unbound 1.4.17 dns =9

A validating, recursive, and caching DNS resolver
Maintained by: sem@FreeBSD.org
Port Added: 29 Apr 2008 07:35:35
License: not specified in port

---

---

Unbound is designed as a set of modular components, so that also
DNSSEC (secure DNS) validation and stub-resolvers (that do not run as
a server, but are linked into an application) are easily possible.

Goals:
    * A validating recursive DNS resolver.
    * Code diversity in the DNS resolver monoculture.
    * Drop-in replacement for BIND apart from config.
    * DNSSEC support.
    * Fully RFC compliant.
    * High performance
          o even with validation.
    * Used as
          o stub resolver.
          o full caching name server.
          o resolver library.
    * Elegant design of validator, resolver, cache modules.
          o provide the ability to pick and choose modules.
    * Robust.
    * In C, open source: The BSD license.
    * Smallest as possible component that does the job.
    * Stub-zones can be configured (local data or AS112 zones).

Non-goals:
    * An authoritative name server.
    * Too many Features.

WWW: http://unbound.net

CVSWeb : Sources : Main Web Site : Distfiles Availability : PortsMon

---

NOTE: FreshPorts displays only required dependencies information. Optional dependencies are not covered.
Required To Build: devel/gmake
Required Libraries: textproc/expat2, dns/ldns

Required by:
for Libraries

dns/autotrust

---

To install the port: cd /usr/ports/dns/unbound/ && make install clean
To add the package: pkg_add -r unbound

---

Configuration Options

===> The following configuration options are available for unbound-1.4.17:
     LIBEVENT=off (default) "is useful when using many (10000) outgoing ports"
     THREADS=on (default) "build with threads support"
     PYTHON=off (default) "build python bindings"
     GOST=off (default) "build GOST support (requires OpenSSL from ports)"
     ECDSA=on (default) "build ECDSA (ecliptic curve) support"
===> Use 'make config' to modify these settings

---

Master Sites:

http://unbound.net/downloads/

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/

• 2011-09-15

  Affects: users of dns/unbound

  Author: sem@FreeBSD.org

  Reason: 
    unbound supports GOST from version 1.4.12 but only if dns/ldns was build
    with GOST support too. There is no way to check the option when unbound
    builds, so you should make sure the option is on in both unbound and lds.
  
  

- Update to 1.4.17
  * Use ECDSA by default
  * Add a hack to build ldns with ECDSA support if it's not installed

Feature safe:   Yes

- Update to 1.4.16
  * Bugfix release

- Fix plist

Submitted by:   dougb

- Update to 1.4.15
  * Fixed a little memory leak
  * Couple other bugs fixed
- Run unbound-checkconf before start.

- Run unbound-anchor with unbound user. It solves a permissions problem.

- Run unbound-anchor before unbound to obtain a trust anchor for DNSSEC.

Requested by:   des

In the rc.d scripts, change assignments to rcvar to use the
literal name_enable wherever possible, and ${name}_enable
when it's not, to prepare for the demise of set_rcvar().

In cases where I had to hand-edit unusual instances also
modify formatting slightly to be more uniform (and in
some cases, correct). This includes adding some $FreeBSD$
tags, and most importantly moving rcvar= to right after
name= so it's clear that one is derived from the other.

- Update to 1.4.14
  * CVE-2011-4528 fixed

- Get rid FreeBSD 6 support

- Update to 1.4.13

- Update to 1.4.12 (a bugfix release)
- Disable GOST by default
- Depend on dns/ldns

Incorrect keyword in previous commit; should have read:

Use USERS

PR:             ports/157597
Submitted by:   crees (me)
Approved by:    rene (mentor, implicit), maintainer timeout (sem, 34 days)

Use USERS

PR:             ports/157597
Submitted by:   crees (me)
Reviewed by:    rene (mentor, implicit), maintainer timeout (sem, 34 days)

- Update to 1.4.11

- Update to 1.4.10
  * CVE-2011-1922 VU#531342 fixed

- Update to 1.4.9

- Update to 1.4.8

Feature safe:   yes

- Update to 1.4.7
  * It uses GOST by default and depends on port's openssl 1.0.0
    (may be turned off by an option).

