pkg-bind: Slaves must be able to NOTIFY other Secondaries #197
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The default behaviour of BIND is that Slaves will send NOTIFY to other Secondaries. In pfSense, ```notify no``` in all Slave zones prevents this default behaviour, which is unexpected and looks like a bug until inspecting named.conf.
There is no way to overcome this ```notify no```, even when putting ```notify explicit {}``` into Custom Options of surrounding views for example. Even worse, BIND will throw an error when putting another ```notify yes|explicit {}``` into Custom Options of zones, and named will subsequently fail to start.
Admins who do want to prevent their Slaves from sending NOTIFY should put ```notify no``` explicitly into the Custom Options.
In my use case however, I need my Slaves to send NOTIFY to I/AXFR servers of the global anycast Secondaries at DNSMadeEasy using in the Custom Options of the view ```notify explicit;
also-notify {
208.94.147.135;
208.94.150.198;
63.219.151.12;
}; ```
This only works with the proposed PR.
|
Before this pull request can be accepted you must first sign a CLA as described at https://www.pfsense.org/about-pfsense/#cla. Please read for more details. |
|
CLA signed & executed. |
hb9cwp
changed the title
rbgarga
requested changes
Oct 12, 2016
hb9cwp
changed the title
rbgarga
approved these changes
Nov 30, 2016
|
Merged manually. Thanks! |
netgate-git-updates
pushed a commit
that referenced
this pull request
Mar 13, 2019
- Remove LOCAL MASTER_SITES Noteworthy changes in 0.12.3 - Fixed crash when no DTLS ciphersuite is negotiated. - Fixed crash happening arbitrarily depending on handled string sizes (#197). - Fixed compatibility issue with GnuTLS 3.3.x (#201). - occtl: print the TLS session information, even if the DTLS channel is not established. MFH: 2019Q1
netgate-git-updates
pushed a commit
that referenced
this pull request
Mar 14, 2019
net/ocserv: Update to 0.12.3 - Remove LOCAL MASTER_SITES Noteworthy changes in 0.12.3 - Fixed crash when no DTLS ciphersuite is negotiated. - Fixed crash happening arbitrarily depending on handled string sizes (#197). - Fixed compatibility issue with GnuTLS 3.3.x (#201). - occtl: print the TLS session information, even if the DTLS channel is not established. Approved by: ports-secteam (miwi)
netgate-git-updates
pushed a commit
that referenced
this pull request
Oct 3, 2020
* MooseFS 3.0.114-1 (2020-07-27) - (mount) fixed trunacting files open with O_APPEND flag (bug itntr. in 3.0.113, issue #368) - (cs) added disk rebalance when all designated source disks are already empty (issue #364) - (mount) added additional info to '.params' file (versions of mfs,libfuse itp.) - (master+cs) added check against EACCES after lockf (according to Linux man - such stupid error can be returned here - issue #369) - (master) fixed access checks in snapshot - (cgi+cli) removed using supervisor (only available in PRO version) - (cs) fixed deadlock condition on mutexes 'folderlock' and 'hashlock' (exists since 3.0.110) - (tools) fixed oveflow protection in number parsing function - (cs) fixed reporting to master duplicates with newer version - (cs) changed job queue policy (some tasks are not limited now) - (master) fixed reaction to status NOTDONE received from chunkservers - (master) fixed syncing and closing negative file descriptor in bgsaver - (mount+master) fixed handling keepcache and direct flags (related to issue #374) - (cgi) changed time format (issue #197) - (cs) added logging info when '.chunkdb' is not written to disk - (master) fixed alphabetical order of commands detected in changelog - (cs) changed queue limit to max workers (limited dynamically) - (cs) fixed automatic chunkserver removal in master - (master) added meta version increment in chunks_set_version - (cs) added error detection during writing '.chunkdb' - (all) added build id to 'what' strings - (nbd+cgiserv) added chdir("/") PR: 250060 Submitted by: MooseFS FreeBSD Team <[email protected]> (maintainer)
netgate-git-updates
pushed a commit
that referenced
this pull request
Nov 20, 2021
Changes since 0.1.1:
> This version has some breaking changes in the config file and, you will
need to regenerate the config for all features to work.
- The tool is now compatible with next-gen/team-managed project.
- New filters when listing issues, viz:
- Filter by parent: This will allow you to list all sub-tasks of a task.
- Order by filter: This will allow you to display a list sorted by their
rank for example.
- You can now assign epic to the issue on creation.
