Features:
* documented in doc/NSD-4-features. Change configuration without restart,
direct nameserver control with nsd-control, support a higher number of zones.
Higher performance (compared to NSD3).
* nsdc is gone. Use kill -HUP for reload (also checks if zonefiles have
changed and rereads them), and kill -TERM for quit. Or use nsd-control
for detailed control.
* cron job for nsdc patch is gone. nsd-control write creates zonefiles.
* nsd.db has a new format that compacts itself when it is changed,
thus nsdc patch is no longer necessary.
* nsd.db is memory mapped, NSD needs (part of) that mmap in ram.
* tcp-count can go above 1000; epoll/kqueue support with libevent.
* nsd-control reconfig for updates with no restart (zones, keys, ..)
* nsd-control-setup to create keys for nsd-control (enable nsd-control
with remote-control: yes in nsd.conf).
Bugfixes:
* Bugfix #421: Truncate pidfile on shutdown, before unlink.
* Bugfix #423: Fix slow zone transfer processing due to
'Fix is_existing flag for ENT' bugfix.
* Bugfix #430: Fix segfault when MAX_INTERFACES set to more than 65K.
* Fix configure.ac strptime check for gcc 4.6.2, acx_nlnetlabs.m4 update
NSD 3.2.9
Features:
* Minimize responses to reduce truncation: NSD will only add optional
records to the authority and additional sections when the response size
does not exceed the minimal response size.
* The minimal response size is 512 (no-EDNS), 1480 (EDNS/IPv4),
1220 (EDNS/IPv6), or the advertized EDNS buffer size if that is smaller
than the EDNS default.
* The feature is enabled by default. You can disable it by configuring NSD
with --disable-minimal-responses.
* Less NSEC3 prehashing. This will make NSD handle zone transfers faster,
but will decrease the performance of NXDOMAIN and wildcard NODATA responses.
Full prehashing is enabled by default. If you want less NSEC3 prehashing,
configure NSD with --disable-full-prehash. Thanks Secure64 for the patch.
Bugfixes:
* Bugfix #302: nsd accepts XFR but refuses to re-read the slave zone.
* Bugfix #365: set patch style and zonec verbose for nsdc.
* First step of bug #369: RRSIG DNSKEY sets zone to be treated DNSSEC.
* Bugfix #375: typos in nsd.conf.5.
* Bugfix #381: Binary escaped and transfers.
* Bugfix #397: Don't allow relative domain names as origin in $INCLUDE
directives.
* Fix printout of IPSECKEY by nsd-patch.
* Fix is_existing flag for ENT when domain that has a shared ENT is deleted
by IXFR. (ENT == Empty Non-Terminal)
* Fix bug if the zonefile is changed for a secondary but stored transfers
are applied, and stop it from applying ixfr to empty zone. The zone is
flagged with error and AXFR-ed.
* Fix to have no authority NS set processing for CNAMEs.
* Fix nsd-checkconf to check tsig algorithms properly.
* Set the AA bit on responses that have an authoritative CNAME.
* Fix denial of existence response for empty non-terminal that looks like
a NSEC3-only domain (but has data below it).
Operational notes:
nsd.db version number increased because NSD 3.2.7 and earlier zonec is not
compatible due to the TXT strings change. Please run nsdc rebuild before
running NSD 3.2.9 and later versions.
NOTE: the configuration file format has changed. Don't update blindly.
Major changes:
- integrated AXFR/IXFR support for zone transfer. IXFR is not supported
when acting as master.
- TSIG authentication support for queries, notifies and zone transfers.
- full NOTIFY support
- DNAME type is supported
- experimental support for NSEC3 and NSID, not enabled in pkgsrc
- various bug fixes.
${VARBASE}/db/nsd.db on all platforms and use user/group nsd for the
daemon to run as. Install sample configuration without .sample
extension. Take maintainership. Bump revision.
