This is NSD Name Server Daemon (NSD).
NSD is a complete implementation of an authoritative DNS nameserver.
2024-04-15 16:12:39 by Ryo ONODERA | Files touched by this commit (2) |
Log message:
net/nsd: Update to 4.9.1
Changelog:
4 April 2024: Jeroen
- Use rooted temporary path in makedist.sh.
- Tag for 4.9.1.
3 April 2024: Jeroen
- Replace multiple strcat and strcpy by snprintf.
- Tag for 4.9.0.
26 March 2024: Jeroen
- Test if debug is available in do-tests.
- Enforce timeout from NSD in ixfr_gone test.
- Update expressions in ixfr_and_restart test.
- Make algorithm explicit in control-repattern test.
- Switch algorithm to hmac-256 for testplan_mess test.
- Tag for 4.9.0rc1.
25 March 2024: Jeroen
- Fix timing sensitivity in ixfr_outsync test.
22 March 2024: Jeroen
- Set up doc/RELNOTES for upcoming release.
26 February 2024: Willem
- Merge #316: Fix to reap defunct children by the reload process that
emerged when some serve child processes were still serving TCP
request while the others had already quit, while the reload process
was waiting for the signal from the backup/old main process that all
children exited.
- Fix (also from Merge #316) to reap exited children more frequently
from server main loop for processes that exited during reload, but
missed the initial reaping at start of the main loop because they
took somewhat longer to exit.
16 February 2024: Wouter
- Fix compile with memclean for xfrd nsd.db close.
- In xfrd del secondary zone, the timer could perhaps have
event_added, and if so, it would not be event_del if a tcp connection
is active at the time. This could cause the libevent event lists
to fail. Also fix to make sure to set event_added for the
nsd-control ssl nonblocking handshake and check event_added there
too, for extra certainty.
15 February 2024: Willem
- Merge #304: Support for Catalog zones version "2" as specified in
RFC 9432. Both the consumer as well as the producer role are
implemented, but only a single catalog consumer zone is allowed.
The "coo" property, only relevant with multiple catalog consumer,
is therefore not supported. The "group" property is supported.
Have a look at the nsd.conf man page for details on how to
configure and use catalog zones.
12 February 2024: Willem
- Allow SOA apex queries to otherwise with allow-query protected zones
for clients matching a provide-xfr rule, because clients that are
allowed to transfer the zone need to be able to query SOA at the
apex preceding the actual transfer.
6 February 2024: Wouter
- Fix #313: nsd 4.8 stats with implausible spikes.
16 January 2024: Wouter
- Move acx_nlnetlabs.m4 to version 48, with ssp and getaddrinfo
include check.
14 January 2024: Wouter
- Move acx_nlnetlabs.m4 to version 47, with crypt32 check.
8 December 2023: Wouter
- Merge #309: More RFC 8499 compliance.
- Fix #310: NSD stats contain the terms "master" and "slave".
- Fix control-reconfig-xfrd test for zonestatus primary that is
printed by nsd-control zonestatus.
7 December 2023: Wouter
- Merge #307 from anandb-ripencc: Many improvements to the nsd.conf
man page.
- Fix #308: Deprecate "multi-master-check" in favour of
"multi-primary-check".
6 December 2023: Wouter
- Fix to sync the tests script file common.sh.
- Update test script file common.sh.
- Fix #306: Missing AC_SUBST(dbdir) breaks installation with 4.8.0.
- Fix for #306: Create directory for xfrd.state and zone.list files
in make install.
|
2023-12-09 07:50:28 by Ryo ONODERA | Files touched by this commit (2) | |
Log message:
nsd: Update to 4.8.0
Changelog:
29 November 2023: Wouter
- Tag for 4.8.0rc1.
28 November 2023: Wouter
- Set up doc/RELNOTES for upcoming release.
- Fix unit test kill_from_pidfile function for nonexistent files
because the argument is evaluated before the test expression.
- Fix rr-test to also convert the contents of the just written output
file.
- Fix test set to remove -f nsd.db and rm nsd.db commands.
- Fix test set to remove difffile option.
27 November 2023: Jeroen
- Fix #14: Set timeout to 3s when servicing remaining TCP connections.
- Fix: Always instate write handler after reading queries from TCP.
- Answer first query on connections accepted just before reload.
27 November 2023: Wouter
- Merge #305: faster stats. Statistics can be gathered while a reload
is in progress.
27 November 2023: Willem
- Merge #302: Test package fixes. Correct Auxfiles, kill_from_pidfile
function and fix drop_updates, rr-test and xfr_update tests.
1 November 2023: Jeroen
- Remove on-disk database.
31 October 2023: Wouter
- Merge #301: improve the logging of ixfr fallbacks to axfr.
30 October 2023: Jeroen
- Fix processing of consolidated IXFRs.
30 October 2023: Wouter
- Fix for interprocess communication to set quit sync command from
main process explicitly.
