Revision
15667 -
Directory Listing
-
[select for diffs]
Modified
Sat Dec 14 23:03:55 2013 UTC
(10 years, 5 months ago)
by
laffer1
Diff to
previous 15560
,
to
selected 23803
add nsswitch modules for avahi and mDNSResponder. We do have one in base that is very similar for the latter but might as well have a up to date port version for older releases
Revision
9994 -
Directory Listing
-
[select for diffs]
Modified
Sat Sep 18 18:08:27 2010 UTC
(13 years, 8 months ago)
by
laffer1
Diff to
previous 9993
,
to
selected 23803
Add new ports:
autotrust
ldns
unbound
autotrust updates dnssec roots automatically which is useful with bind 9.6 or other resolvers that can't do this automatically. Bind 9.7 shouldn't need it.
unbound is a bsd licensed resolver.
ldns implements several rfcs related to dns and is used by other programs implementing dns resolving.
Revision
9993 -
Directory Listing
-
[select for diffs]
Modified
Sat Sep 18 15:15:57 2010 UTC
(13 years, 8 months ago)
by
laffer1
Diff to
previous 9706
,
to
selected 23803
Add new port, bind97 (bind 9.7) based on Doug Barton's port from FreeBSD.
This version includes support for dynamic dnssec updates for signed root zones, etc. It also includes improved multithreading.
Update the bind96 port conflicts.
Revision
9133 -
Directory Listing
-
[select for diffs]
Modified
Sat Jan 16 15:48:43 2010 UTC
(14 years, 4 months ago)
by
laffer1
Diff to
previous 9088
,
to
selected 23803
9.6.2b1
2797. [bug] Don't decrement the dispatch manager's maxbuffers.
[RT #20613]
2790. [bug] Handle DS queries to stub zones. [RT #20440]
2789. [bug] Fixed an INSIST in dispatch.c [RT #20576]
2786. [bug] Additional could be promoted to answer. [RT #20663]
2784. [bug] TC was not always being set when required glue was
dropped. [RT #20655]
2783. [func] Return minimal responses to EDNS/UDP queries with a UDP
buffer size of 512 or less. [RT #20654]
2782. [port] win32: use getaddrinfo() for hostname lookups.
[RT #20650]
2777. [contrib] DLZ MYSQL auto reconnect support discovery was wrong.
2772. [security] When validating, track whether pending data was from
the additional section or not and only return it if
validates as secure. [RT #20438]
2765. [bug] Skip masters for which the TSIG key cannot be found.
[RT #20595]
2760. [cleanup] Corrected named-compilezone usage summary. [RT #20533]
2759. [doc] Add information about .jbk/.jnw files to
the ARM. [RT #20303]
2758. [bug] win32: Added a workaround for a windows 2008 bug
that could cause the UDP client handler to shut
down. [RT #19176]
2757. [bug] dig: assertion failure could occur in connect
timeout. [RT #20599]
2755. [doc] Clarify documentation of keyset- files in
dnssec-signzone man page. [RT #19810]
2754. [bug] Secure-to-insecure transitions failed when zone
was signed with NSEC3. [RT #20587]
2750. [bug] dig: assertion failure could occur when a server
didn't have an address. [RT #20579]
2749. [bug] ixfr-from-differences generated a non-minimal ixfr
for NSEC3 signed zones. [RT #20452]
2747. [bug] Journal roll forwards failed to set the re-signing
time of RRSIGs correctly. [RT #20541]
2743. [bug] RRSIG could be incorrectly set in the NSEC3 record
for a insecure delegation.
2729. [func] When constructing a CNAME from a DNAME use the DNAME
TTL. [RT #20451]
2723. [bug] isc_base32_totext(), isc_base32hex_totext(), and
isc_base64_totext(), didn't always mark regions of
memory as fully consumed after conversion. [RT #20445]
2722. [bug] Ensure that the memory associated with the name of
a node in a rbt tree is not altered during the life
of the node. [RT #20431]
2721. [port] Have dst__entropy_status() prime the random number
generator. [RT #20369]
2718. [bug] The space calculations in opensslrsa_todns() were
incorrect. [RT #20394]
2716. [bug] nslookup debug mode didn't return the ttl. [RT #20414]
2715. [bug] Require OpenSSL support to be explicitly disabled.
[RT #20288]
2714. [port] aix/powerpc: 'asm("ics");' needs non standard assembler
flags.
2713. [bug] powerpc: atomic operations missing asm("ics") /
__isync() calls.
2706. [bug] Loading a zone with a very large NSEC3 salt could
trigger an assert. [RT #20368]
2705. [bug] Reconcile the XML stats version number with a later
BIND9 release, by adding a "name" attribute to
"cache" elements and increasing the version number
to 2.2. (This is a minor version change, but may
affect XML parsers if they assume the cache element
doesn't take an attribute.)
2704. [bug] Serial of dynamic and stub zones could be inconsistent
with their SOA serial. [RT #19387]
2701. [doc] Correction to ARM: hmac-md5 is no longer the only
supported TSIG key algorithm. [RT #18046]
2700. [doc] The match-mapped-addresses option is discouraged.
[RT #12252]
2699. [bug] Missing lock in rbtdb.c. [RT #20037]
2697. [port] win32: ensure that S_IFMT, S_IFDIR, S_IFCHR and
S_IFREG are defined after including <isc/stat.h>.
[RT #20309]
2696. [bug] named failed to successfully process some valid
acl constructs. [RT #20308]
2692. [port] win32: 32/64 bit cleanups. [RT #20335]
2690. [bug] win32: fix isc_thread_key_getspecific() prototype.
[RT #20315]
2689. [bug] Correctly handle snprintf result. [RT #20306]
2688. [bug] Use INTERFACE_F_POINTTOPOINT, not IFF_POINTOPOINT,
to decide to fetch the destination address. [RT #20305]
2686. [bug] dnssec-signzone should clean the old NSEC chain when
signing with NSEC3 and vice versa. [RT #20301]
2683. [bug] dnssec-signzone should clean out old NSEC3 chains when
the NSEC3 parameters used to sign the zone change.
[RT #20246]
2681. [bug] IPSECKEY RR of gateway type 3 was not correctly
decoded. [RT #20269]
2678. [func] Treat DS queries as if "minimal-response yes;"
was set. [RT #20258]
2672. [bug] Don't enable searching in 'host' when doing reverse
lookups. [RT #20218]
2670. [bug] Unexpected connect failures failed to log enough
information to be useful. [RT #20205]
2663. [func] win32: allow named to run as a service using
"NT AUTHORITY\LocalService" as the account. [RT #19977]
2662. [bug] lwres_getipnodebyname() and lwres_getipnodebyaddr()
returned a misleading error code when lwresd was
down. [RT #20028]
2661. [bug] Check whether socket fd exceeds FD_SETSIZE when
creating lwres context. [RT #20029]
2659. [doc] Clarify dnssec-keygen doc: key name must match zone
name for DNSSEC keys. [RT #19938]
2656. [func] win32: add a "tools only" check box to the installer
which causes it to only install dig, host, nslookup,
nsupdate and relevant DLLs. [RT #19998]
2655. [doc] Document that key-directory does not affect
rndc.key. [RT #20155]
2653. [bug] Treat ENGINE_load_private_key() failures as key
not found rather than out of memory. [RT #18033]
2649. [bug] Set the domain for forward only zones. [RT #19944]
2648. [port] win32: isc_time_seconds() was broken. [RT #19900]
2647. [bug] Remove unnecessary SOA updates when a new KSK is
added. [RT #19913]
2646. [bug] Incorrect cleanup on error in socket.c. [RT #19987]
2645. [port] "gcc -m32" didn't work on amd64 and x86_64 platforms
which default to 64 bits. [RT #19927]
2643. [bug] Stub zones interacted badly with NSEC3 support.
[RT #19777]
2642. [bug] nsupdate could dump core on solaris when reading
improperly formatted key files. [RT #20015]
2640. [security] A specially crafted update packet will cause named
to exit. [RT #20000]
2639. [bug] Silence compiler warnings in gssapi code. [RT #19954]
2637. [func] Rationalize dnssec-signzone's signwithkey() calling.
[RT #19959]
2635. [bug] isc_inet_ntop() incorrectly handled 0.0/16 addresses.
[RT #19716]
2633. [bug] Handle 15 bit rand() functions. [RT #19783]
2632. [func] util/kit.sh: warn if documentation appears to be out of
date. [RT #19922]
2625. [bug] Missing UNLOCK in rbtdb.c. [RT #19865]
2623. [bug] Named started seaches for DS non-optimally. [RT #19915]
2621. [doc] Made copyright boilterplate consistent. [RT #19833]
2920. [bug] Delay thawing the zone until the reload of it has
completed successfully. [RT #19750]
2618. [bug] The sdb and sdlz db_interator_seek() methods could
loop infinitely. [RT #19847]
2617. [bug] ifconfig.sh failed to emit an error message when
run from the wrong location. [RT #19375]
2616. [bug] 'host' used the nameservers from resolv.conf even
when a explicit nameserver was specified. [RT #19852]
2615. [bug] "__attribute__((unused))" was in the wrong place
for ia64 gcc builds. [RT #19854]
2614. [port] win32: 'named -v' should automatically be executed
in the foreground. [RT #19844]
2613. [bug] Option argument validation was missing for
dnssec-dsfromkey. [RT #19828]
2610. [port] sunos: Change #2363 was not complete. [RT #19796]
2608. [func] Perform post signing verification checks in
dnssec-signzone. These can be disabled with -P.
The post sign verification test ensures that for each
algorithm in use there is at least one non revoked
self signed KSK key. That all revoked KSK keys are
self signed. That all records in the zone are signed
by the algorithm. [RT #19653]
2601. [doc] Mention file creation mode mask in the
named manual page.
2593. [bug] Improve a corner source of SERVFAILs [RT #19632]
2589. [bug] dns_db_unregister() failed to clear '*dbimp'.
[RT #19626]
2581. [contrib] dlz/mysql set MYSQL_OPT_RECONNECT option on connection.
Requires MySQL 5.0.19 or later. [RT #19084]
2580. [bug] UpdateRej statistics counter could be incremented twice
for one rejection. [RT #19476]
2533. [doc] ARM: document @ (at-sign). [RT #17144]
2500. [contrib] contrib/sdb/pgsql/zonetodb.c called non-existent
function. [RT #18582]
Revision
5330 -
Directory Listing
-
[select for diffs]
Modified
Sat Jun 7 15:49:46 2008 UTC
(16 years ago)
by
laffer1
Diff to
previous 5328
,
to
selected 23803
BIND 9.5 has a number of new features over previous versions, including:
GSS-TSIG support (RFC 3645).
DHCID support.
Experimental http server and statistics support for named via xml.
More detailed statistics counters, compatible with the ones supported in BIND 8.
Faster ACL processing.
Use of Doxygen to generate internal documentation.
Efficient LRU cache cleaning mechanism.
NSID support (RFC 5001).
Revision
4235 -
Directory Listing
-
[select for diffs]
Modified
Wed Mar 19 01:33:46 2008 UTC
(16 years, 2 months ago)
by
laffer1
Diff to
previous 3788
,
to
selected 23803
Add build depends for p5-IO-Socket-INET6 to fix magus builds.
Update to .62
Disable online tests. (I'm assuming that might suck on the magus cluster, revert it if that is incorrect ctriv)
Revision
837 -
Directory Listing
-
[select for diffs]
Modified
Thu Feb 1 14:57:21 2007 UTC
(17 years, 4 months ago)
by
laffer1
Diff to
previous 666
,
to
selected 23803
BIND 9.3.4 contains security fixes:
2126.[security]Serialise validation of type ANY responses. [RT #16555]
2124.[security]It was possible to dereference a freed fetch
context. [RT #16584]
2089.[security]Raise the minimum safe OpenSSL versions to
OpenSSL 0.9.7l and OpenSSL 0.9.8d. Versions
prior to these have known security flaws which
are (potentially) exploitable in named. [RT #16391]
2088.[security]Change the default RSA exponent from 3 to 65537.
[RT #16391] 2066. [security] Handle SIG queries gracefully.
[RT #16300] 1941. [bug] ncache_adderesult() should set eresult even if no
rdataset is passed to it.
[RT #15642] If you are running a BIND 9.3.x or BIND 9.4.x version without these changes you are advised to upgrade as soon as possible to
one of BIND 9.3.4 or BIND 9.4.0rc2.