Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

nsd-4.7.0-2.1 RPM for s390x

From OpenSuSE Ports Tumbleweed for s390x

Name: nsd Distribution: openSUSE:Factory:zSystems
Version: 4.7.0 Vendor: openSUSE
Release: 2.1 Build date: Sun Aug 6 19:55:30 2023
Group: Productivity/Networking/DNS/Servers Build host: s390zp21
Size: 2173149 Source RPM: nsd-4.7.0-2.1.src.rpm
Summary: An authoritative-only domain name server
NSD is a complete implementation of an authoritative domain name server, developed
by NLnet Labs, with the purpose of creating more diversity in the DNS landscape.






* Fri Aug 04 2023 Adam Majer <>
  - Adapt spec file to work nicer with containers, like no systemd
  - Fix build for SLE12
* Wed Jun 21 2023 Andrea Manzini <>
  - New upstream release 4.7.0
    This release adds a script for bash autocompletion for nsd-control. Also
    nsd-control can be configured to use unencrypted operation also when
    compiled without openssl. There is also a systemd service unit example
    file contributed. The dnstap log service can be contacted over TCP, with
    the dnstap-ip: ip option. It is also possible to use TLS, with
    dnstap-tls, it is enabled by default, and can be configured with the
    dnstap-server-name, dnstap-cert-bundle, dnstap-client-key-file and
    dnstap-client-cert-file options.
    * Fix #267: Allow unencrypted local operation of nsd-control.
    * Fix #271: DNSTAP over TCP, with dnstap-ip: "".
    * dnstap over TLS, default enabled. Configured with the
      options dnstap-tls, dnstap-tls-server-name, dnstap-tls-cert-bundle,
      dnstap-tls-client-key-file and dnstap-tls-client-cert-file.
* Thu Nov 10 2022 Michael Ströder <>
  - New upstream release 4.6.1
  - Set ALPN "dot" token during connection establishment as per RFC9103
    section 7.1 (Thanks Cesar Kuroiwa).
  - Add SVCB dohpath support
  - Fix static analyzer reports, fix wrong log print when skipping xfr,
    fix to print error on pipe read fail, and assert an xfr is in
    progress during packet checks.
  - Use AC_PROG_CC_STDC with autoconf versions prior to 2.70.
  - Add missing documentation for zone verification.
  - Fix #212: Change commandline control actions to always log.
  - Merge #231 from moritzbuhl: Fix checking if nonblocking sockets work
    on OpenBSD.
  - Change zone parsing to accept non-trailing newline.
* Fri Jul 01 2022 Michael Ströder <>
  - New upstream release 4.6.0
  - Port zone-verification from CreDNS to NSD4.
  - Fix static analyzer reports on ixfrcreate temp file.
  - Fixup wrong ixfrcreate fread return check.
* Sat May 14 2022 Michael Ströder <>
  - New upstream release 4.5.0
  - Merge PR #209: IXFR out
    This adds IXFR out functionality to NSD. NSD can copy IXFRs from
    upstream to downstream clients, or create IXFRs from zonefiles.
    The options store-ixfr: yes and create-ixfr: yes can be used to
    turn this on. Default is turned off. The options ixfr-number and
    ixfr-size can be used to tune the number of IXFR transfers and
    total data size stored. This is configured per zone, the IXFRs
    are served to the hosts that are allowed to perform zone transfers.
    And if TSIG is configured, signed with the same key. The content
    is stored to file if a zonefile is configured for the zone, in
    the zonefile.ixfr and zonefile.ixfr.2, .. files. They contain
    readable text format. The number of IXFRs is num.rixfr in
    statistics output, also per zone if per zone statistics are enabled.
    If offline, nsd-checkzone -i can create ixfr files.
    NSD already supports requesting IXFRs, this addition allows NSD
    to serve IXFR transfers to clients.
    NSD stops responding with NOTIMPL to IXFR requests, also for zones
    that do not have IXFR enabled. The clients gets a full zone reply
    or a status reply if the serial is up to date.
