[nsd-users] NSD 4.9.0 released
Jeroen Koekkoek
jeroen at nlnetlabs.nl
Wed Apr 3 14:33:43 UTC 2024
Hi,
NSD 4.9.0 is available:
https://nlnetlabs.nl/downloads/nsd/nsd-4.9.0.tar.gz
sha256 86308f87b09dcb77edc292489b917a5d0dfde986919e68653db0b51cc6dbfebb
pgp https://nlnetlabs.nl/downloads/nsd/nsd-4.9.0.tar.gz.asc
This release adds support for DNS Catalog Zones (RFC 9432) version "2".
Both producer and consumer roles for catalog zones are implemented, but
only a single consumer zone is allowed. The "coo" property, relevant
when multiple consumer zones can be configured, is therefore not
supported. The "group" property is. Consult the nsd.conf man page for
details on how to configure and use catalog zones.
Thanks to Fredrik Pettai from Sunet for providing feedback and testing
DNS Catalog Zones.
This release is signed with my PGP key instead of Wouter's. Please head
over to https://nlnetlabs.nl/people/ to get a hold of my public key.
4.9.0
================
FEATURES:
- Merge #315: Allow SOA apex queries to otherwise with allow-query
protected zones for clients matching a provide-xfr rule, because
clients that are allowed to transfer the zone need to be able to
query SOA at the apex preceding the actual transfer.
- Merge #304: Support for Catalog zones version "2" as specified in
RFC 9432. Both the consumer as well as the producer role are
implemented, but only a single catalog consumer zone is allowed.
The "coo" property, only relevant with multiple catalog consumer,
is therefore not supported. The "group" property is supported.
Have a look at the nsd.conf man page for details on how to
configure and use catalog zones.
BUG FIXES:
- Fix to sync the tests script file common.sh.
- Update test script file common.sh.
- Fix #306: Missing AC_SUBST(dbdir) breaks installation with 4.8.0.
- Fix for #306: Create directory for xfrd.state and zone.list files
in make install.
- Merge #307 from anandb-ripencc: Many improvements to the nsd.conf
man page.
- Fix #308: Deprecate "multi-master-check" in favour of
"multi-primary-check".
- Merge #309: More RFC 8499 compliance.
- Fix control-reconfig-xfrd test for zonestatus primary that is
printed by nsd-control zonestatus.
- Move acx_nlnetlabs.m4 to version 47, with crypt32 check.
- Move acx_nlnetlabs.m4 to version 48, with ssp and getaddrinfo
include check.
- Fix #313: nsd 4.8 stats with implausible spikes.
- Fix compile with memclean for xfrd nsd.db close.
- In xfrd del secondary zone, the timer could perhaps have
event_added, and if so, it would not be event_del if a tcp
connection is active at the time. This could cause the libevent
event lists to fail. Also fix to make sure to set event_added for
the nsd-control ssl nonblocking handshake and check event_added
there too, for extra certainty.
- Merge #316: Fix to reap defunct children by the reload process that
emerged when some serve child processes were still serving TCP
request while the others had already quit, while the reload process
was waiting for the signal from the backup/old main process that all
children exited.
- Fix (also from Merge #316) to reap exited children more frequently
from server main loop for processes that exited during reload, but
missed the initial reaping at start of the main loop because they
took somewhat longer to exit.
- Fix timing sensitivity in ixfr_outsync test.
- Test if debug is available in do-tests.
- Enforce timeout from NSD in ixfr_gone test.
- Update expressions in ixfr_and_restart test.
- Make algorithm explicit in control-repattern test.
- Switch algorithm to hmac-256 for testplan_mess test.
- Replace multiple strcat and strcpy by snprintf.
Best regards, Jeroen
More information about the nsd-users
mailing list