tests/system/dscp/clean.sh | 2 +
external/mpl/bind/dist/bin/tests/system/dscp/tests.sh | 2 +
external/mpl/bind/dist/bin/tests/system/dsdigest/ns1/sign.sh | 4 +-
external/mpl/bind/dist/bin/tests/system/dsdigest/ns2/sign.sh | 8 +-
external/mpl/bind/dist/bin/tests/system/dupsigs/clean.sh | 3 +
external/mpl/bind/dist/bin/tests/system/dupsigs/ns1/named.conf.in | 2 +-
external/mpl/bind/dist/bin/tests/system/dupsigs/ns1/reset_keys.sh | 13 +-
external/mpl/bind/dist/bin/tests/system/dupsigs/ns1/signing.test.db.in | 2 +-
external/mpl/bind/dist/bin/tests/system/dupsigs/setup.sh | 2 +
external/mpl/bind/dist/bin/tests/system/dupsigs/tests.sh | 36 +-
external/mpl/bind/dist/bin/tests/system/emptyzones/clean.sh | 2 +
external/mpl/bind/dist/bin/tests/system/emptyzones/setup.sh | 2 +
external/mpl/bind/dist/bin/tests/system/formerr/clean.sh | 2 +
external/mpl/bind/dist/bin/tests/system/forward/clean.sh | 2 +
external/mpl/bind/dist/bin/tests/system/forward/tests.sh | 6 +-
external/mpl/bind/dist/bin/tests/system/get_algorithms.py | 241 +++
external/mpl/bind/dist/bin/tests/system/idna/tests.sh | 2 +
external/mpl/bind/dist/bin/tests/system/inline/clean.sh | 2 +
external/mpl/bind/dist/bin/tests/system/inline/ns1/sign.sh | 4 +-
external/mpl/bind/dist/bin/tests/system/inline/ns3/sign.sh | 78 +-
external/mpl/bind/dist/bin/tests/system/inline/ns7/sign.sh | 6 +-
external/mpl/bind/dist/bin/tests/system/inline/ns8/sign.sh | 8 +-
external/mpl/bind/dist/bin/tests/system/inline/setup.sh | 2 +
external/mpl/bind/dist/bin/tests/system/inline/tests.sh | 461 +++---
external/mpl/bind/dist/bin/tests/system/ixfr/tests.sh | 4 +
external/mpl/bind/dist/bin/tests/system/journal/clean.sh | 2 +
external/mpl/bind/dist/bin/tests/system/kasp.sh | 8 +-
external/mpl/bind/dist/bin/tests/system/kasp/clean.sh | 3 +-
external/mpl/bind/dist/bin/tests/system/kasp/kasp.conf | 4 +-
external/mpl/bind/dist/bin/tests/system/kasp/ns3/named-fips.conf.in | 508 +++++++
external/mpl/bind/dist/bin/tests/system/kasp/ns3/named.conf.in | 494 +-------
external/mpl/bind/dist/bin/tests/system/kasp/ns3/policies/kasp-fips.conf.in | 118 +
external/mpl/bind/dist/bin/tests/system/kasp/ns3/policies/kasp.conf.in | 106 +-
external/mpl/bind/dist/bin/tests/system/kasp/ns3/setup.sh | 155 +-
external/mpl/bind/dist/bin/tests/system/kasp/ns4/named.conf.in | 6 +-
external/mpl/bind/dist/bin/tests/system/kasp/ns6/named.conf.in | 10 +-
external/mpl/bind/dist/bin/tests/system/kasp/ns6/named2.conf.in | 9 +
external/mpl/bind/dist/bin/tests/system/kasp/ns6/policies/csk1.conf.in | 2 +-
external/mpl/bind/dist/bin/tests/system/kasp/ns6/policies/kasp-fips.conf.in | 63 +
external/mpl/bind/dist/bin/tests/system/kasp/ns6/policies/kasp.conf.in | 28 +-
external/mpl/bind/dist/bin/tests/system/kasp/ns6/setup.sh | 96 +-
external/mpl/bind/dist/bin/tests/system/kasp/setup.sh | 18 +-
external/mpl/bind/dist/bin/tests/system/kasp/tests.sh | 259 ++-
external/mpl/bind/dist/bin/tests/system/keepalive/clean.sh | 2 +
external/mpl/bind/dist/bin/tests/system/keymgr/18-nonstd-prepub/policy.conf.in | 20 +
external/mpl/bind/dist/bin/tests/system/keymgr/19-old-keys/policy.conf.in | 20 +
external/mpl/bind/dist/bin/tests/system/keymgr/clean.sh | 3 +
external/mpl/bind/dist/bin/tests/system/keymgr/policy.conf.in | 23 +
external/mpl/bind/dist/bin/tests/system/keymgr/setup.sh | 98 +-
external/mpl/bind/dist/bin/tests/system/keymgr2kasp/clean.sh | 1 +
external/mpl/bind/dist/bin/tests/system/keymgr2kasp/ns3/kasp.conf.in | 8 +-
external/mpl/bind/dist/bin/tests/system/keymgr2kasp/ns3/setup.sh | 14 +-
external/mpl/bind/dist/bin/tests/system/keymgr2kasp/ns4/named.conf.in | 4 +-
external/mpl/bind/dist/bin/tests/system/keymgr2kasp/ns4/named2.conf.in | 6 +-
external/mpl/bind/dist/bin/tests/system/keymgr2kasp/ns4/setup.sh | 2 +-