  - Fix code analyzer zero divide warning.
  - Fix code analyzer large value with assertion.
  - Fix another code analyzer zero divide warning.
  - Fix code analyzer warning about uninitialized temp storage in loop.
  - Fix spelling error in comment in svcbparam_lookup_key.
  - Update cirrus script FreeBSD version.
* Thu Feb 17 2022 Michael Ströder <>
  - New upstream release 4.4.0
  - Merge #193: Lower memory usage of the XFRD process by default.
    Instead of preallocating all elements, they are allocated when used.
    There are options for managing the memory usage, defaults are the
    same as before. xfrd-tcp-max sets the number of sockets for tcp
    connections that xfrd can make to download zone contents. And
    xfrd-tcp-pipeline the number of simultaneous transfers over the
    same connection.
  - Fix #200: nsd-checkzone succeeds even with incorrect serial in SOA
  - Merge #204 from jonathangray: correct some spelling mistakes.
  - Fix to change file mode before changing file owner for the
    nsd-control unix socket file.
  - Fix to document nsd-checkzone -p in the man page for nsd-checkzone.
  - Fix #206: build with --without-ssl fails.
  - Merge #207 Sync nsd-control-setup with unbound-control-setup to
    generate certificates with SANs.
  - Fix unit tests for nds-control-setup exit code and the
    xfrd-tcp-max default.
* Thu Dec 09 2021 Michael Ströder <>
  - New upstream release 4.3.9
    * Fix #198: nsd-control reconfig core dump.
    * Fix to remove git tracking and ci information from release tarballs.
    * Fix unit tests for new answer-cookie default.
    * Fix socket_partitioning unit test for FreeBSD.
    * Fix SVCB test to work around older dig with drill.
* Sat Nov 13 2021 Michael Ströder <>
  - adjusted SystemCallFilter= in nsd.service
* Wed Oct 13 2021 Michael Ströder <>
  - set RestrictAddressFamilies= in nsd.service
* Tue Oct 12 2021 Michael Ströder <>
  - reworked nsd.service:
    * directly start as User=_nsd
    * even more hardening
    * removed commented and unused directives
* Tue Oct 12 2021 Johannes Segitz <>
  - Added hardening to systemd service(s) (bsc#1181400). Modified:
    * nsd.service
* Tue Oct 12 2021 Michael Ströder <>
  - New upstream release 4.3.8
  - Merge #185 by cesarkuroiwa: Mutual TLS.
  - Set default for answer-cookie to no. Because in server deployments
    with mixed server software, a default of yes causes issues.
  - Fix to compile with OpenSSL 3.0.0beta2.
  - Fix configure detection of SSL_CTX_set_security_level.
  - Fix deprecated functions use from openssl 3.0.0beta2.
  - For #184: Note that all zones can be targeted by some nsd-control
    commands in the man page.
  - Fixes for #185: Document client-cert, client-key and client-key-pw
    in the man page. Fix yacc semicolon. Fix unused variable warning.
    Use strlcpy instead of strncpy. Fix spelling error in error
  - Merge #187: Support using system-wide crypto policies.
  - Fix #188: NSD fails to build against openssl 1.1 on CentOS 7.
  - Fix sed script in ssldir split handling.
  - Fix #189: nsd 4.3.7 crash answer_delegation: Assertion
    `query->delegation_rrset' failed.
  - Fix #190: NSD returns 3 NSEC3 records for NODATA response.
  - Fix compile failure with openssl 1.0.2.
  - Fix #194: Incorrect NSEC3 response for SOA query below delegation
* Thu Jul 22 2021 Michael Ströder <>
  - New upstream release 4.3.7
  - Syntax of SVCB and HTTPS RR type as per draft-ietf-dnsop-svcb-https
  - Client side DNS Zone Transfer-over-TLS (XoT) support as per
  - Interoperable DNS Cookies support as per RFC7873 and RFC9018
  - Fix for #170: Fix build warnings when IPv6 is disabled.
