./net/bind916, Berkeley Internet Name Daemon implementation of DNS, version 9.16

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 9.16.21, Package name: bind-9.16.21, Maintainer: pkgsrc-users

BIND, the Berkeley Internet Name Daemon. This package contains the BIND
9.16 release.

* New dnssec-policy statement to configure a key and signing policy for
zones, enabling automatic key regeneration and rollover.
* New network manager based on libuv.
* Added support for the new GeoIP2 geolocation API, libmaxminddb.
* Improved DNSSEC trust anchor configuration using the trust-anchors
statement, permitting configuration of trust anchors in DS as well as
DNSKEY format.
* YAML output for dig, mdig, and delv.

MESSAGE.rcd [+/-]

Package options: blacklist, readline, threads

Master sites:

RMD160: 57f41616424441caa6cd83e407f8a5043bd70e50
Filesize: 4939.273 KB

Version history: (Expand)

CVS history: (Expand)

   2021-10-07 16:43:07 by Nia Alarie | Files touched by this commit (962)
Log message:
net: Remove SHA1 hashes for distfiles
   2021-09-19 18:26:51 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
net/bind916: update to 9.16.21

--- 9.16.21 released ---

5711.	[bug]		"map" files exceeding 2GB in size failed to load due to
			a size comparison that incorrectly treated the file size
			as a signed integer. [GL #2878]

5710.	[port]		win32: incorrect parentheses resulted in the wrong
			sizeof() tests being used to pick the appropriate
			Windows atomic operations for the object's size.
			[GL #2891]

5709.	[cleanup]	Enum values throughout the code have been updated
			to use the terms "primary" and "secondary" instead of
			"master" and "slave", respectively. [GL #1944]

5708.	[bug]		The thread-local isc_tid_v variable was not properly
			initialized when running BIND 9 as a Windows Service,
			leading to a crash on startup. [GL #2837]

5705.	[bug]		Change #5686 altered the internal memory structure of
			zone databases, but neglected to update the MAPAPI value
			for zone files in "map" format. This caused named to
			attempt to load incompatible map files, triggering an
			assertion failure on startup. The MAPAPI value has now
			been updated, so named rejects outdated files when
			encountering them. [GL #2872]

5704.	[bug]		Change #5317 caused the EDNS TCP Keepalive option to be
			ignored inadvertently in client requests. It has now
			been fixed and this option is handled properly again.
			[GL #1927]

5701.	[bug]		named-checkconf failed to detect syntactically invalid
			values of the "key" and "tls" parameters used to define
			members of remote server lists. [GL #2461]

5700.	[bug]		When a member zone was removed from a catalog zone,
			journal files for the former were not deleted.
			[GL #2842]

5699.	[func]		Data structures holding DNSSEC signing statistics are
			now grown and shrunk as necessary upon key rollover
			events. [GL #1721]

5698.	[bug]		When a DNSSEC-signed zone which only has a single
			signing key available is migrated to use KASP, that key
			is now treated as a Combined Signing Key (CSK).
			[GL #2857]

5696.	[protocol]	Support for HTTPS and SVCB record types has been added.
			(This does not include ADDITIONAL section processing for
			these record types, only basic support for RR type
			parsing and printing.) [GL #1132]

5694.	[bug]		Stale data in the cache could cause named to send
			non-minimized queries despite QNAME minimization being
			enabled. [GL #2665]

5691.	[bug]		When a dynamic zone was made available in another view
			using the "in-view" statement, running "rndc freeze"
			always reported an "already frozen" error even though
			the zone was successfully frozen. [GL #2844]

5690.	[func]		dnssec-signzone now honors Predecessor and Successor
			metadata found in private key files: if a signature for
			an RRset generated by the inactive predecessor exists
			and does not need to be replaced, no additional
			signature is now created for that RRset using the
			successor key. This enables dnssec-signzone to gradually
			replace RRSIGs during a ZSK rollover. [GL #1551]
   2021-08-02 20:45:35 by John Klos | Files touched by this commit (1)
Log message:
Fixed COMMENT because package is at 9.16.
   2021-07-22 15:30:24 by Havard Eidnes | Files touched by this commit (2) | Package updated
Log message:
Upgrade net/bind916 to version 9.16.19.