external/mpl/bind/dist/bin/tests/system/keymgr2kasp/tests.sh | 28 +-
external/mpl/bind/dist/bin/tests/system/legacy/clean.sh | 2 +
external/mpl/bind/dist/bin/tests/system/legacy/tests.sh | 4 +-
external/mpl/bind/dist/bin/tests/system/logfileconfig/tests.sh | 4 +-
external/mpl/bind/dist/bin/tests/system/masterformat/tests.sh | 6 +-
external/mpl/bind/dist/bin/tests/system/metadata/setup.sh | 22 +-
external/mpl/bind/dist/bin/tests/system/metadata/tests.sh | 110 +-
external/mpl/bind/dist/bin/tests/system/mirror/clean.sh | 2 +
external/mpl/bind/dist/bin/tests/system/mirror/ns1/sign.sh | 4 +-
external/mpl/bind/dist/bin/tests/system/mirror/ns2/sign.sh | 16 +-
external/mpl/bind/dist/bin/tests/system/mirror/tests.sh | 146 +-
external/mpl/bind/dist/bin/tests/system/mkeys/clean.sh | 1 +
external/mpl/bind/dist/bin/tests/system/mkeys/ns1/sign.sh | 37 +-
external/mpl/bind/dist/bin/tests/system/mkeys/ns3/named.conf.in | 5 +-
external/mpl/bind/dist/bin/tests/system/mkeys/ns6/setup.sh | 8 +-
external/mpl/bind/dist/bin/tests/system/mkeys/setup.sh | 8 +
external/mpl/bind/dist/bin/tests/system/mkeys/tests.sh | 45 +-
external/mpl/bind/dist/bin/tests/system/names/setup.sh | 2 +
external/mpl/bind/dist/bin/tests/system/notify/tests.sh | 4 +-
external/mpl/bind/dist/bin/tests/system/nsec3/clean.sh | 2 +-
external/mpl/bind/dist/bin/tests/system/nsec3/ns2/named.conf.in | 46 +
external/mpl/bind/dist/bin/tests/system/nsec3/ns2/setup.sh | 22 +
external/mpl/bind/dist/bin/tests/system/nsec3/ns2/template.db.in | 28 +
external/mpl/bind/dist/bin/tests/system/nsec3/ns3/named.conf.in | 32 +
external/mpl/bind/dist/bin/tests/system/nsec3/ns3/named2.conf.in | 17 +
external/mpl/bind/dist/bin/tests/system/nsec3/ns3/setup.sh | 4 +-
external/mpl/bind/dist/bin/tests/system/nsec3/setup.sh | 6 +-
external/mpl/bind/dist/bin/tests/system/nsec3/tests.sh | 54 +-
external/mpl/bind/dist/bin/tests/system/nslookup/clean.sh | 2 +
external/mpl/bind/dist/bin/tests/system/nsupdate/krb/setup.sh | 2 +
external/mpl/bind/dist/bin/tests/system/nsupdate/ns1/named.conf.in | 2 +
external/mpl/bind/dist/bin/tests/system/nsupdate/ns3/sign.sh | 12 +-
external/mpl/bind/dist/bin/tests/system/nsupdate/tests.sh | 246 ++-
external/mpl/bind/dist/bin/tests/system/nzd2nzf/prereq.sh | 2 +-
external/mpl/bind/dist/bin/tests/system/nzd2nzf/tests.sh | 9 +-
external/mpl/bind/dist/bin/tests/system/padding/clean.sh | 2 +
external/mpl/bind/dist/bin/tests/system/pending/ns1/sign.sh | 4 +-
external/mpl/bind/dist/bin/tests/system/pending/ns2/sign.sh | 4 +-
external/mpl/bind/dist/bin/tests/system/pytest_custom_markers.py | 21 +
external/mpl/bind/dist/bin/tests/system/qmin/ans3/ans.py | 1 +
external/mpl/bind/dist/bin/tests/system/redirect/ns1/sign.sh | 8 +-
external/mpl/bind/dist/bin/tests/system/redirect/ns3/sign.sh | 8 +-
external/mpl/bind/dist/bin/tests/system/redirect/ns5/sign.sh | 8 +-
external/mpl/bind/dist/bin/tests/system/resolver/ans2/ans.pl | 9 +
external/mpl/bind/dist/bin/tests/system/resolver/ans3/ans.pl | 71 +-
external/mpl/bind/dist/bin/tests/system/resolver/ns1/named.conf.in | 13 +
external/mpl/bind/dist/bin/tests/system/resolver/ns4/named.conf.in | 5 +
external/mpl/bind/dist/bin/tests/system/resolver/ns4/tld1.db | 3 +
external/mpl/bind/dist/bin/tests/system/resolver/ns4/tld2.db | 7 +-
external/mpl/bind/dist/bin/tests/system/resolver/ns4/v4only.net.db | 22 +
external/mpl/bind/dist/bin/tests/system/resolver/ns6/keygen.sh | 11 +-
external/mpl/bind/dist/bin/tests/system/resolver/ns6/named.conf.in | 12 +-
external/mpl/bind/dist/bin/tests/system/resolver/ns6/redirect.com.db | 27 +
external/mpl/bind/dist/bin/tests/system/resolver/ns6/root.db | 3 +
external/mpl/bind/dist/bin/tests/system/resolver/ns6/tld1.db | 17 +
