./net/bind911, Berkeley Internet Name Daemon implementation of DNS, version 9.11

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 9.11.7, Package name: bind-9.11.7, Maintainer: pkgsrc-users

BIND, the Berkeley Internet Name Daemon, version 9 is a major rewrite
of nearly all aspects of the underlying BIND architecture. Some
of the important features of BIND-9 are:

- DNS Security
- IP version 6
- DNS Protocol Enhancements
- Views
- Multiprocessor Support
- Improved Portability Architecture
- Full NSEC3 support
- Automatic zone re-signing
- New update-policy methods tcp-self and 6to4-self

This package contains the BIND 9.11 release.

- Catalog Zones, a new method for provisioning servers
- "dnstap", a fast and flexible method of capturing and logging
DNS traffic.
- "dyndb", a new API for loading zone data from an external database
- dnssec-keymgr, a new key mainenance utility
- mdig, an alternate version of dig utility
- And more...


Required to build:
[pkgtools/cwrappers]

Package options: inet6, readline, threads

Master sites:

SHA1: 1c2950cab84d6d41e262f3782875294addaff8be
RMD160: af723a4d7a892efa3e5451b8f6d518e778456071
Filesize: 7934.19 KB

Version history: (Expand)


CVS history: (Expand)


   2019-05-20 18:03:55 by Takahiro Kambe | Files touched by this commit (4) | Package updated
Log message:
net/bind911: update to 9.11.7

Update bind911 to 9.11.7, this is maintenance releases.

--- 9.11.7 released ---

5233.	[bug]		Negative trust anchors did not work with "forward only;"
			to validating resolvers. [GL #997]
5232.	[bug]		Fix a high-load race/crash in isc_socket_cancel().
			[GL #834]
5231.	[protocol]	Add support for displaying CLIENT-TAG and SERVER-TAG.
			[GL #960]
5229.	[protocol]	Enforce known SSHFP fingerprint lengths. [GL #852]
5228.	[cleanup]	If trusted-keys and managed-keys are configured
			simultaneously for the same name, the key cannot
			be rolled automatically. This configuration now
			logs a warning. [GL #868]
5224.	[bug]		Only test provide-ixfr on TCP streams. [GL #991]
5222.	[bug]		'delv -t ANY' could leak memory. [GL #983]
5221.	[test]		Enable parallel execution of system tests on
			Windows. [GL !4101]
5218.	[bug]		Conditionally include <dlfcn.h>. [GL #995]
5214.	[bug]		win32: named now removes its lock file upon shutdown.
			[GL #979]
5213.	[bug]		win32: Eliminated a race which allowed named.exe running
			as a service to be killed prematurely during shutdown.
			[GL #978]
5210.	[bug]		When dnstap is enabled and recursion is not
			available, incoming queries are now logged
			as "auth". Previously, this depended on whether
			recursion was requested by the client, not on
			whether recursion was available. [GL #963]
5209.	[bug]		When update-check-ksk is true, add_sigs was not
			considering offline keys, leaving record sets signed
			with the incorrect type key. [GL #763]
5208.	[test]		Run valid rdata wire encodings through totext+fromtext
			and tofmttext+fromtext methods to check these methods.
			[GL #899]
5207.	[test]		Check delv and dig TTL values. [GL #965]
5205.	[bug]		Enforce that a DS hash exists. [GL #899]
5204.	[test]		Check that dns_rdata_fromtext() produces a record that
			will be accepted by dns_rdata_fromwire(). [GL #852]
5203.	[bug]		Enforce whether key rdata exists or not in KEY,
			DNSKEY, CDNSKEY and RKEY. [GL #899]
5197.	[bug]		dig could die in best effort mode on multiple SIG(0)
			records. Similarly on multiple OPT and multiple TSIG
			records. [GL #920]
5194.	[bug]		Enforce non empty ZOMEMD hash. [GL #899]
5193.	[bug]		EID and NIMLOC failed to do multi-line output
			correctly. [GL #899]
5192.	[bug]		configure --fips-mode failed. [GL #946]
5191.	[port]		Darwin: dlzexternal/driver.so was not building.
			[GL #948]
5189.	[cleanup]	Remove revoked root DNSKEY from bind.keys. [GL #945]
5187.	[test]		Set time zone before running any tests in dnstap_test.
			[GL #940]
5185.	[bug]		PKCS11 build could fail if ECDSA is not supported.
			[GL #935]
5184.	[bug]		Missing unlocks in sdlz.c. [GL #936]
5182.	[bug]		Fix a high-load race/crash in handling of
			isc_socket_close() in resolver. [GL #834]
5180.	[bug]		delv now honors the operating system's preferred
			ephemeral port range. [GL #925]
5179.	[cleanup]	Replace some vague type declarations with the more
			specific dns_secalg_t and dns_dsdigest_t.
			Thanks to Tony Finch. [GL !1498]
5178.	[bug]		Handle EDQUOT (disk quota) and ENOSPC (disk full)
			errors when writing files. [GL #902]
5176.	[tests]		Remove a dependency on libxml in statschannel system
			test. [GL #926]
5175.	[bug]		Fixed a problem with file input in dnssec-keymgr,
			dnssec-coverage and dnssec-checkds when using
			python3. [GL #882]
5174.	[doc]		Tidy dnssec-keygen manual. [GL !1557]
5172.	[bug]		nsupdate now honors the operating system's preferred
			ephemeral port range. [GL #905]
5170.	[test]		Added --with-dlz-filesystem to feature-test. [GL !1587]
5168.	[test]		Do not crash on shutdown when RPZ fails to load.  Also,
			keep previous version of the database if RPZ fails to
			load. [GL #813]
5167.	[bug]		nxdomain-redirect could sometimes lookup the wrong
			redirect name. [GL #892]
   2019-04-30 04:51:38 by Takahiro Kambe | Files touched by this commit (9) | Package updated
Log message:
net/bind911: update to 9.11.6pl1

