libprotobuf-c.so once again has version info. Force a rebuild of
its consumers.
PR: 282060
MFH: 2025Q3
Sponsored by: <If the change was sponsored by an organization.>
ChangeLog: https://www.nlnetlabs.nl/news/2025/Jan/18/nsd-4.11.1-released/
BUG FIXES:
* Fix#415: Fix out of tree builds.
* Fix#414: XoT interoperability with BIND and Knot
* Fix#421: old-main can quit before the reload process received
r* om old-main that it is done on the reload_listener pipe.
h* anks Otto Retter.
* Fix whitespace in comment.
* Fix#424: Stalled updates after corrupt transfer.
PR: 284156
Reported by: jaap@NLnetLabs.nl (maintainer)
ChangeLog: https://nlnetlabs.nl/news/2024/Jun/13/nsd-4.10.0-released/
* Merge #278: Replace Flex+Bison based zone parser with simdzone.
Performance of loading zones and IXFRs is greatly improved by using
the simdzone project by NLnet Labs. The optimized presentation
format parser leverages SIMD instructions in modern CPUs to improve
throughput. Right now SSE4.2 and AVX2 instruction sets are
supported, other instruction sets will use the fallback
implementation, which still is a decent improvement over the
Flex+Bison based parser.
BUG FIXES:
* Fix that when the server truncates the pidfile, it does not follow
symbolic links.
* Fix#317: nsd should not chown its PID file.
* For #317: Modify nsd service script to stop NSD from creating a pid
file that systemd is not using.
* Fix#324: Clarify the purpose of contrib/bug390.patch.
* Fix IXFR requests upstream for zones with a long name. Thanks for the
report to Yuuki Wakisaka from Internet Initiative Japan Inc.
* Unit test for dname subdomain test used by xfrd-tcp.c.
* Fix#329: TCP accept queues number.
* Fix that the reload handler for sigchild uses signal_add, and also
that the signal handler is restored when done.
* Fix that when server verify is done it resets the sigchild handler.
* Fix makedist.sh for simdzone inclusion.
* Fix makedist.sh to remove simdzone git tracking information and
scripting temporaries from tarball.
* Fix error output of makedist.sh.
* Use simdzone version with name parser fix.
* Bump simdzone version to fix OpenBSD build issues.
* Bump simdzone to include minor fixes.
PR: 279837
Reported by: jaap@NLnetLabs.nl (maintainer)
ChangeLog: https://www.nlnetlabs.nl/news/2023/Jun/07/nsd-4.7.0-released/
4.7.0
================
FEATURES:
- Merge #263: Add bash autocompletion script for nsd-control.
- Fix#267: Allow unencrypted local operation of nsd-control.
- Merge #269 from Fale: Add systemd service unit.
- Fix#271: DNSTAP over TCP, with dnstap-ip: "127.0.0.1@3333".
- dnstap over TLS, default enabled. Configured with the
options dnstap-tls, dnstap-tls-server-name, dnstap-tls-cert-bundle,
dnstap-tls-client-key-file and dnstap-tls-client-cert-file.
BUG FIXES:
- Fix#239: -Wincompatible-pointer-types warning in remote.c.
- Fix configure for -Wstrict-prototypes.
- Fix#262: Zone(s) not synchronizing properly via TLS.
- Fix for #262: More error logging for SSL read failures for zone
transfers.
- Merge #265: Fix C99 compatibility issue.
- Fix#266: Fix build with --without-ssl.
- Fix for #267: neater variable definitions.
- Fix#270: reserved identifier violation.
- Fix to clean more memory on exit of dnstap collector.
- Fix dnstap to not check socket path when using IP address.
- Fix to compile without ssl with dnstap-tls code.
- Dnstap tls code fixes.
- Fix include brackets for ssl.h include statements, instead of quotes.
- Fix static analyzer warning about nsd_event_method initialization.
- Fix#273: Large TXT record breaks AXFR.
- Fix ixfr create from adding too many record types.
- Fix cirrus script for submit to coverity scan to libtoolize
the configure script components config.guess and config.sub.
- Fix readme status badge links.
- make depend.
- Fix for build to run flex and bison before compiling code that needs
the headers.
- Fix to remove unused whitespace from acx_nlnetlabs.m4 and config.h.
- For #279: Note that autoreconf -fi creates the configure script
and also the needed auxiliary files, for autoconf 2.69 and 2.71.
- Fix unused variable warning in unit test, from clang compile.
- Fix#240: Prefix messages originating from verifier.
- Fix#275: Drop unnecessary root server checks.
PR: 272096
Reported by: jaap@NLnetLabs.nl (maintainer)
Commit b7f05445c0 has added WWW entries to port Makefiles based on
WWW: lines in pkg-descr files.
This commit removes the WWW: lines of moved-over URLs from these
pkg-descr files.
Approved by: portmgr (tcberner)
It has been common practice to have one or more URLs at the end of the
ports' pkg-descr files, one per line and prefixed with "WWW:". These
URLs should point at a project website or other relevant resources.
Access to these URLs required processing of the pkg-descr files, and
they have often become stale over time. If more than one such URL was
present in a pkg-descr file, only the first one was tarnsfered into
the port INDEX, but for many ports only the last line did contain the
port specific URL to further information.
There have been several proposals to make a project URL available as
a macro in the ports' Makefiles, over time.
This commit implements such a proposal and moves one of the WWW: entries
of each pkg-descr file into the respective port's Makefile. A heuristic
attempts to identify the most relevant URL in case there is more than
one WWW: entry in some pkg-descr file. URLs that are not moved into the
Makefile are prefixed with "See also:" instead of "WWW:" in the pkg-descr
files in order to preserve them.
There are 1256 ports that had no WWW: entries in pkg-descr files. These
ports will not be touched in this commit.
The portlint port has been adjusted to expect a WWW entry in each port
Makefile, and to flag any remaining "WWW:" lines in pkg-descr files as
deprecated.
Approved by: portmgr (tcberner)
Changes: https://www.nlnetlabs.nl/news/2022/May/13/nsd-4.5.0-released/
This release fixes a couple of minor bugs and adds IXFR out
functionality. With this functionality NSD can respond to IXFR queries
and serve IXFR transfers downstream.
It is default disabled, that means it does not store IXFR contents for
zones by default. The response on the wire is different, also with IXFR
disabled, because it is now supported, and thus also for those zones a
reply is served, that no differential data is available.
FEATURES:
- Merge PR #209: IXFR out
This adds IXFR out functionality to NSD. NSD can copy IXFRs from
upstream to downstream clients, or create IXFRs from zonefiles.
The options store-ixfr: yes and create-ixfr: yes can be used to
turn this on. Default is turned off. The options ixfr-number and
ixfr-size can be used to tune the number of IXFR transfers and
total data size stored. This is configured per zone, the IXFRs
are served to the hosts that are allowed to perform zone transfers.
And if TSIG is configured, signed with the same key. The content
is stored to file if a zonefile is configured for the zone, in
the zonefile.ixfr and zonefile.ixfr.2, .. files. They contain
readable text format. The number of IXFRs is num.rixfr in
statistics output, also per zone if per zone statistics are enabled.
If offline, nsd-checkzone -i can create ixfr files.
NSD already supports requesting IXFRs, this addition allows NSD
to serve IXFR transfers to clients.
NSD stops responding with NOTIMPL to IXFR requests, also for zones
that do not have IXFR enabled. The clients gets a full zone reply
or a status reply if the serial is up to date.
BUG FIXES:
- Fix code analyzer zero divide warning.
- Fix code analyzer large value with assertion.
- Fix another code analyzer zero divide warning.
- Fix code analyzer warning about uninitialized temp storage in loop.
- Fix spelling error in comment in svcbparam_lookup_key.
- Update cirrus script FreeBSD version.
PR: 263952
- Pet portclippy
This release changes the memory allocation for outgoing zonetransfers,
and this reduces the memory footprint. The defaults for the amounts are
the same as before, but there are config options to configure the memory
usage. There are also bug fixes.
4.4.0
================
FEATURES:
- Merge #193: Lower memory usage of the XFRD process by default.
Instead of preallocating all elements, they are allocated when used.
