This is mostly a bugfix release. Most notable new features are ECDSA
support (RFC 6605) and command-line options for ldns-verify-zone for
validating against given keys and for safety margins on signatures
inception and expiration times.
- The examples and drill programs will now built by default.
PR: ports/168296
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Approved by: itetcu (mentor)
the latest from ISC. These versions all contain the following:
Feature Change
* BIND now recognizes the TLSA resource record type, created to
support IETF DANE (DNS-based Authentication of Named Entities)
[RT #28989]
Bug Fix
* The locking strategy around the handling of iterative queries
has been tuned to reduce unnecessary contention in a multi-
threaded environment.
Each version also contains other critical bug fixes.
All BIND users are encouraged to upgrade to these latest versions.
- set NO_LATEST_LINK
- while I'm here, add LICENSE (GPL2) and remove mention of it from pkg-descr
PR: 168192
Submitted by: Ralf van der Enden <tremere at cainites dot net> (maintainer)
- while I'm here, add LICENSE (GPL2) and remove mention of it from pkg-descr
changelog: http://doc.powerdns.com/changelog.html#changelog-auth-3-1
PR: 168198
Submitted by: Ralf van der Enden <tremere at cainites dot net> (maintainer)
The Net::DNS::Zone::Parser should be considered a preprocessor that "normalizes"
a zonefile.
It will read a zonefile in a format conforming to the relevant RFCs with the
addition of BIND's GENERATE directive from disk and will write fully specified
resource records (RRs) to a filehandle. Whereby:
- All comments are stripped
- There is one RR per line
- Each RR is fully expanded i.e. all domain names are fully qualified
(canonicalised) and the CLASS and TTLs are specified.
- Some RRs may be 'stripped' from the source or otherwise processed. For details
see the 'read' method.
Note that this module does not have a notion of what constitutes a valid zone,
it only parses. For example, the parser will happilly parse RRs with ownernames
that are below in another zone because a NS RR elsewhere in the zone.
WWW: http://search.cpan.org/dist/Net-DNS-Zone-Parser/
PR: ports/167708
Submitted by: Jimmy Bergman <jimmy@sigint.se>
should use to boost online privacy and security. It works
by encrypting all DNS traffic between the user and OpenDNS,
preventing any spying, spoofing or man-in-the-middle attacks.
WWW: https://www.opendns.com/technology/dnscrypt/
PR: ports/167833
Submitted by: Leo Vandewoestijne <freebsd@dns-lab.com>
Re-write interface discovery code on *BSD to use getifaddrs. This
is more portable, more straightforward, and allows us to find the
prefix length for IPv6 addresses.
Add ra-names, ra-stateless and slaac keywords for DHCPv6. Dnsmasq
can now synthesise AAAA records for dual-stack hosts which get IPv6
addresses via SLAAC. It is also now possible to use SLAAC and
stateless DHCPv6, and to tell clients to use SLAAC addresses as
well as DHCP ones. Thanks to Dave Taht for help with this.
Add --dhcp-duid to allow DUID-EN uids to be used.
Explicity send DHCPv6 replies to the correct port, instead of relying
on clients to send requests with the correct source address, since
at least one client in the wild gets this wrong. Thanks to Conrda
Kostecki for help tracking this down.
Send a preference value of 255 in DHCPv6 replies when --dhcp-authoritative
is in effect. This tells clients not to wait around for other DHCP
servers.
Better logging of DHCPv6 options.
Add --host-record. Thanks to Rob Zwissler for the suggestion.
Invoke the DHCP script with action "tftp" when a TFTP file transfer
completes. The size of the file, address to which it was sent and
complete pathname are supplied. Note that version 2.60 introduced
some script incompatibilties associated with DHCPv6, and this is a
further change. To be safe, scripts should ignore unknown actions,
and if not IPv6-aware, should exit if the environment variable
DNSMASQ_IAID is set. The use-case for this is to track netboot/install.
Suggestion from Shantanu Gadgil.
Update contrib/port-forward/dnsmasq-portforward to reflect the
above.
Set the environment variable DNSMASQ_LOG_DHCP when running the
script id --log-dhcp is in effect, so that script can taylor their
logging verbosity. Suggestion from Malte Forkel.
