From nobody Sun Jul 25 13:04:16 2021 X-Original-To: ports-bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id C17F512BE865 for ; Sun, 25 Jul 2021 13:04:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GXjtm4lQLz3mSw for ; Sun, 25 Jul 2021 13:04:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 8AE83242CC for ; Sun, 25 Jul 2021 13:04:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 16PD4G3t060289 for ; Sun, 25 Jul 2021 13:04:16 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 16PD4GrX060288 for ports-bugs@FreeBSD.org; Sun, 25 Jul 2021 13:04:16 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 257413] dns/nsd: Update to 4.3.7 Date: Sun, 25 Jul 2021 13:04:16 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: jaap@NLnetLabs.nl X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ports-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform bug_file_loc op_sys bug_status bug_severity priority component assigned_to reporter flagtypes.name attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Ports bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-ports-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports-bugs@freebsd.org X-BeenThere: freebsd-ports-bugs@freebsd.org MIME-Version: 1.0 X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D257413 Bug ID: 257413 Summary: dns/nsd: Update to 4.3.7 Product: Ports & Packages Version: Latest Hardware: Any URL: https://www.nlnetlabs.nl/news/2021/Jul/22/nsd-4.3.7-re leased/ OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: jaap@NLnetLabs.nl Attachment #226678 maintainer-approval+ Flags: Created attachment 226678 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D226678&action= =3Dedit patch to update This release fixes a crash in dnstap. New features are XoT which provides AXFR and IXFR over TLS, and DNS Cookies support and SVCB and HTTPS RR type support. For zone transfer TLS can be turned on by specifying the tls-auth-name in the request-xfr config option, like request-xfr: 192.0.2.1 NOKEY ns.example.com With the tls-cert-bundle option, in the server section, the list of certificates for authenticating the transfers over TLS can be configured. The DNS cookies can be turned on or off with the answer-cookie option, and instead of a randomly generated secret, for anycast or loadbalanced deployment, the secret can be configured with cookie-secret or cookie-secret-file and rollover of the cookie secret can be performed with the nsd-control commands add_cookie_secret, activate_cookie_secret and drop_cookie_secret, using the cookie-secret-file. The SVCB and HTTPS RR type support mean that in zone files the syntax for these RR types can be used and is written when a zone is downloaded. In previous versions the unknown RR type support code provided a fallback syntax in zone files and on the wire functionality for these types. Compared to the pre-release version there are a couple small bugfixes in the final release version, notably a fix for failure to compile without ipv6. 4.3.7 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D FEATURES: - Syntax of SVCB and HTTPS RR type as per draft-ietf-dnsop-svcb-https - Client side DNS Zone Transfer-over-TLS (XoT) support as per draft-ietf-dprive-xfr-over-tls - Interoperable DNS Cookies support as per RFC7873 and RFC9018 BUG FIXES: - Fix for #170: Fix build warnings when IPv6 is disabled. - Fix #170: Disabled IPv6 and DNSTAP enabled triggers a build error. - Fix for #128: Skip over sendmmsg invalid argument when port is zero. - Fix #171: Invalid negative response (NSEC3) after IXFR. - Fix to make nsec3_chain_find_prev return NULL if one nsec3 left. - Fix #174: NS Records below delegation are not ignored (nsd-checkzone also does not raise any issue). - Fix #176: please review Loglevel on missing zonefile. - Update the ACX_CHECK_NONBLOCKING_BROKEN test for the configure script. - Fix #179: log notice and server-count. - Update configure nonblocking test to use host. - Fix #168: Buffer overflow in the dname_to_string() function - Fixes for child server processes getting out of sync with the dnstap-collector process - Fix gcc-11 warning on array bounds. - Fix compile of cookies on FreeBSD without IPv6. - Fix for loop initial declaration for nonc99 compiler - Fix typo in xfrd-tcp.c. --=20 You are receiving this mail because: You are the assignee for the bug.=