Hi, NSD 4.9.0rc1 pre-release is available: https://nlnetlabs.nl/downloads/nsd/nsd-4.9.0rc1.tar.gz sha256 707ad3c68a4db0370b91e0a8c04604ffc423b49902dac5b4fdd57df40626457c pgp https://nlnetlabs.nl/downloads/nsd/nsd-4.9.0rc1.tar.gz.asc This release adds support for DNS Catalog Zones (RFC 9432) version "2". Both producer and consumer roles for catalog zones are implemented, but only a single consumer zone is allowed. The "coo" property, relevant when multiple consumer zones can be configured, is therefore not supported. The "group" property is. Consult the nsd.conf man page for details on how to configure and use catalog zones. Thanks to Fredrik Pettai from Sunet for providing feedback and testing DNS Catalog Zones. This release is signed with my PGP key instead of Wouter's. Please head over to https://nlnetlabs.nl/people/ to get a hold of my public key. 4.9.0 ===============FEATURES: - Merge #315: Allow SOA apex queries to otherwise with allow-query protected zones for clients matching a provide-xfr rule, because clients that are allowed to transfer the zone need to be able to query SOA at the apex preceding the actual transfer. - Merge #304: Support for Catalog zones version "2" as specified in RFC 9432. Both the consumer as well as the producer role are implemented, but only a single catalog consumer zone is allowed. The "coo" property, only relevant with multiple catalog consumer, is therefore not supported. The "group" property is supported. Have a look at the nsd.conf man page for details on how to configure and use catalog zones. BUG FIXES: - Fix to sync the tests script file common.sh. - Update test script file common.sh. - Fix #306: Missing AC_SUBST(dbdir) breaks installation with 4.8.0. - Fix for #306: Create directory for xfrd.state and zone.list files in make install. - Merge #307 from anandb-ripencc: Many improvements to the nsd.conf man page. - Fix #308: Deprecate "multi-master-check" in favour of "multi-primary-check". - Merge #309: More RFC 8499 compliance. - Fix control-reconfig-xfrd test for zonestatus primary that is printed by nsd-control zonestatus. - Move acx_nlnetlabs.m4 to version 47, with crypt32 check. - Move acx_nlnetlabs.m4 to version 48, with ssp and getaddrinfo include check. - Fix #313: nsd 4.8 stats with implausible spikes. - Fix compile with memclean for xfrd nsd.db close. - In xfrd del secondary zone, the timer could perhaps have event_added, and if so, it would not be event_del if a tcp connection is active at the time. This could cause the libevent event lists to fail. Also fix to make sure to set event_added for the nsd-control ssl nonblocking handshake and check event_added there too, for extra certainty. - Merge #316: Fix to reap defunct children by the reload process that emerged when some serve child processes were still serving TCP request while the others had already quit, while the reload process was waiting for the signal from the backup/old main process that all children exited. - Fix (also from Merge #316) to reap exited children more frequently from server main loop for processes that exited during reload, but missed the initial reaping at start of the main loop because they took somewhat longer to exit. - Fix timing sensitivity in ixfr_outsync test. - Test if debug is available in do-tests. - Enforce timeout from NSD in ixfr_gone test. - Update expressions in ixfr_and_restart test. - Make algorithm explicit in control-repattern test. - Switch algorithm to hmac-256 for testplan_mess test. Best regards, Jeroen _______________________________________________ nsd-users mailing list nsd-users at lists.nlnetlabs.nl https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users
Hi, over at OpenBSD we are not too fond of strcat/strcpy to put it mildly. I hope this is acceptable. Sorry for the inline patch, I no longer use GitHub, Florian>From b61c840c7f30b9e56a0da2fd6e30a836efcd5a9c Mon Sep 17 00:00:00 2001From: Florian Obser <florian at narrans.de> Date: Mon, 1 Apr 2024 19:39:55 +0200 Subject: [PATCH] snprintf concatenates strings and checks the length in one go. This is safer and easier to understand. --- options.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git options.c options.c index 1cfeeb94..75b8e183 100644 --- options.c +++ options.c @@ -463,14 +463,13 @@ zone_list_member_zone_insert(struct nsd_options* opt, const char* nm, "zone value provided in zone '%s' or pattern '%s'", mem_idnm, nm, patnm); - else if(strlen(pat->catalog_producer_zone) - + strlen(mem_idnm) + 9 > sizeof(member_id_str)) + else if(snprintf(member_id_str, sizeof(member_id_str), + "%s.zones.%s", mem_idnm, pat->catalog_producer_zone) >+ sizeof(member_id_str)) log_msg(LOG_ERR, "syntax error in member ID '%s.zones.%s' for " "zone '%s'", mem_idnm, pat->catalog_producer_zone, nm); - else if(!(cmz->member_id = dname_parse(opt->region, strcat(strcat( - strcpy(member_id_str, mem_idnm),".zones."), - pat->catalog_producer_zone)))) + else if(!(cmz->member_id = dname_parse(opt->region, member_id_str))) log_msg(LOG_ERR, "parse error in member ID '%s' for " "zone '%s'", member_id_str, nm); return zone; -- 2.44.0 -- In my defence, I have been left unsupervised.