Created attachment 235002 [details] patch to update This release adds the zone verification support from the CreDNS code. There are also some bug fixes in the ixfr out code. Zone verification can start a verifier program that reads the new zone data. It can reject the update. Or process the new zone data. The intent is for a DNSSEC verifier to inspect the zone before it is passed on with zone transfer or served to clients. The zone verification can be enabled with enable: yes in the verify section in nsd.conf. You can then list the interfaces the NSD listens on while the verifier is active, so it can send queries for the new zone contents. With verify-zones: yes zones are verified by default. The command that is executed can be set with the `verifier: ldns-verify-zone` option. With verifier-count the max number of concurrent verifiers can be set. With the verifier-feed-zone: yes option the zone can be input on stdin to the verifier program. A timeout to stop the verifier can be set with the verifier-timeout option. Per zone options can also be set for a pattern or for a zone, for zone verification. With verify-zone the zone verification can be enabled per zone. The verifier can be set per zone. And the verifier-feed-zone and verifier-timeout options can be controlled per zone. FEATURES: - Port zone-verification from CreDNS to NSD4. BUG FIXES: - Fix static analyzer reports on ixfrcreate temp file. - Fixup wrong ixfrcreate fread return check.
Committed!
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=77f1561b635fc1069f928d7cad4a9319e932b2a4 commit 77f1561b635fc1069f928d7cad4a9319e932b2a4 Author: Jaap Akkerhuis <jaap@NLnetLabs.nl> AuthorDate: 2022-07-01 02:29:23 +0000 Commit: Neel Chauhan <nc@FreeBSD.org> CommitDate: 2022-07-01 02:29:23 +0000 dns/nsd: update to 4.6.0 Changes: https://www.nlnetlabs.nl/news/2022/Jun/30/nsd-4.6.0-released/ PR: 264961 dns/nsd/Makefile | 2 +- dns/nsd/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-)