./net/nsd, Authoritative-only DNS server

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 4.6.0, Package name: nsd-4.6.0, Maintainer: pettai

This is NSD Name Server Daemon (NSD).

NSD is a complete implementation of an authoritative DNS nameserver.
For further information about what NSD is and what NSD is not please
consult the REQUIREMENTS document which is a part of this distribution
(thanks to Olaf).


Required to run:
[security/openssl] [devel/libevent]

Required to build:
[pkgtools/cwrappers]

Package options: inet6

Master sites:

Filesize: 1243.684 KB

Version history: (Expand)


CVS history: (Expand)


   2022-08-03 19:14:11 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
nsd: Update to 4.6.0

Changelog:
This release adds the zone verification support from the CreDNS code.
There are also some bug fixes in the ixfr out code.

Zone verification can start a verifier program that reads the new zone
data. It can reject the update. Or process the new zone data. The intent
is for a DNSSEC verifier to inspect the zone before it is passed on with
zone transfer or served to clients.

The zone verification can be enabled with enable: yes in the verify
section in nsd.conf. You can then list the interfaces the NSD listens on
while the verifier is active, so it can send queries for the new zone
contents. With verify-zones: yes zones are verified by default. The
command that is executed can be set with the verifier: ldns-verify-zone
option. With verifier-count the max number of concurrent verifiers can
be set. With the verifier-feed-zone: yes option the zone can be input
on stdin to the verifier program. A timeout to stop the verifier can be
set with the verifier-timeout option.

Per zone options can also be set for a pattern or for a zone, for zone
verification. With verify-zone the zone verification can be enabled
per zone. The verifier can be set per zone. And the verifier-feed-zone
and verifier-timeout options can be controlled per zone.

FEATURES:
    Port zone-verification from CreDNS to NSD4.

BUG FIXES:
    Fix static analyzer reports on ixfrcreate temp file.
    Fixup wrong ixfrcreate fread return check.
   2022-06-16 18:23:01 by Ryo ONODERA | Files touched by this commit (2)
Log message:
nsd: Update to 4.5.0

Changelog:
6 May 2022: Wouter
	- Merge #209: IXFR out
	  This adds IXFR out functionality to NSD. NSD can copy IXFRs from
	  upstream to downstream clients, or create IXFRs from zonefiles.
	  The options store-ixfr: yes and create-ixfr: yes can be used to
	  turn this on. Default is turned off. The options ixfr-number and
	  ixfr-size can be used to tune the number of IXFR transfers and
	  total data size stored. This is configured per zone, the IXFRs
	  are served to the hosts that are allowed to perform zone transfers.
	  And if TSIG is configured, signed with the same key. The content
	  is stored to file if a zonefile is configured for the zone, in
	  the zonefile.ixfr and zonefile.ixfr.2, .. files. They contain
	  readable text format. The number of IXFRs is num.rixfr in
	  statistics output, also per zone if per zone statistics are enabled.
	  If offline, nsd-checkzone -i can create ixfr files.
	  NSD already supports requesting IXFRs, this addition allows NSD
	  to serve IXFR transfers to clients.
	  NSD stops responding with NOTIMPL to IXFR requests, also for zones
	  that do not have IXFR enabled. The clients gets a full zone reply
	  or a status reply if the serial is up to date.
	- set version to 4.5.0 for feature change.
	- Tag for 4.5.0rc1 release. It became the 4.5.0 release on 13 May 2022.

14 April 2022: Wouter
	- Update cirrus script FreeBSD version.

25 March 2022: Wouter
	- Fix spelling error in comment in svcbparam_lookup_key.

2 March 2022: Wouter
	- Fix code analyzer zero divide warning.
	- Fix code analyzer large value with assertion.
	- Fix another code analyzer zero divide warning.
	- Fix code analyzer warning about uninitialized temp storage in loop.

10 February 2022: Wouter
	- Tag for 4.4.0rc1 release. This became 4.4.0 release on 17 Feb 2022,
	  the code repository continues with version 4.4.1.

9 February 2022: Wouter
	- Fix unit tests for nds-control-setup exit code and the
	  xfrd-tcp-max default.

7 February 2022: Wouter
	- Merge #207 Sync nsd-control-setup with unbound-control-setup to
	  generate certificates with SANs.

28 January 2022: Wouter
	- Fix #206: build with --without-ssl fails.

27 January 2022: Wouter
	- current code branch continues as version 4.4.0, because of added
	  feature.

26 January 2022: Wouter
	- Merge #193: Lower memory usage of the XFRD process by default.
	  Instead of preallocating all elements, they are allocated when used.
	  There are options for managing the memory usage, defaults are the
	  same as before. xfrd-tcp-max sets the number of sockets for tcp
	  connections that xfrd can make to download zone contents. And
	  xfrd-tcp-pipeline the number of simultaneous transfers over the
	  same connection.

