aboutsummaryrefslogtreecommitdiff
path: root/dns/bind96
Commit message (Collapse)AuthorAgeFilesLines
...
* All -P2 versions now have PGP signatures with ISC's standardDoug Barton2008-08-091-3/+3
| | | | | | | | | | signing key. PR: ports/126389 (for bind9) Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp> Notes: svn path=/head/; revision=218258
* Update to patchlevel 2 for all versions:Doug Barton2008-08-022-8/+8
| | | | | | | | | | | | | - performance improvement over the P1 releases, namely + significantly remedying the port allocation issues + allowing TCP queries and zone transfers while issuing as many outstanding UDP queries as possible + additional security of port randomization at the same level as P1 - also includes fixes for several bugs in the 9.5.0 base code Notes: svn path=/head/; revision=217934
* Add an OPTION to turn on the ability of dns/host/nslookup to doDoug Barton2008-07-161-0/+5
| | | | | | | | | | | DNSSEC validation. This is off by default, so no PORTREVISION bump. Submitted by: Andrei V. Lavreniyuk <andy.lavr@reactor-xg.kiev.ua> Notes: svn path=/head/; revision=216933
* Strengthen the wording regarding the THREADS OPTION for <FreeBSD-7Doug Barton2008-07-111-1/+1
| | | | Notes: svn path=/head/; revision=216716
* Upgrade to the -P1 versions of each port, which add stronger randomizationDoug Barton2008-07-092-8/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | of the UDP query-source ports. The server will still use the same query port for the life of the process, so users for whom the issue of cache poisoning is highly significant may wish to periodically restart their server using /etc/rc.d/named restart, or other suitable method. In order to take advantage of this randomization users MUST have an appropriate firewall configuration to allow UDP queries to be sent and answers to be received on random ports; and users MUST NOT specify a port number using the query-source[-v6] option. The avoid-v[46]-udp-ports options exist for users who wish to eliminate certain port numbers from being chosen by named for this purpose. See the ARM Chatper 6 for more information. Also please note, this issue applies only to UDP query ports. A random ephemeral port is always chosen for TCP queries. This issue applies primarily to name servers whose main purpose is to resolve random queries (sometimes referred to as "caching" servers, or more properly as "resolving" servers), although even an "authoritative" name server will make some queries, primarily at startup time. This update addresses issues raised in: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 http://www.kb.cert.org/vuls/id/800113 http://tools.ietf.org/html/draft-ietf-dnsext-forgery-resilience Notes: svn path=/head/; revision=216629
* Make CONFLICTS a little cleanerDoug Barton2008-07-042-2/+4
| | | | | | | Add README.idnkit to PORTDOCS Notes: svn path=/head/; revision=216303
* Update for 9.5.0Doug Barton2008-07-034-30/+57
| | | | | | | | | | | | | | | | | | | | | | | | Some of the important features of BIND 9 are: DNS Security: DNSSEC (signed zones), TSIG (signed DNS requests) IP version 6: Answers DNS queries on IPv6 sockets, IPv6 resource records (AAAA) Experimental IPv6 Resolver Library DNS Protocol Enhancements: IXFR, DDNS, Notify, EDNS0 Improved standards conformance Views: One server process can provide multiple "views" of the DNS namespace, e.g. an "inside" view to certain clients, and an "outside" view to others. Multiprocessor Support, including working threads in this version BIND 9.5 has a number of new features over previous versions, including: GSS-TSIG support (RFC 3645), DHCID support Experimental http server and statistics support for named via xml More detailed statistics counters, compatible with the ones supported in BIND 8 Faster ACL processing Efficient LRU cache cleaning mechanism. NSID support (RFC 5001). Notes: svn path=/head/; revision=216215
* Update the pkg-message to be even less version-specific, and tell the userDoug Barton2008-06-021-9/+8
| | | | | | | that /etc/rc.d/named will handle everything for them. Notes: svn path=/head/; revision=214165
* Fix pkg-plist by including a new file.Doug Barton2007-12-052-0/+2
| | | | | | | | Pointy hat number N:M (where M = many) goes to: dougb Approved by: portmgr (erwin) Notes: svn path=/head/; revision=202908
* ISC recently announced that BIND 8 has been End-of-Life'd:Doug Barton2007-12-031-1/+1
| | | | | | | | | | | | | | http://www.isc.org/index.pl?/sw/bind/bind8-eol.php Therefore, per the previous announcement, remove the ports for BIND 8. This includes the chinese/bind8 slave port, and mail/smc-milter which has a dependency on libbind_r.a from BIND 8.x. The latter has been unmaintained since 2005, and is 3 versions behind. Approved by: portmgr (linimon) Notes: svn path=/head/; revision=202883
* Update to BIND 9.4.2. Many bugs are fixed, please see the CHANGESDoug Barton2007-12-014-17/+14
| | | | | | | | | file for more details. Approved by: portmgr (erwin) Notes: svn path=/head/; revision=202873
* Update to 9.4.1-P1, which has fixes for the following:Doug Barton2007-07-242-8/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | 1. The default access control lists (acls) are not being correctly set. If not set anyone can make recursive queries and/or query the cache contents. See also: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925 2. The DNS query id generation is vulnerable to cryptographic analysis which provides a 1 in 8 chance of guessing the next query id for 50% of the query ids. This can be used to perform cache poisoning by an attacker. This bug only affects outgoing queries, generated by BIND 9 to answer questions as a resolver, or when it is looking up data for internal uses, such as when sending NOTIFYs to slave name servers. All users are encouraged to upgrade. See also: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926 Notes: svn path=/head/; revision=196229
* - Set --mandir and --infodir in CONFIGURE_ARGS if the configure scriptRong-En Fan2007-07-231-2/+1
| | | | | | | | | | | | | | | | | | | | | supports them. This is determined by running ``configure --help'' in do-configure target and set the shell variable _LATE_CONFIGURE_ARGS which is then passed to CONFIGURE_ARGS. - Remove --mandir and --infodir in ports' Makefile where applicable Few ports use REINPLACE_CMD to achieve the same effect, remove them too. - Correct some manual pages location from PREFIX/man to MANPREFIX/man - Define INFO_PATH where necessary - Document that .info files are installed in a subdirectory relative to PREFIX/INFO_PATH and slightly change add-plist-info to use INFO_PATH and subdirectory detection. PR: ports/111470 Approved by: portmgr Discussed with: stas (Mk/*), gerald (info related stuffs) Tested by: pointyhat exp run Notes: svn path=/head/; revision=196111
* Update to version 9.4.1, a security update from ISC:Doug Barton2007-05-012-8/+8
| | | | | | | | | | | 2172. [bug] query_addsoa() was being called with a non zone db. [RT #16834] If you are running BIND 9.4.0 (either pre-release or final), you are advised to upgrade as soon as possible to BIND 9.4.1. Notes: svn path=/head/; revision=191246
* Update to the release version of 9.4.0.Doug Barton2007-02-262-8/+8
| | | | Notes: svn path=/head/; revision=185961
* Complete the update for bind94 after the repocopy, and hook it up.Doug Barton2007-01-284-32/+49
| | | | Notes: svn path=/head/; revision=183578
* Upgrade to version 9.3.4, the latest from ISC, which addresses theDoug Barton2007-01-252-8/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | following security issues. All users of BIND are encouraged to upgrade to this version. 2126. [security] Serialise validation of type ANY responses. [RT #16555] 2124. [security] It was possible to dereference a freed fetch context. [RT #16584] 2089. [security] Raise the minimum safe OpenSSL versions to OpenSSL 0.9.7l and OpenSSL 0.9.8d. Versions prior to these have known security flaws which are (potentially) exploitable in named. [RT #16391] 2088. [security] Change the default RSA exponent from 3 to 65537. [RT #16391] 2066. [security] Handle SIG queries gracefully. [RT #16300] 1941. [bug] ncache_adderesult() should set eresult even if no rdataset is passed to it. [RT #15642] Notes: svn path=/head/; revision=183229
* Apply the markup fixes from the base to the nsupdate.8 andDoug Barton2006-12-211-0/+8
| | | | | | | nslookup.1 man pages. Notes: svn path=/head/; revision=180313
* Upgrade to version 9.3.3, the latest from ISC. This isDoug Barton2006-12-092-8/+8
| | | | | | | | | | | a maintenance release, with the usual round of bug and security fixes. All users of BIND 9 are encouraged to upgrade to this version. Notes: svn path=/head/; revision=179339
* Update to version 9.3.2-P2, which addresses the vulnerabilityDoug Barton2006-11-032-8/+8
| | | | | | | | | | | | | | | | | | | | | | | | | announced by ISC dated 31 October (delivered via e-mail to the bind-announce@isc.org list today): Description: Because of OpenSSL's recently announced vulnerabilities (CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940) which affect named, we are announcing this workaround and releasing patches. A proof of concept attack on OpenSSL has been demonstrated for CAN-2006-4339. OpenSSL is required to use DNSSEC with BIND. Fix for version 9.3.2-P1 and lower: Upgrade to BIND 9.2.3-P2, then generate new RSASHA1 and RSAMD5 keys for all old keys using the old default exponent and perform a key rollover to these new keys. These versions also change the default RSA exponent to be 65537 which is not vulnerable to the attacks described in CAN-2006-4339. Notes: svn path=/head/; revision=176257
