nsd users - Dec 2019 - NSD 4.2.4 released

Hi,

NSD 4.2.4 is available:
https://nlnetlabs.nl/downloads/nsd/nsd-4.2.4.tar.gz
sha256 9ebd6d766765631a56c0eb332eac26b310fa39f662e5582c8210488cf91ef27c
pgp https://nlnetlabs.nl/downloads/nsd/nsd-4.2.4.tar.gz.asc


This release fixes the regressions in the config for the
minimal-responses, round-robin and log-time-ascii options, where the
previous release ignored the config settings for them.  Also there are
some portability fixes.


4.2.4
===============FEATURES:
- Fix #48: Add make distclean that removes config.h made by configure.
  And add maintainer-clean that removes bison and flex output.

BUG FIXES:
- Detect fixed time memcmp for openssl 0.9.8 compatibility.
- Detect EC_KEY_new_by_curve_name for openssl 0.9.8.
- include limits.h for UINT_MAX.
- If no recvmmsg, dont use msg_flags member, but errno for error,
  where our fallback function left it, msg_flags also does not exist
  on some systems.
- Remove unused variable warning for portability.
- Fix #52: do not log transient network full errors unless higher
  verbosity is set.
- Fix regressions in configparser.y where global variables were not
  set for minimal-responses, round-robin and log-time-ascii.


Best regards, Jeroen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL:
<http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20191210/944b62ef/attachment.bin>

On Tue, 10 Dec 2019, Jeroen Koekkoek wrote:
> NSD 4.2.4 is available:
> https://nlnetlabs.nl/downloads/nsd/nsd-4.2.4.tar.gz
> sha256 9ebd6d766765631a56c0eb332eac26b310fa39f662e5582c8210488cf91ef27c
> pgp https://nlnetlabs.nl/downloads/nsd/nsd-4.2.4.tar.gz.asc
I cannot find the signing key used anywhere because all pgp servers are
failing on HPK and HTTP(S) ?

Since this is a new key not used before, I would like to verify it
with known other pgp signatures before trusting the nsd package siganture.

Is this key published anywhere else?

Paul

On Tue, 10 Dec 2019, Jeroen Koekkoek wrote:
> NSD 4.2.4 is available:
> https://nlnetlabs.nl/downloads/nsd/nsd-4.2.4.tar.gz
> sha256 9ebd6d766765631a56c0eb332eac26b310fa39f662e5582c8210488cf91ef27c
> pgp https://nlnetlabs.nl/downloads/nsd/nsd-4.2.4.tar.gz.asc
minor doc item:

- use-systemd does not have a man page entry in nsd.conf man page and
   does not appear in the nsd.conf.sample.in at all ?

- Every release I end up having to fix some white space in nsd.conf and
   it makes my diff harder to read.

Patch attached,

Paul
-------------- next part --------------
--- /home/paul/BUILD/nsd-4.2.4/nsd.conf.sample	2019-12-11 10:48:38.027799676
-0500
+++ nsd.conf.fedora	2019-12-11 11:03:47.426519188 -0500
@@ -44,6 +44,9 @@
 	# enable debug mode, does not fork daemon process into the background.
 	# debug-mode: no
 
+	# use systemd for readiness signalling.
+	use-systemd: yes
+
 	# listen on IPv4 connections
 	# do-ip4: yes
 
@@ -83,7 +86,7 @@
 	# pidfile: "/run/nsd/nsd.pid"
 
 	# The file where secondary zone refresh and expire timeouts are kept.
-	# If you delete this file, all secondary zones are forced to be 
+	# If you delete this file, all secondary zones are forced to be
 	# 'refreshing' (as if nsd got a notify).  Set to "" to
disable.
 	# xfrdfile: "/var/lib/nsd/ixfr.state"
 
@@ -141,7 +144,7 @@
 
 	# Number of seconds between reloads triggered by xfrd.
 	# xfrd-reload-timeout: 1
-	
+
 	# log timestamp in ascii (y-m-d h:m:s.msec), yes is default.
 	# log-time-ascii: yes
 
@@ -161,7 +164,7 @@
 
 	# check mtime of all zone files on start and sighup
 	# zonefiles-check: yes
-	
+
 	# write changed zonefiles to disk, every N seconds.
 	# default is 0(disabled) or 3600(if database is "").
 	# zonefiles-write: 3600
@@ -186,11 +189,11 @@
 	# rrl-slip: 2
 
 	# Response Rate Limiting, IPv4 prefix length. Addresses are
-	# grouped by netblock. 
+	# grouped by netblock.
 	# rrl-ipv4-prefix-length: 24
 
 	# Response Rate Limiting, IPv6 prefix length. Addresses are
-	# grouped by netblock. 
+	# grouped by netblock.
 	# rrl-ipv6-prefix-length: 64
 
 	# Response Rate Limiting, maximum QPS allowed (from one query source)
@@ -262,7 +272,7 @@
 
 
 # Patterns have zone configuration and they are shared by one or more zones.
-# 
+#
 # pattern:
 	# name by which the pattern is referred to
 	#name: "myzones"
@@ -274,7 +284,7 @@
 	# if label or character does not exist you get a dot '.'.
 	# for example "%s.zone" or "zones/%1/%2/%3/%s" or
"secondary/%z/%s"
 	#zonefile: "%s.zone"
-	
+
 	# If no master and slave access control elements are provided,
 	# this zone will not be served to/from other servers.
 
@@ -299,7 +309,7 @@
 	# If you want to make use of IXFR/UDP use: UDP addr tsigkey
 	# for a master that only speaks AXFR (like NSD) use AXFR addr tsigkey
 	#request-xfr: 192.0.2.2 the_tsig_key_name
-	# Attention: You cannot use UDP and AXFR together. AXFR is always over 
+	# Attention: You cannot use UDP and AXFR together. AXFR is always over
 	# TCP. If you use UDP, we higly recommend you to deploy TSIG.
 	# Allow AXFR fallback if the master does not support IXFR. Default
 	# is yes.
@@ -312,6 +322,7 @@
 	#min-refresh-time: 0
 	#max-retry-time: 1209600
 	#min-retry-time: 0
+
 	# Slave server tries zone transfer to all masters and picks highest
 	# zone version available, for when masters have different versions.
 	#multi-master-check: no
@@ -325,7 +336,7 @@
 	# zonestats: "%s"
 
 	# if you give another pattern name here, at this point the settings
-	# from that pattern are inserted into this one (as if it were a 
+	# from that pattern are inserted into this one (as if it were a
 	# macro).  The statement can be given in between other statements,
 	# because the order of access control elements can make a difference
 	# (which master to request from first, which slave to notify first).
@@ -336,13 +347,13 @@
 # Zones that are dynamically added and deleted are put in the zonelist file.
 #
 # zone:
- 	# name: "example.com"
- 	# you can give a pattern here, all the settings from that pattern
- 	# are then inserted at this point
- 	# include-pattern: "master"
- 	# You can also specify (additional) options directly for this zone.
- 	# zonefile: "example.com.zone"
- 	# request-xfr: 192.0.2.1 example.com.key
+	# name: "example.com"
+	# you can give a pattern here, all the settings from that pattern
+	# are then inserted at this point
+	# include-pattern: "master"
+	# You can also specify (additional) options directly for this zone.
+	# zonefile: "example.com.zone"
+	# request-xfr: 192.0.2.1 example.com.key
 
 	# RRLconfig
 	# Response Rate Limiting, whitelist types