12 January 2022: Wouter
	- Fix to document nsd-checkzone -p in the man page for nsd-checkzone.

7 January 2022: Wouter
	- Fix to change file mode before changing file owner for the
	  nsd-control unix socket file.

3 January 2022: Wouter
	- Merge #204 from jonathangray: correct some spelling mistakes.

15 December 2021: Wouter
	- Fix #200: nsd-checkzone succeeds even with incorrect serial in SOA
	  record.

2 December 2021: Wouter
	- Fix socket_partitioning unit test for FreeBSD.
	- Fix SVCB test to work around older dig with drill.
	- Fix unit test to not syslog setlogin failures.
   2021-12-15 15:50:58 by Fredrik Pettai | Files touched by this commit (2) | Package updated
Log message:
nsd: Update to 4.3.9

The most important update, which caused crashes in previous version:

23 August 2021: Wouter
	- Fix #189: nsd 4.3.7 crash answer_delegation: Assertion
	 `query->delegation_rrset' failed.

Rest of the (long) Changelog here:
	https://github.com/NLnetLabs/nsd/blob/NSD_4_3_9_REL/doc/ChangeLog
   2021-10-26 13:07:15 by Nia Alarie | Files touched by this commit (958)
Log message:
net: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Not committed (merge conflicts...):

net/radsecproxy/distinfo

The following distfiles could not be fetched (fetched conditionally?):

./net/citrix_ica/distinfo citrix_ica-10.6.115659/en.linuxx86.tar.gz
./net/djbdns/distinfo dnscache-1.05-multiple-ip.patch
./net/djbdns/distinfo djbdns-1.05-test28.diff.xz
./net/djbdns/distinfo djbdns-1.05-ignoreip2.patch
./net/djbdns/distinfo djbdns-1.05-multiip.diff
./net/djbdns/distinfo djbdns-cachestats.patch
   2021-10-07 16:43:07 by Nia Alarie | Files touched by this commit (962)
Log message:
net: Remove SHA1 hashes for distfiles
   2021-08-07 18:25:08 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
nsd: Update to 4.3.7

Changelog:
22 July 2021: Wouter
	- tag 4.3.7 release, with the fixes between rc1 and this release.

20 July 2021: Wouter
	- Fix typo in xfrd-tcp.c.

15 July 2021: Wouter
	- tag for 4.3.7rc1.
	- Fix compile of cookies on FreeBSD without IPv6.
	- Fix for loop initial declaration for nonc99 compiler.

14 July 2021: Wouter
	- Fix truncate test for EDNS COOKIE making one less RR is added.
	- Attempt to fix gcc11 warning.

13 July 2021: Willem
	- Fixes for child server processes getting out of sync with the
	  dnstap-collector process

13 July 2021: Willem
	- Interoperable DNS Cookies support as per RFC7873 and RFC9018

9 July 2021: Willem
	- Client side DNS Zone Transfer-over-TLS (XoT) support as per
	  draft-ietf-dprive-xfr-over-tls

29 June 2021: Willem
	- Fix #168: Buffer overflow in the dname_to_string() function

14 June 2021: Wouter
	- Update configure nonblocking test to use host.

25 May 2021: Wouter
	- Fix #179: log notice and server-count.

21 May 2021: Wouter
	- Test code has -q option for quiet output.

17 May 2021: Wouter
	- Update the ACX_CHECK_NONBLOCKING_BROKEN test for the configure
	  script.

7 May 2021: Wouter
	- Fix #176: please review Loglevel on missing zonefile.

6 May 2021: Wouter
	- Fix #174: NS Records below delegation are not ignored (nsd-checkzone
	  also does not raise any issue).

4 May 2021: Wouter
	- Fix SVCB sort call sizeof to be the size of the elements sorted.

29 April 2021: Tom
	- Implement Syntax of SVCB and HTTPS RR type as per draft-ietf-dnsop-svcb-https

13 April 2021: Wouter
	- Fix for #128: Skip over sendmmsg invalid argument when port is zero.
	- Fix #171: Invalid negative response (NSEC3) after IXFR.
	- Fix to make nsec3_chain_find_prev return NULL if one nsec3 left.
	- remove debug settings from unit test.

9 April 2021: Wouter
	- Fix for #170: Fix build warnings when IPv6 is disabled.
	- Fix #170: Disabled IPv6 and DNSTAP enabled triggers a build error.

30 March 2021: Wouter
	- Fix configure failure for enable systemd because of autoconf.
	- This became release 4.3.6, the repository continues for 4.3.7
	  in development.

29 March 2021: Wouter
	- Note unlisted changes in RELNOTES and prepare for 4.3.6rc1 tag.

29 March 2021: Willem
	- Per zone Access Control List for queries
	  with an allow-query: option.

24 March 2021: Wouter
	- Update acx_nlnetlabs.m4 to version 38, fix deprecation test.
	- Fix configure to use header checks with compile.
	- Fix warning about unused function log_addr.

