./net/bind911, Berkeley Internet Name Daemon implementation of DNS, version 9.11

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 9.11.9nb1, Package name: bind-9.11.9nb1, Maintainer: pkgsrc-users

BIND, the Berkeley Internet Name Daemon, version 9 is a major rewrite
of nearly all aspects of the underlying BIND architecture. Some
of the important features of BIND-9 are:

- DNS Security
- IP version 6
- DNS Protocol Enhancements
- Views
- Multiprocessor Support
- Improved Portability Architecture
- Full NSEC3 support
- Automatic zone re-signing
- New update-policy methods tcp-self and 6to4-self

This package contains the BIND 9.11 release.

- Catalog Zones, a new method for provisioning servers
- "dnstap", a fast and flexible method of capturing and logging
DNS traffic.
- "dyndb", a new API for loading zone data from an external database
- dnssec-keymgr, a new key mainenance utility
- mdig, an alternate version of dig utility
- And more...

MESSAGE.rcd [+/-]

Required to build:

Package options: inet6, readline, threads

Master sites:

SHA1: 68683c581e7ad3245b53316490209ee1f02d3fbb
RMD160: 463754692aa145d3b834e9f6fe9e16bc29246b9a
Filesize: 7968.502 KB

Version history: (Expand)

CVS history: (Expand)

   2019-08-11 15:25:21 by Thomas Klausner | Files touched by this commit (3557) | Package updated
Log message:
Bump PKGREVISIONs for perl 5.30.0
   2019-07-18 05:02:52 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
net/bind911: update to 9.11.9.

Update bind911 to 9.11.9.

	--- 9.11.9 released ---

5260.	[bug]		dnstap-read was producing malformed output for large
			packets. [GL #1093]

5258.	[func]		Added support for the GeoIP2 API from MaxMind,
			when BIND is compiled using "configure --with-geoip2".
			The legacy GeoIP API can be enabled by using
			"configure --with-geoip" instead. These options
			cannot be used together.

			Certain geoip ACL settings that were available with
			legacy GeoIP are not available when using GeoIP2.
			See the ARM for details. [GL #182]

5257.	[bug]		Some statistics data was not being displayed.
			Add shading to the zone tables. [GL #1030]

5256.	[bug]		Ensure that glue records are included in root
			priming responses if "minimal-responses" is not
			set to "yes". [GL #1092]

5255.	[bug]		Errors encountered while reloading inline-signing
			zones could be ignored, causing the zone content to
			be left in an incompletely updated state rather than
			reverted. [GL #1109]

5253.	[port]		Support platforms that don't define ULLONG_MAX.
			[GL #1098]

5249.	[bug]		Fix a possible underflow in recursion clients
			statistics when hitting recursive clients
			soft quota. [GL #1067]
   2019-06-28 19:01:31 by Jonathan Perkin | Files touched by this commit (6) | Package updated
Log message:
bind*: Remove privileges from SMF method script.

This inadvertently opened up the named process to more privileges than
necessary and could be considered a security risk.  This may affect chroot
support, adding back in support for that will need to be done carefully.

   2019-06-20 14:26:33 by Jonathan Perkin | Files touched by this commit (6)
Log message:
bind*: Move MESSAGE to MESSAGE.rcd, they are rc.d specific.
   2019-06-20 04:13:58 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
net/bind911: update to 9.11.8

Update bind911 to 9.11.8 (BIND 9.11.8).

	--- 9.11.8 released ---

5244.	[security]	Fixed a race condition in dns_dispatch_getnext()
			that could cause an assertion failure if a
			significant number of incoming packets were
			rejected. (CVE-2019-6471) [GL #942]

5241.	[bug]		Fix Ed448 private and public key ASN.1 prefix blobs.
			[GL #225]

5237.	[bug]		Recurse to find the root server list with 'dig +trace'.
			[GL #1028]
   2019-06-19 12:58:49 by Jonathan Perkin | Files touched by this commit (3)
Log message:
bind*: Fix a couple of issues in the SMF method.

Fix a typo in the configuration_file arguments, joyent/pkgsrc#189.
Ensure the /var/run/named directory has the correct permissions.
   2019-05-20 18:03:55 by Takahiro Kambe | Files touched by this commit (4) | Package updated
Log message:
net/bind911: update to 9.11.7

Update bind911 to 9.11.7, this is maintenance releases.

