non port: dns/nsd/distinfo |
Number of commits found: 96 |
Saturday, 3 Aug 2024
|
23:20 Vladimir Druzenko (vvd) Author: Jaap Akkerhuis
dns/nsd: Update 4.10.0 → 4.10.1
The fallback parser, used on systems that lack SSE4.2 and AVX2 instruction
sets, contained some bugs with regards to state keeping and under certain
circumstances a use after free bug was encountered in buffer management.
News:
https://nlnetlabs.nl/news/2024/Aug/02/nsd-4.10.1-released/
Changelog:
https://nlnetlabs.nl/projects/nsd/download/#nsd-4-10-1
https://github.com/NLnetLabs/nsd/releases/tag/NSD_4_10_1_REL
While here:
- remove GNU_CONFIGURE_MANPREFIX;
- remove NSDMAX_IPS?=512 - it has not been used for 9 years:
https://cgit.freebsd.org/ports/commit/?id=2aec7160bb627488d8aa78ecfd99d87676b52204
PR: 280589
MFH: 2024Q3
0a32a8d |
Thursday, 20 Jun 2024
|
14:28 Fernando Apesteguía (fernape) Author: Jaap Akkerhuis
dns/nsd: Update to 4.10.0
ChangeLog: https://nlnetlabs.nl/news/2024/Jun/13/nsd-4.10.0-released/
* Merge #278: Replace Flex+Bison based zone parser with simdzone.
Performance of loading zones and IXFRs is greatly improved by using
the simdzone project by NLnet Labs. The optimized presentation
format parser leverages SIMD instructions in modern CPUs to improve
throughput. Right now SSE4.2 and AVX2 instruction sets are
supported, other instruction sets will use the fallback
implementation, which still is a decent improvement over the
Flex+Bison based parser.
BUG FIXES:
* Fix that when the server truncates the pidfile, it does not follow
symbolic links.
* Fix #317: nsd should not chown its PID file.
* For #317: Modify nsd service script to stop NSD from creating a pid
file that systemd is not using.
* Fix #324: Clarify the purpose of contrib/bug390.patch.
* Fix IXFR requests upstream for zones with a long name. Thanks for the
report to Yuuki Wakisaka from Internet Initiative Japan Inc.
* Unit test for dname subdomain test used by xfrd-tcp.c.
* Fix #329: TCP accept queues number.
* Fix that the reload handler for sigchild uses signal_add, and also
that the signal handler is restored when done.
* Fix that when server verify is done it resets the sigchild handler.
* Fix makedist.sh for simdzone inclusion.
* Fix makedist.sh to remove simdzone git tracking information and
scripting temporaries from tarball.
* Fix error output of makedist.sh.
* Use simdzone version with name parser fix.
* Bump simdzone version to fix OpenBSD build issues.
* Bump simdzone to include minor fixes.
PR: 279837
Reported by: jaap@NLnetLabs.nl (maintainer)
1df8426 |
Thursday, 4 Apr 2024
|
15:53 Muhammad Moinur Rahman (bofh) Author: Jaap Akkerhuis
dns/nsd: Update version 4.8.0=>4.9.1
Changelog : https://nlnetlabs.nl/news/2024/Apr/04/nsd-4.9.1-released/
PR: 278146
Reported by: zarychtam@plan-b.pwste.edu.pl
Approved by: submitter is maintainer
4658448 |
Thursday, 7 Dec 2023
|
03:15 Koichiro Iwao (meta) Author: Jaap Akkerhuis
dns/nsd: Update to nsd-4.8.0
PR: 275572
Changes: https://nlnetlabs.nl/news/2023/Dec/06/nsd-4.8.0-released/
44e3940 |
Saturday, 24 Jun 2023
|
16:51 Fernando Apesteguía (fernape) Author: Jaap Akkerhuis
dns/nsd: Update to 4.7.0
ChangeLog: https://www.nlnetlabs.nl/news/2023/Jun/07/nsd-4.7.0-released/
4.7.0
================
FEATURES:
- Merge #263: Add bash autocompletion script for nsd-control.
- Fix #267: Allow unencrypted local operation of nsd-control.
- Merge #269 from Fale: Add systemd service unit.
- Fix #271: DNSTAP over TCP, with dnstap-ip: "127.0.0.1@3333".
- dnstap over TLS, default enabled. Configured with the
options dnstap-tls, dnstap-tls-server-name, dnstap-tls-cert-bundle,
dnstap-tls-client-key-file and dnstap-tls-client-cert-file.
BUG FIXES:
- Fix #239: -Wincompatible-pointer-types warning in remote.c.
- Fix configure for -Wstrict-prototypes.
- Fix #262: Zone(s) not synchronizing properly via TLS.
- Fix for #262: More error logging for SSL read failures for zone
transfers.
- Merge #265: Fix C99 compatibility issue.
- Fix #266: Fix build with --without-ssl.
- Fix for #267: neater variable definitions.
- Fix #270: reserved identifier violation.
- Fix to clean more memory on exit of dnstap collector.
- Fix dnstap to not check socket path when using IP address.
- Fix to compile without ssl with dnstap-tls code.
- Dnstap tls code fixes.
- Fix include brackets for ssl.h include statements, instead of quotes.
- Fix static analyzer warning about nsd_event_method initialization.
- Fix #273: Large TXT record breaks AXFR.
- Fix ixfr create from adding too many record types.
- Fix cirrus script for submit to coverity scan to libtoolize
the configure script components config.guess and config.sub.
- Fix readme status badge links.
- make depend.
- Fix for build to run flex and bison before compiling code that needs
the headers.
- Fix to remove unused whitespace from acx_nlnetlabs.m4 and config.h.
- For #279: Note that autoreconf -fi creates the configure script
and also the needed auxiliary files, for autoconf 2.69 and 2.71.
- Fix unused variable warning in unit test, from clang compile.
- Fix #240: Prefix messages originating from verifier.
