<feed xmlns='http://www.w3.org/2005/Atom'>
<title>src/lib/bind/isc, branch main</title>
<subtitle>FreeBSD source tree</subtitle>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/'/>
<entry>
<title>Remove BIND.</title>
<updated>2013-09-30T17:23:45+00:00</updated>
<author>
<name>Dag-Erling Smørgrav</name>
<email>des@FreeBSD.org</email>
</author>
<published>2013-09-30T17:23:45+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=56b72efe825d4190e0e2fdbc07ebb295cac299df'/>
<id>56b72efe825d4190e0e2fdbc07ebb295cac299df</id>
<content type='text'>
Approved by:	re (gjb)
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Approved by:	re (gjb)
</pre>
</div>
</content>
</entry>
<entry>
<title>Update Bind to 9.9.3-P2</title>
<updated>2013-08-22T08:15:03+00:00</updated>
<author>
<name>Erwin Lansing</name>
<email>erwin@FreeBSD.org</email>
</author>
<published>2013-08-22T08:15:03+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=08e6ea976b86b6591f317d290bfc9743d11c21ac'/>
<id>08e6ea976b86b6591f317d290bfc9743d11c21ac</id>
<content type='text'>
Notable new features:

*  Elliptic Curve Digital Signature Algorithm keys and signatures in
   DNSSEC are now supported per RFC 6605. [RT #21918]

*  Introduces a new tool "dnssec-verify" that validates a signed zone,
   checking for the correctness of signatures and NSEC/NSEC3 chains.
   [RT #23673]

*  BIND now recognizes the TLSA resource record type, created to
   support IETF DANE (DNS-based Authentication of Named Entities)
   [RT #28989]

*  The new "inline-signing" option, in combination with the
   "auto-dnssec" option that was introduced in BIND 9.7, allows
   named to sign zones completely transparently.

Approved by:	delphij (mentor)
MFC after:	3 days
Sponsored by:	DK Hostmaster A/S
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Notable new features:

*  Elliptic Curve Digital Signature Algorithm keys and signatures in
   DNSSEC are now supported per RFC 6605. [RT #21918]

*  Introduces a new tool "dnssec-verify" that validates a signed zone,
   checking for the correctness of signatures and NSEC/NSEC3 chains.
   [RT #23673]

*  BIND now recognizes the TLSA resource record type, created to
   support IETF DANE (DNS-based Authentication of Named Entities)
   [RT #28989]

*  The new "inline-signing" option, in combination with the
   "auto-dnssec" option that was introduced in BIND 9.7, allows
   named to sign zones completely transparently.

Approved by:	delphij (mentor)
MFC after:	3 days
Sponsored by:	DK Hostmaster A/S
</pre>
</div>
</content>
</entry>
<entry>
<title>Update Bind to 9.8.5-P2</title>
<updated>2013-08-06T06:22:54+00:00</updated>
<author>
<name>Erwin Lansing</name>
<email>erwin@FreeBSD.org</email>
</author>
<published>2013-08-06T06:22:54+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=a273027f9224fda6fd8740a05fb25286641770b2'/>
<id>a273027f9224fda6fd8740a05fb25286641770b2</id>
<content type='text'>
New Features

   Adds a new configuration option, "check-spf"; valid values are
   "warn" (default) and "ignore".  When set to "warn", checks SPF
   and TXT records in spf format, warning if either resource record
   type occurs without a corresponding record of the other resource
   record type.  [RT #33355]

   Adds support for Uniform Resource Identifier (URI) resource
   records. [RT #23386]

   Adds support for the EUI48 and EUI64 RR types. [RT #33082]

   Adds support for the RFC 6742 ILNP record types (NID, LP, L32,
   and L64). [RT #31836]

Feature Changes

   Changes timing of when slave zones send NOTIFY messages after
   loading a new copy of the zone.  They now send the NOTIFY before
   writing the zone data to disk.  This will result in quicker
   propagation of updates in multi-level server structures. [RT #27242]
   "named -V" can now report a source ID string.  (This is will be
   of most interest to developers and troubleshooters).  The source

   ID for ISC's production versions of BIND is defined in the "srcid"
   file in the build tree and is normally set to the most recent
   git hash. [RT #31494]

   Response Policy Zone performance enhancements.  New "response-policy"
   option "min-ns-dots".  "nsip" and "nsdname" now enabled by default
   with RPZ. [RT #32251]

Approved by:	delphij (mentor)
Sponsored by:	DK Hostmaster A/S
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
New Features

   Adds a new configuration option, "check-spf"; valid values are
   "warn" (default) and "ignore".  When set to "warn", checks SPF
   and TXT records in spf format, warning if either resource record
   type occurs without a corresponding record of the other resource
   record type.  [RT #33355]

   Adds support for Uniform Resource Identifier (URI) resource
   records. [RT #23386]

   Adds support for the EUI48 and EUI64 RR types. [RT #33082]

   Adds support for the RFC 6742 ILNP record types (NID, LP, L32,
   and L64). [RT #31836]

Feature Changes

   Changes timing of when slave zones send NOTIFY messages after
   loading a new copy of the zone.  They now send the NOTIFY before
   writing the zone data to disk.  This will result in quicker
   propagation of updates in multi-level server structures. [RT #27242]
   "named -V" can now report a source ID string.  (This is will be
   of most interest to developers and troubleshooters).  The source

   ID for ISC's production versions of BIND is defined in the "srcid"
   file in the build tree and is normally set to the most recent
   git hash. [RT #31494]

   Response Policy Zone performance enhancements.  New "response-policy"
   option "min-ns-dots".  "nsip" and "nsdname" now enabled by default
   with RPZ. [RT #32251]

Approved by:	delphij (mentor)
Sponsored by:	DK Hostmaster A/S
</pre>
</div>
</content>
</entry>
<entry>
<title>Update to 9.8.4-P1.</title>
<updated>2012-12-07T12:39:58+00:00</updated>
<author>
<name>Erwin Lansing</name>
<email>erwin@FreeBSD.org</email>
</author>
<published>2012-12-07T12:39:58+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=cfd4d2c42e1c88d28ef6b9bca1ffbab32de3e7ff'/>
<id>cfd4d2c42e1c88d28ef6b9bca1ffbab32de3e7ff</id>
<content type='text'>
Security Fixes

   Prevents named from aborting with a require assertion failure
   on servers with DNS64 enabled.  These crashes might occur as a
   result of  specific queries that are received.

New Features

*  Elliptic Curve Digital Signature Algorithm keys and signatures in
   DNSSEC are now supported per RFC 6605. [RT #21918]

Feature Changes

*  Improves OpenSSL error logging [RT #29932]

*  nslookup now returns a nonzero exit code when it is unable to get
   an answer.  [RT #29492]

Other critical bug fixes are included.

Approved by:	delphij (mentor)
MFC after:	3 days
Security:	CVE-2012-5688
Sponsored by:	DK Hostmaster A/S
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Security Fixes

   Prevents named from aborting with a require assertion failure
   on servers with DNS64 enabled.  These crashes might occur as a
   result of  specific queries that are received.

New Features

*  Elliptic Curve Digital Signature Algorithm keys and signatures in
   DNSSEC are now supported per RFC 6605. [RT #21918]

Feature Changes

*  Improves OpenSSL error logging [RT #29932]

*  nslookup now returns a nonzero exit code when it is unable to get
   an answer.  [RT #29492]

Other critical bug fixes are included.

Approved by:	delphij (mentor)
MFC after:	3 days
Security:	CVE-2012-5688
Sponsored by:	DK Hostmaster A/S
</pre>
</div>
</content>
</entry>
<entry>
<title>bmake and other updates necessary for the BIND 9.8.x upgrade.</title>
<updated>2011-07-16T11:20:54+00:00</updated>
<author>
<name>Doug Barton</name>
<email>dougb@FreeBSD.org</email>
</author>
<published>2011-07-16T11:20:54+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=25630ba729c2d175add02aae3bf5bc66a89d2e3e'/>
<id>25630ba729c2d175add02aae3bf5bc66a89d2e3e</id>
<content type='text'>
This includes a structural change regarding atomic ops. Previously they
were enabled on all platforms unless we had knowledge that they did not
work. However both work performed by marius@ on sparc64 and the fact that
the 9.8.x branch is fussier in this area has demonstrated that this is
not a safe approach. So I've modified a patch provided by marius to
enable them for i386, amd64, and ia64 only.
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This includes a structural change regarding atomic ops. Previously they
were enabled on all platforms unless we had knowledge that they did not
work. However both work performed by marius@ on sparc64 and the fact that
the 9.8.x branch is fussier in this area has demonstrated that this is
not a safe approach. So I've modified a patch provided by marius to
enable them for i386, amd64, and ia64 only.
</pre>
</div>
</content>
</entry>
<entry>
<title>Update to BIND 9.6.3, the latest from ISC on the 9.6 branch.</title>
<updated>2011-02-06T22:46:07+00:00</updated>
<author>
<name>Doug Barton</name>
<email>dougb@FreeBSD.org</email>
</author>
<published>2011-02-06T22:46:07+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=5143adb5490e2ce9f3b7d74307c8f70197df2afe'/>
<id>5143adb5490e2ce9f3b7d74307c8f70197df2afe</id>
<content type='text'>
All 9.6 users with DNSSEC validation enabled should upgrade to this
version, or the latest version in the 9.7 branch, prior to 2011-03-31
in order to avoid validation failures for names in .COM as described
here:

