Bug 230591 - dns/nsd: Update to 4.1.24
Summary: dns/nsd: Update to 4.1.24
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Danilo G. Baio
Depends on:
Reported: 2018-08-13 13:20 UTC by Jaap Akkerhuis
Modified: 2018-08-15 23:34 UTC (History)
1 user (show)

See Also:

patch to upgrade (809 bytes, patch)
2018-08-13 13:20 UTC, Jaap Akkerhuis
jaap: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jaap Akkerhuis 2018-08-13 13:20:13 UTC
Created attachment 196156 [details]
patch to upgrade

This version has a fix for a bug in resigning zones with different NSEC3
salt, where NSD would not pick up the NSEC3PARAM record, and serve
answers that omit NSEC3 records.  NSD is now lenient and when
NSEC3PARAMs exist that point to nonworking NSEC3 chains, NSD attempts to
find an alternative NSEC3PARAM with NSEC3 records.

It is possible to use nsd-control over a command pipe, without using
TLS, by setting the name of the control socket file.  Access permissions
on that file then act as the access control.  No TLS is used, because it
is not network traffic, and this is likely faster.
Also systemd support is added for readiness signalling.  Enabled with
use-systemd: yes.
- #4102: control interface via local socket.
  configure it with control-interface: "/path/nsd.ctl"  The path
  has to start with a / to separate it from an IP address.
  The local socket does not use SSL, but unencrypted traffic, use
  file and containing directory permissions to restrict access.
- configure --enable-systemd (needs pkg-config and libsystemd) can
  be used to then use-systemd: yes in nsd.conf and have readiness
  signalling with systemd.
- RFC8162 support, for record type SMIMEA.
- Patch to fix openwrt for mac os build darwin detection in configure.
- Fix that first control-interface determines if TLS is used.  Warn
  when IP address interfaces are used without TLS.
- #4106: Fix that stats printed from nsd-control are recast from
  unsigned long to unsigned (remote.c).
- Fix that type CAA (and URI) in the zone file can contain
  dots when not in quotes.
- #4133: Fix that when IXFR contains a zone with broken NSEC3PARAM
  chain, NSD leniently attempts to find a working NSEC3PARAM.
Comment 1 commit-hook freebsd_committer 2018-08-15 23:33:18 UTC
A commit references this bug:

Author: dbaio
Date: Wed Aug 15 23:33:07 UTC 2018
New revision: 477296
URL: https://svnweb.freebsd.org/changeset/ports/477296

  dns/nsd: Update to 4.1.24

  PR:		230591
  Submitted by:	jaap@NLnetLabs.nl (maintainer)

Comment 2 Danilo G. Baio freebsd_committer 2018-08-15 23:34:27 UTC
Committed, thanks!