Commit graph

8 commits

Author SHA1 Message Date
he
e3e8ad2293 Update to sync with the ldns update to version 1.6.15.
This changes the default trust anchor file from the dig-compatible
value to a default of /usr/pkg/etc/unbound/root.key.

Part of change log relevant to drill:

        * Configurable default trust anchor with --with-trust-anchor=FILE
          for drill, ldns-verify-zone and ldns-dane
        * bugfix #473: Dead code removal and resource leak fix in drill
2012-10-25 20:59:46 +00:00
asau
e059e7e469 Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-23 17:18:07 +00:00
he
2037164249 Add a patch each to code and documentation so that drill probes
for /etc/trusted-key.key, and uses that as a trust anchor if neither
-D nor -k options were specified. This feature is borrowed from
BIND's dig when it is compiled with SIGCHASE support.  Bump
PKGREVISION.
2012-10-08 13:58:48 +00:00
he
9290390cfd Update from version 1.6.8 to 1.6.13.
Ensure that ldns is at least as new as this package.
I don't think there are specific fixes to drill in this update,
so this is an update to pull in all the library fixes from ldns,
since drill comes out of the ldns distribution.
2012-10-08 13:30:43 +00:00
pettai
11614f9da7 * bugfix #335: Print both SHA-1 and SHA-256 corresponding DS records.
* Fix verify NSEC3 denials.
* allow for a secure trace if you use DS records as trust anchors
* bugfix #313: trace on an empty nonterminal continuation.
2012-08-13 14:10:05 +00:00
he
d8801e2b70 Update from version 1.4.0 to 1.6.4.
Thanks to Taylor R Campbell for nudge to update, and a patch to do so.

Pkgsrc changes:
 o Add LICENSE=modified-bsd setting

Upstream changes (also includes changes from the enclosing "ldns"):
1.6.4   2010-01-20
        * Imported pyldns contribution by Zdenek Vasicek and Karel Slany.
          Changed its configure and Makefile to fit into ldns.
          Added its dname_* methods to the rdf_* class (as is the ldns API).
          Changed swig destroy of ldns_buffer class to ldns_buffer_free.
          Declared ldns_pkt_all and ldns_pkt_all_noquestion so swig sees them.
        * Bugfix: parse PTR target of .tomhendrikx.nl with error not crash.
        * Bugfix: handle escaped characters in TXT rdata.
        * bug292: no longer crash on malformed domain names where a label is
          on position 255, which was a buffer overflow by one.
        * Fix ldns_get_rr_list_hosts_frm_fp_l (strncpy to strlcpy change),
          which fixes resolv.conf reading badly terminated string buffers.
        * Fix ldns_pkt_set_random_id to be more random, and a little faster,
          it did not do value 0 statistically correctly.
        * Fix ldns_rdf2native_sockaddr_storage to set sockaddr type to zeroes,
          for portability.
        * bug295: nsec3-hash routine no longer case sensitive.
        * bug298: drill failed nsec3 denial of existence proof.

1.6.3   2009-12-04
        * Bugfix: allow for unknown resource records in zonefile with rdlen=0.
        * Bugfix: also mark an RR as question if it comes from the wire
        * Bugfix: NSEC3 bitmap contained NSEC
        * Bugfix: Inherit class when creating signatures

1.6.2   2009-11-12
        * Fix Makefile patch from Havard Eidnes, better install.sh usage.
        * Fix parse error on SOA serial of 2910532839.
          Fix print of ';' and readback of '\;' in names, also for '\\'.
          Fix parse of '\(' and '\)' in names.  Also for file read. Also '\.'
        * Fix signature creation when TTLs are different for RRs in RRset.
        * bug273: fix so EDNS rdata is included in pkt to wire conversion.
        * bug274: fix use of c++ keyword 'class' for RR class in the code.
        * bug275: fix memory leak of packet edns rdata.
        * Fix timeout procedure for TCP and AXFR on Solaris.
        * Fix occasional NSEC bitmap bogus
        * Fix rr comparing (was in reversed order since 1.6.0)
        * bug278: fix parsing HINFO rdata (and other cases).
        * Fix previous owner name: also pick up if owner name is @.
	* RFC5702: enabled sha2 functions by default. This requires
	  OpenSSL 0.9.  8 or higher.  Reason for this default is the
	  root to be signed with RSASHA256.
        * Fix various LDNS RR parsing issues: IPSECKEY, WKS, NSAP,
	  very long lines
        * Fix: Make ldns_dname_is_subdomain case insensitive.
        * Fix ldns-verify-zone so that address records at zone NS set
	  are not considered glue (Or glue records fall below delegation)
        * Fix LOC RR altitude printing.
        * Feature: Added period (e.g. '3m6d') support at explicit TTLs.
        * Feature: DNSKEY rrset by default signed with minimal signatures
          but -A option for ldns-signzone to sign it with all keys.
          This makes the DNSKEY responses smaller for signed domains.

