pkgsrc.se | The NetBSD package collection

Subject: CVS commit: pkgsrc/net/bind918
From: Takahiro Kambe
Date: 2025-02-19 15:40:05
Message id: 20250219144005.57A1CFBE0@cvs.NetBSD.org

Log Message:
net/bind918: update to 9.18.34

Notes for BIND 9.18.34

New Features

* Print the expiration time of the stale records.

  Print the expiration time of the stale RRsets in the cache dump.

Removed Features

* Remove –with-tuning=small/large configuration option.

  The configuration option –with-tuning has been removed as it is no longer
  required or desired.

Bug Fixes

* Fix rndc flushname for longer name server names.

  rndc flushname did not work for name server names longer than 16
  bytes. This has been fixed. [GL #3885]

* Recently expired records could be returned with a timestamp in future.

  Under rare circumstances, an RRSet that expired at the time of the query
  could be returned with a TTL in the future. This has been fixed.

  As a side effect, the expiration time of expired RRSets is no longer
  returned in a cache dump. [GL #5094]

* YAML string not terminated in negative response in delv.

  [GL #5098]

* Apply the memory limit only to ADB database items.

  Under heavy load, a resolver could exhaust the memory available for
  storing the information in the Address Database (ADB), effectively
  discarding previously stored information in the ADB.  The memory used to
  retrieve and provide information from the ADB is no longer subject to the
  same memory limits that are applied to

  the Address Database. [GL #5127]

* Avoid unnecessary locking in the zone/cache database.

  Lock contention among many worker threads referring to the same database
  node at the same time is now prevented.  This improves zone and cache
  database performance for any heavily contended database nodes. [GL #5130]

* Improve the resolver performance under attack.

  Previously, a remote client could force the DNS resolver component to
  consume memory faster than resources were cleaned up for the canceled
  resolver fetches, due to the recursive-clients limit.  If such a traffic
  pattern was sustained for a long period of time, the DNS server might
  eventually run out of the available memory.  This has been fixed.

  It should be noted that, under such a heavy attack, no outgoing DNS
  queries will be successful in BIND 9 versions both with and without the
  fix, as the generated traffic pattern will consume all the available slots
  for the recursive clients.

Files:

Revision	Action	file
1.47	modify	pkgsrc/net/bind918/Makefile
1.26	modify	pkgsrc/net/bind918/distinfo