pool/nsd
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
81 Commits 1 Branch 0 Tags
Commit Graph

66 Commits

Author SHA256 Message Date
Adam Majer
4428c31df1 - Adapt spec file to work nicer with containers, like no systemd 
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=103
 2023-08-05 18:54:54 +00:00
Adam Majer
1fa87d33f0 Accepting request 1095779 from home:amanzini:branches:server:dns 
- New upstream release 4.7.0
  This release adds a script for bash autocompletion for nsd-control. Also
  nsd-control can be configured to use unencrypted operation also when
  compiled without openssl. There is also a systemd service unit example
  file contributed. The dnstap log service can be contacted over TCP, with
  the dnstap-ip: ip option. It is also possible to use TLS, with
  dnstap-tls, it is enabled by default, and can be configured with the
  dnstap-server-name, dnstap-cert-bundle, dnstap-client-key-file and
  dnstap-client-cert-file options. 
  FEATURES:
    * Fix #267: Allow unencrypted local operation of nsd-control.
    * Fix #271: DNSTAP over TCP, with dnstap-ip: "127.0.0.1@3333".
    * dnstap over TLS, default enabled. Configured with the
      options dnstap-tls, dnstap-tls-server-name, dnstap-tls-cert-bundle,
      dnstap-tls-client-key-file and dnstap-tls-client-cert-file.
  BUGFIXES:
    see https://github.com/NLnetLabs/nsd/releases/tag/NSD_4_7_0_REL

OBS-URL: https://build.opensuse.org/request/show/1095779
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=101
 2023-07-04 17:20:39 +00:00
Adam Majer
959d260acd Accepting request 1035137 from home:stroeder:network 
New upstream release 4.6.1

OBS-URL: https://build.opensuse.org/request/show/1035137
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=99
 2022-11-11 11:57:03 +00:00
Adam Majer
195b71a6d1 Accepting request 986175 from home:stroeder:network 
New upstream release 4.6.0

OBS-URL: https://build.opensuse.org/request/show/986175
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=97
 2022-07-01 10:20:48 +00:00
Adam Majer
c5f38ac57d Accepting request 977282 from home:stroeder:network 
New upstream release 4.5.0

OBS-URL: https://build.opensuse.org/request/show/977282
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=95
 2022-05-16 13:31:59 +00:00
Adam Majer
940ab4461a Accepting request 955695 from home:stroeder:network 
New upstream release 4.4.0

OBS-URL: https://build.opensuse.org/request/show/955695
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=94
 2022-02-21 11:42:30 +00:00
Michael Ströder
9351d7e6dc Accepting request 938256 from home:stroeder:network 
New upstream release 4.3.9

OBS-URL: https://build.opensuse.org/request/show/938256
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=93
 2021-12-09 18:31:36 +00:00
Michael Ströder
b5236723e3 Accepting request 931273 from home:stroeder:network 
- adjusted SystemCallFilter= in nsd.service

OBS-URL: https://build.opensuse.org/request/show/931273
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=92
 2021-11-13 22:46:24 +00:00
Michael Ströder
c0230520f1 Accepting request 925092 from home:stroeder:network 
- set RestrictAddressFamilies= in nsd.service

OBS-URL: https://build.opensuse.org/request/show/925092
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=91
 2021-10-13 12:52:27 +00:00
Michael Ströder
1c78b76f36 Accepting request 924959 from home:stroeder:network 
- reworked nsd.service:
  * directly start as User=_nsd
  * even more hardening
  * removed commented and unused directives

FWIW: This was successfully tested on Tumbleweed x86_64.

OBS-URL: https://build.opensuse.org/request/show/924959
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=90
 2021-10-12 20:46:21 +00:00
Michael Ströder
3625623c92 Accepting request 924957 from home:stroeder:network 
Added hardening to systemd service(s) (bsc#1181400)

(Re-ordered nsd.changes)

OBS-URL: https://build.opensuse.org/request/show/924957
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=89
 2021-10-12 20:03:47 +00:00
Michael Ströder
a970b4b2e3 Accepting request 924899 from home:jsegitz:branches:systemdhardening:server:dns 
Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort

OBS-URL: https://build.opensuse.org/request/show/924899
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=88
 2021-10-12 19:53:30 +00:00
Michael Ströder
39cc06a6e7 Accepting request 924928 from home:stroeder:network 
New upstream release 4.3.8

