./net/bind95, Version 9 of the Berkeley Internet Name Daemon, implementation of DNS

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2009Q4, Version: 9.5.2pl2, Package name: bind-9.5.2pl2, Maintainer: pkgsrc-users

BIND, the Berkeley Internet Name Daemon, version 9 is a major rewrite
of nearly all aspects of the underlying BIND architecture. Some
of the important features of BIND-9 are:

- DNS Security
DNSSEC (signed zones)
TSIG (signed DNS requests)

- IP version 6
Answers DNS queries on IPv6 sockets
IPv6 resource records (A6, DNAME, etc.)
Bitstring Labels
Experimental IPv6 Resolver Library

- DNS Protocol Enhancements
Improved standards conformance

- Views
One server process can provide multiple "views" of the
DNS namespace to different clients.

- Multiprocessor Support
- Improved Portability Architecture

Required to build:
[devel/libtool-base] [lang/perl5]

Master sites: (Expand)

SHA1: ffa6df6752976e6bdd05508c5cc5131ef9a097f1
RMD160: a0864dadb1af7268a0c54fed3bc178bd17abb55c
Filesize: 6518.426 KB

Version history: (Expand)

CVS history: (Expand)

   2010-01-21 22:11:20 by Matthias Scheler | Files touched by this commit (2) | Package updated
Log message:
Pullup ticket #2965 - requested by spz
bind95: security update

Revisions pulled up:
- net/bind95/Makefile			1.16 via patch
- net/bind95/distinfo			1.12
Module Name:	pkgsrc
Committed By:	spz
Date:		Thu Jan 21 19:42:16 UTC 2010

Modified Files:
	pkgsrc/net/bind95: Makefile distinfo

Log message:
security update:
BIND 9.5.2-P2 is a SECURITY PATCH for BIND 9.5.2.  It addresses two
potential cache poisoning vulnerabilities, both of which could allow
a validating recursive nameserver to cache data which had not been
authenticated or was invalid.

CVE identifiers: CVE-2009-4022, CVE-2010-0097
CERT advisories: VU#418861, VU#360341

Changes since 9.5.2-P1:

2831.	[security]	Do not attempt to validate or cache
			out-of-bailiwick data returned with a secure
			answer; it must be re-fetched from its original
			source and validated in that context. [RT #20819]

2828.	[security]	Cached CNAME or DNAME RR could be returned to clients
			without DNSSEC validation. [RT #20737]

2827.	[security]	Bogus NXDOMAIN could be cached as if valid. [RT #20712]