Upstream changes:

        --- 9.16.19 released ---

5671.   [bug]           A race condition could occur where two threads were
                        competing for the same set of key file locks, leading to
                        a deadlock. This has been fixed. [GL #2786]

5670.   [bug]           create_keydata() created an invalid placeholder keydata
                        record upon a refresh failure, which prevented the
                        database of managed keys from subsequently being read
                        back. This has been fixed. [GL #2686]

5669.   [func]          KASP support was extended with the "check DS" \ 
                        Zones with "dnssec-policy" and \ 
                        configured now check for DS presence and can perform
                        automatic KSK rollovers. [GL #1126]

5668.   [bug]           Rescheduling a setnsec3param() task when a zone failed
                        to load on startup caused a hang on shutdown. This has
                        been fixed. [GL #2791]

5667.   [bug]           The configuration-checking code failed to account for
                        the inheritance rules of the "dnssec-policy" \ 
                        This has been fixed. [GL #2780]

5666.   [doc]           The safe "edns-udp-size" value was tweaked to \ 
match the
                        probing value from BIND 9.16 for better compatibility.
                        [GL #2183]

5665.   [bug]           If nsupdate sends an SOA request and receives a REFUSED
                        response, it now fails over to the next available
                        server. [GL #2758]

5664.   [func]          For UDP messages larger than the path MTU, named now
                        sends an empty response with the TC (TrunCated) bit set.
                        In addition, setting the DF (Don't Fragment) flag on
                        outgoing UDP sockets was re-enabled. [GL #2790]

5662.   [bug]           Views with recursion disabled are now configured with a
                        default cache size of 2 MB unless \ 
"max-cache-size" is
                        explicitly set. This prevents cache RBT hash tables from
                        being needlessly preallocated for such views. [GL #2777]

5661.   [bug]           Change 5644 inadvertently introduced a deadlock: when
                        locking the key file mutex for each zone structure in a
                        different view, the "in-view" logic was not \ 
                        This has been fixed. [GL #2783]

5658.   [bug]           Increasing "max-cache-size" for a running \ 
named instance
                        (using "rndc reconfig") did not cause the hash \ 
                        used by cache databases to be grown accordingly. This
                        has been fixed. [GL #2770]

5655.   [bug]           Signed, insecure delegation responses prepared by named
                        either lacked the necessary NSEC records or contained
                        duplicate NSEC records when both wildcard expansion and
                        CNAME chaining were required to prepare the response.
                        This has been fixed. [GL #2759]

5653.   [bug]           A bug that caused the NSEC3 salt to be changed on every
                        restart for zones using KASP has been fixed. [GL #2725]
   2021-07-20 09:23:04 by Rin Okuyama | Files touched by this commit (2)
Log message:
net/bind916: Oops, fix reversed ``#if''
   2021-07-20 08:41:46 by Rin Okuyama | Files touched by this commit (1)
Log message:
net/bind916 --disable-atomic is no longer supported
   2021-07-20 08:39:45 by Rin Okuyama | Files touched by this commit (8)
Log message:
net/bind916 Use atomic 32-bit integers where appropriate, revision++

Mostly taken from NetBSD base:

- For counters, make sure to use 32-bit integers for !_LP64 platforms.
  In the previous revisions, this is partially done, i.e., incomplete.

- For flags fit within 32-bit width, use 32-bit integers for everyone.
  In the previous, this is incomplete, and restricted for __NetBSD__.
  Fix and generalize to everyone.

- Make comments in patches more helpful.

Fix build for ILP32 platforms as reported in PR pkg/56315.

Thanks jklos@ for testing.
   2021-06-23 22:33:18 by Nia Alarie | Files touched by this commit (103)
Log message:
Revbump for MySQL default change