external/mpl/bind/dist/bin/tests/system/resolver/ns7/named1.conf.in | 12 +-
external/mpl/bind/dist/bin/tests/system/resolver/ns7/named2.conf.in | 12 +-
external/mpl/bind/dist/bin/tests/system/resolver/ns7/sub.tld1.db | 17 +
external/mpl/bind/dist/bin/tests/system/resolver/ns7/tld2.db | 18 +
external/mpl/bind/dist/bin/tests/system/resolver/ns9/named.args | 2 +
external/mpl/bind/dist/bin/tests/system/resolver/ns9/named.conf.in | 39 +
external/mpl/bind/dist/bin/tests/system/resolver/ns9/root.hint | 15 +
external/mpl/bind/dist/bin/tests/system/resolver/setup.sh | 1 +
external/mpl/bind/dist/bin/tests/system/resolver/tests.sh | 665 +++++----
external/mpl/bind/dist/bin/tests/system/rndc/ns7/named.conf.in | 4 +-
external/mpl/bind/dist/bin/tests/system/rndc/setup.sh | 2 +-
external/mpl/bind/dist/bin/tests/system/rndc/tests.sh | 18 +-
external/mpl/bind/dist/bin/tests/system/rootkeysentinel/ns1/sign.sh | 4 +-
external/mpl/bind/dist/bin/tests/system/rootkeysentinel/ns2/sign.sh | 14 +-
external/mpl/bind/dist/bin/tests/system/rpz/clean.sh | 4 +-
external/mpl/bind/dist/bin/tests/system/rpz/ns2/base-tld2s.db | 1 +
external/mpl/bind/dist/bin/tests/system/rpz/ns2/tld2.db | 3 +
external/mpl/bind/dist/bin/tests/system/rpz/ns6/bl.tld2s.db.in | 20 +
external/mpl/bind/dist/bin/tests/system/rpz/ns6/named.conf.in | 6 +
external/mpl/bind/dist/bin/tests/system/rpz/qperf.sh | 2 +-
external/mpl/bind/dist/bin/tests/system/rpz/setup.sh | 13 +-
external/mpl/bind/dist/bin/tests/system/rpz/tests.sh | 38 +-
external/mpl/bind/dist/bin/tests/system/rpzrecurse/clean.sh | 2 +
external/mpl/bind/dist/bin/tests/system/rpzrecurse/tests.sh | 10 +-
external/mpl/bind/dist/bin/tests/system/rrchecker/clean.sh | 2 +
external/mpl/bind/dist/bin/tests/system/rrl/broken.conf.in | 46 +
external/mpl/bind/dist/bin/tests/system/rrl/clean.sh | 3 +
external/mpl/bind/dist/bin/tests/system/rrl/setup.sh | 1 +
external/mpl/bind/dist/bin/tests/system/rrl/tests.sh | 14 +-
external/mpl/bind/dist/bin/tests/system/rrsetorder/tests.sh | 4 +-
external/mpl/bind/dist/bin/tests/system/rsabigexponent/README.md | 8 +
external/mpl/bind/dist/bin/tests/system/rsabigexponent/ns1/sign.sh | 2 +-
external/mpl/bind/dist/bin/tests/system/rsabigexponent/ns2/Xexample.+008+51650.key | 5 +
external/mpl/bind/dist/bin/tests/system/rsabigexponent/ns2/Xexample.+008+51650.private | 13 +
external/mpl/bind/dist/bin/tests/system/rsabigexponent/ns2/Xexample.+008+52810.key | 2 +
external/mpl/bind/dist/bin/tests/system/rsabigexponent/ns2/Xexample.+008+52810.private | 10 +
external/mpl/bind/dist/bin/tests/system/rsabigexponent/ns2/dsset-example.in | 3 +-
external/mpl/bind/dist/bin/tests/system/rsabigexponent/ns2/example.db.bad | 226 ++-
external/mpl/bind/dist/bin/tests/system/rsabigexponent/ns2/sign.sh | 6 +-
external/mpl/bind/dist/bin/tests/system/run.sh | 2 +-
external/mpl/bind/dist/bin/tests/system/serve-stale/ans2/ans.pl | 24 +
external/mpl/bind/dist/bin/tests/system/serve-stale/clean.sh | 2 +
external/mpl/bind/dist/bin/tests/system/serve-stale/ns1/named3.conf.in | 5 +
external/mpl/bind/dist/bin/tests/system/serve-stale/ns1/stale.test.db | 19 +
external/mpl/bind/dist/bin/tests/system/serve-stale/ns3/named6.conf.in | 4 -
external/mpl/bind/dist/bin/tests/system/serve-stale/tests.sh | 379 ++++-
external/mpl/bind/dist/bin/tests/system/shutdown/clean.sh | 2 +
external/mpl/bind/dist/bin/tests/system/shutdown/setup.sh | 2 +-
external/mpl/bind/dist/bin/tests/system/shutdown/tests_shutdown.py | 207 +++
external/mpl/bind/dist/bin/tests/system/smartsign/tests.sh | 76 +-
external/mpl/bind/dist/bin/tests/system/sortlist/tests.sh | 8 +-
external/mpl/bind/dist/bin/tests/system/spf/clean.sh | 2 +
external/mpl/bind/dist/bin/tests/system/start.pl | 40 +-
external/mpl/bind/dist/bin/tests/system/staticstub/ns3/sign.sh | 8 +-
