./net/bind99, Berkeley Internet Name Daemon implementation of DNS, version 9.9

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 9.9.6pl1, Package name: bind-9.9.6pl1, Maintainer: pkgsrc-users

BIND, the Berkeley Internet Name Daemon, version 9 is a major rewrite
of nearly all aspects of the underlying BIND architecture. Some
of the important features of BIND-9 are:

- DNS Security
- IP version 6
- DNS Protocol Enhancements
- Views
- Multiprocessor Support
- Improved Portability Architecture
- Full NSEC3 support
- Automatic zone re-signing
- New update-policy methods tcp-self and 6to4-self

This package contains the BIND 9.9 release.

Package options: inet6, readline, threads

Master sites: (Expand)

SHA1: c2c276dd1f205924662bd94242a8776ea29c4e3b
RMD160: faaeaadc9b1b6245665e98392e9fd0c44cf660fd
Filesize: 7633.142 KB

Version history: (Expand)

CVS history: (Expand)

   2014-12-12 08:39:32 by OBATA Akio | Files touched by this commit (2)
Log message:
Use SSLBASE for location of engines.
PR pkg/48658.
   2014-12-08 22:58:18 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
Update bind99 to 9.9.6p1 (BIND 9.9.6-P1).

	--- 9.9.6-P1 released ---

4006.	[security]	A flaw in delegation handling could be exploited
			to put named into an infinite loop.  This has
			been addressed by placing limits on the number
			of levels of recursion named will allow (default 7),
			and the number of iterative queries that it will
			send (default 50) before terminating a recursive
			query (CVE-2014-8500).

			The recursion depth limit is configured via the
			"max-recursion-depth" option, and the query limit
			via the "max-recursion-queries" option.  [RT #37580]
   2014-10-14 18:21:02 by Takahiro Kambe | Files touched by this commit (13) | Package updated
Log message:
Update bind99 to 9.9.6.

New Features

   Support for CAA record types, as described in RFC 6844 "DNS
   Certification Authority Authorization (CAA) Resource Record",
   was added. [RT#36625] [RT #36737]

   Disallow "request-ixfr" from being specified in zone statements
   where it is not valid (it is only valid for slave and redirect
   zones) [RT #36608]

   Support for CDS and CDNSKEY resource record types was added. For
   details see the proposed Informational Internet-Draft "Automating
   DNSSEC Delegation Trust Maintenance" at
   http://tools.ietf.org/html/draft-ietf-d … inance-14.
   [RT #36333]

   Added version printing options to various BIND utilities. [RT #26057]
   [RT #10686]

   On Windows, enable the Python tools "dnssec-coverage" and
   "dnssec-checkds". [RT #34355]

   Added a "no-case-compress" ACL, which causes named to use
   case-insensitive compression (disabling change #3645) for specified
   clients. (This is useful when dealing with broken client
   implementations that use case-sensitive name comparisons, rejecting
   responses that fail to match the capitalization of the query
   that was sent.) [RT #35300]

Feature Changes

   Adds RPZ SOA to the additional section of responses to clearly
   indicate the use of RPZ in a manner that is intended to avoid
   causing issues for downstream resolvers and forwarders [RT #36507]

   rndc now gives distinct error messages when an unqualified zone
   name matches multiple views vs. matching no views [RT #36691]

   Improves the accuracy of dig's reported round trip times.  [RT #36611]

   The Windows installer now places files in the Program Files area
   rather than system services. [RT #35361]

   When an SPF record exists in a zone but no equivalent TXT record
   does, a warning will be issued.  The warning for the reverse
   condition is no longer issued. See the check-spf option in the
   documentation for details. [RT #36210]

   "named" will now log explicitly when using rndc.key to configure
   command channel. [RT #35316]

   The default setting for the -U option (setting the number of UDP
   listeners per interface) has been adjusted to improve performance.
   [RT #35417]

   Aging of smoothed round-trip time measurements is now limited
   to no more than once per second, to improve accuracy in selecting
   the best name server. [RT #32909]

