non port: dns/bind99/pkg-plist |
Number of commits found: 30 |
Monday, 19 Mar 2018
|
11:21 mat
Update BIND9 ports to 9.9.12, 9.10.7, 9.11.3 and 9.12.1.
Sponsored by: Absolight
|
Wednesday, 25 Oct 2017
|
13:24 mat
Install the mtree file as .sample to allow users to change them.
Sponsored by: Absolight
|
Thursday, 20 Apr 2017
|
13:12 mat
Update to 9.9.10, 9.10.5, 9.11.1 and 9.12 to latest snapshot.
While there:
Make it more maintainable by sorting stuff in the Makefile and removing
vestigial pre 10.3 things.
Refresh the root zone hints.
"Fix" the configuration section telling you to get some top level
zones from f.root-servers.net, which does not allow axfr any more. [1]
PR: 218656 [1]
Reported by: Thomas Steen Rasmussen / Tykling [1]
MFH: 2017Q2
Sponsored by: Absolight
|
Thursday, 12 Jan 2017
|
08:15 mat
Commit the cleanups that should have gone in with the pervious update.
Sponsored by: Absolight
|
Tuesday, 24 Mar 2015
|
15:22 mat
Add chroot back to BIND's startup script.
Differential Revision: https://reviews.freebsd.org/D1952
Sponsored by: Absolight
|
Monday, 5 Jan 2015
|
17:44 mat
Retire REPLACE_BASE option.
While there, reduce changes from bind99 and bind910 ports.
Sponsored by: Absolight
|
Monday, 8 Dec 2014
|
17:29 mat
Security update of BIND9 to 9.9.6-P1 and 9.10.1-P1.
Security: CVE-2014-8500 CVE-2014-8680
Sponsored by: Absolight
|
Monday, 17 Nov 2014
|
17:51 mat
Install the bind.keys file with the root and dlv.isc.org keys.
Sponsored by: Absolight
|
Tuesday, 23 Sep 2014
|
13:25 mat
Update to 9.9.6.
Sponsored by: Absolight
|
Tuesday, 24 Jun 2014
|
15:15 mat
Add a PYTHON option to bind99 and bind910, it installs a couple of dnssec
related utilities.
Use bind's own Makefiles for installation in bind-tools.
Sponsored by: Absolight
|
Monday, 9 Jun 2014
|
10:24 mat
Unbreak, it seems not everybody as switched to pkg yet...
Sponsored by: Absolight
|
Friday, 6 Jun 2014
|
10:59 mat
Don't install rndc.conf
It is generated by the rc script during the first startup. And if
the file is present, it messes up the rndc.key generation.
Poked by: Alain Audebert
Sponsored by: Absolight
|
Friday, 16 May 2014
|
03:13 mat
Ok, revert r354129, it was a bad idea.
Poked by: many
Sponsored by: Absolight
|
Thursday, 15 May 2014
|
14:12 mat
Try and fix the plist for bind9* ports when <10.
Poked by: swills
Sponsored by: Absolight
|
Saturday, 12 Apr 2014
|
19:23 mat
Use @sample for my port, cleanup an etc/PORTNAME into ETCDIR.
Sponsored by: Absolight
|
Wednesday, 9 Apr 2014
|
14:14 mat
- Add a patch to install missing man page
- Add dnssec-* tools to bind-tools[1]
Requested by: many [1]
Sponsored by: Absolight
|
Monday, 17 Mar 2014
|
18:46 mat
- Use SUB_FILES for named.conf and the rc script
- Fix some package installation warnings
Sponsored by: Absolight
|
Friday, 31 Jan 2014
|
08:58 mat
Update to 9.9.5.
Changes: https://lists.isc.org/pipermail/bind-announce/2014-January/000896.html
Sponsored by: Absolight
|
Wednesday, 8 Jan 2014
|
22:52 mat
Fixup rndc.conf.sample installation
Spotted by: antoine
|
Monday, 6 Jan 2014
|
23:15 mat
Yet another round of fixes.
This time, it seems all of REPLACE_BASE, not REPLACE_BASE and post Bind removal
from base seem to work consistently.
|
14:29 mat
Fix build with LINKS.
|
13:34 mat
Convert to staging and new options.
|
Thursday, 5 Dec 2013
|
12:54 erwin
Install named.conf as named.conf.sample and don't overwrite on upgrade
Bullet hole in foot: joeld
Pointy hat: erwin
|
Tuesday, 12 Nov 2013
|
10:59 erwin
Support FreeBSD 10.0.
