/bind99, Berkeley Internet Name Daemon implementation of DNS, version 9.9
9.9.10, Package name:
bind-9.9.10, Maintainer: pkgsrc-users
BIND, the Berkeley Internet Name Daemon, version 9 is a major rewrite
of nearly all aspects of the underlying BIND architecture. Some
of the important features of BIND-9 are:
- DNS Security
- IP version 6
- DNS Protocol Enhancements
- Multiprocessor Support
- Improved Portability Architecture
- Full NSEC3 support
- Automatic zone re-signing
- New update-policy methods tcp-self and 6to4-self
This package contains the BIND 9.9 release.
Required to build:
] Package options
: inet6, readline, threads
Master sites: SHA1:
Version history: (Expand)
- (2017-04-23) Updated to version: bind-9.9.10
- (2017-04-13) Updated to version: bind-9.9.9pl8
- (2017-02-21) Updated to version: bind-9.9.9pl6nb1
- (2017-02-09) Updated to version: bind-9.9.9pl6
- (2017-01-12) Updated to version: bind-9.9.9pl5
- (2016-11-02) Updated to version: bind-9.9.9pl4
CVS history: (Expand)
| 2017-04-22 18:07:43 by Takahiro Kambe | Files touched by this commit (4) | |
Update bind99 to 9.9.10 (BIND 9.9.10).
This is maintenance release and please refer release announce in detail:
| 2017-04-13 03:53:35 by Takahiro Kambe | Files touched by this commit (2) | |
Update bind99 to 9.9.9pl8 (BIND 9.9.9-P8).
Quote from release announce:
BIND 9.9.9-P8 addresses the security issues described in CVE-2017-3136,
CVE-2017-3137, and CVE-2017-3138, and updates the built-in trusted keys
for the root zone.
Quote from CHANGELOG:
--- 9.9.9-P8 released ---
4582. [security] 'rndc ""' could trigger a assertion failure in named.
(CVE-2017-3138) [RT #44924]
4580. [bug] 4578 introduced a regression when handling CNAME to
referral below the current domain. [RT #44850]
--- 9.9.9-P7 released ---
4578. [security] Some chaining (CNAME or DNAME) responses to upstream
queries could trigger assertion failures.
(CVE-2017-3137) [RT #44734]
4575. [security] DNS64 with "break-dnssec yes;" can result in an
assertion failure. (CVE-2017-3136) [RT #44653]
4564. [maint] Update the built in managed keys to include the
upcoming root KSK. [RT #44579]
| 2017-02-24 16:46:14 by Filip Hajny | Files touched by this commit (4) |
Fix bind.keys PLIST handling, thanks joerg@ for the notice.
| 2017-02-20 16:19:54 by Filip Hajny | Files touched by this commit (6) | |
Change bind99 and bind910 package to use the standard PKG_SYSCONFDIR
for config files instead of the hardcoded /etc path. Sync SMF support
across the two packages. Bump PKGREVISION.
| 2017-02-09 01:50:15 by Takahiro Kambe | Files touched by this commit (2) | |
Update bind99 to 9.9.9pl6 (BIND 9.9.9-P6).
* If a server is configured with a response policy zone (RPZ) that
rewrites an answer with local data, and is also configured for
DNS64 address mapping, a NULL pointer can be read triggering a
server crash. This flaw is disclosed in CVE-2017-3135. [RT #44434]
* named could mishandle authority sections with missing RRSIGs,
triggering an assertion failure. This flaw is disclosed in
CVE-2016-9444. [RT #43632]
* named mishandled some responses where covering RRSIG records were
returned without the requested data, resulting in an assertion
failure. This flaw is disclosed in CVE-2016-9147. [RT #43548]
* named incorrectly tried to cache TKEY records which could trigger
an assertion failure when there was a class mismatch. This flaw is
disclosed in CVE-2016-9131. [RT #43522]
* It was possible to trigger assertions when processing responses
containing answers of type DNAME. This flaw is disclosed in
CVE-2016-8864. [RT #43465]
* It was possible to trigger an assertion when rendering a message
using a specially crafted request. This flaw is disclosed in
CVE-2016-2776. [RT #43139]
* Calling getrrsetbyname() with a non- absolute name could trigger an
infinite recursion bug in lwresd or named with lwres configured if,
when combined with a search list entry from resolv.conf, the
resulting name is too long. This flaw is disclosed in
CVE-2016-2775. [RT #42694]
* A synthesized CNAME record appearing in a response before the
associated DNAME could be cached, when it should not have been.
This was a regression introduced while addressing CVE-2016-8864.
* Windows installs were failing due to triggering UAC without the
installation binary being signed.
* A race condition in rbt/rbtdb was leading to INSISTs being
| 2017-01-12 01:05:46 by Takahiro Kambe | Files touched by this commit (2) | |
Update bind99 to 9.9.9pl5 (BIND 9.9.9-P5), including security fixes.
--- 9.9.9-P5 released ---
4530. [bug] Change 4489 broke the handling of CNAME -> DNAME
in responses resulting in SERVFAIL being returned.
4528. [bug] Only set the flag bits for the i/o we are waiting
for on EPOLLERR or EPOLLHUP. [RT #43617]
4519. [port] win32: handle ERROR_MORE_DATA. [RT #43534]
4517. [security] Named could mishandle authority sections that were
missing RRSIGs triggering an assertion failure.
(CVE-2016-9444) [RT # 43632]
4510. [security] Named mishandled some responses where covering RRSIG
records are returned without the requested data
resulting in a assertion failure. (CVE-2016-9147)
4508. [security] Named incorrectly tried to cache TKEY records which
could trigger a assertion failure when there was
a class mismatch. (CVE-2016-9131) [RT #43522]
| 2016-11-06 12:07:00 by Thomas Klausner | Files touched by this commit (1) |
belnet mirror of isc reports 404, remove it.
| 2016-11-02 01:06:09 by Takahiro Kambe | Files touched by this commit (2) | |
Update bind99 to 9.9.9pl4 (BIND 9.9.9-P4).
--- 9.9.9-P4 released ---
4489. [security] It was possible to trigger assertions when processing
a response. (CVE-2016-8864) [RT #43465]