external/mpl/bind/dist/bin/tests/system/staticstub/ns4/sign.sh | 4 +-
external/mpl/bind/dist/bin/tests/system/statschannel/tests.sh | 51 +-
external/mpl/bind/dist/bin/tests/system/statschannel/tests_json.py | 108 +
external/mpl/bind/dist/bin/tests/system/statschannel/tests_xml.py | 137 ++
external/mpl/bind/dist/bin/tests/system/stop.pl | 4 +
external/mpl/bind/dist/bin/tests/system/stress/clean.sh | 3 +
external/mpl/bind/dist/bin/tests/system/stress/ns1/named.conf.in | 32 +
external/mpl/bind/dist/bin/tests/system/stress/ns2/named.conf.in | 34 +
external/mpl/bind/dist/bin/tests/system/stress/ns3/named.conf.in | 50 +
external/mpl/bind/dist/bin/tests/system/stress/ns4/named.conf.in | 35 +
external/mpl/bind/dist/bin/tests/system/stress/setup.sh | 5 +
external/mpl/bind/dist/bin/tests/system/stress/tests.sh | 8 +-
external/mpl/bind/dist/bin/tests/system/stub/tests.sh | 4 +-
external/mpl/bind/dist/bin/tests/system/synthfromdnssec/ns1/sign.sh | 4 +-
external/mpl/bind/dist/bin/tests/system/synthfromdnssec/ns4/named.conf.in | 1 -
external/mpl/bind/dist/bin/tests/system/system-test-driver.sh | 5 +-
external/mpl/bind/dist/bin/tests/system/tcp/tests_tcp.py | 72 +
external/mpl/bind/dist/bin/tests/system/testcrypto.sh | 100 +-
external/mpl/bind/dist/bin/tests/system/timeouts/tests_tcp_timeouts.py | 283 ++++
external/mpl/bind/dist/bin/tests/system/tsiggss/tests.sh | 2 +-
external/mpl/bind/dist/bin/tests/system/unknown/ns3/sign.sh | 4 +-
external/mpl/bind/dist/bin/tests/system/unknown/setup.sh | 2 +
external/mpl/bind/dist/bin/tests/system/unknown/tests.sh | 8 +-
external/mpl/bind/dist/bin/tests/system/upforwd/clean.sh | 2 +
external/mpl/bind/dist/bin/tests/system/upforwd/ns3/named1.conf.in | 63 +
external/mpl/bind/dist/bin/tests/system/upforwd/ns3/named2.conf.in | 41 +
external/mpl/bind/dist/bin/tests/system/upforwd/setup.sh | 4 +-
external/mpl/bind/dist/bin/tests/system/upforwd/tests.sh | 39 +
external/mpl/bind/dist/bin/tests/system/verify/clean.sh | 2 +
external/mpl/bind/dist/bin/tests/system/verify/tests.sh | 2 +
external/mpl/bind/dist/bin/tests/system/verify/zones/genzones.sh | 109 +-
external/mpl/bind/dist/bin/tests/system/views/setup.sh | 12 +-
external/mpl/bind/dist/bin/tests/system/wildcard/ns1/sign.sh | 20 +-
external/mpl/bind/dist/bin/tests/system/wildcard/tests.sh | 2 +-
external/mpl/bind/dist/bin/tests/system/wildcard/tests_wildcard.py | 112 +
external/mpl/bind/dist/bin/tests/system/xfer/tests.sh | 4 +-
external/mpl/bind/dist/bin/tests/system/zero/clean.sh | 2 +
external/mpl/bind/dist/bin/tests/system/zero/setup.sh | 2 +
external/mpl/bind/dist/bin/tests/system/zonechecks/setup.sh | 4 +-
external/mpl/bind/dist/configure.ac | 2 +-
external/mpl/bind/dist/contrib/dlz/modules/perl/Makefile | 4 +
external/mpl/bind/dist/dangerfile.py | 124 +-
external/mpl/bind/dist/doc/arm/conf.py | 4 +-
external/mpl/bind/dist/doc/arm/dnssec.inc.rst | 9 +-
external/mpl/bind/dist/doc/arm/notes.rst | 6 +
external/mpl/bind/dist/doc/arm/platforms.rst | 6 +-
external/mpl/bind/dist/doc/arm/reference.rst | 55 +-
external/mpl/bind/dist/doc/arm/requirements.txt | 2 +-
external/mpl/bind/dist/doc/dnssec-guide/introduction.rst | 2 +-
external/mpl/bind/dist/doc/dnssec-guide/recipes.rst | 4 +
external/mpl/bind/dist/doc/dnssec-guide/signing.rst | 19 +-
external/mpl/bind/dist/doc/man/Makefile.in | 3 +-
external/mpl/bind/dist/doc/man/arpaname.1in | 2 +-
external/mpl/bind/dist/doc/man/conf.py | 1 -
external/mpl/bind/dist/doc/man/ddns-confgen.8in | 2 +-
external/mpl/bind/dist/doc/man/delv.1in | 2 +-
external/mpl/bind/dist/doc/man/dig.1in | 10 +-
external/mpl/bind/dist/doc/man/dnssec-cds.8in | 2 +-
external/mpl/bind/dist/doc/man/dnssec-checkds.8in | 2 +-
external/mpl/bind/dist/doc/man/dnssec-coverage.8in | 2 +-