- Fix #275: Drop unnecessary root server checks.
PR: 272096
Reported by: jaap@NLnetLabs.nl (maintainer)
6bda518 |
Sunday, 13 Nov 2022
|
22:17 Nuno Teixeira (eduardo) Author: Jaap Akkerhuis
dns/nsd: Update to 4.6.1
ChangeLog: https://www.nlnetlabs.nl/news/2022/Nov/10/nsd-4.6.1-released/
PR: 267740
MFH: 2022Q4 (bugfixes)
5c213a5 |
Friday, 1 Jul 2022
|
02:29 Neel Chauhan (nc) Author: Jaap Akkerhuis
dns/nsd: update to 4.6.0
Changes: https://www.nlnetlabs.nl/news/2022/Jun/30/nsd-4.6.0-released/
PR: 264961
77f1561 |
Friday, 13 May 2022
|
22:29 Dmitri Goutnik (dmgk) Author: Jaap Akkerhuis
dns/nsd: Update to 4.5.0
Changes: https://www.nlnetlabs.nl/news/2022/May/13/nsd-4.5.0-released/
This release fixes a couple of minor bugs and adds IXFR out
functionality. With this functionality NSD can respond to IXFR queries
and serve IXFR transfers downstream.
It is default disabled, that means it does not store IXFR contents for
zones by default. The response on the wire is different, also with IXFR
disabled, because it is now supported, and thus also for those zones a
reply is served, that no differential data is available.
FEATURES:
- Merge PR #209: IXFR out
This adds IXFR out functionality to NSD. NSD can copy IXFRs from
upstream to downstream clients, or create IXFRs from zonefiles.
The options store-ixfr: yes and create-ixfr: yes can be used to
turn this on. Default is turned off. The options ixfr-number and
ixfr-size can be used to tune the number of IXFR transfers and
total data size stored. This is configured per zone, the IXFRs
are served to the hosts that are allowed to perform zone transfers.
And if TSIG is configured, signed with the same key. The content
is stored to file if a zonefile is configured for the zone, in
the zonefile.ixfr and zonefile.ixfr.2, .. files. They contain
readable text format. The number of IXFRs is num.rixfr in
statistics output, also per zone if per zone statistics are enabled.
If offline, nsd-checkzone -i can create ixfr files.
NSD already supports requesting IXFRs, this addition allows NSD
to serve IXFR transfers to clients.
NSD stops responding with NOTIMPL to IXFR requests, also for zones
that do not have IXFR enabled. The clients gets a full zone reply
or a status reply if the serial is up to date.
BUG FIXES:
- Fix code analyzer zero divide warning.
- Fix code analyzer large value with assertion.
- Fix another code analyzer zero divide warning.
- Fix code analyzer warning about uninitialized temp storage in loop.
- Fix spelling error in comment in svcbparam_lookup_key.
- Update cirrus script FreeBSD version.
PR: 263952
624dbc6 |
Friday, 18 Feb 2022
|
15:48 Muhammad Moinur Rahman (bofh) Author: Jaap Akkerhuis
dns/nsd: Update version 4.3.9=>4.4.0
- Pet portclippy
This release changes the memory allocation for outgoing zonetransfers,
and this reduces the memory footprint. The defaults for the amounts are
the same as before, but there are config options to configure the memory
usage. There are also bug fixes.
4.4.0
================
FEATURES:
- Merge #193: Lower memory usage of the XFRD process by default.
Instead of preallocating all elements, they are allocated when used.
There are options for managing the memory usage, defaults are the
same as before. xfrd-tcp-max sets the number of sockets for tcp
connections that xfrd can make to download zone contents. And
xfrd-tcp-pipeline the number of simultaneous transfers over the
same connection.
BUG FIXES:
- Fix #200: nsd-checkzone succeeds even with incorrect serial in SOA
record.
- Merge #204 from jonathangray: correct some spelling mistakes.
- Fix to change file mode before changing file owner for the
nsd-control unix socket file.
- Fix to document nsd-checkzone -p in the man page for nsd-checkzone.
- Fix #206: build with --without-ssl fails.
- Merge #207 Sync nsd-control-setup with unbound-control-setup to
generate certificates with SANs.
- Fix unit tests for nds-control-setup exit code and the
xfrd-tcp-max default.
PR: 262034
Approved by: jaap@NLnetLabs.nl (maintainer)
Relnotes: https://nlnetlabs.nl/news/2022/Feb/17/nsd-4.4.0-released/
449c5b8 |
Wednesday, 15 Dec 2021
|
03:45 Neel Chauhan (nc) Author: Jaap Akkerhuis
dns/nsd: Update to 4.3.9
Changes: https://www.nlnetlabs.nl/news/2021/Dec/09/nsd-4.3.9-released/
PR: 260362
44b94ee |
Tuesday, 12 Oct 2021
|
16:32 Neel Chauhan (nc) Author: Jaap Akkerhuis
dns/nsd: Update to 4.3.8
Changes: https://www.nlnetlabs.nl/news/2021/Oct/12/nsd-4.3.8-released/
PR: 259098
895532d |
Sunday, 25 Jul 2021
|
23:54 Neel Chauhan (nc) Author: Jaap Akkerhuis
dns/nsd: Update to 4.3.7
Changes: https://www.nlnetlabs.nl/news/2021/Jul/22/nsd-4.3.7-released/
PR: 257413
32e5367 |
Thursday, 8 Apr 2021
|
03:29 Kevin Bowling (kbowling)
dns/nsd: Update to 4.3.6
Changelog https://nlnetlabs.nl/news/2021/Apr/06/nsd-4.3.6-released/
PR: 254850
Reviewed by: daniel.engberg.lists@pyret.net
Approved by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
b69bbb6 |
Sunday, 31 Jan 2021
|
04:31 yuri
dns/nsd: Update 4.3.4 -> 4.3.5
This release fixes a number of bugs. It fixes a number of corner
case differences for the output more similar to Bind. The configure
sources are compatible with the new autoconf 2.70.
