Commit Graph

57 Commits

Author SHA1 Message Date
dougb
a2b635f68f Upgrade to BIND version 9.8.3, the latest from ISC.
Feature Change

*  BIND now recognizes the TLSA resource record type, created to
   support IETF DANE (DNS-based Authentication of Named Entities)

Bug Fix

*  The locking strategy around the handling of iterative queries
   has been tuned to reduce unnecessary contention in a multi-
   threaded environment.

Other critical bug fixes are included.

All BIND users are encouraged to upgrade.
2012-05-28 19:47:56 +00:00
dougb
0adb91c0ac Update to version 9.8.2, the latest from ISC, which contains numerous bug fixes. 2012-04-05 04:29:35 +00:00
dougb
f18a6196d7 Upgrade to BIND version 9.8.1. Release notes at:
https://deepthought.isc.org/article/AA-00446/81/
or
/usr/src/contrib/bind9/

Approved by:	re (kib)
2011-09-03 07:13:45 +00:00
dougb
ea4a7b3232 Fixes to make the WITH_BIND_LIBS option functional with BIND 9.8.x 2011-07-17 12:07:22 +00:00
dougb
264979c9d1 bmake and other updates necessary for the BIND 9.8.x upgrade.
This includes a structural change regarding atomic ops. Previously they
were enabled on all platforms unless we had knowledge that they did not
work. However both work performed by marius@ on sparc64 and the fact that
the 9.8.x branch is fussier in this area has demonstrated that this is
not a safe approach. So I've modified a patch provided by marius to
enable them for i386, amd64, and ia64 only.
2011-07-16 11:20:54 +00:00
dougb
19de2b99a5 Handle the MK_BIND_XML option more intelligently 2011-07-16 07:12:02 +00:00
dougb
31eda3d2ca Update to BIND 9.6.3, the latest from ISC on the 9.6 branch.
All 9.6 users with DNSSEC validation enabled should upgrade to this
version, or the latest version in the 9.7 branch, prior to 2011-03-31
in order to avoid validation failures for names in .COM as described
here:

https://www.isc.org/announcement/bind-9-dnssec-validation-fails-new-ds-record

In addition the fixes for this and other bugs, there are also the
following:

  * Various fixes to kerberos support, including GSS-TSIG
  * Various fixes to avoid leaking memory, and to problems that could
    prevent a clean shutdown of named
2011-02-06 22:46:07 +00:00
dougb
97a7ccf9c1 Revert part of r217071 so that us mere mortals can clearly see
what this bit of code is intended to do. :)

Approved by:	imp
2011-01-09 23:47:11 +00:00
imp
fe1ba87ad1 Make this work on big endian MIPS, while not breaking it for small
endian mips.  This will also make it work automatically on all future
big endian platforms.
2011-01-06 21:07:51 +00:00
dougb
58320b36c1 Prep for the 9.6-ESV-R2 update 2010-10-31 04:45:25 +00:00
nwhitehorn
7b6b47da77 Since powerpc and powerpc64 share an instruction set, bind can and should
use the 32-bit atomic operations unmodified. Accomplish this by switching
some MACHINE_ARCH values to MACHINE_CPUARCH.
2010-07-10 17:46:53 +00:00
dougb
d645bf55b3 Update to 9.6.2-P1, the latest patchfix release which deals with
the problems related to the handling of broken DNSSEC trust chains.

This fix is only relevant for those who have DNSSEC validation
enabled and configure trust anchors from third parties, either
manually, or through a system like DLV.
2010-03-18 19:00:35 +00:00
dougb
c52afe031a Upgrade to version 9.6.2. This version includes all previously released
security patches to the 9.6.1 version, as well as many other bug fixes.

This version also incorporates a different fix for the problem we had
patched in contrib/bind9/bin/dig/dighost.c, so that file is now back
to being the same as the vendor version.

Due to the fact that the DNSSEC algorithm that will be used to sign the
root zone is only included in this version and in 9.7.x those who wish
to do validation MUST upgrade to one of these prior to July 2010.
2010-03-03 05:45:24 +00:00
dougb
dc059390f7 Commit copyright-only changes to generated files as part of the
9.6.1-P3 update
2010-01-25 04:42:54 +00:00
dougb
54dfe5254b Update to BIND 9.6.1-P2. The vulnerability this is designed to fix is
related to DNSSEC validation on a resolving name server that allows
access to untrusted users. If your system does not fall into all 3 of
these categories you do not need to update immediately.
2009-11-30 03:38:34 +00:00
dougb
ec14ac76ed Add support for the build options that are currently in the port:
WITH_BIND_IDN
	WITH_BIND_LARGE_FILE
	WITH_BIND_SIGCHASE
	WITH_BIND_XML
2009-06-01 21:58:59 +00:00
dougb
1e9abbf9ca Update BIND to version 9.6.1rc1. This version has better performance and
lots of new features compared to 9.4.x, including:

	Full NSEC3 support
	Automatic zone re-signing
	New update-policy methods tcp-self and 6to4-self
	DHCID support.
	More detailed statistics counters including those supported in BIND 8.
	Faster ACL processing.
	Efficient LRU cache-cleaning mechanism.
	NSID support.
2009-05-31 05:42:58 +00:00
dougb
be58c3cbc7 In preparation for the BIND 9.6.1rc1 import, remove this directory.
The libbind library is no longer distributed as part of the main
BIND package, and we never built it in any case.
2009-05-30 23:50:12 +00:00
dougb
6da056b534 Updates for version 9.4.3 2008-12-23 22:50:39 +00:00
dougb
77bde798e1 Vendor import of BIND 9.4.3 2008-12-23 19:18:41 +00:00
dougb
ec8da49ce6 Update copyrights and comments as of 9.4.3 (no functional changes) 2008-12-23 19:15:04 +00:00
dougb
6c8226d7d6 Vendor import of BIND 9.4.3 2008-12-23 18:35:21 +00:00
kib
2e6f1edb43 Add strndup(3) prototype to string.h.
This change was erronously ommitted from the r185690, and attempt
to simply add the prototype to string.h has revealed that several
contributed programs defined local prototypes for strndup(), controlled
by autoconfed config.h. So, manually change #undef HAVE_STRNDUP to
#define HAVE_STRNDUP 1. Next import of the corresponding program would
regenerate config.h, overriding the changes in this commit.

