notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
Want a good monitor light? See my photosAll times are UTC
Ukraine
non port: dns/unbound/files/patch-contrib-aaaa-filter-iterator.patch

Number of commits found: 3

Tuesday, 15 Mar 2016
06:19 ohauer search for other commits by this committer
- Update unbound to version 1.5.8

- add OPTION for DNSTAP logging support
- rename OPTION s/MUNIN/MUNIN_PLUGIN/ so it is consistent with nsd
- use OPTIONS_SUB
- use ${opt}_target
- use @sample macro for unbound.conf
- sort pkg-plist

Features
- ip-transparent option for FreeBSD with IP_BINDANY socket option.
- insecure-lan-zones: yesno config option, patch from Dag-Erling Smorgrav.
- RR Type CSYNC support RFC 7477, in debug printout and config input.
- RR Type OPENPGPKEY support (draft-ietf-dane-openpgpkey-07).
- [bugzilla: 731 ] tcp-mss, outgoing-tcp-mss options for unbound.conf, patch
  from Daisuke Higashi.
- Support RFC7686: handle ".onion" Special-Use Domain. It is blocked by
  default, andcan be unblocked with "nodefault" localzone config.
- ub_ctx_set_stub() function for libunbound to config stub zones.

The release fixes line endings in the unbound-control-setup script, and
a potential gost-hash validation failure and handles the ".onion" domain
to avoid privacy leakage.

PR:		207948
Submitted by:	jaap@NLnetLabs.nl (maintainer)
Original commitRevision:411142 
Thursday, 4 Feb 2016
15:58 erwin search for other commits by this committer
- Update unbound to 1.5.7
- Bump PORTREVISIOn on dependent ports

Some Upgrade Notes:

This release fixes a validation failure for nodata with wildcards and
emptynonterminals. Fixes OpenSSL Library compability. Fixes correct
response for malformed EDNS queries. For crypto in libunbound there is
libnettle support.

Qname minimisation is implemented. Use qname-minimisation: yes to
enable it. This version sends the full query name when an error is
found for intermediate names. It should therefore not fail for names
on nonconformant servers. It combines well with
harden-below-nxdomain: yes because those nxdomains are probed by the
qname minimisation, and that will both stop privacy sensitive traffic
and reduce nonsense traffic to authority servers. So consider
enabling both. In this implementation IPv6 reverse lookups add
several labels per increment, because otherwise those lookups would be
very slow. [ Reference
https://tools.ietf.org/html/draft-ietf-dnsop-qname-minimisation-08 ]

More details at <http://unbound.net>

PR:		206347
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl>
Approved by:	maintainer timeout
Sponsored by:	DK Hostmaster A/S
Original commitRevision:408047 
Wednesday, 19 Aug 2015
15:49 sem search for other commits by this committer
- Fix LibreSSL issue (from upstream)
- Add autoreconf to USES
- Satisfy portlint -AC
- Add regress-test target
- Back FILTER_AAAA option

PR:		202407
Submitted by:	brnrd
Original commitRevision:394796 

Number of commits found: 3