external/mpl/bind/dist/doc/man/dnssec-dsfromkey.8in | 2 +-
external/mpl/bind/dist/doc/man/dnssec-importkey.8in | 2 +-
external/mpl/bind/dist/doc/man/dnssec-keyfromlabel.8in | 2 +-
external/mpl/bind/dist/doc/man/dnssec-keygen.8in | 2 +-
external/mpl/bind/dist/doc/man/dnssec-keymgr.8in | 2 +-
external/mpl/bind/dist/doc/man/dnssec-revoke.8in | 2 +-
external/mpl/bind/dist/doc/man/dnssec-settime.8in | 2 +-
external/mpl/bind/dist/doc/man/dnssec-signzone.8in | 2 +-
external/mpl/bind/dist/doc/man/dnssec-verify.8in | 2 +-
external/mpl/bind/dist/doc/man/dnstap-read.1in | 2 +-
external/mpl/bind/dist/doc/man/filter-aaaa.8in | 2 +-
external/mpl/bind/dist/doc/man/host.1in | 2 +-
external/mpl/bind/dist/doc/man/mdig.1in | 2 +-
external/mpl/bind/dist/doc/man/named-checkconf.8in | 2 +-
external/mpl/bind/dist/doc/man/named-checkzone.8in | 2 +-
external/mpl/bind/dist/doc/man/named-compilezone.8in | 2 +-
external/mpl/bind/dist/doc/man/named-journalprint.8in | 2 +-
external/mpl/bind/dist/doc/man/named-nzd2nzf.8in | 2 +-
external/mpl/bind/dist/doc/man/named-rrchecker.1in | 2 +-
external/mpl/bind/dist/doc/man/named.8in | 18 +-
external/mpl/bind/dist/doc/man/named.conf.5in | 15 +-
external/mpl/bind/dist/doc/man/nsec3hash.8in | 2 +-
external/mpl/bind/dist/doc/man/nslookup.1in | 2 +-
external/mpl/bind/dist/doc/man/nsupdate.1in | 9 +-
external/mpl/bind/dist/doc/man/pkcs11-destroy.8in | 2 +-
external/mpl/bind/dist/doc/man/pkcs11-keygen.8in | 2 +-
external/mpl/bind/dist/doc/man/pkcs11-list.8in | 2 +-
external/mpl/bind/dist/doc/man/pkcs11-tokens.8in | 2 +-
external/mpl/bind/dist/doc/man/rndc-confgen.8in | 2 +-
external/mpl/bind/dist/doc/man/rndc.8in | 2 +-
external/mpl/bind/dist/doc/man/rndc.conf.5in | 2 +-
external/mpl/bind/dist/doc/man/tsig-keygen.8in | 2 +-
external/mpl/bind/dist/doc/misc/master.zoneopt | 4 +-
external/mpl/bind/dist/doc/misc/master.zoneopt.rst | 4 +-
external/mpl/bind/dist/doc/misc/options | 15 +-
external/mpl/bind/dist/doc/misc/options.active | 15 +-
external/mpl/bind/dist/doc/misc/options.grammar.rst | 3 +-
external/mpl/bind/dist/doc/misc/slave.zoneopt | 2 +-
external/mpl/bind/dist/doc/misc/slave.zoneopt.rst | 2 +-
external/mpl/bind/dist/doc/notes/notes-9.16.0.rst | 6 +-
external/mpl/bind/dist/doc/notes/notes-9.16.1.rst | 3 +
external/mpl/bind/dist/doc/notes/notes-9.16.10.rst | 7 +
external/mpl/bind/dist/doc/notes/notes-9.16.11.rst | 7 +
external/mpl/bind/dist/doc/notes/notes-9.16.12.rst | 7 +
external/mpl/bind/dist/doc/notes/notes-9.16.13.rst | 7 +
external/mpl/bind/dist/doc/notes/notes-9.16.15.rst | 7 +
external/mpl/bind/dist/doc/notes/notes-9.16.16.rst | 7 +
external/mpl/bind/dist/doc/notes/notes-9.16.17.rst | 7 +
external/mpl/bind/dist/doc/notes/notes-9.16.18.rst | 7 +
external/mpl/bind/dist/doc/notes/notes-9.16.19.rst | 7 +
external/mpl/bind/dist/doc/notes/notes-9.16.2.rst | 5 +-
external/mpl/bind/dist/doc/notes/notes-9.16.20.rst | 7 +
external/mpl/bind/dist/doc/notes/notes-9.16.21.rst | 7 +
external/mpl/bind/dist/doc/notes/notes-9.16.22.rst | 7 +
external/mpl/bind/dist/doc/notes/notes-9.16.23.rst | 7 +
external/mpl/bind/dist/doc/notes/notes-9.16.24.rst | 7 +
external/mpl/bind/dist/doc/notes/notes-9.16.25.rst | 7 +
external/mpl/bind/dist/doc/notes/notes-9.16.26.rst | 7 +
external/mpl/bind/dist/doc/notes/notes-9.16.27.rst | 7 +
external/mpl/bind/dist/doc/notes/notes-9.16.28.rst | 7 +
external/mpl/bind/dist/doc/notes/notes-9.16.29.rst | 7 +
external/mpl/bind/dist/doc/notes/notes-9.16.3.rst | 3 +
external/mpl/bind/dist/doc/notes/notes-9.16.30.rst | 7 +
external/mpl/bind/dist/doc/notes/notes-9.16.31.rst | 7 +
external/mpl/bind/dist/doc/notes/notes-9.16.32.rst | 7 +
external/mpl/bind/dist/doc/notes/notes-9.16.33.rst | 7 +
external/mpl/bind/dist/doc/notes/notes-9.16.34.rst | 46 +