Update bind911 to 9.11.5pl4 (BIND 9.11.5-P4).

Fix security problem CVE-2018-5743 and overhaul pkgsrc.  Now no need
to change namedb is permission under NetBSD.

* Update note about required directories.
* Drop pkg-config from USE_TOOLS.
* Drop none existing configure arguments and PKG_OPTIONS:
	- fetchlimit
	- sit

	--- 9.11.6-P1 released ---

5200.	[security]	tcp-clients settings could be exceeded in some cases,
			which could lead to exhaustion of file descriptors.
			(CVE-2018-5743) [GL #615]
   2019-03-01 22:46:50 by Jonathan Perkin | Files touched by this commit (3)
Log message:
bind*: Ensure named directory is created on SunOS.
   2019-02-22 02:22:38 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
net/bind911: update to 9.11.5pl4

Update bind911 to 9.11.5pl4 (BIND 9.11.5-P4).

	--- 9.11.5-P4 released ---

	--- 9.11.5-P3 released (withdrawn) ---

5141.	[security]	Zone transfer controls for writable DLZ zones were
			not effective as the allowzonexfr method was not being
			called for such zones. (CVE-2019-6465) [GL #790]

	--- 9.11.5-P2 released (withdrawn) ---

5118.	[security]	Named could crash if it is managing a key with
			`managed-keys` and the authoritative zone is rolling
			the key to an unsupported algorithm. (CVE-2018-5745)
			[GL #780]

5110.	[security]	Named leaked memory if there were multiple Key Tag
			EDNS options present. (CVE-2018-5744) [GL #772]
   2018-12-15 17:39:07 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
net/bind911: update to 9.11.5pl1

Update bind911 to 9.11.5pl1 (BIND 9.11.5-P1).

