Created attachment 194154 [details]
Patch to upgrade
This release fixes a bug where zone transfers would not succeed, because
of an error in the selective NSEC3 allocation (introduced in 4.1.18).
The refuse ANY query feature now sends truncated answers over UDP and
allows TCP queries. This is the same size response on UDP as the
refusal but allows the query to succeed over TCP for genuine queriers
that fallback to that transport mechanism.
The release contains a speed up for TCP processing that should NSD
better at handling large numbers of incoming TCP connections.
- refuse-any sends truncation (+TC) in reply to ANY queries over UDP,
and allows TCP queries like normal.
- Use accept4 to speed up answer of TCP queries, on Linux, FreeBSD
- Fix nsec3 hash of parent and child co-hosted nsec3 enabled zones.
- Fix to use same condition for nsec3 hash allocation and free.
A commit references this bug:
Date: Thu Jun 14 22:59:06 UTC 2018
New revision: 472409
dns/nsd: upgrade to version 4.1.22
Submitted by: jaap@NLnetLabs.nl (maintainer)