Date: Tue, 09 Jul 2019 18:28:48 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 239069] [MAINTAINER] dns/nsd Upgrade to version 4.2.1 Message-ID: <bug-239069-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D239069 Bug ID: 239069 Summary: [MAINTAINER] dns/nsd Upgrade to version 4.2.1 Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: jaap@NLnetLabs.nl Attachment #205607 maintainer-approval+ Flags: Created attachment 205607 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D205607&action= =3Dedit patch to upgrade This release fixes issues in the stream handling, from 4.2.0, but also earlier, in the event handling of streams. The new statistics counters for TLS can give information about how many incoming DNS over TLS connections for queries have been received. There are two new options to set the buffer sizes for the network sockets, this allows an increase for servers that want a bigger size than the default, which is already an increase over the system default. Increased buffer size for a network socket helps with traffic spikes. The options are send-buffer-size and receive-buffer-size, they set their respective socket options for buffer space. When an AXFR download is in progress, to a client, and the zone is updated at that same time, then NSD no longer resets the connection, but allows that transfer to complete. The tcp-reject-overflow option can be used to close all connections that are incoming when the server is full on TCP connections, this stops those connections from waiting for a spot. 4.2.1 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D FEATURES: - Added num.tls and num.tls6 stat counters. - PR #12: send-buffer-size, receive-buffer-size, tcp-reject-overflow options for nsd.conf, from Jeroen Koekkoek. - Fix #14, tcp connections have 1/10 to be active and have to work every second, and then they get time to complete during a reload, this is a process that lingers with the old version during a version update. BUG FIXES: - Fix #13: Stray dot at the end of some log entries, removes dot after updated serial number in log entry. - Fix TLS cipher selection, the previous was redundant, prefers CHACHA20-POLY1305 over AESGCM and was not as readable as it could be. - Consolidate server tls context create and remote control context create, with hardening for the remote control tls context too. - Fix to init event structure for reassignment. - Fix to init event not pointer, in reassignment. - Fix #15: crash in SSL library, initialize variables for TCP access when TLS is configured. - Fix tls handshake event callback function mistake, reported by Mykhailo Danylenko. - Initialize event structures before event_set, to stop uninitialized values from setting event library lists and assertions, that would sometimes also show after event_del. - Do not use symbol from libc, instead use own replacement, if not available, for accept4. - Fix output of nsd-checkconf -h. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-239069-7788>