- You can add issues to the sprint with `jira sprint add`
- feat: Allow to assign epic on create #194
- feat: Cmd to add issues to sprint #205
- feat: Allow to filter by parent #197
- feat: Add order-by filter #206
- feat: Add type on project listing #190
- fix: Make epic add work in next-gen project #195
- fix: Epic creation for next-gen project #192
- fix: Make epic remove work in next-gen project #196
- fix: Make epic list work for next-gen project #201
- fix: Segmentation fault on view #202
- fix(tui): Link/key copy is broken for altered key col #204
- cfg!: Expand config to include project type #191
- cfg!: Rename field to name and add link field to epic #193
- dep: Upgrade rivo/tview #176
- dep: Upgrade outdated deps to latest #177
- dep: Use Go 1.17 #178
**Full Changelog**: ankitpokhrel/jira-cli@v0.1.1...v0.2.0
netgate-git-updates
pushed a commit
that referenced
this pull request
May 21, 2022
3.1.0 (2022-05-18) * Introduce basic support for OpenSSL version 3 (#492) * Update regex in grep to be POSIX compliant (#556) * Introduce status reporting tools (#555 & #557) * Display certificates using UTF8 (#551) * Allow certificates to be created with fixed date offset (#550) * Add 'verify' to verify certificate against CA (#549) * Add PKCS#12 alias 'friendlyName' (#544) * Disallow use of '--vars=FILE init-pki' (#566) * Support multiple IP-Addresses in SAN (#564) * Add option '--renew-days=NN', custom renew grace period (#557) * Add 'nopass' option to the 'export-pkcs' functions (#411) * Add support for 'busybox' (#543) * Add option '--tmp-dir=DIR' to declare Temp-dir (Commit f503a22) 3.0.9 (2022-05-17) * Upgrade OpenSSL from 1.1.0j to 1.1.1o (#405, #407) - We are buliding this ourselves now. * Fix --version so it uses EASYRSA_OPENSSL (#416) * Use openssl rand instead of non-POSIX mktemp (#478) * Fix paths with spaces (#443) * Correct OpenSSL version from Homebrew on macOs (#416) * Fix revoking a renewed certificate (Original PR #394) Follow-up commit: ef22701878bb10df567d60f2ac50dce52a82c9ee * Introduce 'show-crl' (d1993892178c5219f4a38d50db3b53d1a972b36c) * Support Windows-Git 'version of bash' (#533) * Disallow use of single quote (') in vars file, Warning (#530) * Creating a CA uses x509-types/ca and COMMON (#526) * Prefer 'PKI/vars' over all other locations (#528) * Introduce 'init-pki soft' option (#197) * Warnings are no longer silenced by --batch (#523) * Improve packaging options (#510) * Update regex for POSIX compliance (#556) * Correct date format for Darwin/BSD (#559)
netgate-git-updates
pushed a commit
that referenced
this pull request
Jan 18, 2023
Major changes between sudo 1.9.12p2 and 1.9.12p1: * Fixed a compilation error on Linux/aarch64. GitHub issue #197. * Fixed a potential crash introduced in the fix for GitHub issue #134. If a user's sudoers entry did not have any RunAs user's set, running "sudo -U otheruser -l" would dereference a NULL pointer. * Fixed a bug introduced in sudo 1.9.12 that could prevent sudo from creating a I/O files when the "iolog_file" sudoers setting contains six or more Xs. * Fixed CVE-2023-22809, a flaw in sudo's -e option (aka sudoedit) that coud allow a malicious user with sudoedit privileges to edit arbitrary files. PR: 269030 Submitted by: cy Reported by: cy Approved by: garga MFH: 2023Q1 Security: CVE-2023-22809
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The default behaviour of BIND is that Slaves will send NOTIFY to other Secondaries. In pfSense,
notify noin all Slave zones prevents this default behaviour, which is unexpected and looks like a bug in BIND until inspecting named.conf generated by pfSense for Slaves.There is no way in the WebUI of pfSense to overcome this
notify no, even when puttingnotify explicit {}into Custom Options of surrounding views for example. Even worse, BIND will throw an error when putting anothernotify yes|explicit {}into Custom Options of zones, and named will subsequently fail to start.Admins who do want to prevent their Slaves from sending NOTIFY should put
notify noexplicitly into the Custom Options.In my use case however, I need my Slaves to send NOTIFY to I/AXFR servers of the global anycast Secondaries at DNSMadeEasy.com using in the Custom Options of the view
notify explicit; also-notify { 208.94.147.135; 208.94.150.198; 63.219.151.12; };This only works with the proposed PR.