   DNSSEC keys that have been marked active but have no publication
   date are no longer presumed to be publishable. [RT #35063]

Bug Fixes

   The Makefile in bin/python was changed to work around a bmake
   bug in FreeBSD 10 and NetBSD 6. [RT #36993] (**)

   Corrected bugs in the handling of wildcard records by the DNSSEC
   validator: invalid wildcard expansions could be treated as valid
   if signed, and valid wildcard expansions in NSEC3 opt-out ranges
   had the AD bit set incorrectly in responses. [RT #37093] [RT #37072]

   When resigning, dnssec-signzone was removing all signatures from
   delegation nodes. It now retains DS and (if applicable) NSEC
   signatures.  [RT #36946]

   The AD flag was being set inappopriately on RPZ responses. [RT #36833]

   Updates the URI record type to current draft standard,
   draft-faltstrom-uri-08, and allows the value field to be zero
   length [RT #36642] [RT #36737]

   RRSIG sets that were not loaded in a single transaction at start
   up were not being correctly added to re-signing heaps.  [RT #36302]

   Setting '-t aaaa' in .digrc had unintended side-effects. [RT #36452]

   A race condition could cause a crash in isc_event_free during
   shutdown.  [RT #36720]

   Addresses a race condition issue in dispatch. [RT #36731]

   acl elements could be miscounted, causing a crash while loading
   a config [RT #36675]

   Corrects a deadlock between view.c and adb.c. [RT #36341]

   liblwres wasn't properly handling link-local addresses in
   nameserver clauses in resolv.conf. [RT #36039]

   Buffers in isc_print_vsnprintf were not properly initialized
   leading to potential overflows when printing out quad values.
   [RT #36505]

   Don't call qsort() with a null pointer, and disable the GCC 4.9
   "delete null pointer check" optimizer option. This fixes problems
   when using GNU GCC 4.9.0 where its compiler code optimizations
   may cause crashes in BIND. For more information, see the operational
   advisory at https://kb.isc.org/article/AA-01167/. [RT #35968]

   Fixed a bug that could cause repeated resigning of records in
   dynamically signed zones. [RT #35273]

   Fixed a bug that could cause an assertion failure after forwarding
   was disabled. [RT #35979]

   Fixed a bug that caused SERVFAILs when using RPZ on a system
   configured as a forwarder. [RT #36060]

   Worked around a limitation in Solaris's /dev/poll implementation
   that could cause named to fail to start when configured to use
   more sockets than the system could accomodate. [RT #35878]
   2014-07-19 07:10:38 by Takahiro Kambe | Files touched by this commit (1) | Package updated
Log message:
Explicitly specify KRB5BASE with --with-gssapi option and incudes

It prevent link libcrypt twice with PREFER_PKGSRC=openssl.

Fix was provided Chuck Silvers via private e-mail about two weeks ago and
I've confirmed the problem.

   2014-06-14 18:15:04 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
Update bind99 to 9.9.5pl1 (BIND 9.9.5-P1).

3859.	[bug]		Don't call qsort with a null pointer. [RT #35968]

3858.	[bug]		Disable GCC 4.9 "delete null pointer check".
			[RT #35968]

3742.	[port]		linux: libcap support: declare curval at start of
			block. [RT #35387]

	--- 9.9.5-W1 released ---

3724.	[bug]		win32: Fixed a bug that prevented dig and
			host from exiting properly after completing
			a UDP query. [RT #35288]
   2014-06-14 12:14:43 by Sebastian Wiedenroth | Files touched by this commit (1)
Log message:
fix SMF Manifest installation by not overwriting INSTALLATION_DIRS
   2014-05-30 01:38:20 by Thomas Klausner | Files touched by this commit (3049)
Log message:
Bump for perl-5.20.0.
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
   2014-03-11 15:34:41 by Jonathan Perkin | Files touched by this commit (99)
Log message:
Import initial SMF support for individual packages.