Date: Wed, 17 Apr 2013 07:57:55 +0000 (UTC) From: Erwin Lansing <erwin@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r315942 - in head/dns: bind98 bind99 Message-ID: <201304170757.r3H7vtBo006996@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: erwin Date: Wed Apr 17 07:57:54 2013 New Revision: 315942 URL: http://svnweb.freebsd.org/changeset/ports/315942 Log: Update RPZ+RRL patchset to the latest version. The change makes "slip 1;" send only truncated (TC=1) responses. Without the change, "slip 1;" is the same as the default of "slip 2;". That default, which alternates truncated with dropped responses when the rate limit is exceeded, is better for authoritative DNS servers, because it further reduces the amplification of an attack from about 1X to about 0.5X. DNS RRL is not recommended for recursive servers. Feature safe: yes Modified: head/dns/bind98/Makefile head/dns/bind98/distinfo head/dns/bind99/Makefile head/dns/bind99/distinfo Modified: head/dns/bind98/Makefile ============================================================================== --- head/dns/bind98/Makefile Wed Apr 17 07:42:03 2013 (r315941) +++ head/dns/bind98/Makefile Wed Apr 17 07:57:54 2013 (r315942) @@ -109,7 +109,7 @@ CONFIGURE_ARGS+= --enable-rpz-nsdname .endif .if ${PORT_OPTIONS:MRPZRRL_PATCH} -PATCHFILES= 9.8.4-rpz+rl.072.23-P1.patch +PATCHFILES= 9.8.4-rpz+rl.094.21-P2.patch PATCH_SITES= http://ss.vix.com/~vjs/ .endif Modified: head/dns/bind98/distinfo ============================================================================== --- head/dns/bind98/distinfo Wed Apr 17 07:42:03 2013 (r315941) +++ head/dns/bind98/distinfo Wed Apr 17 07:57:54 2013 (r315942) @@ -1,4 +1,4 @@ SHA256 (bind-9.8.4-P2.tar.gz) = e772edfb41036a25e1392ab15ff4d3754f03c301b4b059d64afd8d8dadd18193 SIZE (bind-9.8.4-P2.tar.gz) = 7129690 -SHA256 (9.8.4-rpz+rl.072.23-P1.patch) = e5f792fdc683285528392e6cdfb9d99138b2fe220e5f617edcf8b45cbb992aaa -SIZE (9.8.4-rpz+rl.072.23-P1.patch) = 176430 +SHA256 (9.8.4-rpz+rl.094.21-P2.patch) = 7fdc4beaf1f20877f636ba0991d0c48c65bd497df19323f156fe91cca06357ba +SIZE (9.8.4-rpz+rl.094.21-P2.patch) = 176510 Modified: head/dns/bind99/Makefile ============================================================================== --- head/dns/bind99/Makefile Wed Apr 17 07:42:03 2013 (r315941) +++ head/dns/bind99/Makefile Wed Apr 17 07:57:54 2013 (r315942) @@ -115,7 +115,7 @@ CONFIGURE_ARGS+= --enable-rpz-nsdname .endif .if ${PORT_OPTIONS:MRPZRRL_PATCH} -PATCHFILES= 9.9.2-rpz+rl.072.23-P1.patch +PATCHFILES= 9.9.2-rpz+rl.094.21-P2.patch PATCH_SITES= http://ss.vix.com/~vjs/ .endif Modified: head/dns/bind99/distinfo ============================================================================== --- head/dns/bind99/distinfo Wed Apr 17 07:42:03 2013 (r315941) +++ head/dns/bind99/distinfo Wed Apr 17 07:57:54 2013 (r315942) @@ -1,4 +1,4 @@ SHA256 (bind-9.9.2-P2.tar.gz) = ff822734e3550969251411e20f6f7397d14a912613a42af423752e93fdb565d2 SIZE (bind-9.9.2-P2.tar.gz) = 7277958 -SHA256 (9.9.2-rpz+rl.072.23-P1.patch) = 4afd63b44e3ecb2a782ca00542aea3c737a4de2a82c343cb15773fa3df17aef1 -SIZE (9.9.2-rpz+rl.072.23-P1.patch) = 177613 +SHA256 (9.9.2-rpz+rl.094.21-P2.patch) = cd8ba70b8f5029cc464f4db6c632c8b48cdd081cb5cfb51936fd7f9c080b91ea +SIZE (9.9.2-rpz+rl.094.21-P2.patch) = 177693
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201304170757.r3H7vtBo006996>