mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2025-01-01 05:45:45 +00:00
Code Issues Releases Activity
42348b0b64
freebsd-ports/dns
History
Doug Barton ab54e43037 Upgrade to the -P1 versions of each port, which add stronger randomization 
of the UDP query-source ports. The server will still use the same query
port for the life of the process, so users for whom the issue of cache
poisoning is highly significant may wish to periodically restart their
server using /etc/rc.d/named restart, or other suitable method.

In order to take advantage of this randomization users MUST have an
appropriate firewall configuration to allow UDP queries to be sent and
answers to be received on random ports; and users MUST NOT specify a
port number using the query-source[-v6] option.

The avoid-v[46]-udp-ports options exist for users who wish to eliminate
certain port numbers from being chosen by named for this purpose. See
the ARM Chatper 6 for more information.

Also please note, this issue applies only to UDP query ports. A random
ephemeral port is always chosen for TCP queries.

This issue applies primarily to name servers whose main purpose is to
resolve random queries (sometimes referred to as "caching" servers, or
more properly as "resolving" servers), although even an "authoritative"
name server will make some queries, primarily at startup time.

This update addresses issues raised in:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
http://www.kb.cert.org/vuls/id/800113
http://tools.ietf.org/html/draft-ietf-dnsext-forgery-resilience
2008-07-09 19:02:01 +00:00
..
adns - Add a patch for chained CNAME 2007-08-21 01:33:56 +00:00
ares
bind9 Upgrade to the -P1 versions of each port, which add stronger randomization 2008-07-09 19:02:01 +00:00
bind9-dlz Update CONFLICTS: 2008-07-04 15:43:37 +00:00
bind9-sdb-ldap Update CONFLICTS: 2008-07-04 15:43:37 +00:00
bind94 Upgrade to the -P1 versions of each port, which add stronger randomization 2008-07-09 19:02:01 +00:00
bind95 Upgrade to the -P1 versions of each port, which add stronger randomization 2008-07-09 19:02:01 +00:00
bind96 Upgrade to the -P1 versions of each port, which add stronger randomization 2008-07-09 19:02:01 +00:00
bindgraph - Chase rrdtool 1.3.0 update, bump PORTREVISION 2008-06-24 12:34:56 +00:00
c-ares - Set --mandir and --infodir in CONFIGURE_ARGS if the configure script 2007-07-23 09:36:51 +00:00
checkdns - Assign to new maintainer 2008-07-02 21:20:27 +00:00
crossip Bump portrevision due to upgrade of devel/gettext. 2008-06-06 14:17:21 +00:00
ddclient - Update to 3.7.3 2007-10-24 16:32:54 +00:00
dhid - Update to 5.5 2008-06-25 08:23:54 +00:00
dhisd
djbdns Move MAINTAINER and COMMENT section to earlier in the Makefile to overcome problem with defaults in bsd.port.mk 2008-05-24 03:19:29 +00:00
djbdns-tools
dlint MASTER_SITES has changed. 2008-05-31 12:28:19 +00:00
dnrd - Update to 2.20.3. [1] 2008-02-13 10:30:15 +00:00
dns_balance
dnscheck - Update to 1.3 2008-02-13 11:07:12 +00:00
dnsdoctor
dnsflood - Drop maintainership 2008-06-24 07:11:00 +00:00
dnshijacker
dnsjava Bump portrevision due to upgrade of devel/gettext. 2008-06-06 14:17:21 +00:00
dnsmasq - Update to 2.42 2008-06-20 22:05:40 +00:00
dnsmax-perl
dnsperf Use the proper script to install scripts. 2008-03-22 21:35:52 +00:00
dnsproxy - Drop maintainership 2008-06-24 07:11:00 +00:00
