#
267654 |
|
19-Jun-2014 |
gjb |
Copy stable/9 to releng/9.3 as part of the 9.3-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
262706 |
|
03-Mar-2014 |
erwin |
MFV 262445: Update BIND to 9.9.5
Release note: https://lists.isc.org/pipermail/bind-announce/2013-September/000871.html https://lists.isc.org/pipermail/bind-announce/2014-January/000896.html
Note this is a commit straight to stable as BIND no longer exists in head.
Sponsored by: DK Hostmaster A/S
|
#
254897 |
|
26-Aug-2013 |
erwin |
MFC r254651:
Update Bind to 9.9.3-P2
Notable new features:
* Elliptic Curve Digital Signature Algorithm keys and signatures in DNSSEC are now supported per RFC 6605. [RT #21918]
* Introduces a new tool "dnssec-verify" that validates a signed zone, checking for the correctness of signatures and NSEC/NSEC3 chains. [RT #23673]
* BIND now recognizes the TLSA resource record type, created to support IETF DANE (DNS-based Authentication of Named Entities) [RT #28989]
* The new "inline-signing" option, in combination with the "auto-dnssec" option that was introduced in BIND 9.7, allows named to sign zones completely transparently.
Approved by: delphij (mentor) Sponsored by: DK Hostmaster A/S
|
#
245163 |
|
08-Jan-2013 |
erwin |
MFC r243981,243987:
Update to 9.8.4-P1.
New Features
* Elliptic Curve Digital Signature Algorithm keys and signatures in DNSSEC are now supported per RFC 6605. [RT #21918]
Feature Changes
* Improves OpenSSL error logging [RT #29932]
* nslookup now returns a nonzero exit code when it is unable to get an answer. [RT #29492]
Other critical bug fixes are included.
Approved by: delphij (mentor) Sponsored by: DK Hostmaster A/S
|
#
234010 |
|
07-Apr-2012 |
dougb |
MFC r233909:
Add Bv9ARM.pdf to the list of docs to install.
MFV/MFC r233914:
Update to version 9.8.2, the latest from ISC, which contains numerous bug fixes.
|
#
225736 |
|
22-Sep-2011 |
kensmith |
Copy head to stable/9 as part of 9.0-RELEASE release cycle.
Approved by: re (implicit)
|
#
225361 |
|
03-Sep-2011 |
dougb |
Upgrade to BIND version 9.8.1. Release notes at:
https://deepthought.isc.org/article/AA-00446/81/ or /usr/src/contrib/bind9/
Approved by: re (kib)
|
#
224092 |
|
16-Jul-2011 |
dougb |
Upgrade to version 9.8.0-P4
This version has many new features, see /usr/share/doc/bind9/README for details.
|
#
223812 |
|
05-Jul-2011 |
dougb |
Update to version 9.6-ESV-R4-P3
ALL BIND USERS ARE ENCOURAGED TO UPGRADE IMMEDIATELY
This update addresses the following vulnerability:
CVE-2011-2464 ============= Severity: High Exploitable: Remotely
Description:
A defect in the affected BIND 9 versions allows an attacker to remotely cause the "named" process to exit using a specially crafted packet. This defect affects both recursive and authoritative servers. The code location of the defect makes it impossible to protect BIND using ACLs configured within named.conf or by disabling any features at compile-time or run-time.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464 https://www.isc.org/software/bind/advisories/cve-2011-2464
|
#
222395 |
|
27-May-2011 |
dougb |
Upgrade to 9.6-ESV-R4-P1, which address the following issues:
1. Very large RRSIG RRsets included in a negative cache can trigger an assertion failure that will crash named (BIND 9 DNS) due to an off-by-one error in a buffer size check.
This bug affects all resolving name servers, whether DNSSEC validation is enabled or not, on all BIND versions prior to today. There is a possibility of malicious exploitation of this bug by remote users.
2. Named could fail to validate zones listed in a DLV that validated insecure without using DLV and had DS records in the parent zone.
Add a patch provided by ru@ and confirmed by ISC to fix a crash at shutdown time when a SIG(0) key is being used.
|
#
204619 |
|
03-Mar-2010 |
dougb |
Upgrade to version 9.6.2. This version includes all previously released security patches to the 9.6.1 version, as well as many other bug fixes.
This version also incorporates a different fix for the problem we had patched in contrib/bind9/bin/dig/dighost.c, so that file is now back to being the same as the vendor version.
Due to the fact that the DNSSEC algorithm that will be used to sign the root zone is only included in this version and in 9.7.x those who wish to do validation MUST upgrade to one of these prior to July 2010.
|
#
199958 |
|
30-Nov-2009 |
dougb |
Update to BIND 9.6.1-P2. The vulnerability this is designed to fix is related to DNSSEC validation on a resolving name server that allows access to untrusted users. If your system does not fall into all 3 of these categories you do not need to update immediately.
|
#
193149 |
|
31-May-2009 |
dougb |
Update BIND to version 9.6.1rc1. This version has better performance and lots of new features compared to 9.4.x, including:
Full NSEC3 support Automatic zone re-signing New update-policy methods tcp-self and 6to4-self DHCID support. More detailed statistics counters including those supported in BIND 8. Faster ACL processing. Efficient LRU cache-cleaning mechanism. NSID support.
|
#
186462 |
|
23-Dec-2008 |
dougb |
Merge from vendor/bind9/dist as of the 9.4.3 import
|
#
170223 |
|
02-Jun-2007 |
dougb |
This commit was generated by cvs2svn to compensate for changes in r170222, which included commits to RCS files with non-trunk default branches.
|
#
170222 |
|
02-Jun-2007 |
dougb |
Vendor import of BIND 9.4.1
|
#
165071 |
|
10-Dec-2006 |
dougb |
Vendor import of BIND 9.3.3
|
#
135446 |
|
18-Sep-2004 |
trhodes |
Vender import of BIND 9.3.0rc4.
|