  - Fix #170: Disabled IPv6 and DNSTAP enabled triggers a build error.
  - Fix for #128: Skip over sendmmsg invalid argument when port is zero.
  - Fix #171: Invalid negative response (NSEC3) after IXFR.
  - Fix to make nsec3_chain_find_prev return NULL if one nsec3 left.
  - Fix #174: NS Records below delegation are not ignored (nsd-checkzone
    also does not raise any issue).
  - Fix #176: please review Loglevel on missing zonefile.
  - Update the ACX_CHECK_NONBLOCKING_BROKEN test for the configure
  - Fix #179: log notice and server-count.
  - Update configure nonblocking test to use host.
  - Fix #168: Buffer overflow in the dname_to_string() function
  - Fixes for child server processes getting out of sync with the
    dnstap-collector process
  - Fix gcc-11 warning on array bounds.
  - Fix compile of cookies on FreeBSD without IPv6.
  - Fix for loop initial declaration for nonc99 compiler
  - Fix typo in xfrd-tcp.c.
* Tue Apr 06 2021 Michael Ströder <>
  - New upstream release 4.3.6
  - Fix #146 with #147: DNSTAP log the local address of the server
    with the dnstap logs.
  - Enable configuring a control-interface by interface name.
  - A -p option to nsd-checkzone to print a successfully read zone.
  - Add Extended DNS Errors RFC8914
  - Per zone Access Control List for queries
    with an allow-query: option.
  - Prevent a few more yacc clashes.
  - Merge PR #153 from fobser: Repair -fno-common linker errors
  - Fix uninitialized access of log_buf in error printout on apply ixfr.
  - Fix AF_LOCAL compile error for Solaris.
  - Fix ifaddrs compile error for Solaris.
  - Fix ifaddrs.h compile error for Solaris.
  - Man page documentation for dnstap options.
  - Fix segfault on high verbosity for TLS channels with dnstap log
    local address.
  - Fix #163: A TSIG noncompliance with RFC 2845.
  - Fix that wildcard is printed as a star instead of escaped, in
    logs and in written zone files.
  - Fix double config.h include in configlexer.c
  - Fix to remove configyyrename from and also
    update the flex and bison rules there to add the "c_" prefix.
  - Fix configure to use header checks with compile.
  - Fix warning about unused function log_addr.
  - Fix #154: TXT with parentheses fails in 4.3.5.
  - Align parsing of TXT elements with how bind does it.
  - Fix configure failure for enable systemd because of autoconf.
* Tue Jan 26 2021 Michael Ströder <>
  - New upstream release 4.3.5
  - Fix #143: xfrd no hysteresis with NOT IMPLEMENTED rcode.
  - Fix #144: Typo fix in
  - For #145: Fix that service of remaining TCP and TLS connections
    does not allow new queries to be made, the connection is closed.
    Only existing queries and zone transfers are answered, new ones
    are rejected by a close of the channel.
  - Fix that nsd-control has timeout when connection is down.
  - remove windows socket ifdefs from nsd-control.
  - Fix #148: CNAME need not be followed after a synthesized CNAME
    for a CNAME query.
  - Fix for autoconf 2.70.
  - Fix #150: TXT record validation difference with BIND.
  - Fix #151: DNAME not applied more than once to resolve the query.
  - Fix #152: '*' in Rdata causes the return code to be NOERROR instead
    of NX.
* Tue Dec 01 2020 Michael Ströder <>
  - New upstream release 4.3.4
  - Merge PR #141: ZONEMD RR type.
  - Fix that symlink does not interfere with chown of pidfile
    (bsc#1179191, CVE-2020-28935)
  - Fix #129: ambiguous use of errno, in log message if sendmmsg fails.
  - Fix #128: Fix that the invalid port number is logged for sendmmsg
    failed: Invalid argument.
  - Fix #127: two minor `-Wcast-qual` cleanups
  - Fix #126: minor header hygiene
  - Fix #125: include config.h in compat/setproctitle.c and fix
    prototype of `setproctitle`
  - Fix #133: fix 0-init of local ( stack ) buffer.
