notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)

Current status

The server has been repaired, with a new power supply, for $23. I am waiting for lower COVID rates before visiting the datacenter to return it.
non port: dns/bind911/Makefile

Number of commits found: 98

Thu, 29 Apr 2021
[ 09:39 mat (Mathieu Arnold) ]    commit hash:92ca026aa01c31fb1484a2202938e637dcd8acc3  92ca026 
dns/bind911: Update to 9.11.31.

MFH:		2021Q2
Security:	CVE-2021-25214
Security:	CVE-2021-25215
Security:	CVE-2021-25216
Sponsored by:	Absolight
Tue, 6 Apr 2021
[ 14:31 mat (Mathieu Arnold) ]    commit hash:305f148f482daf30dcf728039d03d019f88344eb  305f148 (Only the first 10 of 29333 ports in this commit are shown above. View all ports for this commit)
Remove # $FreeBSD$ from Makefiles.
Fri, 19 Mar 2021
[ 14:32 mat ] Original commit   Revision:568799
Update to BIND9 9.11.29.

Thu, 18 Feb 2021
[ 07:04 mat ] Original commit   Revision:565906
Update to 9.11.28

Security:	CVE-2020-8625
Fri, 22 Jan 2021
[ 11:13 mat ] Original commit   Revision:562295
Update to 9.11.27
Wed, 16 Dec 2020
[ 21:36 mat ] Original commit   Revision:558241
Update to 9.11.26.

Fri, 4 Dec 2020
[ 13:26 mat ] Original commit   Revision:556981
Fix BIND9 9.11.25's manpages.
Sat, 28 Nov 2020
[ 15:03 mat ] Original commit   Revision:556502
Update to 9.11.25.

Mon, 26 Oct 2020
[ 11:40 mat ] Original commit   Revision:553338
Update to 9.11.24

Wed, 23 Sep 2020
[ 14:42 mat ] Original commit   Revision:549731
Update to 9.11.23.

MFH:		2020Q3 (bugfix)
Wed, 26 Aug 2020
[ 13:32 mat ] Original commit   Revision:546284
Add an option to use the DNS accept filter if available.

PR:		241613
Submitted by:	eugen
[ 13:32 mat ] Original commit   Revision:546283
Enabled DNSTAP by default.

The ISC recommends having it by default (it is in the packages they
distribute) and the footprint of the dependecies is very small.

While there, cleanup plists.

PR:		237861
Reported by:	Greg Rivers
Fri, 21 Aug 2020
[ 09:11 mat ] Original commit   Revision:545578
Update to 9.11.22.

MFH:		2020Q3 (security fix)
Security:	CVE-2020-8620, CVE-2020-8621, CVE-2020-8622,
		CVE-2020-8623, CVE-2020-8624
Mon, 20 Jul 2020
[ 13:50 mat ] Original commit   Revision:542640
Fix rndc with LMDB 0.9.26+.

PR:		247950
Submitted by: 	delphij
Reportedy:	david isnic is
Obtained from:
MFH:		2020Q3 (not sure if needed)
Thu, 16 Jul 2020
[ 15:51 mat ] Original commit   Revision:542363
Update to 9,11,21.

MFH:		2020Q3 (bug fixes)
Thu, 18 Jun 2020
[ 03:46 philip ] Original commit   Revision:539519
Update to 9.11.20.

MFH:		2020Q2
Security:	CVE-2020-8619
Submitted by:   mat (maintainer)
Fri, 22 May 2020
[ 19:20 sunpoet ] Original commit   Revision:536219(Only the first 10 of 67 ports in this commit are shown above. View all ports for this commit)
Bump PORTREVISION for devel/json-c json-c
Tue, 19 May 2020
[ 09:25 mat ] Original commit   Revision:535847
Update to 9.11.19.

MFH:		2020Q2
Security:	CVE-2020-8616, CVE-2020-8617
Wed, 15 Apr 2020
[ 20:46 mat ] Original commit   Revision:531791
Update to 9.11.18.

