Path to this page:
./
net/bind914,
Berkeley Internet Name Daemon implementation of DNS, version 9.14
Branch: pkgsrc-2019Q3,
Version: 9.14.7,
Package name: bind-9.14.7,
Maintainer: pkgsrc-usersBIND, the Berkeley Internet Name Daemon. This package contains the BIND
9.14 release.
* A new "plugin" mechanism has been added to allow query functionality
to be extended using dynamically loadable libraries. The "filter-aaaa"
feature has been removed from named and is now implemented as a
plugin.
* QNAME minimization, as described in RFC 7816, is now supported.
* Socket and task code has been refactored to improve performance on
most modern machines.
* "Root key sentinel" support, enabling validating resolvers to indicate
via a special query which trust anchors are configured for the root
zone.
* Secondary zones can now be configured as "mirror" zones; their
contents are transferred in as with traditional slave zones, but are
subject to DNSSEC validation and are not treated as authoritative data
when answering. This makes it easier to configure a local copy of the
root zone as described in RFC 7706.
* The "validate-except" option allows configuration of domains below
which DNSSEC validation should not be performed.
* The default value of "dnssec-validation" is now "auto".
* IDNA2008 is now supported when linking with libidn2.
* "named -V" now outputs the default paths for files used by named and
other tools.
MESSAGE.rcd [+/-]===========================================================================
$NetBSD: MESSAGE.rcd,v 1.1 2019/06/20 12:26:33 jperkin Exp $
Please consider running BIND under the pseudo user account "${BIND_USER}"
in a chroot environment for security reasons.
To achieve this, set the variable "named_chrootdir" in /etc/rc.conf to
the directory with the chroot environment e.g. "${BIND_DIR}".
Note: named(8) requires writable directories under "/etc/namedb" which
specified by "directory" in "options" statement:
cache
keys
nta
Make sure to these directories exists with writable by "${BIND_USER}" user.
===========================================================================
Required to build:[
pkgtools/cwrappers]
Package options: readline, threads
Master sites:
SHA1: ab0b14f4fe6a818fb15673ea9cef3eead8f6a94b
RMD160: 6caf6e1a7ea03e311c6bcdd1cca63547e230f86b
Filesize: 6172.846 KB
Version history: (Expand)
- (2019-10-18) Updated to version: bind-9.14.7
- (2019-10-02) Package added to pkgsrc.se, version bind-9.14.5 (created)
CVS history: (Expand)
2019-10-18 16:26:06 by Benny Siegert | Files touched by this commit (2) | |
Log message:
Pullup ticket #6070 - requested by maya
net/bind914: security fix
Revisions pulled up:
- net/bind914/Makefile 1.11
- net/bind914/distinfo 1.9
---
Module Name: pkgsrc
Committed By: maya
Date: Wed Oct 16 20:51:59 UTC 2019
Modified Files:
pkgsrc/net/bind914: Makefile distinfo
Log message:
bind914: update to 9.14.7. security fix.
--- 9.14.7 released ---
5299. [security] A flaw in DNSSEC verification when transferring
mirror zones could allow data to be incorrectly
marked valid. (CVE-2019-6475) [GL #1252]
5298. [security] Named could assert if a forwarder returned a
referral, rather than resolving the query, when QNAME
minimization was enabled. (CVE-2019-6476) [GL #1051]
5297. [bug] Check whether a previous QNAME minimization fetch
is still running before starting a new one; return
SERVFAIL and log an error if so. [GL #1191]
5294. [func] Fallback to ACE name on output in locale, which does not
support converting it to unicode. [GL #846]
5293. [bug] On Windows, named crashed upon any attempt to fetch XML
statistics from it. [GL #1245]
5292. [bug] Queue 'rndc nsec3param' requests while signing inline
zone changes. [GL #1205]
--- 9.14.6 released ---
5289. [bug] Address NULL pointer dereference in rpz.c:rpz_detach.
[GL #1210]
5286. [contrib] Address potential NULL pointer dereferences in
dlz_mysqldyn_mod.c. [GL #1207]
5285. [port] win32: implement "-T maxudpXXX". [GL #837]
5283. [bug] When a response-policy zone expires, ensure that
its policies are removed from the RPZ summary
database. [GL #1146]
5282. [bug] Fixed a bug in searching for possible wildcard matches
for query names in the RPZ summary database. [GL #1146]
5281. [cleanup] Don't escape commas when reporting named's command
line. [GL #1189]
5280. [protocol] Add support for displaying EDNS option LLQ. [GL #1201]
5279. [bug] When loading, reject zones containing CDS or CDNSKEY
RRsets at the zone apex if they would cause DNSSEC
validation failures if published in the parent zone
as the DS RRset. [GL #1187]
|