#
267654 |
|
19-Jun-2014 |
gjb |
Copy stable/9 to releng/9.3 as part of the 9.3-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
254897 |
|
26-Aug-2013 |
erwin |
MFC r254651:
Update Bind to 9.9.3-P2
Notable new features:
* Elliptic Curve Digital Signature Algorithm keys and signatures in DNSSEC are now supported per RFC 6605. [RT #21918]
* Introduces a new tool "dnssec-verify" that validates a signed zone, checking for the correctness of signatures and NSEC/NSEC3 chains. [RT #23673]
* BIND now recognizes the TLSA resource record type, created to support IETF DANE (DNS-based Authentication of Named Entities) [RT #28989]
* The new "inline-signing" option, in combination with the "auto-dnssec" option that was introduced in BIND 9.7, allows named to sign zones completely transparently.
Approved by: delphij (mentor) Sponsored by: DK Hostmaster A/S
|
#
234010 |
|
07-Apr-2012 |
dougb |
MFC r233909:
Add Bv9ARM.pdf to the list of docs to install.
MFV/MFC r233914:
Update to version 9.8.2, the latest from ISC, which contains numerous bug fixes.
|
#
225736 |
|
22-Sep-2011 |
kensmith |
Copy head to stable/9 as part of 9.0-RELEASE release cycle.
Approved by: re (implicit)
|
#
225361 |
|
03-Sep-2011 |
dougb |
Upgrade to BIND version 9.8.1. Release notes at:
https://deepthought.isc.org/article/AA-00446/81/ or /usr/src/contrib/bind9/
Approved by: re (kib)
|
#
224092 |
|
16-Jul-2011 |
dougb |
Upgrade to version 9.8.0-P4
This version has many new features, see /usr/share/doc/bind9/README for details.
|
#
218384 |
|
06-Feb-2011 |
dougb |
Update to BIND 9.6.3, the latest from ISC on the 9.6 branch.
All 9.6 users with DNSSEC validation enabled should upgrade to this version, or the latest version in the 9.7 branch, prior to 2011-03-31 in order to avoid validation failures for names in .COM as described here:
https://www.isc.org/announcement/bind-9-dnssec-validation-fails-new-ds-record
In addition the fixes for this and other bugs, there are also the following:
* Various fixes to kerberos support, including GSS-TSIG * Various fixes to avoid leaking memory, and to problems that could prevent a clean shutdown of named
|
#
214586 |
|
31-Oct-2010 |
dougb |
Update to 9.6-ESV-R2, the latest from ISC.
This version contains bug fixes that are relevant to any caching/resolving name server; as well as DNSSEC-related fixes.
|
#
205292 |
|
18-Mar-2010 |
dougb |
Update to 9.6.2-P1, the latest patchfix release which deals with the problems related to the handling of broken DNSSEC trust chains.
This fix is only relevant for those who have DNSSEC validation enabled and configure trust anchors from third parties, either manually, or through a system like DLV.
|
#
204619 |
|
03-Mar-2010 |
dougb |
Upgrade to version 9.6.2. This version includes all previously released security patches to the 9.6.1 version, as well as many other bug fixes.
This version also incorporates a different fix for the problem we had patched in contrib/bind9/bin/dig/dighost.c, so that file is now back to being the same as the vendor version.
Due to the fact that the DNSSEC algorithm that will be used to sign the root zone is only included in this version and in 9.7.x those who wish to do validation MUST upgrade to one of these prior to July 2010.
|
#
202961 |
|
25-Jan-2010 |
dougb |
Upgrade to BIND 9.6.1-P3.
This version address the following vulnerabilities:
BIND 9 Cache Update from Additional Section https://www.isc.org/advisories/CVE-2009-4022v6 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022 A nameserver with DNSSEC validation enabled may incorrectly add unauthenticated records to its cache that are received during the resolution of a recursive client query
BIND 9 DNSSEC validation code could cause bogus NXDOMAIN responses https://www.isc.org/advisories/CVE-2010-0097 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0097 There was an error in the DNSSEC NSEC/NSEC3 validation code that could cause bogus NXDOMAIN responses (that is, NXDOMAIN responses for records proven by NSEC or NSEC3 to exist) to be cached as if they had validated correctly
These issues only affect systems with DNSSEC validation enabled.
|
#
193149 |
|
31-May-2009 |
dougb |
Update BIND to version 9.6.1rc1. This version has better performance and lots of new features compared to 9.4.x, including:
Full NSEC3 support Automatic zone re-signing New update-policy methods tcp-self and 6to4-self DHCID support. More detailed statistics counters including those supported in BIND 8. Faster ACL processing. Efficient LRU cache-cleaning mechanism. NSID support.
|
#
179494 |
|
02-Jun-2008 |
dougb |
Add proper mime-types for files that they are relevant for. This is useful for things like *.pdf files that svn needs to know about, and will probably be useful down the road for other things.
|
#
170223 |
|
02-Jun-2007 |
dougb |
This commit was generated by cvs2svn to compensate for changes in r170222, which included commits to RCS files with non-trunk default branches.
|
#
170222 |
|
02-Jun-2007 |
dougb |
Vendor import of BIND 9.4.1
|
#
165071 |
|
10-Dec-2006 |
dougb |
Vendor import of BIND 9.3.3
|
#
153816 |
|
29-Dec-2005 |
dougb |
Vendor import of BIND 9.3.2
|
#
135446 |
|
18-Sep-2004 |
trhodes |
Vender import of BIND 9.3.0rc4.
|