dnstop - Update to lastest version (20080321) 2008-05-13 07:31:52 +00:00
dnstracer - With the rollout of IPv6 for a.root-servers.net, it always 2008-02-10 03:08:50 +00:00
dnsutl - Update to 1.11 2007-08-11 10:00:51 +00:00
dnswalk
dnswall Respect NOPORTDOCS 2008-06-19 13:43:23 +00:00
doc use NO_INSTALL_MANPAGES, instead of NOPORTDOCS 2008-06-27 17:15:26 +00:00
domtools
drill - Remove USE_GETOPT_LONG which is a no-op since March 200 2008-03-20 09:37:21 +00:00
dualserver - Update to 3.0 2007-08-15 18:14:25 +00:00
ez-ipupdate - Remove the DESTDIR modifications from individual ports as we have a new, 2007-08-04 11:41:30 +00:00
fastresolve
firedns - Remove unneeded dependency from gtk12/gtk20 [1] 2008-04-19 17:56:05 +00:00
fourcdns
fpdns Welcome bsd.perl.mk. Add support for constructs such as USE_PERL5=5.8.0+. 2007-09-08 01:12:10 +00:00
geta
ghtool
gresolver Bump portrevision due to upgrade of devel/gettext. 2008-06-06 14:17:21 +00:00
h2n
hesiod
host Update CONFLICTS: 2008-07-04 15:43:37 +00:00
idnkit
inadyn Follow up of ports/115699 to make the port more PREFIX friendly 2007-09-12 21:20:29 +00:00
ipcheck
ldapdns
ldns - Update to 1.2.2 2008-02-25 13:36:24 +00:00
ldnsm Manages LDAP entries for the BIND9 SDB LDAP patch. 2007-06-04 08:31:46 +00:00
libdjbdns - Remove unneeded dependency from gtk12/gtk20 [1] 2008-04-19 17:56:05 +00:00
libidn - don't install libidn-components.png in DOCSDIR if -DNOPORTDOCS 2008-06-15 15:51:54 +00:00
maradns - Update to 1.2.12.08 2008-01-10 20:21:44 +00:00
mdnsd
mydns Bump portrevision due to upgrade of devel/gettext. 2008-06-06 14:17:21 +00:00
mydns-ng Bump portrevision due to upgrade of devel/gettext. 2008-06-06 14:17:21 +00:00
noip - Bump PORTREVISION after rc script changed 2008-01-10 13:21:22 +00:00
nsd - Update to 3.0.7 2007-12-14 19:08:50 +00:00
nsd2 - Update to 2.3.7 2007-04-17 18:51:01 +00:00
nslint Use MASTER_SITE_CRITICAL 2008-03-27 19:27:34 +00:00
nsping - Remove distinfo hashes, which are not used officially 2007-07-19 21:37:13 +00:00
nss_mdns Bump portrevision due to upgrade of devel/gettext. 2008-06-06 14:17:21 +00:00
nss_resinit
odsclient
opendd - Update to 0.7.9 2008-04-27 05:21:19 +00:00
openresolv - New port openresolv-1.1 2008-02-02 08:53:21 +00:00
p5-BIND-Conf_Parser - Take advantage of CPAN macro from bsd.sites.mk, change ${MASTER_SITE_PERL_CPAN} to CPAN. 2008-04-17 14:30:31 +00:00
p5-Data-Validate-Domain Update to 0.09. 2008-05-02 08:31:30 +00:00
p5-DNS-Config - Take advantage of CPAN macro from bsd.sites.mk, change ${MASTER_SITE_PERL_CPAN} to CPAN. 2008-04-17 14:30:31 +00:00
p5-DNS-EasyDNS Reset aaron's port maintainerships due to many maintainer-timeouts. 2008-04-29 05:27:09 +00:00
p5-DNS-Zone - Take advantage of CPAN macro from bsd.sites.mk, change ${MASTER_SITE_PERL_CPAN} to CPAN. 2008-04-17 14:30:31 +00:00
p5-DNS-ZoneParse Use the CPAN site macro. 2007-08-31 13:37:23 +00:00
p5-Net-DNS Update to version 0.63, which has a couple of bug fixes, including: 2008-03-16 23:17:31 +00:00
p5-Net-DNS-Async - New port dns/p5-Net-DNS-Async-1.0.6 2008-05-07 06:05:47 +00:00
p5-Net-DNS-Codes - Take advantage of CPAN macro from bsd.sites.mk, change ${MASTER_SITE_PERL_CPAN} to CPAN. 2008-04-17 14:30:31 +00:00
p5-Net-DNS-Resolver-Programmable - Take advantage of CPAN macro from bsd.sites.mk, change ${MASTER_SITE_PERL_CPAN} to CPAN. 2008-04-17 14:30:31 +00:00
p5-Net-DNS-SEC - Take advantage of CPAN macro from bsd.sites.mk, change ${MASTER_SITE_PERL_CPAN} to CPAN. 2008-04-17 14:30:31 +00:00
p5-Net-DNS-ToolKit - Update to 0.36 2008-03-01 07:46:20 +00:00
p5-Net-DNS-ZoneCheck - Take advantage of CPAN macro from bsd.sites.mk, change ${MASTER_SITE_PERL_CPAN} to CPAN. 2008-04-17 14:30:31 +00:00
p5-Net-DNS-ZoneFile - Take advantage of CPAN macro from bsd.sites.mk, change ${MASTER_SITE_PERL_CPAN} to CPAN. 2008-04-17 14:30:31 +00:00
p5-Net-DNS-ZoneFile-Fast Update to 1.0 2008-05-29 15:06:11 +00:00
p5-Net-DNSBL-MultiDaemon - use non-version URL in pkg-descr 2008-01-28 00:02:51 +00:00
p5-Net-DNSBL-Statistics - Update to 0.05 2008-02-21 12:17:04 +00:00
p5-Net-Domain-ExpireDate - Update to 0.90 2008-04-30 14:54:41 +00:00
p5-Net-Domain-TLD - use CPAN macro 2008-03-20 00:40:07 +00:00
p5-Net-LibIDN Bump portrevision due to upgrade of devel/gettext. 2008-06-06 14:17:21 +00:00
p5-Net-Nslookup - Update to 1.18 2008-04-16 08:12:53 +00:00
p5-Net-RBLClient - Take advantage of CPAN macro from bsd.sites.mk, change ${MASTER_SITE_PERL_CPAN} to CPAN. 2008-04-17 14:30:31 +00:00
p5-POE-Component-Client-DNS - Take advantage of CPAN macro from bsd.sites.mk, change ${MASTER_SITE_PERL_CPAN} to CPAN. 2008-04-17 14:30:31 +00:00
p5-POE-Component-Server-DNS - update to 0.16 2008-05-11 13:54:33 +00:00
p5-Stanford-DNSserver Welcome bsd.perl.mk. Add support for constructs such as USE_PERL5=5.8.0+. 2007-09-08 01:12:10 +00:00
p5-Tie-DNS Update to 0.5 2008-04-03 10:55:10 +00:00
pdnsd - Update to 1.2.6 2007-09-08 14:55:27 +00:00
pear-File_DNS The File_DNS class provides a way to read, 2007-07-04 08:21:53 +00:00
pear-Net_DNS
posadis - Remove unneeded dependency from gtk12/gtk20 [1] 2008-04-19 17:56:05 +00:00
poweradmin
powerdns Bump portrevision due to upgrade of devel/gettext. 2008-06-06 14:17:21 +00:00
powerdns-devel - Update to 3.0.20080625 2008-06-28 22:34:26 +00:00
powerdns-recursor - Update to 3.1.7 2008-07-07 18:39:06 +00:00
py-adns Chase change in bsd.sites.mk to support MASTER_SITES on googlecode.com 2008-03-13 11:27:29 +00:00
py-dns [Update] dns/py-dns : update to 2.3.1 2008-06-16 06:58:31 +00:00
py-dnspython Drop maintainership. 2008-06-15 19:06:36 +00:00
py-twistedNames - Make Python 2.5.1 the default Python version 2007-07-30 09:42:28 +00:00
rbldnsd
rbllookup
rbllookup-ng Remove blars.org 2007-12-19 21:52:45 +00:00
scavenge - Update to 2.0 2008-01-08 20:33:20 +00:00
sheerdns
skadns
sleuth - Update to 1.4.4 2008-06-20 22:05:57 +00:00
sqldjbdns Bump portrevision due to upgrade of devel/gettext. 2008-06-06 14:17:21 +00:00
sshfp Use MASTER_SITE_CRITICAL 2008-03-27 19:27:34 +00:00
staticcharge Bump portrevision due to upgrade of devel/gettext. 2008-06-06 14:17:21 +00:00
tinystats Reset filippo.natali@gmail.com, who is very short on free time right now. 2007-06-06 07:45:35 +00:00
totd Use the email address from the FreeBSD project for my ports. 2008-06-20 07:18:30 +00:00
udns UDNS is a stub DNS resolver library with ability to perform both synchronous 2008-05-23 23:39:53 +00:00
unbound - with USE_OPENSSL, users can choose base OpenSSL or the one in the ports 2008-06-16 21:31:38 +00:00
updatedd - Set --mandir and --infodir in CONFIGURE_ARGS if the configure script 2007-07-23 09:36:51 +00:00
vizone Use MASTER_SITE_CRITICAL 2008-03-27 19:27:34 +00:00
walker
zonecheck
zonenotify Use MASTER_SITE_CRITICAL 2008-03-27 19:27:34 +00:00
Makefile Hook bind95 up to the build 2008-07-04 15:41:46 +00:00