[nsd-users] NSD 4.2.1 released

Wouter Wijngaards wouter at nlnetlabs.nl
Tue Jul 9 07:55:59 UTC 2019


Hi,

NSD 4.2.1 is available!
https://nlnetlabs.nl/downloads/nsd/nsd-4.2.1.tar.gz
sha256 d17c0ea3968cb0eb2be79f2f83eb299b7bfcc554b784007616eed6ece828871f
pgp https://nlnetlabs.nl/downloads/nsd/nsd-4.2.1.tar.gz.asc


This release fixes issues in the stream handling, from 4.2.0, but also
earlier, in the event handling of streams.

The new statistics counters for TLS can give information about how many
incoming DNS over TLS connections for queries have been received.

There are two new options to set the buffer sizes for the network
sockets, this allows an increase for servers that want a bigger size
than the default, which is already an increase over the system default.
Increased buffer size for a network socket helps with traffic spikes.
The options are send-buffer-size and receive-buffer-size, they set their
respective socket options for buffer space.

When an AXFR download is in progress, to a client, and the zone is
updated at that same time, then NSD no longer resets the connection, but
allows that transfer to complete.

The tcp-reject-overflow option can be used to close all connections that
are incoming when the server is full on TCP connections, this stops
those connections from waiting for a spot.


4.2.1
================
FEATURES:
- Added num.tls and num.tls6 stat counters.
- PR #12: send-buffer-size, receive-buffer-size,
  tcp-reject-overflow options for nsd.conf, from Jeroen Koekkoek.
- Fix #14, tcp connections have 1/10 to be active and have to work
  every second, and then they get time to complete during a reload,
  this is a process that lingers with the old version during a version
  update.

BUG FIXES:
- Fix #13: Stray dot at the end of some log entries, removes dot
  after updated serial number in log entry.
- Fix TLS cipher selection, the previous was redundant, prefers
  CHACHA20-POLY1305 over AESGCM and was not as readable as it
  could be.
- Consolidate server tls context create and remote control context
  create, with hardening for the remote control tls context too.
- Fix to init event structure for reassignment.
- Fix to init event not pointer, in reassignment.
- Fix #15: crash in SSL library, initialize variables for TCP access
  when TLS is configured.
- Fix tls handshake event callback function mistake, reported
  by Mykhailo Danylenko.
- Initialize event structures before event_set, to stop uninitialized
  values from setting event library lists and assertions, that would
  sometimes also show after event_del.
- Do not use symbol from libc, instead use own replacement, if not
  available, for accept4.
- Fix output of nsd-checkconf -h.

Best regards, Wouter

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20190709/3175de56/attachment.bin>


More information about the nsd-users mailing list