Tags: NLnetLabs/nsd
Tags
This release enables some commonly used features by default, and intr… …oduces experimental support for AF_XDP sockets that can be enabled with the `--enable-xdp` feature flag (see https://nsd.docs.nlnetlabs.nl/en/latest/xdp.html). 4.13.0 ================ FEATURES: - Use '(all)' and '(none)' for the socket server affinity log output instead of '*' and '-'. - The --enable-bind8-stats feature, was already enabled by default, is described as enabled by default in usage. - The --enable-zone-stats feature is enabled by default. It can be turned on with config like `zonestats: "%s"`. - The --enable-ratelimit feature is enabled by default. The ratelimit value is off by default. It can be turned on with config like `rrl-ratelimit: 200`. - The --enable-dnstap feature is enabled by default. If fstrm-devel or protobuf-c are not found by configure it prints an error. It can be turned on with config like `dnstap-enable: yes`. - Change default for send-buffer-size to 4m, to mitigate a cross-layer issue where the UDP socket send buffers are exhausted waiting for ARP/NDP resolution. Thanks to Reflyable for the report. - Disable TLSv1.2 if TLSv1.3 is available. - Merge #449: Add useful logging for XoT transfers. - Merge #425: Add experimental XDP (AF_XDP) support for UDP traffic - Merge #455: --with-dbdir option for configure to set the base directory for the xfrd zone timer state file, the zone list file and the cookie secrets file. Thanks Simon Josefsson. - Merge #456: Spelling fixes in metrics.c. Thanks Simon Josefsson. BUG FIXES: - Fix punctuation of nsd -h output for the -a option. - Fix checkconf unit test for when metrics are not enabled. - Prometheus metrics tests require --enable-zone-stats. - Add unit test for socket server affinity log output. - Move xfrd-tcp unit test to its own file. - Fix contrib/nsd.spec to omit configure flags that are default or that do not exist. - Fix to remove mention of obsolete root-server option. - Fix mention of draft-rrtypes and root-server configure options. - Fix ci workflow for enable dnstap. - Fix to remove use of sprintf from metrics. - Fix for fstrm and protobuf-c for ci workflow coverity-scan. - Fix for parallel build of dnstap protoc-c output. - Fix to remove unneeded mkdir from Makefile. - Fix dnstap to use protoc and keep dnstap_config.h unchanged if possible. - Fix to provide doc for --enable-systemd. - Fix to remove debug printout for configure dnstap header. - Fix #441: SystemD script for NSD prevents using chroot. - Fix to add checks for compression pointers and too long dnames in internal dname routines, dname_make and ixfr dname_length. - Fix to remove shell assignment operator from Makefile for DATE. - make depend. - Fix bitwise operators in conditional expressions with parentheses. - Fix conditional expressions with parentheses for bitwise and. - Merge #445: contrib/nsd.openrc.in: use supervise-daemon and add `need net`. - Fix #446 nsd_size_db_in_mem_bytes (size.db.mem) metric not updated on reload. - Merge #447: Minimize disruptions on reconfig. - For #447: Updated simdzone to latest commit. With the padding test changes. - For #447: use need_to_send_reload to detect if a reload is issued. - For #447: acl_list_equal already tests for TSIG key changes, so removed the duplicate checks. - For #447: log crypto error with the SSL_write error. - Update simdzone with support for --enable-pie. - Merge #454 from jaredmauch: handle rare case but seen in production where data->query is NULL. simdzone 0.2.3 ================ FEATURES: - check_pie: match nsd support (#253). BUG FIXES: - Fix tests to initialize padding (#252). - Fix for #253, add acx_nlnetlabs.m4 in the repo and allow CFLAGS passed to configure to set the flags.
This release introduces Prometheus metrics that can be configured with enable-metrics (see nsd.conf(5)). nsd 4.12.0 ================ FEATURES: - Merge #418: Support for DSYNC, EID, NIMLOC, SINK, TALINK, DOA, AMTRELAY and IPN resource record types. - Merge #420: Zones get state "old-serial" with `nsd-control zonestatus` when the served serial is older than the one received by the transfer daemon. - Merge #429: Add prometheus metrics BUG FIXES: - Fix re-enable to configure dns-cookies from config file, which was accidentally removed with the 4.11.1 release. - Fix #426: nsd crashes with patterns in config_apply_pattern. - Fix for #430: Confusing documentation: word "outgoing". - Fix for #430: Confusing documentation: word "outgoing". Add wording to tcp-count, xfrd-tcp-max, xfrd-tcp-pipeline options. - Fix that nsec3 prehash after a full transfer can create the nsec3 zone trees if they are needed. - Fix in nsd-mem for a zone with ixfr data. - Fix ixfr read routine for use after the temp region is freed of rr. - Fix ixfr file read to manage numlist in temp domains. - Fix nsd-mem to clean ixfr storage. - Fix log print assert in server sockets for printing '-' empty. - Fix notify_fmt test for xfrd file location. - Fix sanitizer warnings in read_uint32. - Fix sanitizer warning in tsig write of zero length mac and otherdata. - Fix to please sanitizer for ixfr store of data in cancelled state. - Fix multiple zone transfers in one reload so that xfrd does not check the update as failed and restart the transfer. - Fix read of ixfr file with rdata subdomain. - Fix test checkconf for metrics options. - Updated simdzone to include fixes for NSAP-PTR, LOC, uninitialized reads, and comment nit. - Fix #436: Fix print of RR type NSAP-PTR. - Fix unit test call to zone_parse_string and initialize padding. - Fix escape more characters when printing an RR type with an unquoted string. - Fix memory leak in the process of addzone. - Fix to update common.sh for speed of kill_pid. - Fix nsd-checkzone ixfr create cleanup on exit. simdzone 0.2.2 ================ FEATURES: - Support for EID, NIMLOC, SINK, TALINK, DSYNC, DOA, AMTRELAY and IPN RR types. BUG FIXES: - Empty base16 and base64 in CDS and CDNSKEY can be represented with a '0'. As specified in Section 4 of RFC 8078. - Initialise padding after the file buffer (#249). - Fix type NSAP-PTR (#250). - Fix LOC poweroften lookup (#251).
