- Update keyring as per https://nlnetlabs.nl/people/
- New upstream release 4.2.4
FEATURES:
- Fix#48: Add make distclean that removes config.h made by configure.
And add maintainer-clean that removes bison and flex output.
BUG FIXES:
- Detect fixed time memcmp for openssl 0.9.8 compatibility.
- Detect EC_KEY_new_by_curve_name for openssl 0.9.8.
- include limits.h for UINT_MAX.
- If no recvmmsg, dont use msg_flags member, but errno for error,
where our fallback function left it, msg_flags also does not exist
on some systems.
- Remove unused variable warning for portability.
- Fix#52: do not log transient network full errors unless higher
verbosity is set.
- Fix regressions in configparser.y where global variables were not
set for minimal-responses, round-robin and log-time-ascii.
OBS-URL: https://build.opensuse.org/request/show/756107
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nsd?expand=0&rev=14
- New upstream release 4.2.3:
* confine-to-zone configures NSD to not return out-of-zone
additional information.
* pidfile "" allows to run NSD without a pidfile
* adds support for readiness notification with READY_FD
* fix excessive logging of ixfr failures, it stops the log when
fallback to axfr is possible. log is enabled at high verbosity.
* Fixup warnings during --disable-ipv6 compile.
* The nsd.conf includes are sorted ascending, for include statements
with a '*' from glob.
* Fix log address and failure reason with tls handshake errors,
squelches (the same as unbound) some unless high verbosity is used.
* Number of different UDP handlers has been reduced to one.
recvmmsg and sendmmsg implementations are now used on all platforms.
* Socket options are now set in designated functions for easy reuse.
* Socket setup has been simplified for easy reuse.
* Configuration parser is now aware of the context in which
an option was specified.
* document that remote-control is a top-level nsd.conf attribute.
- Remove legacy upgrade of nsd users in %post (boo#1157331)
OBS-URL: https://build.opensuse.org/request/show/749910
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nsd?expand=0&rev=13
* confine-to-zone configures NSD to not return out-of-zone
additional information.
* pidfile "" allows to run NSD without a pidfile
* adds support for readiness notification with READY_FD
* fix excessive logging of ixfr failures, it stops the log when
fallback to axfr is possible. log is enabled at high verbosity.
* Fixup warnings during --disable-ipv6 compile.
* The nsd.conf includes are sorted ascending, for include statements
with a '*' from glob.
* Fix log address and failure reason with tls handshake errors,
squelches (the same as unbound) some unless high verbosity is used.
* Number of different UDP handlers has been reduced to one.
recvmmsg and sendmmsg implementations are now used on all platforms.
* Socket options are now set in designated functions for easy reuse.
* Socket setup has been simplified for easy reuse.
* Configuration parser is now aware of the context in which
an option was specified.
* document that remote-control is a top-level nsd.conf attribute.
- Remove legacy upgrade of nsd users in %post (boo#1157331)boo#1157331)
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=65
- New upstream release 4.2.0:
* Implement TCP fast open
* Added DNS over TLS
* TLS OCSP stapling support with the tls-service-ocsp option
* New option hide-identity can be used in nsd.conf to stop NSD
from responding with the hostname for probe queries that
elicit the chaos class response, this is conform RFC4892
* Disable TLS1.0, TLS1.1 and weak ciphers, enable CIPHER_SERVER_PREFERENCE
OBS-URL: https://build.opensuse.org/request/show/709251
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nsd?expand=0&rev=10
- New upstream release 4.2.0:
* Implement TCP fast open
* Added DNS over TLS
* TLS OCSP stapling support with the tls-service-ocsp option
* New option hide-identity can be used in nsd.conf to stop NSD
from responding with the hostname for probe queries that
elicit the chaos class response, this is conform RFC4892
* Disable TLS1.0, TLS1.1 and weak ciphers, enable CIPHER_SERVER_PREFERENCE
OBS-URL: https://build.opensuse.org/request/show/709249
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=59
- Update to upstream release 4.1.22:
- Features:
* refuse-any sends truncation (+TC) in reply to ANY queries
over UDP, and allows TCP queries like normal.
* Use accept4 to speed up answer of TCP queries
- Bug fixes:
* Fix nsec3 hash of parent and child co-hosted nsec3 enabled zones.
* Fix to use same condition for nsec3 hash allocation and free.
- Changes in version 4.1.21:
- Features:
* --enable-memclean cleans up memory for use with memory checkers,
eg. valgrind.
* refuse-any nsd.conf option that refuses queries of type ANY.
* lower memory usage for tcp connections, so tcp-count can be
higher.
- Bug fixes:
* Fix spelling error in xfr-inspect.
* Fix buffer size warnings from compiler on filename lengths.
OBS-URL: https://build.opensuse.org/request/show/620436
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nsd?expand=0&rev=4
- Update to upstream release 4.1.22
4.1.22
================
FEATURES:
- refuse-any sends truncation (+TC) in reply to ANY queries over UDP,
and allows TCP queries like normal.
- Use accept4 to speed up answer of TCP queries, on Linux, FreeBSD
and OpenBSD.
BUG FIXES:
- Fix nsec3 hash of parent and child co-hosted nsec3 enabled zones.
- Fix to use same condition for nsec3 hash allocation and free.
4.1.21
================
FEATURES:
- --enable-memclean cleans up memory for use with memory checkers,
eg. valgrind.
- refuse-any nsd.conf option that refuses queries of type ANY.
- lower memory usage for tcp connections, so tcp-count can be
higher.
BUG FIXES:
- Fix unused variable warnings and uninit variable in statistics
printout from clang analyzer.
- Fix spelling error in xfr-inspect.
- Fix#3562: explain build error when flex missing.
- Fix buffer size warnings from compiler on filename lengths.
- Fix#4093: Release notes not using 2018.
OBS-URL: https://build.opensuse.org/request/show/620433
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=46
- fix tmpfiles-nsd.conf to point to /run instead of /var/run
- add nsd-rpmlintrc to not display some bogus errors
- put log files into /var/log/nsd/
- put sample config in documentation directory
- update to 4.1.13
- FEATURES
- multi-master-check: yes can be used to check all masters for
the last version, using the higher version from the
configured masters
- Support RR type OPENPGPKEY from RFC 7929.
- Can config key algorithms with the digest name, eg. 'sha256'.
- configure --disable-radix-tree for about 15% lower memory
usage.
- for type SRV add A/AAAA to the additional section (if
possible), just like we already do for type MX.
- more extensible edns option handling.
- When tcp is more than half full, use short timeout for tcp
session.
- Patch for {max,min}-{refresh,retry}-time
- Fix#790: size-limit-xfr can stop NSD from downloading
infinite zone transfer data size, from Toshifumi Sakaguchi.
Fixes CVE-2016-6173f
- BUGFIXES
- Fix compile warnings about unused result from write and
strtol. and signcompare in minmax retrytime.
- Fix#812: fix that make depend fails after distribution.
- Fix#817: xfrd update failed loop.
- Add robustness against unallocated data in nsec3 trees.
- Fix README spelling error of BSD license
- Fix multimaster for not tried full zone transfer for a
OBS-URL: https://build.opensuse.org/request/show/435127
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=27
