Date: Mon, 13 Aug 2018 13:20:13 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 230591] [MAINTAINER] dns/nsd upgrade to version 4.1.24 Message-ID: <bug-230591-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D230591 Bug ID: 230591 Summary: [MAINTAINER] dns/nsd upgrade to version 4.1.24 Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: jaap@NLnetLabs.nl Attachment #196156 maintainer-approval+ Flags: Created attachment 196156 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D196156&action= =3Dedit patch to upgrade This version has a fix for a bug in resigning zones with different NSEC3 salt, where NSD would not pick up the NSEC3PARAM record, and serve answers that omit NSEC3 records. NSD is now lenient and when NSEC3PARAMs exist that point to nonworking NSEC3 chains, NSD attempts to find an alternative NSEC3PARAM with NSEC3 records. It is possible to use nsd-control over a command pipe, without using TLS, by setting the name of the control socket file. Access permissions on that file then act as the access control. No TLS is used, because it is not network traffic, and this is likely faster. Also systemd support is added for readiness signalling. Enabled with use-systemd: yes. 4.1.24 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D FEATURES: - #4102: control interface via local socket. configure it with control-interface: "/path/nsd.ctl" The path has to start with a / to separate it from an IP address. The local socket does not use SSL, but unencrypted traffic, use file and containing directory permissions to restrict access. - configure --enable-systemd (needs pkg-config and libsystemd) can be used to then use-systemd: yes in nsd.conf and have readiness signalling with systemd. - RFC8162 support, for record type SMIMEA. BUG FIXES: - Patch to fix openwrt for mac os build darwin detection in configure. - Fix that first control-interface determines if TLS is used. Warn when IP address interfaces are used without TLS. - #4106: Fix that stats printed from nsd-control are recast from unsigned long to unsigned (remote.c). - Fix that type CAA (and URI) in the zone file can contain dots when not in quotes. - #4133: Fix that when IXFR contains a zone with broken NSEC3PARAM chain, NSD leniently attempts to find a working NSEC3PARAM. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-230591-7788>