1. The default access control lists (acls) are not being
correctly set. If not set anyone can make recursive queries
and/or query the cache contents.
See also:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925
2. The DNS query id generation is vulnerable to cryptographic
analysis which provides a 1 in 8 chance of guessing the next
query id for 50% of the query ids. This can be used to perform
cache poisoning by an attacker.
This bug only affects outgoing queries, generated by BIND 9 to
answer questions as a resolver, or when it is looking up data
for internal uses, such as when sending NOTIFYs to slave name
servers.
All users are encouraged to upgrade.
See also:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926
The DNS query id generation is vulnerable to cryptographic
analysis which provides a 1 in 8 chance of guessing the next
query id for 50% of the query ids. This can be used to perform
cache poisoning by an attacker.
This bug only affects outgoing queries, generated by BIND 9 to
answer questions as a resolver, or when it is looking up data
for internal uses, such as when sending NOTIFYs to slave name
servers.
All users are encouraged to upgrade.
See also:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926
supports them. This is determined by running ``configure --help'' in
do-configure target and set the shell variable _LATE_CONFIGURE_ARGS
which is then passed to CONFIGURE_ARGS.
- Remove --mandir and --infodir in ports' Makefile where applicable
Few ports use REINPLACE_CMD to achieve the same effect, remove them too.
- Correct some manual pages location from PREFIX/man to MANPREFIX/man
- Define INFO_PATH where necessary
- Document that .info files are installed in a subdirectory relative to
PREFIX/INFO_PATH and slightly change add-plist-info to use INFO_PATH and
subdirectory detection.
PR: ports/111470
Approved by: portmgr
Discussed with: stas (Mk/*), gerald (info related stuffs)
Tested by: pointyhat exp run
- maradns.sh and zoneserver.sh now use PID file
- change default MaraDNS UID from 99 to bind(53)
- change default maraDNS GID from 99 to bind(53)
- change default duende logger process UID from 66 to nobody(65534)
- create empty etc/logger directory
PR: ports/113235
Submitted by: Simun Mikecin <numisemis@yahoo.com>
Approved by: Alex Kapranoff <alex@kapranoff.ru> (maintainer)
Supports adding, removing, and modifying enteries.
The attributes it can handle are TTL, A record, C name, AAAA
record, and MX record. Outside of TTL, multiple attributes
for each type record.
WWW: http://vvelox.net/projects/ldnsm/
PR: ports/112191
Submitted by: Zane C. Bowers
cap is a network capture utility designed specifically for DNS
traffic. It produces binary data in pcap(3) format, either on
standard output (by default) or in successive dump files (if the d
command line option is given.) This utility is similar to tcpdump(1),
but has finer grained packet recognition tailored to DNS transactions
and protocol options. dnscap is expected to be used for gathering
continuous research or audit traces.
SYNOPSIS
dnscap [-avf6] [-i if ...] [-l vlan ...] [-p port] [-m [quire]] [-h [ir]]
[-q host ...] [-r host ...] [-d base [-k cmd]] [-t lim] [-c lim]
WWW: http://public.oarci.net/tools/dnscap
2172. [bug] query_addsoa() was being called with a non zone db.
[RT #16834]
If you are running BIND 9.4.0 (either pre-release or final),
you are advised to upgrade as soon as possible to BIND 9.4.1.
- Add patch from SVN to support DNSSEC records
- Update examples (config and table creation files)
- For the complete changelog see http://doc.powerdns.com/changelog.html
PR: ports/112055
Submitted by: maintainer (Ralf van der Enden)
Reviewed by: maintainer
contains a bugfix for recovering from permanently lost database connections
- Fix build on gcc 4.x
PR: ports/109273
Submitted by: Ralf van der Enden <tremere at cainites.net> (maintainer)