freebsd-ports/dns/bind99/distinfo
Erwin Lansing 0d68cdb33f Update to 9.9.4
Note that the Rate Limiting option has been renamed.

Security Fixes

   Previously an error in bounds checking on the private type
   'keydata' could be used to deny service through a deliberately
   triggerable REQUIRE failure (CVE-2013-4854).  [RT #34238]

   Prevents exploitation of a runtime_check which can crash named
   when satisfying a recursive query for particular malformed zones.
   (CVE-2013-3919) [RT #33690]

New Features

   Added Response Rate Limiting (RRL) functionality to reduce the
   effectiveness of DNS as an amplifier for reflected denial-of-service
   attacks by rate-limiting substantially-identical responses. [RT
   #28130]

Feature Changes

   rndc status now also shows the build-id. [RT #20422]

   Improved OPT pseudo-record processing to make it easier to support
   new EDNS options. [RT #34414]

   "configure" now finishes by printing a summary of optional BIND
   features and whether they are active or inactive. ("configure
   --enable-full-report" increases the verbosity of the summary.)
   [RT #31777]

   Addressed compatibility issues with newer versions of Microsoft
   Visual Studio. [RT #33916]

   Improved the 'rndc' man page. [RT #33506]

   'named -g' now no longer works with an invalid logging configuration.
   [RT #33473]

   The default (and minimum) value for tcp-listen-queue is now 10
   instead of 3.  This is a subtle control setting (not applicable
   to all OS   environments).  When there is a high rate of inbound
   TCP connections, it   controls how many connections can be queued
   before they are accepted by named.  Once this limit is exceeded,
   new TCP connections will be rejected.  Note however that a value
   of 10 does not imply a strict limit of 10 queued TCP connections
   - the impact of changing this configuration setting will be
   OS-dependent.  Larger values for tcp-listen queue will permit
   more pending tcp connections, which may be needed where there
   is a high rate of TCP-based traffic (for example in a dynamic
   environment where there are frequent zone updates and transfers).
   For most production servers the new default value of 10 should
   be adequate.  [RT #33029]

   Added support for OpenSSL versions 0.9.8y, 1.0.0k, and 1.0.1e
   with PKCS#11. [RT #33463]

   Added logging messages on slave servers when they forward DDNS
   updates to a master. [RT #33240]

   Changed the logging category for RRL events from 'queries' to
   'query-errors'. [RT #33540]
2013-09-20 08:22:45 +00:00

3 lines
129 B
Plaintext

SHA256 (bind-9.9.4.tar.gz) = fe0f16653382e428b10282ce9850722d19589d66f2b45a528e98be3153f654c8
SIZE (bind-9.9.4.tar.gz) = 7513017