* Upgrade to version 9.3.2-P1, which addresses the following securityDoug Barton2006-09-062-8/+8
| | | | | | | | | | | | | | | | vulnerabilities: http://www.niscc.gov.uk/niscc/docs/re-20060905-00590.pdf?lang=en 2066. [security] Handle SIG queries gracefully. [RT #16300] http://www.kb.cert.org/vuls/id/697164 1941. [bug] ncache_adderesult() should set eresult even if no rdataset is passed to it. [RT #15642] All users of BIND 9 are encouraged to upgrade to this version. Notes: svn path=/head/; revision=172416
* Add OPTIONS to the rest of my ports that need them.Doug Barton2006-08-281-16/+10
| | | | | | | Add CONFLICTS to the bind* ports. Notes: svn path=/head/; revision=171498
* Replace ugly "@unexec rmdir %D... 2>/dev/null || true" with @dirrmtryEdwin Groothuis2006-01-221-1/+1
| | | | | | | | Approved by: krion@ PR: ports/88711 (related) Notes: svn path=/head/; revision=154110
* Update to 9.3.2, the latest from ISCDoug Barton2005-12-284-31/+9
| | | | Notes: svn path=/head/; revision=152247
* Move the verify target after pre-fetch.Doug Barton2005-12-061-3/+3
| | | | Notes: svn path=/head/; revision=150511
* Committed the wrong version ... s#/usr/local#${LOCALBASE}#Doug Barton2005-11-271-1/+1
| | | | Notes: svn path=/head/; revision=149630
* Fix a long-standing problem that appears when users installDoug Barton2005-11-271-1/+7
| | | | | | | | | | | | | | openssl from ports, and do not use the option to have the port version overwrite the base version. Several folks have mentioned this problem in the past, but a good workaround (and more importantly, solid testing) were provided by the submitter. Submitted by: Uffe Vedenbrant <uffe@vedenbrant.se> Notes: svn path=/head/; revision=149628
* Add SHA256 checksums to my portsDoug Barton2005-11-241-0/+2
| | | | Notes: svn path=/head/; revision=149230
* For the ports that I maintain, do the following as appropriate:Doug Barton2005-10-291-1/+5
| | | | | | | | | | | | 1. Add myself as a backup master site (Sourceforge and CPAN ports already have good enough coverage, so skip them). 2. For all ports that have them, download the PGP signature files. 3. For ports in 2, add a verify target to the Makefile 4. For ports where I was already providing a master site, update the URL. 5. Pet portlint in a couple of places. Notes: svn path=/head/; revision=146646
* This issue was researched by glebius, and this patch wasDoug Barton2005-08-181-0/+23
| | | | | | | | | | | | | | | | | | incorporated by ISC into the next version of BIND. The patch addresses a problem with high-load resolvers which hit memory barriers. Without this patch, running the resolving name server out of memory would lead to "unpredictable results." Of course, the canonical answer to this problem is to put more memory into the system, however that is not always possible, and the code should be able to handle this situation gracefully in any case. Approved by: portmgr (krion) Notes: svn path=/head/; revision=140919
* ISC staff has informed me that in BIND 9.3.x, threads are always aDoug Barton2005-06-291-1/+3
| | | | | | | | bad idea, so disable them in all cases unless the user has affirmatively requested this through the define. Notes: svn path=/head/; revision=138160
* 1. The OPTIONS stuff isn't working the way it should according to reports,Doug Barton2005-03-171-4/+2
| | | | | | | | | so rip it out until I have a chance to debug it. 2. Improve the comment about deprecating an old knob. Notes: svn path=/head/; revision=131473
* Upgrade to 9.3.1, the latest version from ISC. This version containsDoug Barton2005-03-133-32/+23
| | | | | | | | | | | | | | | | | | | | | several important fixes, including a remote (although unlikely) exploit. See the CHANGES file for details. All users of BIND 9 are highly encouraged to upgrade to this version. Changes to the port include: 1. Remove ISC patch to 9.3.0 that addressed the remote exploit 2. Change to OPTIONS, and thereby 3. --enable-threads is now the default. Users report that the new thread code in 9.3.x works significantly better than the old on all versions of FreeBSD. 4. Add a temporary shim for the old PORT_REPLACES_BASE_BIND9 option. The OPTIONS framework requires knobs to start with WITH_ or WITHOUT_ 5. Remove patch that shoehorned named.conf.5 into the right place, it has been fixed in the code. Notes: svn path=/head/; revision=131083
