/bind96, Berkeley Internet Name Daemon implementation of DNS, version 9.6
18.104.22.168.ESV.11nb2, Package name:
bind-22.214.171.124.ESV.11nb2, Maintainer: pkgsrc-users
BIND, the Berkeley Internet Name Daemon, version 9 is a major rewrite
of nearly all aspects of the underlying BIND architecture. Some
of the important features of BIND-9 are:
- DNS Security
- IP version 6
- DNS Protocol Enhancements
- Multiprocessor Support
- Improved Portability Architecture
- Full NSEC3 support
- Automatic zone re-signing
- New update-policy methods tcp-self and 6to4-self
This package contains the BIND 9.6 release.
: inet6, threads
Master sites: (Expand) SHA1:
Version history: (Expand)
- (2014-05-30) Updated to version: bind-126.96.36.199.ESV.11nb2
- (2014-02-12) Updated to version: bind-188.8.131.52.ESV.11nb1
- (2014-02-01) Updated to version: bind-184.108.40.206.ESV.11
- (2014-01-13) Updated to version: bind-220.127.116.11.ESV.10pl2
- (2013-11-07) Updated to version: bind-18.104.22.168.ESV.10pl1
- (2013-09-21) Updated to version: bind-22.214.171.124.ESV.10
CVS history: (Expand)
| 2014-05-30 01:38:20 by Thomas Klausner | Files touched by this commit (3049) |
Bump for perl-5.20.0.
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
| 2014-03-11 15:05:19 by Jonathan Perkin | Files touched by this commit (350) |
Remove example rc.d scripts from PLISTs.
These are now handled dynamically if INIT_SYSTEM is set to "rc.d", or
| 2014-02-13 00:18:57 by Matthias Scheler | Files touched by this commit (1568) |
Recursive PKGREVISION bump for OpenSSL API version bump.
| 2014-02-02 08:55:46 by Takahiro Kambe | Files touched by this commit (4) | |
Update bind96 to 126.96.36.199.ESV.11 (BIND 9.6-ESV-R11).
Security fixes were already covered by 188.8.131.52.ESV.10pl2 and this is
the final release of 9.6.ESV.
Several bug fixes and clean up, please refer CHANGES file in detail.
| 2014-01-13 18:27:09 by Takahiro Kambe | Files touched by this commit (3) | |
Update bind96 to bind-184.108.40.206.ESV.10pl2 (BIND 9.6-ESV-R10-P2), security
fix for CVE-2014-0591.
--- 9.6-ESV-R10-P2 released ---
3693. [security] memcpy was incorrectly called with overlapping
ranges resulting in malformed names being generated
on some platforms. This could cause INSIST failures
when serving NSEC3 signed zones. [RT #35120]
3658. [port] linux: Address platform specific compilation issue
when libcap-devel is installed. [RT #34838]
| 2013-11-07 05:20:33 by Takahiro Kambe | Files touched by this commit (2) | |
Update bind96 to 220.127.116.11.ESV.10pl1 (BIND 9.6-ESV-R10-P1).
Treat an all zero netmask as invalid when generating the localnets
acl. A Winsock library call on some Windows systems can return
an incorrect value for an interface's netmask, potentially causing
unexpected matches to BIND's built-in "localnets" Access Control
List. (CVE-2013-6230) [RT #34687]
| 2013-09-21 17:57:50 by Takahiro Kambe | Files touched by this commit (5) | |
Update bind96 to bind-18.104.22.168.ESV.10 (BIND 9.6-ESV-R10).
(CVE-2013-3919 is already fixed in pkgsrc).
Prevents exploitation of a runtime_check which can crash named
when satisfying a recursive query for particular malformed zones.
(CVE-2013-3919) [RT #33690]
rndc status now also shows the build-id. [RT #20422]
Improved OPT pseudo-record processing to make it easier to support
new EDNS options. [RT #34414]
"configure" now finishes by printing a summary of optional BIND
features and whether they are active or inactive. ("configure
--enable-full-report" increases the verbosity of the summary.)
Addressed compatibility issues with newer versions of Microsoft
Visual Studio. [RT #33916]
Improved the 'rndc' man page. [RT #33506]
'named -g' now no longer works with an invalid logging configuration.
The default (and minimum) value for tcp-listen-queue is now 10
instead of 3. This is a subtle control setting (not applicable
to all OS environments). When there is a high rate of inbound
TCP connections, it controls how many connections can be queued
before they are accepted by named. Once this limit is exceeded,
new TCP connections will be rejected. Note however that a value
of 10 does not imply a strict limit of 10 queued TCP connections
- the impact of changing this configuration setting will be
OS-dependent. Larger values for tcp-listen queue will permit
more pending tcp connections, which may be needed where there
is a high rate of TCP-based traffic (for example in a dynamic
environment where there are frequent zone updates and transfers).
For most production servers the new default value of 10 should
be adequate. [RT #33029]
Fixed the "allow-query-on" option to correctly check the destination
address. [RT #34590]
Fix forwarding for forward only "zones" beneath automatic empty
zones. [RT #34583]
Remove bogus warning log message about missing signatures when
receiving a query for a SIG record. [RT #34600]
Improved resistance to a theoretical authentication attack based
on differential timing. [RT #33939]
The build of BIND now installs isc/stat.h so that it's available
to /isc/file.h when building other applications that reference
these header files - for example dnsperf (see Debian bug ticket
#692467). [RT #33056]
Better handle failures building XML for stats channel responses.
Fixed a memory leak in GSS-API processing. [RT #33574]
Fixed an acache-related race condition that could cause a crash.
rndc now properly fails when given an invalid '-c' argument. [RT
Fixed an issue with the handling of zero TTL records that could
cause improper SERVFAILs. [RT #33411]
Fixed a crash-on-shutdown race condition with DNSSEC validation.
| 2013-07-12 12:45:05 by Jonathan Perkin | Files touched by this commit (181) | |
Bump PKGREVISION of all packages which create users, to pick up change of