Features:
* New option 'nsid:', to specify the NSID (Bugfix #298).
* The default chroot can be set with --with-chroot=dir.
If not set, by default chroot will not be used.
* Optimized zonec and b64_pton compatibility code.
* Optimized memory allocations. Use mmap/munmap instead of malloc/free.
Experimental, by default off. Enable it at build time with --enable-mmap.
Bugfixes:
* NSD will not start if chroot is configured,
but changing root is not possible
* Make use of the more secure strl* functions.
* Bugfix #303: spelling error.
Operational notes:
* NSID support is now enabled by default.
* Support DLV records.
* New option 'tcp-query-count:', to limit the maximum number of DNS
queries on a single tcp connection.
* New option 'tcp-timeout:', to override the default tcp timeout.
The option can also be set at build time, --with-tcp-timeout.
* New option 'notify-retry:', to configure how many times NSD should
retry a NOTIFY message.
* New options 'ipv4-edns-size:' and 'ipv6-edns-size:', to set your
preferred EDNS buffer size.
* Ignore SIGHUP to child processes.
* UDP/IPv4 sockets have new options set that will disable the DF
flag in IP packets.
* Bug #236: Allow RRs before the SOA in a zonefile.
* Bug #229: Remove the C99 code.
* Bug #253: Don't put NS RRs in a response with QTYPE=DNSKEY.
* Bug #263: Make TSIG algorithm comparison case insensitive.
* Bug #266: Build failed on systems without strptime.
* Fix install hickup.
* Fix to use 4096 EDNS limit for IPv6 on Linux.
Allows nsd-patch to directly work on the database without intermediate
zonefile. Allow file rotation for nsd.log. Allow disabling AXFR
fallback.
Fix off-by-one during query processing.
- improved IXFR support
- support for hmac-sha1 and hmac-sha256 in TSIG
- selection of source ip for notifies and zone requests
- NSEC3 is enabled by default
- option to disable CHAOS version support
- bugfixes
- better logging for nsd-notify and db creation failures
- nsdc start checks if nsd is already running
- fix loading data from files with relative names when chrootdir ends
with a slash
- fix a case when nsd would return FORMERR for edns queries with version
0 and rdlen larger than 0.
- don't answer nsec3 wildcard information when DO bit is not set
- fix man pages and improve consistency
- improved handling for malformed IXFRs
- report source and zone for denied AXFR requests
- improved handling of malformed nsec3 records
- fix ignored return value in region-allocator.
and to support the "inet6" option instead.
Remaining usage of USE_INET6 was solely for the benefit of the scripts
that generate the README.html files. Replace:
BUILD_DEFS+= USE_INET6
with
BUILD_DEFS+= IPV6_READY
and teach the README-generation tools to look for that instead.
This nukes USE_INET6 from pkgsrc proper. We leave a tiny bit of code
to continue to support USE_INET6 for pkgsrc-wip until it has been nuked
from there as well.
NOTE: the configuration file format has changed. Don't update blindly.
Major changes:
- integrated AXFR/IXFR support for zone transfer. IXFR is not supported
when acting as master.
- TSIG authentication support for queries, notifies and zone transfers.
- full NOTIFY support
- DNAME type is supported
- experimental support for NSEC3 and NSID, not enabled in pkgsrc
- various bug fixes.
RECOMMENDED is removed. It becomes ABI_DEPENDS.
BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo.
BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo.
BUILDLINK_DEPENDS does not change.
IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS
which defaults to "yes".
Added to obsolete.mk checking for IGNORE_RECOMMENDED.
I did not manually go through and fix any aesthetic tab/spacing issues.
I have tested the above patch on DragonFly building and packaging
subversion and pkglint and their many dependencies.
I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I
have used IGNORE_RECOMMENDED for a long time). I have been an active user
of IGNORE_RECOMMENDED since it was available.
As suggested, I removed the documentation sentences suggesting bumping for
"security" issues.
As discussed on tech-pkg.
I will commit to revbump, pkglint, pkg_install, createbuildlink separately.
Note that if you use wip, it will fail! I will commit to pkgsrc-wip
later (within day).
${VARBASE}/db/nsd.db on all platforms and use user/group nsd for the
daemon to run as. Install sample configuration without .sample
extension. Take maintainership. Bump revision.
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
FEATURES:
- NSD now fully supports unknown record types using the
notation specified in RFC3597.
- Support for the following RR types has been added: WKS, X25,
ISDN, RT, NSAP, PX, NAPTR, KX, CERT, DNAME, and APL. DNAME
special processing is not supported.
and bug fixes.
