./net/nsd, Authoritative-only DNS server

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 4.2.2nb1, Package name: nsd-4.2.2nb1, Maintainer: pettai

This is NSD Name Server Daemon (NSD).

NSD is a complete implementation of an authoritative DNS nameserver.
For further information about what NSD is and what NSD is not please
consult the REQUIREMENTS document which is a part of this distribution
(thanks to Olaf).

Required to run:
[security/openssl] [devel/libevent]

Required to build:

Package options: inet6

Master sites:

SHA1: b0a8a9765cbce402a7534f5aaa38cd0b1f21644f
RMD160: fb83c39dfd5e5350871af67c7fc2629347bde740
Filesize: 1122.248 KB

Version history: (Expand)

CVS history: (Expand)

   2020-01-25 11:45:12 by Jonathan Perkin | Files touched by this commit (24)
Log message:
*: Remove obsolete BUILDLINK_API_DEPENDS.openssl.
   2020-01-18 22:51:16 by Jonathan Perkin | Files touched by this commit (1836)
Log message:
*: Recursive revision bump for openssl 1.1.1.
   2019-11-03 12:45:59 by Roland Illig | Files touched by this commit (255)
Log message:
net: align variable assignments

pkglint -Wall -F --only aligned --only indent -r

No manual corrections.
   2019-08-21 16:16:40 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Update to 4.2.2

* Readd _OPENBSD_SOURCE explicitly to fix build on NetBSD 9

13 August 2019: Wouter
	- Fix error message for out of zone data to have more information.

12 August 2019: Wouter
	- Fix #33: Fix segfault in service of remaining streams on exit.

6 August 2019: Wouter
	- Tag for 4.2.2rc1.

5 August 2019: Wouter
	- PR #31: nsd-control: Add missing stdio header.
	- PR #32: tsig: Fix compilation without HAVE_SSL.
	- Cleanup tls context on xfrd exit.

31 July 2019: Wouter
	- Fix #29: SSHFP check NULL pointer dereference.
	- Fix #30: SSHFP check failure due to missing domain name.
	- Fix to timeval_add in minievent for remaining second in microseconds.

22 July 2019: Wouter
	- Set timeout for refetch immediately, only spread load when there
	  are retries.

19 July 2019: Wouter
	- Set no renegotiation on the SSL context to stop client
	  session renegotiation.

18 July 2019: Wouter
	- Fix #25: NSD doesn't refresh zones after extended downtime,
	  it refreshes the old zones, with a random delay of a couple of
	  seconds to spread the load.
	- Fix so that expired zones stay expired when server is down a
	  long time.

17 July 2019: Wouter
	- Fix that NSD warns for wrong length of the hash in SSHFP records.

15 July 2019: Wouter
	- PR #23: Fix typo in nsd.conf man-page.

4 July 2019: Wouter
	- Set version to 4.2.2 in development.
	- clean memory on exit of nsd-checkzone for memory debug.
	- Fix #20: CVE-2019-13207 Stack-based Buffer Overflow in the
	  dname_concatenate() function.  Reported by Frederic Cambus.
	  It causes the zone parser to crash on a malformed zone file,
	  with assertions enabled, an assertion catches it.
	- Fix #19: Out-of-bounds read caused by improper validation of
	  array index.  Reported by Frederic Cambus.  The zone parser
	  fails on type SIG because of mismatched definition with RRSIG.

2 July 2019: Wouter
	- Tag for 4.2.1rc1

27 June 2019: Wouter
	- Fix unit test for added options and no dot after zone updated
	  log message.
	- Fix compile without accept4.