3 October 2023: Wouter
- Merge #281: Proxy protocol. An implementation of PROXYv2 for NSD.
It can be configured with proxy-protocol-port: portnum with the
port number of the interface on which proxy traffic is handled.
The interface can support proxy traffic for UDP, TCP and TLS.
21 September 2023: Wouter
- Merge #295: Update e-mail addresses, add ref to support contracts
31 August 2023: Wouter
- Fix autoconf 2.69 warnings in configure.
14 July 2023: Wouter
- Merge #287: Update nsd.conf.5.in.
11 July 2023: Wouter
- Fix unused variable warning in unit test of udb.
22 June 2023: Wouter
- Fix #284: dnstap_collector.c: SOCK_NONBLOCK is not available on
Mac/Darwin.
7 June 2023: Wouter
- Merge #282: Improve nsd.conf man page.
- Fix unused but set variable warning.
- Fix #283: Compile failure in remote.c when --disable-bind8-stats
and --without-ssl are specified.
|
2023-10-25 00:11:51 by Thomas Klausner | Files touched by this commit (2298) |
Log message:
*: bump for openssl 3
|
2023-07-07 12:37:53 by Ryo ONODERA | Files touched by this commit (2) |
Log message:
nsd: Update to 4.7.0
Changelog:
This release adds a script for bash autocompletion for nsd-control. Also
nsd-control can be configured to use unencrypted operation also when
compiled without openssl. There is also a systemd service unit example
file contributed. The dnstap log service can be contacted over TCP, with
the dnstap-ip: ip option. It is also possible to use TLS, with
dnstap-tls, it is enabled by default, and can be configured with the
dnstap-server-name, dnstap-cert-bundle, dnstap-client-key-file and
dnstap-client-cert-file options. The configure option
--enable-root-server is obsolete, it is no longer used and defaults to
on. In addition, the build file should support multicore build with
flex and bison more easily.
FEATURES:
Merge #263: Add bash autocompletion script for nsd-control.
Fix #267: Allow unencrypted local operation of nsd-control.
Merge #269 from Fale: Add systemd service unit.
Fix #271: DNSTAP over TCP, with dnstap-ip: "127.0.0.1@3333".
dnstap over TLS, default enabled. Configured with the
options dnstap-tls, dnstap-tls-server-name, dnstap-tls-cert-bundle,
dnstap-tls-client-key-file and dnstap-tls-client-cert-file.
BUG FIXES:
Fix #239: -Wincompatible-pointer-types warning in remote.c.
Fix configure for -Wstrict-prototypes.
Fix #262: Zone(s) not synchronizing properly via TLS.
Fix for #262: More error logging for SSL read failures for zone
transfers.
Merge #265: Fix C99 compatibility issue.
Fix #266: Fix build with --without-ssl.
Fix for #267: neater variable definitions.
Fix #270: reserved identifier violation.
Fix to clean more memory on exit of dnstap collector.
Fix dnstap to not check socket path when using IP address.
Fix to compile without ssl with dnstap-tls code.
Dnstap tls code fixes.
Fix include brackets for ssl.h include statements, instead of quotes.
Fix static analyzer warning about nsd_event_method initialization.
Fix #273: Large TXT record breaks AXFR.
Fix ixfr create from adding too many record types.
Fix cirrus script for submit to coverity scan to libtoolize
the configure script components config.guess and config.sub.
Fix readme status badge links.
make depend.
Fix for build to run flex and bison before compiling code that needs
the headers.
Fix to remove unused whitespace from acx_nlnetlabs.m4 and config.h.
For #279: Note that autoreconf -fi creates the configure script
and also the needed auxiliary files, for autoconf 2.69 and 2.71.
Fix unused variable warning in unit test, from clang compile.
Fix #240: Prefix messages originating from verifier.
Fix #275: Drop unnecessary root server checks.
|
2023-01-08 20:34:29 by Ryo ONODERA | Files touched by this commit (2) |
Log message:
nsd: Update to 4.6.1
CHangelog:
4.6.1
================
FEATURES:
- Set ALPN "dot" token during connection establishment as per RFC9103
section 7.1 (Thanks Cesar Kuroiwa).
- Add SVCB dohpath support
BUG FIXES:
- Fix static analyzer reports, fix wrong log print when skipping xfr,
fix to print error on pipe read fail, and assert an xfr is in
progress during packet checks.
- Use AC_PROG_CC_STDC with autoconf versions prior to 2.70.
- Add missing documentation for zone verification.
- Fix #212: Change commandline control actions to always log.
- Merge #231 from moritzbuhl: Fix checking if nonblocking sockets work
on OpenBSD.
- Change zone parsing to accept non-trailing newline.
|
2022-08-03 19:14:11 by Ryo ONODERA | Files touched by this commit (2) | |
Log message:
nsd: Update to 4.6.0
Changelog:
This release adds the zone verification support from the CreDNS code.
There are also some bug fixes in the ixfr out code.
