asynchronously. It is an asynchronous wrapper around getaddrinfo(3),
getnameinfo(3), res_query(3) and res_search(3) from libc and libresolv.
In contrast to GNU's asynchronous name resolving API getaddrinfo_a(),
libasyncns does not make use of UNIX signals for reporting completion of name
queries. Instead, the API exports a standard UNIX file descriptor which may be
integerated cleanly into custom main loops.
In contrast to asynchronous DNS resolving libraries like libdenise, skadns,
adns, libasyncns is just an asynchronous wrapper around the libc's synchronous
getaddrinfo() API, which has the advantage of allowing name resolution using
techniques like Multicast DNS, LDAP or NIS using standard libc NSS (Name
Service Switch) modules. libasyncns is compatible with IPv6 if the underlying
libc is.
libasyncns is very tiny, consisting of just one header and one source file. It
has no dependencies besides libc.
WWW: http://0pointer.de/lennart/projects/libasyncns/
from ISC. It has numerous bug fixes compared to 9.4.3*, however
in the case of this version "extended" only applies till 2010/12/31
so serious BIND users are still encouraged to upgrade to 9.6.x.
child processes must not shutdown() their sockets
* Fixes and reports a problem occuring with jumping system time,
as reported when running inside some virtual machine. Time jumps
are reported to the log with loglevel NOTICE.
* Delegation now has precedence over wildcard matching
Thanks to Fab for the fix
Fixes bugs #0000038, #0000042
PR: 143223
Submitted by: Hung-Yi Chen <gaod@hychen.org> (maintainer)
Update to new upstream release 2.52. Changelog excerpt below the approval.
Approved by: miwi (mentor)
Upstream changelog excerpt (omitting Linux, Solaris and MacOS X specifics):
[...] Re-read the set of network interfaces when re-loading /etc/resolv.conf
if --bind-interfaces is not set. This handles the case that loopback
interfaces do not exist when dnsmasq is first started.
Tweak the PXE code to support port 4011. This should reduce broadcasts and
make things more reliable when other servers are around. It also improves
inter-operability with certain clients.
Make a pxe-service configuration with no filename or boot service type legal:
this does a local boot. eg. pxe-service=x86PC, "Local boot"
Be more conservative in detecting "A for A" queries. Dnsmasq checks if the
name in a type=A query looks like a dotted-quad IP address and answers the
query itself if so, rather than forwarding it. Previously dnsmasq relied in
the library function inet_addr() to convert addresses, and that will accept
some things which are confusing in this context, like 1.2.3 or even just
1234. Now we only do A for A processing for four decimal numbers delimited by
dots.
[...]
Increased the default limit on number of leases to 1000 (from 150). This is
mainly a defence against DoS attacks, and for the average "one for two class
C networks" installation, IP address exhaustion does that just as well.
Making the limit greater than the number of IP addresses available in such an
installation removes a surprise which otherwise can catch people out.
Removed extraneous trailing space in the value of the DNSMASQ_TIME_REMAINING
DNSMASQ_LEASE_LENGTH and DNSMASQ_LEASE_EXPIRES environment variables. Thanks
to Gildas Le Nadan for spotting this.
Provide the network-id tags for a DHCP transaction to the lease-change script
in the environment variable DNSMASQ_TAGS. A good suggestion from Gildas Le
Nadan.
Add support for RFC3925 "Vendor-Identifying Vendor Options". The syntax looks
like this:
--dhcp-option=vi-encap:<enterprise number>, .........
Add support to --dhcp-match to allow matching against RFC3925
"Vendor-Identifying Vendor Classes". The syntax looks like this:
--dhcp-match=tag,vi-encap<enterprise number>, <value>
Add some application specific code to assist in implementing the Broadband
forum TR069 CPE-WAN specification. The details are in contrib/CPE-WAN/README
Increase the default DNS packet size limit to 4096, as recommended by RFC5625
section 4.4.3. This can be reconfigured using --edns-packet-max if needed.
Thanks to Francis Dupont for pointing this out.
Rewrite query-ids even for DNSSEC signed packets, since this is allowed by
RFC5625 section 4.5.
[...]
Fix link error when including Dbus but excluding DHCP.
Thanks to Oschtan for the bug report.
Updated French translation. Thanks to Gildas Le Nadan.
Updated Polish translation. Thanks to Jan Psota.
Updated Spanish translation. Thanks to Chris Chatham.
DNSSEC. It secures zone data just before it is published in an
authoritative name server.
WWW: http://www.opendnssec.org
PR: ports/142103
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl>
to thoroughly test this version before updating production systems.
For the port, introduce a new dependency, security/p5-Digest-SHA
Changes in this version, in addition to numerous minor bug fixes:
Feature: Truncation for Nameserver
TAKE CARE:
this feature may cause unexpected behavior for your nameservers
Net::DNS::Packet::truncate is a new method that is called from
within Net::DNS::Nameserver that truncates a packet according to
the rules of RFC2181 section 9.
Feature: Added Net::DNS::Domain
Net::DNS::Domain is an attemt to consistently approach the various
ways we interface with what RFC 1035 calls <domain-name>.
Feature: KX RR
Added support for the KX RR, RFC2230
Feature: HIP RR
Added support for the HIP RR, RFC5205
Feature: DHCID RR
Added rudimentary support for the DHCID RR.
Fix improved fuzzy matching of CLASS and TYPE in the Question
constructor method.
Fix AAAA dynamic update
PR: ports/136065 ports/127469
Submitted by: N.J. Mann <njm@njm.me.uk> and Aldis Berjoza <killasmurf86@gmail.com>
- Early identify port CONFLICTS
PR: 137855
Submitted by: Piotr Smyrak <smyru@heron.pl>
- Add --no-same-permissions to the EXTRACT_AFTER_ARGS command.
Tijl Coosemans has been reported an issue that when root is extracting from the
tarball, and the tarball contains world writable files
(sysutils/policykit as an example), there is a chance that the files
gets changed by malicious third parties right after the extraction,
which makes it possible to inject code into the package thus compromise
the system.
Submitted by: Tijl Coosemans <tijl@coosemans.org> Xin LI (delphij@)
- Fix some whitespaces
Tested with: exp-run
is designed to help you as a user determine what name services
are the best to use for an individual machine.
WWW: http://namebench.googlecode.com/
PR: ports/141202
Submitted by: Sahil Tandon <sahil at tandon.net>
e-mail addresses from the pkg-descr file that could reasonably
be mistaken for maintainer contact information in order to avoid
confusion on the part of users looking for support. As a pleasant
side effect this also avoids confusion and/or frustration for people
who are no longer maintaining those ports.
start testing it sooner rather than later. When the final version
is released the -devel will be removed.
Some of the new features of BIND 9.7.x are:
- Fully automatic signing of zones by "named"
- Simplified configuration of DNSSEC Lookaside Validation (DLV)
- Simplified configuration of Dynamic DNS, using the "ddns-confgen"
command line tool or the "local" update-policy option
- New named option "attach-cache" that allows multiple views to
share a single cache
- DNS rebinding attack prevention
- New default values for dnssec-keygen parameters
- Support for RFC 5011 automated trust anchor maintenance
(see README.rfc5011 for additional details)
- Smart signing: simplified tools for zone signing and key
maintenance
- Improved PKCS#11 support