2.0.2
=============
BUG FIXES:
- Allow the use of a mnemonic for the algorithm field of a
DNSKEY record.
- Behavior of the zonec -v flag has been modified. By default
zonec will only print a single line with a summary of the
error count.
- Bug #75: Fixed typo in previous "fix".
NSD 2.0.1 release notes:
BUG FIXES:
- Queries for QTYPE DS (DNSSEC) were not handled correctly in
certain cases.
- Partial support for unknown RRs. Known RR types with
unknown RR data format is not yet supported.
- Bug #75: Fixed bad error message when nsdc update is run for
the first time.
- Bug #78: Multiple zones, each with include directives, are
now compiled correctly.
=============
BUG FIXES:
- Bug #59: NSD returns FORMERR when the query name is >= 246
bytes.
- Bug #60: Zonec runs out of file descriptors with many zones.
- Bug #61: nsdc uses /bin/sh hardwired (and should not).
- Bug #62: NSD is not able to log to a file.
- Bug #63: nsdc update and zonec are too tallkative.
- Bug #64: Answer for request of a host resolved by a
wildcard-resource-record is not understandable by dig.
=============
BUG FIXES:
- AXFR terminates early if a zone containa a CNAME pointing
the the zone's domain name (SOA record) (bug #56).
- During an AXFR memory above the top of the stack was
accessed. This could lead to occassional AXFR errors (bad
packets).
- NSD now prints its version number and exits when invoked
with the -v flag (bug #57).
- NSD prints help information and exits when invoked with the
-h flag.
1.2
=============
FEATURES:
- NSD is now a single parent process (handling child
termination and database reloads) plus multiple UDP and TCP
child processes handling queries. Before the parent process
also handled UDP queries. This change simplifies the parent
and child processes and allows the use of multiple
concurrent UDP servers.
- Experimental plugin support. This required a minor,
incompatible change to the database format. Make sure you
recompile your database. Use --enable-plugins to enable.
- Full IPv6 support (for multi-homing and for Linux, thanks to
Colm MacCárthaigh and Jun-ichiro itojun Hagino). Use
--enable-ipv6 to enable.
- Support for multi-homing with TCP connections.
- Support for SunOS 4.x has been dropped.
CODE CHANGES:
- NSD should now conform to the Single Unix Specification
(http://www.unix.org/).
- Const correctness for strings and some other data types.
- Removed code for Berkeley DB, hash tables, and mmap(2).
- Separate preprocessor flags from code flags (CPPFLAGS and
CFLAGS).
- Use uint8_t instead of u_char, uint{16,32}_t instead of
u_int{16,32}_t.
- Fixed warnings from mixing signed and unsigned types.
- Use sigaction(2) instead of signal(2).
- The query_process function has been split up for clarity.
BUG FIXES:
- CHAOS TXT queries failed on big-endian machines.
- Portability fixes for Tru64 (thanks to Stephane Bortzmeyer),
HP-UX, and MacOS X (thanks to Ronald van der Pol).
- Removed compile time limit on maximum number of TCP child
servers.
- Support for debugging UDP and TCP queries.
- Always ensure there is enough room for the EDNS record when
answering a query with EDNS enabled.
1.1
=============
FEATURES:
- ANSI C
- autoconf/configure
- new parser
- support for various RR types in zonec
- support for UNKN RR types
BUG FIXES:
- lots of zone parsing errors eliminated
- empty node matching bug gives NXDOMAIN
1.0.3
=============
This release is a bug fix release and does not add any new features.
BUG FIXES:
- Ignore SIGPIPE errors (bug #43).
- Keep track of TCP child servers and restart if necessary.
(bug #55)
- Handle database reload failures correctly.
- Close UDP sockets in TCP child servers.
- Handle escaped characters (besides \.) in labels.
- Preserve the query's RD flag in the answer.
1.0.2
=============
FEATURES:
- -DBIND8_STATS to enable bind8 like [NX]STATS
- -t flag to make nsd chroot to a certain directory
- -s flag to make nsd produce statistics every s seconds
- /etc/nsd/nsdc.conf to overwrite default variables
for nsdc.sh
- less loggin and more radical tcp connection (mis)handling
- prefork -n processes to handle tcp connections
- multiple -a flags
CHANGES:
- named.stats file functionality is removed
BUG FIXES:
- couple of pedantic fixes in C code
- last zone in database axfr bug fixed
- nsdc update wont update bug fixed
