diff options
author | fhajny <fhajny> | 2017-03-09 13:43:49 +0000 |
---|---|---|
committer | fhajny <fhajny> | 2017-03-09 13:43:49 +0000 |
commit | 9f1612ec30d196760ef685d99dd43c249a009678 (patch) | |
tree | 1922bb9504eee7b4545336d056785fe5145d8be9 /net/powerdns-recursor/distinfo | |
parent | 41bbbc14d6556c2df6df09b21fe115a9156da7f3 (diff) | |
download | pkgsrc-9f1612ec30d196760ef685d99dd43c249a009678.tar.gz |
Update net/powerdns-recursor to 4.0.4.
PowerDNS Recursor 4.0.4
=======================
Change highlights include:
- Check TSIG signature on IXFR (Security Advisory 2016-04)
- Don't parse spurious RRs in queries when we don't need them
(Security Advisory 2016-02)
- Add 'max-recursion-depth' to limit the number of internal recursion
- Wait until after daemonizing to start the RPZ and protobuf threads
- On RPZ customPolicy, follow the resulting CNAME
- Make the negcache forwarded zones aware
- Cache records for zones that were delegated to from a forwarded zone
- DNSSEC: don't go bogus on zero configured DSs
- DNSSEC: NSEC3 optout and Bogus insecure forward fixes
- DNSSEC: Handle CNAMEs at the apex of secure zones to other secure
zones
PowerDNS Recursor 4.0.3
=======================
Bug fixes
- Call gettag() for TCP queries
- Fix the use of an uninitialized filtering policy
- Parse query-local-address before lua-config-file
- Fix accessing an empty policyCustom, policyName from Lua
- ComboAddress: don't allow invalid ports
- Fix RPZ default policy not being applied over IXFR
- DNSSEC: Actually follow RFC 7646 ยง2.1
- Add boost context ldflags so freebsd builds can find the libs
- Ignore NS records in a RPZ zone received over IXFR
- Fix build with OpenSSL 1.1.0 final
- Don't validate when a Lua hook took the query
- Fix a protobuf regression (requestor/responder mix-up)
Additions and Enhancements
- Support Boost 1.61+ fcontext
- Add Lua binding for DNSRecord::d_place
PowerDNS Recursor 4.0.2
=======================
Bug fixes
- Set dq.rcode before calling postresolve
- Honor PIE flags.
- Fix build with LibreSSL, for which OPENSSL_VERSION_NUMBER is
irrelevant
- Don't shuffle CNAME records. (thanks to Gert van Dijk for the
extensive bug report!)
- Fix delegation-only
Additions and enhancements
- Respect the timeout when connecting to a protobuf server
- allow newDN to take a DNSName in; document missing methods
- expose SMN toString to lua
- Anonymize the protobuf ECS value as well (thanks to Kai Storbeck of
XS4All for finding this)
- Allow Lua access to the result of the Policy Engine decision, skip
RPZ, finish RPZ implementation
- Remove unused DNSPacket::d_qlen
- RPZ: Use query-local-address(6) by default (thanks to Oli Schacher
of switch.ch for the feature request)
- Move the root DNSSEC data to a header file
PowerDNS Recursor 4.0.1
=======================
Bug fixes
- Improve DNSSEC record skipping for non dnssec queries (Kees
Monshouwer)
- Don't validate zones from the local auth store, go one level down
while validating when there is a CNAME
- Don't go bogus on islands of security
- Check all possible chains for Insecures
- Don't go Bogus on a CNAME at the apex
- RPZ: default policy should also override local data RRs
- Fix a crash when the next name in a chained query is empty and
rec_control current-queries is invoked
Improvements
- OpenSSL 1.1.0 support (Christian Hofstaedtler)
- Fix warnings with gcc on musl-libc (James Taylor)
- Also validate on +DO
- Fail to start when the lua-dns-script does not exist
- Add more Netmask methods for Lua (Aki Tuomi)
- Validate DNSSEC for security polling
- Turn on root-nx-trust by default and log-common-errors=off
- Allow for multiple trust anchors per zone
- Fix compilation warning when building without Protobuf
PowerDNS Recursor 4.0.0
=======================
- Moved to C++ 2011, a cleaner more powerful version of C++ that has
allowed us to improve the quality of implementation in many places.
- Implemented dedicated infrastructure for dealing with DNS names that
is fully "DNS Native" and needs less escaping and unescaping.
- Switched to binary storage of DNS records in all places.
- Moved ACLs to a dedicated Netmask Tree.
- Implemented a version of RCU for configuration changes
- Instrumented our use of the memory allocator, reduced number of
malloc calls substantially.
- The Lua hook infrastructure was redone using LuaWrapper; old scripts
will no longer work, but new scripts are easier to write under the
new interface.