MFH:		2020Q2
Thu, 19 Mar 2020
[ 11:33 mat ] Original commit   Revision:528713
Update to 9.11.17.
Thu, 20 Feb 2020
[ 09:09 mat ] Original commit   Revision:526552
Add forgotten CONFLICTS lines.
[ 09:07 mat ] Original commit   Revision:526549
Update to 9.11.16.

Thu, 23 Jan 2020
[ 08:55 mat ] Original commit   Revision:523910
Update to 9.11.15.

Wed, 18 Dec 2019
[ 22:37 mat ] Original commit   Revision:520406
Update to 9.11.14.

Wed, 20 Nov 2019
[ 21:41 mat ] Original commit   Revision:518053
Update to 9.11.13.

MFH:		2019Q4
Security:	CVE-2019-6477
Wed, 16 Oct 2019
[ 22:53 mat ] Original commit   Revision:514624
Update to 9.11.12.

Wed, 9 Oct 2019
[ 10:34 bapt ] Original commit   Revision:514130(Only the first 10 of 42 ports in this commit are shown above. View all ports for this commit)
Drop the ipv6 virtual category for d* category as it is not relevant anymore
Wed, 18 Sep 2019
[ 22:27 mat ] Original commit   Revision:512294
Update to 9.11.11.

While there, add back GEOIP support via the "new" libmaxminddb.

Thu, 22 Aug 2019
[ 17:09 mat ] Original commit   Revision:509612
Update to 9.11.10.
Thu, 18 Jul 2019
[ 16:10 mat ] Original commit   Revision:506855
Update to 9.11.9.

Mon, 1 Jul 2019
[ 16:21 mat ] Original commit   Revision:505614
Make a note about expiration here.
Wed, 19 Jun 2019
[ 22:42 mat ] Original commit   Revision:504595
Update to 9.11.8.

MFH:		2019Q2 (security blanket)
Security:	CVE-2019-6471
Thu, 16 May 2019
[ 07:32 mat ] Original commit   Revision:501775
Update to 9.11.7.
Thu, 25 Apr 2019
[ 07:17 mat ] Original commit   Revision:499957
Update to BIND9 9.11.6-P1.

MFH:		2019Q2
Security:	CVE-2018-5743
Tue, 23 Apr 2019
[ 13:04 mat ] Original commit   Revision:499757(Only the first 10 of 23 ports in this commit are shown above. View all ports for this commit)
Remove conflicts from bind-tools and the server ports.

All servers now depend on the same bind-tools, from the latest BIND9

Chase dependencies to make sure they now depend on the correct port.

Differential Revision:
Tue, 19 Mar 2019
[ 08:38 mat ] Original commit   Revision:496252
Make WITH_DEBUG actually build and be as helpful as possible.
Fri, 1 Mar 2019
[ 10:10 mat ] Original commit   Revision:494252
Add BIND 9.14.0 first release candidate.
[ 10:02 mat ] Original commit   Revision:494250
Update to 9.11.6.
Fri, 22 Feb 2019
[ 08:52 mat ] Original commit   Revision:493563
Update to 9.11.5-P4.

MFH:		2019Q1 (blanket)
Security:	CVE-2018-5744 CVE-2018-5745 CVE-2019-6465
Sat, 9 Feb 2019
[ 23:25 sunpoet ] Original commit   Revision:492534(Only the first 10 of 24 ports in this commit are shown above. View all ports for this commit)
Update dns/libidn2 to 2.1.1

- Bump PORTREVISION of dependent ports for shlib change

Sun, 13 Jan 2019
[ 20:58 adamw ] Original commit   Revision:490211(Only the first 10 of 59 ports in this commit are shown above. View all ports for this commit)
Remove GeoIP-related options. Where possible, replace GeoIP 1 defaults
with GeoIP 2.

