It scans the range and classifies its findings into 4 categories:
- Missing A records
- Missing PTR records
- Mismatched A/PTR records
- Stale PTR records
PR: ports/80119
Submitted by: Mark Foster <mark@foster.cc>
Approved by: adamw (mentor)
several important fixes, including a remote (although unlikely) exploit.
See the CHANGES file for details.
All users of BIND 9 are highly encouraged to upgrade to this version.
Changes to the port include:
1. Remove ISC patch to 9.3.0 that addressed the remote exploit
2. Change to OPTIONS, and thereby
3. --enable-threads is now the default. Users report that the new thread
code in 9.3.x works significantly better than the old on all versions of
FreeBSD.
4. Add a temporary shim for the old PORT_REPLACES_BASE_BIND9 option.
The OPTIONS framework requires knobs to start with WITH_ or WITHOUT_
5. Remove patch that shoehorned named.conf.5 into the right place,
it has been fixed in the code.
- Update to 2.2.0
With this release nsd no longer requires named-xfer to be
present on the system.
I also changed the options to a configure script.
Added file(s):
- scripts/configure.nsd
PR: ports/76412
Submitted by: Olafur Osvaldsson <oli@isnic.is>
All ports depending on postgresql shall use the USE_PGSQL=yes knob
defined in Mk/bsd.ports.mk. Bumping portrevisions where needed.
PR: 75344
Approved by: portmgr@ (kris), ade & sean (mentors)
allows for per record configuration. It also includes a wizard for generation
of configuration files.
PR: ports/76614
Submitted by: Dan Smith <dan@algenta.com>
Name: BIND: Self Check Failing [Added 2005.25.01]
Versions affected: BIND 9.3.0
Severity: LOW
Exploitable: Remotely
Type: Denial of Service
Description:
An incorrect assumption in the validator (authvalidated) can result in a
REQUIRE (internal consistancy) test failing and named exiting.
Workarounds:
Turn off dnssec validation (off by default) at the options/view level.
dnssec-enable no;
Active Exploits: None known
Bump PORTREVISION accordingly.
It should be noted that the vast majority of users would not have
DNSSEC enabled, and therefore are not vulnerable to this bug.
BIND 8.4.6-REL is a security release of BIND 8.4.
It is possible to remotely trigger a overrun causing a
denial of service. If you are running BIND 8.4.4 or
BIND 8.4.5 you should upgrade.
Also:
1. Add ipv6 as a virtual category, since a key reason for the
BIND 8.4.x branch is IPv6 transport.
2. Download the PGP .asc files for the src and doc tarballs.
3. Add a new example file to PORTDOCS.
