[nsd-users] NSD 3.2.15 released (+RRL)
matthijs at nlnetlabs.nl
Mon Feb 4 15:18:21 UTC 2013
I was notified of having made a copy and paste error. This is the actual
release, it is not a release candidate.
On 02/04/2013 03:37 PM, Matthijs Mekking wrote:
> Dear NSD users,
> Here is the release candidate for NSD 3.2.15. This comes with ILNP
> support, NSD-RRL and different TSIG initialization (it fails if it can't
> find no suitable algorithms, instead of can't find 'one of the'). Plus
> some bugfixes.
> The NSD-RRL implementation is based on the work by Vixie and Schryver.
> However, because of the code-diversity argument that is at the basis of
> NSD work but also because of specifics of the NSD architecture, it is an
> independent implementation.
> The implementation shares the main ideas that prevent false positives:
> the fallback to TCP and a fine grained (albeit different) query
> classification mechanism. See
> https://www.nlnetlabs.nl/blog/2012/10/11/nsd-ratelimit/ for some of the
> RRL is not enabled by default. Although we are confident about code
> stability, did extensive testing, and a performed a usual beta-release
> cycle which gave the code exposure, the methodology is rather new and
> there is relatively little operational experience. You can enable RRL
> with the build option '--enable-ratelimit':
> $ ./configure --enable-ratelimit
> We advice prudent monitoring. Within NSD one can monitor RRL being
> turned on or off for specific query patterns when verbosity set to level
> 2 or higher.
> Best regards,
> link: http://www.nlnetlabs.nl/downloads/nsd/nsd-3.2.15.tar.gz
> sha1: e31a81ab7877422b34e1f163f9509cd93f395664
> NSD RELEASE NOTES
> - Support for ILNP RR types: NID, L32, L64, LP (RFC6742).
> - RRL, --enable-ratelimit at configure time and config options.
> - TSIG initialization only fails when there is no digest found
> at all.
> BUG FIXES:
> - Bugfix #478: Declaration after statement (for gcc 2.95).
> - Bugfix #483: Better error message in case of TSIG error.
> - Bugfix #485: TTL should not be greater than 2^31 - 1.
> - Fix RCODE when CNAME loop final answer does not exist, should
> return NXDOMAIN as stated by RFC 6604.
> - Fix --disable-full-prehash bug, where after multiple incoming
> IXFRs, NSEC3 can be removed unjustified.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 553 bytes
Desc: OpenPGP digital signature
More information about the nsd-users