of a domain and discover non-contiguous IP blocks.
OPERATIONS:
Get the host's address (A record).
Get the nameservers (threaded).
Get the MX record (threaded).
Perform axfr queries on nameservers and
get BIND VERSION (threaded).
Get extra names and subdomains via google
scraping (google query = "allinurl: -www site:domain").
Brute force subdomains from file, can also
perform recursion on subdomain that have NS records (all threaded).
Calculate C class domain network ranges
and perform whois queries on them (threaded).
Perform reverse lookups on netranges
( C class or/and whois netranges) (threaded).
Write to domain_ips.txt file
ip-blocks.
WWW:https://github.com/fwaeytens/dnsenum
PR: 208950
Submitted by: Rihaz Jerrin <rihaz.jerrin@gmail.com>
Check all NS Records for Zone Transfers.
Enumerate General DNS Records for a given
Domain (MX, SOA, NS, A, AAAA, SPF and TXT).
Perform common SRV Record Enumeration.
Top Level Domain (TLD) Expansion.
Check for Wildcard Resolution.
Brute Force subdomain and host A
and AAAA records given a domain and a wordlist.
Perform a PTR Record lookup for a given IP Range or CIDR.
Check a DNS Server Cached records for A, AAAA and
CNAME Records provided a list of host records in a text file to check.
Enumerate Common mDNS records in the Local
Network Enumerate Hosts and Subdomains using Google.
WWW: https://github.com/darkoperator/dnsrecon
PR: 208975
Submitted by: Rihaz Jerrin <rihaz.jerrin@gmail.com>
parties dlz drivers.
While there:
- enable the DLZ_FILESYSTEM option by default
- convert to USES=mysql and USES=bdb
Requested by: borius i ua
Sponsored by: Absolight
Changes in upstream Git between releases (git shortlog):
Sergey Nechaev (1):
Stricter command line args validation to dhcp_release6.
Simon Kelley (4):
Fix error in PXE arch names and add ARM32 and ARM64.
Tweak CSAs affected by UEFI PXE workaround code.
Tweak UEFI workaround code.
Merge messages into translation files.
Upstream CHANGELOG diff since rc #1:
Swap the values if BC_EFI and x86-64_EFI in --pxe-service.
These were previously wrong due to an error in RFC 4578.
If you're using BC_EFI to boot 64-bit EFI machines, you
will need to update your config.
Add ARM32_EFI and ARM64_EFI as valid architectures in
--pxe-service.
Changes since test#13:
+ Move the dhcp_release and dhcp_lease_time tools from
+ contrib/wrt to contrib/lease-tools.
+
+ Add dhcp_release6 to contrib/lease-tools. Many thanks
+ to Sergey Nechaev for this code.
+
+ To avoid filling logs in configurations which define
+ many upstream nameservers, don't log more that 30 servers.
+ The number to be logged can be changed as SERVERS_LOGGED
+ in src/config.h.
Changelog since v2.75 at:
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob_plain;f=CHANGELOG;hb=8628cd603fd0c55c7d41b84488446db44f58ff5b
make it compile on 9.x and silences a compiler warning.
A new "Dynamic DNS Mode has been added, but is only slightly tested by
the author of gen6dns (Holger.Zuleger(at)hznet.de), who would appreciate
any feedback on this feature.
Approved by: antoine (mentor, implicit)
using Stateless Address Autoconfig (SLAAC). If you have a list of hostnames,
mac addresses and ipv6 subnets gen6dns generates the appropriate AAAA and
PTR records for you. It supports different scopes and the generation of
view (split) specific files.
WWW: http://www.hznet.de/tools.html
Approved by: antoine
This release fix targets stability issues which have had a history and
have been hard to reproduce. Issues that have been reported over the
past half year have been fixed that may have even come up earlier as
rare occasions.
Stability should be improved, running OpenDNSSEC as a long term service.
Changes in TTL in the input zone that seem not to be propagated,
notifies to slaves under heavy zone activity load that where not handled
properly and could lead to assertions.
NSEC3PARAM that would appear duplicate in the resulting zone, and
crashes in the signer daemon in seldom race conditions or re-opening due
to a HSM reset.
No migration steps needed when upgrading from OpenDNSSEC 1.4.9.
Also have a look at our OpenDNSSEC 2.0 beta release, its impending
release will help us forward with new development and signal phasing out
historic releases.
Fixes:
- SUPPORT-156 OPENDNSSEC-771: Multiple NSEC3PARAM records in signed
zone. After a resalt the signer would fail to remove the old
NSEC3PARAM RR until a manual resign or incoming transfer.