18 March 2021: Tom
	- Add Extended DNS Errors RFC8914

15 March 2021: Wouter
	- Fix double config.h include in configlexer.c
	- Fix to remove configyyrename from makedist.sh and also
	  update the flex and bison rules there to add the "c_" prefix.

13 March 2021: Willem
	- Fix #154: TXT with parentheses fails in 4.3.5.
	- Align parsing of TXT elements with how bind does it.
	- A -p option to nsd-checkzone to print a successfully read zone.

12 March 2021: Wouter
	- Fix that wildcard is printed as a star instead of escaped, in
	  logs and in written zone files.
	- Fix unit test for wildcard printout change.

11 March 2021: Wouter
	- Fix #163: A TSIG noncompliance with RFC 2845.

9 March 2021: Willem
	- Enable configuring a control-interface by interface name.

19 February 2021: Wouter
	- Fix segfault on high verbosity for TLS channels with dnstap log
	  local address.

18 February 2021: Wouter
	- Fix #146 with #147: DNSTAP log the local address of the server
	  with the dnstap logs.

16 February 2021: Wouter
	- Man page documentation for dnstap options.

8 February 2021: Wouter
	- Fix AF_LOCAL compile error for Solaris.
	- Fix ifaddrs compile error for Solaris.
	- Fix ifaddrs.h compile error for Solaris.

4 February 2021: Wouter
	- Merge PR #153 from fobser: Repair -fno-common linker errors
	  automatically.
	- Fix uninitialized access of log_buf in error printout on apply ixfr.

26 January 2021: Wouter
	- Prevent a few more yacc clashes.
   2021-02-27 19:54:27 by Ryo ONODERA | Files touched by this commit (2)
Log message:
nsd: Update to 4.3.5

Changelog:
19 January 2021: Wouter
	- Set branch ready for 4.3.5 release.

15 January 2021: Wouter
	- Fix #152: '*' in Rdata causes the return code to be NOERROR instead
	  of NX.
	- Add config.guess and config.sub to .gitignore for autoconf 2.70.
	- Fix #150: TXT record validation difference with BIND.
	- Fixup TXT record validation fix for escaped quotes.
	- Fixup TXT record validation fix for escaped backslashes.
	- Fixup escape character parse for quoted strings.

11 January 2021: Wouter
	- Fix #151: DNAME not applied more than once to resolve the query.
	- Fix dname test for #148.
	- For #151: fix to not produce loops in output.

5 January 2021: Wouter
	- Fix configure.ac for autoconf 2.70.

4 January 2021: Wouter
	- Fix #148: CNAME need not be followed after a synthesized CNAME
	  for a CNAME query.

11 December 2020: Wouter
	- Fix that nsd-control has timeout when connection is down.
	- remove windows socket ifdefs from nsd-control.

3 December 2020: Wouter
	- For #145: Fix that service of remaining TCP and TLS connections
	  does not allow new queries to be made, the connection is closed.
	  Only existing queries and zone transfers are answered, new ones
	  are rejected by a close of the channel.

30 November 2020: Wouter
	- Fix #144: fix better.

27 November 2020: Wouter
	- Fix #144: Typo fix in nsd.conf.5.in.

26 November 2020: Wouter
	- Fix #143: xfrd no hysteresis with NOT IMPLEMENTED rcode.
   2020-12-18 09:47:48 by Nia Alarie | Files touched by this commit (2)
Log message:
nsd: Update to 4.3.4

24 November 2020: Wouter
	- Merge PR #141: ZONEMD RR type.
	- tag for 4.3.4rc1.

23 November 2020: Wouter
	- Fix #142: NODATA answers missin SOA in authority section after
	  CNAME chain.
	- Fix for CVE-2020-28935 : Fix that symlink does not interfere
	  with chown of pidfile.
	- fix writepid for retvalue 0.

9 November 2020: Wouter
	- Fix #138: NSD returns non-EDNS answer when QUESTION is empty.
	- Fix to check nscount in previous fix for EDNS in formerr response
	  when there is no question.

28 October 2020: Wouter
	- Remove unused init_cfg_parse routine from configlexer.

20 October 2020: Wouter
	- Fix to add missing closest encloser NSEC3 for wildcard nodata type
	  DS answer.

14 October 2020: Wouter
	- Fix #134: IPV4_MINIMAL_RESPONSE_SIZE vs EDNS_MAX_MESSAGE_LEN.

13 October 2020: Wouter
	- Fix missing parenthesis on size of fix to init buffer.

12 October 2020: Wouter
	- Fix #127: two minor `-Wcast-qual` cleanups
	- Fix #126: minor header hygiene
	- Fix #125: include config.h in compat/setproctitle.c and fix prototype of \ 
`setproctitle`
	- Fix #133: fix 0-init of local ( stack ) buffer.