Bug 239069

Summary: [MAINTAINER] dns/nsd Upgrade to version 4.2.1
Product: Ports & Packages Reporter: Jaap Akkerhuis <jaap>
Component: Individual Port(s)Assignee: Steve Wills <swills>
Status: Closed FIXED    
Severity: Affects Some People    
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
patch to upgrade jaap: maintainer-approval+

Description Jaap Akkerhuis 2019-07-09 18:28:48 UTC
Created attachment 205607 [details]
patch to upgrade

This release fixes issues in the stream handling, from 4.2.0, but also
earlier, in the event handling of streams.

The new statistics counters for TLS can give information about how many
incoming DNS over TLS connections for queries have been received.

There are two new options to set the buffer sizes for the network
sockets, this allows an increase for servers that want a bigger size
than the default, which is already an increase over the system default.
Increased buffer size for a network socket helps with traffic spikes.
The options are send-buffer-size and receive-buffer-size, they set their
respective socket options for buffer space.

When an AXFR download is in progress, to a client, and the zone is
updated at that same time, then NSD no longer resets the connection, but
allows that transfer to complete.

The tcp-reject-overflow option can be used to close all connections that
are incoming when the server is full on TCP connections, this stops
those connections from waiting for a spot.

4.2.1
================
FEATURES:
- Added num.tls and num.tls6 stat counters.
- PR #12: send-buffer-size, receive-buffer-size,
  tcp-reject-overflow options for nsd.conf, from Jeroen Koekkoek.
- Fix #14, tcp connections have 1/10 to be active and have to work
  every second, and then they get time to complete during a reload,
  this is a process that lingers with the old version during a version
  update.


BUG FIXES:
- Fix #13: Stray dot at the end of some log entries, removes dot
  after updated serial number in log entry.
- Fix TLS cipher selection, the previous was redundant, prefers
  CHACHA20-POLY1305 over AESGCM and was not as readable as it
  could be.
- Consolidate server tls context create and remote control context
  create, with hardening for the remote control tls context too.
- Fix to init event structure for reassignment.
- Fix to init event not pointer, in reassignment.
- Fix #15: crash in SSL library, initialize variables for TCP access
  when TLS is configured.
- Fix tls handshake event callback function mistake, reported
  by Mykhailo Danylenko.
- Initialize event structures before event_set, to stop uninitialized
  values from setting event library lists and assertions, that would
  sometimes also show after event_del.
- Do not use symbol from libc, instead use own replacement, if not
  available, for accept4.
- Fix output of nsd-checkconf -h.
Comment 1 commit-hook freebsd_committer 2019-07-15 18:28:28 UTC
A commit references this bug:

Author: swills
Date: Mon Jul 15 18:27:52 UTC 2019
New revision: 506701
URL: https://svnweb.freebsd.org/changeset/ports/506701

Log:
  dns/nsd: Upgrade to version 4.2.1

  PR:		239069
  Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)

Changes:
  head/dns/nsd/Makefile
  head/dns/nsd/distinfo
Comment 2 Steve Wills freebsd_committer 2019-07-15 18:29:01 UTC
Committed, thanks!