Arrange that addresses specified with --listen-address work even
if there is no interface carrying the address. This is chiefly
useful for IPv4 loopback addresses, where any address in 127.0.0.0/8
is a valid loopback address, but normally only 127.0.0.1 appears
on the lo interface. Thanks to Mathieu Trudel-Lapierre for the idea
and initial patch.
Fix crash, introduced in 2.60, when a DHCPINFORM is received from
a network which has no valid dhcp-range. Thanks to Stephane Glondu
for the bug report.
Add a new DHCP lease time keyword, "deprecated" for --dhcp-range.
This is only valid for IPv6, and sets the preffered lease time for
both DHCP and RA to zero. The effect is that clients can continue
to use the address for existing connections, but new connections
will use other addresses, if they exist. This makes hitless renumbering
at least possible.
Fix bug in address6_available() which caused DHCPv6 lease aquisition
to fail if more than one dhcp-range in use.
Provide RDNSS and DNSSL data in router advertisements, using the
settings provided for DHCP options option6:domain-search and
option6:dns-server.
Tweak logo/favicon.ico to add some transparency. Thanks to SamLT
for work on this.
Don't cache data from non-recursive nameservers, since it may
erroneously look like a valid CNAME to a non-exitant name. Thanks
to Ben Winslow for finding this.
Call SO_BINDTODEVICE on the DHCP socket(s) when doing DHCP on exactly
one interface and --bind-interfaces is set. This makes the OpenStack
use-case of one dnsmasq per virtual interface work. This is only
available on Linux; it's not supported on other platforms. Thanks
to Vishvananda Ishaya and the OpenStack team for the suggestion.
Updated French translation. Thanks to Gildas Le Nadan.
Give correct from-cache answers to explict CNAME queries. Thanks
to Rob Zwissler for spotting this.
Add --tftp-lowercase option. Thanks to Oliver Rath for the patch.
Ensure that the DBus DhcpLeaseUpdated events are generated when a
lease goes through INIT_REBOOT state, even if the dhcp-script is
not in use. thanks to Antoaneta-Ecaterina Ene for the patch.
Fix failure of TFTP over IPv4 on OpenBSD platform. Thanks to Brad
Smith for spotting this.
was noticed by ISC at:
https://lists.isc.org/pipermail/bind-users/2012-April/087345.html
and verified by me both by comparing the contents of the old and new
distfiles and by verifying the PGP signature on the new distfile.
No PORTREVISION bump because these files were not installed.
For the port, switch to using the PORTDOCS macro.
Also, switch to the (identical) pkg-message in ../bind97 which was apparently missed
when the other ports were converted.
Feature safe: yes
Mozilla::PublicSuffix provides a single function that returns the public suffix
of a domain name by referencing a parsed copy of Mozilla's Public Suffix List.
From the official website at http://publicsuffix.org:
A "public suffix" is one under which Internet users can directly register names.
Some examples of public suffixes are .com, .co.uk and pvt.k12.wy.us. The Public
Suffix List is a list of all known public suffixes.
A copy of the official list is bundled with the distribution. As the official
list continues to be updated, the bundled copy will inevitably fall out of date.
Therefore, if the bundled copy of found to be over thirty days old, this
distribution's installer provides the option to check for a new version of the
list and download/use it if one is found.
WWW: http://search.cpan.org/dist/Mozilla-PublicSuffix/
Feature safe: yes
maintainer, wrote in message <4F70361B.7080306@thekelleys.org.uk>:
A bug has been found in dnsmasq 2.60 that can cause crashes. This is
configuration dependent: it either crashes frequently or not at all.
The configuration required is one which allows dnsmasq to receive
DHCPINFORM requests for which there is no valid dhcp-range. This is
rare.
Adding the patch he offers for download.
Feature safe: yes
- The LUA port option enables Lua support for DHCP lease-change scripts
- DHCPv6 support
- IPv6 Router Advertisement support
Changelog: http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
Feature safe: yes
- Remove conditionals for PERL_LEVEL < 501200
- Remove regression-test targets b/c this will be centralized in Mk/bsd.perl.mk
- Other minor cleanups
RUN_DEPENDS = ${BUILD_DEPENDS} -> RUN_DEPENDS:= ${BUILD_DEPENDS}
PR: ports/165605
Submitted by: pgollucci (myself)
Approved by: portmgr (linimon)
Exp Run by: linimon
Tested by: make index
