Created attachment 205607 [details]
patch to upgrade
This release fixes issues in the stream handling, from 4.2.0, but also
earlier, in the event handling of streams.
The new statistics counters for TLS can give information about how many
incoming DNS over TLS connections for queries have been received.
There are two new options to set the buffer sizes for the network
sockets, this allows an increase for servers that want a bigger size
than the default, which is already an increase over the system default.
Increased buffer size for a network socket helps with traffic spikes.
The options are send-buffer-size and receive-buffer-size, they set their
respective socket options for buffer space.
When an AXFR download is in progress, to a client, and the zone is
updated at that same time, then NSD no longer resets the connection, but
allows that transfer to complete.
The tcp-reject-overflow option can be used to close all connections that
are incoming when the server is full on TCP connections, this stops
those connections from waiting for a spot.
- Added num.tls and num.tls6 stat counters.
- PR #12: send-buffer-size, receive-buffer-size,
tcp-reject-overflow options for nsd.conf, from Jeroen Koekkoek.
- Fix #14, tcp connections have 1/10 to be active and have to work
every second, and then they get time to complete during a reload,
this is a process that lingers with the old version during a version
- Fix #13: Stray dot at the end of some log entries, removes dot
after updated serial number in log entry.
- Fix TLS cipher selection, the previous was redundant, prefers
CHACHA20-POLY1305 over AESGCM and was not as readable as it
- Consolidate server tls context create and remote control context
create, with hardening for the remote control tls context too.
- Fix to init event structure for reassignment.
- Fix to init event not pointer, in reassignment.
- Fix #15: crash in SSL library, initialize variables for TCP access
when TLS is configured.
- Fix tls handshake event callback function mistake, reported
by Mykhailo Danylenko.
- Initialize event structures before event_set, to stop uninitialized
values from setting event library lists and assertions, that would
sometimes also show after event_del.
- Do not use symbol from libc, instead use own replacement, if not
available, for accept4.
- Fix output of nsd-checkconf -h.
A commit references this bug:
Date: Mon Jul 15 18:27:52 UTC 2019
New revision: 506701
dns/nsd: Upgrade to version 4.2.1
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)