Path to this page:
./
net/bind914,
Berkeley Internet Name Daemon implementation of DNS, version 9.14
Branch: pkgsrc-2020Q1,
Version: 9.14.11,
Package name: bind-9.14.11,
Maintainer: pkgsrc-usersBIND, the Berkeley Internet Name Daemon. This package contains the BIND
9.14 release.
* A new "plugin" mechanism has been added to allow query functionality
to be extended using dynamically loadable libraries. The "filter-aaaa"
feature has been removed from named and is now implemented as a
plugin.
* QNAME minimization, as described in RFC 7816, is now supported.
* Socket and task code has been refactored to improve performance on
most modern machines.
* "Root key sentinel" support, enabling validating resolvers to indicate
via a special query which trust anchors are configured for the root
zone.
* Secondary zones can now be configured as "mirror" zones; their
contents are transferred in as with traditional slave zones, but are
subject to DNSSEC validation and are not treated as authoritative data
when answering. This makes it easier to configure a local copy of the
root zone as described in RFC 7706.
* The "validate-except" option allows configuration of domains below
which DNSSEC validation should not be performed.
* The default value of "dnssec-validation" is now "auto".
* IDNA2008 is now supported when linking with libidn2.
* "named -V" now outputs the default paths for files used by named and
other tools.
MESSAGE.rcd [+/-]===========================================================================
$NetBSD: MESSAGE.rcd,v 1.1 2019/06/20 12:26:33 jperkin Exp $
Please consider running BIND under the pseudo user account "${BIND_USER}"
in a chroot environment for security reasons.
To achieve this, set the variable "named_chrootdir" in /etc/rc.conf to
the directory with the chroot environment e.g. "${BIND_DIR}".
Note: named(8) requires writable directories under "/etc/namedb" which
specified by "directory" in "options" statement:
cache
keys
nta
Make sure to these directories exists with writable by "${BIND_USER}" user.
===========================================================================
Package options: readline, threads
Master sites:
SHA1: f65a3eb9183cb235ba313101d8f7db648cce6d07
RMD160: 9d7f376f63d5b39a1ce76414291160254321c20b
Filesize: 6162.305 KB
Version history: (Expand)
- (2020-04-20) Package has been reborn
- (2020-04-19) Package added to pkgsrc.se, version bind-9.14.11 (created)
CVS history: (Expand)
2020-05-20 21:42:25 by Benny Siegert | Files touched by this commit (2) |  |
Log message:
Pullup ticket #6209 - requested by taca
net/bind914: security fix
Revisions pulled up:
- net/bind914/Makefile 1.21
- net/bind914/distinfo 1.15
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 10:23:04 UTC 2020
Modified Files:
pkgsrc/net/bind914: Makefile distinfo
Log message:
net/bind914: update to 9.14.12
Update bind914 to 9.14.12 (BIND 9.14.12).
Note from release announce:
BIND 9.14.12 is the final planned release in the now End-of-Life (EOL)
9.14 branch.
--- 9.14.12 released ---
5395. [security] Further limit the number of queries that can be
triggered from a request. Root and TLD servers
are no longer exempt from max-recursion-queries.
Fetches for missing name server address records
are limited to 4 for any domain. (CVE-2020-8616)
[GL #1388]
5390. [security] Replaying a TSIG BADTIME response as a request could
trigger an assertion failure. (CVE-2020-8617)
[GL #1703]
5376. [bug] Fix ineffective DNS rebinding protection when BIND is
configured as a forwarding DNS server. Thanks to Tobias
Klein. [GL #1574]
5358. [bug] Inline master zones whose master files were touched
but otherwise unchanged and were subsequently reloaded
may have stopped re-signing. [GL !3135]
5357. [bug] Newly added RRSIG records with expiry times before
the previous earliest expiry times might not be
re-signed in time. This was a side effect of 5315.
[GL !3137]
|
Browse pkgsrc
(this page)
net
CVSweb ] [ 
Homepage ] [ 
RSS ] [ 
Required by ] [ 
Add to tracker ]
New packages: