https://kb.isc.org/article/AA-01314/0
Tunes certain compiled-in constants and default settings to
values better suited to large servers with 12/16GB+ of memory.
This can improve performance on such servers, but will consume
more memory and may degrade performance on smaller systems.
PR: 224859
Sponsored by: Absolight
Using nsupdate -l, and chroot was broken because nsupdate could not find
the keyfile by itself.
PR: 223403
Submitted by: Harald Schmalzbauer
Sponsored by: Absolight
6761 recommendations.
While there:
- Fix invalid syntax in sample slave config.
- Add a message about having syslogd working with BIND9 chroot.
PR: 217915
Reported by: eserte12 yahoo de
Sponsored by: Absolight
While there:
Make it more maintainable by sorting stuff in the Makefile and removing
vestigial pre 10.3 things.
Refresh the root zone hints.
"Fix" the configuration section telling you to get some top level
zones from f.root-servers.net, which does not allow axfr any more. [1]
PR: 218656 [1]
Reported by: Thomas Steen Rasmussen / Tykling [1]
MFH: 2017Q2
Sponsored by: Absolight
While there, remove the RPZ_PATCH for BIND9 9.9, it has not been updated
for years, and, it does not build any more.
MFH: 2017Q1
Security: CVE-2017-3135
Sponsored by: Absolight
It builds .a before all the .o that are supposed to go in the .a are
built. Imagine what happens after that...
Reported by: Craig Leres
Sponsored by: Absolight
It was added in 2009 in r232247 without the reason it was failing, I've
tried with -J 2-10, and can't have one of the BIND9 port fail.
Feel free to add it back, but please, add the reason why it fails.
Sponsored by: Absolight
from here, also, make the upstream default options default for real.
While there, put back the BIND_TOOLS knobs in bind9-devel.
Sponsored by: Absolight
BIND 9.11 brings many changes to BIND, including a new license
(the Mozilla Public License 2.0 -- you can read about it here:
https://www.isc.org/blogs/bind9-adopts-the-mpl-2-0-license-with-bind-9-11-0/)
and many new features, including:
- Catalog zones, a new way to provision zones on slave servers
- dyndb api, a fast new api enabling BIND to serve zones stored
in a database (Developed by Petr Spacek of RedHat)
- RNDC showzone, view-only mode and other improvements
- dnstap query and response logging (Robert Edmonds is the author
of dnstap, see www.dnstap.info)
- EDNS Client-subnet (authoritative server functions)
- DNSSEC key manager, a new utility (Thanks to Sebastián Castro
for helping with development.)
- Automatic CDS/CDSKEY generation
- Negative Trust Anchors for DNSSEC validators
- IPv6 bias to encourage use of IPv6 DNS servers
- Minimal response to “any” queries (Thanks to Tony Finch for
the contribution)
- DNS Cookies are now enabled by default, using the standardized code point
Changes: https://lists.isc.org/pipermail/bind-announce/2016-June/000994.html
Sponsored by: Absolight
WITH_OPENSSL_* can't be set after bsd.port.pre.mk.
Fold all other usage into using SSL_DEFAULT == foo
PR: 210149
Submitted by: mat
Exp-run by: antoine
Sponsored by: The FreeBSD Foundation, Absolight
Differential Revision: https://reviews.freebsd.org/D6577
parties dlz drivers.
While there:
- enable the DLZ_FILESYSTEM option by default
- convert to USES=mysql and USES=bdb
Requested by: borius i ua
Sponsored by: Absolight
9, and WITH_OPENSSL_PORT does not belong in a port's Makefile anyway.
Not bumping PORTREVISION because:
- if you are building with poudriere, it will detect that a dependency
has changed and rebuild it.
- if you are building from ports, you will have OpenSSL from ports
installed, and it will choose to use it.
Sponsored by: Absolight