Old NSEC3PARAMS are removed when inserting a new record, even if
they look the same.
- OPENDNSSEC-725: Signer did not properly handle new update while still
distributing notifies to slaves.
An AXFR disconnect looked not to be handled gracefully.
- SUPPORT-171: Signer would sometimes hit an assertion using DNS output
adapter when .ixfr was missing or corrupt but .backup file available.
- Above two issues also in part addresses problems with seemingly
corrected backup files (SOA serial). Also an crash on badly
configured DNS output adapters is averted.
- The signer daemon will now refuse to start when failed to open a
listen socket for DNS handling.
- OPENDNSSEC-478,750,581 and 582 and SUPPORT-88:
Segmentation fault in signer daemon when opening and closing HSM
multiple times. Also addresses other concurrency access by avoiding
a common context to the HSM (a.k.a. NULL context).
- OPENDNSSEC-798: Improper use of key handles across hsm reopen,
causing keys not to be available after a re-open.
- SUPPORT-186: IXFR disregards TTL changes, when only TTL of an RR is
changed. TTL changes should be treated like any other changes to
records.
- When OpenDNSSEC now overrides a TTL value, this is now reported in
the log files.
PR: 209261
Submitted by: jaap@NLnetLabs.nl (mainainer)
Upstream's CHANGELOG since test12:
* Check return-code of inet_pton() when parsing dhcp-option. Bad
addresses could fail to generate errors and result in garbage
dhcp-options being sent. Thanks to Marc Branchaud for spotting this.
* Fix wrong value for EDNS UDP packet size when using --servers-file to
define upstream DNS servers. Thanks to Scott Bonar for the bug report.
2016-04-30 textproc/rubygem-gherkin3: Use textproc/rubygem-gherkin instead
2016-04-30 dns/odsclient: ODS shuts service down, so client is probably useless
Most notably, this version of rrdtools.so is thread safe, so the
rrdtools_th.so library is removed.
Bump portrevision for depending ports due to shlib version bump.
For full changelog: http://oss.oetiker.ch/rrdtool/pub/CHANGES
Reviewed by: kwm
Differential Revision: D6168
errors with libc++ 3.8.0:
dnspacket.cc:645:6: error: call to 'abs' is ambiguous
if(abs(trc->d_time - now) > trc->d_fudge) {
^~~
This is because abs() is being called with unsigned arguments. Import
upstream commit f2d05dd to fix it.
Approved by: tremere@cainites.net
PR: 208725
MFH: 2016Q2
Also, USE_MYSQL can't happen after bsd.port.pre.mk because it is a USES.
PR: 208971
Submitted by: mat
Exp-run by: antoine
With hat: portmgr
Sponsored by: Absolight
Differential Revision: https://reviews.freebsd.org/D5951
While there replace USE_SQLITE=x by USES=sqlite:x.
PR: 208971
Submitted by: mat
Exp-run by: antoine
With hat: portmgr
Sponsored by: Absolight
Differential Revision: https://reviews.freebsd.org/D5951
* Fix strange values in data value triplets (#16). A 'count' field that has
the value 0 is silently rewritten to 1, and a 'time_last' field that has
the value 0 is silently set to be the same as the 'time_first' field.
Sponsored by: Farsight Security, Inc.
Right now, ironsides emits a STORAGE ERROR during building with
lang/gcc6-aux. It's unclear if the problem lies with compiler or with
ironsides. For now, limit building it with gcc5-aux (the default).
The USES=ada:5 setting wasn't supported, but it should have been. This
has also been fixed.
9, and WITH_OPENSSL_PORT does not belong in a port's Makefile anyway.
Not bumping PORTREVISION because:
- if you are building with poudriere, it will detect that a dependency
has changed and rebuild it.
- if you are building from ports, you will have OpenSSL from ports
installed, and it will choose to use it.
Sponsored by: Absolight
- Rename the LIBDANE option DANE because that's the name of the protocol
supported by libgnutls-dane and gnutls-cli. Also clarify the option
description.
- Add an IDN option.
- libgnutls-openssl has been removed in 3.4. Some ports used this library
in their LIB_DEPENDS but no port actually required it.
- Some old API functions have been removed. Ports that used these have been
updated or patched to use the new API.
- Add a patch to print/cups to prevent overlinking of libgnutls.so.
- Bump PORTREVISION on dependent ports.
net-im/jabber: This port used the old API to give users fine grained
control over which crypto algorithms were used via a configuration file.
It's not immediately obvious how to port this to the new API so the port
always uses the defaults now.
www/hydra: Mark BROKEN. This uses more removed calls than the other ports,
is said to be alpha quality and not fully functional and has been abandoned
10 years ago.