- DNSSEC processing: if you ask for DNSSEC records, you will get them.
- DNSSEC validation: if so configured, PowerDNS perform DNSSEC
validation of your answers.
- Completely revamped Lua scripting API that is "DNSName" native and
therefore far less error prone, and likely faster for most commonly
used scenarios.
- New asynchronous per-domain, per-ip address, query engine.
- RPZ (from file, over AXFR or IXFR) support.
- All caches can now be wiped on suffixes, because of canonical
ordering.
- Many, many more relevant performance metrics, including upstream
authoritative performance measurements.
- EDNS Client Subnet support, including cache awareness of
subnet-varying answers.
Diffstat (limited to 'net/powerdns-recursor/distinfo')
-rw-r--r-- | net/powerdns-recursor/distinfo | 27 |
1 files changed, 8 insertions, 19 deletions
diff --git a/net/powerdns-recursor/distinfo b/net/powerdns-recursor/distinfo index 808eeb48e80..a3770583c01 100644 --- a/net/powerdns-recursor/distinfo +++ b/net/powerdns-recursor/distinfo @@ -1,21 +1,10 @@ -$NetBSD: distinfo,v 1.15 2015/11/04 00:35:28 agc Exp $ +$NetBSD: distinfo,v 1.16 2017/03/09 13:43:49 fhajny Exp $ -SHA1 (pdns-recursor-3.7.3.tar.bz2) = a09d960852ba67c1618dfa9258158a1145f657c1 -RMD160 (pdns-recursor-3.7.3.tar.bz2) = c73738ea571b8ce4ef4c01ee02c971c990d03f42 -SHA512 (pdns-recursor-3.7.3.tar.bz2) = 35b95130e46d04c91adc3c4676a6e5546ac25d21ec576734162764732993d876d34f0e8124b7b6934c8354c0d042ffa5ec30f138b83a9aeaafcefa3808adcf23 -Size (pdns-recursor-3.7.3.tar.bz2) = 245192 bytes -SHA1 (patch-Makefile.in) = 4aa3fc487afab1795532cc6a09975fa6580625fe +SHA1 (pdns-recursor-4.0.4.tar.bz2) = e3d2f18e0ea929e425bc9da4256f76331797f691 +RMD160 (pdns-recursor-4.0.4.tar.bz2) = 12b1b7239156d9b898199c02a1edd6875301a7b1 +SHA512 (pdns-recursor-4.0.4.tar.bz2) = 9473dfe9abc509b2bb953139dd7892de2027ee1508902fa0c2cd30dd9a88878fcf44370b8372d573cbab12de32bb8c604005d3b39ea34db2ef86786e689d36ab +Size (pdns-recursor-4.0.4.tar.bz2) = 1050596 bytes SHA1 (patch-dns.hh) = 7e9c1b10a066a605b74ebdbee2d894aed50f6c68 -SHA1 (patch-dnsparser.cc) = acd60fbeaa5ad3aa09db306eeaddb1071bbedfb7 -SHA1 (patch-dnsparser.hh) = 289e271629969a50b41e805ae9f092ce75a1483f -SHA1 (patch-iputils.hh) = 01134b045189653046036d7cb081a2f4d1ed27e4 -SHA1 (patch-kqueuemplexer.cc) = 1e3923aec5f81400eaedffa07c50762da7bdd5c8 -SHA1 (patch-namespaces.hh) = b7abe73b649569819fb070e10d3c926c95589bfb -SHA1 (patch-pdns__recursor.1) = de3c561e770558850a9f1bdf13f60570d90a5643 -SHA1 (patch-pdns__recursor.cc) = b1d6ba1d1abfbd2759431caffc113bca22513abd -SHA1 (patch-rec__channel.cc) = dee9fba4bbe240ca2070cdf8a8f303bb2e3bce61 -SHA1 (patch-rec__channel__rec.cc) = b0b277167fff8a080528f6a5cc75a81658f7c66f -SHA1 (patch-rec__control.1) = 6a38b768cf5ab6f91fcf6eb7e4d5f0c62824f723 -SHA1 (patch-recursor__cache.cc) = c2f86bd695ed01ae6b415a61a099696c87f78d63 -SHA1 (patch-reczones.cc) = f187de66d755a8e134804282ceb7723aa9bd392e -SHA1 (patch-sysdeps_SunOS.inc) = e2087d1469437c88266bc30566cf9d7415e7af69 +SHA1 (patch-iputils.hh) = aaf3b913fbe26f5daa9c2b16ff24cc9a7a1d7de0 +SHA1 (patch-kqueuemplexer.cc) = 87b3b6670393ee60fc96cf91c5acf575adfd06c0 +SHA1 (patch-qtype.hh) = f14eb9ad7efc7dd4a0ce220c1f93044ef69e99c2 |