head 1.4; access; symbols pkgsrc-2023Q4:1.4.0.56 pkgsrc-2023Q4-base:1.4 pkgsrc-2023Q3:1.4.0.54 pkgsrc-2023Q3-base:1.4 pkgsrc-2023Q2:1.4.0.52 pkgsrc-2023Q2-base:1.4 pkgsrc-2023Q1:1.4.0.50 pkgsrc-2023Q1-base:1.4 pkgsrc-2022Q4:1.4.0.48 pkgsrc-2022Q4-base:1.4 pkgsrc-2022Q3:1.4.0.46 pkgsrc-2022Q3-base:1.4 pkgsrc-2022Q2:1.4.0.44 pkgsrc-2022Q2-base:1.4 pkgsrc-2022Q1:1.4.0.42 pkgsrc-2022Q1-base:1.4 pkgsrc-2021Q4:1.4.0.40 pkgsrc-2021Q4-base:1.4 pkgsrc-2021Q3:1.4.0.38 pkgsrc-2021Q3-base:1.4 pkgsrc-2021Q2:1.4.0.36 pkgsrc-2021Q2-base:1.4 pkgsrc-2021Q1:1.4.0.34 pkgsrc-2021Q1-base:1.4 pkgsrc-2020Q4:1.4.0.32 pkgsrc-2020Q4-base:1.4 pkgsrc-2020Q3:1.4.0.30 pkgsrc-2020Q3-base:1.4 pkgsrc-2020Q2:1.4.0.26 pkgsrc-2020Q2-base:1.4 pkgsrc-2020Q1:1.4.0.6 pkgsrc-2020Q1-base:1.4 pkgsrc-2019Q4:1.4.0.28 pkgsrc-2019Q4-base:1.4 pkgsrc-2019Q3:1.4.0.24 pkgsrc-2019Q3-base:1.4 pkgsrc-2019Q2:1.4.0.22 pkgsrc-2019Q2-base:1.4 pkgsrc-2019Q1:1.4.0.20 pkgsrc-2019Q1-base:1.4 pkgsrc-2018Q4:1.4.0.18 pkgsrc-2018Q4-base:1.4 pkgsrc-2018Q3:1.4.0.16 pkgsrc-2018Q3-base:1.4 pkgsrc-2018Q2:1.4.0.14 pkgsrc-2018Q2-base:1.4 pkgsrc-2018Q1:1.4.0.12 pkgsrc-2018Q1-base:1.4 pkgsrc-2017Q4:1.4.0.10 pkgsrc-2017Q4-base:1.4 pkgsrc-2017Q3:1.4.0.8 pkgsrc-2017Q3-base:1.4 pkgsrc-2017Q2:1.4.0.4 pkgsrc-2017Q2-base:1.4 pkgsrc-2017Q1:1.4.0.2 pkgsrc-2017Q1-base:1.4 pkgsrc-2016Q4:1.3.0.24 pkgsrc-2016Q4-base:1.3 pkgsrc-2016Q3:1.3.0.22 pkgsrc-2016Q3-base:1.3 pkgsrc-2016Q2:1.3.0.20 pkgsrc-2016Q2-base:1.3 pkgsrc-2016Q1:1.3.0.18 pkgsrc-2016Q1-base:1.3 pkgsrc-2015Q4:1.3.0.16 pkgsrc-2015Q4-base:1.3 pkgsrc-2015Q3:1.3.0.14 pkgsrc-2015Q3-base:1.3 pkgsrc-2015Q2:1.3.0.12 pkgsrc-2015Q2-base:1.3 pkgsrc-2015Q1:1.3.0.10 pkgsrc-2015Q1-base:1.3 pkgsrc-2014Q4:1.3.0.8 pkgsrc-2014Q4-base:1.3 pkgsrc-2014Q3:1.3.0.6 pkgsrc-2014Q3-base:1.3 pkgsrc-2014Q2:1.3.0.4 pkgsrc-2014Q2-base:1.3 pkgsrc-2014Q1:1.3.0.2 pkgsrc-2014Q1-base:1.3 pkgsrc-2013Q4:1.2.0.38 pkgsrc-2013Q4-base:1.2 pkgsrc-2013Q3:1.2.0.36 pkgsrc-2013Q3-base:1.2 pkgsrc-2013Q2:1.2.0.34 pkgsrc-2013Q2-base:1.2 pkgsrc-2013Q1:1.2.0.32 pkgsrc-2013Q1-base:1.2 pkgsrc-2012Q4:1.2.0.30 pkgsrc-2012Q4-base:1.2 pkgsrc-2012Q3:1.2.0.28 pkgsrc-2012Q3-base:1.2 pkgsrc-2012Q2:1.2.0.26 pkgsrc-2012Q2-base:1.2 pkgsrc-2012Q1:1.2.0.24 pkgsrc-2012Q1-base:1.2 pkgsrc-2011Q4:1.2.0.22 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q3:1.2.0.20 pkgsrc-2011Q3-base:1.2 pkgsrc-2011Q2:1.2.0.18 pkgsrc-2011Q2-base:1.2 pkgsrc-2011Q1:1.2.0.16 pkgsrc-2011Q1-base:1.2 pkgsrc-2010Q4:1.2.0.14 pkgsrc-2010Q4-base:1.2 pkgsrc-2010Q3:1.2.0.12 pkgsrc-2010Q3-base:1.2 pkgsrc-2010Q2:1.2.0.10 pkgsrc-2010Q2-base:1.2 pkgsrc-2010Q1:1.2.0.8 pkgsrc-2010Q1-base:1.2 pkgsrc-2009Q4:1.2.0.6 pkgsrc-2009Q4-base:1.2 pkgsrc-2009Q3:1.2.0.4 pkgsrc-2009Q3-base:1.2 pkgsrc-2009Q2:1.2.0.2 pkgsrc-2009Q2-base:1.2 pkgsrc-base:1.1.1.1 TNF:1.1.1; locks; strict; comment @# @; 1.4 date 2017.03.09.13.43.49; author fhajny; state Exp; branches; next 1.3; commitid 7PiUjpQ9jirPASIz; 1.3 date 2014.03.11.14.05.10; author jperkin; state Exp; branches; next 1.2; commitid ZdYDtaK33Yj8Shsx; 1.2 date 2009.06.14.18.09.38; author joerg; state