Subject: CVS commit: pkgsrc/net/nsd
From: Thomas Klausner
Date: 2012-07-20 18:28:49
Message id: 20120720162849.4F989175DD@cvs.netbsd.org

Log Message:
Update to 3.2.12, prompted by Lloyd Parkes in PR 46727.

NSD 3.2.12

Bugfixes

    Fix for VU#624931 CVE-2012-2978: NSD denial of service
    vulnerability from non-standard DNS packet from any host on
    the internet.

NSD 3.2.11

Features

    Fallback to AXFR if IXFR is unknown at the primary. NSD considers
    IXFR unknown at the primary if there is a negative response
    for the IXFR RRtype. This does not override the value for
    'allow-axfr-fallback'.
    Allow for reading in new DNSKEY algorithm mnemonics (RFC5155,
    RFC5702, RFC5933, and RFC6605 (ECDSA)).
    Zone statistics, enable with --enable-zone-stats. This stores
    the BIND8 stats per zone in a configurable statistics file.
    This option does not scale and should therefore not be enabled
    when serving many zones.
    Support for TLSA RRtype (DANE).

Bugfixes

    Fix for qtype ANY for a wildcard domain in NSEC signed zone:
    Don't add the wildcard domain NSEC into the answer section.
    Instead, put the wildcard expanded NSEC into the answer section
    and keep the wildcard domain NSEC in the authority section.
    Fix for accept spinning reported by OpenBSD.
    Fix restart failed due to bad ixfr packet because of zone
    removed from nsd.conf.
    Bugfix #453: typo in nsdc man page.

Operational notes

    NSD uses the query name for dname compression again (Fix #235
    had as side effect that this didn't happen anymore and is hereby
    undone).

Files:
RevisionActionfile
1.56modifypkgsrc/net/nsd/Makefile
1.34modifypkgsrc/net/nsd/distinfo