[nsd-users] nsd 3.2.9 released

Matthijs Mekking matthijs at NLnetLabs.nl
Wed Nov 23 10:17:41 UTC 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Here is NSD 3.2.9. It has a fair list of bugfixes and it introduces two
new features:
- - Minimize responses to reduce truncation.
- - Less NSEC3 prehashing, to speed up zone transfer reloads.
For more information, see the Release Notes.

You can download NSD 3.2.9 at

Link: http://www.nlnetlabs.nl/downloads/nsd/nsd-3.2.9.tar.gz
Sha1: 66e17e5801e94da1a21f0f2a4dd7a4ab4ffe0dd9

Best regards,
 Matthijs


RELNOTES
========

FEATURES:
- - Minimize responses to reduce truncation: NSD will only add optional
  records to the authority and additional sections when the response
  size does not exceed the minimal response size.

  The minimal response size is 512 (no-EDNS), 1480 (EDNS/IPv4),
  1220 (EDNS/IPv6), or the advertized EDNS buffer size if that is
  smaller than the EDNS default.

  The feature is enabled by default. You can disable it by configuring
  NSD with --disable-minimal-responses.

- - Less NSEC3 prehashing. This will make NSD handle zone transfers
  faster, but will decrease the performance of NXDOMAIN and wildcard
  NODATA responses.

  Full prehashing is enabled by default. If you want less NSEC3
  prehashing, configure NSD with --disable-full-prehash. Thanks
  Secure64 for the patch.

BUG FIXES:
- - Bugfix #302: nsd accepts XFR but refuses to re-read the slave zone.
- - Bugfix #365: set patch style and zonec verbose for nsdc.
- - First step of bug #369: RRSIG DNSKEY sets zone to be treated DNSSEC.
- - Bugfix #375: typos in nsd.conf.5.
- - Bugfix #381: Binary escaped and transfers.
- - Bugfix #397: Don't allow relative domain names as origin in $INCLUDE
  directives.
- - Fix printout of IPSECKEY by nsd-patch.
- - Fix is_existing flag for ENT when domain that has a shared ENT
  is deleted by IXFR. (ENT == Empty Non-Terminal)
- - Fix bug if the zonefile is changed for a secondary but stored
  transfers are applied, and stop it from applying ixfr to empty zone.
  The zone is flagged with error and AXFR-ed.
- - Fix to have no authority NS set processing for CNAMEs.
- - Fix nsd-checkconf to check tsig algorithms properly.
- - Set the AA bit on responses that have an authoritative CNAME.
- - Fix denial of existence response for empty non-terminal that looks
  like a NSEC3-only domain (but has data below it).

OPERATIONAL NOTES:
- - nsd.db version number increased because NSD 3.2.7 and earlier
  zonec is not compatible due to the TXT strings change. Please
  run nsdc rebuild before running NSD 3.2.9 and later versions.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEbBAEBAgAGBQJOzMhFAAoJEA8yVCPsQCW5tWIH+Pr0mHliM0RzYedoTRRCoQ4i
UfInfXoDwSVZ6qq3pVwpCqeRe9clLAhRUmPP7GIqp9hD+CP8maWfhCu5ucE8+azq
6d3chlrV0/t+YsJM2zGtiAYZd4QSizRi5OVjnnD6Run9G7y49geHRbVf0/H8L6SC
0HwPbgTaHx+taI+zA84yRWImiQ+sgTlZxoFRGJCMbpR8okQ7PWrF7AG0KHPqpqiv
zH7jqpIgy95mwHMeI3ZcpiZFGViPmvq7i5B0RTajAdn9szBETIHca8sKvch+5WqB
Erh0VR4rMduct/MvcQ78RbZjmjFNhUPywRZryx4sV/6JeeZ9Yc5SvUK/GcQPYw==
=sSEH
-----END PGP SIGNATURE-----

More information about the nsd-users mailing list