Exp; branches; next 1.1; 1.1 date 2009.04.21.14.16.47; author roy; state Exp; branches 1.1.1.1; next ; 1.1.1.1 date 2009.04.21.14.16.47; author roy; state Exp; branches; next ; desc @@ 1.4 log @Update net/powerdns-recursor to 4.0.4. PowerDNS Recursor 4.0.4 ======================= Change highlights include: - Check TSIG signature on IXFR (Security Advisory 2016-04) - Don't parse spurious RRs in queries when we don't need them (Security Advisory 2016-02) - Add 'max-recursion-depth' to limit the number of internal recursion - Wait until after daemonizing to start the RPZ and protobuf threads - On RPZ customPolicy, follow the resulting CNAME - Make the negcache forwarded zones aware - Cache records for zones that were delegated to from a forwarded zone - DNSSEC: don't go bogus on zero configured DSs - DNSSEC: NSEC3 optout and Bogus insecure forward fixes - DNSSEC: Handle CNAMEs at the apex of secure zones to other secure zones PowerDNS Recursor 4.0.3 ======================= Bug fixes - Call gettag() for TCP queries - Fix the use of an uninitialized filtering policy - Parse query-local-address before lua-config-file - Fix accessing an empty policyCustom, policyName from Lua - ComboAddress: don't allow invalid ports - Fix RPZ default policy not being applied over IXFR - DNSSEC: Actually follow RFC 7646 ยง2.1 - Add boost context ldflags so freebsd builds can find the libs - Ignore NS records in a RPZ zone received over IXFR - Fix build with OpenSSL 1.1.0 final - Don't validate when a Lua hook took the query - Fix a protobuf regression (requestor/responder mix-up) Additions and Enhancements - Support Boost 1.61+ fcontext - Add Lua binding for DNSRecord::d_place PowerDNS Recursor 4.0.2 ======================= Bug fixes - Set dq.rcode before calling postresolve - Honor PIE flags. - Fix build with LibreSSL, for which OPENSSL_VERSION_NUMBER is irrelevant - Don't shuffle CNAME records. (thanks to Gert van Dijk for the extensive bug report!) - Fix delegation-only Additions and enhancements - Respect the timeout when connecting to a protobuf server - allow newDN to take a DNSName in; document missing methods - expose SMN toString to lua - Anonymize the protobuf ECS value as well (thanks to Kai Storbeck of XS4All for finding this) - Allow Lua access to the result of the Policy Engine decision, skip RPZ, finish RPZ implementation - Remove unused DNSPacket::d_qlen - RPZ: Use query-local-address(6) by default (thanks to Oli Schacher of switch.ch for the feature request) - Move the root DNSSEC data to a header file PowerDNS Recursor 4.0.1 ======================= Bug fixes - Improve DNSSEC record skipping for non dnssec queries (Kees Monshouwer) - Don't validate zones from the local auth store, go one level down while validating when there is a CNAME - Don't go bogus on islands of security - Check all possible chains for Insecures - Don't go Bogus on a CNAME at the apex - RPZ: default policy should also override local data RRs - Fix a crash when the next name in a chained query is empty and rec_control current-queries is