Also, as suggested by zi, add an UPDATING note about this.
Sun, 6 Jan 2019
[ 20:39 sunpoet ] Original commit   Revision:489529(Only the first 10 of 24 ports in this commit are shown above. View all ports for this commit)
Update dns/libidn2 to 2.1.0

- Bump PORTREVISION of dependent ports for shlib change

Thu, 13 Dec 2018
[ 09:06 mat ] Original commit   Revision:487359(Only the first 10 of 14 ports in this commit are shown above. View all ports for this commit)
Update to 9.11.5-P1, 9.12.3-P1, 9.13.5.

While there:
- Don't disable symbol table generation when building WITH_DEBUG.
- Try and make sure nullfs can really be used in a more robustt and
  centralized way.
- Make sure all changes are sync'ed among all BIND9 ports.
Wed, 14 Nov 2018
[ 10:11 mat ] Original commit   Revision:484916
Make sure gost is really disabled.

It may get picked up from the base OpenSSL and break startup.
While there, make sure the correct engines are used.

Reported by:	Kevin P. Neal (on ports@)
Fri, 2 Nov 2018
[ 10:13 mat ] Original commit   Revision:483798
Remove GOST support from BIND9 9.11 and 9.12.

It was never (widely|really) used, and support for it has been dropped
in OpenSSL starting at 1.1, and BIND9 starting at 9.13.

PR:		231980
Reported by:	mfechner
Wed, 24 Oct 2018
[ 08:05 mat ] Original commit   Revision:482890
Update to 9.11.5.
Thu, 20 Sep 2018
[ 14:12 mat ] Original commit   Revision:480174
Update to 9.11.4-P2.

Switch to libidn2 for idn.
Wed, 5 Sep 2018
[ 22:01 sunpoet ] Original commit   Revision:479045(Only the first 10 of 68 ports in this commit are shown above. View all ports for this commit)
Update devel/json-c to 0.13.1

- Bump PORTREVISION of dependent ports for shlib change

PR:		231007
Exp-run by:	antoine
Fri, 24 Aug 2018
[ 11:49 mat ] Original commit   Revision:477957
Permit using allow-new-zones, LMDB, and a chrooted environment.

Fixes this obscure and not at all helpful message:
mdb_env_open of '_default.nzd' failed: No such file or directory

PR:		229125
Reported by:	Tomas Ciernik
MFH:		2018Q3
Wed, 8 Aug 2018
[ 21:25 mat ] Original commit   Revision:476686
Update to 9.11.4-P1 and 9.12.2-P1.

Security:	CVE-2018-5740
Sponsored by:	Absolight
Wed, 11 Jul 2018
[ 09:36 mat ] Original commit   Revision:474430(Only the first 10 of 20 ports in this commit are shown above. View all ports for this commit)
Update BIND9 ports to 9.11.4, 9.12.2 and 9.13.2.

Sponsored by:	Absolight
Thu, 14 Jun 2018
[ 15:42 mat ] Original commit   Revision:472383(Only the first 10 of 12 ports in this commit are shown above. View all ports for this commit)
Include a patch to fix CVE-2018-5738 in all the BIND9 ports.

MFH:		2018Q2 (blanket)
Security:	CVE-2018-5738
Sponsored by:	Absolight
Wed, 6 Jun 2018
[ 10:31 mat ] Original commit   Revision:471831
Move things around a bit to be more handbook compliant.

Sponsored by:	Absolight
Fri, 25 May 2018
[ 12:43 mat ] Original commit   Revision:470832
Add BIND9 9.13.0.

The ISC changed their release model, they are now doing
odd-unstable/even-stable release numbering.  This is a development
version, consider it alpha/beta quality.  The next stable release will
be 9.14.0.

Sponsored by:	Absolight
Tue, 22 May 2018
[ 13:15 mat ] Original commit   Revision:470610(Only the first 10 of 74 ports in this commit are shown above. View all ports for this commit)
Add PY_FLAVOR to Python module dependencies.

Sponsored by:	Absolight
Tue, 17 Apr 2018
[ 08:26 mat ] Original commit   Revision:467580
Fix build when LOCALBASE!=/usr/local.