Zone verification can start a verifier program that reads the new zone
data. It can reject the update. Or process the new zone data. The intent
is for a DNSSEC verifier to inspect the zone before it is passed on with
zone transfer or served to clients.
The zone verification can be enabled with enable: yes in the verify
section in nsd.conf. You can then list the interfaces the NSD listens on
while the verifier is active, so it can send queries for the new zone
contents. With verify-zones: yes zones are verified by default. The
command that is executed can be set with the verifier: ldns-verify-zone
option. With verifier-count the max number of concurrent verifiers can
be set. With the verifier-feed-zone: yes option the zone can be input
on stdin to the verifier program. A timeout to stop the verifier can be
set with the verifier-timeout option.
Per zone options can also be set for a pattern or for a zone, for zone
verification. With verify-zone the zone verification can be enabled
per zone. The verifier can be set per zone. And the verifier-feed-zone
and verifier-timeout options can be controlled per zone.
FEATURES:
Port zone-verification from CreDNS to NSD4.
BUG FIXES:
Fix static analyzer reports on ixfrcreate temp file.
Fixup wrong ixfrcreate fread return check.
|
2022-06-16 18:23:01 by Ryo ONODERA | Files touched by this commit (2) |
Log message:
nsd: Update to 4.5.0
Changelog:
6 May 2022: Wouter
- Merge #209: IXFR out
This adds IXFR out functionality to NSD. NSD can copy IXFRs from
upstream to downstream clients, or create IXFRs from zonefiles.
The options store-ixfr: yes and create-ixfr: yes can be used to
turn this on. Default is turned off. The options ixfr-number and
ixfr-size can be used to tune the number of IXFR transfers and
total data size stored. This is configured per zone, the IXFRs
are served to the hosts that are allowed to perform zone transfers.
And if TSIG is configured, signed with the same key. The content
is stored to file if a zonefile is configured for the zone, in
the zonefile.ixfr and zonefile.ixfr.2, .. files. They contain
readable text format. The number of IXFRs is num.rixfr in
statistics output, also per zone if per zone statistics are enabled.
If offline, nsd-checkzone -i can create ixfr files.
NSD already supports requesting IXFRs, this addition allows NSD
to serve IXFR transfers to clients.
NSD stops responding with NOTIMPL to IXFR requests, also for zones
that do not have IXFR enabled. The clients gets a full zone reply
or a status reply if the serial is up to date.
- set version to 4.5.0 for feature change.
- Tag for 4.5.0rc1 release. It became the 4.5.0 release on 13 May 2022.
14 April 2022: Wouter
- Update cirrus script FreeBSD version.
25 March 2022: Wouter
- Fix spelling error in comment in svcbparam_lookup_key.
2 March 2022: Wouter
- Fix code analyzer zero divide warning.
- Fix code analyzer large value with assertion.
- Fix another code analyzer zero divide warning.
- Fix code analyzer warning about uninitialized temp storage in loop.
10 February 2022: Wouter
- Tag for 4.4.0rc1 release. This became 4.4.0 release on 17 Feb 2022,
the code repository continues with version 4.4.1.
9 February 2022: Wouter
- Fix unit tests for nds-control-setup exit code and the
xfrd-tcp-max default.
7 February 2022: Wouter
- Merge #207 Sync nsd-control-setup with unbound-control-setup to
generate certificates with SANs.
28 January 2022: Wouter
- Fix #206: build with --without-ssl fails.
27 January 2022: Wouter
- current code branch continues as version 4.4.0, because of added
feature.
26 January 2022: Wouter
- Merge #193: Lower memory usage of the XFRD process by default.
Instead of preallocating all elements, they are allocated when used.
There are options for managing the memory usage, defaults are the
same as before. xfrd-tcp-max sets the number of sockets for tcp
connections that xfrd can make to download zone contents. And
xfrd-tcp-pipeline the number of simultaneous transfers over the
same connection.
12 January 2022: Wouter
- Fix to document nsd-checkzone -p in the man page for nsd-checkzone.
7 January 2022: Wouter
- Fix to change file mode before changing file owner for the
nsd-control unix socket file.
3 January 2022: Wouter
- Merge #204 from jonathangray: correct some spelling mistakes.
15 December 2021: Wouter
- Fix #200: nsd-checkzone succeeds even with incorrect serial in SOA
record.
2 December 2021: Wouter
- Fix socket_partitioning unit test for FreeBSD.
- Fix SVCB test to work around older dig with drill.
- Fix unit test to not syslog setlogin failures.
|
2021-12-15 15:50:58 by Fredrik Pettai | Files touched by this commit (2) | |
Log message:
nsd: Update to 4.3.9
The most important update, which caused crashes in previous version:
23 August 2021: Wouter
- Fix #189: nsd 4.3.7 crash answer_delegation: Assertion
`query->delegation_rrset' failed.
Rest of the (long) Changelog here:
https://github.com/NLnetLabs/nsd/blob/NSD_4_3_9_REL/doc/ChangeLog
|