No objections from: kan
2008-12-08 21:04:24 +00:00
dougb
595c959724 Update for version 9.4.2-P2 2008-09-01 22:55:23 +00:00
dougb
6391cf1904 Vendor import of BIND 9.4.2-P2 2008-09-01 20:53:25 +00:00
dougb
32fd6457bc These files are unused, and due to a more thorough FREEBSD-Xlist
are no longer updated.
2008-07-12 07:32:48 +00:00
peter
ba8f85b49c Flatten bind9 vendor work area 2008-07-12 05:00:28 +00:00
dougb
2cfd49de5b One more glue update for BIND 9.4.2 2007-12-02 22:21:30 +00:00
dougb
475b1eb4b2 Update glue for BIND 9.4.2 2007-12-02 19:13:58 +00:00
dougb
433397be88 Remove the special atomic.h case for arm, and allow it to use
the platform specific file that imp provided.
2007-06-05 22:17:16 +00:00
dougb
8117f4670d Fix the amd64 and pc98 versions of ISC_ATOMIC_ARCH with some help
from ru@.

Take a guess at what might work on arm to try and fix the build.
2007-06-03 16:49:57 +00:00
dougb
5b21df8b30 Update generated files for BIND 9.4.1 2007-06-02 23:24:14 +00:00
dougb
6828e8e3e5 Update bmake glue for the BIND 9.4.1 import.
This includes a return to building with threads, since one of the
major focuses of the 9.4.x branch is to improve thread performance.
2007-06-02 23:19:58 +00:00
dougb
165b7b2e7f Update generated files for BIND 9.3.4 2007-01-29 18:33:18 +00:00
dougb
3cafae54dc Changes to generated files related to the 9.3.3 import. 2006-12-10 07:11:04 +00:00
ru
388e590f95 Reimplementation of world/kernel build options. For details, see:
http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html

The src.conf(5) manpage is to follow in a few days.

Brought to you by:	imp, jhb, kris, phk, ru (all bugs are mine)
2006-03-17 18:54:44 +00:00
dougb
5356ece7af Updated versions of header files generated per the instructions
in src/contrib/bind9/FREEBSD-Upgrade for the 9.2.3 import
2005-12-29 04:29:03 +00:00
ru
1979476cc6 Finish the removal of threads support in ../config.mk,v 1.15. 2005-11-07 15:22:35 +00:00
des
96f2eb8f8a Disable thread support in BIND. It appears to reduce performance rather
than increase it, and seems to be the cause of the memory leaks which some
users have reported.

Requested by:	dougb
MFC after:	5 days
2005-07-25 14:44:11 +00:00
dougb
a11fe928e2 Regenerate for 9.3.1 2005-03-17 08:39:12 +00:00
dougb
78ab7e518f bmake changes to handle the move of dns/sec and related files 2005-03-17 08:35:21 +00:00
ru
5c04306fea NOINET6 -> NO_INET6 2004-12-21 10:49:29 +00:00
ru
f4c44b761b NOCRYPT -> NO_CRYPT 2004-12-21 10:16:04 +00:00
ru
ba3655c74f NOLIBC_R -> NO_LIBC_R
NOLIBPTHREAD -> NO_LIBPTHREAD
NOLIBTHR -> NO_LIBTHR
2004-12-21 09:00:26 +00:00
ru
17f9167e24 For variables that are only checked with defined(), don't provide
any fake value.
2004-10-24 15:46:50 +00:00
ru
5db2b9d5b3 For variables that are only checked with defined(), don't provide
any fake value.
2004-10-24 15:33:08 +00:00
dougb
5887a0ecf4 Fix up the man file installation for the new BIND 9 sources:
1. Install man files and links for the lwres library.

2. Fix the path in various files to say /etc/namedb/ instead of just /etc.

3. Correctly install the conf file man pages for named and rndc.
2004-09-26 06:36:11 +00:00
dougb
bdbbaec34c Ruslan has educated me both on the wisdom of why this approach is
better than mine, and why to wait for review.

Submitted by:	ru
2004-09-24 21:30:54 +00:00
dougb
389acf125b Fix the WANT_BIND_LIBS knob by correctly spelling it as WITH_BIND_LIBS
to match how similar syntax is used in the ports system. Thanks to kris
for pointing out my mistake here.

Install the lwres library unless the user defines NO_BIND, or the new
knob, NO_BIND_LIBS_LWRES. There is at least one potential customer
for this library in the wings. Thanks to nectar for the reminder.
2004-09-24 18:42:05 +00:00
ru
03cf2e6303 Don't expose BIND libraries and their headers to the public by default,
but have a knob (WANT_BIND_LIBS) to build and install them in /usr/lib
and /usr/include.  Rumors are that this may be useful at a later point,
let's see.

What this really means is that all BIND libraries are now internal to
buildworld (by default, unless WANT_BIND_LIBS is defined), and linked
statically into various BIND executables.

While here, removed redundant -I's from CFLAGS in lib/bind makefiles.

Sponsored by:	des
OK'ed by:	dougb
2004-09-24 13:42:00 +00:00