- update to 9.16.10:
New Features:
* NSEC3 support was added to KASP. A new option for dnssec-policy,
nsec3param, can be used to set the desired NSEC3 parameters. NSEC3 salt
collisions are automatically prevented during resalting. [GL #1620]
* A new configuration option, stale-refresh-time, has been introduced. It allows
a stale RRset to be served directly from cache for a period of time after a
failed lookup, before a new attempt to refresh it is made. [GL #2066]
Feature Changes:
* The default value of max-recursion-queries was increased from 75 to 100.
Since the queries sent towards root and TLD servers are now included in the
count (as a result of the fix for CVE-2020-8616), max-recursion-queries has
a higher chance of being exceeded by non-attack queries, which is the main
reason for increasing its default value. [GL #2305]
The default value of nocookie-udp-size was restored back to 4096 bytes. Since
max-udp-size is the upper bound for nocookie-udp-size, this change relieves the
operator from having to change nocookie-udp-size together with max-udp-size in
order to increase the default EDNS buffer size limit. nocookie-udp-size can
still be set to a value lower than max-udp-size, if desired. [GL #2250]
Bug Fixes:
Handling of missing DNS COOKIE responses over UDP was tightened by falling
back to TCP. [GL #2275]
The CNAME synthesized from a DNAME was incorrectly followed when the QTYPE was
CNAME or ANY. [GL #2280]
Building with native PKCS#11 support for AEP Keyper has been broken since BIND
9.16.6. This has been fixed. [GL #2315]
named could crash with an assertion failure if a TCP connection were closed
while a request was still being processed. [GL #2227]
named acting as a resolver could incorrectly treat signed zones with no DS
record at the parent as bogus. Such zones should be treated as insecure. This
OBS-URL: https://build.opensuse.org/request/show/859291
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=306
- Add back init scripts, systemd units aren't ready yet
- Add python3-bind subpackage to allow python bind interactions
- Sync configure options with RH package and remove unused ones
* Enable python3
* Enable gssapi
* Enable dnssec scripts
- Drop idnkit from the build, the bind uses libidn since 2007 to run
all the resolutions in dig/etc. bsc#1030306
- Add patch to make sure we build against system idn:
* bind-99-libidn.patch
- Refresh patch:
* pie_compile.diff
- Remove patches that are unused due to above:
* idnkit-powerpc-ltconfig.patch
* runidn.diff
- drop bind-openssl11.patch (merged upstream)
- Remove systemd conditionals as we are not building on sle11 anyway
- Force the systemd to be base for the initscript deployment
- Bump up version of most of the libraries
- Rename the subpackages to match the version updates
- Add macros for easier handling of the library package names
- Drop more unneeded patches
* dns_dynamic_db.patch (upstream)
OBS-URL: https://build.opensuse.org/request/show/545259
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=224
- Add a versioned dependency when obsoleting packages.
- Remove superfluous obsoletes *-64bit in the ifarch ppc64 case; (bnc#437293).
- Fix gssapi_krb configure time header detection.
- Update root zone (dated Nov 5, 2014).
- Update to version 9.10.1
- This release addresses the security flaws described in CVE-2014-3214 and
CVE-2014-3859.
- Update to version 9.10.0
- Update to version 9.9.6
Cf the bind changes file for all the details of 9.9.6 till 9.10.1.
- Remove merged rpz2+rl-9.9.5.patch and obsoleted rpz2+rl-9.9.5.patch
- Update baselibs.conf (added libirs and library interface version updates).
OBS-URL: https://build.opensuse.org/request/show/264083
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=153
