Bug 242102 - dns/nsd: Update to 4.2.3
Summary: dns/nsd: Update to 4.2.3
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Jochen Neumeister
Keywords: buildisok
Depends on:
Reported: 2019-11-20 10:32 UTC by Jaap Akkerhuis
Modified: 2019-11-23 13:03 UTC (History)
1 user (show)

See Also:
jaap: maintainer-feedback+

patch to update (798 bytes, patch)
2019-11-20 10:32 UTC, Jaap Akkerhuis
jaap: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jaap Akkerhuis 2019-11-20 10:32:07 UTC
Created attachment 209273 [details]
patch to update

This release has log fixes, features of confine-to-zone and startup
management, an implementation changes in the configuration parser and
socket handling code simplifications.  The implementation changes make
the parser context aware, which is useful for the syntax of (future)
config options.  The socket handling code was rewritten to split it
apart in separately handleable routines.

The confine-to-zone: yesno option from Greg Bock, if enabled stops NSD
from responding with data outside of the zone the query was aimed at.
Answers contain data that comes from one zone only.

The startup management patch for s6 and other service supervisors from
Cameron Nemo can be used to signal readiness notification to them, it is
in contrib.  With that there is the new option that an empty pidfile
statement (pidfile: "") in nsd.conf can be used to run NSD without
having NSD create an nsd.pid file at startup.

There is fix for the sort order of included configuration files with the
include: statement.  Due to a programming oversight it was sorted, but
in reverse.  Files are now included in the sorted order.  Mostly, if
files contain configuration snippets of different zones, or config about
different features, the include order should not matter for them.

- For #39: confine-to-zone configures NSD to not return out-of-zone
  additional information. Contributed by Greg Bock.
- For #21: pidfile "" allows to run NSD without a pidfile, for
  startup management tools like daemontools.
- For #21 add
  that adds support for readiness notification with READY_FD from
  Cameron Nemo.

- Fix #35: excessive logging of ixfr failures, it stops the log when
  fallback to axfr is possible. log is enabled at high verbosity.
- Fixup warnings during --disable-ipv6 compile.
- The nsd.conf includes are sorted ascending, for include statements
  with a '*' from glob.
- Fix #38: log address and failure reason with tls handshake errors,
  squelches (the same as unbound) some unless high verbosity is used.
- Fixup clang analysis warning in xfrd_parse_received_xfr_packet
  master dereference.

- Number of different UDP handlers has been reduced to one. recvmmsg
  and sendmmsg implementations are now used on all platforms.
  Compatible implementations are in place for systems that lack the
  system calls.
- Socket options are now set in designated functions for easy reuse.
- Socket setup has been simplified for easy reuse.
- Configuration parser is now aware of the context in which an option
  was specified.
- Fix #44: document that remote-control is a top-level nsd.conf
Comment 1 Automation User 2019-11-20 10:48:36 UTC
Build info is available at https://gitlab.com/swills/freebsd-ports/pipelines/97234860
Comment 2 commit-hook freebsd_committer 2019-11-23 13:03:48 UTC
A commit references this bug:

Author: joneum
Date: Sat Nov 23 13:03:29 UTC 2019
New revision: 518232
URL: https://svnweb.freebsd.org/changeset/ports/518232

  Update to 4.2.3

  PR:		242102
  Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
  Sponsored by:	Netzkommune GmbH