<feed xmlns='http://www.w3.org/2005/Atom'>
<title>src/contrib/bind9/bin/dnssec/dnssec-dsfromkey.html, branch main</title>
<subtitle>FreeBSD source tree</subtitle>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/'/>
<entry>
<title>Remove BIND.</title>
<updated>2013-09-30T17:23:45+00:00</updated>
<author>
<name>Dag-Erling Smørgrav</name>
<email>des@FreeBSD.org</email>
</author>
<published>2013-09-30T17:23:45+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=56b72efe825d4190e0e2fdbc07ebb295cac299df'/>
<id>56b72efe825d4190e0e2fdbc07ebb295cac299df</id>
<content type='text'>
Approved by:	re (gjb)
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Approved by:	re (gjb)
</pre>
</div>
</content>
</entry>
<entry>
<title>Update Bind to 9.9.3-P2</title>
<updated>2013-08-22T08:15:03+00:00</updated>
<author>
<name>Erwin Lansing</name>
<email>erwin@FreeBSD.org</email>
</author>
<published>2013-08-22T08:15:03+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=08e6ea976b86b6591f317d290bfc9743d11c21ac'/>
<id>08e6ea976b86b6591f317d290bfc9743d11c21ac</id>
<content type='text'>
Notable new features:

*  Elliptic Curve Digital Signature Algorithm keys and signatures in
   DNSSEC are now supported per RFC 6605. [RT #21918]

*  Introduces a new tool "dnssec-verify" that validates a signed zone,
   checking for the correctness of signatures and NSEC/NSEC3 chains.
   [RT #23673]

*  BIND now recognizes the TLSA resource record type, created to
   support IETF DANE (DNS-based Authentication of Named Entities)
   [RT #28989]

*  The new "inline-signing" option, in combination with the
   "auto-dnssec" option that was introduced in BIND 9.7, allows
   named to sign zones completely transparently.

Approved by:	delphij (mentor)
MFC after:	3 days
Sponsored by:	DK Hostmaster A/S
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Notable new features:

*  Elliptic Curve Digital Signature Algorithm keys and signatures in
   DNSSEC are now supported per RFC 6605. [RT #21918]

*  Introduces a new tool "dnssec-verify" that validates a signed zone,
   checking for the correctness of signatures and NSEC/NSEC3 chains.
   [RT #23673]

*  BIND now recognizes the TLSA resource record type, created to
   support IETF DANE (DNS-based Authentication of Named Entities)
   [RT #28989]

*  The new "inline-signing" option, in combination with the
   "auto-dnssec" option that was introduced in BIND 9.7, allows
   named to sign zones completely transparently.

Approved by:	delphij (mentor)
MFC after:	3 days
Sponsored by:	DK Hostmaster A/S
</pre>
</div>
</content>
</entry>
<entry>
<title>Update to 9.8.4-P1.</title>
<updated>2012-12-07T12:39:58+00:00</updated>
<author>
<name>Erwin Lansing</name>
<email>erwin@FreeBSD.org</email>
</author>
<published>2012-12-07T12:39:58+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=cfd4d2c42e1c88d28ef6b9bca1ffbab32de3e7ff'/>
<id>cfd4d2c42e1c88d28ef6b9bca1ffbab32de3e7ff</id>
<content type='text'>
Security Fixes

   Prevents named from aborting with a require assertion failure
   on servers with DNS64 enabled.  These crashes might occur as a
   result of  specific queries that are received.

New Features

*  Elliptic Curve Digital Signature Algorithm keys and signatures in
   DNSSEC are now supported per RFC 6605. [RT #21918]

Feature Changes

*  Improves OpenSSL error logging [RT #29932]

*  nslookup now returns a nonzero exit code when it is unable to get
   an answer.  [RT #29492]

Other critical bug fixes are included.

Approved by:	delphij (mentor)
MFC after:	3 days
Security:	CVE-2012-5688
Sponsored by:	DK Hostmaster A/S
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Security Fixes

   Prevents named from aborting with a require assertion failure
   on servers with DNS64 enabled.  These crashes might occur as a
   result of  specific queries that are received.

New Features

*  Elliptic Curve Digital Signature Algorithm keys and signatures in
   DNSSEC are now supported per RFC 6605. [RT #21918]

Feature Changes

*  Improves OpenSSL error logging [RT #29932]

*  nslookup now returns a nonzero exit code when it is unable to get
   an answer.  [RT #29492]

Other critical bug fixes are included.

