Wed Aug 3 17:14:11 2022 UTC ()
nsd: Update to 4.6.0

Changelog:
This release adds the zone verification support from the CreDNS code.
There are also some bug fixes in the ixfr out code.

Zone verification can start a verifier program that reads the new zone
data. It can reject the update. Or process the new zone data. The intent
is for a DNSSEC verifier to inspect the zone before it is passed on with
zone transfer or served to clients.

The zone verification can be enabled with enable: yes in the verify
section in nsd.conf. You can then list the interfaces the NSD listens on
while the verifier is active, so it can send queries for the new zone
contents. With verify-zones: yes zones are verified by default. The
command that is executed can be set with the verifier: ldns-verify-zone
option. With verifier-count the max number of concurrent verifiers can
be set. With the verifier-feed-zone: yes option the zone can be input
on stdin to the verifier program. A timeout to stop the verifier can be
set with the verifier-timeout option.

Per zone options can also be set for a pattern or for a zone, for zone
verification. With verify-zone the zone verification can be enabled
per zone. The verifier can be set per zone. And the verifier-feed-zone
and verifier-timeout options can be controlled per zone.

FEATURES:
    Port zone-verification from CreDNS to NSD4.

BUG FIXES:
    Fix static analyzer reports on ixfrcreate temp file.
    Fixup wrong ixfrcreate fread return check.


(ryoon)
diff -r1.119 -r1.120 pkgsrc/net/nsd/Makefile
diff -r1.79 -r1.80 pkgsrc/net/nsd/distinfo
cvs diff -r1.119 -r1.120 pkgsrc/net/nsd/Makefile (switch to unified diff)

--- pkgsrc/net/nsd/Makefile 2022/06/16 16:23:01 1.119
+++ pkgsrc/net/nsd/Makefile 2022/08/03 17:14:10 1.120
@@ -1,72 +1,72 @@ @@ -1,72 +1,72 @@
1# $NetBSD: Makefile,v 1.119 2022/06/16 16:23:01 ryoon Exp $ 1# $NetBSD: Makefile,v 1.120 2022/08/03 17:14:10 ryoon Exp $
2 2
3DISTNAME= nsd-4.5.0 3DISTNAME= nsd-4.6.0
4CATEGORIES= net 4CATEGORIES= net
5MASTER_SITES= http://www.nlnetlabs.nl/downloads/nsd/ 5MASTER_SITES= http://www.nlnetlabs.nl/downloads/nsd/
6 6
7MAINTAINER= pettai@NetBSD.org 7MAINTAINER= pettai@NetBSD.org
8HOMEPAGE= https://www.nlnetlabs.nl/projects/nsd/about/ 8HOMEPAGE= https://www.nlnetlabs.nl/projects/nsd/about/
9COMMENT= Authoritative-only DNS server 9COMMENT= Authoritative-only DNS server
10LICENSE= modified-bsd 10LICENSE= modified-bsd
11 11
12BUILD_DEFS+= VARBASE NSD_USER NSD_GROUP 12BUILD_DEFS+= VARBASE NSD_USER NSD_GROUP
13FILES_SUBST+= NSD_USER=${NSD_USER} NSD_GROUP=${NSD_GROUP} 13FILES_SUBST+= NSD_USER=${NSD_USER} NSD_GROUP=${NSD_GROUP}
14 14
15PKG_OPTIONS_VAR= PKG_OPTIONS.nsd 15PKG_OPTIONS_VAR= PKG_OPTIONS.nsd
16PKG_SUPPORTED_OPTIONS= inet6 rrl 16PKG_SUPPORTED_OPTIONS= inet6 rrl
17PKG_SUGGESTED_OPTIONS= inet6 17PKG_SUGGESTED_OPTIONS= inet6
18 18
19.include "../../mk/bsd.options.mk" 19.include "../../mk/bsd.options.mk"
20 20
21USE_LANGUAGES= c c++ 21USE_LANGUAGES= c c++
22USE_LIBTOOL= yes 22USE_LIBTOOL= yes
23 23
24.if ${OPSYS} == "NetBSD" 24.if ${OPSYS} == "NetBSD"
25# Some _NETBSD_SOURCE definitions are required to build. 25# Some _NETBSD_SOURCE definitions are required to build.
26CPPFLAGS+= -D_NETBSD_SOURCE 26CPPFLAGS+= -D_NETBSD_SOURCE
27.endif 27.endif
28 28
29GNU_CONFIGURE= yes 29GNU_CONFIGURE= yes
30 30
31PKG_SYSCONFSUBDIR= nsd 31PKG_SYSCONFSUBDIR= nsd
32 32
33CONFIGURE_ARGS+= --prefix=${PREFIX:Q} 33CONFIGURE_ARGS+= --prefix=${PREFIX:Q}
34CONFIGURE_ARGS+= --localstatedir=${VARBASE} 34CONFIGURE_ARGS+= --localstatedir=${VARBASE}
35CONFIGURE_ARGS+= --with-configdir=${PKG_SYSCONFDIR:Q} 35CONFIGURE_ARGS+= --with-configdir=${PKG_SYSCONFDIR:Q}
36.if !empty(PKG_OPTIONS:Minet6) 36.if !empty(PKG_OPTIONS:Minet6)
37CONFIGURE_ARGS+= --enable-ipv6 37CONFIGURE_ARGS+= --enable-ipv6
38.else 38.else
39CONFIGURE_ARGS+= --disable-ipv6 39CONFIGURE_ARGS+= --disable-ipv6
40.endif 40.endif
41.if !empty(PKG_OPTIONS:Mrrl) 41.if !empty(PKG_OPTIONS:Mrrl)
42CONFIGURE_ARGS+= --enable-ratelimit 42CONFIGURE_ARGS+= --enable-ratelimit
43.else 43.else
44CONFIGURE_ARGS+= --disable-ratelimit 44CONFIGURE_ARGS+= --disable-ratelimit
45.endif 45.endif
46 46
47CONFIGURE_ARGS+= --disable-dnstap 47CONFIGURE_ARGS+= --disable-dnstap
48 48
49CONFIGURE_ARGS+= --with-pidfile=${VARBASE}/run/nsd/nsd.pid 49CONFIGURE_ARGS+= --with-pidfile=${VARBASE}/run/nsd/nsd.pid
50CONFIGURE_ARGS+= --with-user=${NSD_USER} 50CONFIGURE_ARGS+= --with-user=${NSD_USER}
51CONFIGURE_ARGS+= --with-dbfile=${VARBASE}/nsd/nsd.db 51CONFIGURE_ARGS+= --with-dbfile=${VARBASE}/nsd/nsd.db
52CONFIGURE_ARGS+= --with-xfrdfile=${VARBASE}/nsd/nsd-xfrd.state 52CONFIGURE_ARGS+= --with-xfrdfile=${VARBASE}/nsd/nsd-xfrd.state
53CONFIGURE_ARGS+= --with-libevent=${BUILDLINK_PREFIX.libevent} 53CONFIGURE_ARGS+= --with-libevent=${BUILDLINK_PREFIX.libevent}
54CONFIGURE_ARGS+= --with-ssl=${BUILDLINK_PREFIX.openssl} 54CONFIGURE_ARGS+= --with-ssl=${BUILDLINK_PREFIX.openssl}
55 55
56RCD_SCRIPTS= nlnsd 56RCD_SCRIPTS= nlnsd
57 57
58NSD_USER?= nsd 58NSD_USER?= nsd
59NSD_GROUP?= nsd 59NSD_GROUP?= nsd
60 60
61PKG_GROUPS= ${NSD_GROUP} 61PKG_GROUPS= ${NSD_GROUP}
62PKG_USERS= ${NSD_USER}:${NSD_GROUP} 62PKG_USERS= ${NSD_USER}:${NSD_GROUP}
63 63
64CONF_FILES+= share/examples/nsd/nsd.conf ${PKG_SYSCONFDIR}/nsd.conf 64CONF_FILES+= share/examples/nsd/nsd.conf ${PKG_SYSCONFDIR}/nsd.conf
65 65
66OWN_DIRS_PERMS+= ${VARBASE}/nsd ${NSD_USER} ${NSD_GROUP} 755 66OWN_DIRS_PERMS+= ${VARBASE}/nsd ${NSD_USER} ${NSD_GROUP} 755
67 67
68INSTALLATION_DIRS= share/examples/nsd 68INSTALLATION_DIRS= share/examples/nsd
69 69
70.include "../../devel/libevent/buildlink3.mk" 70.include "../../devel/libevent/buildlink3.mk"
71.include "../../security/openssl/buildlink3.mk" 71.include "../../security/openssl/buildlink3.mk"
72.include "../../mk/bsd.pkg.mk" 72.include "../../mk/bsd.pkg.mk"
cvs diff -r1.79 -r1.80 pkgsrc/net/nsd/distinfo (switch to unified diff)