	--- 9.11.5-P1 released ---

5108.	[bug]		Named could fail to determine bottom of zone when
			removing out of date keys leading to invalid NSEC
			and NSEC3 records being added to the zone. [GL #771]
   2018-10-24 13:27:28 by Jonathan Perkin | Files touched by this commit (3)
Log message:
bind911: Fix build on SunOS.
   2018-10-21 17:51:14 by Takahiro Kambe | Files touched by this commit (5) | Package updated
Log message:
net/bind911: update to 9.11.5

	--- 9.11.5 released ---

	--- 9.11.5rc1 released ---

5038.	[bug]		Chaosnet addresses were compared incorrectly.
			[GL #562]

5034.	[bug]		A race between threads could prevent zone maintenance
			scheduled immediately after zone load from being
			performed. [GL #542]

5033.	[bug]		When adding NTAs to multiple views using "rndc nta",
			the text returned via rndc was incorrectly terminated
			after the first line, making it look as if only one
			NTA had been added. Also, it was not possible to
			differentiate between views with the same name but
			different classes; this has been corrected with the
			addition of a "-class" option. [GL #105]

5032.	[func]		Add krb5-selfsub and ms-selfsub update policy rules.
			[GL #511]

5030.	[bug]		Align CMSG buffers to a 64-bit boundary, fixes crash
			on architectures with strict alignment. [GL #521]

5028.	[bug]		Spread the initial RRSIG expiration times over the
			entire working sig-validity-interval when signing a
			zone in named to even out re-signing and transfer
			loads. [GL #418]

5026.	[bug]		rndc reconfig should not touch already loaded zones.
			[GL #276]

5022.	[doc]		Update ms-self, ms-subdomain, krb5-self, and
			krb5-subdomain documentation. [GL !708]

5021.	[bug]		dig returned a non-zero exit code when it received a
			reply over TCP after a retry. [GL #487]

5019.	[cleanup]	A message is now logged when ixfr-from-differences is
			set at zone level for an inline-signed zone. [GL #470]

5018.	[bug]		Fix incorrect sizeof arguments in lib/isc/pk11.c.
			[GL !588]

5017.	[bug]		lib/isc/pk11.c failed to unlink the session before
			releasing the lock which is unsafe. [GL !589]

5016.	[bug]		Named could assert with overlapping filter-aaaa and
			dns64 acls. [GL #445]

5015.	[bug]		Reloading all zones caused zone maintenance to cease
			for inline-signed zones. [GL #435]

5014.	[bug]		Signatures loaded from the journal for the signed
			version of an inline-signed zone were not scheduled for
			refresh. [GL #482]

5012.	[bug]		Fix lock order reversal in pk11_initialize. [GL !590]

5009.	[bug]		Upon an OpenSSL failure, the first error in the OpenSSL
			error queue was not logged. [GL #476]

5008.	[bug]		"rndc signing -nsec3param ..." requests were silently
			ignored for zones which were not yet loaded or
			transferred. [GL #468]

5007.	[cleanup]	Replace custom ISC boolean and integer data types
			with C99 stdint.h and stdbool.h types. [GL #9]

5005.	[bug]		dnssec-verify, and dnssec-signzone at the verification
			step, failed on some validly signed zones. [GL #442]

5004.	[bug]		'rndc reconfig' could cause inline zones to stop
			re-signing. [GL #439]

5003.	[bug]		dns_acl_isinsecure did not handle geoip elements.
			[GL #406]

5002.	[bug]		mdig: Handle malformed +ednsopt option, support 100
			+ednsopt options per query rather than 100 total and
			address memory leaks if +ednsopt was specified.
			[GL #410]

5001.	[bug]		Fix refcount errors on error paths. [GL !563]

4996.	[bug]		dig: Handle malformed +ednsopt option. [GL #403]

4995.	[test]		Add tests for "tcp-self" update policy. [GL !282]

4994.	[bug]		Trust anchor telemetry queries were not being sent
			upstream for locally served zones. [GL #392]

4992.	[bug]		The wrong address was being logged for trust anchor
			telemetry queries. [GL #379]

4990.	[bug]		Prevent a possible NULL reference in pkcs11-keygen.
			[GL #401]
   2018-09-27 06:24:19 by Thomas Klausner | Files touched by this commit (2)
Log message:
bind91?: fix whitespace