Approved by:	delphij (mentor)
MFC after:	3 days
Security:	CVE-2012-5688
Sponsored by:	DK Hostmaster A/S
</pre>
</div>
</content>
</entry>
<entry>
<title>Update to version 9.8.2, the latest from ISC, which contains numerous bug fixes.</title>
<updated>2012-04-05T04:29:35+00:00</updated>
<author>
<name>Doug Barton</name>
<email>dougb@FreeBSD.org</email>
</author>
<published>2012-04-05T04:29:35+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=d0f6280db790de2ad69bd01a1275e350cbd2840d'/>
<id>d0f6280db790de2ad69bd01a1275e350cbd2840d</id>
<content type='text'>
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
</pre>
</div>
</content>
</entry>
<entry>
<title>Upgrade to version 9.8.0-P4</title>
<updated>2011-07-16T11:12:09+00:00</updated>
<author>
<name>Doug Barton</name>
<email>dougb@FreeBSD.org</email>
</author>
<published>2011-07-16T11:12:09+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=7afecc12f4d7b56f03438d5f41b837b9696f0a94'/>
<id>7afecc12f4d7b56f03438d5f41b837b9696f0a94</id>
<content type='text'>
This version has many new features, see /usr/share/doc/bind9/README
for details.
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This version has many new features, see /usr/share/doc/bind9/README
for details.
</pre>
</div>
</content>
</entry>
<entry>
<title>Update to BIND 9.6.3, the latest from ISC on the 9.6 branch.</title>
<updated>2011-02-06T22:46:07+00:00</updated>
<author>
<name>Doug Barton</name>
<email>dougb@FreeBSD.org</email>
</author>
<published>2011-02-06T22:46:07+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=5143adb5490e2ce9f3b7d74307c8f70197df2afe'/>
<id>5143adb5490e2ce9f3b7d74307c8f70197df2afe</id>
<content type='text'>
All 9.6 users with DNSSEC validation enabled should upgrade to this
version, or the latest version in the 9.7 branch, prior to 2011-03-31
in order to avoid validation failures for names in .COM as described
here:

https://www.isc.org/announcement/bind-9-dnssec-validation-fails-new-ds-record

In addition the fixes for this and other bugs, there are also the
following:

  * Various fixes to kerberos support, including GSS-TSIG
  * Various fixes to avoid leaking memory, and to problems that could
    prevent a clean shutdown of named
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
All 9.6 users with DNSSEC validation enabled should upgrade to this
version, or the latest version in the 9.7 branch, prior to 2011-03-31
in order to avoid validation failures for names in .COM as described
here:

https://www.isc.org/announcement/bind-9-dnssec-validation-fails-new-ds-record

In addition the fixes for this and other bugs, there are also the
following:

  * Various fixes to kerberos support, including GSS-TSIG
  * Various fixes to avoid leaking memory, and to problems that could
    prevent a clean shutdown of named
</pre>
</div>
</content>
</entry>
<entry>
<title>Update to 9.6-ESV-R2, the latest from ISC.</title>
<updated>2010-10-31T04:45:53+00:00</updated>
<author>
<name>Doug Barton</name>
<email>dougb@FreeBSD.org</email>
</author>
<published>2010-10-31T04:45:53+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=34ceb982dc5764b63f6478db13396f87a0413247'/>
<id>34ceb982dc5764b63f6478db13396f87a0413247</id>
<content type='text'>
This version contains bug fixes that are relevant to any
caching/resolving name server; as well as DNSSEC-related
fixes.
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This version contains bug fixes that are relevant to any
caching/resolving name server; as well as DNSSEC-related
fixes.
</pre>
</div>
</content>
</entry>
<entry>
<title>Update BIND to version 9.6.1rc1. This version has better performance and</title>
<updated>2009-05-31T05:42:58+00:00</updated>
<author>
<name>Doug Barton</name>
<email>dougb@FreeBSD.org</email>
</author>
<published>2009-05-31T05:42:58+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=6318052d9e161cbc69e4085125ef824d94de16ef'/>
<id>6318052d9e161cbc69e4085125ef824d94de16ef</id>
<content type='text'>
lots of new features compared to 9.4.x, including:

	Full NSEC3 support
	Automatic zone re-signing
	New update-policy methods tcp-self and 6to4-self
	DHCID support.
	More detailed statistics counters including those supported in BIND 8.
	Faster ACL processing.
	Efficient LRU cache-cleaning mechanism.
	NSID support.
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
lots of new features compared to 9.4.x, including:

	Full NSEC3 support
	Automatic zone re-signing
	New update-policy methods tcp-self and 6to4-self
	DHCID support.
	More detailed statistics counters including those supported in BIND 8.
	Faster ACL processing.
	Efficient LRU cache-cleaning mechanism.
	NSID support.
</pre>
</div>
</content>
</entry>
</feed>