PR: 253026
Submitted by: jaap@NLnetLabs.nl (maintainer)
|
Saturday, 12 Dec 2020
|
17:03 brnrd
dns/nsd: Security update to 4.3.4
PR: 251530
Submitted by: Jaap Akkerhuis <jaap nlnetlabs nl> (maintainer)
Approved by: maintainer (implicit)
MFH: 2020Q4
Security: 388ebb5b-3c95-11eb-929d-d4c9ef517024
|
Thursday, 8 Oct 2020
|
17:55 pi
dns/nsd: update 4.3.2 -> 4.3.3
This release contains the DNS Flag Day 2020 fixes. This sets the
default EDNS buffer size to 1232, that should reduce fragmentation.
https://dnsflagday.net/2020/
There is a new feature where it is possible to list an interface by
name. This pulls in the IP addresses associated with the interface
at server start.
FEATURES:
- Follow DNS flag day 2020 advice and
set default EDNS message size to 1232.
- Merged PR #113 with fixes. Instead of listing an IP-address to
listen on, an interface name can be specified in nsd.conf, with
ip-address: eth0. The IP-addresses for that interface are then used.
- Port TSIG code for openssl 3.0.0-alpha6.
BUG FIXES:
- Fix make install with --with-pidfile="".
- Merge #115 from millert: Fix strlcpy() usage. From OpenBSD.
- Merge #117: mini_event.h (4.3.2 and 4.3.1) on OpenBSD cannot find
fd_set - patch.
- Fix that configure checks for EVP_sha256 to detect openssl, because
HMAC_CTX_new is deprecated in 3.0.0.
- Fix #119: fix compile warnings from new gcc.
- Fix #119: warn when trying to parse a directory.
- Merge PR #121: Increase log level of recreated database from
WARNING to ERR.
- Remove unused space from LIBS on link line.
- Updated date in nsd -v output.
PR: 250203
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Relnotes: https://www.nlnetlabs.nl/news/2020/Oct/08/nsd-4.3.3-released/
|
Saturday, 18 Jul 2020
|
01:49 swills
dns/nsd: Upgrade to version 4.3.2
PR: 247973
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
|
Sunday, 19 Apr 2020
|
06:30 pi
dns/nsd: update 4.3.0 -> 4.3.1
BUG FIXES:
- Fix #70: error: 'fd_set' undeclared.
- Fix #71: error: 'for' loop initial declaration used outside C99
mode.
- Fix to move declarations out of for loops in event test too.
- Fix #76: cpuid typedef for Hurd, DragonflyBSD compile.
- Fix #75: configure test for sched_setaffinity, and use
cpuset_setaffinity otherwise. Also test for presence of sysconf.
- Fix #74: GNU Hurd fix cast from pointer to integer of different size.
- Fix for #74, #75: cpuset test for header contents and provide code.
- Fix #78: Fix SO_SETFIB error on FreeBSD.
- Merge PR #83 from noloader: Fix GNU HURD sched_setaffinity compile.
- Fix #80: NetBSD and implicit declaration of reallocarray.
- Fix unknown u_long in util.c for Issue #80 .
- Merge PR #86 from noloader: Use precious variables for GREP, EGREP,
SED, AWK, LEX and YACC.
- For PR #86: Fix that programs loaded after CFLAGS and stuff is
set, specifically the compiler, so that it can work if it needs
special flags from that. Fix that lex only needs to support -i
if actually defined, otherwise the output included in the source
tarball can be used.
- Merge PR #90 by phicoh: O_CLOEXEC should be FD_CLOEXEC.
- Merge PR #92 by tonysgi: Fix typo.
- Merge PR #91 by gearnode: nsd-control-setup recreate certificates.
The '-r' option recreates certificates. Without it it creates them
if they do not exist, and does not modify them otherwise.
PR: 245666
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
|
Wednesday, 18 Mar 2020
|
18:54 pi
dns/nsd: upgrade 4.2.4 -> 4.3.0
This port incorporates also the proposed bug fix at bug #242367
Major changes:
This release adds cpu affinity. By pinning a server process to a
specific cpu, having a separate network card also for that cpu, and
an interface address also for that server process, the throughput is
increased. This increases performance of the nameserver.
Sparse TSIG signing support is removed, to comply with the latest tsig
standard update draft.
There is a feature to drop update queries, with opcode UPDATE,
with nsd.conf option drop-updates.
4.3.0
=========
FEATURES:
- Fix to use getrandom() for randomness, if available.
- Fix #56: Drop sparse TSIG signing support in NSD.
Sign every axfr packet with TSIG, according to the latest
draft-ietf-dnsop-rfc2845bis-06, Section 5.3.1.
- Merge pull request #59 from buddyns: add FreeBSD support
for conf key ip-transparent.
- Add feature to pin server processes to specific cpus.
- Add feature to pin IP addresses to selected server processes.
- Set process title to identify individual processes.
- Merge PR#22: minimise-any: prefer polular and not large RRset,
from Daisuke Higashi.
- Add support for SO_BINDTODEVICE on Linux.
- Add support for SO_SETFIB on FreeBSD.
- Add feature to drop queries with opcode UPDATE.
BUG FIXES:
- Fix fname null check of fname in namedb_read_zonefile.
- Fix implicit cast of size in udb_radnode_array_grow.
- Fix ignore of return value of ssl_printf in remote.c.
- Fix unused check of fd in parent_handle_reload_command.
- Attempt to fix signedness of nscount lookup in ixfr query_process.
- Fix identical branches for ssl_print of errors in remote.c.
- Fix type cast bounds, signedness of opt_rdlen in edns_parse_record.
- Fix to separate header and data lines in parse_zone_list_file.
- Fix to define max number of EDNS records we are willing to
spend time on.
- Fix size of string len and capacity type cast in udbradtree.