There are options for managing the memory usage, defaults are the
same as before. xfrd-tcp-max sets the number of sockets for tcp
connections that xfrd can make to download zone contents. And
xfrd-tcp-pipeline the number of simultaneous transfers over the
same connection.
BUG FIXES:
- Fix#200: nsd-checkzone succeeds even with incorrect serial in SOA
record.
- Merge #204 from jonathangray: correct some spelling mistakes.
- Fix to change file mode before changing file owner for the
nsd-control unix socket file.
- Fix to document nsd-checkzone -p in the man page for nsd-checkzone.
- Fix#206: build with --without-ssl fails.
- Merge #207 Sync nsd-control-setup with unbound-control-setup to
generate certificates with SANs.
- Fix unit tests for nds-control-setup exit code and the
xfrd-tcp-max default.
PR: 262034
Approved by: jaap@NLnetLabs.nl (maintainer)
Relnotes: https://nlnetlabs.nl/news/2022/Feb/17/nsd-4.4.0-released/
This release fixes a number of bugs. It fixes a number of corner
case differences for the output more similar to Bind. The configure
sources are compatible with the new autoconf 2.70.
PR: 253026
Submitted by: jaap@NLnetLabs.nl (maintainer)
This release contains the DNS Flag Day 2020 fixes. This sets the
default EDNS buffer size to 1232, that should reduce fragmentation.
https://dnsflagday.net/2020/
There is a new feature where it is possible to list an interface by
name. This pulls in the IP addresses associated with the interface
at server start.
FEATURES:
- Follow DNS flag day 2020 advice and
set default EDNS message size to 1232.
- Merged PR #113 with fixes. Instead of listing an IP-address to
listen on, an interface name can be specified in nsd.conf, with
ip-address: eth0. The IP-addresses for that interface are then used.
- Port TSIG code for openssl 3.0.0-alpha6.
BUG FIXES:
- Fix make install with --with-pidfile="".
- Merge #115 from millert: Fix strlcpy() usage. From OpenBSD.
- Merge #117: mini_event.h (4.3.2 and 4.3.1) on OpenBSD cannot find
fd_set - patch.
- Fix that configure checks for EVP_sha256 to detect openssl, because
HMAC_CTX_new is deprecated in 3.0.0.
- Fix#119: fix compile warnings from new gcc.
- Fix#119: warn when trying to parse a directory.
- Merge PR #121: Increase log level of recreated database from
WARNING to ERR.
- Remove unused space from LIBS on link line.
- Updated date in nsd -v output.
PR: 250203
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Relnotes: https://www.nlnetlabs.nl/news/2020/Oct/08/nsd-4.3.3-released/
BUG FIXES:
- Fix#70: error: 'fd_set' undeclared.
- Fix#71: error: 'for' loop initial declaration used outside C99
mode.
- Fix to move declarations out of for loops in event test too.
- Fix#76: cpuid typedef for Hurd, DragonflyBSD compile.
- Fix#75: configure test for sched_setaffinity, and use
cpuset_setaffinity otherwise. Also test for presence of sysconf.
- Fix#74: GNU Hurd fix cast from pointer to integer of different size.
- Fix for #74, #75: cpuset test for header contents and provide code.
- Fix#78: Fix SO_SETFIB error on FreeBSD.
- Merge PR #83 from noloader: Fix GNU HURD sched_setaffinity compile.
- Fix#80: NetBSD and implicit declaration of reallocarray.
- Fix unknown u_long in util.c for Issue #80 .
- Merge PR #86 from noloader: Use precious variables for GREP, EGREP,
SED, AWK, LEX and YACC.
- For PR #86: Fix that programs loaded after CFLAGS and stuff is
set, specifically the compiler, so that it can work if it needs
special flags from that. Fix that lex only needs to support -i
if actually defined, otherwise the output included in the source
tarball can be used.
- Merge PR #90 by phicoh: O_CLOEXEC should be FD_CLOEXEC.
- Merge PR #92 by tonysgi: Fix typo.
- Merge PR #91 by gearnode: nsd-control-setup recreate certificates.
The '-r' option recreates certificates. Without it it creates them
if they do not exist, and does not modify them otherwise.
PR: 245666
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
This port incorporates also the proposed bug fix at bug #242367
Major changes:
This release adds cpu affinity. By pinning a server process to a
specific cpu, having a separate network card also for that cpu, and
an interface address also for that server process, the throughput is
increased. This increases performance of the nameserver.
Sparse TSIG signing support is removed, to comply with the latest tsig
standard update draft.
There is a feature to drop update queries, with opcode UPDATE,
with nsd.conf option drop-updates.
4.3.0
=========
FEATURES:
- Fix to use getrandom() for randomness, if available.
- Fix#56: Drop sparse TSIG signing support in NSD.
Sign every axfr packet with TSIG, according to the latest
draft-ietf-dnsop-rfc2845bis-06, Section 5.3.1.
- Merge pull request #59 from buddyns: add FreeBSD support
for conf key ip-transparent.
- Add feature to pin server processes to specific cpus.
- Add feature to pin IP addresses to selected server processes.
- Set process title to identify individual processes.
- Merge PR#22: minimise-any: prefer polular and not large RRset,
from Daisuke Higashi.
- Add support for SO_BINDTODEVICE on Linux.
- Add support for SO_SETFIB on FreeBSD.
- Add feature to drop queries with opcode UPDATE.
BUG FIXES:
- Fix fname null check of fname in namedb_read_zonefile.
- Fix implicit cast of size in udb_radnode_array_grow.
- Fix ignore of return value of ssl_printf in remote.c.
- Fix unused check of fd in parent_handle_reload_command.
- Attempt to fix signedness of nscount lookup in ixfr query_process.
- Fix identical branches for ssl_print of errors in remote.c.
- Fix type cast bounds, signedness of opt_rdlen in edns_parse_record.
- Fix to separate header and data lines in parse_zone_list_file.
- Fix to define max number of EDNS records we are willing to
spend time on.
- Fix size of string len and capacity type cast in udbradtree.
- Fix to protect rrcount in tsig_find_rr from overflow.
- Annotate radix_find_prefix_node not reachable trail code.
- Fix to protect rrcount in packet_find_notify_serial from overflow.
- Fix to close socket on error in create_tcp_accept_sock.
- Fix to log on failure to chmod for socket for remote control.
- Fix to remove unneeded if in open of socket for remote control.
- Fix to restore input parameter on call failure in create_dirs.
- Please checker by terminating and initialising string read
by remote control.
- Fix to define upper bounds on rr counts read from untrusted packet
data.
- Separate acl_addr_match_range functions for ip4 and ip6, to
please checkers.
- Avoid unused variable warning in new match_range_v4 function.
- Fix whitespace in nsd.conf.sample.in, patch from Paul Wouters.
- use-systemd is ignored in nsd.conf, when NSD is compiled with
libsystemd it always signals readiness, if possible.
- Note that use-systemd is not necessary and ignored in man page.
- Fix unreachable code in ssl set options code.
- Fix bad shift in assertion code analyzer complaint.
- Fix responses for IXFR so that the authority section is not echoed
in the response.
- Merge PR#60: Minor portability fixes from michaelforney, with
avoid pointer arithmetic on void* and avoid unnecessary VLA.
- Fix that the retry wait does not exceed one day for zone transfers.
CHANGES:
- Set FD_CLOEXEC on opened sockets.
PR: 244886, 242367[2]
Submitted by: Jaap Akkerhuis <jaap@nlnetlabs.nl> (maintainer)
Reported by: Leo Vandewoestijne <freebsd@dns.company> [2]
Relnotes: https://github.com/NLnetLabs/nsd/blob/NSD_4_3_0_REL/doc/ChangeLog
This release fixes memory leaks when reading zonefiles
and processing zone transfers.
4.1.20
================
BUG FIXES:
- Fix memory leak in zone file read of unknown rr formatted RRs.
- Fix memory leak when rehashing nsec3 after axfr or zonefile read,
in the selectively allocated precompiled nsec3 hashes.
Also changed to DISTVERSION
Submitted by: jaap@NLnetLabs.nl (maintainer)
Approved by: tcberner (mentor, implicit)