On FreeBSD 10.0, all configuration is installed under
/usr/local/etc/namedb and installs its own rc script in
$PREFIX, which no longer support chroot installations.
LINKS and REPLACE_BASE options are not supported on 10.0
for obvious reasons.
Note for FreeBSD 9.x and earlier users, LINKS is no longer
the default option, though still supported.
|
Friday, 20 Sep 2013
|
08:22 erwin
Update to 9.9.4
Note that the Rate Limiting option has been renamed.
Security Fixes
Previously an error in bounds checking on the private type
'keydata' could be used to deny service through a deliberately
triggerable REQUIRE failure (CVE-2013-4854). [RT #34238]
Prevents exploitation of a runtime_check which can crash named
when satisfying a recursive query for particular malformed zones.
(CVE-2013-3919) [RT #33690]
New Features
Added Response Rate Limiting (RRL) functionality to reduce the
effectiveness of DNS as an amplifier for reflected denial-of-service
attacks by rate-limiting substantially-identical responses. [RT
#28130]
Feature Changes
rndc status now also shows the build-id. [RT #20422]
Improved OPT pseudo-record processing to make it easier to support
new EDNS options. [RT #34414]
"configure" now finishes by printing a summary of optional BIND
features and whether they are active or inactive. ("configure
--enable-full-report" increases the verbosity of the summary.)
[RT #31777]
Addressed compatibility issues with newer versions of Microsoft
Visual Studio. [RT #33916]
Improved the 'rndc' man page. [RT #33506]
'named -g' now no longer works with an invalid logging configuration.
[RT #33473]
The default (and minimum) value for tcp-listen-queue is now 10
instead of 3. This is a subtle control setting (not applicable
to all OS environments). When there is a high rate of inbound
TCP connections, it controls how many connections can be queued
before they are accepted by named. Once this limit is exceeded,
new TCP connections will be rejected. Note however that a value
of 10 does not imply a strict limit of 10 queued TCP connections
- the impact of changing this configuration setting will be
OS-dependent. Larger values for tcp-listen queue will permit
more pending tcp connections, which may be needed where there
is a high rate of TCP-based traffic (for example in a dynamic
environment where there are frequent zone updates and transfers).
For most production servers the new default value of 10 should
be adequate. [RT #33029]
Added support for OpenSSL versions 0.9.8y, 1.0.0k, and 1.0.1e
with PKCS#11. [RT #33463]
Added logging messages on slave servers when they forward DDNS
updates to a master. [RT #33240]
Changed the logging category for RRL events from 'queries' to
'query-errors'. [RT #33540]
|
Friday, 31 May 2013
|
09:49 erwin
Update to 9.9.3
|
Friday, 19 Oct 2012
|
10:17 erwin
Update to 9.9.2
Feature safe: yes
|
Wednesday, 23 May 2012
|
04:40 dougb
Upgrade to BIND versions 9.9.1, 9.8.3, 9.7.6, and 9.6-ESV-R7,
the latest from ISC. These versions all contain the following:
Feature Change
* BIND now recognizes the TLSA resource record type, created to
support IETF DANE (DNS-based Authentication of Named Entities)
[RT #28989]
Bug Fix
* The locking strategy around the handling of iterative queries
has been tuned to reduce unnecessary contention in a multi-
threaded environment.
Each version also contains other critical bug fixes.
All BIND users are encouraged to upgrade to these latest versions.
|
Wednesday, 4 Apr 2012
|
22:03 dougb
Switch to using the PORTDOCS macro
Feature safe: yes
|
Saturday, 28 Jan 2012
|
05:28 dougb
By popular demand add a port for the newest BIND branch, 9.9.x. This will
stay as a -devel until it's formally released, which should be soon'ish.
BIND 9.9 includes a number of changes from BIND 9.8 and earlier releases,
including:
NXDOMAIN redirection
Improved startup and reconfiguration time, especially with large
numbers of authoritative zones
New "inline-signing" option, allows named to sign zones completely
transparently, including static zones
Many other new features, especially for DNSSEC
See the CHANGES file for more information on features.
https://kb.isc.org/article/AA-00592
|
Number of commits found: 30 |