summaryrefslogtreecommitdiffstats
path: root/lib/bind/dns
Commit message (Collapse)AuthorAgeFilesLines
* Update to 9.8.4-P2erwin2013-03-274-4/+4
| | | | | | | | | | | Removed the check for regex.h in configure in order to disable regex syntax checking, as it exposes BIND to a critical flaw in libregex on some platforms. [RT #32688] Security: CVE-2013-2266 Approved by: delphij (mentor) Sponsored by: DK Hostmaster A/S
* Update to 9.8.4-P1.erwin2012-12-071-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | Security Fixes Prevents named from aborting with a require assertion failure on servers with DNS64 enabled. These crashes might occur as a result of specific queries that are received. New Features * Elliptic Curve Digital Signature Algorithm keys and signatures in DNSSEC are now supported per RFC 6605. [RT #21918] Feature Changes * Improves OpenSSL error logging [RT #29932] * nslookup now returns a nonzero exit code when it is unable to get an answer. [RT #29492] Other critical bug fixes are included. Approved by: delphij (mentor) MFC after: 3 days Security: CVE-2012-5688 Sponsored by: DK Hostmaster A/S
* Upgrade to BIND version 9.8.3, the latest from ISC.dougb2012-05-283-0/+56
| | | | | | | | | | | | | | | | | Feature Change * BIND now recognizes the TLSA resource record type, created to support IETF DANE (DNS-based Authentication of Named Entities) Bug Fix * The locking strategy around the handling of iterative queries has been tuned to reduce unnecessary contention in a multi- threaded environment. Other critical bug fixes are included. All BIND users are encouraged to upgrade.
* Update to version 9.8.2, the latest from ISC, which contains numerous bug fixes.dougb2012-04-054-65/+65
|
* bmake and other updates necessary for the BIND 9.8.x upgrade.dougb2011-07-164-67/+299
| | | | | | | | | This includes a structural change regarding atomic ops. Previously they were enabled on all platforms unless we had knowledge that they did not work. However both work performed by marius@ on sparc64 and the fact that the 9.8.x branch is fussier in this area has demonstrated that this is not a safe approach. So I've modified a patch provided by marius to enable them for i386, amd64, and ia64 only.
* Update to BIND 9.6.3, the latest from ISC on the 9.6 branch.dougb2011-02-064-4/+4
| | | | | | | | | | | | | | | | All 9.6 users with DNSSEC validation enabled should upgrade to this version, or the latest version in the 9.7 branch, prior to 2011-03-31 in order to avoid validation failures for names in .COM as described here: https://www.isc.org/announcement/bind-9-dnssec-validation-fails-new-ds-record In addition the fixes for this and other bugs, there are also the following: * Various fixes to kerberos support, including GSS-TSIG * Various fixes to avoid leaking memory, and to problems that could prevent a clean shutdown of named
* Commit copyright-only changes to generated files as part of thedougb2010-01-254-4/+4
| | | | 9.6.1-P3 update
* Update BIND to version 9.6.1rc1. This version has better performance anddougb2009-05-315-163/+431
| | | | | | | | | | | | | lots of new features compared to 9.4.x, including: Full NSEC3 support Automatic zone re-signing New update-policy methods tcp-self and 6to4-self DHCID support. More detailed statistics counters including those supported in BIND 8. Faster ACL processing. Efficient LRU cache-cleaning mechanism. NSID support.
* Update copyrights and comments as of 9.4.3 (no functional changes)dougb2008-12-234-8/+8
|
* Update generated files for BIND 9.4.1dougb2007-06-024-130/+352
|
* Update bmake glue for the BIND 9.4.1 import.dougb2007-06-021-6/+10
| | | | | This includes a return to building with threads, since one of the major focuses of the 9.4.x branch is to improve thread performance.
* Update generated files for BIND 9.3.4dougb2007-01-294-4/+4
|
* Changes to generated files related to the 9.3.3 import.dougb2006-12-104-26/+26
|
* Reimplementation of world/kernel build options. For details, see:ru2006-03-171-1/+3
| | | | | | | | http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html The src.conf(5) manpage is to follow in a few days. Brought to you by: imp, jhb, kris, phk, ru (all bugs are mine)
* Finish the removal of threads support in ../config.mk,v 1.15.ru2005-11-071-2/+2
|
* Regenerate for 9.3.1dougb2005-03-174-4/+4
|
* bmake changes to handle the move of dns/sec and related filesdougb2005-03-171-16/+16
|
* Fix the WANT_BIND_LIBS knob by correctly spelling it as WITH_BIND_LIBSdougb2004-09-241-1/+1
| | | | | | | | | to match how similar syntax is used in the ports system. Thanks to kris for pointing out my mistake here. Install the lwres library unless the user defines NO_BIND, or the new knob, NO_BIND_LIBS_LWRES. There is at least one potential customer for this library in the wings. Thanks to nectar for the reminder.
* Don't expose BIND libraries and their headers to the public by default,ru2004-09-241-2/+5
| | | | | | | | | | | | | | | but have a knob (WANT_BIND_LIBS) to build and install them in /usr/lib and /usr/include. Rumors are that this may be useful at a later point, let's see. What this really means is that all BIND libraries are now internal to buildworld (by default, unless WANT_BIND_LIBS is defined), and linked statically into various BIND executables. While here, removed redundant -I's from CFLAGS in lib/bind makefiles. Sponsored by: des OK'ed by: dougb
* Clean up and comment config.mk. Centralize more stuff. Bitch ifdes2004-09-221-2/+2
| | | | | | | | POSIX threads libraries are not available. Add crypto support if the crypto libraries are available. Build dnssec-{keygen,signzone} if crypto is available. Submitted by: (in part) dougb@
* Switch from BIND 8 to BIND 9.des2004-09-215-0/+3664
Submitted by: (in part) dougb@, trhodes@ Reviewed by: dougb@, trhodes@, re@ MFC after: 5 days
OpenPOWER on IntegriCloud