- Update to 1.4.6

Update libevent to 1.4.14b

PR:             ports/147723
Approved by:    maintainer (timeout)

- Update to 1.4.5

- Update to 1.4.4
 * mistly bugs fix release
 * ECC-GOST is not supported by the port yet because of it requires
   OpenSSL 1.0.0 from ports. (There is in TODO).

Begin the process of deprecating sysutils/rc_subr by
s#. %%RC_SUBR%%#. /etc/rc.subr#

- Update to 1.4.3

- OpenSSL has no sha256 functions on 6.x

Reported by:    Michael Meelis <m.meelis at easybow.com>

- Forgot to set : ${unbound_enable:-"NO"}
- Allow user to set a pid file location with unbound_pidfile="..."

PR:             ports/142793 (based on)
Submitted by:   Keith Gaughan <k at stereochro.me>

- A patch from SVN. It fixes a regression in IPv6 caching in
  1.4.1 version.

- Update to 1.4.1
- Use --disable-sha2 on 6.4 because of broken OpenSSL in base.

- A patch from developer
  * Fix crash when iterator without validator used

- Fixe build on 6.4 amd64

Reported by:    pav
Tested by:      bud@RusNET.irc

- Update to 1.4.0

- Update to 1.3.4

PR:             ports/140639
Submitted by:   Kurt Jaeger <pi at fa8.opsec.eu>

- unbound does not use `unbound' group anymore, but `daemmon' instead

PR:             ports/137175 (based on)
Reported by:    Artis Caune <Artis.Caune at gmail.com>

- Update to 1.3.3

- Update to 1.3.1

- Update to 1.3.0

- Fix a problem with OpenSSL from ports

Submitted by:   Artis Caune <artis.caune at gmail.com>

Mark as broken on sparc64-6.

- Update to 1.2.1

- Update to 1.2.0
  Bugs fix release. Includes important security fix.

- Fix reopening log after SIGHUP

- Update to 1.1.1
  Urgent bugs fix release.

- Update to 1.1.0

Update CONFIGURE_ARGS for how we pass CONFIGURE_TARGET to configure script.
Specifically, newer autoconf (> 2.13) has different semantic of the
configure target. In short, one should use --build=CONFIGURE_TARGET
instead of CONFIGURE_TARGET directly. Otherwise, you will get a warning
and the old semantic may be removed in later autoconf releases.

To workaround this issue, many ports hack the CONFIGURE_TARGET variable
so that it contains the ``--build='' prefix.

To solve this issue, under the fact that some ports still have
configure script generated by the old autoconf, we use runtime detection
in the do-configure target so that the proper argument can be used.

Changes to Mk/*:
 - Add runtime detection magic in bsd.port.mk

- Update libevent dependency and bump PORTREVISION

- Add an option to build without threads.

Requested by:   Beastie <beastie24@gmail.com>

- Update to 1.0.2

- Update to 1.0.1

- with USE_OPENSSL, users can choose base OpenSSL or the one in the ports
- fix configure script so that WITHOUT_LIBEVENT works
- install some docs

PR:             ports/123853
Submitted by:   Tomoyuki Sakurai <cherry at trombik.org>

- Update to 1.0

- Fix a typo like mistakes. No functional changes.

Reported by:    W.C.A. Wijngaards <wouter at nlnetlabs.nl>

- unbound runned in chroot by default. it brings us a problem with
  pid file. place it to PREFIX/etc/unbound as an author do.

- PORTREVISION bump after the last change.

Discussed with: bsam

- USE_LDCONFIG should be there

- New port: dns/unbound

Unbound is designed as a set of modular components, so that also
DNSSEC (secure DNS) validation and stub-resolvers (that do not run as
a server, but are linked into an application) are easily possible.

Goals:
    * A validating recursive DNS resolver.
    * Code diversity in the DNS resolver monoculture.
    * Drop-in replacement for BIND apart from config.
    * DNSSEC support.
    * Fully RFC compliant.
    * High performance
          o even with validation.
    * Used as

12 vulnerabilities affecting 17 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities