| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ChangeLog: https://www.nlnetlabs.nl/news/2025/Jan/18/nsd-4.11.1-released/
BUG FIXES:
* Fix #415: Fix out of tree builds.
* Fix #414: XoT interoperability with BIND and Knot
* Fix #421: old-main can quit before the reload process received
r* om old-main that it is done on the reload_listener pipe.
h* anks Otto Retter.
* Fix whitespace in comment.
* Fix #424: Stalled updates after corrupt transfer.
PR: 284156
Reported by: jaap@NLnetLabs.nl (maintainer)
|
| |
|
|
|
|
| |
Changelog: https://www.nlnetlabs.nl/news/2024/Dec/12/nsd-4.11.0-released/
PR: 283308, 281266
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The fallback parser, used on systems that lack SSE4.2 and AVX2 instruction
sets, contained some bugs with regards to state keeping and under certain
circumstances a use after free bug was encountered in buffer management.
News:
https://nlnetlabs.nl/news/2024/Aug/02/nsd-4.10.1-released/
Changelog:
https://nlnetlabs.nl/projects/nsd/download/#nsd-4-10-1
https://github.com/NLnetLabs/nsd/releases/tag/NSD_4_10_1_REL
While here:
- remove GNU_CONFIGURE_MANPREFIX;
- remove NSDMAX_IPS?=512 - it has not been used for 9 years:
https://cgit.freebsd.org/ports/commit/?id=2aec7160bb627488d8aa78ecfd99d87676b52204
PR: 280589
MFH: 2024Q3
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ChangeLog: https://nlnetlabs.nl/news/2024/Jun/13/nsd-4.10.0-released/
* Merge #278: Replace Flex+Bison based zone parser with simdzone.
Performance of loading zones and IXFRs is greatly improved by using
the simdzone project by NLnet Labs. The optimized presentation
format parser leverages SIMD instructions in modern CPUs to improve
throughput. Right now SSE4.2 and AVX2 instruction sets are
supported, other instruction sets will use the fallback
implementation, which still is a decent improvement over the
Flex+Bison based parser.
BUG FIXES:
* Fix that when the server truncates the pidfile, it does not follow
symbolic links.
* Fix #317: nsd should not chown its PID file.
* For #317: Modify nsd service script to stop NSD from creating a pid
file that systemd is not using.
* Fix #324: Clarify the purpose of contrib/bug390.patch.
* Fix IXFR requests upstream for zones with a long name. Thanks for the
report to Yuuki Wakisaka from Internet Initiative Japan Inc.
* Unit test for dname subdomain test used by xfrd-tcp.c.
* Fix #329: TCP accept queues number.
* Fix that the reload handler for sigchild uses signal_add, and also
that the signal handler is restored when done.
* Fix that when server verify is done it resets the sigchild handler.
* Fix makedist.sh for simdzone inclusion.
* Fix makedist.sh to remove simdzone git tracking information and
scripting temporaries from tarball.
* Fix error output of makedist.sh.
* Use simdzone version with name parser fix.
* Bump simdzone version to fix OpenBSD build issues.
* Bump simdzone to include minor fixes.
PR: 279837
Reported by: jaap@NLnetLabs.nl (maintainer)
|
| |
|
|
|
|
|
|
| |
Changelog : https://nlnetlabs.nl/news/2024/Apr/04/nsd-4.9.1-released/
PR: 278146
Reported by: zarychtam@plan-b.pwste.edu.pl
Approved by: submitter is maintainer
|
| |
|
|
| |
Approved by: portmgr (blanket)
|
| |
|
|
|
| |
PR: 275572
Changes: https://nlnetlabs.nl/news/2023/Dec/06/nsd-4.8.0-released/
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ChangeLog: https://www.nlnetlabs.nl/news/2023/Jun/07/nsd-4.7.0-released/
4.7.0
================
FEATURES:
- Merge #263: Add bash autocompletion script for nsd-control.
- Fix #267: Allow unencrypted local operation of nsd-control.
- Merge #269 from Fale: Add systemd service unit.
- Fix #271: DNSTAP over TCP, with dnstap-ip: "127.0.0.1@3333".
- dnstap over TLS, default enabled. Configured with the
options dnstap-tls, dnstap-tls-server-name, dnstap-tls-cert-bundle,
dnstap-tls-client-key-file and dnstap-tls-client-cert-file.
BUG FIXES:
- Fix #239: -Wincompatible-pointer-types warning in remote.c.
- Fix configure for -Wstrict-prototypes.
- Fix #262: Zone(s) not synchronizing properly via TLS.
- Fix for #262: More error logging for SSL read failures for zone
transfers.
- Merge #265: Fix C99 compatibility issue.
- Fix #266: Fix build with --without-ssl.
- Fix for #267: neater variable definitions.
- Fix #270: reserved identifier violation.
- Fix to clean more memory on exit of dnstap collector.
- Fix dnstap to not check socket path when using IP address.
- Fix to compile without ssl with dnstap-tls code.
- Dnstap tls code fixes.
- Fix include brackets for ssl.h include statements, instead of quotes.
- Fix static analyzer warning about nsd_event_method initialization.
- Fix #273: Large TXT record breaks AXFR.
- Fix ixfr create from adding too many record types.
- Fix cirrus script for submit to coverity scan to libtoolize
the configure script components config.guess and config.sub.
- Fix readme status badge links.
- make depend.
- Fix for build to run flex and bison before compiling code that needs
the headers.
- Fix to remove unused whitespace from acx_nlnetlabs.m4 and config.h.
- For #279: Note that autoreconf -fi creates the configure script
and also the needed auxiliary files, for autoconf 2.69 and 2.71.
- Fix unused variable warning in unit test, from clang compile.
- Fix #240: Prefix messages originating from verifier.
- Fix #275: Drop unnecessary root server checks.
PR: 272096
Reported by: jaap@NLnetLabs.nl (maintainer)
|
| |
|
|
|
|
| |
ChangeLog: https://www.nlnetlabs.nl/news/2022/Nov/10/nsd-4.6.1-released/
PR: 267740
MFH: 2022Q4 (bugfixes)
|
| |
|
|
|
|
|
|
|
|
| |
Commit b7f05445c00f has added WWW entries to port Makefiles based on
WWW: lines in pkg-descr files.
This commit removes the WWW: lines of moved-over URLs from these
pkg-descr files.
Approved by: portmgr (tcberner)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It has been common practice to have one or more URLs at the end of the
ports' pkg-descr files, one per line and prefixed with "WWW:". These
URLs should point at a project website or other relevant resources.
Access to these URLs required processing of the pkg-descr files, and
they have often become stale over time. If more than one such URL was
present in a pkg-descr file, only the first one was tarnsfered into
the port INDEX, but for many ports only the last line did contain the
port specific URL to further information.
There have been several proposals to make a project URL available as
a macro in the ports' Makefiles, over time.
This commit implements such a proposal and moves one of the WWW: entries
of each pkg-descr file into the respective port's Makefile. A heuristic
attempts to identify the most relevant URL in case there is more than
one WWW: entry in some pkg-descr file. URLs that are not moved into the
Makefile are prefixed with "See also:" instead of "WWW:" in the pkg-descr
files in order to preserve them.
There are 1256 ports that had no WWW: entries in pkg-descr files. These
ports will not be touched in this commit.
The portlint port has been adjusted to expect a WWW entry in each port
Makefile, and to flag any remaining "WWW:" lines in pkg-descr files as
deprecated.
Approved by: portmgr (tcberner)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A big Thank You to the original contributors of these ports:
* Aaron Dalton <aaron@FreeBSD.org>
* Akinori MUSHA aka knu <knu@idaemons.org>
* Alex Samorukov <samm@freebsd.org>
* Alexey Dokuchaev <danfe@FreeBSD.org>
* Allan Jude <allanjude@freebsd.org>
* Amar Takhar <verm@drunkmonk.net>
* Anders Nordby <anders@fix.no>
* Andrew Greenwood <greenwood.andy@gmail.com>
* Anton Berezin <tobez@FreeBSD.org>
* Ashish SHUKLA <ashish@FreeBSD.org>
* Attila Nagy <bra@fsn.hu>
* Bas Kruit <baskruit@bsltwr.dhis.org>
* Bruce M. Simpson <bms@FreeBSD.org>
* Carlos J Puga Medina <cpm@fbsd.es>
* Chris St Denis (<chris@ctgameinfo.com>)
* Clement Laforet <clement@FreeBSD.org>
* Clement Laforet <sheepkiller@cultdeadsheep.org>
* Dan Langille <dvl@FreeBSD.org>
* Dan Pelleg <daniel+mdnsd@pelleg.org>
* Dan Smith <dan@algenta.com>
* David O'Brien (obrien@NUXI.com)
* Dean Hollister <dean@odyssey.apana.org.au>
* Dirk Froemberg <dirk@FreeBSD.org>
* Dmitry Pryadko <d.pryadko@rambler-co.ru>
* Dmitry Sivachenko <mitya@yandex-team.ru>
* Dominik Brettnacher <domi@saargate.de>
* Douglas Thrift <douglas@douglasthrift.net>
* Edwin Groothuis (edwin@mavetju.org)
* Edwin Groothuis <edwin@mavetju.org>
* Emanuel Haupt <ehaupt@FreeBSD.org>
* Emanuel Haupt <ehaupt@critical.ch>
* Eyal Soha <esoha@attbi.com>
* Filip Parag <filip@parag.rs>
* Filippo Natali <filippo.natali@gmail.com>
* Frank Behrens
* Gea-Suan Lin <gslin@gslin.org>
* Geoffroy Desvernay <dgeo@centrale-marseille.fr>
* George Reid <greid@ukug.uk.freebsd.org>
* Goran Mekić <meka@tilda.center>
* Hajimu UMEMOTO <ume@FreeBSD.org>
* Herve Quiroz <hq@FreeBSD.org>
* Hirohisa Yamaguchi <umq@ueo.co.jp>
* Hye-Shik Chang <perky@fallin.lv>
* Jaap Akkerhuis <jaap@NLnetLabs.nl>
* James FitzGibbon <jfitz@FreeBSD.org>
* Jase Thew <freebsd@beardz.net>
* Jimmy Bergman jimmy@sigint.se
* Jin-Shan Tseng <tjs@cdpa.nsysu.edu.tw>
* Joe Barbish
* Jov <amutu@amutu.com>
* Jui-Nan Lin <jnlin@freebsd.cs.nctu.edu.tw>
* Karl Dietz (Karl.Dietz@frankfurt.netsurf.de)
* Kirill Ponomarew <ponomarew@oberon.net>
* Koen Martens <gmc@sonologic.nl>
* Konstantin Saurbier <saurbier@math.uni-bielefeld.de>
* Kostya Lukin <lukin@okbmei.msk.su>
* Kris Kennaway <kris@FreeBSD.org>
* Kubilay Kocak <koobs@FreeBSD.org>
* Kurt Jaeger <fbsd-ports@opsec.eu>
* Leo Vandewoestijne <freebsd@dns-lab.com>
* Leo Vandewoestijne <freebsd@dns.company>
* MIHIRA Yoshiro <sanpei@jp.FreeBSD.org>
* Marcin Gondek <drixter@e-utp.net>
* Mario Sergio Fujikawa Ferreira <lioux@FreeBSD.org>
* Mark Felder <feld@FreeBSD.org>
* Mark Linimon <linimon@lonesome.com>
* Mark Pulford <mark@kyne.com.au>
* Martin Matuska <mm@FreeBSD.org>
* Martin Wilke <miwi@FreeBSD.org>
* Matthew Hunt <mph@pobox.com>
* Matthew Seaman
* Michael Cardell Widerkrantz <mc@hack.org>
* Moritz Warning <moritzwarning@web.de>
* Natacha Porte <natbsd@instinctive.eu>
* Neil Blakey-Milner
* Olivier Duchateau
* Paul Chvostek <paul@it.ca>
* Paul Dlug <paul@aps.org>
* Philippe Pepiot <phil@philpep.org>
* Piotr Kubaj <pkubaj@FreeBSD.org>
* Piotr Kubaj <pkubaj@anongoth.pl>
* Po-Chuan Hsieh <sunpoet@FreeBSD.org>
* Rafal Lesniak <fbsd@grid.einherjar.de>
* Roman Shterenzon <roman@xpert.com>
* Rong-En Fan <rafan@FreeBSD.org>
* Roy Marples <roy@marples.name>
* Ryan Steinmetz <rpsfa@rit.edu>
* Ryan Steinmetz <zi@FreeBSD.org>
* Sahil Tandon <sahil@tandon.net>
* Seamus Venasse <svenasse@polaris.ca>
* Sergei Kolobov <sergei@FreeBSD.org>
* Sergei Kolobov <sergei@kolobov.com>
* Sergey Matveychuk <sem@FreeBSD.org>
* Sergey Skvortsov <skv@protey.ru>
* Simon Dick <simond@irrelevant.org>
* Stefan Esser <se@FreeBSD.org>
* Steve Wills <swills@FreeBSD.org>
* Steve Wills <swills@freebsd.org>
* Steven Honson
* Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org>
* Sunpoet Po-Chuan Hsieh <sunpoet@sunpoet.net>
* Timothy Beyer <beyert@cs.ucr.edu>
* Waitman Gobble <waitman@waitman.net>
* Wen Heping <wen@FreeBSD.org>
* Wen Heping <wenheping@gmail.com>
* Zane C, Bowers <vvelox@vvelox.net>
* adamw
* alexis
* andrew@ugh.net.au
* bkhl
* clsung
* clsung@dragon2.net
* dglo@ssec.wisc.edu
* dnscheckengine-port@academ.com (Stan Barber)
* fenner
* geniusj@ods.org
* ijliao
* ismail.yenigul@endersys.com.tr
* krion
* mark@foster.cc
* n@nectar.com
* roam@FreeBSD.org
* rodrigc@FreeBSD.org
* rpsfa@rit.edu
* sten@blinkenlights.nl
With hat: portmgr
|
| |
|
|
|
|
| |
Changes: https://www.nlnetlabs.nl/news/2022/Jun/30/nsd-4.6.0-released/
PR: 264961
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes: https://www.nlnetlabs.nl/news/2022/May/13/nsd-4.5.0-released/
This release fixes a couple of minor bugs and adds IXFR out
functionality. With this functionality NSD can respond to IXFR queries
and serve IXFR transfers downstream.
It is default disabled, that means it does not store IXFR contents for
zones by default. The response on the wire is different, also with IXFR
disabled, because it is now supported, and thus also for those zones a
reply is served, that no differential data is available.
FEATURES:
- Merge PR #209: IXFR out
This adds IXFR out functionality to NSD. NSD can copy IXFRs from
upstream to downstream clients, or create IXFRs from zonefiles.
The options store-ixfr: yes and create-ixfr: yes can be used to
turn this on. Default is turned off. The options ixfr-number and
ixfr-size can be used to tune the number of IXFR transfers and
total data size stored. This is configured per zone, the IXFRs
are served to the hosts that are allowed to perform zone transfers.
And if TSIG is configured, signed with the same key. The content
is stored to file if a zonefile is configured for the zone, in
the zonefile.ixfr and zonefile.ixfr.2, .. files. They contain
readable text format. The number of IXFRs is num.rixfr in
statistics output, also per zone if per zone statistics are enabled.
If offline, nsd-checkzone -i can create ixfr files.
NSD already supports requesting IXFRs, this addition allows NSD
to serve IXFR transfers to clients.
NSD stops responding with NOTIMPL to IXFR requests, also for zones
that do not have IXFR enabled. The clients gets a full zone reply
or a status reply if the serial is up to date.
BUG FIXES:
- Fix code analyzer zero divide warning.
- Fix code analyzer large value with assertion.
- Fix another code analyzer zero divide warning.
- Fix code analyzer warning about uninitialized temp storage in loop.
- Fix spelling error in comment in svcbparam_lookup_key.
- Update cirrus script FreeBSD version.
PR: 263952
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Pet portclippy
This release changes the memory allocation for outgoing zonetransfers,
and this reduces the memory footprint. The defaults for the amounts are
the same as before, but there are config options to configure the memory
usage. There are also bug fixes.
4.4.0
================
FEATURES:
- Merge #193: Lower memory usage of the XFRD process by default.
Instead of preallocating all elements, they are allocated when used.
There are options for managing the memory usage, defaults are the
same as before. xfrd-tcp-max sets the number of sockets for tcp
connections that xfrd can make to download zone contents. And
xfrd-tcp-pipeline the number of simultaneous transfers over the
same connection.
BUG FIXES:
- Fix #200: nsd-checkzone succeeds even with incorrect serial in SOA
record.
- Merge #204 from jonathangray: correct some spelling mistakes.
- Fix to change file mode before changing file owner for the
nsd-control unix socket file.
- Fix to document nsd-checkzone -p in the man page for nsd-checkzone.
- Fix #206: build with --without-ssl fails.
- Merge #207 Sync nsd-control-setup with unbound-control-setup to
generate certificates with SANs.
- Fix unit tests for nds-control-setup exit code and the
xfrd-tcp-max default.
PR: 262034
Approved by: jaap@NLnetLabs.nl (maintainer)
Relnotes: https://nlnetlabs.nl/news/2022/Feb/17/nsd-4.4.0-released/
|
| |
|
|
|
|
| |
Changes: https://www.nlnetlabs.nl/news/2021/Dec/09/nsd-4.3.9-released/
PR: 260362
|
| |
|
|
|
|
| |
Changes: https://www.nlnetlabs.nl/news/2021/Oct/12/nsd-4.3.8-released/
PR: 259098
|
| |
|
|
|
|
| |
Changes: https://www.nlnetlabs.nl/news/2021/Jul/22/nsd-4.3.7-released/
PR: 257413
|
| |
|
|
|
|
| |
PR: 254874
Reported by: r00t@kaba1ah.org
Tested by: r00t@kaba1ah.org
|
| |
|
|
|
|
|
|
| |
Changelog https://nlnetlabs.nl/news/2021/Apr/06/nsd-4.3.6-released/
PR: 254850
Reviewed by: daniel.engberg.lists@pyret.net
Approved by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This release fixes a number of bugs. It fixes a number of corner
case differences for the output more similar to Bind. The configure
sources are compatible with the new autoconf 2.70.
PR: 253026
Submitted by: jaap@NLnetLabs.nl (maintainer)
Notes:
svn path=/head/; revision=563458
|
| |
|
|
|
|
|
|
|
|
|
| |
PR: 251530
Submitted by: Jaap Akkerhuis <jaap nlnetlabs nl> (maintainer)
Approved by: maintainer (implicit)
MFH: 2020Q4
Security: 388ebb5b-3c95-11eb-929d-d4c9ef517024
Notes:
svn path=/head/; revision=557838
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This release contains the DNS Flag Day 2020 fixes. This sets the
default EDNS buffer size to 1232, that should reduce fragmentation.
https://dnsflagday.net/2020/
There is a new feature where it is possible to list an interface by
name. This pulls in the IP addresses associated with the interface
at server start.
FEATURES:
- Follow DNS flag day 2020 advice and
set default EDNS message size to 1232.
- Merged PR #113 with fixes. Instead of listing an IP-address to
listen on, an interface name can be specified in nsd.conf, with
ip-address: eth0. The IP-addresses for that interface are then used.
- Port TSIG code for openssl 3.0.0-alpha6.
BUG FIXES:
- Fix make install with --with-pidfile="".
- Merge #115 from millert: Fix strlcpy() usage. From OpenBSD.
- Merge #117: mini_event.h (4.3.2 and 4.3.1) on OpenBSD cannot find
fd_set - patch.
- Fix that configure checks for EVP_sha256 to detect openssl, because
HMAC_CTX_new is deprecated in 3.0.0.
- Fix #119: fix compile warnings from new gcc.
- Fix #119: warn when trying to parse a directory.
- Merge PR #121: Increase log level of recreated database from
WARNING to ERR.
- Remove unused space from LIBS on link line.
- Updated date in nsd -v output.
PR: 250203
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Relnotes: https://www.nlnetlabs.nl/news/2020/Oct/08/nsd-4.3.3-released/
Notes:
svn path=/head/; revision=551720
|
| |
|
|
|
|
|
|
| |
PR: 247973
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Notes:
svn path=/head/; revision=542472
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG FIXES:
- Fix #70: error: 'fd_set' undeclared.
- Fix #71: error: 'for' loop initial declaration used outside C99
mode.
- Fix to move declarations out of for loops in event test too.
- Fix #76: cpuid typedef for Hurd, DragonflyBSD compile.
- Fix #75: configure test for sched_setaffinity, and use
cpuset_setaffinity otherwise. Also test for presence of sysconf.
- Fix #74: GNU Hurd fix cast from pointer to integer of different size.
- Fix for #74, #75: cpuset test for header contents and provide code.
- Fix #78: Fix SO_SETFIB error on FreeBSD.
- Merge PR #83 from noloader: Fix GNU HURD sched_setaffinity compile.
- Fix #80: NetBSD and implicit declaration of reallocarray.
- Fix unknown u_long in util.c for Issue #80 .
- Merge PR #86 from noloader: Use precious variables for GREP, EGREP,
SED, AWK, LEX and YACC.
- For PR #86: Fix that programs loaded after CFLAGS and stuff is
set, specifically the compiler, so that it can work if it needs
special flags from that. Fix that lex only needs to support -i
if actually defined, otherwise the output included in the source
tarball can be used.
- Merge PR #90 by phicoh: O_CLOEXEC should be FD_CLOEXEC.
- Merge PR #92 by tonysgi: Fix typo.
- Merge PR #91 by gearnode: nsd-control-setup recreate certificates.
The '-r' option recreates certificates. Without it it creates them
if they do not exist, and does not modify them otherwise.
PR: 245666
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Notes:
svn path=/head/; revision=532072
|
| |
|
|
|
|
|
|
|
|
|
| |
- see also: https://github.com/NLnetLabs/nsd/issues/78
PR: 244904
Submitted by: ume
Approved by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Notes:
svn path=/head/; revision=528710
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This port incorporates also the proposed bug fix at bug #242367
Major changes:
This release adds cpu affinity. By pinning a server process to a
specific cpu, having a separate network card also for that cpu, and
an interface address also for that server process, the throughput is
increased. This increases performance of the nameserver.
Sparse TSIG signing support is removed, to comply with the latest tsig
standard update draft.
There is a feature to drop update queries, with opcode UPDATE,
with nsd.conf option drop-updates.
4.3.0
=========
FEATURES:
- Fix to use getrandom() for randomness, if available.
- Fix #56: Drop sparse TSIG signing support in NSD.
Sign every axfr packet with TSIG, according to the latest
draft-ietf-dnsop-rfc2845bis-06, Section 5.3.1.
- Merge pull request #59 from buddyns: add FreeBSD support
for conf key ip-transparent.
- Add feature to pin server processes to specific cpus.
- Add feature to pin IP addresses to selected server processes.
- Set process title to identify individual processes.
- Merge PR#22: minimise-any: prefer polular and not large RRset,
from Daisuke Higashi.
- Add support for SO_BINDTODEVICE on Linux.
- Add support for SO_SETFIB on FreeBSD.
- Add feature to drop queries with opcode UPDATE.
BUG FIXES:
- Fix fname null check of fname in namedb_read_zonefile.
- Fix implicit cast of size in udb_radnode_array_grow.
- Fix ignore of return value of ssl_printf in remote.c.
- Fix unused check of fd in parent_handle_reload_command.
- Attempt to fix signedness of nscount lookup in ixfr query_process.
- Fix identical branches for ssl_print of errors in remote.c.
- Fix type cast bounds, signedness of opt_rdlen in edns_parse_record.
- Fix to separate header and data lines in parse_zone_list_file.
- Fix to define max number of EDNS records we are willing to
spend time on.
- Fix size of string len and capacity type cast in udbradtree.
- Fix to protect rrcount in tsig_find_rr from overflow.