external/mpl/bind/dist/doc/notes/notes-9.16.35.rst | 56 +
external/mpl/bind/dist/doc/notes/notes-9.16.36.rst | 49 +
external/mpl/bind/dist/doc/notes/notes-9.16.37.rst | 80 +
external/mpl/bind/dist/doc/notes/notes-9.16.4.rst | 13 +-
external/mpl/bind/dist/doc/notes/notes-9.16.5.rst | 7 +
external/mpl/bind/dist/doc/notes/notes-9.16.6.rst | 7 +
external/mpl/bind/dist/doc/notes/notes-9.16.7.rst | 7 +
external/mpl/bind/dist/doc/notes/notes-9.16.8.rst | 7 +
external/mpl/bind/dist/doc/notes/notes-9.16.9.rst | 7 +
external/mpl/bind/dist/doc/notes/notes-known-issues.rst | 46 +
external/mpl/bind/dist/lib/dns/tests/Krsa.+008+29238.key | 5 +
external/mpl/bind/dist/lib/isc/win32/libisc.def.in | 1 +
external/mpl/bind/dist/lib/ns/win32/libns.def | 1 +
external/mpl/bind/dist/srcid | 2 +-
external/mpl/bind/dist/version | 2 +-
393 files changed, 8300 insertions(+), 3334 deletions(-)
diffs (truncated from 22576 to 300 lines):
diff -r 361275d19be6 -r 20a7f64cdb69 external/mpl/bind/dist/CHANGES
--- a/external/mpl/bind/dist/CHANGES Wed Jan 25 19:52:14 2023 +0000
+++ b/external/mpl/bind/dist/CHANGES Wed Jan 25 20:36:33 2023 +0000
@@ -1,3 +1,149 @@
+ --- 9.16.37 released ---
+
+6067. [security] Fix serve-stale crash when recursive clients soft quota
+ is reached. (CVE-2022-3924) [GL #3619]
+
+6066. [security] Handle RRSIG lookups when serve-stale is active.
+ (CVE-2022-3736) [GL #3622]
+
+6064. [security] An UPDATE message flood could cause named to exhaust all
+ available memory. This flaw was addressed by adding a
+ new "update-quota" statement that controls the number of
+ simultaneous UPDATE messages that can be processed or
+ forwarded. The default is 100. A stats counter has been
+ added to record events when the update quota is
+ exceeded, and the XML and JSON statistics version
+ numbers have been updated. (CVE-2022-3094) [GL #3523]
+
+6062. [func] The DSCP implementation, which has only been
+ partly operational since 9.16.0, is now marked as
+ deprecated. Configuring DSCP values in named.conf
+ will cause a warning will be logged. [GL #3773]
+
+6060. [bug] Fix a use-after-free bug in dns_zonemgr_releasezone()
+ by detaching from the zone manager outside of the write
+ lock. [GL #3768]
+
+6059. [bug] In some serve stale scenarios, like when following an
+ expired CNAME record, named could return SERVFAIL if the
+ previous request wasn't successful. Consider non-stale
+ data when in serve-stale mode. [GL #3678]
+
+6058. [bug] Prevent named from crashing when "rndc delzone"
+ attempts to delete a zone added by a catalog zone.
+ [GL #3745]
+
+6050. [bug] Changes to the RPZ response-policy min-update-interval
+ and add-soa options now take effect as expected when
+ named is reconfigured. [GL #3740]
+
+6048. [bug] Fix a log message error in dns_catz_update_from_db(),
+ where serials with values of 2^31 or larger were logged
+ incorrectly as negative numbers. [GL #3742]
+
+6045. [cleanup] The list of supported DNSSEC algorithms changed log
+ level from "warning" to "notice" to match named's other
+ startup messages. [GL !7217]
+
+6044. [bug] There was an "RSASHA236" typo in a log message.
+ [GL !7206]
+
+ --- 9.16.36 released ---
+
+6043. [bug] The key file IO locks objects would never get
+ deleted from the hashtable due to off-by-one error.
+ [GL #3727]
+
+6042. [bug] ANY responses could sometimes have the wrong TTL.
+ [GL #3613]
+
+6040. [bug] Speed up the named shutdown time by explicitly
+ canceling all recursing ns_client objects for
+ each ns_clientmgr. [GL #3183]
+
+6039. [bug] Removing a catalog zone from catalog-zones without
+ also removing the referenced zone could leave a
+ dangling pointer. [GL #3683]
+
+6031. [bug] Move the "final reference detached" log message
+ from dns_zone unit to the DEBUG(1) log level.