* Include a patch from ISC to deal with the following vulnerability:Doug Barton2005-01-282-1/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | Name: BIND: Self Check Failing [Added 2005.25.01] Versions affected: BIND 9.3.0 Severity: LOW Exploitable: Remotely Type: Denial of Service Description: An incorrect assumption in the validator (authvalidated) can result in a REQUIRE (internal consistancy) test failing and named exiting. Workarounds: Turn off dnssec validation (off by default) at the options/view level. dnssec-enable no; Active Exploits: None known Bump PORTREVISION accordingly. It should be noted that the vast majority of users would not have DNSSEC enabled, and therefore are not vulnerable to this bug. Notes: svn path=/head/; revision=127562
* The parens around the OSVERSION test were fatal for < 4.9, and did notDoug Barton2004-09-271-1/+1
| | | | | | | | | | | provide anything useful for newer systems, so remove them. PR: ports/72118 Submitted by: Michel Lavondes <fox@vader.aacc.cc.md.us> Approved by: portmgr (eik) Notes: svn path=/head/; revision=118453
* Update to BIND 9.3.0, the latest from ISC. This version has severalDoug Barton2004-09-246-27/+59
| | | | | | | | | | | | | | | | | | | significant updates, not the least of which is the new and improved DNSSEC code based on the latest standards (including DS). Various updates to the port, including: 1. Download the PGP signature 2. If running on ${OSVERSION} >= 503000, configure with threads 3. Update pkg-descr re IPv6 RRs 4. Update pkg-message to reflect a world with 6-current There is also a patch to correct a man page installation error. This problem should be fixed in the next release. Approved by: portmgr (marcus) Notes: svn path=/head/; revision=118366
* The ringserver sites don't have the latest BIND 9.Doug Barton2004-04-041-2/+1
| | | | | | | Submitted by: fenner's distfile survey Notes: svn path=/head/; revision=106092
* DISTNAME is a slightly less painful way of dealing with wackyDoug Barton2004-03-141-2/+1
| | | | | | | version numbers. Notes: svn path=/head/; revision=104020
* Now that the SIZE thing has stabilized, add it to the ports I maintain.Doug Barton2004-03-141-0/+1
| | | | Notes: svn path=/head/; revision=103917
* I specifically stated that I did not want to bump portepoch for this port.Doug Barton2003-10-281-1/+0
| | | | | | | | | | | | | I realize that my error in version numbering previously caused some confusion about 9.2.3 being a more up to date version than 9.2.3.4, but this will quickly be resolved with the next version, and affected only a few users who installed the release candidate. The portepoch change is permanent, and perpetuates a silly kludge for no good reason. Please do not change this again without discussing it with me. Notes: svn path=/head/; revision=92446
* Fix removal of the last digit in the version number issue.Edwin Groothuis2003-10-281-0/+1
| | | | | | | | | | [~/cvs/ports/dns/bind9] edwin@k7>pkg_version -t 9.2.3.4 9.2.3 > [~/cvs/ports/dns/bind9] edwin@k7>pkg_version -t 9.2.3.4 9.2.3,1 < Notes: svn path=/head/; revision=92427
* Upgrade to the 9.2.3 release versionDoug Barton2003-10-242-3/+3
| | | | Notes: svn path=/head/; revision=92089
* Unbreak(?) USE_OPENSSL support for people that don't have it in the baseDoug Barton2003-10-021-7/+2
| | | | | | | Submitted by: A cast of thousands Notes: svn path=/head/; revision=90058
* Upgrade to version 9.2.3rc4.Doug Barton2003-09-252-4/+4
| | | | | | | | | | | The 9.2.3 code has many many bugs fixed from 9.2.2, check CHANGES for more information. The rc4 code has the delegation-only options. Check the ARM for information on how to enable it. Notes: svn path=/head/; revision=89298
* DOCSDIR'ifyDoug Barton2003-09-251-26/+26
| | | | Notes: svn path=/head/; revision=89297
* Chase repocopies towards ports/dnsEdwin Groothuis2003-09-051-1/+1
| | | | | | | | | PR: ports/56020 Submitted by: Kimura Fuyuki <fuyuki@nigredo.org> Approved by: portmgr Notes: svn path=/head/; revision=88581
* Massive repo-copies request: net->dns (partly devel->dns)Edwin Groothuis2003-09-051-1/+1
| | | | | | | | | PR: ports/56020 Submitted by: Kimura Fuyuki <fuyuki@nigredo.org> Approved by: portmgr Notes: svn path=/head/; revision=88573
* Display the new pkg-message after port build.Doug Barton2003-06-071-0/+2
| | | | Notes: svn path=/head/; revision=82483
* Add a message to explain how to configure randomness, and rndc.Doug Barton2003-06-071-0/+22
| | | | Notes: svn path=/head/; revision=82480
* * Update to version 9.2.2, the latest from ISC. This version contains noDoug Barton2003-03-042-3/+4
| | | | | | | | | | new features compared to 9.2.1, only bug fixes. Users of BIND 9 are highly encouraged to upgrade. * Switch to Makefile COMMENT Notes: svn path=/head/; revision=76841
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-18 16:37:15 +0000