- Fix to protect rrcount in tsig_find_rr from overflow.
- Annotate radix_find_prefix_node not reachable trail code.
- Fix to protect rrcount in packet_find_notify_serial from overflow.
- Fix to close socket on error in create_tcp_accept_sock.
- Fix to log on failure to chmod for socket for remote control.
- Fix to remove unneeded if in open of socket for remote control.
- Fix to restore input parameter on call failure in create_dirs.
- Please checker by terminating and initialising string read
by remote control.
- Fix to define upper bounds on rr counts read from untrusted packet
data.
- Separate acl_addr_match_range functions for ip4 and ip6, to
please checkers.
- Avoid unused variable warning in new match_range_v4 function.
- Fix whitespace in nsd.conf.sample.in, patch from Paul Wouters.
- use-systemd is ignored in nsd.conf, when NSD is compiled with
libsystemd it always signals readiness, if possible.
- Note that use-systemd is not necessary and ignored in man page.
- Fix unreachable code in ssl set options code.
- Fix bad shift in assertion code analyzer complaint.
- Fix responses for IXFR so that the authority section is not echoed
in the response.
- Merge PR#60: Minor portability fixes from michaelforney, with
avoid pointer arithmetic on void* and avoid unnecessary VLA.
- Fix that the retry wait does not exceed one day for zone transfers.
CHANGES:
- Set FD_CLOEXEC on opened sockets.
PR: 244886, 242367[2]
Submitted by: Jaap Akkerhuis <jaap@nlnetlabs.nl> (maintainer)
Reported by: Leo Vandewoestijne <freebsd@dns.company> [2]
Relnotes: https://github.com/NLnetLabs/nsd/blob/NSD_4_3_0_REL/doc/ChangeLog
|
Tuesday, 7 Jan 2020
|
18:47 tcberner
dns/nsd: Update to 4.2.4
PR: 242545
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
|
Saturday, 23 Nov 2019
|
13:03 joneum
Update to 4.2.3
PR: 242102
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Sponsored by: Netzkommune GmbH
|
Monday, 19 Aug 2019
|
17:56 joneum
Update to 4.2.2
Changelog: https://github.com/NLnetLabs/nsd/releases/tag/NSD_4_2_2_REL
PR: 239964
Reported by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
MFH: 2019Q3
Security: 56778a31-c2a1-11e9-9051-4c72b94353b5
Sponsored by: Netzkommune GmbH
|
Monday, 15 Jul 2019
|
18:27 swills
dns/nsd: Upgrade to version 4.2.1
PR: 239069
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
|
Tuesday, 18 Jun 2019
|
02:33 swills
dns/nsd: update to 4.2.0
PR: 238498
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
|
Saturday, 13 Apr 2019
|
01:12 swills
dns/nsd: Update to 4.1.27
PR: 236785
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl>
MFH: 2019Q2
|
Sunday, 9 Dec 2018
|
01:03 swills
dns/nsd: Update to 4.1.26
While here, pet portlint
PR: 233797
Submitted by: jaap@NLnetLabs.nl (maintainer)
|
Tuesday, 2 Oct 2018
|
13:55 wen
- Update to 4.1.25
PR: 231878
Submitted by: jaap@NLnetLabs.nl(maintainer)
|
Wednesday, 15 Aug 2018
|
23:33 dbaio
dns/nsd: Update to 4.1.24
PR: 230591
Submitted by: jaap@NLnetLabs.nl (maintainer)
|
Monday, 30 Jul 2018
|
13:59 swills
dns/nsd upgrade to version 4.1.23
PR: 230182
Submitted by: jaap@NLnetLabs.nl (maintainer)
|
Thursday, 14 Jun 2018
|
22:59 swills
dns/nsd: upgrade to version 4.1.22
PR: 228883
Submitted by: jaap@NLnetLabs.nl (maintainer)
|
Tuesday, 15 May 2018
|
20:19 krion
Update to 4.1.21
PR: 228272
Submitted by: maintainer
|
Tuesday, 20 Feb 2018
|
19:39 yuri
dns/nsd: Update to 4.1.20
This release fixes memory leaks when reading zonefiles
and processing zone transfers.
4.1.20
================
BUG FIXES:
- Fix memory leak in zone file read of unknown rr formatted RRs.
- Fix memory leak when rehashing nsec3 after axfr or zonefile read,
in the selectively allocated precompiled nsec3 hashes.
Also changed to DISTVERSION
Submitted by: jaap@NLnetLabs.nl (maintainer)
Approved by: tcberner (mentor, implicit)
|
Monday, 11 Dec 2017
|
14:07 swills
dns/nsd: Update to 4.1.19
PR: 224243
Submitted by: jaap@NLnetLabs.nl (maintainer)
|
Saturday, 2 Dec 2017
|
12:37 pi
dns/nsd: update 4.1.17 -> 4.1.18
This release has features for saving memory and faster notification.
With --enable-packed, 33% memory savings could be had, or something
along that size. Notification of secondary servers happens in parallel,
and has faster timeouts. More sockets are used for zone transfers.
This speeds up communication with a larger set of servers. Additionally
a bug is fixed for dual-loaded parent-and-child zone configured at the
same time, when one of the zones has not loaded properly.
FEATURES:
- xfr-inspect, it is not installed, it prints xfr files from /tmp
made with 'make xfr-inspect' in the source dir.
- retry timeout between sending notifies dropped from 15 to 3 sec.
- NSD sends 16 notifies simultaneously.
- configure --enable-packed reduces memory usage, at expense of
unaligned reads. Saves about 17%.
- Save memory by selectively allocate precompiled nsec3 hashes,
saves about 16% memory.
- make ip-transparent option work on OpenBSD.
- Save about 2% memory by changing usage count size in name tree.
- Fix #2871: Increase number of sockets for xfrd transfers.
BUG FIXES:
- Fix gcc 7.1.1 warnings.
