Tags: NLnetLabs/nsd
Tags
NSD 4.8.0 This release introduces PROXYv2 support and faster statistics gathering, removes the database option and fixes bugs. The proxy protocol support is an implementation of PROXYv2 for NSD. It can be configured with `proxy-protocol-port: portnum` with the port number of the interface on which proxy traffic is handled. The interface can support proxy traffic for UDP, TCP and TLS. The removal of the "database: nsd.db" option removes unneeded code. It stored secondary zones in binary format. Zone files are used instead. This turns out to be about the same speed, for file access, and use much less memory. Plain text is also easier to deal with when inspecting the contents. Intended improvements in zone parser speed are expected to further enhance the performance, making it faster than the binary database. The option to turn the database off with "" was introduced in 4.1.7 in 2015. It is now removed, and the 'database:' option is ignored for backwards compatibility, also the commandline '-f' option is ignored for backwards compatibility. This means NSD can start even though the option is present, and can then transfer zones from the primary and serve them. Statistics are processed faster. NSD now uses shared memory to convey the statistics from the server processes to the xfrd process. This is faster, and also works while a reload is in progress. The statistics are no longer written over the command pipes between processes, and so do not wait for the processes. It is similar to how zone-stats have been implemented. It works for both stats and stats_noreset. Thanks to Sunet for sponsoring the proxy protocol, and providing useful feedback in the early testing of the proxy protocol. 4.8.0 ================ FEATURES: - Merge #281: Proxy protocol. An implementation of PROXYv2 for NSD. It can be configured with proxy-protocol-port: portnum with the port number of the interface on which proxy traffic is handled. The interface can support proxy traffic for UDP, TCP and TLS. - Merge #301: improve the logging of ixfr fallbacks to axfr. - Merge #305: faster stats. Statistics can be gathered while a reload is in progress. BUG FIXES: - Merge #282: Improve nsd.conf man page. - Fix unused but set variable warning. - Fix #283: Compile failure in remote.c when --disable-bind8-stats and --without-ssl are specified. - Fix #284: dnstap_collector.c: SOCK_NONBLOCK is not available on Mac/Darwin. - Fix unused variable warning in unit test of udb. - Merge #287: Update nsd.conf.5.in. - Fix autoconf 2.69 warnings in configure. - Merge #295: Update e-mail addresses, add ref to support contracts - Fix for interprocess communication to set quit sync command from main process explicitly. - Fix processing of consolidated IXFRs. - Remove on-disk database. - Answer first query for connections accepted just before reload. - Fix: Always instate write handler after reading a query over TCP. - Fix #14: Set timeout to 3s when servicing remaining TCP connections. - Merge #302: Test package fixes. Correct Auxfiles, kill_from_pidfile function and fix drop_updates, rr-test and xfr_update tests. - Fix unit test kill_from_pidfile function for nonexistent files because the argument is evaluated before the test expression. - Fix rr-test to also convert the contents of the just written output file. - Fix test set to remove -f nsd.db and rm nsd.db commands. - Fix test set to remove difffile option.
NSD 4.7.0 This release adds a script for bash autocompletion for nsd-control. Also nsd-control can be configured to use unencrypted operation also when compiled without openssl. There is also a systemd service unit example file contributed. The dnstap log service can be contacted over TCP, with the dnstap-ip: ip option. It is also possible to use TLS, with dnstap-tls, it is enabled by default, and can be configured with the dnstap-server-name, dnstap-cert-bundle, dnstap-client-key-file and dnstap-client-cert-file options. The configure option `--enable-root-server` is obsolete, it is no longer used and defaults to on. In addition, the build file should support multicore build with flex and bison more easily. 4.7.0 ================ FEATURES: - Merge #263: Add bash autocompletion script for nsd-control. - Fix #267: Allow unencrypted local operation of nsd-control. - Merge #269 from Fale: Add systemd service unit. - Fix #271: DNSTAP over TCP, with dnstap-ip: "127.0.0.1@3333". - dnstap over TLS, default enabled. Configured with the options dnstap-tls, dnstap-tls-server-name, dnstap-tls-cert-bundle, dnstap-tls-client-key-file and dnstap-tls-client-cert-file. BUG FIXES: - Fix #239: -Wincompatible-pointer-types warning in remote.c. - Fix configure for -Wstrict-prototypes. - Fix #262: Zone(s) not synchronizing properly via TLS. - Fix for #262: More error logging for SSL read failures for zone transfers. - Merge #265: Fix C99 compatibility issue. - Fix #266: Fix build with --without-ssl. - Fix for #267: neater variable definitions. - Fix #270: reserved identifier violation. - Fix to clean more memory on exit of dnstap collector. - Fix dnstap to not check socket path when using IP address. - Fix to compile without ssl with dnstap-tls code. - Dnstap tls code fixes. - Fix include brackets for ssl.h include statements, instead of quotes. - Fix static analyzer warning about nsd_event_method initialization. - Fix #273: Large TXT record breaks AXFR. - Fix ixfr create from adding too many record types. - Fix cirrus script for submit to coverity scan to libtoolize the configure script components config.guess and config.sub. - Fix readme status badge links. - make depend. - Fix for build to run flex and bison before compiling code that needs the headers. - Fix to remove unused whitespace from acx_nlnetlabs.m4 and config.h. - For #279: Note that autoreconf -fi creates the configure script and also the needed auxiliary files, for autoconf 2.69 and 2.71. - Fix unused variable warning in unit test, from clang compile. - Fix #240: Prefix messages originating from verifier. - Fix #275: Drop unnecessary root server checks.
NSD 4.6.1 This release has a couple of bug fixes. The alpn is set for dns over tls connections. And the SVCB type supports the dohpath parameter. 4.6.1 ================ FEATURES: - Set ALPN "dot" token during connection establishment as per RFC9103 section 7.1 (Thanks Cesar Kuroiwa). - Add SVCB dohpath support BUG FIXES: - Fix static analyzer reports, fix wrong log print when skipping xfr, fix to print error on pipe read fail, and assert an xfr is in progress during packet checks. - Use AC_PROG_CC_STDC with autoconf versions prior to 2.70. - Add missing documentation for zone verification. - Fix #212: Change commandline control actions to always log. - Merge #231 from moritzbuhl: Fix checking if nonblocking sockets work on OpenBSD. - Change zone parsing to accept non-trailing newline.
PreviousNext