PR: 207768
Exp-run by: antoine
Approved by: portmgr (antoine)
The main motivations for this release are bug fixes related to use
cases with large number of zones (more than 50 zones) in combination
with an XFR based setup. Too much concurrent zone transfers causes new
transfers to be held back. These excess transfers however were not
properly scheduled for later.
No migration steps needed when upgrading from OpenDNSSEC 1.4.8.
Bugfixes:
* Add TCP waiting queue. Fix signer getting 'stuck' when adding many
zones at once. Thanks to Haavard Eidnes to bringing this to our attention.
* OPENDNSSEC-723: received SOA serial reported as on disk.
* Fix potential locking issue on SOA serial.
* Crash on shutdown. At all times join xfr and dns handler threads.
* Make handling of notifies more consistent. Previous implementation would
bounce between code paths.
Known Issues:
When using SoftHSM2 compiled with OpenSSL, and libmysql with OpenSSL
as database backend for OpenDNSSEC. "ods-ksmutil key list --verbose"
crashes on exit. This is ultimately a bug in OpenSSL and not new for
this particular release. Make sure you don't use this specific
combination.
From <https://www.opendnssec.org>
PR: 206491
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Sponsored by: DK Hostmaster A/S
- add OPTION for DNSTAP logging support
- rename OPTION s/MUNIN/MUNIN_PLUGIN/ so it is consistent with nsd
- use OPTIONS_SUB
- use ${opt}_target
- use @sample macro for unbound.conf
- sort pkg-plist
Features
- ip-transparent option for FreeBSD with IP_BINDANY socket option.
- insecure-lan-zones: yesno config option, patch from Dag-Erling Smørgrav.
- RR Type CSYNC support RFC 7477, in debug printout and config input.
- RR Type OPENPGPKEY support (draft-ietf-dane-openpgpkey-07).
- [bugzilla: 731 ] tcp-mss, outgoing-tcp-mss options for unbound.conf, patch
from Daisuke Higashi.
- Support RFC7686: handle ".onion" Special-Use Domain. It is blocked by
default, andcan be unblocked with "nodefault" localzone config.
- ub_ctx_set_stub() function for libunbound to config stub zones.
The release fixes line endings in the unbound-control-setup script, and
a potential gost-hash validation failure and handles the ".onion" domain
to avoid privacy leakage.
PR: 207948
Submitted by: jaap@NLnetLabs.nl (maintainer)
- add ability to build agains openssl or libressl from ports
- add MUNIN_PLUGIN_IMPLIES= BIND8_STATS
- use @sample macro in pkg-plist for nsd.conf
- s/exec/postexec/ pkg-plist
FEATURES:
- #732: tcp-mss, outgoing-tcp-mss options for nsd.conf, patch
from Daisuke Higashi.
- #739: zonefile changes when mtime is small are detected on reload,
if filesystem supports precision mtime values.
- RR type CSYNC (RFC7477) syntax is supported.
BUG FIXES:
- take advantage of arc4random_uniform if available, patch from
Loganaden Velvindron.
- Fix flto check for OSX clang.
- Define _DEFAULT_SOURCE with _BSD_SOURCE for glibc 2.20 on Linux.
- Fix#736: segfault during zone transfer.
- Fix#744: Fix that NSD replies for configured but unloaded zone
with SERVFAIL, not REFUSED.
PR: 207951
Submitted by: jaap@NLnetLabs.nl (maintainer)
MFH: 2016Q1
Changes:
Fix potential segfault in zone transfer corner case.
NSD 3 is end of life and support stops on May 20th, 2016.
BUG FIXES:
- Define _DEFAULT_SOURCE with _BSD_SOURCE for glibc 2.20 on Linux.
(Same as NSD 4.1.8).
- Fix#736: segfault during zone transfer. (Same as NSD 4.1.8).
PR: 207952
Submitted by: jaap@NLnetLabs.nl (maintainer)
MFH: 2016Q1
Tool suite for analysis and visualization of Domain Name System
(DNS) behavior, including its security extensions (DNSSEC). The
Web-based analysis is run from the same software.
WWW: http://dnsviz.net/
Git shortlog since test release #10:
Simon Kelley (14):
Add TTL parameter to --host-record and --cname.
Add --dhcp-ttl option.
Update CHANGELOG.
Add --tftp-mtu option.
Apply ceiling of lease length to TTL when --dhcp-ttl in use.
Fix --add-subnet when returning empty or default subnet.
Replace incoming EDNS0_OPTION_NOMDEVICEID and EDNS0_OPTION_NOMCPEID options.