- Fix writev compile warning on FreeBSD.
- Fix #1446: A corrupted zone file "propagates" to good ones.
- nsd-control zonestatus prints wait time between attempts, for zones
that are in that waiting time.
- Fix collision printout of nsec3 to print name, hash and reverse.
- Fix #1567: Change crit to err log level for gettimeofday failure.
Add defines for compile without syslog.
- Fix crash for DS query when parent and child zones both configured
in nsd.conf and parent zone has not loaded properly.
PR: 224025
Submitted by: jaap@NLnetLabs.nl (maintainer)
|
Friday, 28 Jul 2017
|
00:27 dbaio
dns/nsd: Update to 4.1.17
Features:
- zone parser parses type AVC (it has TXT format).
- Fix #1272: use writev to put tcp length field with data for outgoing
zone transfer requests.
Bugfixes:
- Fix potential null pointer in nsec3 adjustment tree.
- Fix text format of deletes for CDS and CDNSKEY, single 0 to represent
empty base64 or hex string.
PR: 220939
Submitted by: jaap@NLnetLabs.nl (maintainer)
|
Saturday, 29 Apr 2017
|
20:39 pi
dns/nsd: update 4.1.15 -> 4.1.16
features:
- zone parser can parse acronyms for algorithms ED25519 and ED448.
- Fix 1243: Option to make NSD emit really minimal responses,
minimal-responses: yes in nsd.conf.
bug fixes:
- Calculate new udb index after growing the array, fix from
Chaofeng Liu.
- Fix missing _t to _type conversion for disable-radix-tree option.
- Printout serial error with hint it may be too big.
- Fix 1228: OpenSSL include is not guarded with HAVE_SSL
- Patch for expire state in multi-master when masters includes
broken master, from Manabu Sonoda.
- minor manpage fix.
PR: 218873
Submitted by: jaap@NLnetLabs.nl (maintainer)
|
Sunday, 5 Mar 2017
|
01:03 junovitch
dns/nsd: update 4.1.14 -> 4.1.15
PR: 217537
Submitted by: jaap@NLnetLabs.nl (maintainer)
|
Thursday, 8 Dec 2016
|
17:05 ehaupt
Update to 4.1.14
PR: 215144
Submitted by: jaap@NLnetLabs.nl (maintainer)
|
Saturday, 1 Oct 2016
|
16:37 pawel
Update to version 4.1.13
SUMMARY:
Some features, such as multi master check option that does not upgrade
from the first master that answers, but picks the best one.
Additional section handling for type SRV. And bug fixes.
FEATURES:
- multi-master-check: yes can be used to check all masters for the
last version, using the higher version from the configured masters,
from Manabu Sonoda.
- Support RR type OPENPGPKEY from RFC 7929.
- Can config key algorithms with the digest name, eg. 'sha256'.
- configure --disable-radix-tree for about 15% lower memory usage.
- for type SRV add A/AAAA to the additional section (if possible),
just like we already do for type MX.
- more extensible edns option handling.
BUG FIXES:
- Fix compile warnings about unused result from write and strtol.
and signcompare in minmax retrytime.
- Fix #812: fix that make depend fails after distribution.
- Fix #817: xfrd update failed loop.
- Add robustness against unallocated data in nsec3 trees.
- Fix README spelling error of BSD license (reported by Joerg Jung).
- Fix multimaster for not tried full zone transfer for a expired zone.
- Fix #827: fix compile with openssl 1.1.0 with api=1.1.0.
PR: 213021
Submitted by: maintainer
|
Friday, 2 Sep 2016
|
16:38 delphij
Update to 4.12.
Release note:
Fix malformed edns query assertion failure, reported
by Michal Kepien (NASK)
PR: ports/212327
Submitted by: maintainer (jaap NLnetLabs nl)
MFH: 2016Q3
|
Wednesday, 10 Aug 2016
|
01:32 junovitch
dns/nsd: update 4.1.10 -> 4.1.11
- Restore configurable IPV6 option. Upstream integrated fix for issue.
- FEATURES:
* When tcp is more than half full, use short timeout for tcp session.
* Patch for {max,min}-{refresh,retry}-time from YAMAGUCHI Takanori.
* Fix #790: size-limit-xfr can stop NSD from downloading infinite zone transfer
data size, from Toshifumi Sakaguchi.
Fixes CVE-2016-6173 JVN#63359718 JPCERT#91251865.
- BUGFIXES:
* Fix build without IPv6, patch from Zdenek Kaspar.
* Fix #783: Trying to run a root server without having configured it silently
gives wrong answers.
* Fix #782: Serve DS record but parent zone has no NS record.
* Fix nsec3 missing for nsec3 signed parent and child for DS at zonecut.
PR: 211693
Submitted by: jaap@NLnetLabs.nl (maintainer)
Security: CVE-2016-6173
Security: https://vuxml.FreeBSD.org/freebsd/7d08e608-5e95-11e6-b334-002590263bf5.html
MFH: 2016Q3
|
Saturday, 18 Jun 2016
|
21:45 rm
dns/nsd: update to 4.1.10
- turn on IPV6 option by default
PR: 210276
Submitted by: jaap@NLnetLabs.nl (maintainer)
|
Tuesday, 15 Mar 2016
|
19:56 ohauer
- update to 4.1.9
BUG FIXES:
- Change the nsd.db file version because of nanosecond precision fix.
Approved by: jaap@NLnetLabs.nl (maintainer)
PR: 208043
MFH: 2016Q1
|
Monday, 14 Mar 2016
|
06:59 ohauer
- update to 4.1.8
- add ability to build agains openssl or libressl from ports
- add MUNIN_PLUGIN_IMPLIES= BIND8_STATS
- use @sample macro in pkg-plist for nsd.conf
- s/exec/postexec/ pkg-plist
FEATURES:
- #732: tcp-mss, outgoing-tcp-mss options for nsd.conf, patch
from Daisuke Higashi.