- Annotate radix_find_prefix_node not reachable trail code.
- Fix to protect rrcount in packet_find_notify_serial from overflow.
- Fix to close socket on error in create_tcp_accept_sock.
- Fix to log on failure to chmod for socket for remote control.
- Fix to remove unneeded if in open of socket for remote control.
- Fix to restore input parameter on call failure in create_dirs.
- Please checker by terminating and initialising string read
by remote control.
- Fix to define upper bounds on rr counts read from untrusted packet
data.
- Separate acl_addr_match_range functions for ip4 and ip6, to
please checkers.
- Avoid unused variable warning in new match_range_v4 function.
- Fix whitespace in nsd.conf.sample.in, patch from Paul Wouters.
- use-systemd is ignored in nsd.conf, when NSD is compiled with
libsystemd it always signals readiness, if possible.
- Note that use-systemd is not necessary and ignored in man page.
- Fix unreachable code in ssl set options code.
- Fix bad shift in assertion code analyzer complaint.
- Fix responses for IXFR so that the authority section is not echoed
in the response.
- Merge PR#60: Minor portability fixes from michaelforney, with
avoid pointer arithmetic on void* and avoid unnecessary VLA.
- Fix that the retry wait does not exceed one day for zone transfers.
CHANGES:
- Set FD_CLOEXEC on opened sockets.
PR: 244886, 242367[2]
Submitted by: Jaap Akkerhuis <jaap@nlnetlabs.nl> (maintainer)
Reported by: Leo Vandewoestijne <freebsd@dns.company> [2]
Relnotes: https://github.com/NLnetLabs/nsd/blob/NSD_4_3_0_REL/doc/ChangeLog
Notes:
svn path=/head/; revision=528662
|
| |
|
|
|
|
|
|
| |
PR: 242545
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Notes:
svn path=/head/; revision=522353
|
| |
|
|
|
|
|
|
|
| |
PR: 242102
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Sponsored by: Netzkommune GmbH
Notes:
svn path=/head/; revision=518232
|
| |
|
|
| |
Notes:
svn path=/head/; revision=514130
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog: https://github.com/NLnetLabs/nsd/releases/tag/NSD_4_2_2_REL
PR: 239964
Reported by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
MFH: 2019Q3
Security: 56778a31-c2a1-11e9-9051-4c72b94353b5
Sponsored by: Netzkommune GmbH
Notes:
svn path=/head/; revision=509298
|
| |
|
|
| |
Notes:
svn path=/head/; revision=508835
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Changes: https://github.com/libevent/libevent/releases/tag/release-2.1.11-stable
ABI: https://abi-laboratory.pro/tracker/timeline/libevent/
PR: 239599
Reported by: GitHub (watch releases)
Approved by: zeising (maintainer)
MFH: 2019Q3 (maybe security, partially restores 2.1.8 ABI)
Differential Revision: https://reviews.freebsd.org/D21133
Notes:
svn path=/head/; revision=507877
|
| |
|
|
|
|
|
|
| |
PR: 239069
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Notes:
svn path=/head/; revision=506701
|
| |
|
|
|
|
|
|
| |
PR: 238498
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Notes:
svn path=/head/; revision=504465
|
| |
|
|
|
|
|
|
|
| |
PR: 236785
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl>
MFH: 2019Q2
Notes:
svn path=/head/; revision=498788
|
| |
|
|
|
|
|
|
|
| |
PR: 233890
Submitted by: jaap@NLnetLabs.nl (maintainer)
Reported by: r00t@kaba1ah.org
Notes:
svn path=/head/; revision=487182
|
| |
|
|
|
|
|
|
|
|
| |
While here, pet portlint
PR: 233797
Submitted by: jaap@NLnetLabs.nl (maintainer)
Notes:
svn path=/head/; revision=487004
|
| |
|
|
|
|
|
|
| |
PR: 231878
Submitted by: jaap@NLnetLabs.nl(maintainer)
Notes:
svn path=/head/; revision=481116
|
| |
|
|
|
|
|
|
| |
PR: 230591
Submitted by: jaap@NLnetLabs.nl (maintainer)
Notes:
svn path=/head/; revision=477296
|
| |
|
|
|
|
|
|
| |
PR: 230182
Submitted by: jaap@NLnetLabs.nl (maintainer)
Notes:
svn path=/head/; revision=475892
|
| |
|
|
|
|
|
|
| |
PR: 228883
Submitted by: jaap@NLnetLabs.nl (maintainer)
Notes:
svn path=/head/; revision=472409
|
| |
|
|
|
|
|
|
| |
PR: 228272
Submitted by: maintainer
Notes:
svn path=/head/; revision=470049
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This release fixes memory leaks when reading zonefiles
and processing zone transfers.