+ [GL #3707]
+
+6024. [func] Deprecate 'auto-dnssec'. [GL #3667]
+
+6021. [bug] Use the current domain name when checking answers from
+ a dual-stack-server. [GL #3607]
+
+6020. [bug] Ensure 'named-checkconf -z' respects the check-wildcard
+ option when loading a zone. [GL #1905]
+
+6017. [bug] The view's zone table was not locked when it should
+ have been leading to race conditions when external
+ extensions that manipulate the zone table where in
+ use. [GL #3468]
+
+ --- 9.16.35 released ---
+
+6013. [bug] Fix a crash that could happen when you change
+ a dnssec-policy zone with NSEC3 to start using
+ inline-signing. [GL #3591]
+
+6009. [bug] Don't trust a placeholder KEYDATA from the managed-keys
+ zone by adding it into secroots. [GL #2895]
+
+6008. [bug] Fixed a race condition that could cause a crash
+ in dns_zone_synckeyzone(). [GL #3617]
+
+6002. [bug] Fix a resolver prefetch bug when the record's TTL value
+ is equal to the configured prefetch eligibility value,
+ but the record was erroneously not treated as eligible
+ for prefetching. [GL #3603]
+
+6001. [bug] Always call dns_adb_endudpfetch() after calling
+ dns_adb_beginudpfetch() for UDP queries in resolver.c,
+ in order to adjust back the quota. [GL #3598]
+
+6000. [bug] Fix a startup issue on Solaris systems with many
+ (reportedly > 510) CPUs. Thanks to Stacey Marshall from
+ Oracle for deep investigation of the problem. [GL #3563]
+
+5999. [bug] rpz-ip rules could be ineffective in some scenarios
+ with CD=1 queries. [GL #3247]
+
+5998. [bug] The RecursClients statistics counter could overflow
+ in certain resolution scenarios. [GL #3584]
+
+5996. [bug] Fix a couple of bugs in cfg_print_duration(), which
+ could result in generating incomplete duration values
+ when printing the configuration using named-checkconf.
+ [GL !6880]
+
+ --- 9.16.34 released ---
+
+5991. [protocol] Add support for parsing and validating "dohpath" to
+ SVCB. [GL #3544]
+
+5988. [bug] Some out of memory conditions in opensslrsa_link.c
+ could lead to memory leaks. [GL #3551]
+
+5984. [func] 'named -V' now reports the list of supported
+ DNSSEC/DS/HMAC algorithms and the supported TKEY modes.
+ [GL #3541]
+
+5983. [bug] Changing just the TSIG key names for primaries in
+ catalog zones' member zones was not effective.
+ [GL #3557]
+
+5973. [bug] Fixed a possible invalid detach in UPDATE
+ processing. [GL #3522]
+
+5963. [bug] Ensure struct named_server is properly initialized.
+ [GL #6531]
+
+5921. [test] Convert system tests to use a default DNSKEY algorithm
+ where the test is not DNSKEY algorithm specific.
+ [GL #3440]
+
--- 9.16.33 released ---
5962. [security] Fix memory leak in EdDSA verify processing.
diff -r 361275d19be6 -r 20a7f64cdb69 external/mpl/bind/dist/COPYRIGHT
--- a/external/mpl/bind/dist/COPYRIGHT Wed Jan 25 19:52:14 2023 +0000
+++ b/external/mpl/bind/dist/COPYRIGHT Wed Jan 25 20:36:33 2023 +0000
@@ -1,4 +1,4 @@
-Copyright (C) 1996-2022 Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 1996-2023 Internet Systems Consortium, Inc. ("ISC")
This Source Code Form is subject to the terms of the Mozilla Public
License, v. 2.0. If a copy of the MPL was not distributed with this
diff -r 361275d19be6 -r 20a7f64cdb69 external/mpl/bind/dist/bin/dig/dig.rst
--- a/external/mpl/bind/dist/bin/dig/dig.rst Wed Jan 25 19:52:14 2023 +0000
+++ b/external/mpl/bind/dist/bin/dig/dig.rst Wed Jan 25 20:36:33 2023 +0000
@@ -495,9 +495,11 @@
``+notcflag``. This bit is ignored by the server for QUERY.
``+[no]tcp``
- This option uses [or does not use] TCP when querying name servers. The default behavior
- is to use UDP unless a type ``any`` or ``ixfr=N`` query is requested,
- in which case the default is TCP. AXFR queries always use TCP.
+ This option uses [or does not use] TCP when querying name servers.
+ The default behavior is to use UDP unless a type ``any`` or
+ ``ixfr=N`` query is requested, in which case the default is TCP.
+ AXFR queries always use TCP. To prevent retry over TCP when TC=1
+ is returned from a UDP query, use ``+ignore``.
