[nsd-users] NSD 4.11.0 released

Willem Toorop willem at nlnetlabs.nl
Thu Dec 12 13:22:55 UTC 2024 

Dear all,

NSD 4.11.0 is available:
https://nlnetlabs.nl/downloads/nsd/nsd-4.11.0.tar.gz
sha256 93956d90d45ffa9f84f8ca2f718a42105e4236d094ce032211849f1a12cdc158
pgp https://nlnetlabs.nl/downloads/nsd/nsd-4.11.0.tar.gz.asc

Version 4.11.0 sees various small features and bugfixes.

One notable feature is that configuration can be reloaded and evaluated 
on SIGHUP, when enabled with the new "reload-config" option. Also, DNS 
cookie secrets will be reevaluated from config too.

One notable bugfix is to process and apply non transfer tasks before 
transfer tasks during reloads. Before, non transfer tasks (such as 
adding or deleting zones) would be lost when batched together with a 
transfer task that would fail to apply.

nsd 4.11.0
==========
FEATURES:
   - Support reloading configuration on SIGHUP.
   - Fix #383: log timestamps in ISO8601 format with timezone.
     This adds the option `log-time-iso: yes` that logs in ISO8601
     format.
   - Updated cookie secrets management.
     The default cookie secret file location can be set at compile time
     with the --with-cookiesecretsfile=path option to configure. The
     default location is changed to {dbdir}/cookiesecrets.txt. The
     previous default location will be checked at startup when there is
     no cookie secrets file at the new default location.
     A staging cookie can now also be configured in the configuration
     file and secrets configured in the configuration file now take
     precedence over those read from file.
     All DNS related setting in the configuration file will be
     reevaluated and effectuated after nsd-control reconfig.
   - Merge #398: RFC 9660 The DNS Zone Version (ZONEVERSION) Option
   - Merge #406: ohttp and tls-supported-groups SvcParam suppor
   - Merge #408: NINFO, RKEY, RESINFO, WALLET, CLA and TA RR types
   - Merge #409: Writing of NSAP-PTR, GPOS and HIP RR types
   - Merge #407: Better balanced verbosity levels for logging.

BUG FIXES:
   - Fix title underline and declaration after statement warnings.
   - Add cross platform freebsd, openbsd and netbsd to github ci.
   - Update simdzone to include fix for netbsd double bswap declarations,
     and also semantic checks for DS and ZONEMD. And CFLAGS has -march
     prepended to fix detection.
   - Merge #376: Point the user towards tcpdump for logging individual
     queries.
   - Track $INCLUDEs in zone files.
   - Fix ci to update macos-12 to the macos-15 runner image.
   - Merge #390: Apply non-xfr tasks before xfr tasks.
     This fixes an issue where non-xfr tasks are lost when they are
     batch processed together with non-xfr tasks.
     This merge also changes that notifies are passed on from the serve
     processes to the xfrd directly instead of via main. This was
     necessary to allow applying the non-xfr tasks without forking a
     backup-main for the sole purpose of forwarding notifies.
   - Merge #391: Update copyright lines (in version output).
   - Fix #392: Inconsistent documentation about control-interface.
   - Merge #395: Explain the zonefile example better.
   - Merge #394: Fix the path to use doc/manual/.
   - Fix analyzer issue in do_print_cookie_secrets to check for failure.
   - Merge #404: Introducing Sphinx substitution in code blocks.
     As well as other fixes with Sphinx build.
   - Update Copyright lines in help output
   - Merge #395: Explain zonefile example better
   - Merge #394: Fix doc path (fixes "Edit on GitHub" button in the docs)
   - Fix Makefile for parallel build failure around bison rule.
   - Fix #405: Fix typo in documentation.
   - Treat a mismatch in RRset TTLs as a warning.

simdzone 0.2.0
==============
FEATURES:

   - Add semantic checks for DS and ZONEMD digests (NLnetLabs/nsd#205).
   - Support registering a callback for $INCLUDE entries
     (NLnetLabs/nsd#229).
   - Add tls-supported-groups SvcParam support.
   - Check iana registries for unimplemented (new) RR types and
     SvcParamKeys.
   - Add support for NINFO, RKEY, RESINFO, WALLET, CLA and TA RR types.

BUG FIXES:
   - Prepend -march to CFLAGS to fix architecture detection
     (NLnetLabs/nsd#372).
   - Fix propagation of implicit TTLs (NLnetLabs/nsd#375).
   - Fix detection of Westmere architecture by checking for CLMUL too.
   - Fix compilation on NetBSD (#233).
   - Fix reading specialized symbolic links (NLnetLabs/nsd#380).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE5F8F8212F77A498_and_old_rev.asc
Type: application/pgp-keys
Size: 7749 bytes
Desc: OpenPGP public key
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20241212/bed0d855/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20241212/bed0d855/attachment-0001.bin>

More information about the nsd-users mailing list