summaryrefslogtreecommitdiffstats
path: root/lib/bind/isc
Commit message (Collapse)AuthorAgeFilesLines
* Remove BIND.des2013-09-303-595/+0
| | | | Approved by: re (gjb)
* Update Bind to 9.9.3-P2erwin2013-08-221-1/+3
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Notable new features: * Elliptic Curve Digital Signature Algorithm keys and signatures in DNSSEC are now supported per RFC 6605. [RT #21918] * Introduces a new tool "dnssec-verify" that validates a signed zone, checking for the correctness of signatures and NSEC/NSEC3 chains. [RT #23673] * BIND now recognizes the TLSA resource record type, created to support IETF DANE (DNS-based Authentication of Named Entities) [RT #28989] * The new "inline-signing" option, in combination with the "auto-dnssec" option that was introduced in BIND 9.7, allows named to sign zones completely transparently. Approved by: delphij (mentor) MFC after: 3 days Sponsored by: DK Hostmaster A/S
* \ Update Bind to 9.8.5-P2erwin2013-08-061-1/+2
|\ \ | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | New Features Adds a new configuration option, "check-spf"; valid values are "warn" (default) and "ignore". When set to "warn", checks SPF and TXT records in spf format, warning if either resource record type occurs without a corresponding record of the other resource record type. [RT #33355] Adds support for Uniform Resource Identifier (URI) resource records. [RT #23386] Adds support for the EUI48 and EUI64 RR types. [RT #33082] Adds support for the RFC 6742 ILNP record types (NID, LP, L32, and L64). [RT #31836] Feature Changes Changes timing of when slave zones send NOTIFY messages after loading a new copy of the zone. They now send the NOTIFY before writing the zone data to disk. This will result in quicker propagation of updates in multi-level server structures. [RT #27242] "named -V" can now report a source ID string. (This is will be of most interest to developers and troubleshooters). The source ID for ISC's production versions of BIND is defined in the "srcid" file in the build tree and is normally set to the most recent git hash. [RT #31494] Response Policy Zone performance enhancements. New "response-policy" option "min-ns-dots". "nsip" and "nsdname" now enabled by default with RPZ. [RT #32251] Approved by: delphij (mentor) Sponsored by: DK Hostmaster A/S
* | Update to 9.8.4-P1.erwin2012-12-071-4/+4
|\ \ | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Security Fixes Prevents named from aborting with a require assertion failure on servers with DNS64 enabled. These crashes might occur as a result of specific queries that are received. New Features * Elliptic Curve Digital Signature Algorithm keys and signatures in DNSSEC are now supported per RFC 6605. [RT #21918] Feature Changes * Improves OpenSSL error logging [RT #29932] * nslookup now returns a nonzero exit code when it is unable to get an answer. [RT #29492] Other critical bug fixes are included. Approved by: delphij (mentor) MFC after: 3 days Security: CVE-2012-5688 Sponsored by: DK Hostmaster A/S
* | bmake and other updates necessary for the BIND 9.8.x upgrade.dougb2011-07-163-7/+102
| | | | | | | | | | | | | | | | | | This includes a structural change regarding atomic ops. Previously they were enabled on all platforms unless we had knowledge that they did not work. However both work performed by marius@ on sparc64 and the fact that the 9.8.x branch is fussier in this area has demonstrated that this is not a safe approach. So I've modified a patch provided by marius to enable them for i386, amd64, and ia64 only.
* | Update to BIND 9.6.3, the latest from ISC on the 9.6 branch.dougb2011-02-061-2/+9
|\ \ | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | All 9.6 users with DNSSEC validation enabled should upgrade to this version, or the latest version in the 9.7 branch, prior to 2011-03-31 in order to avoid validation failures for names in .COM as described here: https://www.isc.org/announcement/bind-9-dnssec-validation-fails-new-ds-record In addition the fixes for this and other bugs, there are also the following: * Various fixes to kerberos support, including GSS-TSIG * Various fixes to avoid leaking memory, and to problems that could prevent a clean shutdown of named
* | Prep for the 9.6-ESV-R2 updatedougb2010-10-311-0/+7
| |
* | Update BIND to version 9.6.1rc1. This version has better performance anddougb2009-05-312-63/+89
|\ \ | |/ | | | | | | | | | | | | | | | | | | | | | | lots of new features compared to 9.4.x, including: Full NSEC3 support Automatic zone re-signing New update-policy methods tcp-self and 6to4-self DHCID support. More detailed statistics counters including those supported in BIND 8. Faster ACL processing. Efficient LRU cache-cleaning mechanism. NSID support.
| * In preparation for the BIND 9.6.1rc1 import, remove this directory.dougb2009-05-3029-10449/+0
| | | | | | | | | | The libbind library is no longer distributed as part of the main BIND package, and we never built it in any case.
| * Vendor import of BIND 9.4.3dougb2008-12-236-18/+19
| |
| * Flatten bind9 vendor work areapeter2008-07-1229-0/+10448
|
* Updates for version 9.4.3dougb2008-12-232-6/+22
|
* Update glue for BIND 9.4.2dougb2007-12-021-2/+7
|
* Update generated files for BIND 9.4.1dougb2007-06-021-39/+85
|
* Update bmake glue for the BIND 9.4.1 import.dougb2007-06-021-9/+16
| | | | | This includes a return to building with threads, since one of the major focuses of the 9.4.x branch is to improve thread performance.
* Reimplementation of world/kernel build options. For details, see:ru2006-03-171-1/+3
| | | | | | | | http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html The src.conf(5) manpage is to follow in a few days. Brought to you by: imp, jhb, kris, phk, ru (all bugs are mine)
* Updated versions of header files generated per the instructionsdougb2005-12-291-1/+1
| | | | in src/contrib/bind9/FREEBSD-Upgrade for the 9.2.3 import
* Finish the removal of threads support in ../config.mk,v 1.15.ru2005-11-071-3/+0
|
* Disable thread support in BIND. It appears to reduce performance ratherdes2005-07-252-7/+7
| | | | | | | | than increase it, and seems to be the cause of the memory leaks which some users have reported. Requested by: dougb MFC after: 5 days
* Fix the WANT_BIND_LIBS knob by correctly spelling it as WITH_BIND_LIBSdougb2004-09-241-1/+1
| | | | | | | | | to match how similar syntax is used in the ports system. Thanks to kris for pointing out my mistake here. Install the lwres library unless the user defines NO_BIND, or the new knob, NO_BIND_LIBS_LWRES. There is at least one potential customer for this library in the wings. Thanks to nectar for the reminder.
* Don't expose BIND libraries and their headers to the public by default,ru2004-09-241-2/+5
| | | | | | | | | | | | | | | but have a knob (WANT_BIND_LIBS) to build and install them in /usr/lib and /usr/include. Rumors are that this may be useful at a later point, let's see. What this really means is that all BIND libraries are now internal to buildworld (by default, unless WANT_BIND_LIBS is defined), and linked statically into various BIND executables. While here, removed redundant -I's from CFLAGS in lib/bind makefiles. Sponsored by: des OK'ed by: dougb
* Clean up and comment config.mk. Centralize more stuff. Bitch ifdes2004-09-221-2/+2
| | | | | | | | POSIX threads libraries are not available. Add crypto support if the crypto libraries are available. Build dnssec-{keygen,signzone} if crypto is available. Submitted by: (in part) dougb@
* Switch from BIND 8 to BIND 9.des2004-09-212-0/+381
Submitted by: (in part) dougb@, trhodes@ Reviewed by: dougb@, trhodes@, re@ MFC after: 5 days
OpenPOWER on IntegriCloud