pkgsrc.se | The NetBSD package collection

./net/bind9, Version 9 of the Berkeley Internet Name Daemon, implementation of DNS

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2009Q4, Version: 9.4.3pl5, Package name: bind-9.4.3pl5, Maintainer: pkgsrc-users

BIND, the Berkeley Internet Name Daemon, version 9 is a major rewrite
of nearly all aspects of the underlying BIND architecture. Some
of the important features of BIND-9 are:

- DNS Security
DNSSEC (signed zones)
TSIG (signed DNS requests)

- IP version 6
Answers DNS queries on IPv6 sockets
IPv6 resource records (A6, DNAME, etc.)
Bitstring Labels
Experimental IPv6 Resolver Library

- DNS Protocol Enhancements
IXFR, DDNS, Notify, EDNS0
Improved standards conformance

- Views
One server process can provide multiple "views" of the
DNS namespace to different clients.

- Multiprocessor Support
- Improved Portability Architecture

Required to build:
[devel/libtool-base]

Master sites: (Expand)

SHA1: 9b7f0bd84be0f91fe1085cedc91c7c14f1e0f97a
RMD160: 680146e4120aaa89f2899d4205c17fee5e9e4aa9
Filesize: 6296.384 KB

Version history: (Expand)

(2010-02-02) Updated to version: bind-9.4.3pl5
(2010-01-22) Updated to version: bind-9.4.3-P5
(2010-01-15) Package added to pkgsrc.se, version bind-9.4.3pl3nb1 (created)

CVS history: (Expand)

2010-02-01 16:00:11 by S.P.Zeidler | Files touched by this commit (1)

Log message:
Pullup ticket 2983 - requested by joerg
syntax fix

Revisions pulled up:
- pkgsrc/net/bind9/Makefile		1.113

   -------------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   joerg
   Date:           Mon Feb  1 12:56:28 UTC 2010

   Modified Files:
           pkgsrc/net/bind9: Makefile

   Log message:
   Fix version number. Just assume that -P always should be translated to
   pl.

   To generate a diff of this commit:
   cvs rdiff -u -r1.112 -r1.113 pkgsrc/net/bind9/Makefile

2010-01-21 22:20:16 by Matthias Scheler | Files touched by this commit (2) | Package updated

Log message:
Pullup ticket #2966 - requested by spz
bind9: security update

Revisions pulled up:
- net/bind9/Makefile			1.112 via patch
- net/bind9/distinfo			1.46
---
Module Name:	pkgsrc
Committed By:	spz
Date:		Thu Jan 21 19:54:33 UTC 2010

Modified Files:
	pkgsrc/net/bind9: Makefile distinfo

Log message:
security update:
BIND 9.4.3-P4 is a SECURITY PATCH for BIND 9.4.3.  It addresses a
potential cache poisoning vulnerability, in which data in the additional
section of a response could be cached without proper DNSSEC validation.

Changes since 9.4.3-P3:

2772.	[security]	When validating, track whether pending data was from
			the additional section or not and only return it if
			validates as secure. [RT #20438]

BIND 9.4.3-P5 is a SECURITY PATCH for BIND 9.4.3.  It addresses two
potential cache poisoning vulnerabilities, both of which could allow
a validating recursive nameserver to cache data which had not been
authenticated or was invalid.

CVE identifiers: CVE-2009-4022, CVE-2010-0097
CERT advisories: VU#418861, VU#360341

Changes since 9.4.3-P4:

2831.	[security]	Do not attempt to validate or cache
			out-of-bailiwick data returned with a secure
			answer; it must be re-fetched from its original
			source and validated in that context. [RT #20819]

2828.	[security]	Cached CNAME or DNAME RR could be returned to clients
			without DNSSEC validation. [RT #20737]

2827.	[security]	Bogus NXDOMAIN could be cached as if valid. [RT #20712]