1.6.1   2009-09-14
        * --enable-gost : use the GOST algorithm (experimental).
        * Added some missing options to drill manpage
        * Some fixes to --without-ssl option
        * Fixed quote parsing withing strings
        * Bitmask fix in EDNS handling
        * Fixed non-fqdn domain name completion for rdata field domain
          names of length 1
        * Fixed chain validation with SHA256 DS records

1.6.0
        Additions:
        * Addition of an ldns-config script which gives cflags and libs
          values, for use in configure scripts for applications that use
          use ldns. Can be disabled with ./configure --disable-ldns-config
        * Added direct sha1, sha256, and sha512 support in ldns.
          With these functions, all NSEC3 functionality can still be
          used, even if ldns is built without OpenSSL. Thanks to OpenBSD,
          Steve Reid, and Aaron D. Gifford for the code.
        * Added reading/writing support for the SPF Resource Record
        * Base32 functions are now exported
        Bugfixes:
        * ldns_is_rrset did not go through the complete rrset, but
          only compared the first two records. Thanks to Olafur
          Gudmundsson for report and patch
        * Fixed a small memory bug in ldns_rr_list_subtype_by_rdf(),
          thanks to Marius Rieder for finding an patching this.
        * --without-ssl should now work. Make sure that examples/ and
          drill also get the --without-ssl flag on their configure, if
          this is used.
        * Some malloc() return value checks have been added
        * NSEC3 creation has been improved wrt to empty nonterminals,
          and opt-out.
        * Fixed a bug in the parser when reading large NSEC3 salt
          values.
        * Made the allowed length for domain names on wire
          and presentation format the same.
        Example tools:
        * ldns-key2ds can now also generate DS records for keys without
          the SEP flag
        * ldns-signzone now equalizes the TTL of the DNSKEY RRset (to
          the first non-default DNSKEY TTL value it sees)

1.5.1
        Example tools:
        * ldns-signzone was broken in 1.5.0 for multiple keys, this
          has been repaired

        Build system:
        * Removed a small erroneous output warning in
          examples/configure and drill/configure

1.5.0
        Bug fixes:
        * fixed a possible memory overflow in the RR parser
        * build flag fix for Sun Studio
        * fixed a building race condition in the copying of header
          files
        * EDNS0 extended rcode; the correct assembled code number
          is now printed (still in the EDNS0 field, though)
        * ldns_pkt_rr no longer leaks memory (in fact, it no longer
          copies anything all)

        API addition:
        * ldns_key now has support for 'external' data, in which
          case the OpenSSL EVP structures are not used;
          ldns_key_set_external_key() and ldns_key_external_key()
        * added ldns_key_get_file_base_name() which creates a
          'default' filename base string for key storage, of the
          form "K<zone>+<algorithm>+<keytag>"
        * the ldns_dnssec_* family of structures now have deep_free()
          functions, which also free the ldns_rr's contained in them
        * there is now an ldns_match_wildcard() function, which checks
          whether a domain name matches a wildcard name
        * ldns_sign_public has been split up; this resulted in the
          addition of ldns_create_empty_rrsig() and
          ldns_sign_public_buffer()

        Examples:
        * ldns-signzone can now automatically add DNSKEY records when
          using an OpenSSL engine, as it already did when using key
          files
        * added new example tool: ldns-nsec3-hash
        * ldns-dpa can now filter on specific query name and types
        * ldnsd has fixes for the zone name, a fix for the return
          value of recvfrom(), and an memory initialization fix
          (Thanks to Colm MacCárthaigh for the patch)
        * Fixed memory leaks in ldnsd

1.4.1
        Bug fixes:
        * fixed a build issue where ldns lib existence was done too early
        * removed unnecessary check for pcap.h
        * NSEC3 optout flag now correctly printed in string output
        * inttypes.h moved to configured inclusion
        * fixed NSEC3 type bitmaps for empty nonterminals and unsigned
          delegations

        API addition:
        * for that last fix, we added a new function
          ldns_dname_add_from() that can clone parts of a dname
2010-03-03 13:43:08 +00:00
joerg
2950e11249 Update to drill-1.4.0:
Sync with ldns-1.4.0 release.

Add DESTDIR support.
2008-12-17 17:53:26 +00:00
he
fb6b72e8e0 Import drill version 1.0-pre3 from NLnet Labs, as embedded in ldns-1.3.0.
Drill is a tool ala dig from BIND. It was designed with DNSSEC in
mind and should be a useful debugging/query tool for DNSSEC.

A lot of DNS debugging is done with dig, but as dig is made with
the same libraries as BIND8/9 (the most used DNS server out there),
what are you actually debugging/testing? Drill has nothing in common
with either NSD nor BIND. During the development process we are
actually uncovering obscure bugs in NSD and BIND (and in drill
itself).
2008-07-22 08:32:33 +00:00