https://www.isc.org/announcement/bind-9-dnssec-validation-fails-new-ds-record

In addition the fixes for this and other bugs, there are also the
following:

  * Various fixes to kerberos support, including GSS-TSIG
  * Various fixes to avoid leaking memory, and to problems that could
    prevent a clean shutdown of named
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
All 9.6 users with DNSSEC validation enabled should upgrade to this
version, or the latest version in the 9.7 branch, prior to 2011-03-31
in order to avoid validation failures for names in .COM as described
here:

https://www.isc.org/announcement/bind-9-dnssec-validation-fails-new-ds-record

In addition the fixes for this and other bugs, there are also the
following:

  * Various fixes to kerberos support, including GSS-TSIG
  * Various fixes to avoid leaking memory, and to problems that could
    prevent a clean shutdown of named
</pre>
</div>
</content>
</entry>
<entry>
<title>Prep for the 9.6-ESV-R2 update</title>
<updated>2010-10-31T04:45:25+00:00</updated>
<author>
<name>Doug Barton</name>
<email>dougb@FreeBSD.org</email>
</author>
<published>2010-10-31T04:45:25+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=031f70f09fe6ab44525dc332810447918f9e7029'/>
<id>031f70f09fe6ab44525dc332810447918f9e7029</id>
<content type='text'>
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
</pre>
</div>
</content>
</entry>
<entry>
<title>Update BIND to version 9.6.1rc1. This version has better performance and</title>
<updated>2009-05-31T05:42:58+00:00</updated>
<author>
<name>Doug Barton</name>
<email>dougb@FreeBSD.org</email>
</author>
<published>2009-05-31T05:42:58+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=6318052d9e161cbc69e4085125ef824d94de16ef'/>
<id>6318052d9e161cbc69e4085125ef824d94de16ef</id>
<content type='text'>
lots of new features compared to 9.4.x, including:

	Full NSEC3 support
	Automatic zone re-signing
	New update-policy methods tcp-self and 6to4-self
	DHCID support.
	More detailed statistics counters including those supported in BIND 8.
	Faster ACL processing.
	Efficient LRU cache-cleaning mechanism.
	NSID support.
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
lots of new features compared to 9.4.x, including:

	Full NSEC3 support
	Automatic zone re-signing
	New update-policy methods tcp-self and 6to4-self
	DHCID support.
	More detailed statistics counters including those supported in BIND 8.
	Faster ACL processing.
	Efficient LRU cache-cleaning mechanism.
	NSID support.
</pre>
</div>
</content>
</entry>
<entry>
<title>In preparation for the BIND 9.6.1rc1 import, remove this directory.</title>
<updated>2009-05-30T23:50:12+00:00</updated>
<author>
<name>Doug Barton</name>
<email>dougb@FreeBSD.org</email>
</author>
<published>2009-05-30T23:50:12+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=9097ac2a7ff12d10a4bb41b10496fdce85cadfae'/>
<id>9097ac2a7ff12d10a4bb41b10496fdce85cadfae</id>
<content type='text'>
The libbind library is no longer distributed as part of the main
BIND package, and we never built it in any case.
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The libbind library is no longer distributed as part of the main
BIND package, and we never built it in any case.
</pre>
</div>
</content>
</entry>
<entry>
<title>Updates for version 9.4.3</title>
<updated>2008-12-23T22:50:39+00:00</updated>
<author>
<name>Doug Barton</name>
<email>dougb@FreeBSD.org</email>
</author>
<published>2008-12-23T22:50:39+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=d851678b62e36caf6ab968dcf3b43c09378e1b57'/>
<id>d851678b62e36caf6ab968dcf3b43c09378e1b57</id>
<content type='text'>
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
</pre>
</div>
</content>
</entry>
</feed>