invoked Improvements - OpenSSL 1.1.0 support (Christian Hofstaedtler) - Fix warnings with gcc on musl-libc (James Taylor) - Also validate on +DO - Fail to start when the lua-dns-script does not exist - Add more Netmask methods for Lua (Aki Tuomi) - Validate DNSSEC for security polling - Turn on root-nx-trust by default and log-common-errors=off - Allow for multiple trust anchors per zone - Fix compilation warning when building without Protobuf PowerDNS Recursor 4.0.0 ======================= - Moved to C++ 2011, a cleaner more powerful version of C++ that has allowed us to improve the quality of implementation in many places. - Implemented dedicated infrastructure for dealing with DNS names that is fully "DNS Native" and needs less escaping and unescaping. - Switched to binary storage of DNS records in all places. - Moved ACLs to a dedicated Netmask Tree. - Implemented a version of RCU for configuration changes - Instrumented our use of the memory allocator, reduced number of malloc calls substantially. - The Lua hook infrastructure was redone using LuaWrapper; old scripts will no longer work, but new scripts are easier to write under the new interface. - DNSSEC processing: if you ask for DNSSEC records, you will get them. - DNSSEC validation: if so configured, PowerDNS perform DNSSEC validation of your answers. - Completely revamped Lua scripting API that is "DNSName" native and therefore far less error prone, and likely faster for most commonly used scenarios. - New asynchronous per-domain, per-ip address, query engine. - RPZ (from file, over AXFR or IXFR) support. - All caches can now be wiped on suffixes, because of canonical ordering. - Many, many more relevant performance metrics, including upstream authoritative performance measurements. - EDNS Client Subnet support, including cache awareness of subnet-varying answers. @ text @@@comment $NetBSD: PLIST,v 1.3 2014/03/11 14:05:10 jperkin Exp $ bin/rec_control man/man1/pdns_recursor.1 man/man1/rec_control.1 sbin/pdns_recursor share/examples/pdns-recursor/recursor.conf-dist @ 1.3 log @Remove example rc.d scripts from PLISTs. These are now handled dynamically if INIT_SYSTEM is set to "rc.d", or ignored otherwise. @ text @d1 1 a1 1 @@comment $NetBSD: PLIST,v 1.2 2009/06/14 18:09:38 joerg Exp $ d3 2 a4 2 man/man8/pdns_recursor.8 man/man8/rec_control.8 @ 1.2 log @Remove @@dirrm entries from PLISTs @ text @d1 1 a1 1 @@comment $NetBSD: PLIST,v 1.1.1.1 2009/04/21 14:16:47 roy Exp $ a6 1 share/examples/rc.d/pdns_recursor @ 1.1 log @Initial revision @ text @d1 1 a1 1 @@comment $NetBSD$ a7 1 @@dirrm share/examples/pdns-recursor @ 1.1.1.1 log @Import pdns_recursor-3.1.7 Based on the WIP version by pkgsrc@@blackmouse.biz The PowerDNS recursor is part of the source tarball of the main PowerDNS distribution, but it is released separately. Starting from the version 3.0 pre-releases, there are zero known bugs or issues with the recursor. It is known to power the resolving needs of over 2 million internet connections. PowerDNS recursor can gets names from /etc/hosts. @ text @@