OBS-URL: https://build.opensuse.org/request/show/924928
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=87
 2021-10-12 18:31:24 +00:00
Michael Ströder
c4d89ea595 Accepting request 907805 from home:stroeder:network 
New upstream release 4.3.7

OBS-URL: https://build.opensuse.org/request/show/907805
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=86
 2021-07-22 18:31:41 +00:00
Michael Ströder
7fc4c082ed Accepting request 883391 from home:stroeder:network 
New upstream release 4.3.6

OBS-URL: https://build.opensuse.org/request/show/883391
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=84
 2021-04-06 18:43:14 +00:00
Michael Ströder
80dd9114b1 Accepting request 866990 from home:stroeder:branches:server:dns 
New upstream release 4.3.5

OBS-URL: https://build.opensuse.org/request/show/866990
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=82
 2021-01-28 11:31:31 +00:00
Adam Majer
2c8506e8e2 - Fix that symlink does not interfere with chown of pidfile 
(bsc#1179191, CVE-2020-28935)

OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=80
 2020-12-01 20:54:35 +00:00
Adam Majer
5a464ece91 Accepting request 852423 from home:stroeder:branches:server:dns 
New upstream release 4.3.4 with fix for CVE-2020-28935

OBS-URL: https://build.opensuse.org/request/show/852423
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=79
 2020-12-01 20:53:14 +00:00
Adam Majer
5b7b6c24bf Accepting request 840327 from home:stroeder:branches:server:dns 
New upstream release 4.3.3

OBS-URL: https://build.opensuse.org/request/show/840327
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=77
 2020-10-19 08:27:21 +00:00
Adam Majer
930b6ba833 Accepting request 820965 from home:stroeder:branches:server:dns 
New upstream release 4.3.2

OBS-URL: https://build.opensuse.org/request/show/820965
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=75
 2020-07-20 09:54:56 +00:00
Adam Majer
1028b4c4a6 Accepting request 794652 from home:stroeder:branches:server:dns 
New upstream release 4.3.1

OBS-URL: https://build.opensuse.org/request/show/794652
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=73
 2020-04-17 09:43:08 +00:00
Marguerite Su
89a74f451a Accepting request 786026 from home:stroeder:branches:server:dns 
New upstream release 4.3.0

OBS-URL: https://build.opensuse.org/request/show/786026
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=71
 2020-03-18 08:56:20 +00:00
Adam Majer
ebb8c821e6 - Update keyring as per https://nlnetlabs.nl/people/ 
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=69
 2019-12-12 15:51:01 +00:00
Adam Majer
9a1c8c624c Accepting request 755665 from home:stroeder:branches:server:dns 
New upstream release 4.2.4

OBS-URL: https://build.opensuse.org/request/show/755665
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=68
 2019-12-12 11:32:11 +00:00
Adam Majer
a66803351a Fix .changes 
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=66
 2019-11-20 13:41:38 +00:00
Adam Majer
4326999e05 - New upstream release 4.2.3: 
* confine-to-zone configures NSD to not return out-of-zone
    additional information.
  * pidfile "" allows to run NSD without a pidfile
  * adds support for readiness notification with READY_FD
  * fix excessive logging of ixfr failures, it stops the log when
    fallback to axfr is possible. log is enabled at high verbosity.
  * Fixup warnings during --disable-ipv6 compile.
  * The nsd.conf includes are sorted ascending, for include statements
    with a '*' from glob.
  * Fix log address and failure reason with tls handshake errors,
    squelches (the same as unbound) some unless high verbosity is used.
  * Number of different UDP handlers has been reduced to one.
    recvmmsg and sendmmsg implementations are now used on all platforms.
  * Socket options are now set in designated functions for easy reuse.
  * Socket setup has been simplified for easy reuse.
  * Configuration parser is now aware of the context in which
    an option was specified.
  * document that remote-control is a top-level nsd.conf attribute.
- Remove legacy upgrade of nsd users in %post (boo#1157331)boo#1157331)

OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=65
 2019-11-20 13:40:55 +00:00
Adam Majer
45e4820b87 Accepting request 729935 from home:stroeder:branches:server:dns 
update to 4.2.2

OBS-URL: https://build.opensuse.org/request/show/729935
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=63
 2019-09-10 17:40:14 +00:00
Marguerite Su
b6d4704d73 Accepting request 714282 from home:stroeder:branches:server:dns 
New upstream release 4.2.1