--- pkgsrc/net/nsd/distinfo 2022/06/16 16:23:01 1.79
+++ pkgsrc/net/nsd/distinfo 2022/08/03 17:14:10 1.80
@@ -1,6 +1,6 @@ @@ -1,6 +1,6 @@
1$NetBSD: distinfo,v 1.79 2022/06/16 16:23:01 ryoon Exp $ 1$NetBSD: distinfo,v 1.80 2022/08/03 17:14:10 ryoon Exp $
2 2
3BLAKE2s (nsd-4.5.0.tar.gz) = 4f19a8233395435f9731a798357ff3b8f7956be358df77d6a104b64d42903abc 3BLAKE2s (nsd-4.6.0.tar.gz) = 6fbe465e9f173b721e8b9cffbf6eb926479eb48fed6150673a2a12a7aef3e47b
4SHA512 (nsd-4.5.0.tar.gz) = 0309e1ff083b6f2118ba6fd59425319c21f31558d30e17a40eb8f1e53dee9e3e766d7b53eb50462130ba17b454a3559dc786d344cb779468d255732bbc6bc5da 4SHA512 (nsd-4.6.0.tar.gz) = e9f035e42f47ac115cb2c1d0ebdef8b13b1feebca91d4f840d36904efb5ab44a817584b28c9d0d3e236fde1581e8283bcdd554a5463d4b5788329f9245414cbb
5Size (nsd-4.5.0.tar.gz) = 1259059 bytes 5Size (nsd-4.6.0.tar.gz) = 1273532 bytes
6SHA1 (patch-aa) = d9a423d5faa8da9a213b21fd2712225ac9645091 6SHA1 (patch-aa) = d9a423d5faa8da9a213b21fd2712225ac9645091