21 June 2019: Wouter
	- Omit remaining tcp processing if the list is empty.
	- Fix output of nsd-checkconf -h.

20 June 2019: Wouter
	- Initialize event structures before event_set, to stop uninitialized
	  values from setting event library lists and assertions, that would
	  sometimes also show after event_del.
	- Added num.tls and num.tls6 stat counters.
	- PR #12: send-buffer-size, receive-buffer-size,
	  tcp-reject-overflow options for nsd.conf, from Jeroen Koekkoek.
	- Do not use symbol from libc, instead use own replacement, if not
	  available, for accept4.
	- Fix #14, tcp connections have 1/10 to be active and have to work
	  every second, and then they get time to complete during a reload,
	  this is a process that lingers with the old version during a version

19 June 2019: Wouter
	- Fix tls handshake event callback function mistake, reported
	  by Mykhailo Danylenko.

18 June 2019: Wouter
	- Fix #15: crash in SSL library, initialize variables for TCP access
	  when TLS is configured.

14 June 2019: Wouter
	- Fix to init event not pointer, in reassignment.

12 June 2019: Wouter
	- Fix to init event structure for reassignment.
   2019-07-16 13:38:27 by Ryo ONODERA | Files touched by this commit (1)
Log message:
Remove _OPENBSD_SOURCE for NetBSD from Makefile

* Upstream includes _OPENBSD_SOURCE for NetBSD.
  Noticed by gdt@. Thank you.
   2019-07-05 09:53:10 by Benny Siegert | Files touched by this commit (1) | Package updated
Log message:
nsd: update HOMEPAGE

The previous one 404s.
   2019-06-13 15:21:40 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Update to 4.2.0

	- Print IP address when bind socket fails with error.
	- Fix #4249: The option hide-identity: yes stops NSD from responding
	  with the hostname for chaos class queries.  Implements the RFC4829
	  security considerations.
	- Patch to add support for TCP Fast Open, from Sara
	  Dickinson (Sinodun).
	- Patch to add support for tls service on a specified tls port,
	  from Sara Dickinson (Sinodun).
	- Use travis for build check, initial unit test and clang analysis.
	- Fix to delete unused zparser.default_apex member.
	- Fix that the TLS handshake routine sets the correct event to
	  continue when done.
	- Fix that TLS renegotiation calls the read and write routines again
	  with the same parameters when the desired event has been satisfied.
	- Fix that TCP Fastopen has better error message and supports OSX.
	- Fix to avoid buffer alloc with global buffer in tls write handler.
	- Fix to initialize event structure when accepting TCP connection.
	- Disable TLS1.0, TLS1.1 and weak ciphers, enable
	  CIPHER_SERVER_PREFERENCE, patch from Andreas Schulze.
	- further setup ssl ctx after the keys are loaded, for ECDH.
	- TLS OCSP stapling support, enabled with tls-service-ocsp: filename,
	  patch from Andreas Schulze.
	- Fix #10: Fix memory leaks caused by duplicate rr and include
	- Fix to define _OPENBSD_SOURCE to get reallocarray on NetBSD.

	- Deny ANY with only one RR in response, by default.  Patch from
	  Daisuke Higashi.  The deny-any statement in nsd.conf sets ANY
	  queries over UDP to be further moved to TCP as well.
	  Also no additional section processing for type ANY, reducing
	  the response size.
	- Fix #4215: on-the-fly change of TSIG keys with patch from Igor, adds
	  nsd-control print_tsig, update_tsig, add_tsig, assoc_tsig
	  and del_tsig.  These changes are gone after reload, edit the
	  config file (or a file included from it) to make changes that
	  last after restart.
	- Fix #4213: disable-ipv6 and dnstap compile error.
	- Fix to reduce region_log_stats if condition, this removes a
	  debug statement.
        - Fix for FreeBSD port with dnstap enabled.
	- Fix to remove unused code.
	- Fix #6: nsd-control-setup: Change validity time to a shorter
	  period (<2038).
	- Fix unused definition in header remote.h.
	- Fix #4236: IPV4_MINIMAL_RESPONSE_SIZE=1480 is slightly too big.
	- Fix #4235: IP_PMTUDISC_OMIT on IPv4/UDP sockets.
	- Fixed radtree_insert memory leak.
	- Fixed access recycled variable.
   2019-01-29 15:54:03 by Ryo ONODERA | Files touched by this commit (3) | Package updated
Log message:
Do not conflict with nsd in NetBSD base. Rename rc.d script to nlsnd