Fix typo in last commit.
Check return code from open()
format fix.
Fix pointer declaration botch.
Tidy parsing code.
Fix broken DNSMASQ_USER<x> envvars in script with more than one class.
Tighten syntax checking for dhcp-range and clarify man page.
PR: 207589, 207628
Submitted by: Miroslav Lachman <000.fbsd@quip.cz>, Dan Lukes <dan@obluda.cz>, Chris Hutchinsin <portmaster@bsdforge.com> (maintainer)
Changes:
https://gitlab.labs.nic.cz/labs/knot/raw/1.6/NEWS
- IXFR: Log change of the zone serial number after the transfer
- RRL: Document operational impact of various settings
- RRL: Add support for zero slip (dropping of all limited responses)
- Added 'timer-db' configuration option allowing relocation of timer database
PR: 207414
Submitted by: Leo Vandewoestijne <freebsd@dns-lab.com> (maintainer)
Upstream's CHANGELOG since -test8:
Don't crash with divide-by-zero if an IPv6 dhcp-range is declared as a
whole /64. (ie xx::0 to xx::ffff:ffff:ffff:ffff)
Thanks to Laurent Bendel for spotting this problem.
Changes per diff of the CHANGELOG file:
Fix wrong answer to simple name query when --domain-needed set, but no
upstream servers configured. Dnsmasq returned REFUSED, in this case,
when it should be the same as when upstream servers are configured -
NOERROR. Thanks to Allain Legacy for spotting the problem.
Return REFUSED when running out of forwarding table slots, not SERVFAIL.
Add --max-port configuration. Thanks to Hans Dedecker for the patch.
Add --script-arp and two new functions for the dhcp-script. These are
"arp" and "arp-old" which announce the arrival and removal of entries
in the ARP or nieghbour tables.
Extend --add-mac to allow a new encoding of the MAC address as base64,
by configurting --add-mac=base64
Add --add-cpe-id option.
"gqlite3" should have been "gsqlite3", like it was before that SVN commit,
otherwise the build breaks.
Submitted by: Andrew Nichols <andrew@quadrant.net>
- Bump PORTREVISIOn on dependent ports
Some Upgrade Notes:
This release fixes a validation failure for nodata with wildcards and
emptynonterminals. Fixes OpenSSL Library compability. Fixes correct
response for malformed EDNS queries. For crypto in libunbound there is
libnettle support.
Qname minimisation is implemented. Use qname-minimisation: yes to
enable it. This version sends the full query name when an error is
found for intermediate names. It should therefore not fail for names
on nonconformant servers. It combines well with
harden-below-nxdomain: yes because those nxdomains are probed by the
qname minimisation, and that will both stop privacy sensitive traffic
and reduce nonsense traffic to authority servers. So consider
enabling both. In this implementation IPv6 reverse lookups add
several labels per increment, because otherwise those lookups would be
very slow. [ Reference
https://tools.ietf.org/html/draft-ietf-dnsop-qname-minimisation-08 ]
More details at <http://unbound.net>
PR: 206347
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl>
Approved by: maintainer timeout
Sponsored by: DK Hostmaster A/S
- Upgrade all linux-c6- to CentOS 6.7
- Cleanups
PR: 205846
Submitted by: xmj
In Collaboration with: allanjude, netchild, xmj
Exp-run: antoine
Sponsored by: Perceivon Hosting Inc.
Differential Revision: D3428
We'd like to thanks for all the feedback and comments.
py-py3dns is a Python 3.x only package, so limit USES=python
accordingly. ipaddr is needed on <= 3.2, so add it as a conditional
RUN_DEPENDS.
While I'm here:
- Add NO_ARCH
- Add test target, TEST_DEPENDS and patch outdated unit test assertions
that test against live domains, not mocked responses.
- Remove unnecessary setup.py patch
- Match COMMENT to setup.py:description
- Sort and group USE{S} entries
PR: 206645
Reported by: danger
Approved by: portmgr (blanket)
MFH: 2016Q1
Differential Revision: D5083
Changes, taken from Git shortlog:
André Glüpker (1):
Fix bad cache-size calculation when hosts-file read fails.
Simon Kelley (7):
Handle building with script support enabled and DHCP disabled.
Update copyright notices. Happy new year!
Fix FTBFS when scripts excluded at compilation time.
Inhibit DNSSEC validation when forwarding to private servers for a domain.
DNSSEC: Handle non-root trust anchors, and check we have a root trust anchor.
Disable DNSSEC for server=/domain/.. servers unless trust-anchor provided.
arp.c tidy up.
