Log message:
Pullup ticket #3865 - requested by wiz
net/nsd: security update

Revisions pulled up:
- net/nsd/Makefile                                              1.56
- net/nsd/distinfo                                              1.34

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Fri Jul 20 16:28:49 UTC 2012

   Modified Files:
   	pkgsrc/net/nsd: Makefile distinfo

   Log message:
   Update to 3.2.12, prompted by Lloyd Parkes in PR 46727.

   NSD 3.2.12

   Bugfixes

       Fix for VU#624931 CVE-2012-2978: NSD denial of service
       vulnerability from non-standard DNS packet from any host on
       the internet.

   NSD 3.2.11

   Features

       Fallback to AXFR if IXFR is unknown at the primary. NSD considers
       IXFR unknown at the primary if there is a negative response
       for the IXFR RRtype. This does not override the value for
       'allow-axfr-fallback'.
       Allow for reading in new DNSKEY algorithm mnemonics (RFC5155,
       RFC5702, RFC5933, and RFC6605 (ECDSA)).
       Zone statistics, enable with --enable-zone-stats. This stores
       the BIND8 stats per zone in a configurable statistics file.
       This option does not scale and should therefore not be enabled
       when serving many zones.
       Support for TLSA RRtype (DANE).

   Bugfixes

       Fix for qtype ANY for a wildcard domain in NSEC signed zone:
       Don't add the wildcard domain NSEC into the answer section.
       Instead, put the wildcard expanded NSEC into the answer section
       and keep the wildcard domain NSEC in the authority section.
       Fix for accept spinning reported by OpenBSD.
       Fix restart failed due to bad ixfr packet because of zone
       removed from nsd.conf.
       Bugfix #453: typo in nsdc man page.

   Operational notes

       NSD uses the query name for dname compression again (Fix #235
       had as side effect that this didn't happen anymore and is hereby
       undone).