- #739: zonefile changes when mtime is small are detected on reload,
if filesystem supports precision mtime values.
- RR type CSYNC (RFC7477) syntax is supported.
BUG FIXES:
- take advantage of arc4random_uniform if available, patch from
Loganaden Velvindron.
- Fix flto check for OSX clang.
- Define _DEFAULT_SOURCE with _BSD_SOURCE for glibc 2.20 on Linux.
- Fix #736: segfault during zone transfer.
- Fix #744: Fix that NSD replies for configured but unloaded zone
with SERVFAIL, not REFUSED.
PR: 207951
Submitted by: jaap@NLnetLabs.nl (maintainer)
MFH: 2016Q1
|
Wednesday, 16 Dec 2015
|
05:09 miwi
- Update to 4.1.7
- Switch to options helper
PR: 205292
Submitted by: maintainer
Approved by: mat (mentor)
Differential Revision: D4579
|
Friday, 13 Nov 2015
|
22:22 erwin
Update to 4.1.6
Major Bug Bug Fixes:
- This release fixes segfault after start when many interfaces are in use.
- This version returns the EDNS bad version response with the AD flag
unset for improved conformance.
Minor Buf Fixes:
- Fix #701: Fix that AD=1 set in a BADVERS response.
- Fix typo in zonec.c inside error message.
- Fix #711: Document that debug-mode yes is used for staying
attached to the supervisor console.
- Document verbosity 3 prints more information.
- nsd-checkconf warns for master zones with no zonefile statement.
- Fix start failure when many file descriptors are in use.
- The servfail rcode is not printed with a space in the middle.
- print failed token for config syntax error or parse error.
PR: 204533
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Sponsored by: DK Hostmaster A/S
|
Monday, 21 Sep 2015
|
16:03 erwin
Upgrade from 4.1.3 to version to 4.1.5 (includes up 4.1.4)
FEATURES:
- RFC7553 RR Type URI support.
- removed hardcoded interface limit, --with-max-ips removed.
- Admitted axfrs are logged at verbosity 1. Refused at verbosity 2.
Major BUG FIXES:
- Fix NSID response for short edns sizes.
- Fix that for expired zones NSD performs an AXFR and accepts newer
and older serial numbers.
PR: 203231
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Sponsored by: DK Hostmaster A/S
|
Thursday, 2 Jul 2015
|
07:49 erwin
Update to 4.1.3
PR: 201261
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Sponsored by: DK Hostmaster A/S
|
Thursday, 16 Apr 2015
|
11:04 erwin
Update to 4.1.2
- Logging improvements
- Zone parser bug fixes
- Integer overflow bug fixes
PR: 199462
Submitted by: Jaap Akkerhuis <jaap@nlnetlabs.nl> (maintainer)
|
Sunday, 8 Feb 2015
|
02:42 erwin
update to 4.1.1
Major Features:
- RFC 7344: CDS and CDNSKEY (read record types).
- per zone statistics with --enable-zone-stats
- Disabled use of SSLv3 in nsd-control.
- Synthesize CNAMEs with same TTL as DNAME.
- nsd-checkconf -f prints out full name of pidfile (with dir). [1]
PR: 197291,
196449 [1]
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl>,
Adam Zaleski <adam@zaleski.org> [1]
|
Friday, 5 Sep 2014
|
11:20 erwin
- Update to 4.1.0
- Use nsd instead of bind user
This release has new features and bugfixes. In nsd.conf you can
configure database: "" this makes NSD not use the large mmapped nsd.db
file, but instead read and write the zonefiles in text format, which
saves about 50% of the memory usage. Also zonefile reading and
writing has been optimised to be faster, as well as processing time
for zone transfers. NSD writes the (changed) zonefiles every hour.
The new nsd-checkzone tool reports if a zonefile parses so you can check
it before reading it into the daemon.
A bug is fixed where NSD 4 causes rising load average and memory
consumption on Linux systems, which is caused by a bug in Linux that
slowly deteriorates system performance by repeated recursive forks.
Full release notes:
http://open.nlnetlabs.nl/pipermail/nsd-users/2014-September/002007.html
PR: 193332
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Sponsored by: DK Hostmaster A/S
|
Monday, 24 Mar 2014
|
12:55 madpilot
- Update to 4.0.3
PR: ports/187596
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
|
Friday, 7 Feb 2014
|
14:44 decke
- Update to 4.0.1
- Cleanup rc script
FEATURES:
- recognizes ip-address and interface as synonyms for convenience.
- Support for EUI48 and EUI64 RR types enabled by default (RFC 7043).
- Support for CAA RRtype (RFC 6844).
- NSID can be set with "ascii_somestring" in ascii.
BUG FIXES:
- Fix xfrd when zone transfer TCP contains zero length packets.
- Fix for NSEC3 zones where parent zone is co-hosted, also NSEC3,
because AXFRs overwrote nsec3 administration in the child zone.
- Fix that bad IXFR updates do not result in double SOA records,
and that an AXFR is started (attempted) when the zone state seems
to be inconsistent with the master's zone state.
- Log ip address for sendto and sendmmsg failures.
- Fix segfaults after read of zones with rr type WKS from zonefile.
- Seed PRNG for openssl at start of daemon, fixes SSL connection issue.
- Bugfix #534: IXFR query loop over UDP for zones that are unchanged.
- (same as in 3.2.16): fix wildcard cname to nxdomain repeated rrset.
- (same as in 3.2.16): Bugfix #542: Match RRSIG TTL with SOA TTL in
negative response.
- Check if configure in srcdir collides with outofdir build.
- Fix #546: output format errors in nsd_munin_ (Thanks Tom Hendrikx).
- Fix printout of high-chars in TXT on NetBSD.
PR: ports/186308
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
|
Tuesday, 12 Nov 2013
|
13:24 erwin
Please welcome NSD 4.0.0
For all new features, see
http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_0_0_REL/doc/NSD-4-features
This version replaces the nsdc control program with nsd-control.
