bind-dyndb-ldap-1.1.0-0.9.b1.0.1.AXS4

This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server.

Security issues fixed with this release;

CVE-2012-2134
No description available at the time of writing, please use the CVE links below.

Bug Fixes

• If a zone contained an invalid Resource Record (RR) with the same Fully Qualified Domain Name (FQDN) as the zone name, the bind-dyndb-ldap plug-in refused to load the entire zone. This has been fixed: if an invalid RR is encountered, an error message “Failed to parse RR entry” is logged and the zone continues to load.

• The bind-dyndb-ldap plug-in stopped after the first failure to connect to an LDAP server and users had to execute "rndc reload" to make the plug-in work. This has been fixed: the plug-in retries to connect periodically and no user intervention is required.

• Even after the zone_refresh period timed out and a zone was removed from the LDAP server, the plug-in continued to serve the removed zone. This has been fixed.

• When the named daemon received the rndc reload command or a SIGHUP signal and the plug-in failed to connect to an LDAP server, the plug-in caused named to crash when it received a query which belonged to a zone previously handled by the plug-in. This has been fixed.

• If the named daemon lost connection to an LDAP server for some time and then some zones previously present had been removed from LDAP before a successful reconnection, the plug-in crashed. This has been fixed.

• Fixed the length of some strings so that the SOA serial number and the expiry time fot the forward zone are set correctly during ipa-server installation.

• With sub-domains delegated to other DNS servers, the bind-dyndb-ldap plugin managing the top-domain DNS failed to put A or AAAA glue records in the “additional section” of a DNS answer and sub-domains were not accessible by other DNS servers.This has been fixed.

• The plug-in now correctly returns answers for queries with non-ASCII characters.

Enhancements

• Now supports two new attributes, idnsAllowQuery and idnsAllowTransfer, which can be used to set ACLs for queries or transfers.

• Now supports the new zone attributes idnsForwarders and idnsForwardPolicy which can be used to configure forwarding.

• Now supports zone transfers.

• Added a new option called sync_ptr that can be used to keep A and AAAA records and their PTR records synchronized.

• It is now possible to store configuration for the plug-in in LDAP with idnsConfigObject. Options set through this have higher priority than the ones from the named.conf file.

Refer to /usr/share/doc/bind-dyndb-ldap/README for more information about the new options and attributes.