svn commit: r315942 - in head/dns: bind98 bind99

Erwin Lansing erwin at FreeBSD.org
Wed Apr 17 07:57:56 UTC 2013 

Author: erwin
Date: Wed Apr 17 07:57:54 2013
New Revision: 315942
URL: http://svnweb.freebsd.org/changeset/ports/315942

Log:
  Update RPZ+RRL patchset to the latest version.
  
  The change makes "slip 1;" send only truncated (TC=1) responses.
  Without the change, "slip 1;" is the same as the default of "slip 2;".
  That default, which alternates truncated with dropped responses
  when the rate limit is exceeded, is better for authoritative DNS
  servers, because it further reduces the amplification of an attack
  from about 1X to about 0.5X.
  
  DNS RRL is not recommended for recursive servers.
  
  Feature safe:	yes

Modified:
  head/dns/bind98/Makefile
  head/dns/bind98/distinfo
  head/dns/bind99/Makefile
  head/dns/bind99/distinfo

Modified: head/dns/bind98/Makefile
==============================================================================
--- head/dns/bind98/Makefile	Wed Apr 17 07:42:03 2013	(r315941)
+++ head/dns/bind98/Makefile	Wed Apr 17 07:57:54 2013	(r315942)
@@ -109,7 +109,7 @@ CONFIGURE_ARGS+=	--enable-rpz-nsdname
 .endif
 
 .if ${PORT_OPTIONS:MRPZRRL_PATCH}
-PATCHFILES=		9.8.4-rpz+rl.072.23-P1.patch
+PATCHFILES=		9.8.4-rpz+rl.094.21-P2.patch
 PATCH_SITES=		http://ss.vix.com/~vjs/
 .endif
 

Modified: head/dns/bind98/distinfo
==============================================================================
--- head/dns/bind98/distinfo	Wed Apr 17 07:42:03 2013	(r315941)
+++ head/dns/bind98/distinfo	Wed Apr 17 07:57:54 2013	(r315942)
@@ -1,4 +1,4 @@
 SHA256 (bind-9.8.4-P2.tar.gz) = e772edfb41036a25e1392ab15ff4d3754f03c301b4b059d64afd8d8dadd18193
 SIZE (bind-9.8.4-P2.tar.gz) = 7129690
-SHA256 (9.8.4-rpz+rl.072.23-P1.patch) = e5f792fdc683285528392e6cdfb9d99138b2fe220e5f617edcf8b45cbb992aaa
-SIZE (9.8.4-rpz+rl.072.23-P1.patch) = 176430
+SHA256 (9.8.4-rpz+rl.094.21-P2.patch) = 7fdc4beaf1f20877f636ba0991d0c48c65bd497df19323f156fe91cca06357ba
+SIZE (9.8.4-rpz+rl.094.21-P2.patch) = 176510

Modified: head/dns/bind99/Makefile
==============================================================================
--- head/dns/bind99/Makefile	Wed Apr 17 07:42:03 2013	(r315941)
+++ head/dns/bind99/Makefile	Wed Apr 17 07:57:54 2013	(r315942)
@@ -115,7 +115,7 @@ CONFIGURE_ARGS+=	--enable-rpz-nsdname
 .endif
 
 .if ${PORT_OPTIONS:MRPZRRL_PATCH}
-PATCHFILES=		9.9.2-rpz+rl.072.23-P1.patch
+PATCHFILES=		9.9.2-rpz+rl.094.21-P2.patch
 PATCH_SITES=		http://ss.vix.com/~vjs/
 .endif
 

Modified: head/dns/bind99/distinfo
==============================================================================
--- head/dns/bind99/distinfo	Wed Apr 17 07:42:03 2013	(r315941)
+++ head/dns/bind99/distinfo	Wed Apr 17 07:57:54 2013	(r315942)
@@ -1,4 +1,4 @@
 SHA256 (bind-9.9.2-P2.tar.gz) = ff822734e3550969251411e20f6f7397d14a912613a42af423752e93fdb565d2
 SIZE (bind-9.9.2-P2.tar.gz) = 7277958
-SHA256 (9.9.2-rpz+rl.072.23-P1.patch) = 4afd63b44e3ecb2a782ca00542aea3c737a4de2a82c343cb15773fa3df17aef1
-SIZE (9.9.2-rpz+rl.072.23-P1.patch) = 177613
+SHA256 (9.9.2-rpz+rl.094.21-P2.patch) = cd8ba70b8f5029cc464f4db6c632c8b48cdd081cb5cfb51936fd7f9c080b91ea
+SIZE (9.9.2-rpz+rl.094.21-P2.patch) = 177693

More information about the svn-ports-all mailing list