OBS-URL: https://build.opensuse.org/request/show/714282
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=61
 2019-07-14 03:08:38 +00:00
Marcus Rueckert
9211fbd585 Accepting request 709249 from home:adamm:branches:server:dns 
- New upstream release 4.2.0:
  * Implement TCP fast open
  * Added DNS over TLS
  * TLS OCSP stapling support with the tls-service-ocsp option
  * New option hide-identity can be used in nsd.conf to stop NSD
    from responding with the hostname for probe queries that
    elicit the chaos class response, this is conform RFC4892
  * Disable TLS1.0, TLS1.1 and weak ciphers, enable CIPHER_SERVER_PREFERENCE

OBS-URL: https://build.opensuse.org/request/show/709249
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=59
 2019-06-11 18:52:40 +00:00
Marguerite Su
458e94affe Accepting request 688411 from home:stroeder:branches:server:dns 
Update to upstream release 4.1.27

OBS-URL: https://build.opensuse.org/request/show/688411
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=57
 2019-03-26 06:51:23 +00:00
Adam Majer
978f40fd41 Accepting request 654103 from home:stroeder:branches:server:dns 
Update to upstream release 4.1.26

OBS-URL: https://build.opensuse.org/request/show/654103
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=55
 2018-12-05 10:03:47 +00:00
Marguerite Su
ce705def19 Accepting request 638258 from home:stroeder:branches:server:dns 
- Update to upstream release 4.1.25

OBS-URL: https://build.opensuse.org/request/show/638258
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=53
 2018-09-26 00:40:49 +00:00
Adam Majer
f1e3ce31b3 Accepting request 629072 from home:stroeder:branches:server:dns 
Update to upstream release 4.1.24

OBS-URL: https://build.opensuse.org/request/show/629072
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=51
 2018-08-14 08:20:44 +00:00
Marguerite Su
070d679d50 Accepting request 626524 from home:stroeder:branches:server:dns 
- Update to upstream release 4.1.23:
  - Fix NSD time sensitive TSIG compare vulnerability.

OBS-URL: https://build.opensuse.org/request/show/626524
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=49
 2018-08-05 05:46:44 +00:00
Adam Majer
e0b1394f9e Changelog formatting fixes 
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=47
 2018-07-03 11:02:43 +00:00
Adam Majer
33d39edb6d Accepting request 620433 from home:stroeder:branches:server:dns 
- Update to upstream release 4.1.22
4.1.22
================
FEATURES:
- refuse-any sends truncation (+TC) in reply to ANY queries over UDP,
  and allows TCP queries like normal.
- Use accept4 to speed up answer of TCP queries, on Linux, FreeBSD
  and OpenBSD.
BUG FIXES:
- Fix nsec3 hash of parent and child co-hosted nsec3 enabled zones.
- Fix to use same condition for nsec3 hash allocation and free.
4.1.21
================
FEATURES:
    - --enable-memclean cleans up memory for use with memory checkers,
      eg. valgrind.
    - refuse-any nsd.conf option that refuses queries of type ANY.
    - lower memory usage for tcp connections, so tcp-count can be
      higher.
BUG FIXES:
    - Fix unused variable warnings and uninit variable in statistics
      printout from clang analyzer.
    - Fix spelling error in xfr-inspect.
    - Fix #3562: explain build error when flex missing.
    - Fix buffer size warnings from compiler on filename lengths.
    - Fix #4093: Release notes not using 2018.

OBS-URL: https://build.opensuse.org/request/show/620433
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=46
 2018-07-03 10:58:40 +00:00
Adam Majer
493c369477 Accepting request 578628 from home:jubalh:branches:server:dns 
- Update to 4.1.20:
  + Fix memory leak in zone file read of unknown rr formatted RRs.
  + Fix memory leak when rehashing nsec3 after axfr or zonefile
    read, in the selectively allocated precompiled nsec3 hashes.

OBS-URL: https://build.opensuse.org/request/show/578628
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=44
 2018-02-21 11:35:23 +00:00
Adam Majer
4f8cb30f71 - Own missing ownership for %_tmpfilesdir 
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=42
 2018-02-19 10:22:36 +00:00
Adam Majer
178e6d5492 - More specfile cleanup: 
+ Drop SysV support from package (and hence usage of fillup)
  + Don't redefine %_rundir
  + Drop useless BuildRequires on systemd-devel

OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=40
 2018-02-16 08:15:09 +00:00
Adam Majer
4c25569d21 Accepting request 575619 from home:jengelh:branches:server:dns 
- Check group existence before creating it, for real.
- Stop deleting users from the system, it might remove a legitimate
  user that nsd unfortunately shared its name with.
- typographical edit in description for completeness

