traffic. It normally produces binary data in pcap(3) format, either
on standard output or in successive dump files (based on the -w
command line option.) This utility is similar to tcpdump(1), but
has finer grained packet recognition tailored to DNS transactions
and protocol options. dnscap is expected to be used for gathering
continuous research or audit traces.
WWW: https://www.dns-oarc.net/tools/dnscap
PR: ports/127433
Submitted by: Edwin Groothuis <edwin@mavetju.org>
Updates dns/nss_mdns port to v0.10 and changes MAINTAINER
field (as per bms's suggestion). This PR fixes the issue
reported in PR ports/123169, so that PR can be closed.
PR: ports/126952
Submitted by: Ashish Shukla <wahjava@gmail.com>
Approved by: bms@
Specifically, newer autoconf (> 2.13) has different semantic of the
configure target. In short, one should use --build=CONFIGURE_TARGET
instead of CONFIGURE_TARGET directly. Otherwise, you will get a warning
and the old semantic may be removed in later autoconf releases.
To workaround this issue, many ports hack the CONFIGURE_TARGET variable
so that it contains the ``--build='' prefix.
To solve this issue, under the fact that some ports still have
configure script generated by the old autoconf, we use runtime detection
in the do-configure target so that the proper argument can be used.
Changes to Mk/*:
- Add runtime detection magic in bsd.port.mk
- Remove CONFIGURE_TARGET hack in various bsd.*.mk
- USE_GNOME=gnometarget is now an no-op
Changes to individual ports, other than removing the CONFIGURE_TARGET hack:
= pkg-plist changed (due to the ugly CONFIGURE_TARGET prefix in * executables)
- comms/gnuradio
- science/abinit
- science/elmer-fem
- science/elmer-matc
- science/elmer-meshgen2d
- science/elmerfront
- science/elmerpost
= use x86_64 as ARCH
- devel/g-wrap
= other changes
- print/magicfilter
GNU_CONFIGURE -> HAS_CONFIGURE since it's not generated by autoconf
Total # of ports modified: 1,027
Total # of ports affected: ~7,000 (set GNU_CONFIGURE to yes)
PR: 126524 (obsoletes 52917)
Submitted by: rafan
Tested on: two pointyhat 7-amd64 exp runs (by pav)
Approved by: portmgr (pav)
ZKT is a tool to manage keys and signatures for DNSSEC-zones.
The Zone Key Tool consists of two commands:
- dnssec-zkt to create and list dnssec zone keys and
- dnssec-signer to sign a zone and manage the lifetime of
the zone signing keys
See: http://www.hznet.de/dns/zkt/
PR: ports/126296
Submitted by: Frank Behrens <frank+ports@ilse.behrens.de>
DNS Server Cache. By sending many queries to a DNS server along with fake
replies, an attacker can successfuly writes a fake new entry in the DNS
cache.
WWW: http://www.securebits.org/dnsmre.html
PR: ports/126189
Submitted by: Tomoyuki Sakurai <cherry at trombik.org>
- Pet portlint
- Remove support for FreeBSD < 5
- Remove file leftover from repocopy
- Bump portepoch
NOTE: Version numbering changed back to 2.9.x instead of 3.x
PR: ports/126270
Submitted by: Ralf van der Enden <tremere@cainites.net> (maintainer)
- performance improvement over the P1 releases, namely
+ significantly remedying the port allocation issues
+ allowing TCP queries and zone transfers while issuing as many
outstanding UDP queries as possible
+ additional security of port randomization at the same level as P1
- also includes fixes for several bugs in the 9.5.0 base code
- Change default OpenLDAP version to 2.4
- Remove OpenLDAP 2.2 support, the port has been gone for some time now
- Add -DDEPRECATED to CFLAGS for all OpenLDAP using ports
PR: ports/123602, ports/124115, ports/125605
Submitted by: delphij, Jens Rehsack <rehsack@web.de>,
Yuri Pankov <yuri.pankov@gmail.com>
- Remove USE_GTK, it's no longer used
PR: ports/123528
Submitted by: mezz
- Use PATCH_WRKSRC instead of WRKSRC in do-patch target
PR: ports/124169
Submitted by: Max Brazhnikov <makc@issp.ac.ru>
- Remove USE_XPM, it's been replaced by USE_XORG+=xpm
PR: ports/124506
Submitted by: Alex Kozlov <spam@rm-rf.kiev.ua>
- Minor fixups for bsd.port.mk
PR: ports/122675
Submitted by: linimon
- Remove stale comment about USE_GETOPT_LONG
PR: ports/124521
Submitted by: Alex Kozlov <spam@rm-rf.kiev.ua>
- Correct comment about default fetch arguments
PR: ports/125334
Submitted by: Gary Palmer <freebsd-gnats@in-addr.com>
of the UDP query-source ports. The server will still use the same query
port for the life of the process, so users for whom the issue of cache
poisoning is highly significant may wish to periodically restart their
server using /etc/rc.d/named restart, or other suitable method.
In order to take advantage of this randomization users MUST have an
appropriate firewall configuration to allow UDP queries to be sent and
answers to be received on random ports; and users MUST NOT specify a
port number using the query-source[-v6] option.
The avoid-v[46]-udp-ports options exist for users who wish to eliminate
certain port numbers from being chosen by named for this purpose. See
the ARM Chatper 6 for more information.
Also please note, this issue applies only to UDP query ports. A random
ephemeral port is always chosen for TCP queries.
This issue applies primarily to name servers whose main purpose is to
resolve random queries (sometimes referred to as "caching" servers, or
more properly as "resolving" servers), although even an "authoritative"
name server will make some queries, primarily at startup time.
This update addresses issues raised in:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447http://www.kb.cert.org/vuls/id/800113http://tools.ietf.org/html/draft-ietf-dnsext-forgery-resilience