This requires some manual setup with nsd-control-setup and editing
of the config files. nsd-control is incompatible with nsdc so when
that is used in scripts, these should be adapted.
NSD 3 is still supported as dns/nsd3.
PR: 183888
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl>
|
Tuesday, 23 Jul 2013
|
15:32 pawel
- Update to version 3.2.16
- Add EUI_RRTYPES option
While here:
- Remove leading article from COMMENT
- Convert tab to space in WWW: line
PR: ports/180741
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
|
Tuesday, 5 Feb 2013
|
09:42 erwin
- Update to 3.2.15
Features
* Support for ILNP RR types: NID, L32, L64, LP (RFC6742).
* RRL, --enable-ratelimit at configure time and config options.
* TSIG initialization only fails when there is no digest found at all.
Bugfixes
* Bugfix #478: Declaration after statement (for gcc 2.95).
* Bugfix #483: Better error message in case of TSIG error.
* Bugfix #485: TTL should not be greater than 2^31 - 1.
* Fix RCODE when CNAME loop final answer does not exist,
should return NXDOMAIN as stated by RFC 6604.
* Fix --disable-full-prehash bug, where after multiple incoming IXFRs,
NSEC3 can be removed unjustified.
PR: 175837
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
|
Thursday, 1 Nov 2012
|
18:41 bdrewery
- Update to 3.2.14
- Trim header
Changes:
* Bugfixes
* New Feature: Use of writev, to improve TCP response time
PR: ports/173261
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Feature safe: yes
|
Friday, 27 Jul 2012
|
12:39 zi
- Update to 3.2.13
- Cleanup whitespace
- Document vulnerability in dns/nsd (CVE-2012-29789)
PR: ports/170208
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Security: 17f369dc-d7e7-11e1-90a2-000c299b62e1
|
Friday, 20 Jul 2012
|
15:09 crees
Update to 3.2.12
BUG FIXES:
- Fix for VU#624931 CVE-2012-2978: NSD denial of service
vulnerability from non-standard DNS packet from any host
on the internet.
PR: ports/170001
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Security: CVE-2012-2978
|
Tuesday, 17 Jul 2012
|
10:36 jase
- Update to 3.2.11 [1]
- Convert to optionsNG, add DOCS option
- Replace bsd.port.{pre,post}.mk includes
- Remove non-existent DNSSEC, TSIG, NSID options
- Fix typo in NSEC3PREHASH option CONFIGURE_ARGS
- Replace hardcoded ETCDIR in pkg-plist
PR: ports/169731 [1]
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Approved by: flo (mentor)
|
Thursday, 16 Feb 2012
|
17:04 culot
- Update to 3.2.10
PR: ports/165185
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
|
Monday, 28 Nov 2011
|
11:36 miwi
- Update to 3.2.9
PR: 162782
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Feature safe: yes
|
Wednesday, 30 Mar 2011
|
13:48 ohauer
- update to version 3.2.8
Bugfixes:
Do setusercontext before chroot, otherwise login.conf etc. are required
inside chroot.
Bugfix #216: Fix leak of compressiontable when the domain table increases in
size.
Bugfix #348: Don't include header/library path if OpenSSL is in /usr.
Bugfix #350: Refused notifies should log client ip.
Bugfix #352: Fix hard coded paths in man pages.
Bugfix #354: The realclean target deletes a bit too much.
Bugfix #357, make xfrd quit with many zones.
Bugfix #362: outgoing-interface and v4 vs. v6 leads to spurious warning
messages.
Bugfix #363: nsd-checkconf -v does not print outgoing-interface ok.
Bugfix: nsd-checkconf -o outgoing-interface omits NOKEY.
Undo Bugfix #235: Don't skip dname compression, messes up packets that do
need compression.
PR: ports/155785
Submitted by: Jaap Akkerhuis <jaap _at_ nlnetlabs.nl> (maintainer)
|
Wednesday, 26 Jan 2011
|
11:32 pav
- Update to 3.2.7
PR: ports/154264
Submitted by: Jaap Akkerhuis <jaap@nlnetlabs.nl> (maintainer)
Feature safe: yes
|
Thursday, 25 Nov 2010
|
16:04 bapt
- fix status command in rc file
- while here remove MD5 entry
bump port revision
PR: ports/152565
Submitted by: eli <elij.mx _at_ gmail.com>
Approved by: Jaap Akkerhuis <jaap _at_ nlnetlabs.nl>
|
Tuesday, 3 Aug 2010
|
17:26 lwhsu
- Update to 3.2.6
PR: ports/149234
Submitted by: Jaap Akkerhuis <jaap AT NLnetLabs.nl> (maintainer)
|
Sunday, 9 May 2010
|
11:22 miwi
- Update to 3.2.5
PR: 145781
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
|
Tuesday, 12 Jan 2010
|
00:41 wen
- Update to 3.2.4
PR: ports/142718
Submitted by: Olafur Osvaldsson <osvaldsson@icelandic.net> (maintainer)
|
Friday, 4 Sep 2009
|
16:44 wxs
- Update to 3.2.3
PR: ports/138529
Submitted by: Olafur Osvaldsson <osvaldsson@icelandic.net>
|
Tuesday, 19 May 2009
|
12:44 laszlof
- Update to 3.2.2.
