#
267654 |
|
19-Jun-2014 |
gjb |
Copy stable/9 to releng/9.3 as part of the 9.3-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
254897 |
|
26-Aug-2013 |
erwin |
MFC r254651:
Update Bind to 9.9.3-P2
Notable new features:
* Elliptic Curve Digital Signature Algorithm keys and signatures in DNSSEC are now supported per RFC 6605. [RT #21918]
* Introduces a new tool "dnssec-verify" that validates a signed zone, checking for the correctness of signatures and NSEC/NSEC3 chains. [RT #23673]
* BIND now recognizes the TLSA resource record type, created to support IETF DANE (DNS-based Authentication of Named Entities) [RT #28989]
* The new "inline-signing" option, in combination with the "auto-dnssec" option that was introduced in BIND 9.7, allows named to sign zones completely transparently.
Approved by: delphij (mentor) Sponsored by: DK Hostmaster A/S
|
#
254402 |
|
16-Aug-2013 |
erwin |
MFC 253983, 253984:
Update Bind to 9.8.5-P2
New Features
Adds a new configuration option, "check-spf"; valid values are "warn" (default) and "ignore". When set to "warn", checks SPF and TXT records in spf format, warning if either resource record type occurs without a corresponding record of the other resource record type. [RT #33355]
Adds support for Uniform Resource Identifier (URI) resource records. [RT #23386]
Adds support for the EUI48 and EUI64 RR types. [RT #33082]
Adds support for the RFC 6742 ILNP record types (NID, LP, L32, and L64). [RT #31836]
Feature Changes
Changes timing of when slave zones send NOTIFY messages after loading a new copy of the zone. They now send the NOTIFY before writing the zone data to disk. This will result in quicker propagation of updates in multi-level server structures. [RT #27242] "named -V" can now report a source ID string. (This is will be of most interest to developers and troubleshooters). The source
ID for ISC's production versions of BIND is defined in the "srcid" file in the build tree and is normally set to the most recent git hash. [RT #31494]
Response Policy Zone performance enhancements. New "response-policy" option "min-ns-dots". "nsip" and "nsdname" now enabled by default with RPZ. [RT #32251]
Approved by: delphij (mentor) Sponsored by: DK Hostmaster A/S
|
#
245163 |
|
08-Jan-2013 |
erwin |
MFC r243981,243987:
Update to 9.8.4-P1.
New Features
* Elliptic Curve Digital Signature Algorithm keys and signatures in DNSSEC are now supported per RFC 6605. [RT #21918]
Feature Changes
* Improves OpenSSL error logging [RT #29932]
* nslookup now returns a nonzero exit code when it is unable to get an answer. [RT #29492]
Other critical bug fixes are included.
Approved by: delphij (mentor) Sponsored by: DK Hostmaster A/S
|
#
234010 |
|
07-Apr-2012 |
dougb |
MFC r233909:
Add Bv9ARM.pdf to the list of docs to install.
MFV/MFC r233914:
Update to version 9.8.2, the latest from ISC, which contains numerous bug fixes.
|
#
225736 |
|
22-Sep-2011 |
kensmith |
Copy head to stable/9 as part of 9.0-RELEASE release cycle.
Approved by: re (implicit)
|
#
224092 |
|
16-Jul-2011 |
dougb |
Upgrade to version 9.8.0-P4
This version has many new features, see /usr/share/doc/bind9/README for details.
|
#
218384 |
|
06-Feb-2011 |
dougb |
Update to BIND 9.6.3, the latest from ISC on the 9.6 branch.
All 9.6 users with DNSSEC validation enabled should upgrade to this version, or the latest version in the 9.7 branch, prior to 2011-03-31 in order to avoid validation failures for names in .COM as described here:
https://www.isc.org/announcement/bind-9-dnssec-validation-fails-new-ds-record
In addition the fixes for this and other bugs, there are also the following:
* Various fixes to kerberos support, including GSS-TSIG * Various fixes to avoid leaking memory, and to problems that could prevent a clean shutdown of named
|
#
216175 |
|
04-Dec-2010 |
dougb |
Update to version 9.6-ESV-R3, the latest from ISC, which addresses the following security vulnerabilities.
For more information regarding these issues please see: http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories
1. Cache incorrectly allows ncache and rrsig for the same type
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613
Affects resolver operators whose servers are open to potential attackers. Triggering the bug will cause the server to crash.
This bug applies even if you do not have DNSSEC enabled.
2. Key algorithm rollover
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3614
Affects resolver operators who are validating with DNSSEC, and querying zones which are in a key rollover period. The bug will cause answers to incorrectly be marked as insecure.
|
#
193149 |
|
31-May-2009 |
dougb |
Update BIND to version 9.6.1rc1. This version has better performance and lots of new features compared to 9.4.x, including:
Full NSEC3 support Automatic zone re-signing New update-policy methods tcp-self and 6to4-self DHCID support. More detailed statistics counters including those supported in BIND 8. Faster ACL processing. Efficient LRU cache-cleaning mechanism. NSID support.
|
#
186462 |
|
23-Dec-2008 |
dougb |
Merge from vendor/bind9/dist as of the 9.4.3 import
|
#
174188 |
|
02-Dec-2007 |
dougb |
This commit was generated by cvs2svn to compensate for changes in r174187, which included commits to RCS files with non-trunk default branches.
|
#
174187 |
|
02-Dec-2007 |
dougb |
Vendor import of BIND 9.4.2
|
#
170222 |
|
02-Jun-2007 |
dougb |
Vendor import of BIND 9.4.1
|
#
143731 |
|
17-Mar-2005 |
dougb |
Vendor import of BIND 9.3.1
|
#
135446 |
|
18-Sep-2004 |
trhodes |
Vender import of BIND 9.3.0rc4.
|