Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 18 Mar 2020 12:01:07 +0000
From:      bugzilla-noreply@freebsd.org
To:        ports-bugs@FreeBSD.org
Subject:   [Bug 244886] [MAINTAINER] dns/nsd Upgrade to version 4.3.0
Message-ID:  <bug-244886-7788@https.bugs.freebsd.org/bugzilla/>

next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D244886

            Bug ID: 244886
           Summary: [MAINTAINER] dns/nsd Upgrade to version 4.3.0
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-bugs@FreeBSD.org
          Reporter: jaap@NLnetLabs.nl
 Attachment #212494 maintainer-approval+
             Flags:

Created attachment 212494
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D212494&action=
=3Dedit
Patch to upgrade

This port incorporates also the proposed bug fix at bug #242367

Major changes:

This release adds cpu affinity.  By pinning a server process to a
specific cpu, having a separate network card also for that cpu, and
an interface address also for that server process, the throughput is
increased.  This increases performance of the nameserver.

Sparse TSIG signing support is removed, to comply with the latest tsig
standard update draft.

There is a feature to drop update queries, with opcode UPDATE,
with nsd.conf option drop-updates.


4.3.0
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
FEATURES:
- Fix to use getrandom() for randomness, if available.
- Fix #56: Drop sparse TSIG signing support in NSD.
  Sign every axfr packet with TSIG, according to the latest
  draft-ietf-dnsop-rfc2845bis-06, Section 5.3.1.
- Merge pull request #59 from buddyns: add FreeBSD support
  for conf key ip-transparent.
- Add feature to pin server processes to specific cpus.
- Add feature to pin IP addresses to selected server processes.
- Set process title to identify individual processes.
- Merge PR#22: minimise-any: prefer polular and not large RRset,
  from Daisuke Higashi.
- Add support for SO_BINDTODEVICE on Linux.
- Add support for SO_SETFIB on FreeBSD.
- Add feature to drop queries with opcode UPDATE.

BUG FIXES:
- Fix fname null check of fname in namedb_read_zonefile.
- Fix implicit cast of size in udb_radnode_array_grow.
- Fix ignore of return value of ssl_printf in remote.c.
- Fix unused check of fd in parent_handle_reload_command.
- Attempt to fix signedness of nscount lookup in ixfr query_process.
- Fix identical branches for ssl_print of errors in remote.c.
- Fix type cast bounds, signedness of opt_rdlen in edns_parse_record.
- Fix to separate header and data lines in parse_zone_list_file.
- Fix to define max number of EDNS records we are willing to
  spend time on.
- Fix size of string len and capacity type cast in udbradtree.
- Fix to protect rrcount in tsig_find_rr from overflow.
- Annotate radix_find_prefix_node not reachable trail code.
- Fix to protect rrcount in packet_find_notify_serial from overflow.
- Fix to close socket on error in create_tcp_accept_sock.
- Fix to log on failure to chmod for socket for remote control.
- Fix to remove unneeded if in open of socket for remote control.
- Fix to restore input parameter on call failure in create_dirs.
- Please checker by terminating and initialising string read
  by remote control.
- Fix to define upper bounds on rr counts read from untrusted packet
  data.
- Separate acl_addr_match_range functions for ip4 and ip6, to
  please checkers.
- Avoid unused variable warning in new match_range_v4 function.
- Fix whitespace in nsd.conf.sample.in, patch from Paul Wouters.
- use-systemd is ignored in nsd.conf, when NSD is compiled with
  libsystemd it always signals readiness, if possible.
- Note that use-systemd is not necessary and ignored in man page.
- Fix unreachable code in ssl set options code.
- Fix bad shift in assertion code analyzer complaint.
- Fix responses for IXFR so that the authority section is not echoed
  in the response.
- Merge PR#60: Minor portability fixes from michaelforney, with
  avoid pointer arithmetic on void* and avoid unnecessary VLA.
- Fix that the retry wait does not exceed one day for zone transfers.

CHANGES:
- Set FD_CLOEXEC on opened sockets.

--=20
You are receiving this mail because:
You are the assignee for the bug.=



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-244886-7788>