Log message:
Fix SunOS build.

Log message:
Remove PKGREVISION for this new version

Log message:
NSD 3.2.15

Features:

* Support for ILNP RR types: NID, L32, L64, LP (RFC6742).
* RRL, --enable-ratelimit at configure time and config options.
* TSIG initialization only fails when there is no digest found at all.

Bugfixes:

* Bugfix #478: Declaration after statement (for gcc 2.95).
* Bugfix #483: Better error message in case of TSIG error.
* Bugfix #485: TTL should not be greater than 2^31 - 1.
* Fix RCODE when CNAME loop final answer does not exist, should
  return NXDOMAIN as stated by RFC 6604.
* Fix --disable-full-prehash bug, where after multiple incoming
  IXFRs, NSEC3 can be removed unjustified.

Log message:
PKGREVISION bumps for the security/openssl 1.0.1d update.

Log message:
NSD 3.2.14

Features:

* TCP writev support.

Bugfixes:

* Fix build on OpenBSD (thanks Oliver Peter).
* Prioritize notify sender for requesting XFR (thanks Ilya dBakulin).
* Fix crash in zonec if TXT string too long (thanks Ilya Bakulin).
* tzset before chroot for correct timezone (thanks Camiel Dobbelaar).
* Fix --disable-full-prehash bug when nsdc patch happens while ixfr too,
  it did not rehash the new database.
* Bugfix #464: Conditionally define MAXHOSTNAMELEN.

Log message:
Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.

Log message:
NSD 3.2.12

Bugfixes:

* Bugfix #461 (VU#517036 CVE-2012-2979): NSD denial of service vulnerability
  from DNS packet when using --enable-zone-stats.
* Bugfix #460: man page correction - identity.
* Fix for nsd-patch segfault if zone has been removed from nsd.conf

Log message:
Update to 3.2.12, prompted by Lloyd Parkes in PR 46727.

NSD 3.2.12

Bugfixes

    Fix for VU#624931 CVE-2012-2978: NSD denial of service
    vulnerability from non-standard DNS packet from any host on
    the internet.

NSD 3.2.11

Features

    Fallback to AXFR if IXFR is unknown at the primary. NSD considers
    IXFR unknown at the primary if there is a negative response
    for the IXFR RRtype. This does not override the value for
    'allow-axfr-fallback'.
    Allow for reading in new DNSKEY algorithm mnemonics (RFC5155,
    RFC5702, RFC5933, and RFC6605 (ECDSA)).
    Zone statistics, enable with --enable-zone-stats. This stores
    the BIND8 stats per zone in a configurable statistics file.
    This option does not scale and should therefore not be enabled
    when serving many zones.
    Support for TLSA RRtype (DANE).

Bugfixes

    Fix for qtype ANY for a wildcard domain in NSEC signed zone:
    Don't add the wildcard domain NSEC into the answer section.
    Instead, put the wildcard expanded NSEC into the answer section
    and keep the wildcard domain NSEC in the authority section.
    Fix for accept spinning reported by OpenBSD.
    Fix restart failed due to bad ixfr packet because of zone
    removed from nsd.conf.
    Bugfix #453: typo in nsdc man page.

Operational notes

    NSD uses the query name for dname compression again (Fix #235
    had as side effect that this didn't happen anymore and is hereby
    undone).

Log message:
Add inet6 to default suggested options. It's 2012.

Log message:
NSD 3.2.10

Bugfixes:

* Bugfix #421: Truncate pidfile on shutdown, before unlink.
* Bugfix #423: Fix slow zone transfer processing due to
  'Fix is_existing flag for ENT' bugfix.
* Bugfix #430: Fix segfault when MAX_INTERFACES set to more than 65K.
* Fix configure.ac strptime check for gcc 4.6.2, acx_nlnetlabs.m4 update

NSD 3.2.9

Features:

* Minimize responses to reduce truncation: NSD will only add optional
  records to the authority and additional sections when the response size
  does not exceed the minimal response size.
* The minimal response size is 512 (no-EDNS), 1480 (EDNS/IPv4),
  1220 (EDNS/IPv6), or the advertized EDNS buffer size if that is smaller
  than the EDNS default.
* The feature is enabled by default. You can disable it by configuring NSD
  with --disable-minimal-responses.
* Less NSEC3 prehashing. This will make NSD handle zone transfers faster,
  but will decrease the performance of NXDOMAIN and wildcard NODATA responses.
  Full prehashing is enabled by default. If you want less NSEC3 prehashing,
  configure NSD with --disable-full-prehash. Thanks Secure64 for the patch.

Bugfixes:

* Bugfix #302: nsd accepts XFR but refuses to re-read the slave zone.
* Bugfix #365: set patch style and zonec verbose for nsdc.
* First step of bug #369: RRSIG DNSKEY sets zone to be treated DNSSEC.
* Bugfix #375: typos in nsd.conf.5.
* Bugfix #381: Binary escaped and transfers.
* Bugfix #397: Don't allow relative domain names as origin in $INCLUDE
  directives.
* Fix printout of IPSECKEY by nsd-patch.
* Fix is_existing flag for ENT when domain that has a shared ENT is deleted
  by IXFR. (ENT == Empty Non-Terminal)
* Fix bug if the zonefile is changed for a secondary but stored transfers
  are applied, and stop it from applying ixfr to empty zone. The zone is
  flagged with error and AXFR-ed.
* Fix to have no authority NS set processing for CNAMEs.
* Fix nsd-checkconf to check tsig algorithms properly.
* Set the AA bit on responses that have an authoritative CNAME.
* Fix denial of existence response for empty non-terminal that looks like
  a NSEC3-only domain (but has data below it).

Operational notes:

nsd.db version number increased because NSD 3.2.7 and earlier zonec is not
compatible due to the TXT strings change. Please run nsdc rebuild before
running NSD 3.2.9 and later versions.