[nsd-users] NSD 4.3.8 released

Wouter Wijngaards wouter at nlnetlabs.nl
Tue Oct 12 07:16:15 UTC 2021


NSD 4.3.8 is available:
sha256 11897e25f72f5a98f9202bd5378c936886d54376051a614d3688e451e9cb99e1
pgp https://nlnetlabs.nl/downloads/nsd/nsd-4.3.8.tar.gz.asc

This release fixes a crash bug in delegation answers, and fixes
in NSEC3 answers. Also compile fixes for OpenSSL. The OpenSSL 3.0
API is supported.

The Mutual TLS feature allows for client authentication for XFR-over-TLS
connections, use the client-cert, client-key and client-key-pw options
to set up the certificate that NSD then uses to connect to the upstream
server to download the zone with.

The default for DNS Cookies is updated. It is now off to
stop wrong behaviour in mixed server deployments.

- Merge #185 by cesarkuroiwa: Mutual TLS.
- Set default for answer-cookie to no. Because in server deployments
  with mixed server software, a default of yes causes issues.

- Fix to compile with OpenSSL 3.0.0beta2.
- Fix configure detection of SSL_CTX_set_security_level.
- Fix deprecated functions use from openssl 3.0.0beta2.
- For #184: Note that all zones can be targeted by some nsd-control
  commands in the man page.
- Fixes for #185: Document client-cert, client-key and client-key-pw
  in the man page. Fix yacc semicolon. Fix unused variable warning.
  Use strlcpy instead of strncpy. Fix spelling error in error
- Merge #187: Support using system-wide crypto policies.
- Fix #188: NSD fails to build against openssl 1.1 on CentOS 7.
- Fix sed script in ssldir split handling.
- Fix #189: nsd 4.3.7 crash answer_delegation: Assertion
  `query->delegation_rrset' failed.
- Fix #190: NSD returns 3 NSEC3 records for NODATA response.
- Fix compile failure with openssl 1.0.2.
- Fix #194: Incorrect NSEC3 response for SOA query below delegation

Best regards, Wouter

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20211012/6107aefc/attachment.bin>

More information about the nsd-users mailing list