From owner-svn-src-stable-9@freebsd.org Wed Sep 28 06:11:03 2016 Return-Path: Delivered-To: svn-src-stable-9@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3CF1CC00EB7; Wed, 28 Sep 2016 06:11:03 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DD91EE2F; Wed, 28 Sep 2016 06:11:02 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u8S6B2Br097691; Wed, 28 Sep 2016 06:11:02 GMT (envelope-from delphij@FreeBSD.org) Received: (from delphij@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u8S6B1Q9097685; Wed, 28 Sep 2016 06:11:01 GMT (envelope-from delphij@FreeBSD.org) Message-Id: <201609280611.u8S6B1Q9097685@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: delphij set sender to delphij@FreeBSD.org using -f From: Xin LI Date: Wed, 28 Sep 2016 06:11:01 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r306394 - in stable/9: contrib/bind9 contrib/bind9/bin/check contrib/bind9/bin/confgen contrib/bind9/bin/dig contrib/bind9/bin/dnssec contrib/bind9/bin/named contrib/bind9/bin/named/inc... X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Sep 2016 06:11:03 -0000 Author: delphij Date: Wed Sep 28 06:11:01 2016 New Revision: 306394 URL: https://svnweb.freebsd.org/changeset/base/306394 Log: MFV r306384: BIND 9.9.9-P3. Added: stable/9/contrib/bind9/doc/arm/Bv9ARM.conf - copied unchanged from r306384, vendor/bind9/dist/doc/arm/Bv9ARM.conf stable/9/contrib/bind9/doc/arm/logging-categories.xml - copied unchanged from r306384, vendor/bind9/dist/doc/arm/logging-categories.xml stable/9/contrib/bind9/doc/arm/man.dnssec-importkey.html - copied unchanged from r306384, vendor/bind9/dist/doc/arm/man.dnssec-importkey.html stable/9/contrib/bind9/doc/arm/man.lwresd.html - copied unchanged from r306384, vendor/bind9/dist/doc/arm/man.lwresd.html stable/9/contrib/bind9/doc/arm/man.named.conf.html - copied unchanged from r306384, vendor/bind9/dist/doc/arm/man.named.conf.html stable/9/contrib/bind9/doc/arm/notes.conf - copied unchanged from r306384, vendor/bind9/dist/doc/arm/notes.conf stable/9/contrib/bind9/doc/arm/noteversion.xml.in - copied unchanged from r306384, vendor/bind9/dist/doc/arm/noteversion.xml.in stable/9/contrib/bind9/doc/arm/pkgversion.xml.in - copied unchanged from r306384, vendor/bind9/dist/doc/arm/pkgversion.xml.in stable/9/contrib/bind9/doc/arm/releaseinfo.xml.in - copied unchanged from r306384, vendor/bind9/dist/doc/arm/releaseinfo.xml.in stable/9/contrib/bind9/lib/dns/rdata/generic/avc_258.c - copied unchanged from r306384, vendor/bind9/dist/lib/dns/rdata/generic/avc_258.c stable/9/contrib/bind9/lib/dns/rdata/generic/avc_258.h - copied unchanged from r306384, vendor/bind9/dist/lib/dns/rdata/generic/avc_258.h stable/9/contrib/bind9/lib/dns/rdata/generic/csync_62.c - copied unchanged from r306384, vendor/bind9/dist/lib/dns/rdata/generic/csync_62.c stable/9/contrib/bind9/lib/dns/rdata/generic/csync_62.h - copied unchanged from r306384, vendor/bind9/dist/lib/dns/rdata/generic/csync_62.h stable/9/contrib/bind9/lib/dns/rdata/generic/ninfo_56.c - copied unchanged from r306384, vendor/bind9/dist/lib/dns/rdata/generic/ninfo_56.c stable/9/contrib/bind9/lib/dns/rdata/generic/ninfo_56.h - copied unchanged from r306384, vendor/bind9/dist/lib/dns/rdata/generic/ninfo_56.h stable/9/contrib/bind9/lib/dns/rdata/generic/rkey_57.c - copied unchanged from r306384, vendor/bind9/dist/lib/dns/rdata/generic/rkey_57.c stable/9/contrib/bind9/lib/dns/rdata/generic/rkey_57.h - copied unchanged from r306384, vendor/bind9/dist/lib/dns/rdata/generic/rkey_57.h stable/9/contrib/bind9/lib/dns/rdata/generic/sink_40.c - copied unchanged from r306384, vendor/bind9/dist/lib/dns/rdata/generic/sink_40.c stable/9/contrib/bind9/lib/dns/rdata/generic/sink_40.h - copied unchanged from r306384, vendor/bind9/dist/lib/dns/rdata/generic/sink_40.h stable/9/contrib/bind9/lib/dns/rdata/generic/smimea_53.c - copied unchanged from r306384, vendor/bind9/dist/lib/dns/rdata/generic/smimea_53.c stable/9/contrib/bind9/lib/dns/rdata/generic/smimea_53.h - copied unchanged from r306384, vendor/bind9/dist/lib/dns/rdata/generic/smimea_53.h stable/9/contrib/bind9/lib/dns/rdata/generic/ta_32768.c - copied unchanged from r306384, vendor/bind9/dist/lib/dns/rdata/generic/ta_32768.c stable/9/contrib/bind9/lib/dns/rdata/generic/ta_32768.h - copied unchanged from r306384, vendor/bind9/dist/lib/dns/rdata/generic/ta_32768.h stable/9/contrib/bind9/lib/dns/rdata/generic/talink_58.c - copied unchanged from r306384, vendor/bind9/dist/lib/dns/rdata/generic/talink_58.c stable/9/contrib/bind9/lib/dns/rdata/generic/talink_58.h - copied unchanged from r306384, vendor/bind9/dist/lib/dns/rdata/generic/talink_58.h Deleted: stable/9/contrib/bind9/doc/arm/html-fixup.pl Modified: stable/9/contrib/bind9/CHANGES stable/9/contrib/bind9/FAQ stable/9/contrib/bind9/FAQ.xml stable/9/contrib/bind9/Makefile.in stable/9/contrib/bind9/README stable/9/contrib/bind9/acconfig.h stable/9/contrib/bind9/bin/check/Makefile.in stable/9/contrib/bind9/bin/check/named-checkconf.8 stable/9/contrib/bind9/bin/check/named-checkconf.c stable/9/contrib/bind9/bin/check/named-checkconf.docbook stable/9/contrib/bind9/bin/check/named-checkconf.html stable/9/contrib/bind9/bin/check/named-checkzone.8 stable/9/contrib/bind9/bin/check/named-checkzone.c stable/9/contrib/bind9/bin/check/named-checkzone.docbook stable/9/contrib/bind9/bin/check/named-checkzone.html stable/9/contrib/bind9/bin/confgen/Makefile.in stable/9/contrib/bind9/bin/confgen/ddns-confgen.8 stable/9/contrib/bind9/bin/confgen/ddns-confgen.docbook stable/9/contrib/bind9/bin/confgen/ddns-confgen.html stable/9/contrib/bind9/bin/confgen/rndc-confgen.8 stable/9/contrib/bind9/bin/confgen/rndc-confgen.docbook stable/9/contrib/bind9/bin/confgen/rndc-confgen.html stable/9/contrib/bind9/bin/dig/Makefile.in stable/9/contrib/bind9/bin/dig/dig.1 stable/9/contrib/bind9/bin/dig/dig.c stable/9/contrib/bind9/bin/dig/dig.docbook stable/9/contrib/bind9/bin/dig/dig.html stable/9/contrib/bind9/bin/dig/dighost.c stable/9/contrib/bind9/bin/dig/host.1 stable/9/contrib/bind9/bin/dig/host.docbook stable/9/contrib/bind9/bin/dig/host.html stable/9/contrib/bind9/bin/dig/nslookup.1 stable/9/contrib/bind9/bin/dig/nslookup.docbook stable/9/contrib/bind9/bin/dig/nslookup.html stable/9/contrib/bind9/bin/dnssec/Makefile.in stable/9/contrib/bind9/bin/dnssec/dnssec-dsfromkey.8 stable/9/contrib/bind9/bin/dnssec/dnssec-dsfromkey.docbook stable/9/contrib/bind9/bin/dnssec/dnssec-dsfromkey.html stable/9/contrib/bind9/bin/dnssec/dnssec-importkey.8 stable/9/contrib/bind9/bin/dnssec/dnssec-importkey.docbook stable/9/contrib/bind9/bin/dnssec/dnssec-importkey.html stable/9/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.8 stable/9/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.docbook stable/9/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.html stable/9/contrib/bind9/bin/dnssec/dnssec-keygen.8 stable/9/contrib/bind9/bin/dnssec/dnssec-keygen.docbook stable/9/contrib/bind9/bin/dnssec/dnssec-keygen.html stable/9/contrib/bind9/bin/dnssec/dnssec-revoke.8 stable/9/contrib/bind9/bin/dnssec/dnssec-revoke.c stable/9/contrib/bind9/bin/dnssec/dnssec-revoke.docbook stable/9/contrib/bind9/bin/dnssec/dnssec-revoke.html stable/9/contrib/bind9/bin/dnssec/dnssec-settime.8 stable/9/contrib/bind9/bin/dnssec/dnssec-settime.c stable/9/contrib/bind9/bin/dnssec/dnssec-settime.docbook stable/9/contrib/bind9/bin/dnssec/dnssec-settime.html stable/9/contrib/bind9/bin/dnssec/dnssec-signzone.8 stable/9/contrib/bind9/bin/dnssec/dnssec-signzone.c stable/9/contrib/bind9/bin/dnssec/dnssec-signzone.docbook stable/9/contrib/bind9/bin/dnssec/dnssec-signzone.html stable/9/contrib/bind9/bin/dnssec/dnssec-verify.8 stable/9/contrib/bind9/bin/dnssec/dnssec-verify.docbook stable/9/contrib/bind9/bin/dnssec/dnssec-verify.html stable/9/contrib/bind9/bin/named/Makefile.in stable/9/contrib/bind9/bin/named/client.c stable/9/contrib/bind9/bin/named/config.c stable/9/contrib/bind9/bin/named/control.c stable/9/contrib/bind9/bin/named/controlconf.c stable/9/contrib/bind9/bin/named/include/named/log.h stable/9/contrib/bind9/bin/named/include/named/query.h stable/9/contrib/bind9/bin/named/include/named/server.h stable/9/contrib/bind9/bin/named/lwdgrbn.c stable/9/contrib/bind9/bin/named/lwresd.8 stable/9/contrib/bind9/bin/named/lwresd.docbook stable/9/contrib/bind9/bin/named/lwresd.html stable/9/contrib/bind9/bin/named/main.c stable/9/contrib/bind9/bin/named/named.8 stable/9/contrib/bind9/bin/named/named.conf.5 stable/9/contrib/bind9/bin/named/named.conf.docbook stable/9/contrib/bind9/bin/named/named.conf.html stable/9/contrib/bind9/bin/named/named.docbook stable/9/contrib/bind9/bin/named/named.html stable/9/contrib/bind9/bin/named/query.c stable/9/contrib/bind9/bin/named/server.c stable/9/contrib/bind9/bin/named/statschannel.c stable/9/contrib/bind9/bin/named/unix/include/named/os.h stable/9/contrib/bind9/bin/named/unix/os.c stable/9/contrib/bind9/bin/named/xfrout.c stable/9/contrib/bind9/bin/nsupdate/Makefile.in stable/9/contrib/bind9/bin/nsupdate/nsupdate.1 stable/9/contrib/bind9/bin/nsupdate/nsupdate.c stable/9/contrib/bind9/bin/nsupdate/nsupdate.docbook stable/9/contrib/bind9/bin/nsupdate/nsupdate.html stable/9/contrib/bind9/bin/rndc/Makefile.in stable/9/contrib/bind9/bin/rndc/rndc.8 stable/9/contrib/bind9/bin/rndc/rndc.conf.5 stable/9/contrib/bind9/bin/rndc/rndc.conf.docbook stable/9/contrib/bind9/bin/rndc/rndc.conf.html stable/9/contrib/bind9/bin/rndc/rndc.docbook stable/9/contrib/bind9/bin/rndc/rndc.html stable/9/contrib/bind9/bin/tools/Makefile.in stable/9/contrib/bind9/bin/tools/arpaname.1 stable/9/contrib/bind9/bin/tools/arpaname.docbook stable/9/contrib/bind9/bin/tools/arpaname.html stable/9/contrib/bind9/bin/tools/genrandom.8 stable/9/contrib/bind9/bin/tools/genrandom.docbook stable/9/contrib/bind9/bin/tools/genrandom.html stable/9/contrib/bind9/bin/tools/isc-hmac-fixup.8 stable/9/contrib/bind9/bin/tools/isc-hmac-fixup.docbook stable/9/contrib/bind9/bin/tools/isc-hmac-fixup.html stable/9/contrib/bind9/bin/tools/named-journalprint.8 stable/9/contrib/bind9/bin/tools/named-journalprint.docbook stable/9/contrib/bind9/bin/tools/named-journalprint.html stable/9/contrib/bind9/bin/tools/nsec3hash.8 stable/9/contrib/bind9/bin/tools/nsec3hash.docbook stable/9/contrib/bind9/bin/tools/nsec3hash.html stable/9/contrib/bind9/config.h.in stable/9/contrib/bind9/configure.in stable/9/contrib/bind9/doc/Makefile.in stable/9/contrib/bind9/doc/arm/Bv9ARM-book.xml stable/9/contrib/bind9/doc/arm/Bv9ARM.ch01.html stable/9/contrib/bind9/doc/arm/Bv9ARM.ch02.html stable/9/contrib/bind9/doc/arm/Bv9ARM.ch03.html stable/9/contrib/bind9/doc/arm/Bv9ARM.ch04.html stable/9/contrib/bind9/doc/arm/Bv9ARM.ch05.html stable/9/contrib/bind9/doc/arm/Bv9ARM.ch06.html stable/9/contrib/bind9/doc/arm/Bv9ARM.ch07.html stable/9/contrib/bind9/doc/arm/Bv9ARM.ch08.html stable/9/contrib/bind9/doc/arm/Bv9ARM.ch09.html stable/9/contrib/bind9/doc/arm/Bv9ARM.ch10.html stable/9/contrib/bind9/doc/arm/Bv9ARM.ch11.html stable/9/contrib/bind9/doc/arm/Bv9ARM.ch12.html stable/9/contrib/bind9/doc/arm/Bv9ARM.ch13.html stable/9/contrib/bind9/doc/arm/Bv9ARM.html stable/9/contrib/bind9/doc/arm/Bv9ARM.pdf stable/9/contrib/bind9/doc/arm/Makefile.in stable/9/contrib/bind9/doc/arm/README-SGML stable/9/contrib/bind9/doc/arm/dnssec.xml stable/9/contrib/bind9/doc/arm/libdns.xml stable/9/contrib/bind9/doc/arm/man.arpaname.html stable/9/contrib/bind9/doc/arm/man.ddns-confgen.html stable/9/contrib/bind9/doc/arm/man.dig.html stable/9/contrib/bind9/doc/arm/man.dnssec-checkds.html stable/9/contrib/bind9/doc/arm/man.dnssec-coverage.html stable/9/contrib/bind9/doc/arm/man.dnssec-dsfromkey.html stable/9/contrib/bind9/doc/arm/man.dnssec-keyfromlabel.html stable/9/contrib/bind9/doc/arm/man.dnssec-keygen.html stable/9/contrib/bind9/doc/arm/man.dnssec-revoke.html stable/9/contrib/bind9/doc/arm/man.dnssec-settime.html stable/9/contrib/bind9/doc/arm/man.dnssec-signzone.html stable/9/contrib/bind9/doc/arm/man.dnssec-verify.html stable/9/contrib/bind9/doc/arm/man.genrandom.html stable/9/contrib/bind9/doc/arm/man.host.html stable/9/contrib/bind9/doc/arm/man.isc-hmac-fixup.html stable/9/contrib/bind9/doc/arm/man.named-checkconf.html stable/9/contrib/bind9/doc/arm/man.named-checkzone.html stable/9/contrib/bind9/doc/arm/man.named-journalprint.html stable/9/contrib/bind9/doc/arm/man.named.html stable/9/contrib/bind9/doc/arm/man.nsec3hash.html stable/9/contrib/bind9/doc/arm/man.nsupdate.html stable/9/contrib/bind9/doc/arm/man.rndc-confgen.html stable/9/contrib/bind9/doc/arm/man.rndc.conf.html stable/9/contrib/bind9/doc/arm/man.rndc.html stable/9/contrib/bind9/doc/arm/managed-keys.xml stable/9/contrib/bind9/doc/arm/notes-wrapper.xml stable/9/contrib/bind9/doc/arm/notes.html stable/9/contrib/bind9/doc/arm/notes.pdf stable/9/contrib/bind9/doc/arm/notes.xml stable/9/contrib/bind9/doc/arm/pkcs11.xml stable/9/contrib/bind9/doc/misc/options stable/9/contrib/bind9/doc/misc/rfc-compliance stable/9/contrib/bind9/isc-config.sh.in stable/9/contrib/bind9/lib/bind9/Makefile.in stable/9/contrib/bind9/lib/bind9/api stable/9/contrib/bind9/lib/bind9/check.c stable/9/contrib/bind9/lib/bind9/include/bind9/Makefile.in stable/9/contrib/bind9/lib/dns/Makefile.in stable/9/contrib/bind9/lib/dns/acache.c stable/9/contrib/bind9/lib/dns/api stable/9/contrib/bind9/lib/dns/cache.c stable/9/contrib/bind9/lib/dns/client.c stable/9/contrib/bind9/lib/dns/dst_api.c stable/9/contrib/bind9/lib/dns/dst_openssl.h stable/9/contrib/bind9/lib/dns/forward.c stable/9/contrib/bind9/lib/dns/gen.c stable/9/contrib/bind9/lib/dns/include/dns/Makefile.in stable/9/contrib/bind9/lib/dns/include/dns/dbiterator.h stable/9/contrib/bind9/lib/dns/include/dns/forward.h stable/9/contrib/bind9/lib/dns/include/dns/message.h stable/9/contrib/bind9/lib/dns/include/dns/name.h stable/9/contrib/bind9/lib/dns/include/dns/rbt.h stable/9/contrib/bind9/lib/dns/include/dns/view.h stable/9/contrib/bind9/lib/dns/include/dst/Makefile.in stable/9/contrib/bind9/lib/dns/journal.c stable/9/contrib/bind9/lib/dns/master.c stable/9/contrib/bind9/lib/dns/message.c stable/9/contrib/bind9/lib/dns/name.c stable/9/contrib/bind9/lib/dns/nsec3.c stable/9/contrib/bind9/lib/dns/openssl_link.c stable/9/contrib/bind9/lib/dns/openssldh_link.c stable/9/contrib/bind9/lib/dns/openssldsa_link.c stable/9/contrib/bind9/lib/dns/opensslrsa_link.c stable/9/contrib/bind9/lib/dns/rbt.c stable/9/contrib/bind9/lib/dns/rbtdb.c stable/9/contrib/bind9/lib/dns/rcode.c stable/9/contrib/bind9/lib/dns/rdata.c stable/9/contrib/bind9/lib/dns/rdata/any_255/tsig_250.c stable/9/contrib/bind9/lib/dns/rdata/ch_3/a_1.c stable/9/contrib/bind9/lib/dns/rdata/generic/afsdb_18.c stable/9/contrib/bind9/lib/dns/rdata/generic/caa_257.c stable/9/contrib/bind9/lib/dns/rdata/generic/cdnskey_60.c stable/9/contrib/bind9/lib/dns/rdata/generic/cdnskey_60.h stable/9/contrib/bind9/lib/dns/rdata/generic/cds_59.c stable/9/contrib/bind9/lib/dns/rdata/generic/cds_59.h stable/9/contrib/bind9/lib/dns/rdata/generic/cname_5.c stable/9/contrib/bind9/lib/dns/rdata/generic/dlv_32769.c stable/9/contrib/bind9/lib/dns/rdata/generic/dlv_32769.h stable/9/contrib/bind9/lib/dns/rdata/generic/dname_39.c stable/9/contrib/bind9/lib/dns/rdata/generic/dnskey_48.c stable/9/contrib/bind9/lib/dns/rdata/generic/dnskey_48.h stable/9/contrib/bind9/lib/dns/rdata/generic/ds_43.c stable/9/contrib/bind9/lib/dns/rdata/generic/hip_55.c stable/9/contrib/bind9/lib/dns/rdata/generic/ipseckey_45.c stable/9/contrib/bind9/lib/dns/rdata/generic/key_25.c stable/9/contrib/bind9/lib/dns/rdata/generic/key_25.h stable/9/contrib/bind9/lib/dns/rdata/generic/lp_107.c stable/9/contrib/bind9/lib/dns/rdata/generic/mb_7.c stable/9/contrib/bind9/lib/dns/rdata/generic/md_3.c stable/9/contrib/bind9/lib/dns/rdata/generic/mf_4.c stable/9/contrib/bind9/lib/dns/rdata/generic/mg_8.c stable/9/contrib/bind9/lib/dns/rdata/generic/minfo_14.c stable/9/contrib/bind9/lib/dns/rdata/generic/mr_9.c stable/9/contrib/bind9/lib/dns/rdata/generic/mx_15.c stable/9/contrib/bind9/lib/dns/rdata/generic/naptr_35.c stable/9/contrib/bind9/lib/dns/rdata/generic/ns_2.c stable/9/contrib/bind9/lib/dns/rdata/generic/nsec3_50.c stable/9/contrib/bind9/lib/dns/rdata/generic/nsec_47.c stable/9/contrib/bind9/lib/dns/rdata/generic/nxt_30.c stable/9/contrib/bind9/lib/dns/rdata/generic/ptr_12.c stable/9/contrib/bind9/lib/dns/rdata/generic/rp_17.c stable/9/contrib/bind9/lib/dns/rdata/generic/rrsig_46.c stable/9/contrib/bind9/lib/dns/rdata/generic/rt_21.c stable/9/contrib/bind9/lib/dns/rdata/generic/sig_24.c stable/9/contrib/bind9/lib/dns/rdata/generic/soa_6.c stable/9/contrib/bind9/lib/dns/rdata/generic/spf_99.c stable/9/contrib/bind9/lib/dns/rdata/generic/tkey_249.c stable/9/contrib/bind9/lib/dns/rdata/generic/tlsa_52.c stable/9/contrib/bind9/lib/dns/rdata/generic/txt_16.c stable/9/contrib/bind9/lib/dns/rdata/in_1/a6_38.c stable/9/contrib/bind9/lib/dns/rdata/in_1/kx_36.c stable/9/contrib/bind9/lib/dns/rdata/in_1/nsap-ptr_23.c stable/9/contrib/bind9/lib/dns/rdata/in_1/px_26.c stable/9/contrib/bind9/lib/dns/rdata/in_1/srv_33.c stable/9/contrib/bind9/lib/dns/resolver.c stable/9/contrib/bind9/lib/dns/rootns.c stable/9/contrib/bind9/lib/dns/sdlz.c stable/9/contrib/bind9/lib/dns/tkey.c stable/9/contrib/bind9/lib/dns/update.c stable/9/contrib/bind9/lib/dns/view.c stable/9/contrib/bind9/lib/dns/xfrin.c stable/9/contrib/bind9/lib/dns/zone.c stable/9/contrib/bind9/lib/export/dns/Makefile.in stable/9/contrib/bind9/lib/export/dns/include/dns/Makefile.in stable/9/contrib/bind9/lib/export/dns/include/dst/Makefile.in stable/9/contrib/bind9/lib/export/irs/Makefile.in stable/9/contrib/bind9/lib/export/irs/include/irs/Makefile.in stable/9/contrib/bind9/lib/export/isc/Makefile.in stable/9/contrib/bind9/lib/export/isc/include/isc/Makefile.in stable/9/contrib/bind9/lib/export/isc/nothreads/include/isc/Makefile.in stable/9/contrib/bind9/lib/export/isc/pthreads/include/isc/Makefile.in stable/9/contrib/bind9/lib/export/isc/unix/include/isc/Makefile.in stable/9/contrib/bind9/lib/export/isccfg/Makefile.in stable/9/contrib/bind9/lib/export/isccfg/include/isccfg/Makefile.in stable/9/contrib/bind9/lib/export/samples/Makefile.in stable/9/contrib/bind9/lib/irs/Makefile.in stable/9/contrib/bind9/lib/irs/resconf.c stable/9/contrib/bind9/lib/isc/Makefile.in stable/9/contrib/bind9/lib/isc/alpha/include/isc/Makefile.in stable/9/contrib/bind9/lib/isc/api stable/9/contrib/bind9/lib/isc/base32.c stable/9/contrib/bind9/lib/isc/base64.c stable/9/contrib/bind9/lib/isc/buffer.c stable/9/contrib/bind9/lib/isc/commandline.c stable/9/contrib/bind9/lib/isc/hash.c stable/9/contrib/bind9/lib/isc/hex.c stable/9/contrib/bind9/lib/isc/httpd.c stable/9/contrib/bind9/lib/isc/ia64/include/isc/Makefile.in stable/9/contrib/bind9/lib/isc/include/isc/Makefile.in stable/9/contrib/bind9/lib/isc/include/isc/assertions.h stable/9/contrib/bind9/lib/isc/include/isc/error.h stable/9/contrib/bind9/lib/isc/include/isc/file.h stable/9/contrib/bind9/lib/isc/include/isc/hash.h stable/9/contrib/bind9/lib/isc/include/isc/magic.h stable/9/contrib/bind9/lib/isc/include/isc/netaddr.h stable/9/contrib/bind9/lib/isc/include/isc/platform.h.in stable/9/contrib/bind9/lib/isc/include/isc/result.h stable/9/contrib/bind9/lib/isc/include/isc/sockaddr.h stable/9/contrib/bind9/lib/isc/include/isc/socket.h stable/9/contrib/bind9/lib/isc/include/isc/util.h stable/9/contrib/bind9/lib/isc/md5.c stable/9/contrib/bind9/lib/isc/mem.c stable/9/contrib/bind9/lib/isc/mips/include/isc/Makefile.in stable/9/contrib/bind9/lib/isc/netaddr.c stable/9/contrib/bind9/lib/isc/noatomic/include/isc/Makefile.in stable/9/contrib/bind9/lib/isc/nothreads/include/isc/Makefile.in stable/9/contrib/bind9/lib/isc/powerpc/include/isc/Makefile.in stable/9/contrib/bind9/lib/isc/pthreads/include/isc/Makefile.in stable/9/contrib/bind9/lib/isc/result.c stable/9/contrib/bind9/lib/isc/sockaddr.c stable/9/contrib/bind9/lib/isc/sparc64/include/isc/Makefile.in stable/9/contrib/bind9/lib/isc/stats.c stable/9/contrib/bind9/lib/isc/string.c stable/9/contrib/bind9/lib/isc/task.c stable/9/contrib/bind9/lib/isc/unix/file.c stable/9/contrib/bind9/lib/isc/unix/include/isc/Makefile.in stable/9/contrib/bind9/lib/isc/unix/net.c stable/9/contrib/bind9/lib/isc/unix/socket.c stable/9/contrib/bind9/lib/isc/x86_32/include/isc/Makefile.in stable/9/contrib/bind9/lib/isc/x86_32/include/isc/atomic.h stable/9/contrib/bind9/lib/isc/x86_64/include/isc/Makefile.in stable/9/contrib/bind9/lib/isc/x86_64/include/isc/atomic.h stable/9/contrib/bind9/lib/isccc/Makefile.in stable/9/contrib/bind9/lib/isccc/cc.c stable/9/contrib/bind9/lib/isccc/include/isccc/Makefile.in stable/9/contrib/bind9/lib/isccc/sexpr.c stable/9/contrib/bind9/lib/isccfg/Makefile.in stable/9/contrib/bind9/lib/isccfg/aclconf.c stable/9/contrib/bind9/lib/isccfg/api stable/9/contrib/bind9/lib/isccfg/include/isccfg/Makefile.in stable/9/contrib/bind9/lib/isccfg/namedconf.c stable/9/contrib/bind9/lib/isccfg/parser.c stable/9/contrib/bind9/lib/lwres/Makefile.in stable/9/contrib/bind9/lib/lwres/man/Makefile.in stable/9/contrib/bind9/lib/lwres/man/lwres.3 stable/9/contrib/bind9/lib/lwres/man/lwres.docbook stable/9/contrib/bind9/lib/lwres/man/lwres.html stable/9/contrib/bind9/lib/lwres/man/lwres_buffer.3 stable/9/contrib/bind9/lib/lwres/man/lwres_buffer.docbook stable/9/contrib/bind9/lib/lwres/man/lwres_buffer.html stable/9/contrib/bind9/lib/lwres/man/lwres_config.3 stable/9/contrib/bind9/lib/lwres/man/lwres_config.docbook stable/9/contrib/bind9/lib/lwres/man/lwres_config.html stable/9/contrib/bind9/lib/lwres/man/lwres_context.3 stable/9/contrib/bind9/lib/lwres/man/lwres_context.docbook stable/9/contrib/bind9/lib/lwres/man/lwres_context.html stable/9/contrib/bind9/lib/lwres/man/lwres_gabn.3 stable/9/contrib/bind9/lib/lwres/man/lwres_gabn.docbook stable/9/contrib/bind9/lib/lwres/man/lwres_gabn.html stable/9/contrib/bind9/lib/lwres/man/lwres_gai_strerror.3 stable/9/contrib/bind9/lib/lwres/man/lwres_gai_strerror.docbook stable/9/contrib/bind9/lib/lwres/man/lwres_gai_strerror.html stable/9/contrib/bind9/lib/lwres/man/lwres_getaddrinfo.3 stable/9/contrib/bind9/lib/lwres/man/lwres_getaddrinfo.docbook stable/9/contrib/bind9/lib/lwres/man/lwres_getaddrinfo.html stable/9/contrib/bind9/lib/lwres/man/lwres_gethostent.3 stable/9/contrib/bind9/lib/lwres/man/lwres_gethostent.docbook stable/9/contrib/bind9/lib/lwres/man/lwres_gethostent.html stable/9/contrib/bind9/lib/lwres/man/lwres_getipnode.3 stable/9/contrib/bind9/lib/lwres/man/lwres_getipnode.docbook stable/9/contrib/bind9/lib/lwres/man/lwres_getipnode.html stable/9/contrib/bind9/lib/lwres/man/lwres_getnameinfo.3 stable/9/contrib/bind9/lib/lwres/man/lwres_getnameinfo.docbook stable/9/contrib/bind9/lib/lwres/man/lwres_getnameinfo.html stable/9/contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.3 stable/9/contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.docbook stable/9/contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.html stable/9/contrib/bind9/lib/lwres/man/lwres_gnba.3 stable/9/contrib/bind9/lib/lwres/man/lwres_gnba.docbook stable/9/contrib/bind9/lib/lwres/man/lwres_gnba.html stable/9/contrib/bind9/lib/lwres/man/lwres_hstrerror.3 stable/9/contrib/bind9/lib/lwres/man/lwres_hstrerror.docbook stable/9/contrib/bind9/lib/lwres/man/lwres_hstrerror.html stable/9/contrib/bind9/lib/lwres/man/lwres_inetntop.3 stable/9/contrib/bind9/lib/lwres/man/lwres_inetntop.docbook stable/9/contrib/bind9/lib/lwres/man/lwres_inetntop.html stable/9/contrib/bind9/lib/lwres/man/lwres_noop.3 stable/9/contrib/bind9/lib/lwres/man/lwres_noop.docbook stable/9/contrib/bind9/lib/lwres/man/lwres_noop.html stable/9/contrib/bind9/lib/lwres/man/lwres_packet.3 stable/9/contrib/bind9/lib/lwres/man/lwres_packet.docbook stable/9/contrib/bind9/lib/lwres/man/lwres_packet.html stable/9/contrib/bind9/lib/lwres/man/lwres_resutil.3 stable/9/contrib/bind9/lib/lwres/man/lwres_resutil.docbook stable/9/contrib/bind9/lib/lwres/man/lwres_resutil.html stable/9/contrib/bind9/make/rules.in stable/9/contrib/bind9/version stable/9/lib/bind/dns/code.h stable/9/lib/bind/dns/dns/enumtype.h stable/9/lib/bind/dns/dns/rdatastruct.h stable/9/share/doc/bind9/Makefile Directory Properties: stable/9/contrib/bind9/ (props changed) Modified: stable/9/contrib/bind9/CHANGES ============================================================================== --- stable/9/contrib/bind9/CHANGES Wed Sep 28 05:12:09 2016 (r306393) +++ stable/9/contrib/bind9/CHANGES Wed Sep 28 06:11:01 2016 (r306394) @@ -1,4 +1,96 @@ - --- 9.9.8-P4 released --- + --- 9.9.9-P3 released --- + +4467. [security] It was possible to trigger a assertion when rendering + a message. (CVE-2016-2776) [RT #43139] + + --- 9.9.9-P2 released --- + +4406. [bug] getrrsetbyname with a non absolute name could + trigger an infinite recursion bug in lwresd + and named with lwres configured if when combined + with a search list entry the resulting name is + too long. (CVE-2016-2775) [RT #42694] + +4405. [bug] Change 4342 introduced a regression where you could + not remove a delegation in a NSEC3 signed zone using + OPTOUT via nsupdate. [RT #42702] + +4387. [bug] Change 4336 was not complete leading to SERVFAIL + being return as NS records expired. [RT #42683] + + --- 9.9.9-P1 released --- + +4366. [bug] Address race condition when updating rbtnode bit + fields. [RT #42379] + +4363. [port] win32: Disable explicit triggering UAC when running + BINDInstall. + + --- 9.9.9 released --- + + --- 9.9.9rc1 released --- + +4347. [port] Corrected a build error on x86_64 Solaris. [RT #42150] + +4346. [bug] Fixed a regression introduced in change #4337 which + caused signed domains with revoked KSKs to fail + validation. [RT #42147] + +4345. [contrib] perftcpdns mishandled the return values from + clock_nanosleep. [RT #42131] + +4344. [port] Address openssl version differences. [RT #42059] + + --- 9.9.9b2 released --- + +4342. [bug] 'rndc flushtree' could fail to clean the tree if there + wasn't a node at the specified name. [RT #41846] + +4338. [bug] Reimplement change 4324 as it wasn't properly doing + all the required book keeping. [RT #41941] + +4337. [bug] The previous change exposed a latent flaw in + key refresh queries for managed-keys when + a cached DNSKEY had TTL 0. [RT #41986] + +4336. [bug] Don't emit records with zero ttl unless the records + were learnt with a zero ttl. [RT #41687] + +4335. [bug] zone->view could be detached too early. [RT #41942] + +4333. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42 and + 2001:500:9f::42. + +4331. [func] When loading managed signed zones detect if the + RRSIG's inception time is in the future and regenerate + the RRSIG immediately. [RT #41808] + +4330. [protocol] Identify the PAD option as "PAD" when printing out + a message. + + --- 9.9.9b1 released --- + +4329. [func] Warn about a common misconfiguration when forwarding + RFC 1918 zones. [RT #41441] + +4328. [performance] Add dns_name_fromwire() benchmark test. [RT #41694] + +4327. [func] Log query and depth counters during fetches when + querytrace (./configure --enable-querytrace) is + enabled (helps in diagnosing). [RT #41787] + +4326. [protocol] Add support for AVC. [RT #41819] + +4324. [bug] When deleting records from a zone database, interior + nodes could be left empty but not deleted, damaging + search performance afterward. [RT #40997] + +4323. [bug] Improve HTTP header processing on statschannel. + [RT #41674] + +4320. [bug] Insufficient memory allocation when handling + "none" ACL could cause an assertion failure in + named when parsing ACL configuration. [RT #41745] 4319. [security] Fix resolver assertion failure due to improper DNAME handling when parsing fetch reply messages. @@ -7,20 +99,122 @@ 4318. [security] Malformed control messages can trigger assertions in named and rndc. (CVE-2016-1285) [RT #41666] - --- 9.9.8-P3 released --- +4317. [bug] Age all unused servers on fetch timeout. [RT #41597] + +4315. [bug] Check that configured view class isn't a meta class. + [RT #41572]. + +4314. [contrib] Added 'dnsperf-2.1.0.0-1', a set of performance + testing tools provided by Nominum, Inc. + +4313. [bug] Handle ns_client_replace failures in test mode. + [RT #41190] + +4312. [bug] dig's unknown DNS and EDNS flags (MBZ value) logging + was not consistent. [RT #41600] + +4311. [bug] Prevent "rndc delzone" from being used on + response-policy zones. [RT #41593] + +4310. [performance] Use __builtin_expect() where available to annotate + conditions with known behavior. [RT #41411] + +4308. [func] Added operating system details to "named -V" + output. [RT #41452] + +4306. [maint] Added a PKCS#11 openssl patch supporting + version 1.0.2f [RT #38312] + +4305. [bug] dnssec-signzone was not removing unnecessary rrsigs + from the zone's apex. [RT #41483] + +4304. [port] xfer system test failed as 'tail -n +value' is not + portable. [RT #41315] + +4302. [port] win32: fixed a build error in VS 2015. [RT #41426] + +4300. [cleanup] Added new querytrace logging. [RT #41155] + +4299. [bug] Check that exactly totallen bytes are read when + reading a RRset from raw files in both single read + and incremental modes. [RT #41402] + +4297. [bug] RPZ zones with errors could cause a crash when a + pointer was cleaned up twice. [RT #41518] + +4295. [bug] An unchecked result in dns_message_pseudosectiontotext() + could allow incorrect text formatting of EDNS EXPIRE + options. [RT #41437] + +4294. [bug] Fixed a regression in which "rndc stop -p" failed + to print the PID. [RT #41513] + +4293. [bug] Address memory leak on priming query creation failure. + [RT #41512] + +4292. [bug] Build lib/export/dns/gen with native compiler. + [RT #41502] + +4291. [cleanup] Added a required include to dns/forward.h. [RT #41474] + +4289. [bug] The server could crash due to memory being used + after it was freed if a zone transfer timed out. + [RT #41297] 4288. [bug] Fixed a regression in resolver.c:possibly_mark() which caused known-bogus servers to be queried anyway. [RT #41321] +4287. [bug] Silence an overly noisy log message when message + parsing fails. [RT #41374] + 4285. [security] Specific APL data could trigger a INSIST. (CVE-2015-8704) [RT #41396] - --- 9.9.8-P2 released --- +4283. [bug] OPENSSL_config is no longer re-callable. [RT #41348] + +4281. [bug] Teach dns_message_totext about BADCOOKIE. [RT #41257] + +4280. [performance] Use optimal message sizes to improve compression + in AXFRs. This reduces network traffic. [RT #40996] + +4277. [performance] Improve performance of the RBT, the central zone + datastructure: The aux hashtable was improved, + hash function was updated to perform more + uniform mapping, uppernode was added to + dns_rbtnode, and other cleanups and performance + improvements were made. [RT #41165] + +4276. [protocol] Add support for SMIMEA. [RT #40513] + +4274. [performance] Speed up typemap processing from text. [RT #41196] + +4272. [bug] dig: the +norrcomments option didn't work with +multi. + [RT #41234] + +4271. [test] Unit tests could deadlock in isc__taskmgr_pause(). + [RT #41235] 4270. [security] Update allowed OpenSSL versions as named is potentially vulnerable to CVE-2015-3193. +4267. [test] Check sdlz error handling. [RT #41142] + +4266. [bug] The sdlz driver failed to pass some errors back to + the caller. [RT #41142] + +4265. [bug] Address unchecked isc_mem_get calls. [RT #41187] + +4264. [bug] Check const of strchr/strrchr assignments match + argument's const status. [RT #41150] + +4262. [bug] Fixed a bug in epoll socket code that caused + sockets to not be registered for ready + notification in some cases, causing named to not + read from or write to them, resulting in what + appear to the user as blocked connections. + [RT #41067] + 4261. [maint] H.ROOT-SERVERS.NET is 198.97.190.53 and 2001:500:1::53. [RT #40556] @@ -29,10 +223,123 @@ triggering a REQUIRE failure when those records were subsequently cached. (CVE-2015-8000) [RT #40987] +4258. [bug] Limit rndc query message sizes to 32 KiB. This should + not break any legitimate rndc commands, but will + prevent a rogue rndc query from allocating too + much memory. [RT #41073] + +4257. [cleanup] Python scripts reported incorrect version. [RT #41080] + +4256. [bug] Allow rndc command arguments to be quoted so as + to allow spaces. [RT #36665] + +4254. [bug] Address missing lock when getting zone's serial. + [RT #41072] + 4253. [security] Address fetch context reference count handling error - on socket error. (CVE-2015-8461) [RT#40945] + on socket error. (CVE-2015-8461) [RT#40945] + +4248. [performance] Add an isc_atomic_storeq() function, use it in + stats counters to improve performance. + [RT #39972] [RT #39979] + +4244. [bug] The parser was not reporting that use-ixfr is obsolete. + [RT #41010] + +4241. [doc] Improved the TSIG, TKEY, and SIG(0) sections in + the ARM. [RT #40955] + +4240. [port] Fix LibreSSL compatibility. [RT #40977] + +4238. [bug] Don't send to servers on net zero (0.0.0.0/8). + [RT #40947] + +4237. [doc] Upgraded documentation toolchain to use DocBook 5 + and dblatex. [RT #40766] + +4236. [performance] On machines with 2 or more processors (CPU), the + default value for the number of UDP listeners + has been changed to the number of detected + processors minus one. [RT #40761] + +4233. [test] Add tests for CDS and CDNSKEY with delegation-only. + [RT #40597] + +4232. [contrib] Address unchecked memory allocation calls in + query-loc and zone2ldap. [RT #40789] + +4229. [bug] A variable could be used uninitialized in + dns_update_signaturesinc. [RT #40784] + +4228. [bug] Address race condition in dns_client_destroyrestrans. + [RT #40605] + +4227. [bug] Silence static analysis warnings. [RT #40828] + +4226. [bug] Address a theoretical shutdown race in + zone.c:notify_send_queue(). [RT #38958] + +4225. [port] freebsd/openbsd: Use '${CC} -shared' for building + shared libraries. [RT #39557] + +4221. [bug] Resource leak on DNS_R_NXDOMAIN in fctx_create. + [RT #40583] + +4220. [doc] Improve documentation for zone-statistics. + [RT #36955] + +4219. [bug] Set event->result to ISC_R_WOULDBLOCK on EWOULDBLOCK, + EGAIN when these soft error are not retried for + isc_socket_send*(). + +4217. [protocol] Add support for CSYNC. [RT #40532] + +4216. [cleanup] Silence static analysis warnings. [RT #40649] + +4215. [bug] nsupdate: skip to next request on GSSTKEY create + failure. [RT #40685] + +4214. [protocol] Add support for TALINK. [RT #40544] + +4213. [bug] Don't reuse a cache across multiple classes. + [RT #40205] + +4210. [cleanup] Silence use after free false positive. [RT #40743] + +4208. [bug] Address null pointer dereferences on out of memory. + [RT #40764] + +4207. [bug] Handle class mismatches with raw zone files. + [RT #40746] + +4205. [bug] 'named-checkconf -p' could include unwanted spaces + when printing tuples with unset optional fields. + [RT #40731] + +4204. [bug] 'dig +trace' failed to lookup the correct type if + the initial root NS query was retried. [RT #40296] + +4202. [bug] isccc_cc_fromwire() could return an incorrect + result. [RT #40614] + +4201. [func] The default preferred-glue is now the address record + type of the transport the query was received + over. [RT #40468] + +4200. [cleanup] win32: update BINDinstall to be BIND release + independent. [RT #38915] + +4199. [protocol] Add support for NINFO, RKEY, SINK, TA. + [RT #40545] [RT #40547] [RT #40561] [RT #40563] + +4198. [doc] Add fetch-quota-params, fetches-per-server, and + fetches-per-zone to doc/misc/options. [RT #40601] + +4196. [doc] Improve how "enum + other" types are documented. + [RT #40608] - --- 9.9.8-P1 (withdrawn) --- +4194. [bug] named-checkconf -p failed to properly print a port + range. [RT #40634] --- 9.9.8 released --- @@ -47,7 +354,7 @@ 4191. [protocol] Accept DNS-SD non LDH PTR records in reverse zones as per RFC 6763. [RT #37889] -4190. [protocol] Accept Active Diretory gc._msdcs. name as +4190. [protocol] Accept Active Directory gc._msdcs. name as valid with check-names. still needs to be LDH. [RT #40399] Modified: stable/9/contrib/bind9/FAQ ============================================================================== --- stable/9/contrib/bind9/FAQ Wed Sep 28 05:12:09 2016 (r306393) +++ stable/9/contrib/bind9/FAQ Wed Sep 28 06:11:01 2016 (r306394) @@ -1,10 +1,6 @@ -Frequently Asked Questions about BIND 9 - -Copyright © 2004-2010, 2013, 2014 Internet Systems Consortium, Inc. +Copyright ? 2000-2010, 2013-2016 Internet Systems Consortium, Inc. ("ISC") -Copyright © 2000-2003 Internet Software Consortium. - ----------------------------------------------------------------------- 1. Compilation and Installation Questions @@ -94,7 +90,7 @@ Q: I'm trying to use TSIG to authenticat rejecting the TSIG. Why? A: This may be a clock skew problem. Check that the the clocks on the - client and server are properly synchronised (e.g., using ntp). + client and server are properly synchronized (e.g., using ntp). Q: I see a log message like the following. Why? Modified: stable/9/contrib/bind9/FAQ.xml ============================================================================== --- stable/9/contrib/bind9/FAQ.xml Wed Sep 28 05:12:09 2016 (r306393) +++ stable/9/contrib/bind9/FAQ.xml Wed Sep 28 06:11:01 2016 (r306394) @@ -1,7 +1,5 @@ - - + +
-
- Frequently Asked Questions about BIND 9 2004 @@ -32,6 +29,8 @@ 2010 2013 2014 + 2015 + 2016 Internet Systems Consortium, Inc. ("ISC") @@ -42,10 +41,10 @@ Internet Software Consortium. - - - Compilation and Installation Questions - + + + Compilation and Installation Questions + @@ -61,7 +60,7 @@ - + @@ -70,7 +69,7 @@ - Short Answer: No. + Short Answer: No. Long Answer: There really isn't a default configuration which fits @@ -93,9 +92,9 @@ - + - + Configuration and Setup Questions @@ -125,7 +124,7 @@ example.com. 86400 IN SOA ns hostmaster - + @@ -223,7 +222,7 @@ view "chaos" chaos { This may be a clock skew problem. Check that the the clocks - on the client and server are properly synchronised (e.g., + on the client and server are properly synchronized (e.g., using ntp). @@ -251,7 +250,7 @@ view "chaos" chaos { - + @@ -266,7 +265,7 @@ view "chaos" chaos { - + @@ -359,7 +358,7 @@ Slave 10.0.1.2: - + @@ -392,7 +391,7 @@ named-checkzone example.com tmp - + @@ -416,7 +415,7 @@ named-checkzone example.com tmp - + @@ -501,7 +500,7 @@ Master 10.0.1.1: You are running chrooted (-t) and have not supplied local timezone information in the chroot area. - + FreeBSD: /etc/localtime Solaris: /etc/TIMEZONE and /usr/share/lib/zoneinfo OSF: /etc/zoneinfo/localtime @@ -511,7 +510,7 @@ Master 10.0.1.1: - + @@ -551,7 +550,7 @@ Master 10.0.1.1: - + @@ -603,7 +602,7 @@ zone "example.net" { - + @@ -694,9 +693,9 @@ server ::/0 { bogus yes; }; - + - + Operations Questions @@ -768,7 +767,7 @@ server ::/0 { bogus yes; }; General Questions - + @@ -807,14 +806,13 @@ server ::/0 { bogus yes; }; of sending dynamic update requests to DNS servers without being specifically configured to do so. If the update requests are coming from a Windows 2000 machine, see - - <http://support.microsoft.com/support/kb/articles/q246/8/04.asp> + + <http://support.microsoft.com/support/kb/articles/q246/8/04.asp> for information about how to turn them off. - + @@ -849,7 +847,7 @@ server ::/0 { bogus yes; }; - + @@ -867,7 +865,7 @@ server ::/0 { bogus yes; }; - + @@ -883,7 +881,7 @@ server ::/0 { bogus yes; }; - + @@ -910,7 +908,7 @@ serial-query-rate 5; // default 20 - + I don't get RRSIG's returned when I use "dig +dnssec". @@ -922,7 +920,7 @@ serial-query-rate 5; // default 20 - + @@ -959,7 +957,7 @@ serial-query-rate 5; // default 20<http://as112.net/> + Please see <http://as112.net/> for details of the problems you are causing and the counter measures that have had to be deployed. @@ -1006,7 +1004,7 @@ empty: - + @@ -1083,9 +1081,9 @@ empty: - + Operating-System Specific Questions - + HPUX @@ -1113,9 +1111,9 @@ configure: error: need either working un Linux - + - + Why do I get the following errors: general: errno2result.c:109: unexpected error: @@ -1129,7 +1127,7 @@ client: UDP client handler shutting down See: - <http://marc.theaimsgroup.com/?l=linux-netdev&m=113081708031466&w=2> + <http://marc.theaimsgroup.com/?l=linux-netdev&m=113081708031466&w=2> @@ -1146,9 +1144,9 @@ client: UDP client handler shutting down non-blocking is ignored. It is reported that setting xfrm_larval_drop to 1 helps but this may have negative side effects. See: -<https://bugzilla.redhat.com/show_bug.cgi?id=427629> +<https://bugzilla.redhat.com/show_bug.cgi?id=427629> and -<http://lkml.org/lkml/2007/12/4/260>. +<http://lkml.org/lkml/2007/12/4/260>. xfrm_larval_drop can be set to 1 by the following procedure: @@ -1178,7 +1176,7 @@ echo "1" > proc/sys/net/core/xfrm_lar - + @@ -1197,7 +1195,7 @@ echo "1" > proc/sys/net/core/xfrm_lar - + @@ -1218,7 +1216,7 @@ modprobe capability - + @@ -1244,8 +1242,7 @@ modprobe capability Red Hat have adopted the National Security Agency's - SELinux security policy (see <http://www.nsa.gov/selinux>) + SELinux security policy (see <http://www.nsa.gov/selinux>) and recommendations for BIND security , which are more secure than running named in a chroot and make use of the bind-chroot environment unnecessary . @@ -1279,7 +1276,7 @@ $ROOTDIR/var/tmp able to write or create files except in the directories above, with SELinux in Enforcing mode. - + So, to allow named to update slave or DDNS zone files, it is best to locate them in $ROOTDIR/var/named/slaves, @@ -1290,7 +1287,7 @@ zone "slave.zone." IN { type slave; file "slaves/slave.zone.db"; ... -}; +}; zone "ddns.zone." IN { type master; allow-updates {...}; @@ -1323,13 +1320,13 @@ options { system-config-securitylevel GUI, using the 'setsebool' command, or in /etc/selinux/targeted/booleans. - + You can disable SELinux protection for named entirely by setting the 'named_disable_trans=1' SELinux tunable boolean parameter. - + The SELinux named policy defines these SELinux contexts for named: @@ -1340,7 +1337,7 @@ named_cache_t: for files modifiable by n - + If you want to retain use of the SELinux policy for named, and put named files in different locations, you can do @@ -1358,7 +1355,7 @@ named_cache_t: for files modifiable by n - + To create a custom modifiable named data location, e.g. '/var/log/named' for a log file, do: @@ -1368,7 +1365,7 @@ named_cache_t: for files modifiable by n - + To create a custom zone file location, e.g. /root/zones/, do: @@ -1377,7 +1374,7 @@ named_cache_t: for files modifiable by n - + See these man-pages for more information : selinux(8), named_selinux(8), chcon(1), setsebool(8) @@ -1403,8 +1400,8 @@ named_cache_t: for files modifiable by n - Ubuntu uses AppArmor - <http://en.wikipedia.org/wiki/AppArmor> in + Ubuntu uses AppArmor + <http://en.wikipedia.org/wiki/AppArmor> in addition to normal file system permissions to protect the system. @@ -1438,11 +1435,11 @@ proc /var/named/proc proc defaults 0 0 - + - + Windows - + @@ -1463,7 +1460,7 @@ proc /var/named/proc proc defaults 0 0 - + @@ -1489,11 +1486,11 @@ options { - + - + FreeBSD - + @@ -1513,16 +1510,16 @@ rand_irqs="3 14 15" See also - - <http://people.freebsd.org/~dougb/randomness.html>. + + <http://people.freebsd.org/~dougb/randomness.html>. - + - + Solaris - + @@ -1534,15 +1531,14 @@ rand_irqs="3 14 15" Sun has a blog entry describing how to do this. - + <http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris> - + - - + + Apple Mac OS X @@ -1558,7 +1554,7 @@ rand_irqs="3 14 15" -% sudo rndc-confgen > /etc/rndc.conf +% sudo rndc-confgen > /etc/rndc.conf Copy the key statement from /etc/rndc.conf into /etc/rndc.key, e.g.: @@ -1606,8 +1602,8 @@ key "rndc-key" { - - + + Modified: stable/9/contrib/bind9/Makefile.in ============================================================================== --- stable/9/contrib/bind9/Makefile.in Wed Sep 28 05:12:09 2016 (r306393) +++ stable/9/contrib/bind9/Makefile.in Wed Sep 28 06:11:01 2016 (r306394) @@ -1,4 +1,4 @@ -# Copyright (C) 2004-2009, 2011-2014 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004-2009, 2011-2015 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 1998-2002 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -19,7 +19,7 @@ srcdir = @srcdir@ VPATH = @srcdir@ top_srcdir = @top_srcdir@ -@BIND9_VERSION@ +VERSION=@BIND9_VERSION@ SUBDIRS = make unit lib bin doc @LIBEXPORT@ TARGETS = @@ -32,6 +32,9 @@ MANOBJS = ${MANPAGES} ${HTMLPAGES} @BIND9_MAKE_RULES@ +newrr: + cd lib/dns; ${MAKE} newrr + distclean:: rm -f config.cache config.h config.log config.status TAGS rm -f libtool isc-config.sh configure.lineno Modified: stable/9/contrib/bind9/README ============================================================================== --- stable/9/contrib/bind9/README Wed Sep 28 05:12:09 2016 (r306393) +++ stable/9/contrib/bind9/README Wed Sep 28 06:11:01 2016 (r306394) @@ -51,27 +51,29 @@ BIND 9 For up-to-date release notes and errata, see http://www.isc.org/software/bind9/releasenotes -BIND 9.9.8-P4 +BIND 9.9.9-P3 - BIND 9.9.8-P4 is a security release addressing the flaws - described in CVE-2016-1285 and CVE-2016-1286. + This version contains a fix for CVE-2016-2776. -BIND 9.9.8-P3 +BIND 9.9.9-P2 - BIND 9.9.8-P3 is a security release addressing the flaw described in - CVE-2015-8704. It also fixes a serious regression in authoritative - server selection that was introduced in 9.9.8. + This version contains a fix for CVE-2016-2775 and addresses + two regressions introduced with BIND 9.9.9. -BIND 9.9.8-P2 +BIND 9.9.9-P1 - BIND 9.9.8-P2 is a security release addressing the flaws - described in CVE-2015-3193 (OpenSSL), CVE-2015-8000 and - CVE-2015-8461. + This version contains two urgent fixes to BIND 9.9.9: + 1) Windows installation was failing without manual updating + of BINDinstall's attributes. + 2) A race condition was causing instability in the rbt + tree state. -BIND 9.9.8-P1 +BIND 9.9.9 - BIND 9.9.8-P1 was incomplete and was withdrawn prior to - publication. + BIND 9.9.9 is a maintenance release and addresses bugs found + in BIND 9.9.8 and earlier, as well as the security flaws + described in CVE-2015-8000, CVE-2015-8461, CVE-2015-8704, + CVE-2016-1285, and CVE-2016-1286. BIND 9.9.8 @@ -313,7 +315,7 @@ Building *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***