4.1.20
================
BUG FIXES:
- Fix memory leak in zone file read of unknown rr formatted RRs.
- Fix memory leak when rehashing nsec3 after axfr or zonefile read,
in the selectively allocated precompiled nsec3 hashes.
Also changed to DISTVERSION
Submitted by: jaap@NLnetLabs.nl (maintainer)
Approved by: tcberner (mentor, implicit)
Notes:
svn path=/head/; revision=462420
|
| |
|
|
|
|
|
|
| |
PR: 224243
Submitted by: jaap@NLnetLabs.nl (maintainer)
Notes:
svn path=/head/; revision=456031
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This release has features for saving memory and faster notification.
With --enable-packed, 33% memory savings could be had, or something
along that size. Notification of secondary servers happens in parallel,
and has faster timeouts. More sockets are used for zone transfers.
This speeds up communication with a larger set of servers. Additionally
a bug is fixed for dual-loaded parent-and-child zone configured at the
same time, when one of the zones has not loaded properly.
FEATURES:
- xfr-inspect, it is not installed, it prints xfr files from /tmp
made with 'make xfr-inspect' in the source dir.
- retry timeout between sending notifies dropped from 15 to 3 sec.
- NSD sends 16 notifies simultaneously.
- configure --enable-packed reduces memory usage, at expense of
unaligned reads. Saves about 17%.
- Save memory by selectively allocate precompiled nsec3 hashes,
saves about 16% memory.
- make ip-transparent option work on OpenBSD.
- Save about 2% memory by changing usage count size in name tree.
- Fix #2871: Increase number of sockets for xfrd transfers.
BUG FIXES:
- Fix gcc 7.1.1 warnings.
- Fix writev compile warning on FreeBSD.
- Fix #1446: A corrupted zone file "propagates" to good ones.
- nsd-control zonestatus prints wait time between attempts, for zones
that are in that waiting time.
- Fix collision printout of nsec3 to print name, hash and reverse.
- Fix #1567: Change crit to err log level for gettimeofday failure.
Add defines for compile without syslog.
- Fix crash for DS query when parent and child zones both configured
in nsd.conf and parent zone has not loaded properly.
PR: 224025
Submitted by: jaap@NLnetLabs.nl (maintainer)
Notes:
svn path=/head/; revision=455359
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Features:
- zone parser parses type AVC (it has TXT format).
- Fix #1272: use writev to put tcp length field with data for outgoing
zone transfer requests.
Bugfixes:
- Fix potential null pointer in nsec3 adjustment tree.
- Fix text format of deletes for CDS and CDNSKEY, single 0 to represent
empty base64 or hex string.
PR: 220939
Submitted by: jaap@NLnetLabs.nl (maintainer)
Notes:
svn path=/head/; revision=446785
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
features:
- zone parser can parse acronyms for algorithms ED25519 and ED448.
- Fix 1243: Option to make NSD emit really minimal responses,
minimal-responses: yes in nsd.conf.
bug fixes:
- Calculate new udb index after growing the array, fix from
Chaofeng Liu.
- Fix missing _t to _type conversion for disable-radix-tree option.
- Printout serial error with hint it may be too big.
- Fix 1228: OpenSSL include is not guarded with HAVE_SSL
- Patch for expire state in multi-master when masters includes
broken master, from Manabu Sonoda.
- minor manpage fix.
PR: 218873
Submitted by: jaap@NLnetLabs.nl (maintainer)
Notes:
svn path=/head/; revision=439774
|
