DNSSEC. It secures zone data just before it is published in an
authoritative name server.
WWW: http://www.opendnssec.org
PR: ports/142103
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl>
to thoroughly test this version before updating production systems.
For the port, introduce a new dependency, security/p5-Digest-SHA
Changes in this version, in addition to numerous minor bug fixes:
Feature: Truncation for Nameserver
TAKE CARE:
this feature may cause unexpected behavior for your nameservers
Net::DNS::Packet::truncate is a new method that is called from
within Net::DNS::Nameserver that truncates a packet according to
the rules of RFC2181 section 9.
Feature: Added Net::DNS::Domain
Net::DNS::Domain is an attemt to consistently approach the various
ways we interface with what RFC 1035 calls <domain-name>.
Feature: KX RR
Added support for the KX RR, RFC2230
Feature: HIP RR
Added support for the HIP RR, RFC5205
Feature: DHCID RR
Added rudimentary support for the DHCID RR.
Fix improved fuzzy matching of CLASS and TYPE in the Question
constructor method.
Fix AAAA dynamic update
PR: ports/136065 ports/127469
Submitted by: N.J. Mann <njm@njm.me.uk> and Aldis Berjoza <killasmurf86@gmail.com>
- Early identify port CONFLICTS
PR: 137855
Submitted by: Piotr Smyrak <smyru@heron.pl>
- Add --no-same-permissions to the EXTRACT_AFTER_ARGS command.
Tijl Coosemans has been reported an issue that when root is extracting from the
tarball, and the tarball contains world writable files
(sysutils/policykit as an example), there is a chance that the files
gets changed by malicious third parties right after the extraction,
which makes it possible to inject code into the package thus compromise
the system.
Submitted by: Tijl Coosemans <tijl@coosemans.org> Xin LI (delphij@)
- Fix some whitespaces
Tested with: exp-run
is designed to help you as a user determine what name services
are the best to use for an individual machine.
WWW: http://namebench.googlecode.com/
PR: ports/141202
Submitted by: Sahil Tandon <sahil at tandon.net>
e-mail addresses from the pkg-descr file that could reasonably
be mistaken for maintainer contact information in order to avoid
confusion on the part of users looking for support. As a pleasant
side effect this also avoids confusion and/or frustration for people
who are no longer maintaining those ports.
start testing it sooner rather than later. When the final version
is released the -devel will be removed.
Some of the new features of BIND 9.7.x are:
- Fully automatic signing of zones by "named"
- Simplified configuration of DNSSEC Lookaside Validation (DLV)
- Simplified configuration of Dynamic DNS, using the "ddns-confgen"
command line tool or the "local" update-policy option
- New named option "attach-cache" that allows multiple views to
share a single cache
- DNS rebinding attack prevention
- New default values for dnssec-keygen parameters
- Support for RFC 5011 automated trust anchor maintenance
(see README.rfc5011 for additional details)
- Smart signing: simplified tools for zone signing and key
maintenance
- Improved PKCS#11 support
Subsequently installing the package will result in a plist entry to remove a
directory that does not exist
So, change @dirrm to @dirrmtry to make them both happy.
this is designed to fix is related to DNSSEC validation on a resolving
name server that allows access to untrusted users. If your system does
not fall into all 3 of these categories you do not need to update
immediately.
This patch or something similar will likely be included in a future
BIND release.
PR: bin/138061
Submitted by: Michael Baker <michael.baker@diversit.com.au>
Original patch submitted by: Volker <volker@vwsoft.com>
Patch reviewed and tweaked by: ISC
