#
267654 |
|
19-Jun-2014 |
gjb |
Copy stable/9 to releng/9.3 as part of the 9.3-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
254897 |
|
26-Aug-2013 |
erwin |
MFC r254651:
Update Bind to 9.9.3-P2
Notable new features:
* Elliptic Curve Digital Signature Algorithm keys and signatures in DNSSEC are now supported per RFC 6605. [RT #21918]
* Introduces a new tool "dnssec-verify" that validates a signed zone, checking for the correctness of signatures and NSEC/NSEC3 chains. [RT #23673]
* BIND now recognizes the TLSA resource record type, created to support IETF DANE (DNS-based Authentication of Named Entities) [RT #28989]
* The new "inline-signing" option, in combination with the "auto-dnssec" option that was introduced in BIND 9.7, allows named to sign zones completely transparently.
Approved by: delphij (mentor) Sponsored by: DK Hostmaster A/S
|
#
236374 |
|
01-Jun-2012 |
dougb |
MFV r236171, MFC r236196:
Upgrade to BIND version 9.8.3, the latest from ISC.
Feature Change
* BIND now recognizes the TLSA resource record type, created to support IETF DANE (DNS-based Authentication of Named Entities)
Bug Fix
* The locking strategy around the handling of iterative queries has been tuned to reduce unnecessary contention in a multi- threaded environment.
Other critical bug fixes are included.
All BIND users are encouraged to upgrade.
|
#
234010 |
|
07-Apr-2012 |
dougb |
MFC r233909:
Add Bv9ARM.pdf to the list of docs to install.
MFV/MFC r233914:
Update to version 9.8.2, the latest from ISC, which contains numerous bug fixes.
|
#
225736 |
|
22-Sep-2011 |
kensmith |
Copy head to stable/9 as part of 9.0-RELEASE release cycle.
Approved by: re (implicit)
|
#
224092 |
|
16-Jul-2011 |
dougb |
Upgrade to version 9.8.0-P4
This version has many new features, see /usr/share/doc/bind9/README for details.
|
#
222395 |
|
27-May-2011 |
dougb |
Upgrade to 9.6-ESV-R4-P1, which address the following issues:
1. Very large RRSIG RRsets included in a negative cache can trigger an assertion failure that will crash named (BIND 9 DNS) due to an off-by-one error in a buffer size check.
This bug affects all resolving name servers, whether DNSSEC validation is enabled or not, on all BIND versions prior to today. There is a possibility of malicious exploitation of this bug by remote users.
2. Named could fail to validate zones listed in a DLV that validated insecure without using DLV and had DS records in the parent zone.
Add a patch provided by ru@ and confirmed by ISC to fix a crash at shutdown time when a SIG(0) key is being used.
|
#
193149 |
|
31-May-2009 |
dougb |
Update BIND to version 9.6.1rc1. This version has better performance and lots of new features compared to 9.4.x, including:
Full NSEC3 support Automatic zone re-signing New update-policy methods tcp-self and 6to4-self DHCID support. More detailed statistics counters including those supported in BIND 8. Faster ACL processing. Efficient LRU cache-cleaning mechanism. NSID support.
|
#
170223 |
|
02-Jun-2007 |
dougb |
This commit was generated by cvs2svn to compensate for changes in r170222, which included commits to RCS files with non-trunk default branches.
|
#
170222 |
|
02-Jun-2007 |
dougb |
Vendor import of BIND 9.4.1
|
#
135446 |
|
18-Sep-2004 |
trhodes |
Vender import of BIND 9.3.0rc4.
|