PR:		227554
Submitted by:	John Hein
Sponsored by:	Absolight
Thu, 22 Mar 2018
[ 14:13 mat ] Original commit   Revision:465288
Enable the FILTER_AAAA option by default, the feature was made non
optional in recent versions, so might as well do it in older ones.

PR:		226383
Sponsored by:	Absolight
Mon, 19 Mar 2018
[ 11:21 mat ] Original commit   Revision:465009(Only the first 10 of 19 ports in this commit are shown above. View all ports for this commit)
Update BIND9 ports to 9.9.12, 9.10.7, 9.11.3 and 9.12.1.

Sponsored by:	Absolight
Wed, 7 Feb 2018
[ 14:29 mat ] Original commit   Revision:461145
Teach named where its pid file should be by default, to be consistent
with the default configuration, rc script, man pages...

PR:		225687
Reported by:	John W. O'Brien
Sponsored by:	Absolight
Tue, 30 Jan 2018
[ 13:44 mat ] Original commit   Revision:460385
Add a TCP_FASTOPEN option (default on) to allow not building it in. [1]

It is annoying because it outputs one line saying it cannot enable
TCP_FASTOPEN when the deamon starts.

While there, discover that FILTER_AAAA is always enabled in 9.12+ and no
longer an option, so remove it.

PR:		217288 [1] (based on)
Reported by:	doktornotor mailinator com
Sponsored by:	Absolight
Wed, 24 Jan 2018
[ 10:43 mat ] Original commit   Revision:459831
Catch up with the conflicts lines in the BIND9 ports.

Sponsored by:	Absolight
[ 10:43 mat ] Original commit   Revision:459830
Remove support for bind-tools from the BIND9 9.11 port.

Sponsored by:	Absolight
Fri, 19 Jan 2018
[ 12:32 mat ] Original commit   Revision:459406
Update named.root.

Sponsored by:	People afraid of a nuclear holocaust.
Wed, 17 Jan 2018
[ 07:59 mat ] Original commit   Revision:459221(Only the first 10 of 12 ports in this commit are shown above. View all ports for this commit)
Update BIND9* to 9.9.11-P1, 9.10.6-P1, 9.11.2-P1 and 9.12.0rc3

MFH:		2018Q1
Security:	CVE-2017-3145
Sponsored by:	Absolight
Fri, 12 Jan 2018
[ 12:58 mat ] Original commit   Revision:458822
Add a TUNING_LARGE option.

Tunes certain compiled-in constants and default settings to
values better suited to large servers with 12/16GB+ of memory.
This can improve performance on such servers, but will consume
more memory and may degrade performance on smaller systems.

PR:		224859
Sponsored by:	Absolight
Mon, 8 Jan 2018
[ 13:38 mat ] Original commit   Revision:458413
Fix altlog_proglist warning when it contains more than the named service.

PR:		224951
Submitted by:	Trix Farrar
Sponsored by:	Absolight
Wed, 3 Jan 2018
[ 13:36 sunpoet ] Original commit   Revision:457965(Only the first 10 of 58 ports in this commit are shown above. View all ports for this commit)
Update devel/json-c to 0.13

- While I'm here, fix shebang for net/opensips
- Bump PORTREVISION of dependent ports for shlib change

PR:		224675
Exp-run by:	antoine
Thu, 23 Nov 2017
[ 13:55 mat ] Original commit   Revision:454760
Add an extra check to make sure syslogd is correctly configured when
using chroot.

Sponsored by:	Absolight
Tue, 7 Nov 2017
[ 15:48 mat ] Original commit   Revision:453667
Add a symlink to named's session-keyfile.

Using nsupdate -l, and chroot was broken because nsupdate could not find
the keyfile by itself.

PR:		223403
Submitted by:	Harald Schmalzbauer
Sponsored by:	Absolight
Sat, 4 Nov 2017
[ 11:43 dbaio ] Original commit   Revision:453453(Only the first 10 of 61 ports in this commit are shown above. View all ports for this commit)
Update license of ports using MPL (without version)

All ports now should use MPL[10|11|20] license.