``+timeout=T``
This option sets the timeout for a query to ``T`` seconds. The default timeout is
diff -r 361275d19be6 -r 20a7f64cdb69 external/mpl/bind/dist/bin/named/bind9.xsl
--- a/external/mpl/bind/dist/bin/named/bind9.xsl Wed Jan 25 19:52:14 2023 +0000
+++ b/external/mpl/bind/dist/bin/named/bind9.xsl Wed Jan 25 20:36:33 2023 +0000
@@ -2,7 +2,9 @@
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"; xmlns="http://www.w3.org/1999/xhtml"; version="1.0">
<xsl:output method="html" indent="yes" version="4.0"/>
- <xsl:template match="statistics[@version="3.11"]">
+ <!-- the version number **below** must match version in bin/named/statschannel.c -->
+ <!-- don't forget to update "/xml/v<STATS_XML_VERSION_MAJOR>" in the HTTP endpoints listed below -->
+ <xsl:template match="statistics[@version="3.11.1"]">
<html>
<head>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js";></script>
diff -r 361275d19be6 -r 20a7f64cdb69 external/mpl/bind/dist/bin/named/named.conf.rst
--- a/external/mpl/bind/dist/bin/named/named.conf.rst Wed Jan 25 19:52:14 2023 +0000
+++ b/external/mpl/bind/dist/bin/named/named.conf.rst Wed Jan 25 20:36:33 2023 +0000
@@ -179,7 +179,7 @@
answer-cookie boolean;
attach-cache string;
auth-nxdomain boolean; // default changed
- auto-dnssec ( allow | maintain | off );
+ auto-dnssec ( allow | maintain | off );// deprecated
automatic-interface-scan boolean;
avoid-v4-udp-ports { portrange; ... };
avoid-v6-udp-ports { portrange; ... };
@@ -446,6 +446,7 @@
trust-anchor-telemetry boolean; // experimental
try-tcp-refresh boolean;
update-check-ksk boolean;
+ update-quota integer;
use-alt-transfer-source boolean;
use-v4-udp-ports { portrange; ... };
use-v6-udp-ports { portrange; ... };
@@ -584,7 +585,7 @@
* ) ] [ dscp integer ];
attach-cache string;
auth-nxdomain boolean; // default changed
- auto-dnssec ( allow | maintain | off );
+ auto-dnssec ( allow | maintain | off );// deprecated
cache-file quoted_string;// deprecated
catalog-zones { zone string [ default-masters [ port integer ]
[ dscp integer ] { ( remote-servers | ipv4_address [ port
@@ -859,7 +860,7 @@
integer | * ) ] [ dscp integer ];
alt-transfer-source-v6 ( ipv6_address | * ) [ port (
integer | * ) ] [ dscp integer ];
- auto-dnssec ( allow | maintain | off );
+ auto-dnssec ( allow | maintain | off );// deprecated
check-dup-records ( fail | warn | ignore );
check-integrity boolean;
check-mx ( fail | warn | ignore );
@@ -950,7 +951,7 @@
6to4-self | external | krb5-self | krb5-selfsub |
krb5-subdomain | ms-self | ms-selfsub | ms-subdomain |
name | self | selfsub | selfwild | subdomain | tcp-self
- | wildcard | zonesub ) [ string ] rrtypelist; ... };
+ | wildcard | zonesub ) [ string ] rrtypelist; ... } );
use-alt-transfer-source boolean;
zero-no-soa-ttl boolean;
zone-statistics ( full | terse | none | boolean );
@@ -977,7 +978,7 @@
] [ dscp integer ];
alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
* ) ] [ dscp integer ];
- auto-dnssec ( allow | maintain | off );
+ auto-dnssec ( allow | maintain | off );// deprecated
check-dup-records ( fail | warn | ignore );
check-integrity boolean;
check-mx ( fail | warn | ignore );
@@ -1063,7 +1064,7 @@
external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self
| ms-selfsub | ms-subdomain | name | self | selfsub | selfwild
| subdomain | tcp-self | wildcard | zonesub ) [ string ]
- rrtypelist; ... };
+ rrtypelist; ... } );
use-alt-transfer-source boolean;
zero-no-soa-ttl boolean;
zone-statistics ( full | terse | none | boolean );
diff -r 361275d19be6 -r 20a7f64cdb69 external/mpl/bind/dist/bin/named/named.rst
--- a/external/mpl/bind/dist/bin/named/named.rst Wed Jan 25 19:52:14 2023 +0000
+++ b/external/mpl/bind/dist/bin/named/named.rst Wed Jan 25 20:36:33 2023 +0000
@@ -111,10 +111,15 @@
``ISC_MEM_DEBUGXXXX`` flags described in ``<isc/mem.h>``.
``-n #cpus``
- This option creates ``#cpus`` worker threads to take advantage of multiple CPUs. If
- not specified, ``named`` tries to determine the number of CPUs
- present and creates one thread per CPU. If it is unable to determine
- the number of CPUs, a single worker thread is created.
+ This option controls the number of CPUs that ``named`` assumes the
+ presence of. If not specified, ``named`` tries to determine the
+ number of CPUs present automatically; if it fails, a single CPU is
+ assumed to be present.
+
+ ``named`` creates two threads per each CPU present (one thread for
+ receiving and sending client traffic and another thread for sending
+ and receiving resolver traffic) and then on top of that a single
+ thread for handling time-based events.
``-p port``
This option listens for queries on ``port``. If not specified, the default is
@@ -185,7 +190,8 @@
This option reports the version number and exits.
``-V``
- This option reports the version number and build options, and exits.
+ This option reports the version number, build options, supported
+ cryptographics algorithms, and exits.
``-X lock-file``
This option acquires a lock on the specified file at runtime; this helps to
diff -r 361275d19be6 -r 20a7f64cdb69 external/mpl/bind/dist/bin/nsupdate/nsupdate.rst
--- a/external/mpl/bind/dist/bin/nsupdate/nsupdate.rst Wed Jan 25 19:52:14 2023 +0000
+++ b/external/mpl/bind/dist/bin/nsupdate/nsupdate.rst Wed Jan 25 20:36:33 2023 +0000
@@ -186,6 +186,8 @@
update requests are sent. If no port number is specified, the default
DNS port number of 53 is used.
+ .. note:: This command has no effect when GSS-TSIG is in use.
Home |
Main Index |
Thread Index |
Old Index