Bug 162782 - [MAINTAINER] dns/nsd: update to 3.2.9
Summary: [MAINTAINER] dns/nsd: update to 3.2.9
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Martin Wilke
Depends on:
Reported: 2011-11-23 10:50 UTC by Jaap Akkerhuis
Modified: 2011-11-28 11:40 UTC (History)
1 user (show)

See Also:

nsd-3.2.9.patch (2.22 KB, patch)
2011-11-23 10:50 UTC, Jaap Akkerhuis
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jaap Akkerhuis 2011-11-23 10:50:09 UTC
- Update to 3.2.9


- Minimize responses to reduce truncation: NSD will only add optional
  records to the authority and additional sections when the response
  size does not exceed the minimal response size.

  The minimal response size is 512 (no-EDNS), 1480 (EDNS/IPv4),
  1220 (EDNS/IPv6), or the advertized EDNS buffer size if that is
  smaller than the EDNS default.

  The feature is enabled by default. You can disable it by configuring
  NSD with --disable-minimal-responses.

- Less NSEC3 prehashing. This will make NSD handle zone transfers
  faster, but will decrease the performance of NXDOMAIN and wildcard
  NODATA responses.

  Full prehashing is enabled by default. If you want less NSEC3
  prehashing, configure NSD with --disable-full-prehash. Thanks
  Secure64 for the patch.

- Bugfix #302: nsd accepts XFR but refuses to re-read the slave zone.
- Bugfix #365: set patch style and zonec verbose for nsdc.
- First step of bug #369: RRSIG DNSKEY sets zone to be treated DNSSEC.
- Bugfix #375: typos in nsd.conf.5.
- Bugfix #381: Binary escaped and transfers.
- Bugfix #397: Don't allow relative domain names as origin in $INCLUDE
- Fix printout of IPSECKEY by nsd-patch.
- Fix is_existing flag for ENT when domain that has a shared ENT
  is deleted by IXFR. (ENT == Empty Non-Terminal)
- Fix bug if the zonefile is changed for a secondary but stored
  transfers are applied, and stop it from applying ixfr to empty zone.
  The zone is flagged with error and AXFR-ed.
- Fix to have no authority NS set processing for CNAMEs.
- Fix nsd-checkconf to check tsig algorithms properly.
- Set the AA bit on responses that have an authoritative CNAME.
- Fix denial of existence response for empty non-terminal that looks
  like a NSEC3-only domain (but has data below it).

- nsd.db version number increased because NSD 3.2.7 and earlier
  zonec is not compatible due to the TXT strings change. Please
  run nsdc rebuild before running NSD 3.2.9 and later versions.

Generated with FreeBSD Port Tools 0.99
Comment 1 Martin Wilke freebsd_committer 2011-11-23 12:29:21 UTC
Responsible Changed
From-To: freebsd-ports-bugs->miwi

I'll take it.
Comment 2 Martin Wilke freebsd_committer 2011-11-28 11:36:59 UTC
State Changed
From-To: open->closed

Committed. Thanks!
Comment 3 dfilter service freebsd_committer 2011-11-28 11:37:07 UTC
miwi        2011-11-28 11:36:53 UTC

  FreeBSD ports repository

  Modified files:
    dns/nsd              Makefile distinfo 
    dns/nsd/files        nsd.in 
  - Update to 3.2.9
  PR:             162782
  Submitted by:   Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
  Feature safe:   yes
  Revision  Changes    Path
  1.54      +11 -1     ports/dns/nsd/Makefile
  1.38      +2 -2      ports/dns/nsd/distinfo
  1.9       +3 -1      ports/dns/nsd/files/nsd.in
cvs-all@freebsd.org mailing list
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"