* Enable cython embedsignature
* Add support for query timeouts
* Merge pull request #4 from farsightsec/query_timeout
* Add support for time fencing
* Merge pull request #5 from farsightsec/time_filter
* Fixup for the dnstable_query_set_filter_parameter() API change
* setup.py: Require libdnstable >= 0.8.0
Sponsored by: Farsight Security, Inc.
[ Henry Stern ]
* New "query timeout" feature which allows for a configurable timeout on the
execution of certain types of queries. Introduces new function
dnstable_query_set_timeout() and new result code dnstable_res_timeout
(#8).
* New "time fencing" feature which filters based on 'time_first' and
'time_last' values. Introduces new enum dnstable_filter_parameter_type and
new function dnstable_query_set_filter_parameter() (#9).
* Performance enhancement for some IP range and prefix searches (#11).
* Fix unhandled IPv4/IPv6 address overflow for IP range/prefix queries
(#14).
[ Robert Edmonds ]
* dnstable_convert: Assert vendor 'SIE' and message type 'dnsdedupe' so that
the following cast of the return value of nmsg_message_get_payload() is
safe (#10).
* Use CLOCK_MONOTONIC_COARSE rather than CLOCK_MONOTONIC_RAW for query
timeouts (#12).
* query_iter_next_ip(): Fix zero fill condition (#15).
Sponsored by: Farsight Security, Inc.
Major Bug Bug Fixes:
- This release fixes segfault after start when many interfaces are in use.
- This version returns the EDNS bad version response with the AD flag
unset for improved conformance.
Minor Buf Fixes:
- Fix#701: Fix that AD=1 set in a BADVERS response.
- Fix typo in zonec.c inside error message.
- Fix#711: Document that debug-mode yes is used for staying
attached to the supervisor console.
- Document verbosity 3 prints more information.
- nsd-checkconf warns for master zones with no zonefile statement.
- Fix start failure when many file descriptors are in use.
- The servfail rcode is not printed with a space in the middle.
- print failed token for config syntax error or parse error.
PR: 204533
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Sponsored by: DK Hostmaster A/S
A library to support the Internationalised Domain Names in Applications
(IDNA) protocol as specified in RFC 5891. This version of the protocol
is often referred to as “IDNA2008” and can produce different res
lts from the earlier standard from 2003.
The library is also intended to act as a suitable drop-in replacement
for the "encodings.idna" module that comes with the Python standard
library but currently only supports the older 2003 specification.
WWW: https://github.com/kjd/idna
Noticed by: brnrd (for py-cryptography)
- Also add maintainer mirror and LOCAL as a fallback. Upstream only seems
to keep the last 50 distfiles on their mirrors and this has broken fetch
in the past (see bug 203613).
PR: 204113
Submitted by: Carlos J Puga Medina <cpm@fbsd.es> (maintainer)
pywdns (0.8.0)
* Add str_to_rcode and str_to_name_case functions
* Add str_to_name_case function
* Add str_to_rcode function
* Add str_to_rrclass and str_to_rdata functions from wdns
* domain_to_str(): PyString_FromStringAndSize -> PyString_FromString
this fixes a regression introduced in d04d3919. wdns_domain_to_str()
does not return the number of bytes written to dst, it returns the
number of bytes read from src. dst is guaranteed to be NUL-terminated
after a call to wdns_domain_to_str(), so switch back to using
PyString_FromString() to convert dst to a python string.
* the comparison against WDNS_MAXLEN_NAME should be strictly greater
than, not greater than or equal to.
* setup.py: add back missing 'import os'
Sponsored by: Farsight Security, Inc.
here is that `kdig_CPPFLAGS += $(DNSTAP_CFLAGS)' line is missing from the
`src/Makefile.am' file (and thus pre-generated `src/Makefile.in') which
should contain "$libfstrm_CFLAGS $libprotobuf_c_CFLAGS" set by configure
script.
As I'd rather avoid patching `src/Makefile.in' and don't want to request
regeneration thereof, provide DNSTAP_CPPFLAGS explicitly for the moment,
while ideally this bug should be fixed upstream. Add an accompanying XXX
comment about it.
PR: 203931 (partially)
NEWS:
* Support for RFC5011 style KSK rollovers. KSK section in the KASP now
accepts <RFC5011/> element.
* Enforcer: New repository option <AllowExtraction/> allows to generate
keys with CKA_EXTRACTABLE attribute set to TRUE so keys can be wrapped
and extracted from HSM.
Bugfixes:
* SUPPORT-145: EOF handling an ARM architecture caused signer to hang.
* Fixed signer hitting assertion on short reply XFR handler.
* Include revoke bit in keytag calculation.
* Increased stacksize on some systems (thanks Patrik Lundin!).
* Stop ods-signerd on SIGINT.
Fixes port problem (reported by *geoffroy desvernay*)
* Now also installs previous missing migration script convert_database.pl
PR: 203574
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Sponsored by: DK Hostmaster A/S
- While here, fix format of $FreeBSD$ tag in rc script
- Also remove fbsd:nokeywords and add svn:keywords to rc script
PR: 203059
Submitted by: Gregorio Guidi <gregorio.guidi@gmail.com> (original patch)
Approved by: Leo Vandewoestijne <freebsd@dns-lab.com> (maintainer)
* Replace Jansson with YAJL for JSON rendering, which results in a
substantial performance improvement.
* dnstable_dump: Add "--rrset_names" and "--rdata_names" options which dump
the RRSET_NAME_FWD and RDATA_NAME_REV indices.
* New function dnstable_reader_reload_setfile(), which calls
mtbl_fileset_reload_now() on a dnstable_reader object's underlying
mtbl_fileset object, if present. This requires libmtbl >= 0.8.0.
Sponsored by: Farsight Security, Inc.