PR: ports/134698
Submitted by: Olafur Osvaldsson <osvaldsson@icelandic.net> (maintainer)
|
Tuesday, 3 Feb 2009
|
22:54 amdmi3
- Update to 3.2.1
PR: 131325
Submitted by: Olafur Osvaldsson <osvaldsson at icelandic dot net> (maintainer)
|
Friday, 21 Nov 2008
|
20:34 miwi
- Update to 3.2.0
PR: 128818
Submitted by: Olafur Osvaldsson <osvaldsson@icelandic.net> (maintainer)
|
Monday, 28 Jul 2008
|
22:25 pgollucci
- Update to 3.1.1
- Respect NOPORTDOCS
- Add option NSDMAX_INT
- rename rc.d script nsd.sh -> nsd
PR: ports/125898
Approved by: Olafur Osvaldsson <osvaldsson@icelandic.net> (maintainer),
araujo (mentor)
|
Friday, 14 Dec 2007
|
19:08 miwi
- Update to 3.0.7
PR: 118059
Submitted by: Olafur Osvaldsson <oli@isnic.is> (maintainer)
|
Thursday, 13 Sep 2007
|
21:10 miwi
- Update to 3.0.6
PR: 116180
Submitted by: Olafur Osvaldsson <oli@isnic.is> (maintainer)
|
Thursday, 22 Mar 2007
|
13:28 miwi
- Update to 3.0.5
PR: 110671
Submitted by: Olafur Osvaldsson <oli@isnic.is> (maintainer)
|
Thursday, 25 Jan 2007
|
17:51 rafan
- Update to 3.0.4
PR: ports/108329
Submitted by: Olafur Osvaldsson <oli at isnic.is> (maintainer)
|
Tuesday, 12 Dec 2006
|
20:28 miwi
- Update to 3.0.3
PR: ports/106607
Submitted by: Olafur Osvaldsson <oli@isnic.is> (maintainer)
|
Monday, 6 Nov 2006
|
12:27 clsung
- Update to 3.0.2
PR: ports/105200
Submitted by: maintainer (Olafur Osvaldsson)
|
Tuesday, 12 Sep 2006
|
20:17 miwi
- Update to 3.0.1
- Changed to OPTIONS
- Added a warning for those using NSD_OPTIONS
PR: ports/103196
Submitted by: Olafur Osvaldsson <oli(at)isnic.is> (maintainer)
|
Saturday, 3 Jun 2006
|
03:05 mnag
- Update to 2.3.5
PR: 98379
Submitted by: maintainer
|
Monday, 12 Dec 2005
|
11:42 ehaupt
Update to 2.3.3
PR: 90177
Submitted by: Konstantin Saurbier <Konstantin@math.uni-bielefeld.de>
Approved by: Olafur Osvaldsson <oli@isnic.is> (maintainer)
|
Tuesday, 6 Sep 2005
|
16:26 garga
- Update to 2.3.1
PR: ports/85790
Submitted by: maintainer
|
Friday, 6 May 2005
|
11:50 novel
Update to 2.3.0
PR: 80654
Submitted by: Olafur Osvaldsson (maintainer)
|
Monday, 21 Feb 2005
|
15:17 vs
Update to 2.2.1
PR: ports/77856
Submitted by: maintainer
|
Monday, 7 Feb 2005
|
21:51 edwin
[MAINTAINER] dns/nsd: update to 2.2.0
- Update to 2.2.0
With this release nsd no longer requires named-xfer to be
present on the system.
I also changed the options to a configure script.
Added file(s):
- scripts/configure.nsd
PR: ports/76412
Submitted by: Olafur Osvaldsson <oli@isnic.is>
|
Tuesday, 30 Nov 2004
|
12:58 sem
- Update to 2.1.5
BUG FIXES:
- Bug #90: handle \000 in TXT records correctly
- Fixed undefined behavior in the use of vsnprintf when
logging messages.
PR: ports/74517
Submitted by: maintainer
|
Thursday, 4 Nov 2004
|
13:09 clive
Update to 2.1.4, claimed to be OK about AXFR.
PR: ports/73455
Submitted by: MAINTAINER
|
Tuesday, 2 Nov 2004
|
07:40 sergei
- Update to 2.1.3
- While I'm here, add explicit CONFIGURE_TARGET to silence a warning
PR: ports/73293
Submitted by: Olafur Osvaldsson (maintainer)
|
Tuesday, 3 Aug 2004
|
07:13 mezz
-Update to 2.1.2.
NSD 2.1.2 release notes:
FEATURES:
- NSD now fully supports unknown record types using the notation
specified in RFC3597.
- Support for the following RR types has been added: WKS, X25, ISDN,
RT, NSAP, PX, NAPTR, KX, CERT, DNAME, and APL. DNAME special
processing is not supported.
BUG FIXES:
- Bug #84: NSD now uses SIGUSR1 instead of SIGILL to report stats.
- Bug #85: Support for WKS records.
- Bug #86: The characters "#%&^[]?" can now be used without backslash
in zone file domain names.
- Plugin callback return type fixed.
- The maximum message length for IPv6 UDP packets is now limited to
the IPv6 minimum MTU (1280) unless the IPV6_USE_MIN_MTU socket
option is supported.
PR: ports/69914
Submitted by: Olafur Osvaldsson <oli@isnic.is> (maintainer)
|
Friday, 2 Jul 2004
|
22:14 pav
- Update to 2.1.1
PR: ports/68603
Submitted by: Olafur Osvaldsson <oli@isnic.is> (maintainer)
|
Saturday, 15 May 2004
|
14:21 vs
Update to 2.1.0: New networking code allows a single server to handle both
UDP and TCP connections.
(Remove cruft from pkg-descr while here)
PR: ports/66651
Submitted by: Olafur Osvaldsson
|
Tuesday, 11 May 2004
|
12:40 pav
- Update to 2.0.2
PR: ports/66519
Submitted by: Olafur Osvaldsson <oli@isnic.is>
|
Thursday, 29 Jan 2004
|
07:24 trevor
SIZEify.
|
Tuesday, 13 Jan 2004
|
00:05 pav
- Update to 1.2.4
PR: ports/61279
Submitted by: Vincent Tantardini <vinc@FreeBSD-fr.org>
|
Thursday, 1 Jan 2004
|
16:38 pav
- Update to 1.2.3
PR: ports/60784
Submitted by: Vincent Tantardini <vinc@0x45.org>
|
Number of commits found: 96 |