Approved by:	portmgr (blanket)
Fri, 3 Nov 2017
[ 13:20 mat ] Original commit   Revision:453405
Enable the PYTHON option by default, it brings a few interesting DNSSEC

Sponsored by:	Absolight
Wed, 25 Oct 2017
[ 13:24 mat ] Original commit   Revision:452847
Install the mtree file as .sample to allow users to change them.

Sponsored by:	Absolight
Fri, 28 Jul 2017
[ 22:57 mat ] Original commit   Revision:446860
Update BIND9 ports to 9.{9.11,10.6,11.2}.

Sponsored by:	Absolight
Mon, 10 Jul 2017
[ 18:48 mat ] Original commit   Revision:445456
Update to 9.{9.10,10.5,11.1}-P3.

Sponsored by:	Absolight
Thu, 29 Jun 2017
[ 20:51 mat ] Original commit   Revision:444687
Update to 9.{9.10,10.5,11.1}-P2.

Security:	CVE-2017-3142
Security:	CVE-2017-3143
Sponsored by:	Absolight
Wed, 14 Jun 2017
[ 22:54 mat ] Original commit   Revision:443608
Update to 9.9.10-P1, 9.10.5-P1, 9.11.1-P1.

MFH:		2017Q2
Security:	CVE-2017-3140
Security:	CVE-2017-3141
Sponsored by:	Absolight
Thu, 20 Apr 2017
[ 13:12 mat ] Original commit   Revision:438945(Only the first 10 of 31 ports in this commit are shown above. View all ports for this commit)
Update to 9.9.10, 9.10.5, 9.11.1 and 9.12 to latest snapshot.

While there:

Make it more maintainable by sorting stuff in the Makefile and removing
vestigial pre 10.3 things.

Refresh the root zone hints.

"Fix" the configuration section telling you to get some top level
zones from, which does not allow axfr any more. [1]

PR:		218656 [1]
Reported by:	Thomas Steen Rasmussen / Tykling [1]
MFH:		2017Q2
Sponsored by:	Absolight
Thu, 13 Apr 2017
[ 10:15 mat ] Original commit   Revision:438434
Unbreak rndc calls when using non default rndc.key location.

PR:		218335
Sponsored by:	Absolight
[ 04:12 delphij ] Original commit   Revision:438423
Security update to 9.11.0P5.

Security:	c6861494-1ffb-11e7-934d-d05099c0ae8c
Approved by:	so
MFH:		2017Q2
Tue, 11 Apr 2017
[ 13:59 mat ] Original commit   Revision:438261
Remove private URLs that should never have been committed.

Pointy hat:	mat
Sponsored by:	Absolight
Wed, 8 Feb 2017
[ 22:39 mat ] Original commit   Revision:433678
Update to 9.9.9-P6, 9.10.4-P6 and 9.11.0-P3.

While there, remove the RPZ_PATCH for BIND9 9.9, it has not been updated
for years, and, it does not build any more.

MFH:		2017Q1
Security:	CVE-2017-3135
Sponsored by:	Absolight
Thu, 12 Jan 2017
[ 08:15 mat ] Original commit   Revision:431233(Only the first 10 of 13 ports in this commit are shown above. View all ports for this commit)
Commit the cleanups that should have gone in with the pervious update.

Sponsored by:	Absolight
[ 07:30 delphij ] Original commit   Revision:431226
Security update to 9.11.0-P2.

Approved by:	so
Security:	d4c7e9a9-d893-11e6-9b4d-d050996490d0
MFH:		2017Q1
Fri, 9 Dec 2016
[ 15:40 mat ] Original commit   Revision:428222
Switch bind-tools to BIND9 9.11.

Sponsored by:	Absolight
[ 15:40 mat ] Original commit   Revision:428221

Sponsored by:	Absolight
[ 15:02 mat ] Original commit   Revision:428214
Fixup libedit for all BIND9 ports, and fix spurious json dependency by
adding an option.

