Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.23 / (download) - annotate - [select for diffs], Mon Nov 22 20:18:27 2021 UTC (2 years, 5 months ago) by jca
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
HEAD
Changes since 1.22: +2 -1 lines
Diff to previous 1.22 (colored)
Implement rfc6840 (AD flag processing) if using trusted name servers libc can't do DNSSEC validation but it can ask a "security-aware" resolver to do so. Let's send queries with the AD flag set when appropriate, and let applications look at the AD flag in responses in a safe way, ie clear the AD flag if the resolvers aren't trusted. By default we only trust resolvers if resolv.conf(5) only lists name servers on localhost - the obvious candidates being unwind(8) and unbound(8). For non-localhost resolvers, an admin who trusts *all the name servers* listed in resolv.conf(5) *and the network path leading to them* can annotate this with "options trust-ad". AD flag processing gives ssh -o VerifyHostkeyDNS=Yes a chance to fetch SSHFP records in a secure manner, and tightens the situation for other applications, eg those using RES_USE_DNSSEC for DANE. It should be noted that postfix currently assumes trusted name servers by default and forces RES_TRUSTAD if available. RES_TRUSTAD and "options trust-ad" were first introduced in glibc by Florian Weimer. Florian Obser (florian@) contributed various improvements, fixed a bug and added automatic trust for name servers on localhost. ok florian@ phessler@
Revision 1.22 / (download) - annotate - [select for diffs], Mon Jan 14 06:23:06 2019 UTC (5 years, 4 months ago) by otto
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.21: +2 -1 lines
Diff to previous 1.21 (colored)
There are cases where a program doing dns requests wants to set the Checking Disabled flag. Introduce a RES flag to do so. ok krw@ deraadt@ eric@
Revision 1.21 / (download) - annotate - [select for diffs], Mon Sep 12 19:35:31 2016 UTC (7 years, 8 months ago) by guenther
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4,
OPENBSD_6_3_BASE,
OPENBSD_6_3,
OPENBSD_6_2_BASE,
OPENBSD_6_2,
OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.20: +2 -2 lines
Diff to previous 1.20 (colored)
Change the (unused) restimespec member of __res_state from a timespec to a local equivalent to eliminate a dependency on <sys/time.h> being included ok deraadt@ millert@
Revision 1.20 / (download) - annotate - [select for diffs], Fri Sep 25 23:32:51 2015 UTC (8 years, 7 months ago) by guenther
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.19: +1 -53 lines
Diff to previous 1.19 (colored)
Trim symbols that aren't part of our new resolver OK semarie@
Revision 1.19 / (download) - annotate - [select for diffs], Wed Dec 5 23:19:57 2012 UTC (11 years, 5 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8,
OPENBSD_5_7_BASE,
OPENBSD_5_7,
OPENBSD_5_6_BASE,
OPENBSD_5_6,
OPENBSD_5_5_BASE,
OPENBSD_5_5,
OPENBSD_5_4_BASE,
OPENBSD_5_4,
OPENBSD_5_3_BASE,
OPENBSD_5_3
Changes since 1.18: +1 -2 lines
Diff to previous 1.18 (colored)
Remove excessive sys/cdefs.h inclusion ok guenther millert kettenis
Revision 1.18 / (download) - annotate - [select for diffs], Tue Jul 10 11:46:23 2012 UTC (11 years, 10 months ago) by guenther
Branch: MAIN
CVS Tags: OPENBSD_5_2_BASE,
OPENBSD_5_2
Changes since 1.17: +2 -7 lines
Diff to previous 1.17 (colored)
Stop pulling in <sys/param.h> ok deraadt@
Revision 1.17 / (download) - annotate - [select for diffs], Thu Jun 4 18:06:35 2009 UTC (14 years, 11 months ago) by pyr
Branch: MAIN
CVS Tags: OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0,
OPENBSD_4_9_BASE,
OPENBSD_4_9,
OPENBSD_4_8_BASE,
OPENBSD_4_8,
OPENBSD_4_7_BASE,
OPENBSD_4_7,
OPENBSD_4_6_BASE,
OPENBSD_4_6
Changes since 1.16: +4 -1 lines
Diff to previous 1.16 (colored)
Add a resolv.conf option to specify the order in which getaddrinfo PF_UNSPEC queries are made. While there change the default from inet6 first then inet4 to inet4 first then inet6, this prevents the many people with IPv4 only connectivity from constantly trying to contact IPv6 addresses, and also unbreaks many ports who don't use getaddrinfo right. ok deraadt@, plenty of cheering in the room wrt the idea, not loud enough complaining from the v6 crowd.
Revision 1.16 / (download) - annotate - [select for diffs], Wed Mar 30 02:58:28 2005 UTC (19 years, 1 month ago) by tedu
Branch: MAIN
CVS Tags: OPENBSD_4_5_BASE,
OPENBSD_4_5,
OPENBSD_4_4_BASE,
OPENBSD_4_4,
OPENBSD_4_3_BASE,
OPENBSD_4_3,
OPENBSD_4_2_BASE,
OPENBSD_4_2,
OPENBSD_4_1_BASE,
OPENBSD_4_1,
OPENBSD_4_0_BASE,
OPENBSD_4_0,
OPENBSD_3_9_BASE,
OPENBSD_3_9,
OPENBSD_3_8_BASE,
OPENBSD_3_8
Changes since 1.15: +6 -4 lines
Diff to previous 1.15 (colored)
make the resolver stat resolv.conf and update if it changes. useful feedback and ok deraadt@
Revision 1.15 / (download) - annotate - [select for diffs], Thu Jan 22 21:48:02 2004 UTC (20 years, 3 months ago) by espie
Branch: MAIN
CVS Tags: OPENBSD_3_7_BASE,
OPENBSD_3_7,
OPENBSD_3_6_BASE,
OPENBSD_3_6,
OPENBSD_3_5_BASE,
OPENBSD_3_5
Changes since 1.14: +67 -59 lines
Diff to previous 1.14 (colored)
Remove unnecessary typedef usage. u_char -> unsigned char u_short -> unsigned short u_long -> unsigned long u_int -> unsigned int okay millert@
Revision 1.14 / (download) - annotate - [select for diffs], Fri Aug 1 17:38:33 2003 UTC (20 years, 9 months ago) by avsm
Branch: MAIN
CVS Tags: OPENBSD_3_4_BASE,
OPENBSD_3_4
Changes since 1.13: +12 -6 lines
Diff to previous 1.13 (colored)
add __bounded__ attributes for userland headers; enabled with -Wbounded ok deraadt@
Revision 1.13 / (download) - annotate - [select for diffs], Thu Jun 26 19:34:17 2003 UTC (20 years, 10 months ago) by avsm
Branch: MAIN
Changes since 1.12: +5 -11 lines
Diff to previous 1.12 (colored)
backout the __bounded__ attributes for a while; requested by deraadt@
Revision 1.12 / (download) - annotate - [select for diffs], Thu Jun 26 18:35:13 2003 UTC (20 years, 10 months ago) by avsm
Branch: MAIN
Changes since 1.11: +12 -6 lines
Diff to previous 1.11 (colored)
Mark various standard library functions with the __bounded__ attribute. You must have an up-to-date gcc for this! deraadt@ ok
Revision 1.11 / (download) - annotate - [select for diffs], Mon Jun 2 19:34:12 2003 UTC (20 years, 11 months ago) by millert
Branch: MAIN
Changes since 1.10: +2 -6 lines
Diff to previous 1.10 (colored)
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
Revision 1.10 / (download) - annotate - [select for diffs], Mon Jun 3 12:14:30 2002 UTC (21 years, 11 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_3_3_BASE,
OPENBSD_3_3,
OPENBSD_3_2_BASE,
OPENBSD_3_2
Changes since 1.9: +2 -2 lines
Diff to previous 1.9 (colored)
compatiblity -> compatibility decriptor -> descriptor authentciated -> authenticated transmition -> transmission
Revision 1.9 / (download) - annotate - [select for diffs], Sun Feb 17 19:42:21 2002 UTC (22 years, 3 months ago) by millert
Branch: MAIN
CVS Tags: OPENBSD_3_1_BASE,
OPENBSD_3_1
Changes since 1.8: +19 -19 lines
Diff to previous 1.8 (colored)
Manual cleanup of remaining userland __P use (excluding packages maintained outside the tree)
Revision 1.8 / (download) - annotate - [select for diffs], Sat Feb 16 21:27:17 2002 UTC (22 years, 3 months ago) by millert
Branch: MAIN
Changes since 1.7: +37 -37 lines
Diff to previous 1.7 (colored)
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
Revision 1.7 / (download) - annotate - [select for diffs], Tue Jul 31 22:02:18 2001 UTC (22 years, 9 months ago) by jakob
Branch: MAIN
CVS Tags: OPENBSD_3_0_BASE,
OPENBSD_3_0
Changes since 1.6: +3 -1 lines
Diff to previous 1.6 (colored)
add support for EDNS0 extended flag DNSSEC OK (aka DO). ok deraadt@
Revision 1.6 / (download) - annotate - [select for diffs], Mon Jun 11 10:06:02 2001 UTC (22 years, 11 months ago) by itojun
Branch: MAIN
Changes since 1.5: +4 -1 lines
Diff to previous 1.5 (colored)
support EDNS0 (RFC2671) buffer size notification on DNS queries. "options edns0" in /etc/resolv.conf will enable the behavior. no behavior change if you don't have the line. see resolv.conf(5) for more details. EDNS0 is useful for avoiding TCP DNS queries/replies on larger DNS responses. also, draft-ietf-dnsext-message-size-* plans to mandate EDNS0 support for DNS clients that support IPv6 transport.
Revision 1.5 / (download) - annotate - [select for diffs], Thu Jan 4 21:37:11 2001 UTC (23 years, 4 months ago) by todd
Branch: MAIN
CVS Tags: OPENBSD_2_9_BASE,
OPENBSD_2_9
Changes since 1.4: +2 -2 lines
Diff to previous 1.4 (colored)
spelling
Revision 1.4 / (download) - annotate - [select for diffs], Thu Jun 22 07:31:18 2000 UTC (23 years, 11 months ago) by itojun
Branch: MAIN
CVS Tags: OPENBSD_2_8_BASE,
OPENBSD_2_8
Changes since 1.3: +51 -1 lines
Diff to previous 1.3 (colored)
ipv6 support in resolver. "nameserver" line in /etc/resolv.conf now takes ipv6 address.
Revision 1.3 / (download) - annotate - [select for diffs], Thu Mar 13 19:11:51 1997 UTC (27 years, 2 months ago) by downsj
Branch: MAIN
CVS Tags: OPENBSD_2_7_BASE,
OPENBSD_2_7,
OPENBSD_2_6_BASE,
OPENBSD_2_6,
OPENBSD_2_5_BASE,
OPENBSD_2_5,
OPENBSD_2_4_BASE,
OPENBSD_2_4,
OPENBSD_2_3_BASE,
OPENBSD_2_3,
OPENBSD_2_2_BASE,
OPENBSD_2_2,
OPENBSD_2_1_BASE,
OPENBSD_2_1
Changes since 1.2: +100 -45 lines
Diff to previous 1.2 (colored)
BIND 4.9.5 includes.
Revision 1.2 / (download) - annotate - [select for diffs], Mon Feb 19 19:53:15 1996 UTC (28 years, 3 months ago) by dm
Branch: MAIN
CVS Tags: OPENBSD_2_0_BASE,
OPENBSD_2_0
Changes since 1.1: +139 -60 lines
Diff to previous 1.1 (colored)
netbsd: bind 4.9.3
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Wed Oct 18 08:41:13 1995 UTC (28 years, 7 months ago) by deraadt
CVS Tags: netbsd_1_1
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)
initial import of NetBSD tree
Revision 1.1 / (download) - annotate - [select for diffs], Wed Oct 18 08:41:13 1995 UTC (28 years, 7 months ago) by deraadt
Branch: MAIN
Initial revision
![[BACK]](/icons/back.gif){kind=icon}