./net/bind914, Berkeley Internet Name Daemon implementation of DNS, version 9.14

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 9.14.10, Package name: bind-9.14.10, Maintainer: pkgsrc-users

BIND, the Berkeley Internet Name Daemon. This package contains the BIND
9.14 release.

* A new "plugin" mechanism has been added to allow query functionality
to be extended using dynamically loadable libraries. The "filter-aaaa"
feature has been removed from named and is now implemented as a
* QNAME minimization, as described in RFC 7816, is now supported.
* Socket and task code has been refactored to improve performance on
most modern machines.
* "Root key sentinel" support, enabling validating resolvers to indicate
via a special query which trust anchors are configured for the root
* Secondary zones can now be configured as "mirror" zones; their
contents are transferred in as with traditional slave zones, but are
subject to DNSSEC validation and are not treated as authoritative data
when answering. This makes it easier to configure a local copy of the
root zone as described in RFC 7706.
* The "validate-except" option allows configuration of domains below
which DNSSEC validation should not be performed.
* The default value of "dnssec-validation" is now "auto".
* IDNA2008 is now supported when linking with libidn2.
* "named -V" now outputs the default paths for files used by named and
other tools.

MESSAGE.rcd [+/-]

Required to run:

Required to build:

Package options: readline, threads

Master sites:

SHA1: 29893968321daca84785829b4a461d3f2d17630e
RMD160: abdf35825abe82601310bec9530c0082d1335f47
Filesize: 6156.065 KB

Version history: (Expand)

CVS history: (Expand)

   2020-01-23 09:00:55 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
net/bind914: update to 9.14.10

Update bind914 to 9.14.10 (BIND 9.14.10).

pkgsrc change: update HOMEPAGE to use https URL.

	--- 9.14.10 released ---

5339.	[bug]		With some libmaxminddb versions, named could erroneously
			match an IP address not belonging to any subnet defined
			in a given GeoIP2 database to one of the existing
			entries in that database. [GL #1552]

5338.	[bug]		Fix line spacing in `rndc secroots`.
			Thanks to Tony Finch. [GL !2478]

5337.	[func]		'named -V' now reports maxminddb and protobuf-c
			versions. [GL !2686]
   2020-01-18 22:51:16 by Jonathan Perkin | Files touched by this commit (1836)
Log message:
*: Recursive revision bump for openssl 1.1.1.
   2020-01-08 11:18:53 by Jonathan Perkin | Files touched by this commit (1)
Log message:
bind914: Explicitly disable epoll on SunOS.
   2020-01-04 11:10:02 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
net/bind914: update to 9.14.9

Update bind914 to 9.14.9 (BIND 9.14.9).

	--- 9.14.9 released ---

5330.	[bug]		'configure --without-python' was ineffective if
			PYTHON was set in the environment. [GL #1434]

5329.	[bug]		Reconfiguring named caused memory to be leaked when any
			GeoIP2 database was in use. [GL #1445]

5328.	[bug]		rbtdb.c:rdataset_{get,set}ownercase failed to obtain
			a node lock. [GL #1417]

5327.	[func]		Added a statistics counter to track queries
			dropped because the recursive-clients quota was
			exceeded. [GL #1399]

5326.	[bug]		Add python dependancy on 'distutils.core' to configure.
			'distutils.core' is required for installation.
			[GL #1397]

5321.	[bug]		Obtain write lock before updating version->records
			and version->bytes. [GL #1341]
   2019-11-21 06:37:06 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
net/bind914: update to 9.14.8

Update bind914 to 9.14.8.  It includes fix for CVS-2019-6477.

        --- 9.14.8 released ---

5315.	[bug]		Apply the inital RRSIG expiration spread fixed
			to all dynamically created records in the zone
			including NSEC3. Also fix the signature clusters
			when the server has been offline for prolonged
			period of times. [GL #1256]

5314.	[func]		Added a new statistics variable "tcp-highwater"
			that reports the maximum number of simultaneous TCP
			clients BIND has handled while running. [GL #1206]

5313.	[bug]		The default GeoIP2 database location did not match
			the ARM.  'named -V' now reports the default
			location. [GL #1301]

5310.	[bug]		TCP failures were affecting EDNS statistics. [GL #1059]

5308.	[bug]		Don't log DNS_R_UNCHANGED from sync_secure_journal()
			at ERROR level in receive_secure_serial(). [GL #1288]

5307.	[bug]		Fix hang when named-compilezone output is sent to pipe.
			Thanks to Tony Finch. [GL !2481]

5306.	[security]	Set a limit on the number of concurrently served
			pipelined TCP queries. (CVE-2019-6477) [GL #1264]

5305.	[bug]		NSEC Aggressive Cache ("synth-from-dnssec") has been
			disabled by default because it was found to have
			a significant performance impact on the recursive
			service. [GL #1265]

5304.	[bug]		"dnskey-sig-validity 0;" was not being accepted.
			[GL #876]

5302.	[bug]		Fix checking that "dnstap-output" is defined when
			"dnstap" is specified in a view. [GL #1281]

5301.	[bug]		Detect partial prefixes / incomplete IPv4 address in
			acls. [GL #1143]
   2019-11-03 12:45:59 by Roland Illig | Files touched by this commit (255)
Log message:
net: align variable assignments

pkglint -Wall -F --only aligned --only indent -r

No manual corrections.
   2019-10-24 14:50:36 by Juraj Lutter | Files touched by this commit (4)
Log message:
bind914: Fix build on SmartOS

SmartOS requires _XOPEN_SOURCE for various macros and functions (CMSG_DATA() et
   2019-10-16 22:51:59 by Maya Rashish | Files touched by this commit (2) | Package updated
Log message:
bind914: update to 9.14.7. security fix.

	--- 9.14.7 released ---

5299.	[security]	A flaw in DNSSEC verification when transferring
			mirror zones could allow data to be incorrectly
			marked valid. (CVE-2019-6475) [GL #1252]

5298.	[security]	Named could assert if a forwarder returned a
			referral, rather than resolving the query, when QNAME
			minimization was enabled. (CVE-2019-6476) [GL #1051]

5297.	[bug]		Check whether a previous QNAME minimization fetch
			is still running before starting a new one; return
			SERVFAIL and log an error if so. [GL #1191]

5294.	[func]		Fallback to ACE name on output in locale, which does not
			support converting it to unicode.  [GL #846]

5293.	[bug]		On Windows, named crashed upon any attempt to fetch XML
			statistics from it. [GL #1245]

5292.	[bug]		Queue 'rndc nsec3param' requests while signing inline
			zone changes. [GL #1205]

	--- 9.14.6 released ---

5289.	[bug]		Address NULL pointer dereference in rpz.c:rpz_detach.
			[GL #1210]

5286.	[contrib]	Address potential NULL pointer dereferences in
			dlz_mysqldyn_mod.c. [GL #1207]

5285.	[port]		win32: implement "-T maxudpXXX". [GL #837]

5283.	[bug]		When a response-policy zone expires, ensure that
			its policies are removed from the RPZ summary
			database. [GL #1146]

5282.	[bug]		Fixed a bug in searching for possible wildcard matches
			for query names in the RPZ summary database. [GL #1146]

5281.	[cleanup]	Don't escape commas when reporting named's command
			line. [GL #1189]

5280.	[protocol]	Add support for displaying EDNS option LLQ. [GL #1201]

5279.	[bug]		When loading, reject zones containing CDS or CDNSKEY
			RRsets at the zone apex if they would cause DNSSEC
			validation failures if published in the parent zone
			as the DS RRset.  [GL #1187]