./net/bind911, Berkeley Internet Name Daemon implementation of DNS, version 9.11

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 9.11.20, Package name: bind-9.11.20, Maintainer: pkgsrc-users

BIND, the Berkeley Internet Name Daemon, version 9 is a major rewrite
of nearly all aspects of the underlying BIND architecture. Some
of the important features of BIND-9 are:

- DNS Security
- IP version 6
- DNS Protocol Enhancements
- Views
- Multiprocessor Support
- Improved Portability Architecture
- Full NSEC3 support
- Automatic zone re-signing
- New update-policy methods tcp-self and 6to4-self

This package contains the BIND 9.11 release.

- Catalog Zones, a new method for provisioning servers
- "dnstap", a fast and flexible method of capturing and logging
DNS traffic.
- "dyndb", a new API for loading zone data from an external database
- dnssec-keymgr, a new key mainenance utility
- mdig, an alternate version of dig utility
- And more...

MESSAGE.rcd [+/-]

Required to run:
[security/openssl]

Required to build:
[pkgtools/cwrappers]

Package options: inet6, readline, threads

Master sites:

SHA1: ff6ad0d3f9282a77786e93eb889154008ef1ccdf
RMD160: ce7f8bb446d63c1b4dbdccf7e6294b87fdba6101
Filesize: 8051.468 KB

Version history: (Expand)


CVS history: (Expand)


   2020-06-18 16:06:21 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
net/bind911: update to 9.11.20

Update bind911 to 9.11.20, fixing CVE-2020-8619.

	--- 9.11.20 released ---

5437.	[bug]		Fix a data race in lib/dns/resolver.c:log_formerr().
			[GL #1808]

5434.	[security]	It was possible to trigger an INSIST in
			lib/dns/rbtdb.c:new_reference() with a particular zone
			content and query patterns. (CVE-2020-8619) [GL #1111]
			[GL #1718]

5433.	[test]		Prevent the resolver system test for change #5395
			(max-recursion-queries) from failing on systems without
			IPv6 support. [GL #1873]

5428.	[bug]		Clean up GSSAPI resources in nsupdate only after taskmgr
			has been destroyed. Thanks to Petr Menšík. [GL !3316]

5427.	[bug]		Fix a regression in address/prefix length checking that
			should have been a warning instead of an error.
			[GL #1849]

5415.	[test]		Address race in dnssec system test that led to
			test failures. [GL #1852]

5413.	[test]		Address race in autosign system test that led to
			test failures. [GL #1852]

5412.	[bug]		'provide-ixfr no;' failed to return up-to-date responses
			when the serial was greater than or equal to the
			current serial. [GL #1714]

5409.	[performance]	When looking up NSEC3 data in a zone database, skip the
			check for empty non-terminal nodes; the NSEC3 tree does
			not have any. [GL #1834]

5408.	[protocol]	Print Extended DNS Errors if present in OPT record.
			[GL #1835]

5405.	[bug]		'named-checkconf -p' could include spurious text in
			server-addresses statements due to an uninitialized DSCP
			value. [GL #1812]
   2020-06-02 10:25:05 by Adam Ciarcinski | Files touched by this commit (1689)
Log message:
Revbump for icu
   2020-05-30 16:20:37 by Takahiro Kambe | Files touched by this commit (3)
Log message:
net/bind911: fix build problem if PKG_DEVELOPER is enabled

There was build problem after pkg-config was aded to USE_TOOLS if
PKG_DEVELOPER is enabled, causing WRKDIR reference.

Fix method is dirty (or quick) hack.
   2020-05-21 14:45:47 by Jonathan Perkin | Files touched by this commit (2)
Log message:
bind*: Require pkg-config.
   2020-05-19 12:21:25 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
net/bind911: update to 9.11.19

Update bind911 to 9.11.19 (BIND 9.11.19).

	--- 9.11.19 released ---

5404.	[bug]		'named-checkconf -z' could incorrectly indicate
			success if errors were found in one view but not in a
			subsequent one. [GL #1807]

5398.	[bug]		Named could fail to restart if a zone with a double
			quote (") in its name was added with 'rndc addzone'.
			[GL #1695]

5395.	[security]	Further limit the number of queries that can be
			triggered from a request.  Root and TLD servers
			are no longer exempt from max-recursion-queries.
			Fetches for missing name server address records
			are limited to 4 for any domain. (CVE-2020-8616)
			[GL #1388]

5394.	[cleanup]	Named formerly attempted to change the effective UID and
			GID in named_os_openfile(), which could trigger a
			spurious log message if they were already set to the
			desired values. This has been fixed. [GL #1042]
			[GL #1090]

5390.	[security]	Replaying a TSIG BADTIME response as a request could
			trigger an assertion failure. (CVE-2020-8617)
			[GL #1703]

5387.	[func]		Warn about AXFR streams with inconsistent message IDs.
			[GL #1674]
   2020-04-18 08:12:28 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
net/bind911: update to 9.11.18

Update bind911 to 9.11.18 (BIND 9.11.18).

	--- 9.11.18 released ---

5380.	[contrib]	Fix building MySQL DLZ modules against MySQL 8
			libraries. [GL #1678]

5379.	[doc]		Clean up serve-stale related options that leaked into
			the BIND 9.11 release. [GL !3265]

5378.	[bug]		Receiving invalid DNS data was triggering an assertion
			failure in nslookup. [GL #1652]

5377.	[feature]	Detect atomic operations support on ppc64le. Thanks to
			Petr Menšík. [GL !3295]

5376.	[bug]		Fix ineffective DNS rebinding protection when BIND is
			configured as a forwarding DNS server. Thanks to Tobias
			Klein. [GL #1574]

5368.	[bug]		Named failed to restart if 'rndc addzone' names
			contained special characters (e.g. '/'). [GL #1655]

	--- 9.11.17 released ---

5358.	[bug]		Inline master zones whose master files were touched
			but otherwise unchanged and were subsequently reloaded
			may have stopped re-signing. [GL !3135]

5357.	[bug]		Newly added RRSIG records with expiry times before
			the previous earliest expiry times might not be
			re-signed in time.  The was a side effect of 5315.
			[GL !3137]
   2020-02-20 17:38:16 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
net/bind911: update to 9.11.16

Update bind911 to 9.11.16 (BIND 9.11.16).

	--- 9.11.16 released ---

5353.	[doc]		Document port and dscp parameters in forwarders
			configuration option. [GL #914]

5352.	[bug]		Correctly handle catalog zone entries containing
			characters that aren't legal in filenames. [GL #1592]

5351.	[bug]		CDS / CDNSKEY consistency checks failed to handle
			removal records. [GL #1554]

5350.	[bug]		When a view was configured with class CHAOS,
			dns_view_findzonecut() could incorrectly return
			success for non-existent records. [GL #1540]

5348.	[bug]		dnssec-settime -Psync was not being honoured.
			[GL !2925]
   2020-01-23 09:00:01 by Takahiro Kambe | Files touched by this commit (1) | Package updated
Log message:
net/bind911: update HOMEPAGE

Update HOMEPAGE to use https://.