--- 9.11.7 released ---

5233.	[bug]		Negative trust anchors did not work with "forward only;"
			to validating resolvers. [GL #997]
5232.	[bug]		Fix a high-load race/crash in isc_socket_cancel().
			[GL #834]
5231.	[protocol]	Add support for displaying CLIENT-TAG and SERVER-TAG.
			[GL #960]
5229.	[protocol]	Enforce known SSHFP fingerprint lengths. [GL #852]
5228.	[cleanup]	If trusted-keys and managed-keys are configured
			simultaneously for the same name, the key cannot
			be rolled automatically. This configuration now
			logs a warning. [GL #868]
5224.	[bug]		Only test provide-ixfr on TCP streams. [GL #991]
5222.	[bug]		'delv -t ANY' could leak memory. [GL #983]
5221.	[test]		Enable parallel execution of system tests on
			Windows. [GL !4101]
5218.	[bug]		Conditionally include <dlfcn.h>. [GL #995]
5214.	[bug]		win32: named now removes its lock file upon shutdown.
			[GL #979]
5213.	[bug]		win32: Eliminated a race which allowed named.exe running
			as a service to be killed prematurely during shutdown.
			[GL #978]
5210.	[bug]		When dnstap is enabled and recursion is not
			available, incoming queries are now logged
			as "auth". Previously, this depended on whether
			recursion was requested by the client, not on
			whether recursion was available. [GL #963]
5209.	[bug]		When update-check-ksk is true, add_sigs was not
			considering offline keys, leaving record sets signed
			with the incorrect type key. [GL #763]
5208.	[test]		Run valid rdata wire encodings through totext+fromtext
			and tofmttext+fromtext methods to check these methods.
			[GL #899]
5207.	[test]		Check delv and dig TTL values. [GL #965]
5205.	[bug]		Enforce that a DS hash exists. [GL #899]
5204.	[test]		Check that dns_rdata_fromtext() produces a record that
			will be accepted by dns_rdata_fromwire(). [GL #852]
5203.	[bug]		Enforce whether key rdata exists or not in KEY,
			DNSKEY, CDNSKEY and RKEY. [GL #899]
5197.	[bug]		dig could die in best effort mode on multiple SIG(0)
			records. Similarly on multiple OPT and multiple TSIG
			records. [GL #920]
5194.	[bug]		Enforce non empty ZOMEMD hash. [GL #899]
5193.	[bug]		EID and NIMLOC failed to do multi-line output
			correctly. [GL #899]
5192.	[bug]		configure --fips-mode failed. [GL #946]
5191.	[port]		Darwin: dlzexternal/driver.so was not building.
			[GL #948]
5189.	[cleanup]	Remove revoked root DNSKEY from bind.keys. [GL #945]
5187.	[test]		Set time zone before running any tests in dnstap_test.
			[GL #940]
5185.	[bug]		PKCS11 build could fail if ECDSA is not supported.
			[GL #935]
5184.	[bug]		Missing unlocks in sdlz.c. [GL #936]
5182.	[bug]		Fix a high-load race/crash in handling of
			isc_socket_close() in resolver. [GL #834]
5180.	[bug]		delv now honors the operating system's preferred
			ephemeral port range. [GL #925]
5179.	[cleanup]	Replace some vague type declarations with the more
			specific dns_secalg_t and dns_dsdigest_t.
			Thanks to Tony Finch. [GL !1498]
5178.	[bug]		Handle EDQUOT (disk quota) and ENOSPC (disk full)
			errors when writing files. [GL #902]
5176.	[tests]		Remove a dependency on libxml in statschannel system
			test. [GL #926]
5175.	[bug]		Fixed a problem with file input in dnssec-keymgr,
			dnssec-coverage and dnssec-checkds when using
			python3. [GL #882]
5174.	[doc]		Tidy dnssec-keygen manual. [GL !1557]
5172.	[bug]		nsupdate now honors the operating system's preferred
			ephemeral port range. [GL #905]
5170.	[test]		Added --with-dlz-filesystem to feature-test. [GL !1587]
5168.	[test]		Do not crash on shutdown when RPZ fails to load.  Also,
			keep previous version of the database if RPZ fails to
			load. [GL #813]
5167.	[bug]		nxdomain-redirect could sometimes lookup the wrong
			redirect name. [GL #892]
   2019-04-30 04:51:38 by Takahiro Kambe | Files touched by this commit (9) | Package updated
Log message:
net/bind911: update to 9.11.6pl1

Update bind911 to 9.11.5pl4 (BIND 9.11.5-P4).

Fix security problem CVE-2018-5743 and overhaul pkgsrc.  Now no need
to change namedb is permission under NetBSD.

* Update note about required directories.
* Drop pkg-config from USE_TOOLS.
* Drop none existing configure arguments and PKG_OPTIONS:
	- fetchlimit
	- sit

	--- 9.11.6-P1 released ---

5200.	[security]	tcp-clients settings could be exceeded in some cases,
			which could lead to exhaustion of file descriptors.
			(CVE-2018-5743) [GL #615]