OBS-URL: https://build.opensuse.org/request/show/575619
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=39
 2018-02-12 12:25:36 +00:00
Adam Majer
7e18382f9f - Own the config zones directory 
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=37
 2018-02-12 10:43:27 +00:00
Adam Majer
15a8757c21 - Create a system user, not a regular user 
- Check if user/group already exists and are in system range
- Do not ignore return values from user/group creation

OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=36
 2018-02-12 09:05:22 +00:00
Marguerite Su
ab97dbe788 Accepting request 573085 from home:adamm:branches:server:dns 
- drop insserv requires on SLE12+ and openSUSE
- nsd-lintrpmrc: drop most overrides
- don't install config file as sample
- switch to using user/group names _nsd to match expected names
  as per recent rpmlint changes as not to conflict with admin
  created names.
- update and change current owner during upgrade

OBS-URL: https://build.opensuse.org/request/show/573085
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=34
 2018-02-10 01:08:20 +00:00
Adam Majer
6bdae24a72 Accepting request 561095 from home:stroeder:branches:server:dns 
update to 4.1.19

OBS-URL: https://build.opensuse.org/request/show/561095
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=33
 2018-01-03 08:11:07 +00:00
Adam Majer
8dda8812af Accepting request 546762 from home:stroeder:branches:server:dns 
- update to 4.1.18

OBS-URL: https://build.opensuse.org/request/show/546762
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=32
 2017-12-01 07:06:48 +00:00
Marcus Rueckert
9448366b88 Accepting request 520865 from home:stroeder:branches:server:dns 
- update to 4.1.17
  - Features
    * zone parser parses type AVC (it has TXT format).
    * Fix #1272: use writev to put tcp length field with data for
      outgoing zone transfer requests.
  - Bugfixes
    * Fix potential null pointer in nsec3 adjustment tree.
    * Fix text format of deletes for CDS and CDNSKEY, single 0 to
      represent empty base64 or hex string.

OBS-URL: https://build.opensuse.org/request/show/520865
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=31
 2017-09-05 10:52:10 +00:00
Michael Ströder
783bfb1032 Accepting request 493611 from home:stroeder:branches:server:dns 
update to 4.1.16

OBS-URL: https://build.opensuse.org/request/show/493611
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=30
 2017-05-09 07:58:57 +00:00
Adam Majer
87cb031061 Accepting request 490699 from home:stroeder:branches:server:dns 
update to 4.1.15

OBS-URL: https://build.opensuse.org/request/show/490699
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=29
 2017-04-24 15:38:12 +00:00
Adam Majer
871d54aee8 Accepting request 450090 from home:stroeder:branches:server:dns 
update to 4.1.14

OBS-URL: https://build.opensuse.org/request/show/450090
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=28
 2017-01-13 14:40:56 +00:00
Marcus Rueckert
b9ec3da843 Accepting request 435127 from home:adamm:branches:server:dns 
- fix tmpfiles-nsd.conf to point to /run instead of /var/run
- add nsd-rpmlintrc to not display some bogus errors
- put log files into /var/log/nsd/
- put sample config in documentation directory
- update to 4.1.13
  - FEATURES
    - multi-master-check: yes can be used to check all masters for
      the last version, using the higher version from the
      configured masters
    - Support RR type OPENPGPKEY from RFC 7929.
    - Can config key algorithms with the digest name, eg. 'sha256'.
    - configure --disable-radix-tree for about 15% lower memory
      usage.
    - for type SRV add A/AAAA to the additional section (if
      possible), just like we already do for type MX.
    - more extensible edns option handling.
    - When tcp is more than half full, use short timeout for tcp
      session.
    - Patch for {max,min}-{refresh,retry}-time
    - Fix #790: size-limit-xfr can stop NSD from downloading
      infinite zone transfer data size, from Toshifumi Sakaguchi.
      Fixes CVE-2016-6173f
  - BUGFIXES
    - Fix compile warnings about unused result from write and
      strtol. and signcompare in minmax retrytime.
    - Fix #812: fix that make depend fails after distribution.
    - Fix #817: xfrd update failed loop.
    - Add robustness against unallocated data in nsec3 trees.
    - Fix README spelling error of BSD license
    - Fix multimaster for not tried full zone transfer for a

OBS-URL: https://build.opensuse.org/request/show/435127
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=27
 2016-10-19 10:36:57 +00:00