  - Fix missing parenthesis on size of fix to init buffer.
  - Fix to add missing closest encloser NSEC3 for wildcard nodata type
    DS answer.
  - Remove unused init_cfg_parse routine from configlexer.
  - Fix #138: NSD returns non-EDNS answer when QUESTION is empty.
  - Fix #142: NODATA answers missin SOA in authority section after
    CNAME chain.
* Thu Oct 08 2020 Michael Ströder <>
  - New upstream release 4.3.3
  - Follow DNS flag day 2020 advice and
    set default EDNS message size to 1232.
  - Merged PR #113 with fixes.  Instead of listing an IP-address to
    listen on, an interface name can be specified in nsd.conf, with
    ip-address: eth0.  The IP-addresses for that interface are then used.
  - Port TSIG code for openssl 3.0.0-alpha6.
  - Fix make install with --with-pidfile="".
  - Merge #115 from millert: Fix strlcpy() usage. From OpenBSD.
  - Merge #117: mini_event.h (4.3.2 and 4.3.1) on OpenBSD cannot find
    fd_set - patch.
  - Fix that configure checks for EVP_sha256 to detect openssl, because
    HMAC_CTX_new is deprecated in 3.0.0.
  - Fix #119: fix compile warnings from new gcc.
  - Fix #119: warn when trying to parse a directory.
  - Merge PR #121: Increase log level of recreated database from
  - Remove unused space from LIBS on link line.
  - Updated date in nsd -v output.
* Tue Jul 14 2020 Michael Ströder <>
  - New upstream release 4.3.2
  - Fix #96: log-only-syslog: yes sets to only use syslog, fixes
    that the default configuration and systemd results in duplicate
    log messages.
  - Fix #107: nsd -v shows configure line, openssl version and libevent
  - Fix #103 with #110: min-expire-time option.  To provide a lower
    bound for expire period.  Expressed in number of seconds or
  - Fix for posix shell syntax for trap in nsd-control-setup
  - Fix to omit the listen-on lines from log at startup, unless verbose.
  - Fix uninitialised values for bindtodevice option at startup with
    reuseport and multiple interfaces.
  - Fix #95: Removed make test check because tpkg not included in
    release tarballs.
  - Fix unused parameter compile warnings.
  - Fix #97: EDNS unknown version: query not in response.
  - Fix #99: Fix copying of socket properties with reuseport enabled.
  - Document default value for tcp-timeout.
  - Merge PR#102 from and0x000: add missing default in documentation
    for drop-updates.
  - Fix unlink of pidfile warning if not possible due to permissions,
    nsd can display the message at high verbosity levels.
  - Removed contrib/nsd.service, example is too complicated and not
  - Do not log EAGAIN errors for sendmmsg, to stop log spam on OpenBSD.
  - Merge #108 from Nomis: Make the max-retry-time description clearer.
  - Retry when udp send buffer is full to wait until buffer space is
  - Remove errno reset behaviour from sendmmsg and recvmmsg
    replacement functions.
  - Fix unit test for different nsd-control-setup -h exit code.
  - Merge #112 from jaredmauch: log old and new serials when NSD
    rejects an IXFR due to an old serial number.
  - Fix #106: Adhere better to xfrd bounds.  Refresh and retry times.
  - Fix #105: Clearing hash_tree means just emptying the tree.
* Thu Apr 16 2020 Michael Ströder <>
  - New upstream release 4.3.1
  - Fix #70: error: 'fd_set' undeclared.
  - Fix #71: error: 'for' loop initial declaration used outside C99
  - Fix to move declarations out of for loops in event test too.
  - Fix #76: cpuid typedef for Hurd, DragonflyBSD compile.
  - Fix #75: configure test for sched_setaffinity, and use
    cpuset_setaffinity otherwise.  Also test for presence of sysconf.
  - Fix #74: GNU Hurd fix cast from pointer to integer of different size.
  - Fix for #74, #75: cpuset test for header contents and provide code.