NSD 4.11.1 NSD version 4.11.0 had a serious bug in which applying updates to zones (and other modifications that require a reload, such as adding and deleting zones), could stop entirely after reception of a broken or corrupted update via zone transfer. We believe that this broken state would appear as one of the NSD processes consuming 100% CPU. Version 4.11.1 has this corrected as well as some other smaller non-critical bugs. We strongly advise to not run NSD version 4.11.0, and if you have it deployed already, upgrade to 4.11.1 at the earliest possible opportunity. nsd 4.11.1 ========== BUG FIXES: - Fix #415: Fix out of tree builds. Thanks Florian Obser (@fobser). - Fix #414: XoT interoperability with BIND and Knot - Fix #421: old-main can quit before the reload process received from old-main that it is done on the reload_listener pipe. Thanks Otto Retter. - Fix whitespace in comment. - Fix #424: Stalled updates after corrupt transfer. simdzone 0.2.1 ============== BUG FIXES: - Cleanup westmere and haswell object files (#244) Thanks @fobser - Out of tree builds (#415) - Fix function declarations for fallback detection routine in isadetection.h.
NSD 4.11.0 This release has various small features and bugfixes. One notable feature is that configuration can be reloaded and evaluated on SIGHUP, when enabled with the new "reload-config" option. Also new is that cookie secrets will be reevaluated from config too. One notable bugfix is to process and apply non transfer tasks before transfer tasks during reloads. Before, non transfer tasks (such as adding or deleting zones) would be lost when batched together with a transfer task that would fail to apply. 4.11.0 ================ FEATURES: - Support reloading configuration on SIGHUP. - Fix #383: log timestamps in ISO8601 format with timezone. This adds the option `log-time-iso: yes` that logs in ISO8601 format. - Updated cookie secrets management. The default cookie secret file location can be set at compile time with the --with-cookiesecretsfile=path option to configure. The default location is changed to {dbdir}/cookiesecrets.txt. The previous default location will be checked at startup when there is no cookie secrets file at the new default location. A staging cookie can now also be configured in the configuration file and secrets configured in the configuration file now take precedence over those read from file. All DNS related setting in the configuration file will be reevaluated and effectuated after nsd-control reconfig. - Merge #398: RFC 9660 The DNS Zone Version (ZONEVERSION) Option - Merge #406: ohttp and tls-supported-groups SvcParam suppor - Merge #408: NINFO, RKEY, RESINFO, WALLET, CLA and TA RR types - Merge #409: Writing of NSAP-PTR, GPOS and HIP RR types - Merge #407: Better balanced verbosity levels for logging. BUG FIXES: - Fix title underline and declaration after statement warnings. - Add cross platform freebsd, openbsd and netbsd to github ci. - Update simdzone to include fix for netbsd double bswap declarations, and also semantic checks for DS and ZONEMD. And CFLAGS has -march prepended to fix detection. - Merge #376: Point the user towards tcpdump for logging individual queries. - Track $INCLUDEs in zone files. - Fix ci to update macos-12 to the macos-15 runner image. - Merge #390: Apply non-xfr tasks before xfr tasks. This fixes an issue where non-xfr tasks are lost when they are batch processed together with non-xfr tasks. This merge also changes that notifies are passed on from the serve processes to the xfrd directly instead of via main. This was necessary to allow applying the non-xfr tasks without forking a backup-main for the sole purpose of forwarding notifies. - Merge #391: Update copyright lines (in version output). - Fix #392: Inconsistent documentation about control-interface. - Merge #395: Explain the zonefile example better. - Merge #394: Fix the path to use doc/manual/. - Fix analyzer issue in do_print_cookie_secrets to check for failure. - Merge #404: Introducing Sphinx substitution in code blocks. As well as other fixes with Sphinx build. - Update Copyright lines in help output - Merge #395: Explain zonefile example better - Merge #394: Fix doc path (fixes "Edit on GitHub" button in the docs) - Fix Makefile for parallel build failure around bison rule. - Fix #405: Fix typo in documentation. - Treat a mismatch in RRset TTLs as a warning.
PreviousNext