Date: Wed, 23 Nov 2011 11:45:57 +0100 (CET) From: Jaap Akkerhuis <jaap@NLnetLabs.nl> To: FreeBSD-gnats-submit@FreeBSD.org Cc: jaap@bartok.nlnetlabs.nl Subject: ports/162782: [MAINTAINER] dns/nsd: update to 3.2.9 Message-ID: <201111231045.pANAjvPM060005@bartok.nlnetlabs.nl> Resent-Message-ID: <201111231050.pANAo9hf070813@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 162782 >Category: ports >Synopsis: [MAINTAINER] dns/nsd: update to 3.2.9 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Wed Nov 23 10:50:09 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Jaap Akkerhuis >Release: FreeBSD 8.2-STABLE i386 >Organization: NLnet Labs >Environment: System: FreeBSD bartok.nlnetlabs.nl 8.2-STABLE FreeBSD 8.2-STABLE #219: Tue Nov 22 11:32:31 CET 2011 >Description: - Update to 3.2.9 RELNOTES ======== FEATURES: - Minimize responses to reduce truncation: NSD will only add optional records to the authority and additional sections when the response size does not exceed the minimal response size. The minimal response size is 512 (no-EDNS), 1480 (EDNS/IPv4), 1220 (EDNS/IPv6), or the advertized EDNS buffer size if that is smaller than the EDNS default. The feature is enabled by default. You can disable it by configuring NSD with --disable-minimal-responses. - Less NSEC3 prehashing. This will make NSD handle zone transfers faster, but will decrease the performance of NXDOMAIN and wildcard NODATA responses. Full prehashing is enabled by default. If you want less NSEC3 prehashing, configure NSD with --disable-full-prehash. Thanks Secure64 for the patch. BUG FIXES: - Bugfix #302: nsd accepts XFR but refuses to re-read the slave zone. - Bugfix #365: set patch style and zonec verbose for nsdc. - First step of bug #369: RRSIG DNSKEY sets zone to be treated DNSSEC. - Bugfix #375: typos in nsd.conf.5. - Bugfix #381: Binary escaped and transfers. - Bugfix #397: Don't allow relative domain names as origin in $INCLUDE directives. - Fix printout of IPSECKEY by nsd-patch. - Fix is_existing flag for ENT when domain that has a shared ENT is deleted by IXFR. (ENT == Empty Non-Terminal) - Fix bug if the zonefile is changed for a secondary but stored transfers are applied, and stop it from applying ixfr to empty zone. The zone is flagged with error and AXFR-ed. - Fix to have no authority NS set processing for CNAMEs. - Fix nsd-checkconf to check tsig algorithms properly. - Set the AA bit on responses that have an authoritative CNAME. - Fix denial of existence response for empty non-terminal that looks like a NSEC3-only domain (but has data below it). OPERATIONAL NOTES: - nsd.db version number increased because NSD 3.2.7 and earlier zonec is not compatible due to the TXT strings change. Please run nsdc rebuild before running NSD 3.2.9 and later versions. Generated with FreeBSD Port Tools 0.99 >How-To-Repeat: >Fix: --- nsd-3.2.9.patch begins here --- diff -ruN --exclude=CVS /space/portstrees/AFreeBSD/ports/dns/nsd.orig/Makefile /space/portstrees/AFreeBSD/ports/dns/nsd/Makefile --- /space/portstrees/AFreeBSD/ports/dns/nsd.orig/Makefile 2011-11-22 10:13:24.000000000 +0100 +++ /space/portstrees/AFreeBSD/ports/dns/nsd/Makefile 2011-11-23 11:24:06.000000000 +0100 @@ -6,7 +6,7 @@ # PORTNAME= nsd -PORTVERSION= 3.2.8 +PORTVERSION= 3.2.9 CATEGORIES= dns ipv6 MASTER_SITES= http://www.nlnetlabs.nl/downloads/nsd/ \ ftp://ftp.rhnet.is/pub/nsd/ @@ -55,6 +55,8 @@ BIND8_STATS "Enable BIND8 like NSTATS & XSTATS" Off \ CHECKING "Enable internal runtime checks" Off \ NSEC3 "Enable NSEC3 support" On \ + MINRESPSIZE "Enable minimized response size" On \ + NSEC3PREHASH "Enable full NSEC3 prehashing" On \ MMAP "Use mmap instead of malloc(experimental)" Off \ MAXIPS "Raise max-ips from 8 to ${NSDMAX_IPS}" Off @@ -92,6 +94,14 @@ CONFIGURE_ARGS+= --disable-nsec3 .endif +.if defined(WITHOUT_MINRESPSIZE) +CONFIGURE_ARGS+= --disable-minimal-responses +.endif + +.if defined(WITHOUT_NSEC3PREHASH) +CONFIGURE_ARGS+= --disable-disable-full-prehash +.endif + .if defined(WITHOUT_NSID) CONFIGURE_ARGS+= --disable-nsid .endif diff -ruN --exclude=CVS /space/portstrees/AFreeBSD/ports/dns/nsd.orig/distinfo /space/portstrees/AFreeBSD/ports/dns/nsd/distinfo --- /space/portstrees/AFreeBSD/ports/dns/nsd.orig/distinfo 2011-11-22 10:13:24.000000000 +0100 +++ /space/portstrees/AFreeBSD/ports/dns/nsd/distinfo 2011-11-23 11:24:19.000000000 +0100 @@ -1,2 +1,2 @@ -SHA256 (nsd-3.2.8.tar.gz) = 6153f4ef36097e34629d7bfc7b9bda9abd362df971e855d97acf11974bc810b2 -SIZE (nsd-3.2.8.tar.gz) = 868051 +SHA256 (nsd-3.2.9.tar.gz) = 3bb0e07e9e2ba863f08f56ca766f201b04fe8e5131ce02e1982b631033939146 +SIZE (nsd-3.2.9.tar.gz) = 877836 diff -ruN --exclude=CVS /space/portstrees/AFreeBSD/ports/dns/nsd.orig/files/nsd.in /space/portstrees/AFreeBSD/ports/dns/nsd/files/nsd.in --- /space/portstrees/AFreeBSD/ports/dns/nsd.orig/files/nsd.in 2011-11-22 10:13:24.000000000 +0100 +++ /space/portstrees/AFreeBSD/ports/dns/nsd/files/nsd.in 2011-11-23 10:19:07.000000000 +0100 @@ -4,6 +4,8 @@ # # PROVIDE: nsd # REQUIRE: DAEMON +# REQUIRE: LOGIN +# KEYWORD: shutdown # # Add the following line to /etc/rc.conf to enable nsd: # --- nsd-3.2.9.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201111231045.pANAjvPM060005>