  - Fix #78: Fix SO_SETFIB error on FreeBSD.
  - Merge PR #83 from noloader: Fix GNU HURD sched_setaffinity compile.
  - Fix #80: NetBSD and implicit declaration of reallocarray.
  - Fix unknown u_long in util.c for Issue #80 .
  - Merge PR #86 from noloader: Use precious variables for GREP, EGREP,
    SED, AWK, LEX and YACC.
  - For PR #86: Fix that programs loaded after CFLAGS and stuff is
    set, specifically the compiler, so that it can work if it needs
    special flags from that.  Fix that lex only needs to support -i
    if actually defined, otherwise the output included in the source
    tarball can be used.
  - Merge PR #90 by phicoh: O_CLOEXEC should be FD_CLOEXEC.
  - Merge PR #92 by tonysgi: Fix typo.
  - Merge PR #91 by gearnode: nsd-control-setup recreate certificates.
    The '-r' option recreates certificates.  Without it it creates them
    if they do not exist, and does not modify them otherwise.
* Tue Mar 17 2020 Michael Ströder <>
  - New upstream release 4.3.0
  - Fix to use getrandom() for randomness, if available.
  - Fix #56: Drop sparse TSIG signing support in NSD.
    Sign every axfr packet with TSIG, according to the latest
    draft-ietf-dnsop-rfc2845bis-06, Section 5.3.1.
  - Merge pull request #59 from buddyns: add FreeBSD support
    for conf key ip-transparent.
  - Add feature to pin server processes to specific cpus.
  - Add feature to pin IP addresses to selected server processes.
  - Set process title to identify individual processes.
  - Merge PR#22: minimise-any: prefer polular and not large RRset,
    from Daisuke Higashi.
  - Add support for SO_BINDTODEVICE on Linux.
  - Add support for SO_SETFIB on FreeBSD.
  - Add feature to drop queries with opcode UPDATE.
  - Fix fname null check of fname in namedb_read_zonefile.
  - Fix implicit cast of size in udb_radnode_array_grow.
  - Fix ignore of return value of ssl_printf in remote.c.
  - Fix unused check of fd in parent_handle_reload_command.
  - Attempt to fix signedness of nscount lookup in ixfr query_process.
  - Fix identical branches for ssl_print of errors in remote.c.
  - Fix type cast bounds, signedness of opt_rdlen in edns_parse_record.
  - Fix to separate header and data lines in parse_zone_list_file.
  - Fix to define max number of EDNS records we are willing to
    spend time on.
  - Fix size of string len and capacity type cast in udbradtree.
  - Fix to protect rrcount in tsig_find_rr from overflow.
  - Annotate radix_find_prefix_node not reachable trail code.
  - Fix to protect rrcount in packet_find_notify_serial from overflow.
  - Fix to close socket on error in create_tcp_accept_sock.
  - Fix to log on failure to chmod for socket for remote control.
  - Fix to remove unneeded if in open of socket for remote control.
  - Fix to restore input parameter on call failure in create_dirs.
  - Please checker by terminating and initialising string read
    by remote control.
  - Fix to define upper bounds on rr counts read from untrusted packet
  - Separate acl_addr_match_range functions for ip4 and ip6, to
    please checkers.
  - Avoid unused variable warning in new match_range_v4 function.
  - Fix whitespace in, patch from Paul Wouters.
  - use-systemd is ignored in nsd.conf, when NSD is compiled with
    libsystemd it always signals readiness, if possible.
  - Note that use-systemd is not necessary and ignored in man page.
  - Fix unreachable code in ssl set options code.
  - Fix bad shift in assertion code analyzer complaint.
  - Fix responses for IXFR so that the authority section is not echoed
    in the response.
  - Merge PR#60: Minor portability fixes from michaelforney, with
    avoid pointer arithmetic on void* and avoid unnecessary VLA.
  - Fix that the retry wait does not exceed one day for zone transfers.
  - Set FD_CLOEXEC on opened sockets.



Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Mar 9 12:50:11 2024