PR:		215170
Reported by:	sunpoet
Sponsored by:	Absolight
Wed, 2 Nov 2016
[ 06:38 delphij ] Original commit   Revision:425115
Security update:

dns/bind99:  9.9.9-P3  -> 9.9.9-P4
dns/bind910: 9.10.4-P3 -> 9.10.4-P4
dns/bind911: 9.11.0    -> 9.11.0-P1

Security:	CVE-2016-8864
Submitted by:	mat
MFH:		2016Q4
Tue, 4 Oct 2016
[ 22:35 mat ] Original commit   Revision:423308
Update to 9.11.0

Sponsored by:	Absolight
[ 14:37 mat ] Original commit   Revision:423263
Remarke MAKE_JOBS_UNSAFE everywhere.

Sponsored by:	Absolight
Fri, 30 Sep 2016
[ 12:44 mat ] Original commit   Revision:422981
So, on 9, it is failing to build it with jobs.

It builds .a before all the .o that are supposed to go in the .a are
built.  Imagine what happens after that...

Reported by:	Craig Leres
Sponsored by:	Absolight
Wed, 28 Sep 2016
[ 12:55 mat ] Original commit   Revision:422867

It was added in 2009 in r232247 without the reason it was failing, I've
tried with -J 2-10, and can't have one of the BIND9 port fail.
Feel free to add it back, but please, add the reason why it fails.

Sponsored by:	Absolight
Tue, 27 Sep 2016
[ 16:10 mat ] Original commit   Revision:422816
Update BIND9 to latest versions, 9.9.9-P3, 9.10.4-P3, 9.11.0rc3

MFH:		2016Q3
Security:	CVE-2016-2776
Sponsored by:	Absolight
Wed, 31 Aug 2016
[ 12:06 mat ] Original commit   Revision:421154
The START_LATE option is not needed by bind-tools.

Sponsored by:	Absolight
[ 11:59 mat ] Original commit   Revision:421152
The NEWSTATS and RRL options were removed in BIND9 9.10, so remove them
from here, also, make the upstream default options default for real.

While there, put back the BIND_TOOLS knobs in bind9-devel.

Sponsored by:	Absolight
[ 11:58 mat ] Original commit   Revision:421151
Update to 9.11.0rc1.

While there, remove obsolete configure options, and set as default the
one that default to yes.

Sponsored by:	Absolight
Wed, 3 Aug 2016
[ 13:27 mat ] Original commit   Revision:419521
Update to 9.11.0b3.

MFH:		2016Q3
Security:	CVE-2016-2775
Sponsored by:	Absolight
Tue, 19 Jul 2016
[ 11:30 mat ] Original commit   Revision:418769(Only the first 10 of 12 ports in this commit are shown above. View all ports for this commit)
BIND9 update, 9.9.9-P2, 9.10.4-P2, 9.11.0b2 and latest 9.12 snapshot.

MFH:		2016Q3
Security:	CVE-2016-2775
Sponsored by:	Absolight
Mon, 4 Jul 2016
[ 09:47 mat ] Original commit   Revision:418010(Only the first 10 of 11 ports in this commit are shown above. View all ports for this commit)
Introduce BIND9 9.11.0b1. (beta1)

BIND 9.11 brings many changes to BIND, including a new license
(the Mozilla Public License 2.0 -- you can read about it here:
and many new features, including:

-  Catalog zones, a new way to provision zones on slave servers
-  dyndb api, a fast new api enabling BIND to serve zones stored
   in a database (Developed by Petr Spacek of RedHat)
-  RNDC showzone, view-only mode and other improvements
-  dnstap query and response logging (Robert Edmonds is the author
   of dnstap, see
-  EDNS Client-subnet (authoritative server functions)
-  DNSSEC key manager, a new utility (Thanks to Sebastian Castro
   for helping with development.)
-  Automatic CDS/CDSKEY generation
-  Negative Trust Anchors for DNSSEC validators
-  IPv6 bias to encourage use of IPv6 DNS servers
-  Minimal response to "any" queries (Thanks to Tony Finch for
   the contribution)
-  DNS Cookies are now enabled by default, using the standardized code point

Sponsored by:	Absolight

Number of commits found: 98