[nsd-users] NSD 4.10.1 released

Jeroen Koekkoek jeroen at nlnetlabs.nl
Fri Aug 2 12:24:42 UTC 2024 

Hi,

NSD 4.10.1 is available:
https://nlnetlabs.nl/downloads/nsd/nsd-4.10.1.tar.gz
sha256 c0190f923f0095995f2e6331dacd92c6e1f4d578b880d61690602b43a5acfd84
pgp https://nlnetlabs.nl/downloads/nsd/nsd-4.10.1.tar.gz.asc

Version 4.10.1 consists primarily of bug fixes.

@bilias implemented mutual TLS authentication for zone transfers.
Please consult the nsd.conf manual for details on the newly introduced
configuration options tls-auth-port and tls-auth-xfr-only.

Michael Orlitzky provided integration for the OpenRC init system.

Version 4.10.0 was the first release to integrate simdzone. Build
issues on OpenBSD releases before 5.6, Gentoo and Solaris have been
reported and fixed. The fallback parser, used on systems that lack
SSE4.2 and AVX2 instruction sets, contained some bugs with regards to
state keeping and under certain circumstances a use after free bug was
encountered in buffer management.

4.10.1
================
FEATURES:
  - Merge #352 from orlitzky: contrib: add OpenRC service script,
    config file, and tmpfiles entry.
  - Merge #337 from bilias: Mutual TLS-AUTH.

BUG FIXES:
  - Fix incorrect punctuation of log messages.
  - Fix for #317, document more text on pidfile permissions.
  - Fix #334: RFC8482 behavior documentation.
  - Fix for OpenSSL 3.0 deprecated functions.
  - Merge #341: Fix allow-query wording in nsd.conf.5.in.
  - Fix test script from making spurious output.
  - Fix cpu_affinity and socket_partitioning tests for
    --enable-log-role.
  - Fix #344: Update simdzone.
  - Fix #347: Adjust verbosity for TLS (+TCP) to be 5.
  - Merge #348: Move TLS logging to verbosity level 5.
  - For #347: Also adjust verbosity of log message for remaining TCP
    connections.
  - Merge #349: log file name before loading.
  - Use MAKE variable rather than make command directly in Makefile.
  - Serialize WKS RRs using numeric values rather than names.
  - Fix propagation of Makefile targets to simdzone.
  - Do not log ACL mismatch on followed CNAMEs.
  - Fix link of xfr-inspect for libssl dependency.
  - Initialize tls_auth_port and tls_auth_xfr_only options.
  - Merge #358: Fix Hurd build error due to log_err.
  - Update simdzone to fix detection of AVX2 support.


simdzone 0.1.1
================
FEATURES:
  - Test to verify configure.ac and Makefile.in are correct.
  - Add support for reading from stdin if filename is "-".
  - Add support for building with Oracle Developer Studio 12.6.
  - Add support for "time" service for Well-Know Services (WKS) RR.

BUG FIXES:
  - Fix makefile dependencies.
  - Fix makefile to use source directory for build dependencies.
  - Fix changelog to reflect v0.1.0 release.
  - Update makefile to not use target-specific variables.
  - Fix makefile clean targets.
  - Fix state keeping in fallback scanner for contiguous and quoted.
  - Fix bug in name scanner.
  - Fix type mnemonic parsing in fallback parser.
  - Fix endian.h to include machine/endian.h on OpenBSD releases
    before 5.6.
  - Fix use after free on buffer resize.
  - Fix parsing of numeric protocols in WKS RRs.
  - Make devclean target depend on realclean target.
  - Fix detection of AVX2 support by checking generic AVX support
    by the processor and operating system (#222).

CHANGES:
  - Make relative includes relative to current working directory.
  - Split Autoconf and CMake compiler tests for supported SIMD
    instructions.

More information about the nsd-users mailing list